3. CONFERENCE
PUPPETCONF WRAP-UP
▸ training
▸ experience
▸ user sessions
▸ unit testing
▸ types & providers
▸ best practices / patterns
▸ Puppet on Windows
▸ PuppetConf 2017
7. WHY RAZOR?
▸Synergy with Configuration Management
▸Bare-metal & Virtual
▸Deployment of multiple OS
▸Hand off to Puppet
▸RESTful API
▸Consistent Minimal OS install
▸Capability to redeploy on demand
▸pe_razor (ships with Puppet Enterprise!)
8. SETUP
RAZOR REQUIREMENTS
▸A DHCP/DNS/TFTP service with SELinux configured to enable PXE boot
▸iPXE Software
▸undionly.kpxe file from the iPXE open source software stack
▸Razor specific bootstrap.ipxe script
▸Razor Client (pe-razor-client ruby gem)
▸Puppet Enterprise
▸The Razor Server
▸bootstrap.ipxe
9. PREREQUISITES
- DNSMASQ FOR DHCP, DNS, TFTP
- UNDIONLY.KPXE
- PE-RAZOR-CLIENT
Setup via Vagrantfile shell provisioner
14. WORKFLOW
HOW RAZOR WORKS
▸Repositories
▸Repositories contain – or point to – the operating system to install on a node
razor create-repo --name centos6
--task centos
--iso-url “http://archive.kernel.org/centos-
vault/6.6/isos/x86_64/CentOS-6.6-x86_64-minimal.iso”
extracts to /opt/puppetlabs/server/data/razor-server/repo/centos6
15. WORKFLOW
HOW RAZOR WORKS
▸Tags (Optional)
▸Tags let you group nodes based on their characteristics
▸Apply policies based on tags to install appropriate operating systems on tagged
nodes
▸If you don’t specify tags for a policy, the policy binds to any node
razor create-tag --name centos6 --rule '["has_macaddress",
"08:00:27:41:1f:6f"]'
16. WORKFLOW
HOW RAZOR WORKS
▸Policies
▸Tell Razor what OS to install on the provisioned node
▸Where to get the OS software
▸How it should be configured
▸How to communicate between the node and PE
razor create-policy --name centos6
--repo centos6
--task centos
--broker pe
--enabled
--hostname ‘apache${id}.stlpug.com'
--root-password secret
--tag centos6
17. WORKFLOW
HOW RAZOR WORKS
▸Broker (Optional)
▸Brokers hand off nodes to configuration management systems like PE
razor create-broker --name pe --broker-type puppet-pe
--configuration server=puppetmaster.stlpug.com
razor create-broker --name=noop --broker-type=noop
29. ADVANCED
RAZOR HOOKS
▸Trigger invocation of scripts during certain events in a node’s lifecycle
▸node-registered: triggered after a node has been registered
▸node-bound-to-policy: triggered after a node has been bound to a policy
▸node-unbound-from-policy: triggered after a node has been marked as uninstalled by the reinstall-node
command
▸node-deleted: triggered after a node has been deleted.
▸node-booted: triggered every time a node boots via iPXE.
▸node-facts-changed: triggered whenever a node changes its facts.
▸node-install-finished: triggered when a policy finishes its last step.
30. ADVANCED
RAZOR HOOKS
▸Scripts must exist on disk
▸Executable scripts named after their triggering event
▸Scripts receive input including node info
31.
32. REFERENCES
▸Razor Workflow Slides 9 - 16
▸Slides borrowed from May 2015 Austin PUG
▸https://github.com/stlpug/pe-vagrant/tree/razor
▸https://puppet.com/product/capabilities/automated-provisioning
▸https://github.com/puppetlabs/razor-server/wiki
▸https://docs.puppet.com/pe/latest/razor_using.html
▸https://github.com/npwalker/pe-razor-vagrant-stack
Editor's Notes
Synergy w/config mgmt
use of facter
hardware facts & metadata are sent by microkernel provided by Razor
think UCS profiles
think virtual fact (true or false)
Bare-metal
Oracle
ESXi deployments
RESTful API
Anything I can do with the CLI, we can do with the API
pe-razor-client ruby gem
Minimal OS
point here is removal of template deployments
removes care and feeding of templates
Hand off to Puppet handled same way across systems. Razor knows how to do inherently
Windows (we currently use SCCM)
Linux (manual deployment of puppet agent)
Razor standardizes process for each os deployment type
Redeploy on demand
current deployment orchestration isn’t repeatable
one and done kind of thing
with Razor, we get this for free
DNSMASQ for DHCP/DNS/TFTP
undionly download from Internets
razor client ruby gem (pe-razor-client). Can be installed anywhere
RBAC capability
Razor Server
installed with pe_razor class
dnsmasq setup on razor server via shell inline within Vagrantfile
undionly downloaded from Internets and placed in TFTP directory
pe-razor-client ruby gem installed via shell inline
Puppet Module Opportunity (pe_razor_complete)
iptables (not shown in screenshot) to enable ipforward on the razor server which becomes default gateway for razor nodes
The Razor Server w/parameter overrides
Razor-specific bootstrap.ipxe script
Razor-specific bootstrap.ipxe script
Razor-specific bootstrap.ipxe script
Discovery:
microkernel sending facts to Razor server to match tags pinned to a policy
Task:
The OS type to deploy on machine
RedHat / CentOS to use kickstart
Ubuntu to use preseed
Windows unattend.xml installation
Broker:
handoff to Puppet
Discovery:
microkernel sending facts to Razor server to match tags pinned to a policy
Task:
The OS type to deploy on machine
RedHat / CentOS to use kickstart
Ubuntu to use preseed
Windows unattend.xml installation
Broker:
handoff to Puppet
Discovery:
microkernel sending facts to Razor server to match tags pinned to a policy
Task:
The OS type to deploy on machine
RedHat / CentOS to use kickstart
Ubuntu to use preseed
Windows unattend.xml installation
Broker:
handoff to Puppet
Discovery:
microkernel sending facts to Razor server to match tags pinned to a policy
Task:
The OS type to deploy on machine
RedHat / CentOS to use kickstart
Ubuntu to use preseed
Windows unattend.xml installation
Broker:
handoff to Puppet
Discovery:
microkernel sending facts to Razor server to match tags pinned to a policy
Task:
The OS type to deploy on machine
RedHat / CentOS to use kickstart
Ubuntu to use preseed
Windows unattend.xml installation
Broker:
handoff to Puppet
show razor commands
razor policies - talk about order of precedence based on rules configured within tags that have been applied to listed policies
razor commands
razor nodes (subcommands to show facts, etc)
razor tasks (shows built-in / out of the box tasks)
razor tags