Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
High Availability
for Puppet
Russ Mull - @mullr
Senior Software Engineer
Zack Smith - @acidprime
Principal Professional Se...
Puppet Services related to High Availability
The important bits of Puppet to make highly available
Enterprise Readiness: High Availability
Auto scaling
Active/ Active
Robust Backup
and Restore
tooling
Disaster recovery
in...
High Availability for Puppet - Puppetconf 2016
Building a new catalog
Classification, Exported Records, Hiera Data and pup...
High Availability for Puppet - Puppetconf 2016
Two of Everything!
don’t forget about your external services like git, ldap...
Lets start with the basics
Certificate Authority Files
Puppets SSL implementation
7
High Availability for Puppet - Puppetconf 2016
Puppet CA Replication Components
CA private key and cert
Signed Directory
S...
High Availability for Puppet - Puppetconf 2016
CA Private key
ca
If you don’t care about revocation (security/revocation) ...
High Availability for Puppet - Puppetconf 2016
Signed Directory
signed
Used when checking for duplicate CN ( certs with th...
High Availability for Puppet - Puppetconf 2016
Serial file
Tracking the next numeric serial to be issued to new agent
11
s...
High Availability for Puppet - Puppetconf 2016
Certificate Revocation List
Tracking revoked certificates
12
crl.pem
ca
dec...
High Availability for Puppet - Puppetconf 2016
Simply copy your ssldir ahead of the second installation
13
$ssldir
scp -r
...
PostgreSQL Replication
Database level synchronization
14
High Availability for Puppet - Puppetconf 2016
Streaming Replication
This happens as the postgres database layer
15
Postgr...
High Availability for Puppet - Puppetconf 2016
Split Reads and writes
Can survive temporary failures of the write master
1...
High Availability for Puppet - Puppetconf 2016
Promote Standby to Writable
This happens as the postgres database layer
17
...
Multi master PuppetDB Beta
Puppet Enterprise Only
18
High Availability for Puppet - Puppetconf 2016
Master side Failover
This is know as “terminus” failover as its handled in ...
High Availability for Puppet - Puppetconf 2016
Command Broadcast
command_broadcast = true in puppetdb.conf
20
PuppetDBPDB
...
High Availability for Puppet - Puppetconf 2016
PuppetDB Replication Reconciliation
Reconciliation happens on an interval
2...
Puppet Enterprise HA
Coming soon…
22
High Availability for Puppet - Puppetconf 2016
Simple HA
Monolithic master + Replica
23
P Primary R Replica
High Availability for Puppet - Puppetconf 2016
Large Environment Installation
Monolithic master + Compile masters + Replic...
High Availability for Puppet - Puppetconf 2016
New: Agent Side Failover!
Shipping in Puppet 4.6 and higher, PE 2016.4+
25
...
High Availability for Puppet - Puppetconf 2016
Use Cases
● Puppet runs keep working
● Promote replica to master
26
When ma...
High Availability for Puppet - Puppetconf 2016
When the master is unreachable
● Run puppet
● Promote replica to master
27
...
Provisioning Replica
(monitoring replication)
28
High Availability for Puppet - Puppetconf 2016
Command Line Interface
29
puppet infra provision replica <hostname>
replica...
High Availability for Puppet - Puppetconf 2016
1. Provision Replica
30
puppet infra provision replica <hostname>
replica.m...
High Availability for Puppet - Puppetconf 2016
2. Monitor status of replication
31
puppet infra status
> Per-service ‘aler...
High Availability for Puppet - Puppetconf 2016
3. Enable replica
32
puppet infra enable replica
replica.mycorp.net
Replica Services
Services on a provisioned replica
33
High Availability for Puppet - Puppetconf 2016
What’s a replica?
● Compile Master
● PuppetDB (r/w)
● RBAC, classifier, act...
File Sync Replication
Replicate Code Directory and Certificate Authority Data
35
High Availability for Puppet - Puppetconf 2016
File Sync - Compile Masters
M
Master of Masters
MOM
Compile Master
COMC
Com...
High Availability for Puppet - Puppetconf 2016
File Sync - CA Replica data
Primary Master Replica Master
R ReplicaP Primar...
High Availability for Puppet - Puppetconf 2016
Puppet Enterprise CA Proxy
Primary Master Replica Master
R ReplicaP Primary...
Database Replication
Replicate the data used in your PE deployment
39
High Availability for Puppet - Puppetconf 2016
PGLogical Replication
PostgreSQL
RBAC
NC
Classifier
5432
5432
PostgreSQL
RB...
High Availability for Puppet - Puppetconf 2016
PE HA - Replication
PuppetDB
PuppetDBPDB PuppetDBPDB
PostgreSQL
PostgreSQL
...
High Availability for Puppet - Puppetconf 2016
Puppet Enterprise HA - Beta Signup
Interested in what you heard?
Please sig...
High Availability for Puppet - Puppetconf 2016
43
https://goo.gl/Z85HLS
PE HA Beta Signup
Support
Knowledge base
Z 8 5 H L...
PuppetConf 2016: High Availability for Puppet – Russ Mull & Zack Smith, Puppet
Nächste SlideShare
Wird geladen in …5
×

PuppetConf 2016: High Availability for Puppet – Russ Mull & Zack Smith, Puppet

401 Aufrufe

Veröffentlicht am

Here are the slides from Russ Mull and Zack Smith's presentation High Availability for Puppet. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa

Veröffentlicht in: Technologie
  • DOWNLOAD FULL BOOKS INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier

PuppetConf 2016: High Availability for Puppet – Russ Mull & Zack Smith, Puppet

  1. 1. High Availability for Puppet Russ Mull - @mullr Senior Software Engineer Zack Smith - @acidprime Principal Professional Services Engineer
  2. 2. Puppet Services related to High Availability The important bits of Puppet to make highly available
  3. 3. Enterprise Readiness: High Availability Auto scaling Active/ Active Robust Backup and Restore tooling Disaster recovery in Multi datacenter/ Geo diverse environments Eliminate Single Points of Failure Building capabilities that matter Puppet Runs continue
  4. 4. High Availability for Puppet - Puppetconf 2016 Building a new catalog Classification, Exported Records, Hiera Data and puppet code being synced from version control 4 run Puppet Code Classifier
  5. 5. High Availability for Puppet - Puppetconf 2016 Two of Everything! don’t forget about your external services like git, ldap etc 5 Cl Pup Classifier Pup Classifier Balancer “Load” check check backup
  6. 6. Lets start with the basics
  7. 7. Certificate Authority Files Puppets SSL implementation 7
  8. 8. High Availability for Puppet - Puppetconf 2016 Puppet CA Replication Components CA private key and cert Signed Directory Serial file Certificate Revocation List (CRL) 8 serial 3E8 crl.pem signed 101 ca_crt
  9. 9. High Availability for Puppet - Puppetconf 2016 CA Private key ca If you don’t care about revocation (security/revocation) this is the only file needed to replicate 9 ca_key.pem ssl ca_crt.pem
  10. 10. High Availability for Puppet - Puppetconf 2016 Signed Directory signed Used when checking for duplicate CN ( certs with the same name) 10 host1.company.com.pem ca
  11. 11. High Availability for Puppet - Puppetconf 2016 Serial file Tracking the next numeric serial to be issued to new agent 11 serial ca 3E8 decimal: 1000 decimal: 1001 3E9
  12. 12. High Availability for Puppet - Puppetconf 2016 Certificate Revocation List Tracking revoked certificates 12 crl.pem ca decimal: 1000 decimal: 1001 1000 1001 serial 3E9
  13. 13. High Availability for Puppet - Puppetconf 2016 Simply copy your ssldir ahead of the second installation 13 $ssldir scp -r $ssldir installer CA When using old versions of PE delete the pe-internal* certs post transfer , pre install DR site 1. 2.
  14. 14. PostgreSQL Replication Database level synchronization 14
  15. 15. High Availability for Puppet - Puppetconf 2016 Streaming Replication This happens as the postgres database layer 15 PostgreSQL PostgreSQL PuppetDBPDB PuppetDBPDB 22 Read (Standby)Write 5432 write ahead logs R W1 2 16MB
  16. 16. High Availability for Puppet - Puppetconf 2016 Split Reads and writes Can survive temporary failures of the write master 16 PostgreSQL PostgreSQL PuppetDBPDB Read (Standby)Write 5432 W R WWW queue
  17. 17. High Availability for Puppet - Puppetconf 2016 Promote Standby to Writable This happens as the postgres database layer 17 PostgreSQL Write Read (standby) PostgreSQL PostgreSQL Write 5432 PostgreSQL Read (standby) 5432
  18. 18. Multi master PuppetDB Beta Puppet Enterprise Only 18
  19. 19. High Availability for Puppet - Puppetconf 2016 Master side Failover This is know as “terminus” failover as its handled in the puppetdb terminus package code 19 PuppetDBPDB [main] server_urls = https://primary:8081, https://replica:8081 Primary PuppetDBPDB Replica1 2
  20. 20. High Availability for Puppet - Puppetconf 2016 Command Broadcast command_broadcast = true in puppetdb.conf 20 PuppetDBPDB PuppetDBPDB
  21. 21. High Availability for Puppet - Puppetconf 2016 PuppetDB Replication Reconciliation Reconciliation happens on an interval 21 PostgreSQL 8081 Write PostgreSQL PuppetDBPDB Write PuppetDBPDB Sync Interval
  22. 22. Puppet Enterprise HA Coming soon… 22
  23. 23. High Availability for Puppet - Puppetconf 2016 Simple HA Monolithic master + Replica 23 P Primary R Replica
  24. 24. High Availability for Puppet - Puppetconf 2016 Large Environment Installation Monolithic master + Compile masters + Replica 24 R Replica Balancer Load P Primary Balancer Load
  25. 25. High Availability for Puppet - Puppetconf 2016 New: Agent Side Failover! Shipping in Puppet 4.6 and higher, PE 2016.4+ 25 Primary Replica 1 2
  26. 26. High Availability for Puppet - Puppetconf 2016 Use Cases ● Puppet runs keep working ● Promote replica to master 26 When master is unreachable
  27. 27. High Availability for Puppet - Puppetconf 2016 When the master is unreachable ● Run puppet ● Promote replica to master 27 You can: You can’t ● Change classification ● Deploy new puppet code ● Issue new certs ● Use the Puppet Enterprise Console ● Use Application Orchestrator
  28. 28. Provisioning Replica (monitoring replication) 28
  29. 29. High Availability for Puppet - Puppetconf 2016 Command Line Interface 29 puppet infra provision replica <hostname> replica.mycorp.net puppet infra enable replica replica.mycorp.net puppet infra status . . .
  30. 30. High Availability for Puppet - Puppetconf 2016 1. Provision Replica 30 puppet infra provision replica <hostname> replica.mycorp.net
  31. 31. High Availability for Puppet - Puppetconf 2016 2. Monitor status of replication 31 puppet infra status > Per-service ‘alerts’ > Visible in the UI as well
  32. 32. High Availability for Puppet - Puppetconf 2016 3. Enable replica 32 puppet infra enable replica replica.mycorp.net
  33. 33. Replica Services Services on a provisioned replica 33
  34. 34. High Availability for Puppet - Puppetconf 2016 What’s a replica? ● Compile Master ● PuppetDB (r/w) ● RBAC, classifier, activity (r/o) ● Orchestrator data (not running) ● CA data (r/o using a proxy) 34 R Replica PuppetDBPDB Console
  35. 35. File Sync Replication Replicate Code Directory and Certificate Authority Data 35
  36. 36. High Availability for Puppet - Puppetconf 2016 File Sync - Compile Masters M Master of Masters MOM Compile Master COMC Compile Master COMC Compile Master COMC
  37. 37. High Availability for Puppet - Puppetconf 2016 File Sync - CA Replica data Primary Master Replica Master R ReplicaP Primary 8140 ssl ssl
  38. 38. High Availability for Puppet - Puppetconf 2016 Puppet Enterprise CA Proxy Primary Master Replica Master R ReplicaP Primary ssl CSR
  39. 39. Database Replication Replicate the data used in your PE deployment 39
  40. 40. High Availability for Puppet - Puppetconf 2016 PGLogical Replication PostgreSQL RBAC NC Classifier 5432 5432 PostgreSQL RBAC NC Classifier Write Read (Standby) PuppetDB PDB PuppetDB PDB Not synced
  41. 41. High Availability for Puppet - Puppetconf 2016 PE HA - Replication PuppetDB PuppetDBPDB PuppetDBPDB PostgreSQL PostgreSQL PGlogical PGlogical FileSync Primary Replica RBAC NC Classifier W W RBAC NC Classifier R R
  42. 42. High Availability for Puppet - Puppetconf 2016 Puppet Enterprise HA - Beta Signup Interested in what you heard? Please signup for our HA beta program through the Puppet Enterprise Support portal 42
  43. 43. High Availability for Puppet - Puppetconf 2016 43 https://goo.gl/Z85HLS PE HA Beta Signup Support Knowledge base Z 8 5 H L S

×