"External Node Classifiers - Get Efficient and Do A Lot More" (Beginner) - Anirban Saha, BlackRock given at Puppet Camp Düsseldorf 2014

1. Organizing Puppet nodes with External Node Classifiers and LDAP PuppetCamp Dusseldorf October, 2014

2. Objectives :
•
Organizing data and avoiding clutter
•
Learn the workflow of External Node Classifiers (ENCs)
•
How to write ENCs and demonstration
•
Learn the workflow of organizing node data with LDAP backend
•
How to configure LDAP for puppet nodes

3. Why bother to organize data ? because without it ….

4. •
Prepare to scale for now and for the future
•
Adopt standardized naming conventions to be used in configuring ENCs and maintaining inventory
•
Practice the art of better module writing
•
Avoid unnecessary troubleshooting of nodes.pp
•
Educate teams to practice ENCs (and avoid malpractice such as defining resources in nodes.pp…believe me, they do this)

5. ENC Workflow
•
Basically a script in any language (Ruby, Python, Perl, etc)
•
Takes the hostname (FQDN) or certname as the sole argument
•
Manipulates the argument and collects the data as written in the script
•
Produces the output in YAML format
•
Output has three main keys – classes, parameters and environment
•
A basic example of the output : environment: production classes: - sudo - ssh - ntp parameters: location: datacenter3

6. ENC output explained
Environment : The environment of the node (e.g. production, staging, development, etc.) being sync’d as
configured in puppet
Classes : List of modules configured in puppet and supposed to be sync’d with the node, e.g.
classes:
- groups
- users
- ntp
Parameters : A list of top scope variables which can be used in any of the modules listed in the ‘classes ‘ section. The value of the ‘parameters’ key is a hash of variable names and their values, can be used in the modules and templates, e.g.
parameters:
puppetserver: puppet-dusseldorf
adminserver: admin-dusseldorf
location: dusseldorf

7. Puppet Configuration changes for ENC
Following changes need to be made : In puppet configuration file of puppet master (lets say /opt/puppet/puppet.conf, if puppet conf directory is /opt/puppet) : [master] node_terminus = exec external_nodes = /opt/puppet/enc/node_classifier.rb All node classifier scripts need to be placed in the same directory (here /opt/puppet/enc)

8. ENC Demonstration
ENC scripts present in this repository : https://github.com/rosesnthornz/puppetcamp-dusseldorf-2014.git Path to scripts : puppetcamp-dusseldorf-2014/enc_scripts/

9. Organizing Puppet Data with LDAP
Prerequisites :
•
Active LDAP server or a new LDAP implementation
•
ruby-ldap package needs to be present on the Puppet worker node WorkFlow :
•
A new LDAP ‘objectclass’ called ‘puppetClient’ is added by extending the LDAP schema using the node terminus shipped with Puppet (/usr/share/puppet/ext/ldap/puppet.schema)
•
This schema adds some new attributes for the puppetClient objectclass as follows :
•
environment – equivalent to the ‘environment’ hash key in ENC scripts
•
puppetClass – equivalent to the ‘classes’ hash key in ENC scripts
•
puppetvar – equivalent to the ‘parameters’ hash key in ENC scripts
•
Each new node to be added to the Puppet database need to be added with the above attributes and objectclass in the LDAP directory

10. Puppet LDAP configuration steps
Containers need to be added under the top-level organizations in LDAP as follows :
dn: ou=hosts,dc=puppetcamp,dc=com
objectclass: organizationalUnit
ou: hosts
dn: ou=production,ou=hosts,dc=puppetcamp,dc=com
objectclass: organizationalUnit
ou: production
dn: ou=staging,ou=hosts,dc=puppetcamp,dc=com
objectclass: organizationalUnit
ou: staging
The containers above represent each of the environments configured in the Puppet infrastructure

11. Puppet LDAP configuration steps
The nodes need to be configured and added to LDAP as follows : dn: cn=pcdppms01.puppetcamp.com,ou=production,ou=hosts,dc=puppetcamp,dc=com objectclass: puppetClient objectclass: device environment: production puppetClass: groups puppetClass: sudo puppetClass: users::ops puppetClass: users::keys puppetvar: location='puppetcamp_dusseldorf' puppetvar: puppetserver='172.31.84.91' puppetvar: adminserver='172.31.0.2‘ The above configuration needs to be populated in ldif files and added to the LDAP directory

12. Puppet configuration changes for LDAP
The following changes need to be done in puppet.conf on the puppet master node to use LDAP as the node backend: node_terminus = ldap ldapserver = ldap.puppetcamp.com ldapbase = ou=hosts,dc=puppetcamp,dc=com The puppet master then needs to be restarted for the changes to take effect

13. LDAP Demonstration
LDAP files present in this repository : https://github.com/rosesnthornz/puppetcamp-dusseldorf-2014.git Path to files : puppetcamp-dusseldorf-2014/ldap/

14. Contact: Anirban Saha Email : sahaanirban1988@gmail.com Twitter : @rosesnthornz Skype : anirban.saha.88