SlideShare ist ein Scribd-Unternehmen logo

Automating backup provisioning with Bacula and Puppet

M
miouhpi

Automating backup provisioning with bacula and puppet

Technologie
1 von 30
Downloaden Sie, um offline zu lesen
BBaacckkuupp pprroovviissiioonniinngg wwiitthh bbaaccuullaa aanndd ppuuppppeett Dave Simons OSBConf 2014-09
DDaavvee SSiimmoonnss ● LLiinnuuxx aanndd OOppeenn SSoouurrccee CCoonnssuullttaanntt @@ iinnuuiittss..eeuu ● @@mmiioouuhhppii ● ggiitthhuubb..ccoomm//ssiimmoonnssdd
IInnuuiittss..eeuu ● OOppeenn ssoouurrccee ccoonnssuullttaannccyy ccoommppaannyy ● SSyysstteemm aaddmmiinniissttrraattiioonn ● WWeebb ddeevveellooppmmeenntt ● SSoommee eemmbbeeddddeedd ddeevveellooppmmeenntt ● OOffifficceess iinn BBeellggiiuumm,, NNeetthheerrllaannddss,, UUkkrraaiinnee aanndd CCzzeecchh
BBaaccuullaa ● NNeettwwoorrkkeedd bbaacckkuupp ssyysstteemm ● WWrriitttteenn iinn CC++++ ● RRuunnss oonn UUNNIIXX,, MMaacc aanndd WWiinnddoowwss ● OOppeenn ssoouurrccee
ccoommppoonneennttss ● DDiirreeccttoorr ● SSttoorraaggee ddaaeemmoonn ● FFiillee ddaaeemmoonn ● CCaattaalloogg ((ddaattaabbaassee)) ● SSttoorraaggee bbaacckkeenndd ● FFiirreewwaallll ● IInntteerrffaaccee
oovveerrvviieeww
CCllaassssiicc sseettuupp ● IInnssttaallll//ccoonnfifigguurree ddiirreeccttoorr ● IInnssttaallll//ccoonnfifigguurree ccaattaalloogg ● IInnssttaallll//ccoonnfifigguurree ssttoorraaggee ddaaeemmoonn ● IInnssttaallll//ccoonnfifigguurree ssttoorraaggee bbaacckkeenndd ● IInnssttaallll//ccoonnfifigguurree fifillee ddaaeemmoonn 11 ● IInnssttaallll//ccoonnfifigguurree fifillee ddaaeemmoonn 22 ● IInnssttaallll//ccoonnfifigguurree fifillee ddaaeemmoonn NN
WWhhaatt''ss wwrroonngg wwiitthh tthhaatt??
LLoottss ooff tthhiinnggss!! ● TTiimmee ccoonnssuummiinngg ● EErrrroorr pprroonnee ● RReeppeettiittiivvee ((pprroonnoouunncceedd //bboohhrr--iinngg//))
PPuuppppeett ● CCoonnfifigguurraattiioonn mmaannaaggeemmeenntt ttooooll ● WWrriitttteenn iinn RRuubbyy ● SSeerrvveerr--cclliieenntt mmooddeell ● SSttaannddaalloonnee ● OOppeenn ssoouurrccee ● RRuunnss oonn UUNNIIXX,, MMaacc aanndd WWiinnddoowwss
ccoommppoonneennttss ● PPuuppppeett mmaasstteerr ● PPuuppppeett aaggeenntt ● PPuuppppeett aappppllyy ● HHiieerraa ● PPuuppppeettddbb ● MMccoolllleeccttiivvee ● ddaasshhbbooaarrdd//ffoorreemmaann
oovveerrvviieeww
PPuuppppeett aappppllyy ● SSuubbccoommmmaanndd ● CCoommppiilleess ccaattaalloogg ● EExxeeccuutteess ccaattaalloogg
hhiieerraa ● DDaattaassttoorree ● AAbbssttrraacctt ccooddee//ddaattaa ● YYAAMMLL ● AAddjjuussttaabbllee hhiieerraarrcchhyy --- :backends: - yaml :logger: console :hierarchy: - clients/%{environment}/%{hostname} - roles/%{environment}/%{role} - roles/common/%{role} - hypervisors/%{hypervisor} - locations/%{datacenter} - environments/%{environment} - common :yaml: :datadir: /etc/puppet/hieradata
hhiieerraaddaattaa [simonsd@shinku][inuits]$ tree -L 2 hiera hiera/ ├── common.yaml ├── clients │ └── production │ └── client1.yaml │ └── client2.yaml │ └── client3.yaml ├── environments │ └── production.yaml ├── hypervisors │ ├── hv1.example.com.yaml │ ├── hv2.example.com.yaml │ └── hv3.example.com.yaml ├── locations │ ├── dc1.yaml │ ├── dc2.yaml │ └── dc3.yaml
PPuuppppeett llaanngguuaaggee ● RRuubbyy DDSSLL ● RReessoouurrcceess • RReegguullaarr • VViirrttuuaall • eexxppoorrtteedd ● CCllaasssseess ● MMaanniiffeessttss ● MMoodduulleess
rreessoouurrccee ttyyppeess ● CCrroonn ● EExxeecc ● FFiillee ● GGrroouupp ● UUsseerr ● MMoouunntt ● PPaacckkaaggee ● SSeerrvviiccee file{'/usr/local/bin/mysql-backup': content => template('mysql-backup'), owner => 'root', group => 'root', mode => '0755', } cron{'mysql-backup': command => '/usr/local/bin/mysql-backup', user => 'root', hour => '00', minute => '15', require => File['/usr/local/bin/mysql-backup', } user{'bacula': ensure => 'present', uid => '712', gid => 'bacula', password => 'secret', home => '/home/bacula', shell => '/bin/sh', }
PPuuppppeett ttrreeee [simonsd@shinku][inuits]$ tree -L 2 puppet/ puppet/ ├── manifests │ ├── classes │ ├── defaults │ ├── hosts │ └── site.pp ├── modules │ ├── activemq │ ├── apache │ ├── apc │ ├── apt │ ├── augeas │ ├── bacula │ ├── bash │ ├── bind │ ├── collectd │ ├── concat │ ├── crond │ ├── customers │ ├── dell │ ├── drupal │ ├── ejabberd │ ├── elasticsearch │ ├── fail2ban │ ├── ffmpeg │ ├── filemapper │ ├── firewall │ ├── foreman │ ├── ganbatte │ ├── gdash │ ├── gitolite │ ├── gitorious │ ├── graphite │ ├── grok │ ├── icinga │ ├── inifile │ ├── inuits │ ├── ...
llooaaddiinngg ● MMaannuuaall iimmppoorrttss ● AAuuttoollooaaddiinngg mmaaggiicc [simonsd@shinku][puppet]$ cat manifests/site.pp import 'defaults/*.pp' import 'classes/*.pp' import 'hosts/*.pp' [simonsd@shinku][puppet]$ puppet apply --modulepath=/etc/puppet/environments/productio n/modules site.pp [simonsd@shinku][puppet]$ cat puppet.conf <snip> [master] manifest = $confdir/environments/$environment/manifests/site.pp modulepath = $confdir/environments/$environment/modules <snip>
mmoodduulleess [simonsd@shinku][puppet]$ tree example-module/ example-module/ ├── manifests │ ├── init.pp ├── templates ├── files ├── lib ├── facts.d ├── tests ├── spec
bbaassiicc mmaanniiffeesstt [simonsd@shinku][puppet]$ cat modules/bacula/manifests/bconsole.pp class bacula::bconsole ( $config_root = $::bacula::params::config_root, $bconsole_pkgname = $::bacula::params::bconsole_pkgname, $director_server = $::bacula::params::director_server, $director_port = $::bacula::params::director_port, $director_password = $::bacula::params::director_password, ) inherits ::bacula::params { package{“$bconsole_pkgname”: ensure => 'present', } file{"${config_root}/bconsole.conf": ensure => 'file', owner => 'root', group => 'root', mode => '0640', content => template('bacula/bconsole.conf.erb'), require => Package[$bconsole_pkgname], } }
bbaassiicc tteemmppllaattee [simonsd@shinku][puppet]$ cat modules/bacula/templates/bconsole.conf.erb ### File managed with puppet ### ### Served by: '<%= scope.lookupvar('::servername') %>' ### Module: '<%= scope.to_hash['module_name'] %>' ### Template source: '<%= template_source %>' ## List Directors we connect to # Director { name = "<%= director_server %>" dirport = "<%= director_port %>" address = "<%= director_server %>" password = "<%= director_password %>" }
VViirrttuuaall rreessoouurrcceess @file{'/tmp/foo': content => 'bar', tag => 'someproject', } realize File['/tmp/foo'] File <| tag='someproject' |>
eexxppoorrtteedd rreessoouurrcceess @@nagios_service{'check_bacula_fd-bacula-fd.prod.example.com': check_command => 'check_nrpe_command!check_bacula_fd', service_description => 'bacula-fd.prod.example.com', host_name => 'bacula-fd.prod.example.com', target => "${::icinga::targetdir}/services/bacula-fd.prod.example.com.cfg", notify => Service[$::icinga::service_server], tag => 'bacula', } Nagios_service <<| name='check_bacula_fd-bacula-fd.prod.example.com' |>> Nagios_service <<| tag='bacula' |>>
ppuuppppeett--bbaaccuullaa mmoodduullee ttrreeee [simonsd@shinku][puppet]$ tree modules/bacula/ modules/bacula/ ├── manifests │ ├── bconsole.pp │ ├── catalog.pp │ ├── client.pp │ ├── common.pp │ ├── default │ │ ├── filesets.pp │ │ ├── jobdefs.pp │ │ ├── pools.pp │ │ └── schedules.pp │ ├── device.pp │ ├── director │ │ ├── config.pp │ │ ├── install.pp │ │ └── service.pp │ ├── director.pp │ ├── fd │ │ ├── config.pp │ │ ├── install.pp │ │ └── service.pp │ ├── fd.pp │ ├── fileset.pp │ ├── firewall │ │ ├── dir.pp │ │ ├── fd.pp │ │ └── sd.pp │ ├── firewall.pp │ ├── init.pp │ ├── jobdefs.pp │ ├── job.pp │ ├── messages.pp │ ├── params.pp │ ├── pool.pp │ ├── schedule.pp │ ├── sd │ │ ├── config.pp │ │ ├── install.pp │ │ └── service.pp │ ├── sd.pp │ └── storage.pp └── templates ├── bacula-dir.conf.erb ├── bacula-fd.conf.erb ├── bacula-sd.conf.erb
ccoonnfifigguurree ddiirreeccttoorr [simonsd@shinku][puppet]$ cat manifests/classes/bacula-dir.pp class 'bacula-dir' { class{'::bacula::director': log_email => 'logs@example.com', from_email => 'bacula@example.com', } bacula::catalog{“bacula-${::domain}”: dbname => hiera('bacula-dbname'), dbuser => hiera('bacula-dbuser'), dbpassword => hiera('bacula-dbpass'), dbhost => hiera('bacula-dbhost'), } @@percona::database{“bacula-${::domain}”: ensure => 'present', } @@percona::rights{“bacula-${::domain}”: ensure => 'present', database => hiera('bacula-prod-dbname'), user => hiera('bacula-prod-dbuser'), password => hiera('bacula-prod-dbpass'), host => hiera('bacula-prod-dbhost'), priv => 'all', } @@nagios_service{“check_bacula_dir-${::fqdn}”: check_command => 'check_nrpe_command!check_bacula_dir', service_description => "Bacula-dir: ${::fqdn}", host_name => $::fqdn, target => "${::icinga::targetdir}/services/${::fqdn}.cfg", notify => Service[$::icinga::service_server], } }
ccoonnfifigguurree ssttoorraaggee ddaaeemmoonn [simonsd@shinku][puppet]$ cat manifests/classes/bacula-sd.pp class 'bacula-sd' { class{'::bacula::sd': storage_dir => hiera('bacula-storage-dir', '/srv/backup/bacula'), } @@nagios_service{'check_bacula_sd-${::fqdn}': check_command => 'check_nrpe_command!check_bacula_sd', service_description => "Bacula-sd: ${::fqdn}", host_name => $::fqdn, target => "${::icinga::targetdir}/services/${::fqdn}.cfg", notify => Service[$::icinga::service_server], } }
ccoonnfifigguurree fifillee ddaaeemmoonn [simonsd@shinku][puppet]$ cat manifests/classes/bacula-fd.pp class 'bacula-fd' { class{'::bacula::fd': storage_server => hiera('bacula_default_storage_server', “bacula-sd.${::domain}”), director_server => hiera('bacula_director_server', 'bacula'), storage_dir => hiera('bacula_storage_dir', '/srv/backup/bacula'), catalog => hiera('bacula_catalog', “bacula-${::domain}”), } @@bacula::job{$::fqdn: client => hiera('bacula_hostname', $::fqdn), jobdefs => hiera('bacula_jobdef', 'DefaultJob'), fileset => hiera('bacula_fileset', false), messages => hiera('bacula_messages', 'bacula-fd'), storage => hiera('bacula_storage', "${::fqdn}-storage"), full_pool => hiera('bacula_fullpool', "${::fqdn}-Full"), incremental_pool => hiera('bacula_incpool', "${::fqdn}-Incremental"), bschedule => hiera('bacula_schedule', 'default'), client_run_before_job => hiera('bacula_client_run_before_job', false), client_run_after_job => hiera('bacula_client_run_after_job', false), } @@bacula::pool{"${::fqdn}-Full":} @@bacula::pool{"${::fqdn}-Incremental": maximum_volumes => '7', } @@nagios_service{'check_bacula_fd-${::fqdn}': check_command => 'check_nrpe_command!check_bacula_fd', service_description => "Bacula-fd: ${::fqdn}", host_name => $::fqdn, target => "${::icinga::targetdir}/services/${::fqdn}.cfg", notify => Service[$::icinga::service_server], } }
OOtthheerr ooppttiioonnss ● CChheeff ● AAnnssiibbllee ● SSaalltt ● CCffeennggiinnee ● BBccffgg22 ● BBaarreeooss ● RRssyynncc ● RRssnnaappsshhoott ● RRddiiffff ● BBaacckkuupp nniinnjjaa
QQuueessttiioonnss??

Empfohlen

C4800 Datasheet
C4800 DatasheetC4800 Datasheet
C4800 DatasheetBob Whillock
 
DDN GS7K - Easy-to-deploy, High Performance Scale-Out Parallel File System Ap...
DDN GS7K - Easy-to-deploy, High Performance Scale-Out Parallel File System Ap...DDN GS7K - Easy-to-deploy, High Performance Scale-Out Parallel File System Ap...
DDN GS7K - Easy-to-deploy, High Performance Scale-Out Parallel File System Ap...inside-BigData.com
 
如何更新TOTOLINK 無線路由器的軔體(A2004NS )
如何更新TOTOLINK 無線路由器的軔體(A2004NS )如何更新TOTOLINK 無線路由器的軔體(A2004NS )
如何更新TOTOLINK 無線路由器的軔體(A2004NS )臺灣塔米歐
 
Lynxos RTOS
Lynxos RTOSLynxos RTOS
Lynxos RTOSEzequiel Jrz
 
Cisco SPAN-based and SPAN-less recording - comparison and advantages of both ...
Cisco SPAN-based and SPAN-less recording - comparison and advantages of both ...Cisco SPAN-based and SPAN-less recording - comparison and advantages of both ...
Cisco SPAN-based and SPAN-less recording - comparison and advantages of both ...Simon Vostry
 
Legge 143/1949 Tabelle Tariffa Ingegneri Architetti
Legge 143/1949 Tabelle Tariffa Ingegneri ArchitettiLegge 143/1949 Tabelle Tariffa Ingegneri Architetti
Legge 143/1949 Tabelle Tariffa Ingegneri ArchitettiEugenio Agnello
 
Apresentacao_XL4002_Final_2.pdf
Apresentacao_XL4002_Final_2.pdfApresentacao_XL4002_Final_2.pdf
Apresentacao_XL4002_Final_2.pdfGustavoFernandes737855
 
Histórico de luta contra a grande represa de Campo Limpo Paulista
Histórico de luta contra a grande represa de Campo Limpo Paulista Histórico de luta contra a grande represa de Campo Limpo Paulista
Histórico de luta contra a grande represa de Campo Limpo Paulista Bairro do Iara
 

Empfohlen

C4800 Datasheet
C4800 DatasheetC4800 Datasheet
C4800 DatasheetBob Whillock
 
DDN GS7K - Easy-to-deploy, High Performance Scale-Out Parallel File System Ap...
DDN GS7K - Easy-to-deploy, High Performance Scale-Out Parallel File System Ap...DDN GS7K - Easy-to-deploy, High Performance Scale-Out Parallel File System Ap...
DDN GS7K - Easy-to-deploy, High Performance Scale-Out Parallel File System Ap...inside-BigData.com
 
如何更新TOTOLINK 無線路由器的軔體(A2004NS )
如何更新TOTOLINK 無線路由器的軔體(A2004NS )如何更新TOTOLINK 無線路由器的軔體(A2004NS )
如何更新TOTOLINK 無線路由器的軔體(A2004NS )臺灣塔米歐
 
Lynxos RTOS
Lynxos RTOSLynxos RTOS
Lynxos RTOSEzequiel Jrz
 
Cisco SPAN-based and SPAN-less recording - comparison and advantages of both ...
Cisco SPAN-based and SPAN-less recording - comparison and advantages of both ...Cisco SPAN-based and SPAN-less recording - comparison and advantages of both ...
Cisco SPAN-based and SPAN-less recording - comparison and advantages of both ...Simon Vostry
 
Legge 143/1949 Tabelle Tariffa Ingegneri Architetti
Legge 143/1949 Tabelle Tariffa Ingegneri ArchitettiLegge 143/1949 Tabelle Tariffa Ingegneri Architetti
Legge 143/1949 Tabelle Tariffa Ingegneri ArchitettiEugenio Agnello
 
Apresentacao_XL4002_Final_2.pdf
Apresentacao_XL4002_Final_2.pdfApresentacao_XL4002_Final_2.pdf
Apresentacao_XL4002_Final_2.pdfGustavoFernandes737855
 
Histórico de luta contra a grande represa de Campo Limpo Paulista
Histórico de luta contra a grande represa de Campo Limpo Paulista Histórico de luta contra a grande represa de Campo Limpo Paulista
Histórico de luta contra a grande represa de Campo Limpo Paulista Bairro do Iara
 
Negotiation
NegotiationNegotiation
NegotiationSlim Hammami
 
Senior-Project-Presentation-Template (1)
Senior-Project-Presentation-Template (1)Senior-Project-Presentation-Template (1)
Senior-Project-Presentation-Template (1)Aaron Boshers
 
Backy - VM backup beyond bacula
Backy - VM backup beyond baculaBacky - VM backup beyond bacula
Backy - VM backup beyond baculaChristian Theune
 
Bacula Overview
Bacula OverviewBacula Overview
Bacula Overviewsambismo
 
Introduction to Bacula
Introduction to BaculaIntroduction to Bacula
Introduction to BaculaHemant Shah
 
170311【bacula】cent os7で統合バックアップbacula7.4を使ってみよう
170311【bacula】cent os7で統合バックアップbacula7.4を使ってみよう170311【bacula】cent os7で統合バックアップbacula7.4を使ってみよう
170311【bacula】cent os7で統合バックアップbacula7.4を使ってみようKen Sawada
 

Weitere ähnliche Inhalte

Andere mochten auch

Senior-Project-Presentation-Template (1)
Senior-Project-Presentation-Template (1)Senior-Project-Presentation-Template (1)
Senior-Project-Presentation-Template (1)Aaron Boshers
 
Backy - VM backup beyond bacula
Backy - VM backup beyond baculaBacky - VM backup beyond bacula
Backy - VM backup beyond baculaChristian Theune
 
Bacula Overview
Bacula OverviewBacula Overview
Bacula Overviewsambismo
 
Introduction to Bacula
Introduction to BaculaIntroduction to Bacula
Introduction to BaculaHemant Shah
 
170311【bacula】cent os7で統合バックアップbacula7.4を使ってみよう
170311【bacula】cent os7で統合バックアップbacula7.4を使ってみよう170311【bacula】cent os7で統合バックアップbacula7.4を使ってみよう
170311【bacula】cent os7で統合バックアップbacula7.4を使ってみようKen Sawada
 

Andere mochten auch (6)

Negotiation
NegotiationNegotiation
Negotiation
 
Senior-Project-Presentation-Template (1)
Senior-Project-Presentation-Template (1)Senior-Project-Presentation-Template (1)
Senior-Project-Presentation-Template (1)
 
Backy - VM backup beyond bacula
Backy - VM backup beyond baculaBacky - VM backup beyond bacula
Backy - VM backup beyond bacula
 
Bacula Overview
Bacula OverviewBacula Overview
Bacula Overview
 
Introduction to Bacula
Introduction to BaculaIntroduction to Bacula
Introduction to Bacula
 
170311【bacula】cent os7で統合バックアップbacula7.4を使ってみよう
170311【bacula】cent os7で統合バックアップbacula7.4を使ってみよう170311【bacula】cent os7で統合バックアップbacula7.4を使ってみよう
170311【bacula】cent os7で統合バックアップbacula7.4を使ってみよう
 

Automating backup provisioning with Bacula and Puppet

  • 1. BBaacckkuupp pprroovviissiioonniinngg wwiitthh bbaaccuullaa aanndd ppuuppppeett Dave Simons OSBConf 2014-09
  • 2. DDaavvee SSiimmoonnss ● LLiinnuuxx aanndd OOppeenn SSoouurrccee CCoonnssuullttaanntt @@ iinnuuiittss..eeuu ● @@mmiioouuhhppii ● ggiitthhuubb..ccoomm//ssiimmoonnssdd
  • 3. IInnuuiittss..eeuu ● OOppeenn ssoouurrccee ccoonnssuullttaannccyy ccoommppaannyy ● SSyysstteemm aaddmmiinniissttrraattiioonn ● WWeebb ddeevveellooppmmeenntt ● SSoommee eemmbbeeddddeedd ddeevveellooppmmeenntt ● OOffifficceess iinn BBeellggiiuumm,, NNeetthheerrllaannddss,, UUkkrraaiinnee aanndd CCzzeecchh
  • 4. BBaaccuullaa ● NNeettwwoorrkkeedd bbaacckkuupp ssyysstteemm ● WWrriitttteenn iinn CC++++ ● RRuunnss oonn UUNNIIXX,, MMaacc aanndd WWiinnddoowwss ● OOppeenn ssoouurrccee
  • 5. ccoommppoonneennttss ● DDiirreeccttoorr ● SSttoorraaggee ddaaeemmoonn ● FFiillee ddaaeemmoonn ● CCaattaalloogg ((ddaattaabbaassee)) ● SSttoorraaggee bbaacckkeenndd ● FFiirreewwaallll ● IInntteerrffaaccee
  • 7. CCllaassssiicc sseettuupp ● IInnssttaallll//ccoonnfifigguurree ddiirreeccttoorr ● IInnssttaallll//ccoonnfifigguurree ccaattaalloogg ● IInnssttaallll//ccoonnfifigguurree ssttoorraaggee ddaaeemmoonn ● IInnssttaallll//ccoonnfifigguurree ssttoorraaggee bbaacckkeenndd ● IInnssttaallll//ccoonnfifigguurree fifillee ddaaeemmoonn 11 ● IInnssttaallll//ccoonnfifigguurree fifillee ddaaeemmoonn 22 ● IInnssttaallll//ccoonnfifigguurree fifillee ddaaeemmoonn NN
  • 9. LLoottss ooff tthhiinnggss!! ● TTiimmee ccoonnssuummiinngg ● EErrrroorr pprroonnee ● RReeppeettiittiivvee ((pprroonnoouunncceedd //bboohhrr--iinngg//))
  • 10. PPuuppppeett ● CCoonnfifigguurraattiioonn mmaannaaggeemmeenntt ttooooll ● WWrriitttteenn iinn RRuubbyy ● SSeerrvveerr--cclliieenntt mmooddeell ● SSttaannddaalloonnee ● OOppeenn ssoouurrccee ● RRuunnss oonn UUNNIIXX,, MMaacc aanndd WWiinnddoowwss
  • 11. ccoommppoonneennttss ● PPuuppppeett mmaasstteerr ● PPuuppppeett aaggeenntt ● PPuuppppeett aappppllyy ● HHiieerraa ● PPuuppppeettddbb ● MMccoolllleeccttiivvee ● ddaasshhbbooaarrdd//ffoorreemmaann
  • 13. PPuuppppeett aappppllyy ● SSuubbccoommmmaanndd ● CCoommppiilleess ccaattaalloogg ● EExxeeccuutteess ccaattaalloogg
  • 14. hhiieerraa ● DDaattaassttoorree ● AAbbssttrraacctt ccooddee//ddaattaa ● YYAAMMLL ● AAddjjuussttaabbllee hhiieerraarrcchhyy --- :backends: - yaml :logger: console :hierarchy: - clients/%{environment}/%{hostname} - roles/%{environment}/%{role} - roles/common/%{role} - hypervisors/%{hypervisor} - locations/%{datacenter} - environments/%{environment} - common :yaml: :datadir: /etc/puppet/hieradata
  • 15. hhiieerraaddaattaa [simonsd@shinku][inuits]$ tree -L 2 hiera hiera/ ├── common.yaml ├── clients │ └── production │ └── client1.yaml │ └── client2.yaml │ └── client3.yaml ├── environments │ └── production.yaml ├── hypervisors │ ├── hv1.example.com.yaml │ ├── hv2.example.com.yaml │ └── hv3.example.com.yaml ├── locations │ ├── dc1.yaml │ ├── dc2.yaml │ └── dc3.yaml
  • 16. PPuuppppeett llaanngguuaaggee ● RRuubbyy DDSSLL ● RReessoouurrcceess • RReegguullaarr • VViirrttuuaall • eexxppoorrtteedd ● CCllaasssseess ● MMaanniiffeessttss ● MMoodduulleess
  • 17. rreessoouurrccee ttyyppeess ● CCrroonn ● EExxeecc ● FFiillee ● GGrroouupp ● UUsseerr ● MMoouunntt ● PPaacckkaaggee ● SSeerrvviiccee file{'/usr/local/bin/mysql-backup': content => template('mysql-backup'), owner => 'root', group => 'root', mode => '0755', } cron{'mysql-backup': command => '/usr/local/bin/mysql-backup', user => 'root', hour => '00', minute => '15', require => File['/usr/local/bin/mysql-backup', } user{'bacula': ensure => 'present', uid => '712', gid => 'bacula', password => 'secret', home => '/home/bacula', shell => '/bin/sh', }
  • 18. PPuuppppeett ttrreeee [simonsd@shinku][inuits]$ tree -L 2 puppet/ puppet/ ├── manifests │ ├── classes │ ├── defaults │ ├── hosts │ └── site.pp ├── modules │ ├── activemq │ ├── apache │ ├── apc │ ├── apt │ ├── augeas │ ├── bacula │ ├── bash │ ├── bind │ ├── collectd │ ├── concat │ ├── crond │ ├── customers │ ├── dell │ ├── drupal │ ├── ejabberd │ ├── elasticsearch │ ├── fail2ban │ ├── ffmpeg │ ├── filemapper │ ├── firewall │ ├── foreman │ ├── ganbatte │ ├── gdash │ ├── gitolite │ ├── gitorious │ ├── graphite │ ├── grok │ ├── icinga │ ├── inifile │ ├── inuits │ ├── ...
  • 19. llooaaddiinngg ● MMaannuuaall iimmppoorrttss ● AAuuttoollooaaddiinngg mmaaggiicc [simonsd@shinku][puppet]$ cat manifests/site.pp import 'defaults/*.pp' import 'classes/*.pp' import 'hosts/*.pp' [simonsd@shinku][puppet]$ puppet apply --modulepath=/etc/puppet/environments/productio n/modules site.pp [simonsd@shinku][puppet]$ cat puppet.conf <snip> [master] manifest = $confdir/environments/$environment/manifests/site.pp modulepath = $confdir/environments/$environment/modules <snip>
  • 20. mmoodduulleess [simonsd@shinku][puppet]$ tree example-module/ example-module/ ├── manifests │ ├── init.pp ├── templates ├── files ├── lib ├── facts.d ├── tests ├── spec
  • 21. bbaassiicc mmaanniiffeesstt [simonsd@shinku][puppet]$ cat modules/bacula/manifests/bconsole.pp class bacula::bconsole ( $config_root = $::bacula::params::config_root, $bconsole_pkgname = $::bacula::params::bconsole_pkgname, $director_server = $::bacula::params::director_server, $director_port = $::bacula::params::director_port, $director_password = $::bacula::params::director_password, ) inherits ::bacula::params { package{“$bconsole_pkgname”: ensure => 'present', } file{"${config_root}/bconsole.conf": ensure => 'file', owner => 'root', group => 'root', mode => '0640', content => template('bacula/bconsole.conf.erb'), require => Package[$bconsole_pkgname], } }
  • 22. bbaassiicc tteemmppllaattee [simonsd@shinku][puppet]$ cat modules/bacula/templates/bconsole.conf.erb ### File managed with puppet ### ### Served by: '<%= scope.lookupvar('::servername') %>' ### Module: '<%= scope.to_hash['module_name'] %>' ### Template source: '<%= template_source %>' ## List Directors we connect to # Director { name = "<%= director_server %>" dirport = "<%= director_port %>" address = "<%= director_server %>" password = "<%= director_password %>" }
  • 23. VViirrttuuaall rreessoouurrcceess @file{'/tmp/foo': content => 'bar', tag => 'someproject', } realize File['/tmp/foo'] File <| tag='someproject' |>
  • 24. eexxppoorrtteedd rreessoouurrcceess @@nagios_service{'check_bacula_fd-bacula-fd.prod.example.com': check_command => 'check_nrpe_command!check_bacula_fd', service_description => 'bacula-fd.prod.example.com', host_name => 'bacula-fd.prod.example.com', target => "${::icinga::targetdir}/services/bacula-fd.prod.example.com.cfg", notify => Service[$::icinga::service_server], tag => 'bacula', } Nagios_service <<| name='check_bacula_fd-bacula-fd.prod.example.com' |>> Nagios_service <<| tag='bacula' |>>
  • 25. ppuuppppeett--bbaaccuullaa mmoodduullee ttrreeee [simonsd@shinku][puppet]$ tree modules/bacula/ modules/bacula/ ├── manifests │ ├── bconsole.pp │ ├── catalog.pp │ ├── client.pp │ ├── common.pp │ ├── default │ │ ├── filesets.pp │ │ ├── jobdefs.pp │ │ ├── pools.pp │ │ └── schedules.pp │ ├── device.pp │ ├── director │ │ ├── config.pp │ │ ├── install.pp │ │ └── service.pp │ ├── director.pp │ ├── fd │ │ ├── config.pp │ │ ├── install.pp │ │ └── service.pp │ ├── fd.pp │ ├── fileset.pp │ ├── firewall │ │ ├── dir.pp │ │ ├── fd.pp │ │ └── sd.pp │ ├── firewall.pp │ ├── init.pp │ ├── jobdefs.pp │ ├── job.pp │ ├── messages.pp │ ├── params.pp │ ├── pool.pp │ ├── schedule.pp │ ├── sd │ │ ├── config.pp │ │ ├── install.pp │ │ └── service.pp │ ├── sd.pp │ └── storage.pp └── templates ├── bacula-dir.conf.erb ├── bacula-fd.conf.erb ├── bacula-sd.conf.erb
  • 26. ccoonnfifigguurree ddiirreeccttoorr [simonsd@shinku][puppet]$ cat manifests/classes/bacula-dir.pp class 'bacula-dir' { class{'::bacula::director': log_email => 'logs@example.com', from_email => 'bacula@example.com', } bacula::catalog{“bacula-${::domain}”: dbname => hiera('bacula-dbname'), dbuser => hiera('bacula-dbuser'), dbpassword => hiera('bacula-dbpass'), dbhost => hiera('bacula-dbhost'), } @@percona::database{“bacula-${::domain}”: ensure => 'present', } @@percona::rights{“bacula-${::domain}”: ensure => 'present', database => hiera('bacula-prod-dbname'), user => hiera('bacula-prod-dbuser'), password => hiera('bacula-prod-dbpass'), host => hiera('bacula-prod-dbhost'), priv => 'all', } @@nagios_service{“check_bacula_dir-${::fqdn}”: check_command => 'check_nrpe_command!check_bacula_dir', service_description => "Bacula-dir: ${::fqdn}", host_name => $::fqdn, target => "${::icinga::targetdir}/services/${::fqdn}.cfg", notify => Service[$::icinga::service_server], } }
  • 27. ccoonnfifigguurree ssttoorraaggee ddaaeemmoonn [simonsd@shinku][puppet]$ cat manifests/classes/bacula-sd.pp class 'bacula-sd' { class{'::bacula::sd': storage_dir => hiera('bacula-storage-dir', '/srv/backup/bacula'), } @@nagios_service{'check_bacula_sd-${::fqdn}': check_command => 'check_nrpe_command!check_bacula_sd', service_description => "Bacula-sd: ${::fqdn}", host_name => $::fqdn, target => "${::icinga::targetdir}/services/${::fqdn}.cfg", notify => Service[$::icinga::service_server], } }
  • 28. ccoonnfifigguurree fifillee ddaaeemmoonn [simonsd@shinku][puppet]$ cat manifests/classes/bacula-fd.pp class 'bacula-fd' { class{'::bacula::fd': storage_server => hiera('bacula_default_storage_server', “bacula-sd.${::domain}”), director_server => hiera('bacula_director_server', 'bacula'), storage_dir => hiera('bacula_storage_dir', '/srv/backup/bacula'), catalog => hiera('bacula_catalog', “bacula-${::domain}”), } @@bacula::job{$::fqdn: client => hiera('bacula_hostname', $::fqdn), jobdefs => hiera('bacula_jobdef', 'DefaultJob'), fileset => hiera('bacula_fileset', false), messages => hiera('bacula_messages', 'bacula-fd'), storage => hiera('bacula_storage', "${::fqdn}-storage"), full_pool => hiera('bacula_fullpool', "${::fqdn}-Full"), incremental_pool => hiera('bacula_incpool', "${::fqdn}-Incremental"), bschedule => hiera('bacula_schedule', 'default'), client_run_before_job => hiera('bacula_client_run_before_job', false), client_run_after_job => hiera('bacula_client_run_after_job', false), } @@bacula::pool{"${::fqdn}-Full":} @@bacula::pool{"${::fqdn}-Incremental": maximum_volumes => '7', } @@nagios_service{'check_bacula_fd-${::fqdn}': check_command => 'check_nrpe_command!check_bacula_fd', service_description => "Bacula-fd: ${::fqdn}", host_name => $::fqdn, target => "${::icinga::targetdir}/services/${::fqdn}.cfg", notify => Service[$::icinga::service_server], } }
  • 29. OOtthheerr ooppttiioonnss ● CChheeff ● AAnnssiibbllee ● SSaalltt ● CCffeennggiinnee ● BBccffgg22 ● BBaarreeooss ● RRssyynncc ● RRssnnaappsshhoott ● RRddiiffff ● BBaacckkuupp nniinnjjaa