SlideShare ist ein Scribd-Unternehmen logo

Puppet configuration management

Als PPTX, PDF herunterladen
Simon Hanmer
Simon Hanmer

Quick overview of puppet and hiera

Technologie
1 von 17
Puppet Configuration Management Credit: Miki Yoshihito https://flic.kr/p/7JNRuf
# whoami • Simon Hanmer – IT Consultant – Sysadmin, Infrastructure architect, server wrangler.
Overview • Infrastructure as code! • Describe the configuration using some ‘language’ – Deploy predictably – Deploy rapidly – Deploy often
Overview • Puppet – Deploy (first installations) – Enforce (Prevent changes) – Audit (Report changes) • Like many tools, two versions – Open source, free as in beer – Enterprise – self hosted, with support (about $100 per node per year)
Overview • Typically used to configure hosts with installed OS, but can provision – Bare metal – Virtual – Cloud – Even non-server (F5 for example)
Deployment Models • Standalone – Single server enforcing own configuration • Distributed – Master servers (single or multiple) – Clients – Secure – servers have to be registered with masters and can only see their own configurations, communications encrypted with SSL. • Can run as single-shot or at regular intervals
Architecture Puppet Server Puppet Client Facts (information about client) Manifests Puppet Client
Facter [simon@webconfig ~]$ facter > facter.txt architecture => x86_64 blockdevice_sda_model => VBOX HARDDISK blockdevice_sda_size => 8589934592 blockdevice_sda_vendor => ATA dhcp_servers => {"system"=>"10.0.3.2", "enp0s8"=>"10.0.3.2"} domain => lrn2.co.uk fqdn => webconfig.lrn2.co.uk hostname => webconfig interfaces => enp0s3,enp0s8,lo ipaddress => 192.168.56.20 ipaddress_enp0s3 => 192.168.56.20 ipaddress_enp0s8 => 10.0.3.15 ipaddress_lo => 127.0.0.1 is_virtual => true kernel => Linux kernelmajversion => 3.10 kernelrelease => 3.10.0-229.4.2.el7.x86_64 kernelversion => 3.10.0 macaddress => 08:00:27:4c:0a:12 macaddress_enp0s3 => 08:00:27:4c:0a:12 macaddress_enp0s8 => 08:00:27:70:b2:a7 memoryfree => 1.13 GB memoryfree_mb => 1155.09 memorysize => 1.28 GB memorysize_mb => 1310.63 operatingsystem => CentOS operatingsystemmajrelease => 7 operatingsystemrelease => 7.1.1503 os => {"name"=>"CentOS", "family"=>"RedHat", "release"=>{"major"=>"7", "minor"=>"1", "full"=>"7.1.1503"}} osfamily => RedHat physicalprocessorcount => 1 processor0 => Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz processorcount => 1 processors => {"models"=>["Intel(R) Core(TM) i7- 4600U CPU @ 2.10GHz"], "count"=>1, "physicalcount"=>1} selinux => true selinux_enforced => true selinux_policyversion => 28 timezone => BST uniqueid => a8c01438 virtual => virtualbox
Process flow facter node classifier hiera puppet
Hiera • Remember ‘Infrastructure as code’? – Most people start hard-coding configuration – Lots of duplication – Separate code and config – Repo’s (tip: separate code & config) – Encrypt sensitive data • Hiera to the rescue!
Hiera • Hierarchy • Decreasing specialisation of information • Definitions override those lower in hierarchy, so /hosts/somehost.com would override /production • Common definitions can be pushed further down the hierarchy which leads to less duplication :hierarchy: − "hosts/%{::fqdn}" − "environment/%{::environment}/%{::operatingsytem}" − "domain/%{::domain}" − "os/%{::operatingsystem}" − "environment/%{::environment}" − common
Hiera • Uses YAML or JSON files • Start with classes classes: − component::webserver − component::mysql_server − component::git_repos − component::wordpress − cron
Hiera • Then data web::vhosts blog.anotherwordpress.com-ssl: servername: blog.anotherwordpress.com port: 443 docroot: /var/www/blog.anotherwordpress.com override: all ssl: true ssl_cert: /etc/ssl/certs/real_lfa.crt wordpress: blog.anotherwordpress.com: docroot: /var/www/blog.anotherwordpress.com db_name: blog db_host: localhost db_user: blog_dba db_password: ENC[PKCS7,mIIBeQYaKoZIhvcNAQc+oIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJ KoZIhvcNAQEBBQAEggEAD2Z15kvHip4y22WRm+aa+VCpXa08rKYxxMzEJNdGR9RpdEARXMcUhn uTeSdf/uDtk4QICN6D/yhEaoG6TotShlLQv2q1uNIeUyf9HHpuvdBwYgQkz1bSES5+alDh/X9H 7IQdtcosNPM4L+2QGb8rygNOTAREALPasswordptH8cN7EDKjLuye4JiNoAKk22mxYTZCuvwq2 88HnSB/4Tn2iOyT+Ms3mjzOJ2RYYviMcD6BlmDpqbp2iG6iUILbvTzowNjJY9ijCIZISEyQMbx fTDBGeaaPrTomdNxpOX4/xEGUGgv7GFYTHMW4hDMHaJF/l8Y+mfBS9WlHKb+9Pb9iDA8Bgkqhk iG9w0BBwEwHQYJYIZIAWUDBAEqBBDKy7nvaZxyXwXO5cSjZXXwgBC9dNAU19EFHVTZiCoBKDAk ]
Puppet resources • Dozen or so built-in resource types • and define your own • Enforce ordering – i.e. install package before enabling service • cron • exec • file • group • host • interface • mailalias • package • router • ssh_authorized_key • user • vlan + others
Puppet Module class component::wordpress { user { 'wordpress' : ensure => present } $wordpress = hiera_hash('wordpress') create_resources(wordpress_site, $wordpress) } # define wordpress resource type define wordpress_site($variables_go_here) { wordpress::instance { "wordpress_$site" : install_dir => $docroot, wp_owner => apache, wp_group => apache, version => 'latest', db_host => $db_host, db_name => $db_name, db_user => $db_user, db_password => $db_password, create_db => true, create_db_user => true } apache::vhost { $site: port => '80', docroot => $docroot, docroot_owner => apache, docroot_group => apache, docroot_mode => '0777' } }
Pros Cons • Free or paid support although I’ve seen puppetlabs employees deliver free support through community • Established (2005) but regular updates • Deploy to bare metal, VMs or cloud • open source modules via forge.puppetlabs.com – both PuppetLabs and individuals • Good documentation – online and printed books • Language is declarative, so by default order of implementation isn’t guaranteed • Default deployment can only handle 10s of nodes, but easy to scale this (using Passenger)
What next? • puppetlabs.com – Downloads – Documentation – Training VMs • forge.puppetlabs.com – Module repository

Empfohlen

Puppet Camp Sydney 2015: The (Im)perfect Puppet Module
Puppet Camp Sydney 2015: The (Im)perfect Puppet ModulePuppet Camp Sydney 2015: The (Im)perfect Puppet Module
Puppet Camp Sydney 2015: The (Im)perfect Puppet Module
Puppet
 
Puppet Camp Atlanta 2014: Continuous Deployment of Puppet Modules
Puppet Camp Atlanta 2014: Continuous Deployment of Puppet ModulesPuppet Camp Atlanta 2014: Continuous Deployment of Puppet Modules
Puppet Camp Atlanta 2014: Continuous Deployment of Puppet Modules
Puppet
 
Using Vagrant, Puppet, Testing & Hadoop
Using Vagrant, Puppet, Testing & HadoopUsing Vagrant, Puppet, Testing & Hadoop
Using Vagrant, Puppet, Testing & Hadoop
Puppet
 
Puppet Development Workflow
Puppet Development WorkflowPuppet Development Workflow
Puppet Development Workflow
Jeffery Smith
 
Devops, Dungeons & Dragons
Devops, Dungeons & Dragons Devops, Dungeons & Dragons
Devops, Dungeons & Dragons
David Lutz
 
Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014
Puppet
 
Puppet - Configuration Management Made Eas(ier)
Puppet - Configuration Management Made Eas(ier)Puppet - Configuration Management Made Eas(ier)
Puppet - Configuration Management Made Eas(ier)
Aaron Bernstein
 
Docker
Docker Docker
Docker
Andrea Laspada
 

Empfohlen

Puppet Camp Sydney 2015: The (Im)perfect Puppet Module
Puppet Camp Sydney 2015: The (Im)perfect Puppet ModulePuppet Camp Sydney 2015: The (Im)perfect Puppet Module
Puppet Camp Sydney 2015: The (Im)perfect Puppet Module
Puppet
 
Puppet Camp Atlanta 2014: Continuous Deployment of Puppet Modules
Puppet Camp Atlanta 2014: Continuous Deployment of Puppet ModulesPuppet Camp Atlanta 2014: Continuous Deployment of Puppet Modules
Puppet Camp Atlanta 2014: Continuous Deployment of Puppet Modules
Puppet
 
Using Vagrant, Puppet, Testing & Hadoop
Using Vagrant, Puppet, Testing & HadoopUsing Vagrant, Puppet, Testing & Hadoop
Using Vagrant, Puppet, Testing & Hadoop
Puppet
 
Puppet Development Workflow
Puppet Development WorkflowPuppet Development Workflow
Puppet Development Workflow
Jeffery Smith
 
Devops, Dungeons & Dragons
Devops, Dungeons & Dragons Devops, Dungeons & Dragons
Devops, Dungeons & Dragons
David Lutz
 
Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014
Puppet
 
Puppet - Configuration Management Made Eas(ier)
Puppet - Configuration Management Made Eas(ier)Puppet - Configuration Management Made Eas(ier)
Puppet - Configuration Management Made Eas(ier)
Aaron Bernstein
 
Docker
Docker Docker
Docker
Andrea Laspada
 
Docker internals
Docker internalsDocker internals
Docker internals
Rohit Jnagal
 
A Introduction of Packer
A Introduction of PackerA Introduction of Packer
A Introduction of Packer
Freyr Lin
 
EC2 AMI Factory with Chef, Berkshelf, and Packer
EC2 AMI Factory with Chef, Berkshelf, and PackerEC2 AMI Factory with Chef, Berkshelf, and Packer
EC2 AMI Factory with Chef, Berkshelf, and Packer
George Miranda
 
Packer, where DevOps begins
Packer, where DevOps beginsPacker, where DevOps begins
Packer, where DevOps begins
Jeff Hung
 
Usecase examples of Packer
Usecase examples of Packer Usecase examples of Packer
Usecase examples of Packer
Hiroshi SHIBATA
 
Docker and Puppet for Continuous Integration
Docker and Puppet for Continuous IntegrationDocker and Puppet for Continuous Integration
Docker and Puppet for Continuous Integration
Giacomo Vacca
 
C#: Globalization and localization
C#: Globalization and localizationC#: Globalization and localization
C#: Globalization and localization
Rohit Vipin Mathews
 
Connascence
ConnascenceConnascence
Connascence
Kevin Rutherford
 
Superb Supervision of Short-lived Servers with Sensu
Superb Supervision of Short-lived Servers with SensuSuperb Supervision of Short-lived Servers with Sensu
Superb Supervision of Short-lived Servers with Sensu
Paul O'Connor
 
Puppet Conf 2012 - Managing Network Devices with Puppet
Puppet Conf 2012 - Managing Network Devices with PuppetPuppet Conf 2012 - Managing Network Devices with Puppet
Puppet Conf 2012 - Managing Network Devices with Puppet
Nan Liu
 
Deploying puppet code at light speed
Deploying puppet code at light speedDeploying puppet code at light speed
Deploying puppet code at light speed
Tomas Doran
 
Dates aghhhh!!?!?!?!
Dates aghhhh!!?!?!?!Dates aghhhh!!?!?!?!
Dates aghhhh!!?!?!?!
Tomas Doran
 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)
rajdeep
 
Docker puppetcamp london 2013
Docker puppetcamp london 2013Docker puppetcamp london 2013
Docker puppetcamp london 2013
Tomas Doran
 
Storage device
Storage deviceStorage device
Storage device
h00271567
 
Thinking through puppet code layout
Thinking through puppet code layoutThinking through puppet code layout
Thinking through puppet code layout
Tomas Doran
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Weitere ähnliche Inhalte

Andere mochten auch

Puppet Conf 2012 - Managing Network Devices with Puppet
Puppet Conf 2012 - Managing Network Devices with PuppetPuppet Conf 2012 - Managing Network Devices with Puppet
Puppet Conf 2012 - Managing Network Devices with Puppet
Nan Liu
 

Andere mochten auch (16)

Docker internals
Docker internalsDocker internals
Docker internals
 
A Introduction of Packer
A Introduction of PackerA Introduction of Packer
A Introduction of Packer
 
EC2 AMI Factory with Chef, Berkshelf, and Packer
EC2 AMI Factory with Chef, Berkshelf, and PackerEC2 AMI Factory with Chef, Berkshelf, and Packer
EC2 AMI Factory with Chef, Berkshelf, and Packer
 
Packer, where DevOps begins
Packer, where DevOps beginsPacker, where DevOps begins
Packer, where DevOps begins
 
Usecase examples of Packer
Usecase examples of Packer Usecase examples of Packer
Usecase examples of Packer
 
Docker and Puppet for Continuous Integration
Docker and Puppet for Continuous IntegrationDocker and Puppet for Continuous Integration
Docker and Puppet for Continuous Integration
 
C#: Globalization and localization
C#: Globalization and localizationC#: Globalization and localization
C#: Globalization and localization
 
Connascence
ConnascenceConnascence
Connascence
 
Superb Supervision of Short-lived Servers with Sensu
Superb Supervision of Short-lived Servers with SensuSuperb Supervision of Short-lived Servers with Sensu
Superb Supervision of Short-lived Servers with Sensu
 
Puppet Conf 2012 - Managing Network Devices with Puppet
Puppet Conf 2012 - Managing Network Devices with PuppetPuppet Conf 2012 - Managing Network Devices with Puppet
Puppet Conf 2012 - Managing Network Devices with Puppet
 
Deploying puppet code at light speed
Deploying puppet code at light speedDeploying puppet code at light speed
Deploying puppet code at light speed
 
Dates aghhhh!!?!?!?!
Dates aghhhh!!?!?!?!Dates aghhhh!!?!?!?!
Dates aghhhh!!?!?!?!
 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)
 
Docker puppetcamp london 2013
Docker puppetcamp london 2013Docker puppetcamp london 2013
Docker puppetcamp london 2013
 
Storage device
Storage deviceStorage device
Storage device
 
Thinking through puppet code layout
Thinking through puppet code layoutThinking through puppet code layout
Thinking through puppet code layout
 

Kürzlich hochgeladen

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Kürzlich hochgeladen (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 

Puppet configuration management

  • 2. # whoami • Simon Hanmer – IT Consultant – Sysadmin, Infrastructure architect, server wrangler.
  • 3. Overview • Infrastructure as code! • Describe the configuration using some ‘language’ – Deploy predictably – Deploy rapidly – Deploy often
  • 4. Overview • Puppet – Deploy (first installations) – Enforce (Prevent changes) – Audit (Report changes) • Like many tools, two versions – Open source, free as in beer – Enterprise – self hosted, with support (about $100 per node per year)
  • 5. Overview • Typically used to configure hosts with installed OS, but can provision – Bare metal – Virtual – Cloud – Even non-server (F5 for example)
  • 6. Deployment Models • Standalone – Single server enforcing own configuration • Distributed – Master servers (single or multiple) – Clients – Secure – servers have to be registered with masters and can only see their own configurations, communications encrypted with SSL. • Can run as single-shot or at regular intervals
  • 8. Facter [simon@webconfig ~]$ facter > facter.txt architecture => x86_64 blockdevice_sda_model => VBOX HARDDISK blockdevice_sda_size => 8589934592 blockdevice_sda_vendor => ATA dhcp_servers => {"system"=>"10.0.3.2", "enp0s8"=>"10.0.3.2"} domain => lrn2.co.uk fqdn => webconfig.lrn2.co.uk hostname => webconfig interfaces => enp0s3,enp0s8,lo ipaddress => 192.168.56.20 ipaddress_enp0s3 => 192.168.56.20 ipaddress_enp0s8 => 10.0.3.15 ipaddress_lo => 127.0.0.1 is_virtual => true kernel => Linux kernelmajversion => 3.10 kernelrelease => 3.10.0-229.4.2.el7.x86_64 kernelversion => 3.10.0 macaddress => 08:00:27:4c:0a:12 macaddress_enp0s3 => 08:00:27:4c:0a:12 macaddress_enp0s8 => 08:00:27:70:b2:a7 memoryfree => 1.13 GB memoryfree_mb => 1155.09 memorysize => 1.28 GB memorysize_mb => 1310.63 operatingsystem => CentOS operatingsystemmajrelease => 7 operatingsystemrelease => 7.1.1503 os => {"name"=>"CentOS", "family"=>"RedHat", "release"=>{"major"=>"7", "minor"=>"1", "full"=>"7.1.1503"}} osfamily => RedHat physicalprocessorcount => 1 processor0 => Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz processorcount => 1 processors => {"models"=>["Intel(R) Core(TM) i7- 4600U CPU @ 2.10GHz"], "count"=>1, "physicalcount"=>1} selinux => true selinux_enforced => true selinux_policyversion => 28 timezone => BST uniqueid => a8c01438 virtual => virtualbox
  • 10. Hiera • Remember ‘Infrastructure as code’? – Most people start hard-coding configuration – Lots of duplication – Separate code and config – Repo’s (tip: separate code & config) – Encrypt sensitive data • Hiera to the rescue!
  • 11. Hiera • Hierarchy • Decreasing specialisation of information • Definitions override those lower in hierarchy, so /hosts/somehost.com would override /production • Common definitions can be pushed further down the hierarchy which leads to less duplication :hierarchy: − "hosts/%{::fqdn}" − "environment/%{::environment}/%{::operatingsytem}" − "domain/%{::domain}" − "os/%{::operatingsystem}" − "environment/%{::environment}" − common
  • 12. Hiera • Uses YAML or JSON files • Start with classes classes: − component::webserver − component::mysql_server − component::git_repos − component::wordpress − cron
  • 13. Hiera • Then data web::vhosts blog.anotherwordpress.com-ssl: servername: blog.anotherwordpress.com port: 443 docroot: /var/www/blog.anotherwordpress.com override: all ssl: true ssl_cert: /etc/ssl/certs/real_lfa.crt wordpress: blog.anotherwordpress.com: docroot: /var/www/blog.anotherwordpress.com db_name: blog db_host: localhost db_user: blog_dba db_password: ENC[PKCS7,mIIBeQYaKoZIhvcNAQc+oIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJ KoZIhvcNAQEBBQAEggEAD2Z15kvHip4y22WRm+aa+VCpXa08rKYxxMzEJNdGR9RpdEARXMcUhn uTeSdf/uDtk4QICN6D/yhEaoG6TotShlLQv2q1uNIeUyf9HHpuvdBwYgQkz1bSES5+alDh/X9H 7IQdtcosNPM4L+2QGb8rygNOTAREALPasswordptH8cN7EDKjLuye4JiNoAKk22mxYTZCuvwq2 88HnSB/4Tn2iOyT+Ms3mjzOJ2RYYviMcD6BlmDpqbp2iG6iUILbvTzowNjJY9ijCIZISEyQMbx fTDBGeaaPrTomdNxpOX4/xEGUGgv7GFYTHMW4hDMHaJF/l8Y+mfBS9WlHKb+9Pb9iDA8Bgkqhk iG9w0BBwEwHQYJYIZIAWUDBAEqBBDKy7nvaZxyXwXO5cSjZXXwgBC9dNAU19EFHVTZiCoBKDAk ]
  • 14. Puppet resources • Dozen or so built-in resource types • and define your own • Enforce ordering – i.e. install package before enabling service • cron • exec • file • group • host • interface • mailalias • package • router • ssh_authorized_key • user • vlan + others
  • 15. Puppet Module class component::wordpress { user { 'wordpress' : ensure => present } $wordpress = hiera_hash('wordpress') create_resources(wordpress_site, $wordpress) } # define wordpress resource type define wordpress_site($variables_go_here) { wordpress::instance { "wordpress_$site" : install_dir => $docroot, wp_owner => apache, wp_group => apache, version => 'latest', db_host => $db_host, db_name => $db_name, db_user => $db_user, db_password => $db_password, create_db => true, create_db_user => true } apache::vhost { $site: port => '80', docroot => $docroot, docroot_owner => apache, docroot_group => apache, docroot_mode => '0777' } }
  • 16. Pros Cons • Free or paid support although I’ve seen puppetlabs employees deliver free support through community • Established (2005) but regular updates • Deploy to bare metal, VMs or cloud • open source modules via forge.puppetlabs.com – both PuppetLabs and individuals • Good documentation – online and printed books • Language is declarative, so by default order of implementation isn’t guaranteed • Default deployment can only handle 10s of nodes, but easy to scale this (using Passenger)
  • 17. What next? • puppetlabs.com – Downloads – Documentation – Training VMs • forge.puppetlabs.com – Module repository