SlideShare ist ein Scribd-Unternehmen logo

20090514 Introducing Puppet To Sasag

garrett honeycutt
garrett honeycutt
1 von 34
Downloaden Sie, um offline zu lesen
Introducing Puppet to SASAG Garrett Honeycutt May 14th, 2009
What? • Puppet is open source and released under GPL • Backed by Reductive Labs - great training and audits available • Used by organizations such as Google, Marchex, Whitepages.com, Stanford University, Harvard, Fedora, SANS Institute, etc.. • “Puppet is a declarative language for expressing system configuration, a client and server for distributing it, and a library for realizing the configuration.” [1]
OS’s • Linux (RHEL, CentOS, Debian, Ubuntu, Gentoo, SuSE, ...) • BSD (Open, Net) • Mac OS X • Solaris (2.6 - 10) • HP-UX • AIX
Why? • Configuration Management != SSH + for loops • Reduce entropy - why is mail27 so fragile? • Ability to quickly scale number of machines • Create replicas in different environments (Dev, QA, Prod) • Change management - How and when are system being modified? • No such thing as a One-Off • it’s only temporary - HA! • multiple environments • disaster recovery
What? • Only need to describe parts of the system that you care about • So you can start in existing environments • not re-describe what a package already gets right
Idempotency • Everything is built to be idempotent, even exec’s • no effect if the state is already achieved • safe to run multiple times
Repeatable State • Start from a known base! • Cobbler • Have a shared storage plan • Keep data on the network • Software package repository • Satellite / Spacewalk • Define processes for changing packages
services --enabled puppet Kickstart %packages facter puppet ruby-rdoc %post # delete unneeded puppet cert find /var/lib/puppet/ssl/ -type f |grep localhost | xargs rm -f # setup puppet cert curl -k https://puppetca | tar xC / # run puppet /usr/sbin/puppetd -t
Packages • Source • Ruby Gems • Solaris - Blastwave • RPM - Fedora & EPEL • Debian / Ubuntu • SuSE • Gentoo • OpenBSD • OS X - MacPorts • ArchLinux • Mandriva
Client / Server • Clients pulls a catalog from the puppetmaster • puppet.domain.com • default is every 30 minutes
Server • webrick by default • standard setup is web server (apache, nginx) reverse proxying to mongrel
Diagram
Certs • Puppet communication is SSL encrypted XML-RPC • Supports auto signing - use with caution [client]$ sudo puppetd --test [puppetmaster]$ sudo puppetca --sign client.foo.com
Written by Robert Long IV gencert.php <?php # don't assume we have a path $gencert = "/usr/sbin/puppetca -g"; $tar = "/bin/tar"; $sudo = "/usr/bin/sudo"; # set some paths up. $cabase = "/var/lib/puppet/ssl/"; $certdir = "$cabase/certs"; $private = "$cabase/private_keys"; # yeah, its reverse DNS, but don't assume its safe. $host = escapeshellarg(gethostbyaddr($_SERVER['REMOTE_ADDR'])); # create the certs exec("$sudo $gencert $host", $out, $ret); $ret && error_log("Error creating cert for $host: $outn"); # tar up the three files we need to make the client work. exec("$sudo $tar -c $certdir/$host.pem $private/$host.pem $certdir/ca.pem 2>/dev/ null", $certs, $ret); $ret && error_log("Error tar'ing cert for $host: $certsn"); # most of this is useless, but it will give curl an idea of what to expect in terms of content header("Content-Description: File Transfer"); header('Content-disposition: attachment; filename='.$host.'tar'); header("Content-Type: application/octet-stream"); header("Content-Transfer-Encoding: binary"); # and the content goes here. print join("n", $certs); ?>
Resource Abstraction Layer • Write code in terms of what you are managing not how • Example Provider is package • I don’t mention if I am using apt, yum, gem, ports ... package {“vim-enhanced”: ensure => installed, }
Types - brief list • cron • exec • file • group • host • mailalias • mount • nagios • package • service • sshkey • user • yumrepo
Facter • key => value system for retrieving information from your OS architecture => x86_64 domain => garretthoneycutt.com facterversion => 1.5.4 fqdn => blink.garretthoneycutt.com hostname => blink id => gh ipaddress_eth0 => 172.17.2.38 kernel => Linux kernelversion => 2.6.27.12 lsbdistcodename => Cambridge lsbdistdescription => Fedora release 10 (Cambridge) lsbdistrelease => 10 macaddress => 00:00:00:c0:ff:ee memoryfree => 5.87 GB memorysize => 7.80 GB netmask => 255.255.255.128 network_eth0 => 172.17.2.0 operatingsystem => Fedora operatingsystemrelease => 10 physicalprocessorcount => 1 processorcount => 2 rubyversion => 1.8.6
Facter • Written in Ruby # some_fact.rb Facter.add("some_fact") do setcode do %x{/usr/local/bin/stuff}.chomp end end
You are a developer • Speakeasy has 6000+ lines of code in one year • You need a VCS • and plan on how to use it • go talk to your Dev’s - they’ve probably figured this all out
Different environments • Puppet allows for the notion of different environments • It’s a hack • Run a different puppet server in each environment • Easy to run different puppetmasters off of different branches/tags of your code
File system layout • You want this in a VCS! puppet |_manifests |_ site.pp |_modules |_ apache |_ ... |_ zenoss |_ files |_ manifests |_ init.pp |_ templates
Site manifest # Default file parameters File { ignore => ".svn", owner => "root", group => "root", mode => "644", } node default { include base } node ‘cobbler.foo.com’ inherits default { include cobbler }
My first module - motd class motd { file { “/etc/motd”: owner => “root”, group => “root”, mode => 644, source => “puppet:///motd/generic_motd”, } }
Templates - motd • Uses ERB templating class motd { file { “/etc/motd”: owner => “root”, group => “root”, mode => 644, content => template(“motd/motd.erb”), } }
motd.erb Welcome to <%= fqdn %> My uptime is <%= uptime %>
More advanced - resolv.conf.erb search <%= dnssearchpath %> options ndots:2 timeout:3 <% nameservers.each do |nameserver| -%> nameserver <%= nameserver %> <% end -%>
Ordering • Puppet’s catalog is built using a DAG • Has built in devices for ordering • before / require • subscribe / notify
Ordering - require class vim { package { "vim-enhanced": ensure => installed, } file { "/etc/vimrc": source => "puppet:///vim/vimrc-$operatingsystem", mode => "644", require => Package["vim-enhanced"], } }
Ordering - notify class bind { package { "bind”: ensure => installed, } file { "/etc/named.conf": content => template("bind/named.conf.ern"), mode => "644", notify => Service["named"], } service { “named”: ensure => running, enable => true, require => [ Package[“bind”], File[“/etc/ named.conf”] ], } }
Inheritance - postfix class postfix { package { “postfix”: ensure => present } file { “/etc/postfix/aliases”: require => Package[“postfix”], content => template(“postfix/aliases.erb”), notify => Exec[“postalias”], } service { “postfix”: ensure => running, enable => true, require => Package[“postfix”], } exec { “postalias”: command => “/usr/sbin/postalias /etc/postfix/aliases”, require => File[“/etc/postfix/aliases”], refreshonly => true, } }
Inheritance - postfix class postfix::perim inherits postfix { File { “/etc/postfix/aliases”: content => template(“postfix/perim-aliases.erb”), } file { “/etc/postfix/sender_regexp”: require => Package[“postfix”], notify => Service[“postfix”], content => template(“postfix/sender_regexp.erb”), } } class postfix::voicemail inherits postfix { File { “/etc/postfix/aliases”: content => template(“postfix/voicemail-aliases.erb”), } file { “/etc/postfix/network_table”: require => Package[“postfix”], notify => Service[“postfix”], source => “puppet:///postfix/voicemail-network_table”, } }
defines class postfix { ... all that stuff from before define post_files() { File { require => Package[“postfix”], notify => Service[“postfix”], } file { “/etc/postfix/master.cf”: source => “puppet:///postfix/$name/master.cf”; “/etc/postfix/main.cf”: source => “puppet:///postfix/$name/main.cf”; } } } class postfix::voicemail inherits postfix { post_files {“voicemail”: } }
Q &A Garrett Honeycutt May 14th, 2009
References • 1. http://reductivelabs.com/trac/puppet/wiki/BigPicture • Architecture diagram from slide 12 - http://reductivelabs.com/trac/ puppet/wiki/ParsingArchitecture

Empfohlen

20100425 Configuration Management With Puppet Lfnw
20100425 Configuration Management With Puppet Lfnw20100425 Configuration Management With Puppet Lfnw
20100425 Configuration Management With Puppet Lfnwgarrett honeycutt
 
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...Puppet
 
Configuration Surgery with Augeas
Configuration Surgery with AugeasConfiguration Surgery with Augeas
Configuration Surgery with AugeasPuppet
 
Using Puppet on Linux, Windows, and Mac OSX
Using Puppet on Linux, Windows, and Mac OSXUsing Puppet on Linux, Windows, and Mac OSX
Using Puppet on Linux, Windows, and Mac OSXPuppet
 
Getting Started with Ansible
Getting Started with AnsibleGetting Started with Ansible
Getting Started with Ansibleahamilton55
 
Anatomy of a reusable module
Anatomy of a reusable moduleAnatomy of a reusable module
Anatomy of a reusable moduleAlessandro Franceschi
 
Stanford Hackathon - Puppet Modules
Stanford Hackathon - Puppet ModulesStanford Hackathon - Puppet Modules
Stanford Hackathon - Puppet ModulesPuppet
 
PuppetCamp SEA 1 - Version Control with Puppet
PuppetCamp SEA 1 - Version Control with PuppetPuppetCamp SEA 1 - Version Control with Puppet
PuppetCamp SEA 1 - Version Control with PuppetWalter Heck
 

Empfohlen

20100425 Configuration Management With Puppet Lfnw
20100425 Configuration Management With Puppet Lfnw20100425 Configuration Management With Puppet Lfnw
20100425 Configuration Management With Puppet Lfnwgarrett honeycutt
 
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...Puppet
 
Configuration Surgery with Augeas
Configuration Surgery with AugeasConfiguration Surgery with Augeas
Configuration Surgery with AugeasPuppet
 
Using Puppet on Linux, Windows, and Mac OSX
Using Puppet on Linux, Windows, and Mac OSXUsing Puppet on Linux, Windows, and Mac OSX
Using Puppet on Linux, Windows, and Mac OSXPuppet
 
Getting Started with Ansible
Getting Started with AnsibleGetting Started with Ansible
Getting Started with Ansibleahamilton55
 
Anatomy of a reusable module
Anatomy of a reusable moduleAnatomy of a reusable module
Anatomy of a reusable moduleAlessandro Franceschi
 
Stanford Hackathon - Puppet Modules
Stanford Hackathon - Puppet ModulesStanford Hackathon - Puppet Modules
Stanford Hackathon - Puppet ModulesPuppet
 
PuppetCamp SEA 1 - Version Control with Puppet
PuppetCamp SEA 1 - Version Control with PuppetPuppetCamp SEA 1 - Version Control with Puppet
PuppetCamp SEA 1 - Version Control with PuppetWalter Heck
 
Puppet @ Seat
Puppet @ SeatPuppet @ Seat
Puppet @ SeatAlessandro Franceschi
 
How to Develop Puppet Modules: From Source to the Forge With Zero Clicks
How to Develop Puppet Modules: From Source to the Forge With Zero ClicksHow to Develop Puppet Modules: From Source to the Forge With Zero Clicks
How to Develop Puppet Modules: From Source to the Forge With Zero ClicksCarlos Sanchez
 
PuppetCamp SEA 1 - Puppet Deployment at OnApp
PuppetCamp SEA 1 - Puppet Deployment at OnAppPuppetCamp SEA 1 - Puppet Deployment at OnApp
PuppetCamp SEA 1 - Puppet Deployment at OnAppWalter Heck
 
PuppetCamp SEA 1 - Use of Puppet
PuppetCamp SEA 1 - Use of PuppetPuppetCamp SEA 1 - Use of Puppet
PuppetCamp SEA 1 - Use of PuppetWalter Heck
 
Automated infrastructure is on the menu
Automated infrastructure is on the menuAutomated infrastructure is on the menu
Automated infrastructure is on the menujtimberman
 
From Dev to DevOps - Codemotion ES 2012
From Dev to DevOps - Codemotion ES 2012From Dev to DevOps - Codemotion ES 2012
From Dev to DevOps - Codemotion ES 2012Carlos Sanchez
 
Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Alex S
 
Lesson 9. The Apache Web Server
Lesson 9. The Apache Web ServerLesson 9. The Apache Web Server
Lesson 9. The Apache Web Serverwebhostingguy
 
How we use and deploy Varnish at Opera
How we use and deploy Varnish at OperaHow we use and deploy Varnish at Opera
How we use and deploy Varnish at OperaCosimo Streppone
 
Puppet at Opera Sofware - PuppetCamp Oslo 2013
Puppet at Opera Sofware - PuppetCamp Oslo 2013Puppet at Opera Sofware - PuppetCamp Oslo 2013
Puppet at Opera Sofware - PuppetCamp Oslo 2013Cosimo Streppone
 
Puppet for Java developers - JavaZone NO 2012
Puppet for Java developers - JavaZone NO 2012Puppet for Java developers - JavaZone NO 2012
Puppet for Java developers - JavaZone NO 2012Carlos Sanchez
 
Automation with ansible
Automation with ansibleAutomation with ansible
Automation with ansibleKhizer Naeem
 
From Dev to DevOps - ApacheCON NA 2011
From Dev to DevOps - ApacheCON NA 2011From Dev to DevOps - ApacheCON NA 2011
From Dev to DevOps - ApacheCON NA 2011Carlos Sanchez
 
Ansible Meetup Hamburg / Quickstart
Ansible Meetup Hamburg / QuickstartAnsible Meetup Hamburg / Quickstart
Ansible Meetup Hamburg / QuickstartHenry Stamerjohann
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleOmid Vahdaty
 
Ansible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife OrchestrationAnsible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife Orchestrationbcoca
 
Puppet fundamentals
Puppet fundamentalsPuppet fundamentals
Puppet fundamentalsMurali Boyapati
 
Ansible tips & tricks
Ansible tips & tricksAnsible tips & tricks
Ansible tips & tricksbcoca
 
IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with AnsibleRayed Alrashed
 
Hadoop Installation
Hadoop InstallationHadoop Installation
Hadoop Installationmrinalsingh385
 
Service Marketing
Service MarketingService Marketing
Service MarketingMahesh Havinal
 
Pricing methods 1 2003
Pricing methods 1 2003Pricing methods 1 2003
Pricing methods 1 2003Amrita Singh
 

Weitere ähnliche Inhalte

Was ist angesagt?

How to Develop Puppet Modules: From Source to the Forge With Zero Clicks
How to Develop Puppet Modules: From Source to the Forge With Zero ClicksHow to Develop Puppet Modules: From Source to the Forge With Zero Clicks
How to Develop Puppet Modules: From Source to the Forge With Zero ClicksCarlos Sanchez
 
PuppetCamp SEA 1 - Puppet Deployment at OnApp
PuppetCamp SEA 1 - Puppet Deployment at OnAppPuppetCamp SEA 1 - Puppet Deployment at OnApp
PuppetCamp SEA 1 - Puppet Deployment at OnAppWalter Heck
 
PuppetCamp SEA 1 - Use of Puppet
PuppetCamp SEA 1 - Use of PuppetPuppetCamp SEA 1 - Use of Puppet
PuppetCamp SEA 1 - Use of PuppetWalter Heck
 
Automated infrastructure is on the menu
Automated infrastructure is on the menuAutomated infrastructure is on the menu
Automated infrastructure is on the menujtimberman
 
From Dev to DevOps - Codemotion ES 2012
From Dev to DevOps - Codemotion ES 2012From Dev to DevOps - Codemotion ES 2012
From Dev to DevOps - Codemotion ES 2012Carlos Sanchez
 
Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Alex S
 
Lesson 9. The Apache Web Server
Lesson 9. The Apache Web ServerLesson 9. The Apache Web Server
Lesson 9. The Apache Web Serverwebhostingguy
 
How we use and deploy Varnish at Opera
How we use and deploy Varnish at OperaHow we use and deploy Varnish at Opera
How we use and deploy Varnish at OperaCosimo Streppone
 
Puppet at Opera Sofware - PuppetCamp Oslo 2013
Puppet at Opera Sofware - PuppetCamp Oslo 2013Puppet at Opera Sofware - PuppetCamp Oslo 2013
Puppet at Opera Sofware - PuppetCamp Oslo 2013Cosimo Streppone
 
Puppet for Java developers - JavaZone NO 2012
Puppet for Java developers - JavaZone NO 2012Puppet for Java developers - JavaZone NO 2012
Puppet for Java developers - JavaZone NO 2012Carlos Sanchez
 
Automation with ansible
Automation with ansibleAutomation with ansible
Automation with ansibleKhizer Naeem
 
From Dev to DevOps - ApacheCON NA 2011
From Dev to DevOps - ApacheCON NA 2011From Dev to DevOps - ApacheCON NA 2011
From Dev to DevOps - ApacheCON NA 2011Carlos Sanchez
 
Ansible Meetup Hamburg / Quickstart
Ansible Meetup Hamburg / QuickstartAnsible Meetup Hamburg / Quickstart
Ansible Meetup Hamburg / QuickstartHenry Stamerjohann
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleOmid Vahdaty
 
Ansible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife OrchestrationAnsible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife Orchestrationbcoca
 
Ansible tips & tricks
Ansible tips & tricksAnsible tips & tricks
Ansible tips & tricksbcoca
 
IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with AnsibleRayed Alrashed
 

Was ist angesagt? (20)

Puppet @ Seat
Puppet @ SeatPuppet @ Seat
Puppet @ Seat
 
How to Develop Puppet Modules: From Source to the Forge With Zero Clicks
How to Develop Puppet Modules: From Source to the Forge With Zero ClicksHow to Develop Puppet Modules: From Source to the Forge With Zero Clicks
How to Develop Puppet Modules: From Source to the Forge With Zero Clicks
 
PuppetCamp SEA 1 - Puppet Deployment at OnApp
PuppetCamp SEA 1 - Puppet Deployment at OnAppPuppetCamp SEA 1 - Puppet Deployment at OnApp
PuppetCamp SEA 1 - Puppet Deployment at OnApp
 
PuppetCamp SEA 1 - Use of Puppet
PuppetCamp SEA 1 - Use of PuppetPuppetCamp SEA 1 - Use of Puppet
PuppetCamp SEA 1 - Use of Puppet
 
Automated infrastructure is on the menu
Automated infrastructure is on the menuAutomated infrastructure is on the menu
Automated infrastructure is on the menu
 
From Dev to DevOps - Codemotion ES 2012
From Dev to DevOps - Codemotion ES 2012From Dev to DevOps - Codemotion ES 2012
From Dev to DevOps - Codemotion ES 2012
 
Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015
 
Lesson 9. The Apache Web Server
Lesson 9. The Apache Web ServerLesson 9. The Apache Web Server
Lesson 9. The Apache Web Server
 
How we use and deploy Varnish at Opera
How we use and deploy Varnish at OperaHow we use and deploy Varnish at Opera
How we use and deploy Varnish at Opera
 
Puppet at Opera Sofware - PuppetCamp Oslo 2013
Puppet at Opera Sofware - PuppetCamp Oslo 2013Puppet at Opera Sofware - PuppetCamp Oslo 2013
Puppet at Opera Sofware - PuppetCamp Oslo 2013
 
Puppet for Java developers - JavaZone NO 2012
Puppet for Java developers - JavaZone NO 2012Puppet for Java developers - JavaZone NO 2012
Puppet for Java developers - JavaZone NO 2012
 
Automation with ansible
Automation with ansibleAutomation with ansible
Automation with ansible
 
From Dev to DevOps - ApacheCON NA 2011
From Dev to DevOps - ApacheCON NA 2011From Dev to DevOps - ApacheCON NA 2011
From Dev to DevOps - ApacheCON NA 2011
 
Ansible Meetup Hamburg / Quickstart
Ansible Meetup Hamburg / QuickstartAnsible Meetup Hamburg / Quickstart
Ansible Meetup Hamburg / Quickstart
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansible
 
Ansible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife OrchestrationAnsible - Swiss Army Knife Orchestration
Ansible - Swiss Army Knife Orchestration
 
Puppet fundamentals
Puppet fundamentalsPuppet fundamentals
Puppet fundamentals
 
Ansible tips & tricks
Ansible tips & tricksAnsible tips & tricks
Ansible tips & tricks
 
IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with Ansible
 
Hadoop Installation
Hadoop InstallationHadoop Installation
Hadoop Installation
 

Andere mochten auch

Pricing methods 1 2003
Pricing methods 1 2003Pricing methods 1 2003
Pricing methods 1 2003Amrita Singh
 
Marketing- Macroenvironment
Marketing- MacroenvironmentMarketing- Macroenvironment
Marketing- MacroenvironmentKabsideous
 
The Marketing Environment
The Marketing EnvironmentThe Marketing Environment
The Marketing EnvironmentMehmet Cihangir
 
Marketing micro environment
Marketing micro environmentMarketing micro environment
Marketing micro environment17somya
 
Marketing environment
Marketing environmentMarketing environment
Marketing environmentmustafvi786
 
Planning the marketing for 300 bedded corporate hospital
Planning the marketing for 300 bedded corporate hospitalPlanning the marketing for 300 bedded corporate hospital
Planning the marketing for 300 bedded corporate hospital Dr.Priyanka Phonde
 
Pricing methods..
Pricing methods..Pricing methods..
Pricing methods..Sujith Nair
 

Andere mochten auch (9)

Service Marketing
Service MarketingService Marketing
Service Marketing
 
Pricing methods 1 2003
Pricing methods 1 2003Pricing methods 1 2003
Pricing methods 1 2003
 
Marketing- Macroenvironment
Marketing- MacroenvironmentMarketing- Macroenvironment
Marketing- Macroenvironment
 
The Marketing Environment
The Marketing EnvironmentThe Marketing Environment
The Marketing Environment
 
Marketing micro environment
Marketing micro environmentMarketing micro environment
Marketing micro environment
 
Marketing environment
Marketing environmentMarketing environment
Marketing environment
 
Planning the marketing for 300 bedded corporate hospital
Planning the marketing for 300 bedded corporate hospitalPlanning the marketing for 300 bedded corporate hospital
Planning the marketing for 300 bedded corporate hospital
 
Pricing methods..
Pricing methods..Pricing methods..
Pricing methods..
 
Types of brand
Types of brandTypes of brand
Types of brand
 

Ähnlich wie 20090514 Introducing Puppet To Sasag

Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013grim_radical
 
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013Carlos Sanchez
 
Developing IT infrastructures with Puppet
Developing IT infrastructures with PuppetDeveloping IT infrastructures with Puppet
Developing IT infrastructures with PuppetAlessandro Franceschi
 
Learning Puppet basic thing
Learning Puppet basic thing Learning Puppet basic thing
Learning Puppet basic thing DaeHyung Lee
 
Hadoop 20111117
Hadoop 20111117Hadoop 20111117
Hadoop 20111117exsuns
 
Provisioning with Puppet
Provisioning with PuppetProvisioning with Puppet
Provisioning with PuppetJoe Ray
 
Virtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetVirtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetOmar Reygaert
 
A tour of Ansible
A tour of AnsibleA tour of Ansible
A tour of AnsibleDevOps Ltd.
 
From Dev to DevOps
From Dev to DevOpsFrom Dev to DevOps
From Dev to DevOpsAgile Spain
 
Configuration Management in the Cloud - Cloud Phoenix Meetup Feb 2014
Configuration Management in the Cloud - Cloud Phoenix Meetup Feb 2014Configuration Management in the Cloud - Cloud Phoenix Meetup Feb 2014
Configuration Management in the Cloud - Cloud Phoenix Meetup Feb 2014Miguel Zuniga
 
From Dev to DevOps - FOSDEM 2012
From Dev to DevOps - FOSDEM 2012From Dev to DevOps - FOSDEM 2012
From Dev to DevOps - FOSDEM 2012Carlos Sanchez
 
Dance for the puppet master: G6 Tech Talk
Dance for the puppet master: G6 Tech TalkDance for the puppet master: G6 Tech Talk
Dance for the puppet master: G6 Tech TalkMichael Peacock
 
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...Nagios
 
Python Deployment with Fabric
Python Deployment with FabricPython Deployment with Fabric
Python Deployment with Fabricandymccurdy
 
Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)
Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)
Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)Codemotion
 
Introduction to Apache Mesos
Introduction to Apache MesosIntroduction to Apache Mesos
Introduction to Apache MesosJoe Stein
 
Road to Opscon (Pisa '15) - DevOoops
Road to Opscon (Pisa '15) - DevOoopsRoad to Opscon (Pisa '15) - DevOoops
Road to Opscon (Pisa '15) - DevOoopsGianluca Varisco
 

Ähnlich wie 20090514 Introducing Puppet To Sasag (20)

Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013
 
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
 
Developing IT infrastructures with Puppet
Developing IT infrastructures with PuppetDeveloping IT infrastructures with Puppet
Developing IT infrastructures with Puppet
 
Learning Puppet basic thing
Learning Puppet basic thing Learning Puppet basic thing
Learning Puppet basic thing
 
Puppet
PuppetPuppet
Puppet
 
Puppet
PuppetPuppet
Puppet
 
Hadoop 20111117
Hadoop 20111117Hadoop 20111117
Hadoop 20111117
 
Provisioning with Puppet
Provisioning with PuppetProvisioning with Puppet
Provisioning with Puppet
 
Puppet
PuppetPuppet
Puppet
 
Virtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetVirtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + Puppet
 
A tour of Ansible
A tour of AnsibleA tour of Ansible
A tour of Ansible
 
From Dev to DevOps
From Dev to DevOpsFrom Dev to DevOps
From Dev to DevOps
 
Configuration Management in the Cloud - Cloud Phoenix Meetup Feb 2014
Configuration Management in the Cloud - Cloud Phoenix Meetup Feb 2014Configuration Management in the Cloud - Cloud Phoenix Meetup Feb 2014
Configuration Management in the Cloud - Cloud Phoenix Meetup Feb 2014
 
From Dev to DevOps - FOSDEM 2012
From Dev to DevOps - FOSDEM 2012From Dev to DevOps - FOSDEM 2012
From Dev to DevOps - FOSDEM 2012
 
Dance for the puppet master: G6 Tech Talk
Dance for the puppet master: G6 Tech TalkDance for the puppet master: G6 Tech Talk
Dance for the puppet master: G6 Tech Talk
 
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
Nagios Conference 2014 - Mike Weber - Expanding NRDS Capabilities on Linux Sy...
 
Python Deployment with Fabric
Python Deployment with FabricPython Deployment with Fabric
Python Deployment with Fabric
 
Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)
Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)
Gianluca Varisco - DevOoops (Increase awareness around DevOps infra security)
 
Introduction to Apache Mesos
Introduction to Apache MesosIntroduction to Apache Mesos
Introduction to Apache Mesos
 
Road to Opscon (Pisa '15) - DevOoops
Road to Opscon (Pisa '15) - DevOoopsRoad to Opscon (Pisa '15) - DevOoops
Road to Opscon (Pisa '15) - DevOoops
 

Mehr von garrett honeycutt

Continuous Deployment Pipeline for Systems - Presented at Ohio LinuxFest 2017...
Continuous Deployment Pipeline for Systems - Presented at Ohio LinuxFest 2017...Continuous Deployment Pipeline for Systems - Presented at Ohio LinuxFest 2017...
Continuous Deployment Pipeline for Systems - Presented at Ohio LinuxFest 2017...garrett honeycutt
 
Continuous Deployment Pipeline for Systems at Cascadia IT Conference - 2017-0...
Continuous Deployment Pipeline for Systems at Cascadia IT Conference - 2017-0...Continuous Deployment Pipeline for Systems at Cascadia IT Conference - 2017-0...
Continuous Deployment Pipeline for Systems at Cascadia IT Conference - 2017-0...garrett honeycutt
 
(2016-06-11) Packer: Make Multi-Platform Images
(2016-06-11) Packer: Make Multi-Platform Images(2016-06-11) Packer: Make Multi-Platform Images
(2016-06-11) Packer: Make Multi-Platform Imagesgarrett honeycutt
 
20150613 self-puppet v4-avoiding_dragons
20150613 self-puppet v4-avoiding_dragons20150613 self-puppet v4-avoiding_dragons
20150613 self-puppet v4-avoiding_dragonsgarrett honeycutt
 
20150314 - Functional Testing for Configuration Management @ Cascadia IT Con...
20150314 - Functional Testing for Configuration Management @ Cascadia IT Con...20150314 - Functional Testing for Configuration Management @ Cascadia IT Con...
20150314 - Functional Testing for Configuration Management @ Cascadia IT Con...garrett honeycutt
 
2014-11-14 - Why Test Driven Development (TDD) Works for Sysadmins @ LISA14
2014-11-14 - Why Test Driven Development (TDD) Works for Sysadmins @ LISA142014-11-14 - Why Test Driven Development (TDD) Works for Sysadmins @ LISA14
2014-11-14 - Why Test Driven Development (TDD) Works for Sysadmins @ LISA14garrett honeycutt
 
2014-11-11 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Seattle
2014-11-11 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Seattle2014-11-11 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Seattle
2014-11-11 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Seattlegarrett honeycutt
 
2014-08-19 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Chicago
2014-08-19 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Chicago2014-08-19 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Chicago
2014-08-19 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Chicagogarrett honeycutt
 
20140406 loa days-tdd-with_puppet_tutorial
20140406 loa days-tdd-with_puppet_tutorial20140406 loa days-tdd-with_puppet_tutorial
20140406 loa days-tdd-with_puppet_tutorialgarrett honeycutt
 
TDD with Puppet Tutorial presented at Cascadia IT Conference 2014-03-07
TDD with Puppet Tutorial presented at Cascadia IT Conference 2014-03-07TDD with Puppet Tutorial presented at Cascadia IT Conference 2014-03-07
TDD with Puppet Tutorial presented at Cascadia IT Conference 2014-03-07garrett honeycutt
 
20130407 load puppevtv3-and_hiera
20130407 load puppevtv3-and_hiera20130407 load puppevtv3-and_hiera
20130407 load puppevtv3-and_hieragarrett honeycutt
 
20120331 - Expanded Intro to Puppet for LOAD
20120331 - Expanded Intro to Puppet for LOAD20120331 - Expanded Intro to Puppet for LOAD
20120331 - Expanded Intro to Puppet for LOADgarrett honeycutt
 
20111110 how puppet-fits_into_your_existing_infrastructure_and_change_managem...
20111110 how puppet-fits_into_your_existing_infrastructure_and_change_managem...20111110 how puppet-fits_into_your_existing_infrastructure_and_change_managem...
20111110 how puppet-fits_into_your_existing_infrastructure_and_change_managem...garrett honeycutt
 
20110611 expanded intro-to_puppet_for_self
20110611 expanded intro-to_puppet_for_self20110611 expanded intro-to_puppet_for_self
20110611 expanded intro-to_puppet_for_selfgarrett honeycutt
 
Fighting Spam With A Perimeter Mail System 20071108 Sasag
Fighting Spam With A Perimeter Mail System 20071108 SasagFighting Spam With A Perimeter Mail System 20071108 Sasag
Fighting Spam With A Perimeter Mail System 20071108 Sasaggarrett honeycutt
 

Mehr von garrett honeycutt (16)

20180823 - Sensu + Puppet
20180823 - Sensu + Puppet20180823 - Sensu + Puppet
20180823 - Sensu + Puppet
 
Continuous Deployment Pipeline for Systems - Presented at Ohio LinuxFest 2017...
Continuous Deployment Pipeline for Systems - Presented at Ohio LinuxFest 2017...Continuous Deployment Pipeline for Systems - Presented at Ohio LinuxFest 2017...
Continuous Deployment Pipeline for Systems - Presented at Ohio LinuxFest 2017...
 
Continuous Deployment Pipeline for Systems at Cascadia IT Conference - 2017-0...
Continuous Deployment Pipeline for Systems at Cascadia IT Conference - 2017-0...Continuous Deployment Pipeline for Systems at Cascadia IT Conference - 2017-0...
Continuous Deployment Pipeline for Systems at Cascadia IT Conference - 2017-0...
 
(2016-06-11) Packer: Make Multi-Platform Images
(2016-06-11) Packer: Make Multi-Platform Images(2016-06-11) Packer: Make Multi-Platform Images
(2016-06-11) Packer: Make Multi-Platform Images
 
20150613 self-puppet v4-avoiding_dragons
20150613 self-puppet v4-avoiding_dragons20150613 self-puppet v4-avoiding_dragons
20150613 self-puppet v4-avoiding_dragons
 
20150314 - Functional Testing for Configuration Management @ Cascadia IT Con...
20150314 - Functional Testing for Configuration Management @ Cascadia IT Con...20150314 - Functional Testing for Configuration Management @ Cascadia IT Con...
20150314 - Functional Testing for Configuration Management @ Cascadia IT Con...
 
2014-11-14 - Why Test Driven Development (TDD) Works for Sysadmins @ LISA14
2014-11-14 - Why Test Driven Development (TDD) Works for Sysadmins @ LISA142014-11-14 - Why Test Driven Development (TDD) Works for Sysadmins @ LISA14
2014-11-14 - Why Test Driven Development (TDD) Works for Sysadmins @ LISA14
 
2014-11-11 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Seattle
2014-11-11 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Seattle2014-11-11 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Seattle
2014-11-11 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Seattle
 
2014-08-19 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Chicago
2014-08-19 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Chicago2014-08-19 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Chicago
2014-08-19 Multiple Approaches to Managing Puppet Modules @ Puppet Camp Chicago
 
20140406 loa days-tdd-with_puppet_tutorial
20140406 loa days-tdd-with_puppet_tutorial20140406 loa days-tdd-with_puppet_tutorial
20140406 loa days-tdd-with_puppet_tutorial
 
TDD with Puppet Tutorial presented at Cascadia IT Conference 2014-03-07
TDD with Puppet Tutorial presented at Cascadia IT Conference 2014-03-07TDD with Puppet Tutorial presented at Cascadia IT Conference 2014-03-07
TDD with Puppet Tutorial presented at Cascadia IT Conference 2014-03-07
 
20130407 load puppevtv3-and_hiera
20130407 load puppevtv3-and_hiera20130407 load puppevtv3-and_hiera
20130407 load puppevtv3-and_hiera
 
20120331 - Expanded Intro to Puppet for LOAD
20120331 - Expanded Intro to Puppet for LOAD20120331 - Expanded Intro to Puppet for LOAD
20120331 - Expanded Intro to Puppet for LOAD
 
20111110 how puppet-fits_into_your_existing_infrastructure_and_change_managem...
20111110 how puppet-fits_into_your_existing_infrastructure_and_change_managem...20111110 how puppet-fits_into_your_existing_infrastructure_and_change_managem...
20111110 how puppet-fits_into_your_existing_infrastructure_and_change_managem...
 
20110611 expanded intro-to_puppet_for_self
20110611 expanded intro-to_puppet_for_self20110611 expanded intro-to_puppet_for_self
20110611 expanded intro-to_puppet_for_self
 
Fighting Spam With A Perimeter Mail System 20071108 Sasag
Fighting Spam With A Perimeter Mail System 20071108 SasagFighting Spam With A Perimeter Mail System 20071108 Sasag
Fighting Spam With A Perimeter Mail System 20071108 Sasag
 

20090514 Introducing Puppet To Sasag

  • 1. Introducing Puppet to SASAG Garrett Honeycutt May 14th, 2009
  • 2. What? • Puppet is open source and released under GPL • Backed by Reductive Labs - great training and audits available • Used by organizations such as Google, Marchex, Whitepages.com, Stanford University, Harvard, Fedora, SANS Institute, etc.. • “Puppet is a declarative language for expressing system configuration, a client and server for distributing it, and a library for realizing the configuration.” [1]
  • 3. OS’s • Linux (RHEL, CentOS, Debian, Ubuntu, Gentoo, SuSE, ...) • BSD (Open, Net) • Mac OS X • Solaris (2.6 - 10) • HP-UX • AIX
  • 4. Why? • Configuration Management != SSH + for loops • Reduce entropy - why is mail27 so fragile? • Ability to quickly scale number of machines • Create replicas in different environments (Dev, QA, Prod) • Change management - How and when are system being modified? • No such thing as a One-Off • it’s only temporary - HA! • multiple environments • disaster recovery
  • 5. What? • Only need to describe parts of the system that you care about • So you can start in existing environments • not re-describe what a package already gets right
  • 6. Idempotency • Everything is built to be idempotent, even exec’s • no effect if the state is already achieved • safe to run multiple times
  • 7. Repeatable State • Start from a known base! • Cobbler • Have a shared storage plan • Keep data on the network • Software package repository • Satellite / Spacewalk • Define processes for changing packages
  • 8. services --enabled puppet Kickstart %packages facter puppet ruby-rdoc %post # delete unneeded puppet cert find /var/lib/puppet/ssl/ -type f |grep localhost | xargs rm -f # setup puppet cert curl -k https://puppetca | tar xC / # run puppet /usr/sbin/puppetd -t
  • 9. Packages • Source • Ruby Gems • Solaris - Blastwave • RPM - Fedora & EPEL • Debian / Ubuntu • SuSE • Gentoo • OpenBSD • OS X - MacPorts • ArchLinux • Mandriva
  • 10. Client / Server • Clients pulls a catalog from the puppetmaster • puppet.domain.com • default is every 30 minutes
  • 11. Server • webrick by default • standard setup is web server (apache, nginx) reverse proxying to mongrel
  • 13. Certs • Puppet communication is SSL encrypted XML-RPC • Supports auto signing - use with caution [client]$ sudo puppetd --test [puppetmaster]$ sudo puppetca --sign client.foo.com
  • 14. Written by Robert Long IV gencert.php <?php # don't assume we have a path $gencert = "/usr/sbin/puppetca -g"; $tar = "/bin/tar"; $sudo = "/usr/bin/sudo"; # set some paths up. $cabase = "/var/lib/puppet/ssl/"; $certdir = "$cabase/certs"; $private = "$cabase/private_keys"; # yeah, its reverse DNS, but don't assume its safe. $host = escapeshellarg(gethostbyaddr($_SERVER['REMOTE_ADDR'])); # create the certs exec("$sudo $gencert $host", $out, $ret); $ret && error_log("Error creating cert for $host: $outn"); # tar up the three files we need to make the client work. exec("$sudo $tar -c $certdir/$host.pem $private/$host.pem $certdir/ca.pem 2>/dev/ null", $certs, $ret); $ret && error_log("Error tar'ing cert for $host: $certsn"); # most of this is useless, but it will give curl an idea of what to expect in terms of content header("Content-Description: File Transfer"); header('Content-disposition: attachment; filename='.$host.'tar'); header("Content-Type: application/octet-stream"); header("Content-Transfer-Encoding: binary"); # and the content goes here. print join("n", $certs); ?>
  • 15. Resource Abstraction Layer • Write code in terms of what you are managing not how • Example Provider is package • I don’t mention if I am using apt, yum, gem, ports ... package {“vim-enhanced”: ensure => installed, }
  • 16. Types - brief list • cron • exec • file • group • host • mailalias • mount • nagios • package • service • sshkey • user • yumrepo
  • 17. Facter • key => value system for retrieving information from your OS architecture => x86_64 domain => garretthoneycutt.com facterversion => 1.5.4 fqdn => blink.garretthoneycutt.com hostname => blink id => gh ipaddress_eth0 => 172.17.2.38 kernel => Linux kernelversion => 2.6.27.12 lsbdistcodename => Cambridge lsbdistdescription => Fedora release 10 (Cambridge) lsbdistrelease => 10 macaddress => 00:00:00:c0:ff:ee memoryfree => 5.87 GB memorysize => 7.80 GB netmask => 255.255.255.128 network_eth0 => 172.17.2.0 operatingsystem => Fedora operatingsystemrelease => 10 physicalprocessorcount => 1 processorcount => 2 rubyversion => 1.8.6
  • 18. Facter • Written in Ruby # some_fact.rb Facter.add("some_fact") do setcode do %x{/usr/local/bin/stuff}.chomp end end
  • 19. You are a developer • Speakeasy has 6000+ lines of code in one year • You need a VCS • and plan on how to use it • go talk to your Dev’s - they’ve probably figured this all out
  • 20. Different environments • Puppet allows for the notion of different environments • It’s a hack • Run a different puppet server in each environment • Easy to run different puppetmasters off of different branches/tags of your code
  • 21. File system layout • You want this in a VCS! puppet |_manifests |_ site.pp |_modules |_ apache |_ ... |_ zenoss |_ files |_ manifests |_ init.pp |_ templates
  • 22. Site manifest # Default file parameters File { ignore => ".svn", owner => "root", group => "root", mode => "644", } node default { include base } node ‘cobbler.foo.com’ inherits default { include cobbler }
  • 23. My first module - motd class motd { file { “/etc/motd”: owner => “root”, group => “root”, mode => 644, source => “puppet:///motd/generic_motd”, } }
  • 24. Templates - motd • Uses ERB templating class motd { file { “/etc/motd”: owner => “root”, group => “root”, mode => 644, content => template(“motd/motd.erb”), } }
  • 25. motd.erb Welcome to <%= fqdn %> My uptime is <%= uptime %>
  • 26. More advanced - resolv.conf.erb search <%= dnssearchpath %> options ndots:2 timeout:3 <% nameservers.each do |nameserver| -%> nameserver <%= nameserver %> <% end -%>
  • 27. Ordering • Puppet’s catalog is built using a DAG • Has built in devices for ordering • before / require • subscribe / notify
  • 28. Ordering - require class vim { package { "vim-enhanced": ensure => installed, } file { "/etc/vimrc": source => "puppet:///vim/vimrc-$operatingsystem", mode => "644", require => Package["vim-enhanced"], } }
  • 29. Ordering - notify class bind { package { "bind”: ensure => installed, } file { "/etc/named.conf": content => template("bind/named.conf.ern"), mode => "644", notify => Service["named"], } service { “named”: ensure => running, enable => true, require => [ Package[“bind”], File[“/etc/ named.conf”] ], } }
  • 30. Inheritance - postfix class postfix { package { “postfix”: ensure => present } file { “/etc/postfix/aliases”: require => Package[“postfix”], content => template(“postfix/aliases.erb”), notify => Exec[“postalias”], } service { “postfix”: ensure => running, enable => true, require => Package[“postfix”], } exec { “postalias”: command => “/usr/sbin/postalias /etc/postfix/aliases”, require => File[“/etc/postfix/aliases”], refreshonly => true, } }
  • 31. Inheritance - postfix class postfix::perim inherits postfix { File { “/etc/postfix/aliases”: content => template(“postfix/perim-aliases.erb”), } file { “/etc/postfix/sender_regexp”: require => Package[“postfix”], notify => Service[“postfix”], content => template(“postfix/sender_regexp.erb”), } } class postfix::voicemail inherits postfix { File { “/etc/postfix/aliases”: content => template(“postfix/voicemail-aliases.erb”), } file { “/etc/postfix/network_table”: require => Package[“postfix”], notify => Service[“postfix”], source => “puppet:///postfix/voicemail-network_table”, } }
  • 32. defines class postfix { ... all that stuff from before define post_files() { File { require => Package[“postfix”], notify => Service[“postfix”], } file { “/etc/postfix/master.cf”: source => “puppet:///postfix/$name/master.cf”; “/etc/postfix/main.cf”: source => “puppet:///postfix/$name/main.cf”; } } } class postfix::voicemail inherits postfix { post_files {“voicemail”: } }
  • 33. Q &A Garrett Honeycutt May 14th, 2009
  • 34. References • 1. http://reductivelabs.com/trac/puppet/wiki/BigPicture • Architecture diagram from slide 12 - http://reductivelabs.com/trac/ puppet/wiki/ParsingArchitecture