Puppet, profile picture
Uploaded byPuppet
PDF, PPTX3,713 views

Using Puppet with Self Service Provisioning

This document discusses integrating Puppet configuration management with self-service provisioning systems. It describes two common design patterns for applying Puppet configurations - the "a la carte" pattern where users select from multiple configuration options, and the "roles and profiles" pattern where users select a single predefined role. The document also outlines different approaches to classifying nodes in Puppet and integrating the Puppet master with provisioning platforms like VMware vRealize Automation. It provides examples of using the Puppet RAKE API to pre-stage nodes and assign configuration groups.

Embed presentation

Download as PDF, PPTX
© 2014 VMware Inc. All rights reserved. Using Puppet with vRealize Automation Self Service Provisioning and Configuration Management Justin Jones Senior Consultant, VMware 01/12/2015
About the speaker 2 Senior Consultant @ VMware Integration and Automation Team Previously: Lockheed Martin Accenture justin7jones justin7jones Consulting Projects I’ve worked on:
Why Self Service Provisioning? 3 Fast Delivery Fully ConfiguredCustomized Traditional VM Delivery Triangle Pick 2 •  Properly implemented Self Service Provisioning promises all 3 of the Delivery Triangle •  To achieve all 3, configuration management is a necessity •  Organizations try all the time to script customization and configuration. They mostly fail- the overhead in maintaining and managing an application installation and configuration script base across product versions and operating systems is too high. •  There is an answer…
•  System Administrators are faced with managing much larger numbers of virtual machines when a self service provisioning system is deployed •  Maintaining software package versions over large pools of systems is time consuming and difficult •  Without centralized configuration management, configuration drift challenges standardized enterprise configuration which can be a huge headache for system administrators Puppet + Self Service Provisioning Benefits Admins, too 4
There are 2 main types of Self Provisioning puppet implementations we frequently see in the field: Using Puppet with a Self Service Provisioning Solution 5 Infrastructure Configuration •  Shared between (most) VMs in the environment •  Configures global OS settings like logging, admin security accounts, NTP settings, etc. •  Definition extends to installing and configuring infra apps like monitoring agents, backup, etc. Infrastructure Customization •  Unique depending on the purpose of the VM •  Installs and configures non infrastructure applications •  Subdivided into 2 additional models •  ‘a la carte’ Design Pattern •  Roles and Profiles Design Pattern
“Design Patterns” is the term typically used in the Puppet community that is similar to what other organizations term ‘Best Practices’- the idea is that no one solution is ‘one size fits all’ and what is ‘Best Practices’ for one organization may not be such for another. Infrastructure Customization Design Patterns 6 Roles Profiles Design Pattern: Essentially a single ‘role’ (which is a Puppet Group) is chosen that defines EVERYTHING that puppet configures on the system. Membership in multiple roles is NOT ALLOWED. ‘a la carte’ design pattern: The cloud platform is configured to present the user with a ‘menu’ of choices. The may multiselect as many choices as they would like. Invalid combinations must be prohibited in the user presentation layer (UI).
‘a la carte’ Design Pattern (with Self Service Provisioning)
‘a la carte’ Design Pattern 8 VMware vRealize Automation 6.01 screenshot, simple ‘a la carte’ checkbox list
‘a la carte’ Design Pattern 9 Properties of the ‘a la carte’ design pattern: •  Nodes can be members of any number of groups •  Some group combinations may not be allowed- it is up to administrator to configure the UI so that invalid combinations cannot be selected •  Each elective group corresponds to an option chosen in the UI •  Required groups are applied regardless of user selection and are not selected in the UI
Roles and Profiles Design Pattern (with Self Service Provisioning)
Roles and Profiles Design Pattern 11 VMware vRealize Automation 6.01 screenshot, simple Role Selection list. For Role Selection, no Multiselect is needed. A single Role may be chosen in the UI. Alternatively, each item ‘ordered’ in a catalog may correspond to a role.
Roles and Profiles Design Pattern 12 Properties of the Roles and Profiles design pattern: •  Nodes can be members of ONLY 1 GROUP. This Group is called a Role •  A role can have multiple classes applied to it •  The UI must be configured so that only a SINGLE Role may be chosen-
Which Design Pattern Should I use? 13 ‘a la carte’ Attributes •  Provides users with the greatest flexibility •  Can allow ‘hybrid’ systems (web + db), etc. •  Prevents ‘role sprawl’ •  If systems frequently end up with invalid class combinations, you may want to consider Roles and Profiles Roles and Profiles Attributes •  High level of consistency between servers •  Easier to enforce compliance •  Less choices for user (depends on your user base if this is good or not) •  If ‘role sprawl’ occurs, you have probably chosen the wrong design pattern.
Self Service Provisioning Task Flow Designs 14
15 Self Service Provisioning Task Flow: Autosign Method User  Orders  VM Prestage  VM  in   Puppet (RAKE  API) Node  Builds  in   Hypervisor Node  boots  and   runs  Puppet  Agent Node  checks  in  to   Puppet  Enterprise   Console Node  is  autosigned (Policy  Based,   whitelist,  ,or  Naïve) Node  is  assigned   group(s)  by  RAKE   API  call Agent  Runs  and   VM  is  complete For more information on autosigning, see: https://docs.puppetlabs.com/puppet/latest/reference/ssl_autosign.html
16 Self Service Provisioning Task Flow: REST API Signing Method For more information on the HTTP REST API and cert signing, see: https://docs.puppetlabs.com/guides/rest_api.html#certificate-status User  Orders  VM Prestage  VM  in   Puppet (RAKE  API) Node  Builds  in   Hypervisor Node  boots  and   runs  Puppet  Agent Node  checks  in  to   Puppet  Enterprise   Console HTTP  REST  API  call   to  sign  CERT Node  is  assigned   group(s)  by  RAKE   API  call Agent  Runs  and   VM  is  complete
Alternative Methods to Assign Node Group Membership 17
Puppet Data Flow 18
19 Alternative Classification: Built in Facts (FQDN)
20 Alternative Classification: Custom Facts For more information on creating custom facts, see: https://docs.puppetlabs.com/facter/2.3/custom_facts.html#adding-custom-facts-to-facter
21 Sample RAKE API Commands (Prestage ‘a la carte’) For more information on RAKE API, see the following: https://docs.puppetlabs.com/pe/latest/console_rake_api.html Automation engine will SSH into Puppet Enterprise Console and Create Node / Assign Group membership is a single command $  sudo  /opt/puppet/bin/rake  -­‐f  /opt/puppet/share/puppet-­‐dashboard/Rakefile   RAILS_ENV=production     node:add[my_vm_01,(VMware_Mandatory,VMware_Monitoring_Agent,  VMware_Apache)]  
22 Sample RAKE API Commands (Prestage ‘Roles and Profiles’) For more information on RAKE API, see the following: https://docs.puppetlabs.com/pe/latest/console_rake_api.html Automation engine will SSH into Puppet Enterprise Console and Create Node / Assign Group membership is a single command $  sudo  /opt/puppet/bin/rake  -­‐f  /opt/puppet/share/puppet-­‐dashboard/Rakefile   RAILS_ENV=production     node:add[my_vm_01,(ROLE::Apache_Web_Server)]  
Integration with Puppet: Automation Platform Requirements 23
Machine Lifecycle: Determine how to integrate with SSP Platform INTERNAL OR VMWARE AUTHORIZED USE ONLY 24 VM  is  ordered From  Catalog Before  Machine  is Cloned/built/ Deployed After  Machine Is  booted When  Machine Is  Edited When  machine  is deleted Prestage  Node In  Puppet (Create  and  classify/ apply  groups) Invoke  Agent And/or HTTP  REST  Sign Change  Node   Groups Clean  Up  Node   (Delete  from   Puppet)
Machine Lifecycle: How VMware does it (Before Machine is Built) 25 User Orders VM from catalog During Each State, a vCenter Orchestrator Workflow is called by vCloud Automation Center
•  System Administrators are faced with managing much larger numbers of virtual machines when a self service provisioning system is deployed •  Without configuration management, there is a gap in automated delivery of VMs (the ‘automatic’ process terminates with a manual final step, which defeats the purpose) •  Without centralized configuration management, configuration drift and system standardization (are they pointed at the correct DNS server?, etc.) can be a huge headache for system administrators •  Integration with Self Service Provisioning Platforms typically requires an orchestration engine that can be called from the SSP Platform Key Points 26
Questions? 27

More Related Content

PPTX
VMware and Puppet: How to Plan, Deploy & Manage Modern Applications
byPuppet
 
PDF
Building self-service on demand infrastructure with Puppet and VMware
byPuppet
 
PPTX
Plan, Deploy & Manage Modern Applications Leveraging vCloud Automation Center...
byPuppet
 
PDF
VMworld 2013: Part 2: How to Build a Self-Healing Data Center with vCenter Or...
byVMworld
 
PPTX
V mware v center orchestrator 5.5 knowledge transfer kit
bysolarisyougood
 
PPTX
V mware v realize orchestrator 6.0 knowledge transfer kit
bysolarisyougood
 
PDF
VMware Automation, PowerCLI presented at the Northern California PSUG
byAlan Renouf
 
PPTX
PuppetConf 2017: vRealize Automation and Puppet: Enabling DevOps Ready IT- Ga...
byPuppet
 
VMware and Puppet: How to Plan, Deploy & Manage Modern Applications
byPuppet
 
Building self-service on demand infrastructure with Puppet and VMware
byPuppet
 
Plan, Deploy & Manage Modern Applications Leveraging vCloud Automation Center...
byPuppet
 
VMworld 2013: Part 2: How to Build a Self-Healing Data Center with vCenter Or...
byVMworld
 
V mware v center orchestrator 5.5 knowledge transfer kit
bysolarisyougood
 
V mware v realize orchestrator 6.0 knowledge transfer kit
bysolarisyougood
 
VMware Automation, PowerCLI presented at the Northern California PSUG
byAlan Renouf
 
PuppetConf 2017: vRealize Automation and Puppet: Enabling DevOps Ready IT- Ga...
byPuppet
 

What's hot

PDF
vRA7 What's New
byErik Bussink
 
PPTX
vCenter Orchestrator APIs
byPablo Roesch
 
PPTX
Dutch VMUG 2010 PowerCLI Presentation
byAlan Renouf
 
PDF
VMworld 2013: Keep it Simple and Integrated - Out-of the Box Cross-System Aut...
byVMworld
 
PPT
HotLink DR Express
bydean1609
 
PPTX
vCloud Automation Center 6.0 -My Notes on Architecture
bytechstarts
 
PPTX
VMware vSphere technical presentation
byaleyeldean
 
PPTX
How to build a cloud adapter
byMaarten Smeets
 
PPTX
VMworld 2015: Take Virtualization to the Next Level vSphere with Operations M...
byVMworld
 
PPTX
VMworld 2015: VMware vSphere Certificate Management for Mere Mortals
byVMworld
 
PDF
Partner Presentation vSphere6-VSAN-vCloud-vRealize
byErik Bussink
 
PPTX
PowerCLI Workshop
byCarter Shanklin
 
PDF
VMworld 2013: vCenter Deep Dive
byVMworld
 
PPTX
VMworld 2015: Managing vSphere 6 Deployments and Upgrades
byVMworld
 
PPTX
VMware 2015: Next Horizon for Cloud Networking and Security
byVMworld
 
PPTX
VMworld 2015: vSphere Web Client- Yesterday, Today, and Tomorrow
byVMworld
 
PPTX
VMworld 2015: Extreme Performance Series - vCenter Performance Best Practices
byVMworld
 
PPTX
VMworld 2015: Just Because You COULD, Doesn’t Mean You SHOULD – vSphere 6.0 A...
byVMworld
 
PPTX
VMworld 2015: Deliver High Performance Desktops with VMware Horizon and NVIDI...
byVMworld
 
PPTX
VMworld 2015: Automating Everything VMware with PowerCLI- Deep Dive
byVMworld
 
vRA7 What's New
byErik Bussink
 
vCenter Orchestrator APIs
byPablo Roesch
 
Dutch VMUG 2010 PowerCLI Presentation
byAlan Renouf
 
VMworld 2013: Keep it Simple and Integrated - Out-of the Box Cross-System Aut...
byVMworld
 
HotLink DR Express
bydean1609
 
vCloud Automation Center 6.0 -My Notes on Architecture
bytechstarts
 
VMware vSphere technical presentation
byaleyeldean
 
How to build a cloud adapter
byMaarten Smeets
 
VMworld 2015: Take Virtualization to the Next Level vSphere with Operations M...
byVMworld
 
VMworld 2015: VMware vSphere Certificate Management for Mere Mortals
byVMworld
 
Partner Presentation vSphere6-VSAN-vCloud-vRealize
byErik Bussink
 
PowerCLI Workshop
byCarter Shanklin
 
VMworld 2013: vCenter Deep Dive
byVMworld
 
VMworld 2015: Managing vSphere 6 Deployments and Upgrades
byVMworld
 
VMware 2015: Next Horizon for Cloud Networking and Security
byVMworld
 
VMworld 2015: vSphere Web Client- Yesterday, Today, and Tomorrow
byVMworld
 
VMworld 2015: Extreme Performance Series - vCenter Performance Best Practices
byVMworld
 
VMworld 2015: Just Because You COULD, Doesn’t Mean You SHOULD – vSphere 6.0 A...
byVMworld
 
VMworld 2015: Deliver High Performance Desktops with VMware Horizon and NVIDI...
byVMworld
 
VMworld 2015: Automating Everything VMware with PowerCLI- Deep Dive
byVMworld
 

Viewers also liked

PDF
PuppetConf 2016: Puppet and vRealize Automation: The Next Generation – Ganesh...
byPuppet
 
PPTX
Order management, provisioning and activation
byVijayIndra Shekhawat
 
PDF
Intro to-puppet
byF.L. Jonathan Araña Cruz
 
PDF
Red Hat Satellite 6 - Automation with Puppet
byMichael Lessard
 
PDF
Designing Puppet: Roles/Profiles Pattern
byPuppet
 
PDF
Self-Driving Data Center
bySergey A. Razin
 
PPTX
VAS - VMware CMP
byMohamed El Shorbagy ☁☁☁
 
PPTX
VIR311 Microsoft System Center Virtual Machine Manager 2008 R2: Advanced Virt...
byJohn Wildes
 
PPTX
Private Cloud Administration - SCVMM
byJohn Barreto Espinosa
 
PPTX
VMware Solutions
byMohamed El Shorbagy ☁☁☁
 
PDF
Infrastructure as Code with Chef / Puppet
byEdmund Siegfried Haselwanter
 
PDF
Ansible and AWS
byPeter Sankauskas
 
PPTX
Horizon View 7
byIoseb Meskhishvili
 
PPT
SCM PPT
byVenkatesh Samineni
 
PDF
Test Driven Development with Puppet - PuppetConf 2014
byPuppet
 
PPTX
Orchestration & provisioning
bybuildacloud
 
DOCX
Simple_Movement_Class
byDavid Harris
 
PDF
PuppetConf track overview: Inside Puppet
byPuppet
 
PDF
Getting Started with Puppet - PuppetConf 2014
byPuppet
 
PDF
PuppetConf 2016: Puppet on Windows – Nicolas Corrarello, Puppet
byPuppet
 
PuppetConf 2016: Puppet and vRealize Automation: The Next Generation – Ganesh...
byPuppet
 
Order management, provisioning and activation
byVijayIndra Shekhawat
 
Intro to-puppet
byF.L. Jonathan Araña Cruz
 
Red Hat Satellite 6 - Automation with Puppet
byMichael Lessard
 
Designing Puppet: Roles/Profiles Pattern
byPuppet
 
Self-Driving Data Center
bySergey A. Razin
 
VAS - VMware CMP
byMohamed El Shorbagy ☁☁☁
 
VIR311 Microsoft System Center Virtual Machine Manager 2008 R2: Advanced Virt...
byJohn Wildes
 
Private Cloud Administration - SCVMM
byJohn Barreto Espinosa
 
VMware Solutions
byMohamed El Shorbagy ☁☁☁
 
Infrastructure as Code with Chef / Puppet
byEdmund Siegfried Haselwanter
 
Ansible and AWS
byPeter Sankauskas
 
Horizon View 7
byIoseb Meskhishvili
 
SCM PPT
byVenkatesh Samineni
 
Test Driven Development with Puppet - PuppetConf 2014
byPuppet
 
Orchestration & provisioning
bybuildacloud
 
Simple_Movement_Class
byDavid Harris
 
PuppetConf track overview: Inside Puppet
byPuppet
 
Getting Started with Puppet - PuppetConf 2014
byPuppet
 
PuppetConf 2016: Puppet on Windows – Nicolas Corrarello, Puppet
byPuppet
 

Similar to Using Puppet with Self Service Provisioning

PDF
VMworld 2013: VMware and Puppet: How to Plan, Deploy & Manage Modern Applicat...
byVMworld
 
PPTX
Delivering Applications with Full Lifecycle Automation in a Multi-Cloud World
byAvi Networks
 
PDF
SCM Puppet: from an intro to the scaling
byStanislav Osipov
 
PDF
Puppet | Custom Modules & Using the Forge
byAaron Bernstein
 
PDF
Puppet Design Patterns - PuppetConf
byDavid Danzilio
 
PPTX
Puppet plugin for vRealize Automation (vRA)
byPuppet
 
PPTX
Puppet
byJohn Coggeshall
 
PDF
PuppetConf 2017: No Server Left Behind - Miguel Di Ciurcio Filho, Instruct
byPuppet
 
PDF
Chef vs. Puppet in the Cloud: How Telepictures and MoneySuperMarket Do It
byRightScale
 
PDF
Patterns: Implementing an SOA Using an Enterprise Service Bus
byBlue Atoll Consulting
 
PDF
Patterns: Implementing an SOA using an enterprise service bus (ESB)
byKunal Ashar
 
PDF
PuppetConf 2016: Puppet Enterprise Roadmap and How to Succeed with It – Susan...
byPuppet
 
PDF
Puppet Design Patterns
byDavid Danzilio
 
PPTX
Intro to Puppet Enterprise 06.28.2017
byPuppet
 
PDF
Microservices 101: From DevOps to Docker and beyond
byDonnie Berkholz
 
PPTX
Integrating Puppet with RightScale: Customer Q&A
byRightScale
 
PDF
Puppet Camp Duesseldorf 2014: Luke Kanies - Puppet Keynote
byNETWAYS
 
PDF
Puppet Camp Dallas 2014: How Puppet Ops Rolls
byPuppet
 
PPT
PuppetCamp - How Puppet helped us to standardize, communicate and work together
byohadlevy
 
KEY
From Dev to DevOps - Apache Barcamp Spain 2011
byCarlos Sanchez
 
VMworld 2013: VMware and Puppet: How to Plan, Deploy & Manage Modern Applicat...
byVMworld
 
Delivering Applications with Full Lifecycle Automation in a Multi-Cloud World
byAvi Networks
 
SCM Puppet: from an intro to the scaling
byStanislav Osipov
 
Puppet | Custom Modules & Using the Forge
byAaron Bernstein
 
Puppet Design Patterns - PuppetConf
byDavid Danzilio
 
Puppet plugin for vRealize Automation (vRA)
byPuppet
 
Puppet
byJohn Coggeshall
 
PuppetConf 2017: No Server Left Behind - Miguel Di Ciurcio Filho, Instruct
byPuppet
 
Chef vs. Puppet in the Cloud: How Telepictures and MoneySuperMarket Do It
byRightScale
 
Patterns: Implementing an SOA Using an Enterprise Service Bus
byBlue Atoll Consulting
 
Patterns: Implementing an SOA using an enterprise service bus (ESB)
byKunal Ashar
 
PuppetConf 2016: Puppet Enterprise Roadmap and How to Succeed with It – Susan...
byPuppet
 
Puppet Design Patterns
byDavid Danzilio
 
Intro to Puppet Enterprise 06.28.2017
byPuppet
 
Microservices 101: From DevOps to Docker and beyond
byDonnie Berkholz
 
Integrating Puppet with RightScale: Customer Q&A
byRightScale
 
Puppet Camp Duesseldorf 2014: Luke Kanies - Puppet Keynote
byNETWAYS
 
Puppet Camp Dallas 2014: How Puppet Ops Rolls
byPuppet
 
PuppetCamp - How Puppet helped us to standardize, communicate and work together
byohadlevy
 
From Dev to DevOps - Apache Barcamp Spain 2011
byCarlos Sanchez
 

More from Puppet

PPTX
Puppet Community Day: Planning the Future Together
byPuppet
 
PPTX
The Evolution of Puppet: Key Changes and Modernization Tips
byPuppet
 
PPTX
Can You Help Me Upgrade to Puppet 8? Tips, Tools & Best Practices for Your Up...
byPuppet
 
PPTX
Bolt Dynamic Inventory: Making Puppet Easier
byPuppet
 
PPTX
Customizing Reporting with the Puppet Report Processor
byPuppet
 
PPTX
Puppet at ConfigMgmtCamp 2025 Sponsor Deck
byPuppet
 
PPTX
The State of Puppet in 2025: A Presentation from Developer Relations Lead Dav...
byPuppet
 
PPTX
Let Red be Red and Green be Green: The Automated Workflow Restarter in GitHub...
byPuppet
 
PDF
Puppet camp2021 testing modules and controlrepo
byPuppet
 
PPTX
Puppetcamp r10kyaml
byPuppet
 
PDF
2021 04-15 operational verification (with notes)
byPuppet
 
PPTX
Puppet camp vscode
byPuppet
 
PDF
Modules of the twenties
byPuppet
 
PDF
Applying Roles and Profiles method to compliance code
byPuppet
 
PPTX
KGI compliance as-code approach
byPuppet
 
PDF
Enforce compliance policy with model-driven automation
byPuppet
 
PDF
Keynote: Puppet camp compliance
byPuppet
 
PPTX
Automating it management with Puppet + ServiceNow
byPuppet
 
PPTX
Puppet: The best way to harden Windows
byPuppet
 
PPTX
Simplified Patch Management with Puppet - Oct. 2020
byPuppet
 
Puppet Community Day: Planning the Future Together
byPuppet
 
The Evolution of Puppet: Key Changes and Modernization Tips
byPuppet
 
Can You Help Me Upgrade to Puppet 8? Tips, Tools & Best Practices for Your Up...
byPuppet
 
Bolt Dynamic Inventory: Making Puppet Easier
byPuppet
 
Customizing Reporting with the Puppet Report Processor
byPuppet
 
Puppet at ConfigMgmtCamp 2025 Sponsor Deck
byPuppet
 
The State of Puppet in 2025: A Presentation from Developer Relations Lead Dav...
byPuppet
 
Let Red be Red and Green be Green: The Automated Workflow Restarter in GitHub...
byPuppet
 
Puppet camp2021 testing modules and controlrepo
byPuppet
 
Puppetcamp r10kyaml
byPuppet
 
2021 04-15 operational verification (with notes)
byPuppet
 
Puppet camp vscode
byPuppet
 
Modules of the twenties
byPuppet
 
Applying Roles and Profiles method to compliance code
byPuppet
 
KGI compliance as-code approach
byPuppet
 
Enforce compliance policy with model-driven automation
byPuppet
 
Keynote: Puppet camp compliance
byPuppet
 
Automating it management with Puppet + ServiceNow
byPuppet
 
Puppet: The best way to harden Windows
byPuppet
 
Simplified Patch Management with Puppet - Oct. 2020
byPuppet
 

Recently uploaded

PPTX
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
PDF
HuemanAI Platform Overview.pptx (1) (2).pdf
byAnkur Handoo
 
PDF
Clean Architecture with Vertical Slice Architecture in .NET 8
byVineet Sharma
 
PDF
ACE Aarhus February 2026: Atlassian news
byDanielEriksen5
 
PDF
Versnel innovatie met GitHub Enterprise - Rick Smit GitHub
byDelta-N
 
PPTX
How CFD Simulations Support Sustainable Data Center Design Optimization
byWeb Synergies
 
PDF
Ecommerce Website Development Services - Web Panel Solutions.pdf
byWEB PANEL SOLUTIONS
 
PDF
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
PDF
Taxi App UIUX Design for Seamless Ride Booking
byV3CUBE TECHNOLABS
 
PPTX
Connecting to MCP Servers in OutSystems Platform
byOzanCali
 
PPTX
Best Digital Marketing Company in Lucknow
bydigitallearning9277
 
PDF
The Ultimate Guide to Real Estate Tokenization Platforms
byDaniel Smith
 
PDF
JFokus 2026 - Please pass the salt- Serve up passwords with a side of entropy...
byOrtus Solutions, Corp
 
PPTX
Pitch Deck for MEVIA OS - No Apps, Infinite, Decentralized Operating System
byDr. Edwin Hernandez
 
PPTX
Data Skills for Business Analysts: What You Need to Succeed
byScott W. Ambler
 
PPTX
Installing Python in Visual Studio Code
bydabydcatahanibmcom
 
PPTX
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
PDF
Metrics, Logs, Traces, and Mayhem_ Introducing an observability adventure gam...
byImma Valls Bernaus
 
PDF
openstack_operations_slides_version1.3_pp.pdf
byssuser47d511
 
PPTX
Chapter Two Logic and Language - Copy.pptx
byGediyonBelay
 
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
HuemanAI Platform Overview.pptx (1) (2).pdf
byAnkur Handoo
 
Clean Architecture with Vertical Slice Architecture in .NET 8
byVineet Sharma
 
ACE Aarhus February 2026: Atlassian news
byDanielEriksen5
 
Versnel innovatie met GitHub Enterprise - Rick Smit GitHub
byDelta-N
 
How CFD Simulations Support Sustainable Data Center Design Optimization
byWeb Synergies
 
Ecommerce Website Development Services - Web Panel Solutions.pdf
byWEB PANEL SOLUTIONS
 
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
Taxi App UIUX Design for Seamless Ride Booking
byV3CUBE TECHNOLABS
 
Connecting to MCP Servers in OutSystems Platform
byOzanCali
 
Best Digital Marketing Company in Lucknow
bydigitallearning9277
 
The Ultimate Guide to Real Estate Tokenization Platforms
byDaniel Smith
 
JFokus 2026 - Please pass the salt- Serve up passwords with a side of entropy...
byOrtus Solutions, Corp
 
Pitch Deck for MEVIA OS - No Apps, Infinite, Decentralized Operating System
byDr. Edwin Hernandez
 
Data Skills for Business Analysts: What You Need to Succeed
byScott W. Ambler
 
Installing Python in Visual Studio Code
bydabydcatahanibmcom
 
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
Metrics, Logs, Traces, and Mayhem_ Introducing an observability adventure gam...
byImma Valls Bernaus
 
openstack_operations_slides_version1.3_pp.pdf
byssuser47d511
 
Chapter Two Logic and Language - Copy.pptx
byGediyonBelay
 

Using Puppet with Self Service Provisioning

  • 1.
    © 2014 VMwareInc. All rights reserved. Using Puppet with vRealize Automation Self Service Provisioning and Configuration Management Justin Jones Senior Consultant, VMware 01/12/2015
  • 2.
    About the speaker 2 SeniorConsultant @ VMware Integration and Automation Team Previously: Lockheed Martin Accenture justin7jones justin7jones Consulting Projects I’ve worked on:
  • 3.
    Why Self ServiceProvisioning? 3 Fast Delivery Fully ConfiguredCustomized Traditional VM Delivery Triangle Pick 2 •  Properly implemented Self Service Provisioning promises all 3 of the Delivery Triangle •  To achieve all 3, configuration management is a necessity •  Organizations try all the time to script customization and configuration. They mostly fail- the overhead in maintaining and managing an application installation and configuration script base across product versions and operating systems is too high. •  There is an answer…
  • 4.
    •  System Administratorsare faced with managing much larger numbers of virtual machines when a self service provisioning system is deployed •  Maintaining software package versions over large pools of systems is time consuming and difficult •  Without centralized configuration management, configuration drift challenges standardized enterprise configuration which can be a huge headache for system administrators Puppet + Self Service Provisioning Benefits Admins, too 4
  • 5.
    There are 2main types of Self Provisioning puppet implementations we frequently see in the field: Using Puppet with a Self Service Provisioning Solution 5 Infrastructure Configuration •  Shared between (most) VMs in the environment •  Configures global OS settings like logging, admin security accounts, NTP settings, etc. •  Definition extends to installing and configuring infra apps like monitoring agents, backup, etc. Infrastructure Customization •  Unique depending on the purpose of the VM •  Installs and configures non infrastructure applications •  Subdivided into 2 additional models •  ‘a la carte’ Design Pattern •  Roles and Profiles Design Pattern
  • 6.
    “Design Patterns” isthe term typically used in the Puppet community that is similar to what other organizations term ‘Best Practices’- the idea is that no one solution is ‘one size fits all’ and what is ‘Best Practices’ for one organization may not be such for another. Infrastructure Customization Design Patterns 6 Roles Profiles Design Pattern: Essentially a single ‘role’ (which is a Puppet Group) is chosen that defines EVERYTHING that puppet configures on the system. Membership in multiple roles is NOT ALLOWED. ‘a la carte’ design pattern: The cloud platform is configured to present the user with a ‘menu’ of choices. The may multiselect as many choices as they would like. Invalid combinations must be prohibited in the user presentation layer (UI).
  • 7.
    ‘a la carte’Design Pattern (with Self Service Provisioning)
  • 8.
    ‘a la carte’Design Pattern 8 VMware vRealize Automation 6.01 screenshot, simple ‘a la carte’ checkbox list
  • 9.
    ‘a la carte’Design Pattern 9 Properties of the ‘a la carte’ design pattern: •  Nodes can be members of any number of groups •  Some group combinations may not be allowed- it is up to administrator to configure the UI so that invalid combinations cannot be selected •  Each elective group corresponds to an option chosen in the UI •  Required groups are applied regardless of user selection and are not selected in the UI
  • 10.
    Roles and ProfilesDesign Pattern (with Self Service Provisioning)
  • 11.
    Roles and ProfilesDesign Pattern 11 VMware vRealize Automation 6.01 screenshot, simple Role Selection list. For Role Selection, no Multiselect is needed. A single Role may be chosen in the UI. Alternatively, each item ‘ordered’ in a catalog may correspond to a role.
  • 12.
    Roles and ProfilesDesign Pattern 12 Properties of the Roles and Profiles design pattern: •  Nodes can be members of ONLY 1 GROUP. This Group is called a Role •  A role can have multiple classes applied to it •  The UI must be configured so that only a SINGLE Role may be chosen-
  • 13.
    Which Design PatternShould I use? 13 ‘a la carte’ Attributes •  Provides users with the greatest flexibility •  Can allow ‘hybrid’ systems (web + db), etc. •  Prevents ‘role sprawl’ •  If systems frequently end up with invalid class combinations, you may want to consider Roles and Profiles Roles and Profiles Attributes •  High level of consistency between servers •  Easier to enforce compliance •  Less choices for user (depends on your user base if this is good or not) •  If ‘role sprawl’ occurs, you have probably chosen the wrong design pattern.
  • 14.
  • 15.
    15 Self Service ProvisioningTask Flow: Autosign Method User  Orders  VM Prestage  VM  in   Puppet (RAKE  API) Node  Builds  in   Hypervisor Node  boots  and   runs  Puppet  Agent Node  checks  in  to   Puppet  Enterprise   Console Node  is  autosigned (Policy  Based,   whitelist,  ,or  Naïve) Node  is  assigned   group(s)  by  RAKE   API  call Agent  Runs  and   VM  is  complete For more information on autosigning, see: https://docs.puppetlabs.com/puppet/latest/reference/ssl_autosign.html
  • 16.
    16 Self Service ProvisioningTask Flow: REST API Signing Method For more information on the HTTP REST API and cert signing, see: https://docs.puppetlabs.com/guides/rest_api.html#certificate-status User  Orders  VM Prestage  VM  in   Puppet (RAKE  API) Node  Builds  in   Hypervisor Node  boots  and   runs  Puppet  Agent Node  checks  in  to   Puppet  Enterprise   Console HTTP  REST  API  call   to  sign  CERT Node  is  assigned   group(s)  by  RAKE   API  call Agent  Runs  and   VM  is  complete
  • 17.
    Alternative Methods to AssignNode Group Membership 17
  • 18.
  • 19.
  • 20.
    20 Alternative Classification: CustomFacts For more information on creating custom facts, see: https://docs.puppetlabs.com/facter/2.3/custom_facts.html#adding-custom-facts-to-facter
  • 21.
    21 Sample RAKE APICommands (Prestage ‘a la carte’) For more information on RAKE API, see the following: https://docs.puppetlabs.com/pe/latest/console_rake_api.html Automation engine will SSH into Puppet Enterprise Console and Create Node / Assign Group membership is a single command $  sudo  /opt/puppet/bin/rake  -­‐f  /opt/puppet/share/puppet-­‐dashboard/Rakefile   RAILS_ENV=production     node:add[my_vm_01,(VMware_Mandatory,VMware_Monitoring_Agent,  VMware_Apache)]  
  • 22.
    22 Sample RAKE APICommands (Prestage ‘Roles and Profiles’) For more information on RAKE API, see the following: https://docs.puppetlabs.com/pe/latest/console_rake_api.html Automation engine will SSH into Puppet Enterprise Console and Create Node / Assign Group membership is a single command $  sudo  /opt/puppet/bin/rake  -­‐f  /opt/puppet/share/puppet-­‐dashboard/Rakefile   RAILS_ENV=production     node:add[my_vm_01,(ROLE::Apache_Web_Server)]  
  • 23.
    Integration with Puppet: AutomationPlatform Requirements 23
  • 24.
    Machine Lifecycle: Determinehow to integrate with SSP Platform INTERNAL OR VMWARE AUTHORIZED USE ONLY 24 VM  is  ordered From  Catalog Before  Machine  is Cloned/built/ Deployed After  Machine Is  booted When  Machine Is  Edited When  machine  is deleted Prestage  Node In  Puppet (Create  and  classify/ apply  groups) Invoke  Agent And/or HTTP  REST  Sign Change  Node   Groups Clean  Up  Node   (Delete  from   Puppet)
  • 25.
    Machine Lifecycle: HowVMware does it (Before Machine is Built) 25 User Orders VM from catalog During Each State, a vCenter Orchestrator Workflow is called by vCloud Automation Center
  • 26.
    •  System Administratorsare faced with managing much larger numbers of virtual machines when a self service provisioning system is deployed •  Without configuration management, there is a gap in automated delivery of VMs (the ‘automatic’ process terminates with a manual final step, which defeats the purpose) •  Without centralized configuration management, configuration drift and system standardization (are they pointed at the correct DNS server?, etc.) can be a huge headache for system administrators •  Integration with Self Service Provisioning Platforms typically requires an orchestration engine that can be called from the SSP Platform Key Points 26
  • 27.