2. # whoami
• Simon Hanmer
– IT Consultant
– Sysadmin, Infrastructure architect, server
wrangler.
3. Overview
• Infrastructure as code!
• Describe the configuration using some
‘language’
– Deploy predictably
– Deploy rapidly
– Deploy often
4. Overview
• Puppet
– Deploy (first installations)
– Enforce (Prevent changes)
– Audit (Report changes)
• Like many tools, two versions
– Open source, free as in beer
– Enterprise – self hosted, with support (about
$100 per node per year)
5. Overview
• Typically used to configure hosts with
installed OS, but can provision
– Bare metal
– Virtual
– Cloud
– Even non-server (F5 for example)
6. Deployment Models
• Standalone
– Single server enforcing own configuration
• Distributed
– Master servers (single or multiple)
– Clients
– Secure – servers have to be registered with
masters and can only see their own
configurations, communications encrypted with
SSL.
• Can run as single-shot or at regular intervals
10. Hiera
• Remember ‘Infrastructure as code’?
– Most people start hard-coding configuration
– Lots of duplication
– Separate code and config
– Repo’s (tip: separate code & config)
– Encrypt sensitive data
• Hiera to the rescue!
11. Hiera
• Hierarchy
• Decreasing specialisation of information
• Definitions override those lower in hierarchy, so
/hosts/somehost.com would override /production
• Common definitions can be pushed further down the hierarchy
which leads to less duplication
:hierarchy:
− "hosts/%{::fqdn}"
− "environment/%{::environment}/%{::operatingsytem}"
− "domain/%{::domain}"
− "os/%{::operatingsystem}"
− "environment/%{::environment}"
− common
16. Pros Cons
• Free or paid support
although I’ve seen puppetlabs employees
deliver free support through community
• Established (2005) but regular
updates
• Deploy to bare metal, VMs or cloud
• open source modules via
forge.puppetlabs.com – both
PuppetLabs and individuals
• Good documentation – online and
printed books
• Language is declarative, so by
default order of implementation
isn’t guaranteed
• Default deployment can only handle
10s of nodes, but easy to scale this
(using Passenger)