This document provides an overview of Puppet, a system configuration management tool. Puppet uses a declarative language to define system resources and their desired state. It has a client-server architecture where the client collects facts, receives a configuration from the server, checks the current state, and runs required transactions to achieve the desired state. The Puppet server compiles configurations, acts as a file server and certificate authority, and handles reports. Puppet provides resource abstractions, templates, and modules to define reusable configurations. It aims to provide a more declarative, semantic, reproducible, and shareable approach to system administration compared to previous imperative methods.
4. System Administration
âWe will encourage
you to develop the
three great virtues of a
programmer: laziness,
impatience, and hubris.â
--Larry Wall,
Programming Perl
5. One
Computer
Image From: http://ftp.arl.mil/ftp/historic-computers/
6. Two
Computers
Image From http://ďŹickr.com/photos/arthur_pewty/2703897757/
28. Lazy Puppeteers
People are ďŹnally ďŹguring out puppet and
how it gets you to the pub by 4pm. Note
that I've been at this pub since 2pm.
-- Jorge Castro
31. An Analogy
Programming SysAdmin
Low Level, commands and
Assembly
Non-Portable, ďŹles
Some Abstraction,
Portability Possible
C Cfengine
Abstract, Perl, Python,
Puppet
Portable Ruby
32. An Analogy
Programming SysAdmin
Low Level, commands and
Assembly
Non-Portable, ďŹles
Some Abstraction,
Portability Possible
C Cfengine
Abstract, Perl, Python,
Puppet
Portable Ruby
33. An Analogy
Programming SysAdmin
Low Level, commands and
Assembly
Non-Portable, ďŹles
Some Abstraction,
Portability Possible
C Cfengine
Abstract, Perl, Python,
Puppet
Portable Ruby
34. An Analogy
Programming SysAdmin
Low Level, commands and
Assembly
Non-Portable, ďŹles
Some Abstraction,
Portability Possible
C Cfengine
Abstract, Perl, Python,
Puppet
Portable Ruby
35. âthe most damaging phrase in the language is:
`We've always done it this way.ââ
-- Grace Hopper
(developer of the ďŹrst compiler)
71. class exim {
include spamassassin::client
package { exim: ... }
file { âexim.confâ: ... }
service { âeximâ: ...}
}
class spamassassin {
class server { ... }
class client { ... }
}
72. node eximbox1, eximbox2 {
include exim
}
node eximbox3 {
include exim
include spamassassin::server
}
node spambox {
include spamassassin::server
}
122. End
⢠Puppet: http://puppet.reductivelabs.com/
⢠More: http://delicious.com/freiheit/puppet
⢠Pulling Strings With Puppet: http://xrl.us/oqpb4 (amazon)
⢠Alternatives:
⢠cfengine (automating the old ways)
⢠Bcfg2 (XML)
⢠LCFG (less OS support)
⢠$$$$
⢠Me: http://eric.eisenhart.name/
⢠slide:ology: http://slideology.com/
Hinweis der Redaktion
My License: http://creativecommons.org/licenses/by-sa/3.0/ -- not all included images fall under that; check links
Image: http://flickr.com/photos/victornuno/544763827/
What is system administration?
Supporting Customers. Services, not computers. Invisible when done right.
Ideal SysAdmin: lazy
http://www.sysadminday.com/whatsysadmin.html
Photo from: http://flickr.com/photos/emzee/139794246/
What is system administration?
Supporting Customers. Services, not computers. Invisible when done right.
Ideal SysAdmin: lazy
http://www.sysadminday.com/whatsysadmin.html
Photo from: http://flickr.com/photos/emzee/139794246/
It was okay to hand-craft; you only had one computer. One computer was all you needed.
Image From: http://ftp.arl.mil/ftp/historic-computers/
Later, maybe more computers. Maybe 2 to have a highly-available cluster or to have one to test with and one to use for “production”
Image from: http://hampage.hu/vax/kepek/VAXft3000.jpg -- originally from HP
The Old Ways
Hand-crafted. Do every step by hand.
Image From: http://flickr.com/photos/oaspetele_de_piatra/2680418274/
In that environment, it makes sense to hand-manage each system with care.
Image: Niece, Kaylei Rose
Later, maybe more computers. Maybe 2 to have a highly-available cluster or to have one to test with and one to use for “production”.
95 Unix servers, 27 of them are VMs. 54+ puppet managed. Total server population: ~150 (?)
Later, maybe more computers. Maybe 2 to have a highly-available cluster or to have one to test with and one to use for “production”.
95 Unix servers, 27 of them are VMs. 54+ puppet managed. Total server population: ~150 (?)
Later, maybe more computers. Maybe 2 to have a highly-available cluster or to have one to test with and one to use for “production”.
95 Unix servers, 27 of them are VMs. 54+ puppet managed. Total server population: ~150 (?)
Later, maybe more computers. Maybe 2 to have a highly-available cluster or to have one to test with and one to use for “production”.
95 Unix servers, 27 of them are VMs. 54+ puppet managed. Total server population: ~150 (?)
Later, maybe more computers. Maybe 2 to have a highly-available cluster or to have one to test with and one to use for “production”.
95 Unix servers, 27 of them are VMs. 54+ puppet managed. Total server population: ~150 (?)
As you go from 2 to many, one obvious technique: the golden master.
By hand: work that system to perfection. Then copy up to an image server.
Image From: http://flickr.com/photos/chitrasudar/2558214472/
Then clone your images from the golden master to all of your systems.
Great for computer labs
Ghost. Or even kickstart
Then clone your images from the golden master to all of your systems.
Great for computer labs
Ghost. Or even kickstart
But what if you need to make something different?
4 web servers
1 DB Server.
Add a slimmed down image for Virtual machine
Now you need to make at DB server for a VM?
How? You have 4 images of the whole OS on a hard drive somewhere, but how do you merge 2 sets of changes together?
But what if you need to make something different?
4 web servers
1 DB Server.
Add a slimmed down image for Virtual machine
Now you need to make at DB server for a VM?
How? You have 4 images of the whole OS on a hard drive somewhere, but how do you merge 2 sets of changes together?
But what if you need to make something different?
4 web servers
1 DB Server.
Add a slimmed down image for Virtual machine
Now you need to make at DB server for a VM?
How? You have 4 images of the whole OS on a hard drive somewhere, but how do you merge 2 sets of changes together?
Fundamental Issue: You want your systems as alike as possible (makes life easier), but you also need to make them different from each other in specific ways.
Puppet is a way to automatically manage your systems.
Puppet lets you be lazier
making the computers do all of the work
BEING documentation
http://friendfeed.com/e/d6e342f7-d768-ce43-5529-eef2166cabc3/puppetmasterd-People-are-finally-figuring-out/?service=twitter
An Analogy
“A HighLevelLanguage is a ProgrammingLanguage that supports system development at a high LevelOfAbstraction, thereby freeing the developer from keeping in his head lots of details that are irrelevant to the problem at hand.” -- http://c2.com/cgi/wiki?HighLevelLanguage
An Analogy
“A HighLevelLanguage is a ProgrammingLanguage that supports system development at a high LevelOfAbstraction, thereby freeing the developer from keeping in his head lots of details that are irrelevant to the problem at hand.” -- http://c2.com/cgi/wiki?HighLevelLanguage
An Analogy
“A HighLevelLanguage is a ProgrammingLanguage that supports system development at a high LevelOfAbstraction, thereby freeing the developer from keeping in his head lots of details that are irrelevant to the problem at hand.” -- http://c2.com/cgi/wiki?HighLevelLanguage
An Analogy
“A HighLevelLanguage is a ProgrammingLanguage that supports system development at a high LevelOfAbstraction, thereby freeing the developer from keeping in his head lots of details that are irrelevant to the problem at hand.” -- http://c2.com/cgi/wiki?HighLevelLanguage
An Analogy
“A HighLevelLanguage is a ProgrammingLanguage that supports system development at a high LevelOfAbstraction, thereby freeing the developer from keeping in his head lots of details that are irrelevant to the problem at hand.” -- http://c2.com/cgi/wiki?HighLevelLanguage
Probably in response to programmers who still wanted to write Assembly
“Puppet is a declarative language for expressing system configuration, a client and server for distributing it, and a library for realizing the configuration.”
New Way to Think: Instead of automating current techniques (files and commands), Puppet reframes the problem.
“Puppet is a declarative language for expressing system configuration, a client and server for distributing it, and a library for realizing the configuration.”
New Way to Think: Instead of automating current techniques (files and commands), Puppet reframes the problem.
“Puppet is a declarative language for expressing system configuration, a client and server for distributing it, and a library for realizing the configuration.”
New Way to Think: Instead of automating current techniques (files and commands), Puppet reframes the problem.
“Puppet is a declarative language for expressing system configuration, a client and server for distributing it, and a library for realizing the configuration.”
New Way to Think: Instead of automating current techniques (files and commands), Puppet reframes the problem.
Declarative: You say what you want, not how to do it. nouns, not verbs.
Semantic: Code has meaning.
Reproducible: Repeat and get the same results
Shareable: give to a friend. Or find modules on the internet and use them
Maintainable
Extensible: not all that terribly hard to write Resource Types and Providers. Also: define.
Declarative: You say what you want, not how to do it. nouns, not verbs.
Semantic: Code has meaning.
Reproducible: Repeat and get the same results
Shareable: give to a friend. Or find modules on the internet and use them
Maintainable
Extensible: not all that terribly hard to write Resource Types and Providers. Also: define.
Declarative: You say what you want, not how to do it. nouns, not verbs.
Semantic: Code has meaning.
Reproducible: Repeat and get the same results
Shareable: give to a friend. Or find modules on the internet and use them
Maintainable
Extensible: not all that terribly hard to write Resource Types and Providers. Also: define.
Declarative: You say what you want, not how to do it. nouns, not verbs.
Semantic: Code has meaning.
Reproducible: Repeat and get the same results
Shareable: give to a friend. Or find modules on the internet and use them
Maintainable
Extensible: not all that terribly hard to write Resource Types and Providers. Also: define.
Declarative: You say what you want, not how to do it. nouns, not verbs.
Semantic: Code has meaning.
Reproducible: Repeat and get the same results
Shareable: give to a friend. Or find modules on the internet and use them
Maintainable
Extensible: not all that terribly hard to write Resource Types and Providers. Also: define.
Declarative: You say what you want, not how to do it. nouns, not verbs.
Semantic: Code has meaning.
Reproducible: Repeat and get the same results
Shareable: give to a friend. Or find modules on the internet and use them
Maintainable
Extensible: not all that terribly hard to write Resource Types and Providers. Also: define.
Old: commands and files. New: resources.
Problems with old way: doesn’t happen at install time. Doesn’t happen if system is unavailable. Doesn’t fix itself (yum/apt server down, typo, broken later, etc). Ugly.
Could put into install script (kickstart, etc), but then what about later when want to change systems?
Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)
same thing applies to “clusterssh”
Old: commands and files. New: resources.
Problems with old way: doesn’t happen at install time. Doesn’t happen if system is unavailable. Doesn’t fix itself (yum/apt server down, typo, broken later, etc). Ugly.
Could put into install script (kickstart, etc), but then what about later when want to change systems?
Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)
same thing applies to “clusterssh”
Old: commands and files. New: resources.
Problems with old way: doesn’t happen at install time. Doesn’t happen if system is unavailable. Doesn’t fix itself (yum/apt server down, typo, broken later, etc). Ugly.
Could put into install script (kickstart, etc), but then what about later when want to change systems?
Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)
same thing applies to “clusterssh”
Old: commands and files. New: resources.
Problems with old way: doesn’t happen at install time. Doesn’t happen if system is unavailable. Doesn’t fix itself (yum/apt server down, typo, broken later, etc). Ugly.
Could put into install script (kickstart, etc), but then what about later when want to change systems?
Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)
same thing applies to “clusterssh”
Old: commands and files. New: resources.
Problems with old way: doesn’t happen at install time. Doesn’t happen if system is unavailable. Doesn’t fix itself (yum/apt server down, typo, broken later, etc). Ugly.
Could put into install script (kickstart, etc), but then what about later when want to change systems?
Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)
same thing applies to “clusterssh”
Old: commands and files. New: resources.
Problems with old way: doesn’t happen at install time. Doesn’t happen if system is unavailable. Doesn’t fix itself (yum/apt server down, typo, broken later, etc). Ugly.
Could put into install script (kickstart, etc), but then what about later when want to change systems?
Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)
Old: commands and files. New: resources.
Problems with old way: doesn’t happen at install time. Doesn’t happen if system is unavailable. Doesn’t fix itself (yum/apt server down, typo, broken later, etc). Ugly.
Could put into install script (kickstart, etc), but then what about later when want to change systems?
Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)
Old: commands and files. New: resources.
Problems with old way: doesn’t happen at install time. Doesn’t happen if system is unavailable. Doesn’t fix itself (yum/apt server down, typo, broken later, etc). Ugly.
Could put into install script (kickstart, etc), but then what about later when want to change systems?
Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)
Old: commands and files. New: resources.
Problems with old way: doesn’t happen at install time. Doesn’t happen if system is unavailable. Doesn’t fix itself (yum/apt server down, typo, broken later, etc). Ugly.
Could put into install script (kickstart, etc), but then what about later when want to change systems?
Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)
Old: commands and files. New: resources.
Problems with old way: doesn’t happen at install time. Doesn’t happen if system is unavailable. Doesn’t fix itself (yum/apt server down, typo, broken later, etc). Ugly.
Could put into install script (kickstart, etc), but then what about later when want to change systems?
Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)
Let’s build this up a bit
Restart the box and puppet starts exim (instead of coming up on its own)
require <-> after
subscribe <-> notify
I would never do this. I think this would work. Might not get a report, since could kill puppet before it&#x2019;s done with stuff...
Like a virtual method in some object-oriented languages.
Can only manage a resource in one place: this is a kind of workaround.
Requires database backend
sqlite by default
MySQL or something else required to scale
>>>>>>>>>>>>>>>>> STAND >>>>>>>>>>>>>>>>>>>>>>>>>>>
http://commons.wikimedia.org/wiki/Image:Leontopithecus.rosalia-03-ZOO.Dvur.Kralove.jpg