SlideShare ist ein Scribd-Unternehmen logo
1 von 24
Downloaden Sie, um offline zu lesen

   Puppet Conf San Francisco 2012
       Alessandro Franceschi
         Lab42 / GrandSla
PUPPET @ Lab 42
2007 - Meet Puppet. Managed the Bank of Italy webfarm
2008 - First generation of Lab42 Puppet Modules
2009 - Multi OS support and standardization
2010 - A redesigned and coherent Example42 Module set
   Puppet Modules Standards and Interoperability (PuppetCamp 2010 - Belgium)
   Re-Use your Modules! (PuppetCamp 2010 - San Francisco)

2011 - Introducing Puppi
   Puppi: Puppet strings to the shell (PuppetCamp Europe 2011 - Amsterdam)

2012 - Example42 Next Gen modules
     - GrandSla: Puppet driven Infrastructure and Support
   Developing IT Infrastructures with Puppet (CodeMotion 2012 - Rome)
   A Holistic approach to Puppet modules (PuppetCamp Dublin and Geneva 2012)

                    “Job Driven” modules development
Data Separation
 Configuration data is defined outside the module (or even Puppet manifests)
 Module’s behavior is managed via APIs
 Allow module’s extension and override via external data
 Customize behavior without changing module code
 Do not force author’s idea on how configurations should be provided
 Support different OS. Easily allow new additions
 Follow PuppetLabs style guidelines (puppet-lint)
 Have coherent, predictable and intuitive interfaces
 Provide contextual documentation (puppet-doc)
 Limit cross-module dependencies
 Allow easy modules’ cherry picking
 Be self contained, do not interfere with other modules’ resources
Data Mixed with Logic
 Configuration data mixed inside the module’s logic
 Module’s behavior defined in many different places
 Module’s logic is rigid and can’t be defined externally
Works for me (here and now)
 Module just works for the current setup
 Can’t easily be re-used in other places for other projects
 Works just for the currently used OSes
Code chaos
 No layout rules, no standard style
 Not standardized and predictable parameters
 Who said “documentation”?
 Who cares.

Basically whatever is quick and dirty... but is this really an anti-pattern?*
                                                                          *(IMHO, yes)
Example42 modules: 10 design rules
Rule 1 - Provide alternatives for Data Separation
Rule 2 - Provide choice on Configuration Files supply
Rule 3 - Configure everything but provide OS defaults.
Rule 4 - Allow management of general module’s behavior
Rule 5 - Allow Custom Options for endless parameters
Rule 6 - Permit easy extension with custom classes
Rule 7 - Offer easy removal of the module’s resources
Rule 8 - Limit cross-dependencies. Prerequisites as options.
Rule 9 - Automatically monitor and firewall resources
Rule 10 - Puppi integration: Puppet knowledge to the CLI

 Rule #1

Set (Top Scope/External Node Classifier) variables and include classes:
            $::openssh_template = 'site/openssh/openssh.conf.erb'
            include openssh

Use Hiera:
            include openssh

Use Parametrized Classes:
            class { 'openssh':
              template => 'site/openssh/openssh.conf.erb',

Happily mix different patterns:
            $::monitor = true
            $::monitor_tool = [ 'nagios' , 'munin' , 'puppi' ]
            class { 'openssh':
              template => 'site/openssh/openssh.conf.erb',

 Rule #1

      Each parameter is processed by the params_lookup function
      class openssh (
      [...] # openssh module specific parameters ...
        $my_class            = params_lookup( 'my_class' ),
        $source              = params_lookup( 'source' ),
        $source_dir          = params_lookup( 'source_dir' ),
        $source_dir_purge    = params_lookup( 'source_dir_purge' ),
        $template            = params_lookup( 'template' ),
        $service_autorestart = params_lookup( 'service_autorestart' , 'global' ),
        $options             = params_lookup( 'options' ),
        $version             = params_lookup( 'version' ),
        $absent              = params_lookup( 'absent' ),
        $disable             = params_lookup( 'disable' ),
        $disableboot         = params_lookup( 'disableboot' ),
        $monitor             = params_lookup( 'monitor' , 'global' ),
        $monitor_tool        = params_lookup( 'monitor_tool' , 'global' ),
        $monitor_target      = params_lookup( 'monitor_target' , 'global' ),
      [...] # Other common parameters
        ) inherits openssh::params {

      Flexibility on booleans: they are sanitized by the any2bool function
        You set:
        $absent              => “yes” # (or “1”, ‘Y’, “true”, true ...)

        The module internally uses:
        $bool_absent = any2bool($absent)

                     PARAMS LOOKUP ORDER
 Rule #1

The function params_lookup is provided by the Puppi module
It allows data to be defined in different ways:
      Via Hiera, if available
      As Top Scope variable (as provided by External Node Classifiers)
      Via defaults set in the module’s params class
The “global” argument is used to define site_wide behavior
            # If there’s a direct param that’s the value
            class { ‘openssh’:
              monitor => true

            # Otherwise, If Hiera is available:
            hiera(“monitor”)         # If global lookup is set
            hiera(“openssh_monitor”) # A specific value overrides the global one

            # If variable is still not evaluated, Top Scope is looked up:
            $::monitor         # If global lookup is set
            $::openssh_monitor # If present, overrides $::monitor

            # Module’s params are used as last option defaults:

 Rule #2

Provide Main Configuration as a static file ...
            class { 'openssh':
              source => 'puppet:///modules/site/ssh/sshd.conf'

... an array of files looked up on a first match logic ...
            class { 'openssh':
              source => [ "puppet:///modules/site/ssh/sshd.conf-${fqdn}",

... or an erb template:
            class { 'openssh':
              template => 'site/ssh/sshd.conf.erb',

      Config File Path is defined in params.pp (can be overriden):
        config_file => '/etc/ssh/sshd_config',

 Rule #2

You can manage the whole Configuration Directory:
            class { 'openssh':
              source_dir => 'puppet:///modules/site/ssh/sshd/',
            This copies all the files in lab42/files/ssh/sshd/* to local config_dir

You can purge any existing file on the destination config_dir which are
not present on the source_dir path:
            class { 'openssh':
              source_dir       => 'puppet:///modules/site/ssh/sshd/',
              source_dir_purge => true, # default is false

            WARNING: Use with care

Config Dir Path is defined in params.pp (can be overriden):
              config_dir => '/etc/ssh',

 Rule #3

Customize Application Parameters. An example:
Use the puppet module to manage pe-puppet!
            class { 'puppet':
              template            =>   'lab42/pe-puppet/puppet.conf.erb',
              package             =>   'pe-puppet',
              service             =>   'pe-puppet',
              service_status      =>   true,
              config_file         =>   '/etc/puppetlabs/puppet/puppet.conf',
              config_file_owner   =>   'root',
              config_file_group   =>   'root',
              config_file_init    =>   '/etc/sysconfig/pe-puppet',
              process             =>   'ruby',
              process_args        =>   'puppet',
              process_user        =>   'root',
              config_dir          =>   '/etc/puppetlabs/puppet/',
              pid_file            =>   '/var/run/pe-puppet/',
              log_file            =>   '/var/log/pe-puppet/puppet.log',
              log_dir             =>   '/var/log/pe-puppet',

                      DEFAULTS IN PARAMS.PP
 Rule #3

      Each module has a params class with defaults for different OS
      class openssh::params {
        ### Application related parameters
        $package = $::operatingsystem ? {
          default => 'openssh-server',
        $service = $::operatingsystem ? {
          /(?i:Debian|Ubuntu|Mint)/ => 'ssh',
          default                   => 'sshd',
        $process = $::operatingsystem ? {
          default => 'sshd',
        $port = '22'
        $protocol = 'tcp'

        # General Settings
        $my_class = ''
        $source = ''
        $source_dir = ''
        $source_dir_purge = ''

        ### General module variables that can have a site or per module default
        $monitor = false
        $monitor_tool = ''
        $monitor_target = $::ipaddress
        $firewall = false
        $firewall_tool = ''
        $firewall_src = ''

                            MANAGE BEHAVIOR
 Rule #4

Enable Auditing:
            class { 'openssh':
              audit_only => true, # Default: false
            No changes to configuration files are actually made and potential changes are

Manage Service Autorestart:
            class { 'openssh':
              service_autorestart => false, # Default: true
            No automatic service restart when a configuration file / dir changes

Manage Software Version:
            class { 'foo':
              version => '1.2.0', # Default: unset
            Specify the package version you want to be installed.
            Set => ‘latest’ to force installation of latest version

                         CUSTOM OPTIONS
 Rule #5

      With templates you can provide an hash of custom options:
            class { 'openssh':
              template => 'site/ssh/sshd.conf.erb',
              options => {
                'LogLevel' => 'INFO',
                'UsePAM'   => 'yes',

      The Hash values can be used in your custom templates:
      - Allow management of any kind of configuration parameter
      - Provide endless configuration values without adding new parameters

      - Works only for parameters used in templates on in custom classes

 Rule #5

      Alternative ways to use the options hash in an erb template:

            Direct but not safe (you must always provide all the used options)
              UsePAM <%= options['UsePAM'] %>

            Failsafe with defaults (verbose but safe)
              <% if scope.lookupvar("openssh::options['UsePAM']") then -%>
              UsePAM <%= options['UsePAM'] %>
              <% else -%>UsePAM no<% end -%>

            Show what you have (useful for config files has defaults for every option)
              <% scope.lookupvar("openssh::options").sort_by {|key, value|
              key}.each do |key, value| -%>
              <%= key %> <%= value %>
              <% end -%>

            The smart way: options_lookup (Use the option value or set a default)
              UsePAM <%= scope.function_options_lookup(['UsePAM',‘no’]) %>

                  CUSTOMIZE: CUSTOM CLASS
 Rule #6

Provide added resources in a Custom Class:
            class { 'openssh':
              my_class => 'site/my_openssh',
            This autoloads: site/manifests/my_openssh.pp

Custom class can stay in your site module:
            class site::my_openssh {
              file { 'motd':
                path       => '/etc/motd',
                content => template('site/openssh/motd.erb'),
            You hardly need to inherit openssh: there are parameters for everything
            Do not call your class site::openssh, naming collisions could happen.

                     EASY DECOMMISSIONING
 Rule #7

Disable openssh service:
            class { 'openssh':
              disable => true

Deactivate openssh service only at boot time:
            class { 'openssh':
              disableboot => true
            Useful when a service is managed by another tool (ie: a cluster suite)

Remove openssh (package and files):
            class { 'openssh':
              absent => true

Monitoring and firewalling resources removal is automatically managed

 Rule #8

Integration with other modules sets and conflicts management is not easy.
      Strategy 1: Provide the option to use the module’s prerequisite resources:
        class { 'logstash':
          install_prerequisites => false, # Default true
        The prerequisites resources for this module are installed automatically BUT can be
        managed by third-party modules
      Strategy 2: Use if ! defined when defining common resources
        if ! defined(Package['git']) {
          package { 'git': ensure => installed }
        Not a definitive solution, but better than nothing.

      Strategy 3: Always define in Modulefile the module’s dependencies
        dependency 'example42/puppi', '>= 2.0.0'

      Strategy 4: Never assume your resource defaults are set for others
        Exec { path => "/bin:/sbin:/usr/bin:/usr/sbin" }

                             EXTEND: MONITOR
 Rule #9

Manage Abstract Automatic Monitoring:
            class { 'openssh':
              monitor      => true,
              monitor_tool => [ 'nagios','puppi','monit' ],
              monitor_target => $::ip_address # Default
Monitoring is based on these parameters defined in params.pp:
              port           =>   '22',
              protocol       =>   'tcp',
              service        =>   'ssh[d]', # According to OS
              process        =>   'sshd',
              process_args   =>   '',
              process_user   =>   'root',
              pid_file       =>   '/var/run/',

Abstraction is managed in the Example42 monitor module
      Here “connectors” for different monitoring tools are defined and can be added (also
      using 3rd party modules).

                           EXTEND: FIREWALL
 Rule #9

Manage Automatic Firewalling (host based):
            class { 'openssh':
              firewall      =>   true,
              firewall_tool =>   'iptables',
              firewall_src =>    '',
              firewall_dst =>    $::ipaddress_eth1, # Default is $::ipaddress

Firewalling is based on these parameters defined in params.pp:
              port         => '22',
              protocol     => 'tcp',

Abstraction is managed in the Example42 firewall module
      Currently only the “iptables” firewall_tool is defined, it uses Example42 iptables module
      to manage local iptables rules

                                 EXTEND: PUPPI
 Rule #10

Manage Puppi Integration:
            class { 'openssh':
              puppi        => true,       # Default: false
              puppi_helper => 'standard', # Default

The Puppi module is a prerequisite for all Example42 modules
      Is required because it provides common libs, widely used in the modules
      BUT the actual puppi integration is optional (and disabled by default)

Puppi integration allows CLI enrichment commands like:
            puppi info openssh
            puppi log openssh
            puppi check openssh
            Note: puppi support for info/log commands for NextGen modules is under

Puppi helpers allow you to customize Puppi behavior

 Example42 Puppet Modules Site:

 GitHub repositories:

 Git Download:
    git clone -r

 Note on GitHub repos:
  puppet-modules-nextgen contains only NextGen
  modules (as git submodules)
  puppet-modules contains both NextGen and older
One more thing...
How to make a NextGen module
   git clone -r
   cd puppet-modules-nextgen
   This script creates a skeleton for a new module based on different Example42 foo module
   templates. Run it from the directory that contains the foo module (moduledir).
   By default it uses the "foo" module as template.
   Specify -t <source_module> to use a different template.
   Example42-tools/ -t foo_webapp

   Source module template is foo
   Enter the name of the new module based on foo:     mynewmodule
 E di t my n ewm o dul e / m an i f e st s/ param s.pp t o m an age di f f e re n t OS

A new, basic, NextGen module based on the foo template is done.
Add features and application specific resources to enrich it

             ad maiora


Weitere ähnliche Inhalte

Was ist angesagt?

Puppet Continuous Integration with PE and GitLab
Puppet Continuous Integration with PE and GitLabPuppet Continuous Integration with PE and GitLab
Puppet Continuous Integration with PE and GitLabAlessandro Franceschi
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...Puppet
Doing It Wrong with Puppet -
Doing It Wrong with Puppet - Doing It Wrong with Puppet -
Doing It Wrong with Puppet - Puppet
Configuration Surgery with Augeas
Configuration Surgery with AugeasConfiguration Surgery with Augeas
Configuration Surgery with AugeasPuppet
Test-Driven Puppet Development - PuppetConf 2014
Test-Driven Puppet Development - PuppetConf 2014Test-Driven Puppet Development - PuppetConf 2014
Test-Driven Puppet Development - PuppetConf 2014Puppet
Puppet for Sys Admins
Puppet for Sys AdminsPuppet for Sys Admins
Puppet for Sys AdminsPuppet
Puppet loves RSpec, why you should, too
Puppet loves RSpec, why you should, tooPuppet loves RSpec, why you should, too
Puppet loves RSpec, why you should, tooDennis Rowe
How to Develop Puppet Modules: From Source to the Forge With Zero Clicks
How to Develop Puppet Modules: From Source to the Forge With Zero ClicksHow to Develop Puppet Modules: From Source to the Forge With Zero Clicks
How to Develop Puppet Modules: From Source to the Forge With Zero ClicksCarlos Sanchez
Replacing "exec" with a type and provider: Return manifests to a declarative ...
Replacing "exec" with a type and provider: Return manifests to a declarative ...Replacing "exec" with a type and provider: Return manifests to a declarative ...
Replacing "exec" with a type and provider: Return manifests to a declarative ...Puppet
Puppet modules: An Holistic Approach
Puppet modules: An Holistic ApproachPuppet modules: An Holistic Approach
Puppet modules: An Holistic ApproachAlessandro Franceschi
PuppetCamp SEA 1 - Puppet Deployment at OnApp
PuppetCamp SEA 1 - Puppet Deployment  at OnAppPuppetCamp SEA 1 - Puppet Deployment  at OnApp
PuppetCamp SEA 1 - Puppet Deployment at OnAppWalter Heck
PuppetCamp SEA 1 - Use of Puppet
PuppetCamp SEA 1 - Use of PuppetPuppetCamp SEA 1 - Use of Puppet
PuppetCamp SEA 1 - Use of PuppetWalter Heck
rake puppetexpert:create - Puppet Camp Silicon Valley 2014
rake puppetexpert:create - Puppet Camp Silicon Valley 2014rake puppetexpert:create - Puppet Camp Silicon Valley 2014
rake puppetexpert:create - Puppet Camp Silicon Valley 2014nvpuppet
Puppet at Opera Sofware - PuppetCamp Oslo 2013
Puppet at Opera Sofware - PuppetCamp Oslo 2013Puppet at Opera Sofware - PuppetCamp Oslo 2013
Puppet at Opera Sofware - PuppetCamp Oslo 2013Cosimo Streppone
DevOps(4) : Ansible(2) - (MOSG)
DevOps(4) : Ansible(2) - (MOSG)DevOps(4) : Ansible(2) - (MOSG)
DevOps(4) : Ansible(2) - (MOSG)Soshi Nemoto

Was ist angesagt? (20)

Puppet: From 0 to 100 in 30 minutes
Puppet: From 0 to 100 in 30 minutesPuppet: From 0 to 100 in 30 minutes
Puppet: From 0 to 100 in 30 minutes
Puppet Continuous Integration with PE and GitLab
Puppet Continuous Integration with PE and GitLabPuppet Continuous Integration with PE and GitLab
Puppet Continuous Integration with PE and GitLab
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Intro to-puppet
Intro to-puppetIntro to-puppet
Intro to-puppet
Doing It Wrong with Puppet -
Doing It Wrong with Puppet - Doing It Wrong with Puppet -
Doing It Wrong with Puppet -
Configuration Surgery with Augeas
Configuration Surgery with AugeasConfiguration Surgery with Augeas
Configuration Surgery with Augeas
Test-Driven Puppet Development - PuppetConf 2014
Test-Driven Puppet Development - PuppetConf 2014Test-Driven Puppet Development - PuppetConf 2014
Test-Driven Puppet Development - PuppetConf 2014
Puppet for Sys Admins
Puppet for Sys AdminsPuppet for Sys Admins
Puppet for Sys Admins
Puppet loves RSpec, why you should, too
Puppet loves RSpec, why you should, tooPuppet loves RSpec, why you should, too
Puppet loves RSpec, why you should, too
How to Develop Puppet Modules: From Source to the Forge With Zero Clicks
How to Develop Puppet Modules: From Source to the Forge With Zero ClicksHow to Develop Puppet Modules: From Source to the Forge With Zero Clicks
How to Develop Puppet Modules: From Source to the Forge With Zero Clicks
Replacing "exec" with a type and provider: Return manifests to a declarative ...
Replacing "exec" with a type and provider: Return manifests to a declarative ...Replacing "exec" with a type and provider: Return manifests to a declarative ...
Replacing "exec" with a type and provider: Return manifests to a declarative ...
Troubleshooting Puppet
Troubleshooting PuppetTroubleshooting Puppet
Troubleshooting Puppet
Puppet modules: An Holistic Approach
Puppet modules: An Holistic ApproachPuppet modules: An Holistic Approach
Puppet modules: An Holistic Approach
PuppetCamp SEA 1 - Puppet Deployment at OnApp
PuppetCamp SEA 1 - Puppet Deployment  at OnAppPuppetCamp SEA 1 - Puppet Deployment  at OnApp
PuppetCamp SEA 1 - Puppet Deployment at OnApp
PuppetCamp SEA 1 - Use of Puppet
PuppetCamp SEA 1 - Use of PuppetPuppetCamp SEA 1 - Use of Puppet
PuppetCamp SEA 1 - Use of Puppet
rake puppetexpert:create - Puppet Camp Silicon Valley 2014
rake puppetexpert:create - Puppet Camp Silicon Valley 2014rake puppetexpert:create - Puppet Camp Silicon Valley 2014
rake puppetexpert:create - Puppet Camp Silicon Valley 2014
Puppet at Opera Sofware - PuppetCamp Oslo 2013
Puppet at Opera Sofware - PuppetCamp Oslo 2013Puppet at Opera Sofware - PuppetCamp Oslo 2013
Puppet at Opera Sofware - PuppetCamp Oslo 2013
DevOps(4) : Ansible(2) - (MOSG)
DevOps(4) : Ansible(2) - (MOSG)DevOps(4) : Ansible(2) - (MOSG)
DevOps(4) : Ansible(2) - (MOSG)
Puppet fundamentals
Puppet fundamentalsPuppet fundamentals
Puppet fundamentals

Andere mochten auch

Configuration management with puppet
Configuration management with puppetConfiguration management with puppet
Configuration management with puppetJakub Stransky
Puppet Camp Berlin 2014: Manageable puppet infrastructure
Puppet Camp Berlin 2014: Manageable puppet infrastructurePuppet Camp Berlin 2014: Manageable puppet infrastructure
Puppet Camp Berlin 2014: Manageable puppet infrastructurePuppet
developing sysadmin, sysadmining developersGuug devops puppet
developing sysadmin, sysadmining developersGuug devops puppetdeveloping sysadmin, sysadmining developersGuug devops puppet
developing sysadmin, sysadmining developersGuug devops puppetMartin Alfke
Puppet Camp Boston 2014: Greenfield Puppet: Getting it right from the start (...
Puppet Camp Boston 2014: Greenfield Puppet: Getting it right from the start (...Puppet Camp Boston 2014: Greenfield Puppet: Getting it right from the start (...
Puppet Camp Boston 2014: Greenfield Puppet: Getting it right from the start (...Puppet
PuppetConf track overview: Puppet Applied
PuppetConf track overview: Puppet AppliedPuppetConf track overview: Puppet Applied
PuppetConf track overview: Puppet AppliedPuppet
Creating a Mature Puppet System
Creating a Mature Puppet SystemCreating a Mature Puppet System
Creating a Mature Puppet SystemPuppet
TEC118 – How Do You Manage the Configuration of Your Environments from Metal ...
TEC118 –How Do You Manage the Configuration of Your Environments from Metal ...TEC118 –How Do You Manage the Configuration of Your Environments from Metal ...
TEC118 – How Do You Manage the Configuration of Your Environments from Metal ...Chris Kernaghan
Achieving Continuous Delivery with Puppet
Achieving Continuous Delivery with PuppetAchieving Continuous Delivery with Puppet
Achieving Continuous Delivery with PuppetDevoteam Revolve
2014-08-19 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Chicago
2014-08-19 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Chicago2014-08-19 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Chicago
2014-08-19 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Chicagogarrett honeycutt
Puppet future parser
Puppet future parserPuppet future parser
Puppet future parserMartin Alfke
Puppet and your Metadata - PuppetCamp London 2015
Puppet and your Metadata - PuppetCamp London 2015Puppet and your Metadata - PuppetCamp London 2015
Puppet and your Metadata - PuppetCamp London 2015Marc Cluet
State of Puppet 2013 - Puppet Camp DC
State of Puppet 2013 - Puppet Camp DCState of Puppet 2013 - Puppet Camp DC
State of Puppet 2013 - Puppet Camp DCPuppet
The site architecture you can edit
The site architecture you can editThe site architecture you can edit
The site architecture you can editOpen Stack
Using hiera with puppet
Using hiera with puppetUsing hiera with puppet
Using hiera with puppetScott Lackey
Puppet and the Model-Driven Infrastructure
Puppet and the Model-Driven InfrastructurePuppet and the Model-Driven Infrastructure
Puppet and the Model-Driven Infrastructurelkanies
Puppet overview
Puppet overviewPuppet overview
Puppet overviewMike_Foto
Introducing Puppet - The faster speed of Automation
Introducing Puppet - The faster speed of AutomationIntroducing Puppet - The faster speed of Automation
Introducing Puppet - The faster speed of AutomationRamit Surana

Andere mochten auch (20)

Configuration management with puppet
Configuration management with puppetConfiguration management with puppet
Configuration management with puppet
Puppet Camp Berlin 2014: Manageable puppet infrastructure
Puppet Camp Berlin 2014: Manageable puppet infrastructurePuppet Camp Berlin 2014: Manageable puppet infrastructure
Puppet Camp Berlin 2014: Manageable puppet infrastructure
Puppet quick start guide
Puppet quick start guidePuppet quick start guide
Puppet quick start guide
developing sysadmin, sysadmining developersGuug devops puppet
developing sysadmin, sysadmining developersGuug devops puppetdeveloping sysadmin, sysadmining developersGuug devops puppet
developing sysadmin, sysadmining developersGuug devops puppet
Puppet Camp Boston 2014: Greenfield Puppet: Getting it right from the start (...
Puppet Camp Boston 2014: Greenfield Puppet: Getting it right from the start (...Puppet Camp Boston 2014: Greenfield Puppet: Getting it right from the start (...
Puppet Camp Boston 2014: Greenfield Puppet: Getting it right from the start (...
PuppetConf track overview: Puppet Applied
PuppetConf track overview: Puppet AppliedPuppetConf track overview: Puppet Applied
PuppetConf track overview: Puppet Applied
Creating a Mature Puppet System
Creating a Mature Puppet SystemCreating a Mature Puppet System
Creating a Mature Puppet System
TEC118 – How Do You Manage the Configuration of Your Environments from Metal ...
TEC118 –How Do You Manage the Configuration of Your Environments from Metal ...TEC118 –How Do You Manage the Configuration of Your Environments from Metal ...
TEC118 – How Do You Manage the Configuration of Your Environments from Metal ...
Achieving Continuous Delivery with Puppet
Achieving Continuous Delivery with PuppetAchieving Continuous Delivery with Puppet
Achieving Continuous Delivery with Puppet
2014-08-19 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Chicago
2014-08-19 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Chicago2014-08-19 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Chicago
2014-08-19 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Chicago
Puppet future parser
Puppet future parserPuppet future parser
Puppet future parser
Puppet and your Metadata - PuppetCamp London 2015
Puppet and your Metadata - PuppetCamp London 2015Puppet and your Metadata - PuppetCamp London 2015
Puppet and your Metadata - PuppetCamp London 2015
State of Puppet 2013 - Puppet Camp DC
State of Puppet 2013 - Puppet Camp DCState of Puppet 2013 - Puppet Camp DC
State of Puppet 2013 - Puppet Camp DC
The site architecture you can edit
The site architecture you can editThe site architecture you can edit
The site architecture you can edit
Using hiera with puppet
Using hiera with puppetUsing hiera with puppet
Using hiera with puppet
Puppet and the Model-Driven Infrastructure
Puppet and the Model-Driven InfrastructurePuppet and the Model-Driven Infrastructure
Puppet and the Model-Driven Infrastructure
Puppet overview
Puppet overviewPuppet overview
Puppet overview
Power of Puppet 4
Power of Puppet 4Power of Puppet 4
Power of Puppet 4
Introducing Puppet - The faster speed of Automation
Introducing Puppet - The faster speed of AutomationIntroducing Puppet - The faster speed of Automation
Introducing Puppet - The faster speed of Automation

Ähnlich wie Puppet modules for Fun and Profit

Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...
Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...
Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...Puppet
Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014Puppet
From Dev to DevOps - Codemotion ES 2012
From Dev to DevOps - Codemotion ES 2012From Dev to DevOps - Codemotion ES 2012
From Dev to DevOps - Codemotion ES 2012Carlos Sanchez
Puppet for Java developers - JavaZone NO 2012
Puppet for Java developers - JavaZone NO 2012Puppet for Java developers - JavaZone NO 2012
Puppet for Java developers - JavaZone NO 2012Carlos Sanchez
Developing IT infrastructures with Puppet
Developing IT infrastructures with PuppetDeveloping IT infrastructures with Puppet
Developing IT infrastructures with PuppetAlessandro Franceschi
From Dev to DevOps - ApacheCON NA 2011
From Dev to DevOps - ApacheCON NA 2011From Dev to DevOps - ApacheCON NA 2011
From Dev to DevOps - ApacheCON NA 2011Carlos Sanchez
Puppet atbazaarvoice
Puppet atbazaarvoicePuppet atbazaarvoice
Puppet atbazaarvoiceDave Barcelo
From Dev to DevOps - FOSDEM 2012
From Dev to DevOps - FOSDEM 2012From Dev to DevOps - FOSDEM 2012
From Dev to DevOps - FOSDEM 2012Carlos Sanchez
Creating "Secure" PHP Applications, Part 1, Explicit Code & QA
Creating "Secure" PHP Applications, Part 1, Explicit Code & QACreating "Secure" PHP Applications, Part 1, Explicit Code & QA
Creating "Secure" PHP Applications, Part 1, Explicit Code & QAarchwisp
Building Testable PHP Applications
Building Testable PHP ApplicationsBuilding Testable PHP Applications
Building Testable PHP Applicationschartjes
modern module development - Ken Barber 2012 Edinburgh Puppet Camp
modern module development - Ken Barber 2012 Edinburgh Puppet Campmodern module development - Ken Barber 2012 Edinburgh Puppet Camp
modern module development - Ken Barber 2012 Edinburgh Puppet CampPuppet
Puppet HackDay/BarCamp New Delhi Exercises
Puppet HackDay/BarCamp New Delhi ExercisesPuppet HackDay/BarCamp New Delhi Exercises
Puppet HackDay/BarCamp New Delhi ExercisesJulie Tsai
Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013grim_radical
EPHPC Webinar Slides: Unit Testing by Arthur Purnama
EPHPC Webinar Slides: Unit Testing by Arthur PurnamaEPHPC Webinar Slides: Unit Testing by Arthur Purnama
EPHPC Webinar Slides: Unit Testing by Arthur PurnamaEnterprise PHP Center
From Dev to DevOps
From Dev to DevOpsFrom Dev to DevOps
From Dev to DevOpsAgile Spain
Advanced symfony Techniques
Advanced symfony TechniquesAdvanced symfony Techniques
Advanced symfony TechniquesKris Wallsmith
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013Carlos Sanchez
Zend Framework 2 - Basic Components
Zend Framework 2  - Basic ComponentsZend Framework 2  - Basic Components
Zend Framework 2 - Basic ComponentsMateusz Tymek

Ähnlich wie Puppet modules for Fun and Profit (20)

Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...
Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...
Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...
Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014
From Dev to DevOps - Codemotion ES 2012
From Dev to DevOps - Codemotion ES 2012From Dev to DevOps - Codemotion ES 2012
From Dev to DevOps - Codemotion ES 2012
Puppet for Java developers - JavaZone NO 2012
Puppet for Java developers - JavaZone NO 2012Puppet for Java developers - JavaZone NO 2012
Puppet for Java developers - JavaZone NO 2012
Developing IT infrastructures with Puppet
Developing IT infrastructures with PuppetDeveloping IT infrastructures with Puppet
Developing IT infrastructures with Puppet
From Dev to DevOps - ApacheCON NA 2011
From Dev to DevOps - ApacheCON NA 2011From Dev to DevOps - ApacheCON NA 2011
From Dev to DevOps - ApacheCON NA 2011
Puppet atbazaarvoice
Puppet atbazaarvoicePuppet atbazaarvoice
Puppet atbazaarvoice
From Dev to DevOps - FOSDEM 2012
From Dev to DevOps - FOSDEM 2012From Dev to DevOps - FOSDEM 2012
From Dev to DevOps - FOSDEM 2012
Creating "Secure" PHP Applications, Part 1, Explicit Code & QA
Creating "Secure" PHP Applications, Part 1, Explicit Code & QACreating "Secure" PHP Applications, Part 1, Explicit Code & QA
Creating "Secure" PHP Applications, Part 1, Explicit Code & QA
Building Testable PHP Applications
Building Testable PHP ApplicationsBuilding Testable PHP Applications
Building Testable PHP Applications
modern module development - Ken Barber 2012 Edinburgh Puppet Camp
modern module development - Ken Barber 2012 Edinburgh Puppet Campmodern module development - Ken Barber 2012 Edinburgh Puppet Camp
modern module development - Ken Barber 2012 Edinburgh Puppet Camp
Puppet HackDay/BarCamp New Delhi Exercises
Puppet HackDay/BarCamp New Delhi ExercisesPuppet HackDay/BarCamp New Delhi Exercises
Puppet HackDay/BarCamp New Delhi Exercises
Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013
EPHPC Webinar Slides: Unit Testing by Arthur Purnama
EPHPC Webinar Slides: Unit Testing by Arthur PurnamaEPHPC Webinar Slides: Unit Testing by Arthur Purnama
EPHPC Webinar Slides: Unit Testing by Arthur Purnama
From Dev to DevOps
From Dev to DevOpsFrom Dev to DevOps
From Dev to DevOps
Advanced symfony Techniques
Advanced symfony TechniquesAdvanced symfony Techniques
Advanced symfony Techniques
Vagrant for real
Vagrant for realVagrant for real
Vagrant for real
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Feeds drupal cafe
Feeds drupal cafeFeeds drupal cafe
Feeds drupal cafe
Zend Framework 2 - Basic Components
Zend Framework 2  - Basic ComponentsZend Framework 2  - Basic Components
Zend Framework 2 - Basic Components

Mehr von Alessandro Franceschi

Mehr von Alessandro Franceschi (11)

Strategies for Puppet code upgrade and refactoring
Strategies for Puppet code upgrade and refactoringStrategies for Puppet code upgrade and refactoring
Strategies for Puppet code upgrade and refactoring
DevOps - Evoluzione della specie - DevOps Heroes.pdf
DevOps - Evoluzione della specie - DevOps Heroes.pdfDevOps - Evoluzione della specie - DevOps Heroes.pdf
DevOps - Evoluzione della specie - DevOps Heroes.pdf
Tiny Puppet Can Install Everything. Prove me wrong!
Tiny Puppet Can Install Everything. Prove me wrong!Tiny Puppet Can Install Everything. Prove me wrong!
Tiny Puppet Can Install Everything. Prove me wrong!
ReUse Your (Puppet) Modules!
ReUse Your (Puppet) Modules!ReUse Your (Puppet) Modules!
ReUse Your (Puppet) Modules!
Ten years of [Puppet] installations. What now?
Ten years of [Puppet] installations. What now?Ten years of [Puppet] installations. What now?
Ten years of [Puppet] installations. What now?
Puppet Systems Infrastructure Construction Kit
Puppet Systems Infrastructure Construction KitPuppet Systems Infrastructure Construction Kit
Puppet Systems Infrastructure Construction Kit
Tp install anything
Tp install anythingTp install anything
Tp install anything
Puppet evolutions
Puppet evolutionsPuppet evolutions
Puppet evolutions
Raise the bar! Reloaded
Raise the bar! ReloadedRaise the bar! Reloaded
Raise the bar! Reloaded
Raise the bar!
Raise the bar!Raise the bar!
Raise the bar!
Spaghetti devops
Spaghetti devopsSpaghetti devops
Spaghetti devops

Kürzlich hochgeladen

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dashnarutouzumaki53779
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays

Kürzlich hochgeladen (20)

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dash
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack

Puppet modules for Fun and Profit

  • 1. PUPPET MODULES FOR FUN AND PROFIT Puppet Conf San Francisco 2012 Alessandro Franceschi Lab42 / GrandSla
  • 2. PUPPET @ Lab 42 2007 - Meet Puppet. Managed the Bank of Italy webfarm 2008 - First generation of Lab42 Puppet Modules 2009 - Multi OS support and standardization 2010 - A redesigned and coherent Example42 Module set Puppet Modules Standards and Interoperability (PuppetCamp 2010 - Belgium) Re-Use your Modules! (PuppetCamp 2010 - San Francisco) 2011 - Introducing Puppi Puppi: Puppet strings to the shell (PuppetCamp Europe 2011 - Amsterdam) 2012 - Example42 Next Gen modules - GrandSla: Puppet driven Infrastructure and Support Developing IT Infrastructures with Puppet (CodeMotion 2012 - Rome) A Holistic approach to Puppet modules (PuppetCamp Dublin and Geneva 2012) “Job Driven” modules development
  • 3. MODULES PATTERNS... Data Separation Configuration data is defined outside the module (or even Puppet manifests) Module’s behavior is managed via APIs Allow module’s extension and override via external data Reusability Customize behavior without changing module code Do not force author’s idea on how configurations should be provided Support different OS. Easily allow new additions Standardization Follow PuppetLabs style guidelines (puppet-lint) Have coherent, predictable and intuitive interfaces Provide contextual documentation (puppet-doc) Interoperability Limit cross-module dependencies Allow easy modules’ cherry picking Be self contained, do not interfere with other modules’ resources
  • 4. ... AND ANTI-PATTERNS Data Mixed with Logic Configuration data mixed inside the module’s logic Module’s behavior defined in many different places Module’s logic is rigid and can’t be defined externally Works for me (here and now) Module just works for the current setup Can’t easily be re-used in other places for other projects Works just for the currently used OSes Code chaos No layout rules, no standard style Not standardized and predictable parameters Who said “documentation”? Interoperability Who cares. Basically whatever is quick and dirty... but is this really an anti-pattern?* *(IMHO, yes)
  • 5. Example42 modules: 10 design rules Rule 1 - Provide alternatives for Data Separation Rule 2 - Provide choice on Configuration Files supply Rule 3 - Configure everything but provide OS defaults. Rule 4 - Allow management of general module’s behavior Rule 5 - Allow Custom Options for endless parameters Rule 6 - Permit easy extension with custom classes Rule 7 - Offer easy removal of the module’s resources Rule 8 - Limit cross-dependencies. Prerequisites as options. Rule 9 - Automatically monitor and firewall resources Rule 10 - Puppi integration: Puppet knowledge to the CLI
  • 6. Example42 DATA SEPARATION ALTERNATIVES Rule #1 Set (Top Scope/External Node Classifier) variables and include classes: $::openssh_template = 'site/openssh/openssh.conf.erb' include openssh Use Hiera: hiera('openssh_template') include openssh Use Parametrized Classes: class { 'openssh':   template => 'site/openssh/openssh.conf.erb', } Happily mix different patterns: $::monitor = true $::monitor_tool = [ 'nagios' , 'munin' , 'puppi' ] class { 'openssh':   template => 'site/openssh/openssh.conf.erb', }
  • 7. Example42 PARAMS_LOOKUP EVERYWHERE Rule #1 Each parameter is processed by the params_lookup function class openssh ( [...] # openssh module specific parameters ...   $my_class = params_lookup( 'my_class' ),   $source = params_lookup( 'source' ),   $source_dir = params_lookup( 'source_dir' ),   $source_dir_purge = params_lookup( 'source_dir_purge' ),   $template = params_lookup( 'template' ),   $service_autorestart = params_lookup( 'service_autorestart' , 'global' ),   $options = params_lookup( 'options' ),   $version = params_lookup( 'version' ),   $absent = params_lookup( 'absent' ),   $disable = params_lookup( 'disable' ),   $disableboot = params_lookup( 'disableboot' ),   $monitor = params_lookup( 'monitor' , 'global' ),   $monitor_tool = params_lookup( 'monitor_tool' , 'global' ),   $monitor_target = params_lookup( 'monitor_target' , 'global' ), [...] # Other common parameters   ) inherits openssh::params { [...] } Flexibility on booleans: they are sanitized by the any2bool function   You set: $absent => “yes” # (or “1”, ‘Y’, “true”, true ...) The module internally uses:   $bool_absent = any2bool($absent)
  • 8. Example42 PARAMS LOOKUP ORDER Rule #1 The function params_lookup is provided by the Puppi module It allows data to be defined in different ways: Via Hiera, if available As Top Scope variable (as provided by External Node Classifiers) Via defaults set in the module’s params class The “global” argument is used to define site_wide behavior # If there’s a direct param that’s the value class { ‘openssh’: monitor => true } # Otherwise, If Hiera is available: hiera(“monitor”) # If global lookup is set hiera(“openssh_monitor”) # A specific value overrides the global one # If variable is still not evaluated, Top Scope is looked up: $::monitor # If global lookup is set $::openssh_monitor # If present, overrides $::monitor # Module’s params are used as last option defaults: $openssh::params::monitor
  • 9. Example42 CUSTOMIZE: CONFIGURATION FILE Rule #2 Provide Main Configuration as a static file ... class { 'openssh':   source => 'puppet:///modules/site/ssh/sshd.conf' } ... an array of files looked up on a first match logic ... class { 'openssh':   source => [ "puppet:///modules/site/ssh/sshd.conf-${fqdn}",               "puppet:///modules/site/ssh/openssh.conf"], } ... or an erb template: class { 'openssh':   template => 'site/ssh/sshd.conf.erb', } Config File Path is defined in params.pp (can be overriden): config_file => '/etc/ssh/sshd_config',
  • 10. Example42 CUSTOMIZE: CONFIGURATION DIR Rule #2 You can manage the whole Configuration Directory: class { 'openssh':   source_dir => 'puppet:///modules/site/ssh/sshd/', } This copies all the files in lab42/files/ssh/sshd/* to local config_dir You can purge any existing file on the destination config_dir which are not present on the source_dir path: class { 'openssh':   source_dir => 'puppet:///modules/site/ssh/sshd/',   source_dir_purge => true, # default is false } WARNING: Use with care Config Dir Path is defined in params.pp (can be overriden):   config_dir => '/etc/ssh',
  • 11. Example42 CUSTOMIZE: PATHS AND NAMES Rule #3 Customize Application Parameters. An example: Use the puppet module to manage pe-puppet! class { 'puppet':   template => 'lab42/pe-puppet/puppet.conf.erb',   package => 'pe-puppet',   service => 'pe-puppet',   service_status => true,   config_file => '/etc/puppetlabs/puppet/puppet.conf',   config_file_owner => 'root',   config_file_group => 'root',   config_file_init => '/etc/sysconfig/pe-puppet',   process => 'ruby',   process_args => 'puppet',   process_user => 'root',   config_dir => '/etc/puppetlabs/puppet/',   pid_file => '/var/run/pe-puppet/',   log_file => '/var/log/pe-puppet/puppet.log',   log_dir => '/var/log/pe-puppet', }
  • 12. Example42 DEFAULTS IN PARAMS.PP Rule #3 Each module has a params class with defaults for different OS class openssh::params { ### Application related parameters   $package = $::operatingsystem ? {     default => 'openssh-server',   }   $service = $::operatingsystem ? {     /(?i:Debian|Ubuntu|Mint)/ => 'ssh',     default => 'sshd',   }   $process = $::operatingsystem ? {     default => 'sshd',   } [...] $port = '22'   $protocol = 'tcp' # General Settings   $my_class = ''   $source = ''   $source_dir = ''   $source_dir_purge = '' [...] ### General module variables that can have a site or per module default   $monitor = false   $monitor_tool = ''   $monitor_target = $::ipaddress   $firewall = false   $firewall_tool = ''   $firewall_src = '' [...]
  • 13. Example42 MANAGE BEHAVIOR Rule #4 Enable Auditing: class { 'openssh':   audit_only => true, # Default: false } No changes to configuration files are actually made and potential changes are audited Manage Service Autorestart: class { 'openssh':   service_autorestart => false, # Default: true } No automatic service restart when a configuration file / dir changes Manage Software Version: class { 'foo':   version => '1.2.0', # Default: unset } Specify the package version you want to be installed. Set => ‘latest’ to force installation of latest version
  • 14. Example42 CUSTOM OPTIONS Rule #5 With templates you can provide an hash of custom options: class { 'openssh':   template => 'site/ssh/sshd.conf.erb',   options => {     'LogLevel' => 'INFO',     'UsePAM' => 'yes',   }, } The Hash values can be used in your custom templates: - Allow management of any kind of configuration parameter - Provide endless configuration values without adding new parameters - Works only for parameters used in templates on in custom classes
  • 15. Example42 CUSTOM OPTIONS IN TEMPLATES Rule #5 Alternative ways to use the options hash in an erb template: Direct but not safe (you must always provide all the used options) UsePAM <%= options['UsePAM'] %> Failsafe with defaults (verbose but safe) <% if scope.lookupvar("openssh::options['UsePAM']") then -%> UsePAM <%= options['UsePAM'] %> <% else -%>UsePAM no<% end -%> Show what you have (useful for config files has defaults for every option) <% scope.lookupvar("openssh::options").sort_by {|key, value| key}.each do |key, value| -%> <%= key %> <%= value %> <% end -%> The smart way: options_lookup (Use the option value or set a default) UsePAM <%= scope.function_options_lookup(['UsePAM',‘no’]) %>
  • 16. Example42 CUSTOMIZE: CUSTOM CLASS Rule #6 Provide added resources in a Custom Class: class { 'openssh':   my_class => 'site/my_openssh', } This autoloads: site/manifests/my_openssh.pp Custom class can stay in your site module: class site::my_openssh {   file { 'motd':     path => '/etc/motd',     content => template('site/openssh/motd.erb'),   } } You hardly need to inherit openssh: there are parameters for everything Do not call your class site::openssh, naming collisions could happen.
  • 17. Example42 EASY DECOMMISSIONING Rule #7 Disable openssh service: class { 'openssh':   disable => true } Deactivate openssh service only at boot time: class { 'openssh':   disableboot => true } Useful when a service is managed by another tool (ie: a cluster suite) Remove openssh (package and files): class { 'openssh':   absent => true } Monitoring and firewalling resources removal is automatically managed
  • 18. Example42 CROSS-MODULE INTEGRATIONS Rule #8 Integration with other modules sets and conflicts management is not easy. Strategy 1: Provide the option to use the module’s prerequisite resources: class { 'logstash':   install_prerequisites => false, # Default true } The prerequisites resources for this module are installed automatically BUT can be managed by third-party modules Strategy 2: Use if ! defined when defining common resources if ! defined(Package['git']) {   package { 'git': ensure => installed } } Not a definitive solution, but better than nothing. Strategy 3: Always define in Modulefile the module’s dependencies dependency 'example42/puppi', '>= 2.0.0' Strategy 4: Never assume your resource defaults are set for others Exec { path => "/bin:/sbin:/usr/bin:/usr/sbin" }
  • 19. Example42 EXTEND: MONITOR Rule #9 Manage Abstract Automatic Monitoring: class { 'openssh':   monitor => true,   monitor_tool => [ 'nagios','puppi','monit' ],   monitor_target => $::ip_address # Default } Monitoring is based on these parameters defined in params.pp:   port => '22',   protocol => 'tcp',   service => 'ssh[d]', # According to OS   process => 'sshd',   process_args => '',   process_user => 'root',   pid_file => '/var/run/', Abstraction is managed in the Example42 monitor module Here “connectors” for different monitoring tools are defined and can be added (also using 3rd party modules).
  • 20. Example42 EXTEND: FIREWALL Rule #9 Manage Automatic Firewalling (host based): class { 'openssh':   firewall => true,   firewall_tool => 'iptables',   firewall_src => '',   firewall_dst => $::ipaddress_eth1, # Default is $::ipaddress } Firewalling is based on these parameters defined in params.pp:   port => '22',   protocol => 'tcp', Abstraction is managed in the Example42 firewall module Currently only the “iptables” firewall_tool is defined, it uses Example42 iptables module to manage local iptables rules
  • 21. Example42 EXTEND: PUPPI Rule #10 Manage Puppi Integration: class { 'openssh':   puppi => true, # Default: false   puppi_helper => 'standard', # Default } The Puppi module is a prerequisite for all Example42 modules Is required because it provides common libs, widely used in the modules BUT the actual puppi integration is optional (and disabled by default) Puppi integration allows CLI enrichment commands like: puppi info openssh puppi log openssh puppi check openssh Note: puppi support for info/log commands for NextGen modules is under development Puppi helpers allow you to customize Puppi behavior
  • 22. DOWNLOAD Example42 Puppet Modules Site: GitHub repositories: Git Download: git clone -r example42/puppet-modules-nextgen Note on GitHub repos: puppet-modules-nextgen contains only NextGen modules (as git submodules) puppet-modules contains both NextGen and older modules
  • 23. One more thing... How to make a NextGen module git clone -r cd puppet-modules-nextgen Example42-tools/ This script creates a skeleton for a new module based on different Example42 foo module templates. Run it from the directory that contains the foo module (moduledir). By default it uses the "foo" module as template. Specify -t <source_module> to use a different template. Example: Example42-tools/ -t foo_webapp Source module template is foo Enter the name of the new module based on foo: mynewmodule E di t my n ewm o dul e / m an i f e st s/ param s.pp t o m an age di f f e re n t OS A new, basic, NextGen module based on the foo template is done. Add features and application specific resources to enrich it
  • 24. Graphics: ad maiora Questions? @alvagante