20110828 expanded intro-to_puppet_for_dev_ops_days_bangalore
-
Upload
garrett-honeycutt -
Category
Technology
-
view
8.509 -
download
2
Transcript of 20110828 expanded intro-to_puppet_for_dev_ops_days_bangalore
Expanded Introduction to Puppet
for DevOps Days2011-08-28
Bangalore, India
Garrett HoneycuttProfessional Services Consultant
[email protected]://linkedin.com/in/garretthoneycutt
The one-off myth
Your systems are not beautiful snowflakes
photo from http://beesknees67.deviantart.com/
The one-off myth
• Only temporary
The one-off myth
• Only temporary
• Replicas for pre-production environments
The one-off myth
• Only temporary
• Replicas for pre-production environments
• Disaster recovery
Why?
Why?
• reduce entropy
Why?
• reduce entropy• disaster recovery
Why?
• reduce entropy• disaster recovery• change management
Why?
• reduce entropy• disaster recovery• change management• infrastructure as code
Puppet Open Source Ecosystem
3,000 person mailing list 2,000 messages a month
300 people at all times in IRC (#puppet on freenode.net)
Puppet DistributionBundled with major OS !
100+ people contributing to documentation
and code
Puppet Community Active participation !
Puppet Contributors Framework enhancements !
100+ modules contributed to Puppet Module
Forge
Operating System Support
Linux Red Hat Fedora CentOS Ubuntu Debian SuSE
Unix Solaris OS X AIX
HP-UX OpenBSD
Other
Windows (2011)
Puppet EnterpriseWhat it is:• Puppet and related components packaged and
integrated in one install:• Puppet• Puppet Master• Dashboard• Facter• Ruby• Apache• Passenger, etc.
Puppet Enterprise
• Fully QA’d stack of Puppet and dependencies• Simplified installation• Ease of maintenance• Pre-configured for scalability and performance• Predictable enhancement delivery• Enhanced enterprise class Support
Puppet Enterprise
What you can expect in the future:• Pre-loaded set of commonly used modules• Direct integration with public module-forge• Support for additional platforms• Integration with MCollective
Financial
TechnologyEntertainmentWeb
Defense
Puppet is Pervasive
How Puppet Works
Define: !"#$%&'(()#*+%,)-./0/#"1)%% ./23'/3)%45'%,)+"32%/%30/($%56%0)./#"52+$"(+%7)#8))2%0)+5'0-)+%8"#$"2%0)'+/7.)%95,'.)+:%;$)+)%95,'.)+%,)6"2)%45'0%"260/+#0'-#'0)%"2%"#+%,)+"0),%+#/#):
1
Simulate:%!"#$%#$"+%0)+5'0-)%% 30/($<%&'(()#%"+%'2"=')%"2%"#+%/7"."#4%#5%+"9'./#)%,)(.549)2#+<%)2/7."23%45'%#5%#)+#%-$/23)+%8"#$5'#%,"+0'(#"52%#5%45'0%"260/+#0'-#'0):
2
% Enforce:%&'(()#%-59(/0)+%45'0%% +4+#)9%#5%#$)%,)+"0),%+#/#)%/+%45'%,)6"2)%"#<%/2,%/'#59/#"-/..4%)2650-)+%"#%#5%#$)%,)+"0),%+#/#)%)2+'0"23%45'0%+4+#)9%"+%"2%-59(."/2-):
3
% Report: &'(()#%>/+$75/0,%0)(50#+%% #0/-?%0)./#"52+$"(+%7)#8))2%-59(52)2#+%/2,%/..%-$/23)+<%/..58"23%45'%#5%?))(%'(%8"#$%+)-'0"#4%/2,%-59(."/2-)%9/2,/#)+:%@2,%8"#$%#$)%5()2%@&A%45'%-/2%"2#)30/#)%&'(()#%8"#$%#$"0,%(/0#4%952"#50"23%#55.+:
4
>BCADB>C;@;B
EFDDBG;C;@;B
A;BD@;B%@G>%AGEDB@
CB%EHIBD@
JB
Multi Node
Use Puppet to create composable configurations and manage the enterprise infrastructure
Define Your Resources in Modules. ! "#$%!&'(()$*!+,'!-).#/)!+,'0!1,-'2)3!4+!/,-)!52633#.#56$#,/3*!3'5%!63!")4!7)08)0!,0!96$6463)*!622,:#/;!+,'!$,!-).#/)!0)26$#,/3%#(3!4)$:))/!0)3,'05)3!6/-!5,/.#;'0)!$%,'36/-3!,.!3)08)03!6$!,/5)<!
1
Assign resource relationships automatically.!! =,'!56/!$%)/!633#;/!6/-!-)(2,+!5,/.#;'06$#,/3!8#6!&'(()$!963%4,60-*!,0!:#$%!+,'0!,:/!5'3$,1#>)-!?@9A!$,,23<
Via Puppet Dashboard
CustomExternal Source
(CMDB, LDAP, etc.)
2
Reusable, composable configurations. !! "#$%!&'(()$!+,'!56/!0)B'3)!1,-'2)3!650,33!1'2$#(2)!/,-)3*!#/!:%6$)8)0!5,14#/6$#,/!+,'!/))-*!0)-'5#/;!0)()$#$#8)!$63C3!6/-!)2#1#/6$#/;!)00,0B(0,/)!350#($3<!
3
"DA!7DEFDE7 9GHGAG7D!7DEFDE7 G&&IJ?GHJKL!7DEFDE7
LK9D
LK9D LK9D
LK9D LK9D
LK9D
9GHGAG7D "DA!7DEFDE G&&!7DEFDE 7D?MEJH=Mod
ules
Puppet Assigns and Maintains a Node’s Desired Role
Managing Configuration Drift
How Puppet Manages Data Flow for Individual Nodes
Facts!"#$%&'#$(#%'($%&)*+,-.#'$'+/+$+0&1/$-/(#,2$/&$/"#$3144#/$5+(/#)6
1
Catalog3144#/$1(#($/"#$7+8/($/&8&*4-,#$+$9+/+,&:$/"+/(4#8-2-#($"&;$/"#$%&'#("&1,'$0#$8&%2-:1)#'6
2
Report8+%$+,(&$(#%'$'+/+$/&$/"-)'$4+)/<$/&&,(6
4
Report!"#$%&'#$)#4&)/($0+8=$/&$3144#/$-%'-8+/-%:$/"#$8&%2-:1)+/-&%$-($8&*4,#/#>$;"-8"$-($?-(-0,#$-%$/"#$3144#/$@+("0&+)'6
3
Report CollectorA3144#/$&)$B)'$4+)/<$/&&,C
Node
PuppetMaster
SSL secure encryption on all data transport
Facts
Automatically Maintained Asset
Inventory
domain => localfacterversion => 1.5.8fqdn => sliver.localhardwaremodel => i386hostname => sliverinterfaces => lo0,gif0,stf0,en0,en1,fw0,vmnet1,vboxnet0ipaddress => 192.168.174.1ipaddress_lo0 => 127.0.0.1ipaddress_vmnet1 => 192.168.174.1kernel => Darwinkernelmajversion => 10.6kernelrelease => 10.6.0macosx_productname => Mac OS Xmacosx_productversion => 10.6.6netmask => 255.255.255.0netmask_lo0 => 255.0.0.0netmask_vmnet1 => 255.255.255.0network_lo0 => 127.0.0.0network_vmnet1 => 192.168.174.0operatingsystem => Darwinoperatingsystemrelease => 10.6.0path => /opt/local/bin:/opt/local/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin:/Users/gh/bin:/Users/gh/.gem/ruby/1.8/bin/ps => ps auxwwwpuppetversion => 2.6.4rubysitedir => /opt/local/lib/ruby/site_ruby/1.8timezone => PSTuptime => 1 dayrubyversion => 1.8.7sp_bus_speed => 1.07 GHz
Custom Facts
How Puppet Manages Data Flow for Individual Nodes
Facts!"#$%&'#$(#%'($%&)*+,-.#'$'+/+$+0&1/$-/(#,2$/&$/"#$3144#/$5+(/#)6
1
Catalog3144#/$1(#($/"#$7+8/($/&8&*4-,#$+$9+/+,&:$/"+/(4#8-2-#($"&;$/"#$%&'#("&1,'$0#$8&%2-:1)#'6
2
Report8+%$+,(&$(#%'$'+/+$/&$/"-)'$4+)/<$/&&,(6
4
Report!"#$%&'#$)#4&)/($0+8=$/&$3144#/$-%'-8+/-%:$/"#$8&%2-:1)+/-&%$-($8&*4,#/#>$;"-8"$-($?-(-0,#$-%$/"#$3144#/$@+("0&+)'6
3
Report CollectorA3144#/$&)$B)'$4+)/<$/&&,C
Node
PuppetMaster
SSL secure encryption on all data transport
Catalog
• Automatically maintained comprehensive resource list
• Easily validated against compliance requirements prior to client configuration
How Puppet Manages Data Flow for Individual Nodes
Facts!"#$%&'#$(#%'($%&)*+,-.#'$'+/+$+0&1/$-/(#,2$/&$/"#$3144#/$5+(/#)6
1
Catalog3144#/$1(#($/"#$7+8/($/&8&*4-,#$+$9+/+,&:$/"+/(4#8-2-#($"&;$/"#$%&'#("&1,'$0#$8&%2-:1)#'6
2
Report8+%$+,(&$(#%'$'+/+$/&$/"-)'$4+)/<$/&&,(6
4
Report!"#$%&'#$)#4&)/($0+8=$/&$3144#/$-%'-8+/-%:$/"#$8&%2-:1)+/-&%$-($8&*4,#/#>$;"-8"$-($?-(-0,#$-%$/"#$3144#/$@+("0&+)'6
3
Report CollectorA3144#/$&)$B)'$4+)/<$/&&,C
Node
PuppetMaster
SSL secure encryption on all data transport
Report
• Comprehensive report of every change ever made, correlated to every resource being managed
• Easily validated against compliance requirements after reach run
Report
•http•log•store•tagmail
Report
What not How
What not how
Example Resource Types• cron
• exec
• file
• group
• host
• zfs
• mount
• package
• service
• sshkey
• user
Package-File-Service
File Serving
Templates
Templates - Advanced
Syntax Checking
Storeconfigs Ability to pass data between nodes, via a database acting as a proxy
Storeconfigs Ability to pass data between nodes, via a database acting as a proxy
• MySQL• SQLite3• PostgreSQL• Oracle
Storeconfigs
External Node Classifier
•Puppet Dashboard
•Your own CMDB
External Node Classifier
A script that takes $certname as an argument and outputs YAML to STDOUT
External Node Classifier
External Node Classifier
Expanded Introduction to Puppet
for DevOps Days2011-08-28
Bangalore, India
Garrett HoneycuttProfessional Services Consultant
[email protected]://linkedin.com/in/garretthoneycutt