Using puppet

Using Puppet
Alex Su
2011/12/26

Classification 2012/4/3 Copyright 2009 Trend Micro Inc. 1

What is a system admin?
Trend Micro Copyright 2009 Trend Micro Inc.
Confidential

Don‟t look at me...
I wasn‟t the last one to touch it...
Confidential

One Goal:
Revolutionize
System
Administration

Confidential

An Analogy

Programming SysAdmin

Low-level, Assembly commands
non-portable and ﬁles

Abstract, Java / Python / Ruby Resources
portable

Confidential

This
apt-get install openssh-server
vi /etc/ssh/sshd_config
/etc/init.d/ssh start

Becomes
package { ssh: ensure => installed }
file { sshd_config:
name => “/etc/ssh/sshd_config”,
source => “puppet://server/apps/ssh/sshd
}
service { sshd: ensure => running, }

Confidential

Puppet Quick Overview
• Stop administrating your environment and start developing it...
• Re-usable code for managing your software & conﬁgurations
• Provides a Domain Speciﬁc Language (DSL) to script with
– Classes, conditionals, selectors, variables, basic math, etc.
• Supports Linux, Solaris, BSD, OS X; Windows in process!

Confidential

Confidential

Puppet Module Structure

Confidential

A Partial List of Puppet types
Packages • Supports 30 different package providers
• Abstracted for your OS automatically
• Specify „installed‟, „absent‟, or „latest‟ for desired state
• Change from „installed‟ to „latest‟ and deploy for quick
Upgrade

Services • Supports 10 different „init‟ frameworks
• Control whether a service starts on boot or is required to
be running always
• A service can be notified to restart if a configuration file
has been changed
Files/Directories • Specify ownership & permissions
• Load content from „files/‟, „templates/‟ or custom strings
• Create symlinks
• Supports 5 types to verify a file checksum
• Purge a directory of files not „maintained‟

Confidential

Nagios ‘Type’ Support
Nagios Service @@nagios_service {
"load_check_${hostname}":
service_description => "Load Averages",
check_command => "load_check!3!5",
host_name => "$fqdn",
use => "generic-service";
}
Nagios Service @@nagios_servicegroup {
Group "apache_servers":
alias => "Apache Servers";
}
Nagios Host @@nagios_host { $fqdn:
ensure => present,
hostgroups => "ldap",
use => "generic-host";
}
Nagios Host @@nagios_hostgroup {
Group "load_balancers":
alias => "Load Balancers";
}

Confidential

Sample site.pp
import "environment"
import "util"
import "constants"
import "bases"
import "nodes"

# global defaults
Exec { path =>
"/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbi
n:/usr/bin:/root/bin" }

Confidential

Classes vs. Modules

• Why use the classes directory and the modules
directory?
• Classes are more global and usually contain many
different modules
• Modules are the smallest unit of measure that Puppet
builds from

Confidential

Sample hadoop master class
class hadoop-master {
include kerberoskdc
include authclient
include ldapserver
include hadoop
include hbase
include pig
}

class pig {
# install packages
$packagelist = ["hadoop-pig"]

# install packages
package { 'base_pig_rpms':
ensure => installed,
name => $packagelist,
}
}

Confidential

Sample module init.pp
class resolv {
file { "resolv.conf":
path => "/etc/resolv.conf",
content => template("resolv/conf/resolv.conf.erb"),
owner => root,
group => root,
mode => 644,
ensure => file,
}

file { "hosts":
path => "/etc/hosts",
content => template("resolv/conf/hosts.erb"),
owner => root,
group => root,
mode => 644,
ensure => file,
}
}

Confidential

apt-get install openssh-server
vi /etc/ssh/sshd_config
/etc/init.d/ssh start

Configuration should
get modified after
Package package installation
Service should restart
when configuration changes
Configuration

Service

Confidential

package { ssh: ensure => installed }
file { sshd_config:
name => “/etc/ssh/sshd_config”,
source => “puppet://server/apps/ssh/sshd,
after => Package[ssh]
}
service { sshd:
ensure => running,
subscribe => [Package[ssh], File[sshd_config]]
}

Confidential

What is a template?
• Puppet templates are flat files containing Embedded Ruby
(ERB) variables

• hadoop/conf/hadoop-metrics.properties.erb
<% if ganglia_hosts.length > 0 %>
dfs.class=org.apache.hadoop.metrics.ganglia.GangliaContext31
dfs.period=10
dfs.servers=<% ganglia_hosts.each do |host| -%><%= host %> <% end -%>
<% end %>

• resolv/conf/hosts.erb
<% ip_host_map.each do |ip,hosts| -%>
<%= ip %> <%= hosts %>
<% end -%>

Confidential

What is a node?
• Node definitions look just like classes, including supporting inheritance,
but they are special in that when a node (a managed computer
running the Puppet client) connects to the Puppet master daemon.

• nodes.pp
node 'tm5-master.client.tw.trendnet.org' inherits hadoop_master {}

or
node 'tm5-master.client.tw.trendnet.org' {
include kerberoskdc
include authclient
include ldapserver
include hadoop
include hbase
include pig
}

Confidential

Puppet Network Overview

• Configuration allows for manual synchronizations or a set increment
• Client or server initiated synchronizations
• Client/Server configuration leverages a Certificate Authority (CA) on the
• Puppet Master to sign client certificates to verify authenticity
• Transmissions of all data between a master & client are encrypted
Confidential

Every Client:

• Retrieve resource catalog from central server
• Determine resource order
• Check each resource in turn, ﬁxing if necessary
• Rinse and repeat, every 30 minutes

Confidential

Every Resource:

• Retrieve current state (e.g., by querying dpkg db or
doing a stat)
• Compare to desired state
• Fix, if necessary (or just log)

Confidential

tail –f /var/log/message

Confidential

TM-Puppet

/etc/puppet

auth.conf files/ manifests/ modules/
autosign.conf byhost/ bases.pp hadoop/

puppet.conf host1/ nodes.pp manifests/
init.pp
host2/ site.pp

host3/ util.pp templates/

hbase/

pig/

Confidential

Reference

• Deployment Tools
• ERB - Ruby Templating

Confidential

Questions?


THANK YOU!


Using puppet

More Related Content

What's hot

Similar to Using puppet

More from Alex Su

Recently uploaded

Using puppet