SlideShare a Scribd company logo

Strategies for Puppet code upgrade and refactoring

Alessandro Franceschi
Alessandro Franceschi

Presentation about Puppet, life and everything at Config Management Camp 2024

Technology
1 of 36
Download to read offline
Strategies for Puppet code upgrade and refactoring Alessandro Franceschi Config Management Camp 2024
About me Alessandro Franceschi @alvagante • "World longest active Puppet consultant" • Started with version 0.20 in 2007 in Bank of Italy • Developed example42 modules (psick, tp, puppi, nextgen modules) • Playing with Puppet, IT, AI (because we can’t miss the AI race, can we?), life, universe and everything Puppet Modules and Interoperability - PuppetCamp Europe (2010) - Ghent
About this presentation • Brief history of Puppet [breaking] changes • Puppet 8 • Code refactoring obvious practices • Refactoring techniques in Puppet • Testing and rollout approaches • and an example42 surprise
Brief history of Puppet updates • From 0.25 to 2.6 (eleven times better!) • Pure Ruby manifests :-O • Run Stages introduced • Parameterised classes! • Extlookup (Hiera’s parent) • New relationship syntax ( ->, ~> ) • Basic Windows support • Single binary (puppetd -> puppet apply) 2.6
Brief history of Puppet updates • From 2.x to 3.x • Variables dynamic scoping removed • Params in defines must be variables • puppet:///modules/ required with modules • Old puppet* commands removed • Pure Ruby manifests deprecated • Hiera in core! • Automatic params lookup 3.x
Brief history of Puppet updates • From 3.x to 4.x • Future parser! • All-in-One packaging • New file locations • Application orchestration added • Directory environments (control-repo!) • Removed hiera_puppet backend 4.x
Brief history of Puppet updates • From 4.x to 7.x • puppetserver ca replaces puppet cert (6.x) • Many types (nagios, cron, mount, yumrepo…) moved from core to modules (6.x) • Resource API (6.x) • Application orchestration removed: application, site, consumes, produces, export and consume (7.x) 7.x
Puppet changes • Legacy facts excluded by default • Strict mode enabled by default • Hiera 3 removed by default • Thin reports with only changes 8
Puppet 8: Legacy facts removed • Legacy facts are no longer collected by the agent and can't be used in code • Use puppet-lint legacy-facts plugin to identify and in some case fix legacy facts in your code To preserve backwards compatibility: Old behavior can be reestablished setting in puppet.conf: include_legacy_facts = true
Common facts mapping architecture => facts['os']['architecture'] domain => facts['networking']['domain'] fqdn => facts['networking']['fqdn'] hostname => facts['networking']['hostname'] ipaddress => facts['networking']['ip'] macaddress => facts['networking']['mac'] Netmask => facts['networking']['netmask'] network => facts['networking']['network'] operatingsystem => facts['os']['name'] operatingsystemmajrelease => facts['os']['release']['major’] operatingsystemrelease => facts['os']['release']['full'] osfamily => facts['os']['family'] lsbdistid => facts['os']['distro']['id’] selinux => facts['os']['selinux']['enabled']
Puppet 8: Strict mode Strict mode is enabled by default Puppet compilation fails in these conditions: • Accessing undefined variables • Accessing a legacy fact: notice($facts['osfamily']) • Coercing a string into a numeric: "1" + 1 • Using the stdlib deprecation function
Puppet 8: Strict mode To preserve backwards compatibility: Old behavior can be reestablished setting in puppet.conf: strict_variables = false strict=warning
Puppet 8: Goodbye Hiera 3 • Hiera 3 is removed by default • hiera.yaml must use v5 format • Hiera 3 based backends must be converted • Replace legacy hiera functions with lookup To preserve backwards compatibility: Install separately the hiera 3 gem.
Puppet 8: Only events in reports By default, Puppet reports include only events Unchanged resources are not listed in reports PRO: Huge reduction of reports length To restore existing behaviour To restore full reports on agents’ puppet.conf set: exclude_unchanged_resources = false
Refactoring ? • Why • How • Challenges • Best practices
Refactoring: WHY? Limitation of technical debt Enhancement of code readability Improved maintainability Increased efficiency Legacy code update Respond to new requirements
Refactoring CHALLENGES • Tackling technical debt • Define new and emerging needs • Cope with current production • Develop safely • Test • Control rollout
Refactoring HOW? Start • Start small and work incrementally Focus • Focus on high- impact changes Keep • Keep the codebase maintainable Understand • Understand risks and impact Collaborate • Collaborate with stakeholders
Refactoring in Puppet world • Feature flags enable new code • Parallel files creation (to diff) • In place refactoring for safe changes
Refactoring: feature flags • Existing code is untouched • Refactored code is added and lives side by side • Refactored code is triggered via a param like: class my_class ( Boolean $use_refactor = false, ) { } PRO: No impact, by default, on current systems PRO: Rollout can be controlled via Hiera
Refactoring: feature flags class my_class ( Boolean $use_refactor = false, ) { if $use_refactor { # NEW CODE HERE } else { # Leave, as is, your existing code } } Configure in Hiera To enable refactored code set in Hiera data: my_class::use_refactor: true
Refactoring: parallel files Applies only to configuration files 1. A parallel file is created based on new code 2. Validate changes with scripts to diff the two files 3. Via Hiera class::use_refactor param manage content PRO: Safe, verified and controlled, for most delicate cases CON: Testing / validation times can be long
Refactoring: parallel files class my_class ( Boolean $use_refactor = false, ) { if $use_refactor { $config_file_content => epp(‘my_class/my_class.conf.epp), $diff_file_content => # How you used to manage config file, } else { $config_file_content => # Whaterver you have now $diff_file_content => epp(‘my_class/my_class.conf.epp), } file { ‘/etc/my_class.conf’: content => $config_file_content, } file { ‘/etc/my_class.conf.diff’: content => $diff_file_content, notify => undef, } }
In place refactoring • On directly on existing code no parallel codebase • Good for safe and limited changes • Puppet lint fixes • Code compatibility updates • General improvements • Safe addition of new parameters • Cleanups of unused code
Testing and rolling out changes • Noop mode, on client and server • Canary testing • Diff review • CI/CD
Puppet noop mode See what Puppet would change without changing anything Client side noop: Set on agent’s puppet.conf [agent] noop = true Server side noop: Set in Puppet code noop() function from trlinkin-noop module noop(true)
Server side noop class my_class ( Boolean $noop_manage = false, Boolean $noop_mode = true, ) { if $noop_manage { noop($noop_mode) } # All the following resources in the class # are applied in $noop_mode # regardless of client’s noop setting }
Canary testing • Rollout changes to growing subsets of nodes • Test and validate the result • The rollout is expanded incrementally • Allows for early detection and mitigation of issues • Canaries should be a good representation of: • All the OS supported • All the different roles
Catalog diff review • Module puppet/catalog_diff (alternatives exist) • Setup: • Create a dedicated certificate for the user running diff • Grant the certificate access to PuppetDB • Add options as needed • Exclude resource which change with environment • Visualise • Catalog diff viewer https://github.com/voxpupuli/puppet-catalog-diff-viewer
Catalog diff review options="--filter_old_env -- old_catalog_from_puppetdb --certless -- show_resource_diff --content_diff -- ignore_parameters alias --changed_depth 1000 -- output_report ${HOME}/lastrun-$$.json --threads 10" excludes="-- exclude_resource_types=File[/opt/puppetlabs/pe_pa tch/pe_patch_fact_generation.sh]" puppet catalog diff $puppet_server/$default_branch $puppet_server/${source_branch} $options $excludes
Continuous Integration • All the previous tests should be automated • A sane Puppet CI/CD pipeline should have: • Syntax checks • Syntax checks on Puppet target version (pdk) • Puppet-lint validation • Catalog diff review on a subset of nodes • Noop run on a subset of nodes • Enforcing run on testing nodes with status checks • Canary based rollout with status checks
Thank you ALL images by Tatlin 100% AI free
One last thing…
Live sessions streamed on youtube.com/@example42 Everybody can join the live anytime: https://bit.ly/example42live Fluid agenda. Mostly Puppet. Free as beer and speech. Puppettizing in Public LIVE, REALTIME NO SAFETY NETS @alvagante
When alone: • Building in public example42 OSS • Tests and developments With others: • Realtime troubleshooting • Quick Puppet support • AMA sessions • Tiny Data Requests With many: • Dynamic round tables • Collective problem solving With experts: • Product or modules updates from authors • Tiny Data applications drill down Puppettizing in Public @alvagante
See you thisFriday! Friday, February 9 17:00 GMT Puppettizing in Public Episode 0 Watch: youtube.com/@example42 Join live: bit.ly/example42live @alvagante

Recommended

modern module development - Ken Barber 2012 Edinburgh Puppet Camp
modern module development - Ken Barber 2012 Edinburgh Puppet Campmodern module development - Ken Barber 2012 Edinburgh Puppet Camp
modern module development - Ken Barber 2012 Edinburgh Puppet Camp
Puppet
 
Puppet: From 0 to 100 in 30 minutes
Puppet: From 0 to 100 in 30 minutesPuppet: From 0 to 100 in 30 minutes
Puppet: From 0 to 100 in 30 minutes
Alessandro Franceschi
 
What's new in Docker - InfraKit - Docker Meetup Berlin 2016
What's new in Docker - InfraKit - Docker Meetup Berlin 2016What's new in Docker - InfraKit - Docker Meetup Berlin 2016
What's new in Docker - InfraKit - Docker Meetup Berlin 2016
Patrick Chanezon
 
Puppet for Developers
Puppet for DevelopersPuppet for Developers
Puppet for Developers
sagarhere4u
 
Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)
DECK36
 
PuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into OperationsPuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into Operations
grim_radical
 
Puppet
PuppetPuppet
Puppet
csrocks
 
Puppet quick start guide
Puppet quick start guidePuppet quick start guide
Puppet quick start guide
Suhan Dharmasuriya
 

Recommended

modern module development - Ken Barber 2012 Edinburgh Puppet Camp
modern module development - Ken Barber 2012 Edinburgh Puppet Campmodern module development - Ken Barber 2012 Edinburgh Puppet Camp
modern module development - Ken Barber 2012 Edinburgh Puppet Camp
Puppet
 
Puppet: From 0 to 100 in 30 minutes
Puppet: From 0 to 100 in 30 minutesPuppet: From 0 to 100 in 30 minutes
Puppet: From 0 to 100 in 30 minutes
Alessandro Franceschi
 
What's new in Docker - InfraKit - Docker Meetup Berlin 2016
What's new in Docker - InfraKit - Docker Meetup Berlin 2016What's new in Docker - InfraKit - Docker Meetup Berlin 2016
What's new in Docker - InfraKit - Docker Meetup Berlin 2016
Patrick Chanezon
 
Puppet for Developers
Puppet for DevelopersPuppet for Developers
Puppet for Developers
sagarhere4u
 
Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)
DECK36
 
PuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into OperationsPuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into Operations
grim_radical
 
Puppet
PuppetPuppet
Puppet
csrocks
 
Puppet quick start guide
Puppet quick start guidePuppet quick start guide
Puppet quick start guide
Suhan Dharmasuriya
 
Developing IT infrastructures with Puppet
Developing IT infrastructures with PuppetDeveloping IT infrastructures with Puppet
Developing IT infrastructures with Puppet
Alessandro Franceschi
 
Writing & Sharing Great Modules on the Puppet Forge
Writing & Sharing Great Modules on the Puppet ForgeWriting & Sharing Great Modules on the Puppet Forge
Writing & Sharing Great Modules on the Puppet Forge
Puppet
 
Improving Operations Efficiency with Puppet
Improving Operations Efficiency with PuppetImproving Operations Efficiency with Puppet
Improving Operations Efficiency with Puppet
Nicolas Brousse
 
Puppet at Bazaarvoice
Puppet at BazaarvoicePuppet at Bazaarvoice
Puppet at Bazaarvoice
Puppet
 
Working Effectively With Legacy Perl Code
Working Effectively With Legacy Perl CodeWorking Effectively With Legacy Perl Code
Working Effectively With Legacy Perl Code
erikmsp
 
Automation using Puppet 3
Automation using Puppet 3 Automation using Puppet 3
Automation using Puppet 3
Fahmi Abdul Latip
 
From SaltStack to Puppet and beyond...
From SaltStack to Puppet and beyond...From SaltStack to Puppet and beyond...
From SaltStack to Puppet and beyond...
Yury Bushmelev
 
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
DECK36
 
Scaling to-5000-nodes
Scaling to-5000-nodesScaling to-5000-nodes
Scaling to-5000-nodes
Philip Watts
 
Puppet Camp New York 2015: Puppet Enterprise Scaling Lessons Learned (Interme...
Puppet Camp New York 2015: Puppet Enterprise Scaling Lessons Learned (Interme...Puppet Camp New York 2015: Puppet Enterprise Scaling Lessons Learned (Interme...
Puppet Camp New York 2015: Puppet Enterprise Scaling Lessons Learned (Interme...
Puppet
 
Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)
Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)
Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)
Robert Nelson
 
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
Nicolas Brousse
 
Provisioning with Puppet
Provisioning with PuppetProvisioning with Puppet
Provisioning with Puppet
Joe Ray
 
Harmonious Development: Via Vagrant and Puppet
Harmonious Development: Via Vagrant and PuppetHarmonious Development: Via Vagrant and Puppet
Harmonious Development: Via Vagrant and Puppet
Achieve Internet
 
Nagios Conference 2014 - Mike Merideth - The Art and Zen of Managing Nagios w...
Nagios Conference 2014 - Mike Merideth - The Art and Zen of Managing Nagios w...Nagios Conference 2014 - Mike Merideth - The Art and Zen of Managing Nagios w...
Nagios Conference 2014 - Mike Merideth - The Art and Zen of Managing Nagios w...
Nagios
 
Workflow story: Theory versus Practice in large enterprises by Marcin Piebiak
Workflow story: Theory versus Practice in large enterprises by Marcin PiebiakWorkflow story: Theory versus Practice in large enterprises by Marcin Piebiak
Workflow story: Theory versus Practice in large enterprises by Marcin Piebiak
NETWAYS
 
Workflow story: Theory versus practice in Large Enterprises
Workflow story: Theory versus practice in Large EnterprisesWorkflow story: Theory versus practice in Large Enterprises
Workflow story: Theory versus practice in Large Enterprises
Puppet
 
Puppet Systems Infrastructure Construction Kit
Puppet Systems Infrastructure Construction KitPuppet Systems Infrastructure Construction Kit
Puppet Systems Infrastructure Construction Kit
Alessandro Franceschi
 
Docker meetup
Docker meetupDocker meetup
Docker meetup
Ruslan Lutsenko
 
Testing NodeJS with Mocha, Should, Sinon, and JSCoverage
Testing NodeJS with Mocha, Should, Sinon, and JSCoverageTesting NodeJS with Mocha, Should, Sinon, and JSCoverage
Testing NodeJS with Mocha, Should, Sinon, and JSCoverage
mlilley
 
DevOps - Evoluzione della specie - DevOps Heroes.pdf
DevOps - Evoluzione della specie - DevOps Heroes.pdfDevOps - Evoluzione della specie - DevOps Heroes.pdf
DevOps - Evoluzione della specie - DevOps Heroes.pdf
Alessandro Franceschi
 
Tiny Puppet Can Install Everything. Prove me wrong!
Tiny Puppet Can Install Everything. Prove me wrong!Tiny Puppet Can Install Everything. Prove me wrong!
Tiny Puppet Can Install Everything. Prove me wrong!
Alessandro Franceschi
 

More Related Content

Similar to Strategies for Puppet code upgrade and refactoring

Working Effectively With Legacy Perl Code
Working Effectively With Legacy Perl CodeWorking Effectively With Legacy Perl Code
Working Effectively With Legacy Perl Code
erikmsp
 
Provisioning with Puppet
Provisioning with PuppetProvisioning with Puppet
Provisioning with Puppet
Joe Ray
 
Testing NodeJS with Mocha, Should, Sinon, and JSCoverage
Testing NodeJS with Mocha, Should, Sinon, and JSCoverageTesting NodeJS with Mocha, Should, Sinon, and JSCoverage
Testing NodeJS with Mocha, Should, Sinon, and JSCoverage
mlilley
 

Similar to Strategies for Puppet code upgrade and refactoring (20)

Developing IT infrastructures with Puppet
Developing IT infrastructures with PuppetDeveloping IT infrastructures with Puppet
Developing IT infrastructures with Puppet
 
Writing & Sharing Great Modules on the Puppet Forge
Writing & Sharing Great Modules on the Puppet ForgeWriting & Sharing Great Modules on the Puppet Forge
Writing & Sharing Great Modules on the Puppet Forge
 
Improving Operations Efficiency with Puppet
Improving Operations Efficiency with PuppetImproving Operations Efficiency with Puppet
Improving Operations Efficiency with Puppet
 
Puppet at Bazaarvoice
Puppet at BazaarvoicePuppet at Bazaarvoice
Puppet at Bazaarvoice
 
Working Effectively With Legacy Perl Code
Working Effectively With Legacy Perl CodeWorking Effectively With Legacy Perl Code
Working Effectively With Legacy Perl Code
 
Automation using Puppet 3
Automation using Puppet 3 Automation using Puppet 3
Automation using Puppet 3
 
From SaltStack to Puppet and beyond...
From SaltStack to Puppet and beyond...From SaltStack to Puppet and beyond...
From SaltStack to Puppet and beyond...
 
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
 
Scaling to-5000-nodes
Scaling to-5000-nodesScaling to-5000-nodes
Scaling to-5000-nodes
 
Puppet Camp New York 2015: Puppet Enterprise Scaling Lessons Learned (Interme...
Puppet Camp New York 2015: Puppet Enterprise Scaling Lessons Learned (Interme...Puppet Camp New York 2015: Puppet Enterprise Scaling Lessons Learned (Interme...
Puppet Camp New York 2015: Puppet Enterprise Scaling Lessons Learned (Interme...
 
Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)
Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)
Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)
 
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
 
Provisioning with Puppet
Provisioning with PuppetProvisioning with Puppet
Provisioning with Puppet
 
Harmonious Development: Via Vagrant and Puppet
Harmonious Development: Via Vagrant and PuppetHarmonious Development: Via Vagrant and Puppet
Harmonious Development: Via Vagrant and Puppet
 
Nagios Conference 2014 - Mike Merideth - The Art and Zen of Managing Nagios w...
Nagios Conference 2014 - Mike Merideth - The Art and Zen of Managing Nagios w...Nagios Conference 2014 - Mike Merideth - The Art and Zen of Managing Nagios w...
Nagios Conference 2014 - Mike Merideth - The Art and Zen of Managing Nagios w...
 
Workflow story: Theory versus Practice in large enterprises by Marcin Piebiak
Workflow story: Theory versus Practice in large enterprises by Marcin PiebiakWorkflow story: Theory versus Practice in large enterprises by Marcin Piebiak
Workflow story: Theory versus Practice in large enterprises by Marcin Piebiak
 
Workflow story: Theory versus practice in Large Enterprises
Workflow story: Theory versus practice in Large EnterprisesWorkflow story: Theory versus practice in Large Enterprises
Workflow story: Theory versus practice in Large Enterprises
 
Puppet Systems Infrastructure Construction Kit
Puppet Systems Infrastructure Construction KitPuppet Systems Infrastructure Construction Kit
Puppet Systems Infrastructure Construction Kit
 
Docker meetup
Docker meetupDocker meetup
Docker meetup
 
Testing NodeJS with Mocha, Should, Sinon, and JSCoverage
Testing NodeJS with Mocha, Should, Sinon, and JSCoverageTesting NodeJS with Mocha, Should, Sinon, and JSCoverage
Testing NodeJS with Mocha, Should, Sinon, and JSCoverage
 

More from Alessandro Franceschi

More from Alessandro Franceschi (18)

DevOps - Evoluzione della specie - DevOps Heroes.pdf
DevOps - Evoluzione della specie - DevOps Heroes.pdfDevOps - Evoluzione della specie - DevOps Heroes.pdf
DevOps - Evoluzione della specie - DevOps Heroes.pdf
 
Tiny Puppet Can Install Everything. Prove me wrong!
Tiny Puppet Can Install Everything. Prove me wrong!Tiny Puppet Can Install Everything. Prove me wrong!
Tiny Puppet Can Install Everything. Prove me wrong!
 
ReUse Your (Puppet) Modules!
ReUse Your (Puppet) Modules!ReUse Your (Puppet) Modules!
ReUse Your (Puppet) Modules!
 
Ten years of [Puppet] installations. What now?
Ten years of [Puppet] installations. What now?Ten years of [Puppet] installations. What now?
Ten years of [Puppet] installations. What now?
 
Puppet Continuous Integration with PE and GitLab
Puppet Continuous Integration with PE and GitLabPuppet Continuous Integration with PE and GitLab
Puppet Continuous Integration with PE and GitLab
 
Puppet control-repo 
to the next level
Puppet control-repo 
to the next levelPuppet control-repo 
to the next level
Puppet control-repo 
to the next level
 
Tp install anything
Tp install anythingTp install anything
Tp install anything
 
Puppet evolutions
Puppet evolutionsPuppet evolutions
Puppet evolutions
 
Essential applications management with Tiny Puppet
Essential applications management with Tiny PuppetEssential applications management with Tiny Puppet
Essential applications management with Tiny Puppet
 
Raise the bar! Reloaded
Raise the bar! ReloadedRaise the bar! Reloaded
Raise the bar! Reloaded
 
Raise the bar!
Raise the bar!Raise the bar!
Raise the bar!
 
Anatomy of a reusable module
Anatomy of a reusable moduleAnatomy of a reusable module
Anatomy of a reusable module
 
Puppet modules for Fun and Profit
Puppet modules for Fun and ProfitPuppet modules for Fun and Profit
Puppet modules for Fun and Profit
 
Puppet modules: A Holistic Approach - Geneva
Puppet modules: A Holistic Approach - GenevaPuppet modules: A Holistic Approach - Geneva
Puppet modules: A Holistic Approach - Geneva
 
Puppet modules: An Holistic Approach
Puppet modules: An Holistic ApproachPuppet modules: An Holistic Approach
Puppet modules: An Holistic Approach
 
Spaghetti devops
Spaghetti devopsSpaghetti devops
Spaghetti devops
 
Puppi. Puppet strings to the shell
Puppi. Puppet strings to the shellPuppi. Puppet strings to the shell
Puppi. Puppet strings to the shell
 
Puppet @ Seat
Puppet @ SeatPuppet @ Seat
Puppet @ Seat
 

Recently uploaded

The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 

Recently uploaded (20)

The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational Performance
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 

Strategies for Puppet code upgrade and refactoring

  • 1. Strategies for Puppet code upgrade and refactoring Alessandro Franceschi Config Management Camp 2024
  • 2. About me Alessandro Franceschi @alvagante • "World longest active Puppet consultant" • Started with version 0.20 in 2007 in Bank of Italy • Developed example42 modules (psick, tp, puppi, nextgen modules) • Playing with Puppet, IT, AI (because we can’t miss the AI race, can we?), life, universe and everything Puppet Modules and Interoperability - PuppetCamp Europe (2010) - Ghent
  • 3. About this presentation • Brief history of Puppet [breaking] changes • Puppet 8 • Code refactoring obvious practices • Refactoring techniques in Puppet • Testing and rollout approaches • and an example42 surprise
  • 4. Brief history of Puppet updates • From 0.25 to 2.6 (eleven times better!) • Pure Ruby manifests :-O • Run Stages introduced • Parameterised classes! • Extlookup (Hiera’s parent) • New relationship syntax ( ->, ~> ) • Basic Windows support • Single binary (puppetd -> puppet apply) 2.6
  • 5. Brief history of Puppet updates • From 2.x to 3.x • Variables dynamic scoping removed • Params in defines must be variables • puppet:///modules/ required with modules • Old puppet* commands removed • Pure Ruby manifests deprecated • Hiera in core! • Automatic params lookup 3.x
  • 6. Brief history of Puppet updates • From 3.x to 4.x • Future parser! • All-in-One packaging • New file locations • Application orchestration added • Directory environments (control-repo!) • Removed hiera_puppet backend 4.x
  • 7. Brief history of Puppet updates • From 4.x to 7.x • puppetserver ca replaces puppet cert (6.x) • Many types (nagios, cron, mount, yumrepo…) moved from core to modules (6.x) • Resource API (6.x) • Application orchestration removed: application, site, consumes, produces, export and consume (7.x) 7.x
  • 8. Puppet changes • Legacy facts excluded by default • Strict mode enabled by default • Hiera 3 removed by default • Thin reports with only changes 8
  • 9. Puppet 8: Legacy facts removed • Legacy facts are no longer collected by the agent and can't be used in code • Use puppet-lint legacy-facts plugin to identify and in some case fix legacy facts in your code To preserve backwards compatibility: Old behavior can be reestablished setting in puppet.conf: include_legacy_facts = true
  • 10. Common facts mapping architecture => facts['os']['architecture'] domain => facts['networking']['domain'] fqdn => facts['networking']['fqdn'] hostname => facts['networking']['hostname'] ipaddress => facts['networking']['ip'] macaddress => facts['networking']['mac'] Netmask => facts['networking']['netmask'] network => facts['networking']['network'] operatingsystem => facts['os']['name'] operatingsystemmajrelease => facts['os']['release']['major’] operatingsystemrelease => facts['os']['release']['full'] osfamily => facts['os']['family'] lsbdistid => facts['os']['distro']['id’] selinux => facts['os']['selinux']['enabled']
  • 11. Puppet 8: Strict mode Strict mode is enabled by default Puppet compilation fails in these conditions: • Accessing undefined variables • Accessing a legacy fact: notice($facts['osfamily']) • Coercing a string into a numeric: "1" + 1 • Using the stdlib deprecation function
  • 12. Puppet 8: Strict mode To preserve backwards compatibility: Old behavior can be reestablished setting in puppet.conf: strict_variables = false strict=warning
  • 13. Puppet 8: Goodbye Hiera 3 • Hiera 3 is removed by default • hiera.yaml must use v5 format • Hiera 3 based backends must be converted • Replace legacy hiera functions with lookup To preserve backwards compatibility: Install separately the hiera 3 gem.
  • 14. Puppet 8: Only events in reports By default, Puppet reports include only events Unchanged resources are not listed in reports PRO: Huge reduction of reports length To restore existing behaviour To restore full reports on agents’ puppet.conf set: exclude_unchanged_resources = false
  • 15. Refactoring ? • Why • How • Challenges • Best practices
  • 16. Refactoring: WHY? Limitation of technical debt Enhancement of code readability Improved maintainability Increased efficiency Legacy code update Respond to new requirements
  • 17. Refactoring CHALLENGES • Tackling technical debt • Define new and emerging needs • Cope with current production • Develop safely • Test • Control rollout
  • 18. Refactoring HOW? Start • Start small and work incrementally Focus • Focus on high- impact changes Keep • Keep the codebase maintainable Understand • Understand risks and impact Collaborate • Collaborate with stakeholders
  • 19. Refactoring in Puppet world • Feature flags enable new code • Parallel files creation (to diff) • In place refactoring for safe changes
  • 20. Refactoring: feature flags • Existing code is untouched • Refactored code is added and lives side by side • Refactored code is triggered via a param like: class my_class ( Boolean $use_refactor = false, ) { } PRO: No impact, by default, on current systems PRO: Rollout can be controlled via Hiera
  • 21. Refactoring: feature flags class my_class ( Boolean $use_refactor = false, ) { if $use_refactor { # NEW CODE HERE } else { # Leave, as is, your existing code } } Configure in Hiera To enable refactored code set in Hiera data: my_class::use_refactor: true
  • 22. Refactoring: parallel files Applies only to configuration files 1. A parallel file is created based on new code 2. Validate changes with scripts to diff the two files 3. Via Hiera class::use_refactor param manage content PRO: Safe, verified and controlled, for most delicate cases CON: Testing / validation times can be long
  • 23. Refactoring: parallel files class my_class ( Boolean $use_refactor = false, ) { if $use_refactor { $config_file_content => epp(‘my_class/my_class.conf.epp), $diff_file_content => # How you used to manage config file, } else { $config_file_content => # Whaterver you have now $diff_file_content => epp(‘my_class/my_class.conf.epp), } file { ‘/etc/my_class.conf’: content => $config_file_content, } file { ‘/etc/my_class.conf.diff’: content => $diff_file_content, notify => undef, } }
  • 24. In place refactoring • On directly on existing code no parallel codebase • Good for safe and limited changes • Puppet lint fixes • Code compatibility updates • General improvements • Safe addition of new parameters • Cleanups of unused code
  • 25. Testing and rolling out changes • Noop mode, on client and server • Canary testing • Diff review • CI/CD
  • 26. Puppet noop mode See what Puppet would change without changing anything Client side noop: Set on agent’s puppet.conf [agent] noop = true Server side noop: Set in Puppet code noop() function from trlinkin-noop module noop(true)
  • 27. Server side noop class my_class ( Boolean $noop_manage = false, Boolean $noop_mode = true, ) { if $noop_manage { noop($noop_mode) } # All the following resources in the class # are applied in $noop_mode # regardless of client’s noop setting }
  • 28. Canary testing • Rollout changes to growing subsets of nodes • Test and validate the result • The rollout is expanded incrementally • Allows for early detection and mitigation of issues • Canaries should be a good representation of: • All the OS supported • All the different roles
  • 29. Catalog diff review • Module puppet/catalog_diff (alternatives exist) • Setup: • Create a dedicated certificate for the user running diff • Grant the certificate access to PuppetDB • Add options as needed • Exclude resource which change with environment • Visualise • Catalog diff viewer https://github.com/voxpupuli/puppet-catalog-diff-viewer
  • 30. Catalog diff review options="--filter_old_env -- old_catalog_from_puppetdb --certless -- show_resource_diff --content_diff -- ignore_parameters alias --changed_depth 1000 -- output_report ${HOME}/lastrun-$$.json --threads 10" excludes="-- exclude_resource_types=File[/opt/puppetlabs/pe_pa tch/pe_patch_fact_generation.sh]" puppet catalog diff $puppet_server/$default_branch $puppet_server/${source_branch} $options $excludes
  • 31. Continuous Integration • All the previous tests should be automated • A sane Puppet CI/CD pipeline should have: • Syntax checks • Syntax checks on Puppet target version (pdk) • Puppet-lint validation • Catalog diff review on a subset of nodes • Noop run on a subset of nodes • Enforcing run on testing nodes with status checks • Canary based rollout with status checks
  • 32. Thank you ALL images by Tatlin 100% AI free
  • 34. Live sessions streamed on youtube.com/@example42 Everybody can join the live anytime: https://bit.ly/example42live Fluid agenda. Mostly Puppet. Free as beer and speech. Puppettizing in Public LIVE, REALTIME NO SAFETY NETS @alvagante
  • 35. When alone: • Building in public example42 OSS • Tests and developments With others: • Realtime troubleshooting • Quick Puppet support • AMA sessions • Tiny Data Requests With many: • Dynamic round tables • Collective problem solving With experts: • Product or modules updates from authors • Tiny Data applications drill down Puppettizing in Public @alvagante
  • 36. See you thisFriday! Friday, February 9 17:00 GMT Puppettizing in Public Episode 0 Watch: youtube.com/@example42 Join live: bit.ly/example42live @alvagante