Puppet Primer, Robbie Jerrom, Solution Architect VMware


Published on

Introduction to using Puppet Labs to automate the data centre

Published in: Technology, Spiritual
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Puppet Primer, Robbie Jerrom, Solution Architect VMware

  1. 1. © 2009 VMware Inc. All rights reservedPuppet PrimerRobbie Jerrom – Solution Architect VMwareTwitter- @robbiej
  2. 2. DisclaimerThe material in the presentation is based from my exploration andlearning of puppet.My views are my own and not necessarily shared by PuppetLabs orVMware.2 Confidential
  3. 3. About me..I’m a Solution Architect at VMware.Ex- IBM where I did many things.. The most relevant to this presentationis running the WebSphere build team for 2 years.... And it hurt.. Every version of AIX / Solaris / Windows & Early Linuxenvironments.. All from a single build environment .. Distributed aroundthe globe.I wish Puppet had existed back then !3 Confidential
  4. 4. Software Eats the World..“Puppet Labs Secures $30 MillionInvestment From VMware”4 Confidential
  5. 5. 5
  6. 6. So what is Puppet.. And why would I care ?Old school software deployment..• Production• Dev / Test• Service Support• Many of the challenges are the same and our solutions very similar.. Scripts… lots and lots of them..- Perl / PowerShell / Bash / SH / Make / Awk- Whatever your particular poison was you or your team created scripts to makethings easier.- Then you left.. Or got promoted.. And the next guy did the same.. Probably intheir favourite scripting language.6 Confidential
  7. 7. Result… script hell..Growing complexity..Inherited ‘mess’, undocumented and unmanageable.7 Confidential
  8. 8. As a concept.. A script is ‘how to do something’Scripts of any variety typically fall into describing how to perform atask.• Copy file a to location b If that fails log an error and stop.• Compile file a found in location b If that fails log an error and stop• Start Application server Call deploy script for myapplication found in location b.And they usually spawn more scripts !8 Confidential
  9. 9. A new way..Puppet takes a different approach..Puppet is a state machine, it takes a declarativeapproach to configuration management.You tell puppet ‘what’ and it works out the ‘how’.With Puppet you are providing a definition of what it means to be:• A Webserver• An Application server• A Proxy server9 Confidential
  10. 10. Puppet Operating Layers10 ConfidentialDeploymentConfiguration & Resource AbstractionTransactional Layer
  11. 11. Deployment LayerClient Server Architecture11 ConfidentialNode Node NodeNodeNodeNode(Puppet) Master
  12. 12. Configuration & Resource Abstraction LayerMuch more on this shortly..12 ConfidentialConfiguration & Resource AbstractionModules Classes Packages Files ServicesResources
  13. 13. Transaction Layer
  14. 14. To complete the picture..14 ConfidentialPuppet Enterprise
  15. 15. Everything to Puppet is a resource15 Confidential[root@puppet ~]# puppet resource user robbieuser { robbie:ensure => present,comment => Robbie,gid => 500,groups => [sudoers],home => /home/robbie,password => $1$W3RSF$sQhH9VeK1f5IwR.TNCj8y1,password_max_age => 99999,password_min_age => 0,shell => /bin/bash,uid => 500,}
  16. 16. Doing something in Puppet..Simple example – Single machine not client server.16 Confidential
  17. 17. Doing something in Puppet..A puppet managed environment consists of a number of core files.• site.pp - starting point for Puppet default configurations.• node.pp – file host descriptions.• modules - collection of .pp files to define your environment.17 Confidential
  18. 18. site.ppimport "templates.pp"import "node.pp"# global defaultsPackage {provider => $operatingsystem ? {debian => aptitude,redhat => up2date }}18 Confidential
  19. 19. include vimnode basenode{service {“telnet":ensure => "stopped", }}node ‘proxy.example.com’ inherits basenode{ include proxy }node /^wwwd+.example.com/ inherits basenode{ include webserver }node /^appd+.example.com/ inherits basenode{ include appserverpackage {‘vim’ : ensure => present }}node basenode{service {“telnet":ensure => "stopped", }}node.pp19 Confidentialnode ‘proxy.example.com’ inherits basenode{ include proxy }node /^wwwd+.example.com/ inherits basenode{ include webserver }Regex to include :www1.example.comwww2.example.com…. etc.node /^appd+.example.com inherits basenode{ include appserverpackage {‘vim’ : ensure => present }}Regex to include :app1.example.comapp2.example.com…. etc.
  20. 20. Package/File/Servicefile – Manage Local Files• ensure { present, absent, file, directory, link }• source• Content• purgepackage – Package management• ensure {present, latest, version, absent, purged }• Name• source20 Confidential
  21. 21. Package/File/Serviceservice – System services management• ensure {running, stopped}• enable {true, false}• hasrestart {true,false}Notify – log a message• message {“hello world!”}21 Confidential
  22. 22. Simple Puppet Example – Part of SSH Module22 Confidentialpackage { ssh:ensure => latest,}file { /etc/ssh/sshd_config:source => puppet:///modules/ssh/sshd_config,require => Package[ssh],notify => Service[sshd],}service { sshd:ensure => running,subscribe => Package[ssh],}
  23. 23. Modules23 Confidential
  24. 24. Apply to a node..Lets make a webserver then an app server.24 Confidential
  25. 25. The new platform scenarioPuppet makes things far quicker..1. Add the new node..• And any variations or missing configurations will be reported.• Factor will pull the new platform specifics and report up to puppetmaster.• Puppet will deploy & configure software as per the node policy.2. Update App Specific Manifests & Configs if new platform.3. Done !25 Confidential
  26. 26. Things I’ve learnt..SSL Cert’s are a pain anytime and place.• The Puppet Labs site has some great guides on configuration andmanagement of these but I still spent a reasonable amount of time fighting withthem.• Make sure DNS is working .. See above.. If your hostnames don’t match certsget upset – For local testing /etc/hosts might be easier.• Start small.. SSH / Tomcat are great little examples.. WebSphere or JBoss notso much. Apache is a good learning exercise.• MS Windows adds complexity, consider each windows version a completelydifferent platform. Some services provided by puppet do not work on Windowsyet.26 Confidential
  27. 27. Final words.. Questions ?VMware & PuppetLabs.. working together on some ‘cool stuff’.Right now vCloud Automation Centre & AppDirector products cantake advantage of Puppet.If you’re a VMware person, its worth becoming a Puppet person too.27 Confidential
  28. 28. Thanks for listening..Special thanks to the guys at PuppetLabs; Reid & Chris fortechnical support, t-shirts, stickers and books.28 Confidential