Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple,...
Transcript of Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple,...
![Page 1: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/1.jpg)
Linux Clusters Institute:Configuration ManagementZhongtao Zhang, System Administrator, Holland Computing Center,
University of Nebraska-Lincoln
![Page 2: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/2.jpg)
About me
• PhD in Computational Chemistry• Started work as System Administrator in HCC from 2015• Started using Puppet in 2015
May 2017 2
![Page 3: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/3.jpg)
Goals
• Understand what configuration management is and why it is useful• Know what tools exist (and how to choose?)• Be equipped to convey the benefits of configuration management to peers
and management
May 2017 3
![Page 4: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/4.jpg)
Out of scope
• Learning everything you need to know about a specific tool• Puppet will be used in examples; but the principles are broadly applicable
• Designing a specific or complete configuration management strategy for your site
May 2017 4
![Page 5: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/5.jpg)
What is “configuration management”?• Every system has a current state
• Files on the hard drive• Running processes and services
• That state has to come from somewhere• Installation / provisioning procedure• Manual “by hand” changes or scripts run• “Golden master” images
May 2017 5
![Page 6: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/6.jpg)
Features of modern systems
• Idempotency• “Desired-state” configuration
• Revision control• “Infrastructure as code”
• Composable and flexible
May 2017 6
![Page 7: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/7.jpg)
Why bother?
• Automation• Composition• Confirmation• Revision history
May 2017 7
![Page 8: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/8.jpg)
Benefits of configuration version control
• Built-in documentation (change logs, summaries, etc.)• Peer review (issue tracking, merge requests, email alerts)• Reverts
May 2017 8
http://infrastructure-as-code.com
![Page 9: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/9.jpg)
Benefits of configuration managementsummary
• Centralized catalog of all system configuration• Automated enforcement of system state from an authoritative source• Ensured consistency between systems• Rapid system provisioning from easily-composed components
May 2017 9
![Page 10: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/10.jpg)
Modern configuration-management systems
• Puppet• Chef• CFEngine• Salt• Ansible
May 2017 10
![Page 11: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/11.jpg)
Getting started
• Pick a simple, common part of your configuration• ntp• resolv• nsswitch• sudoers
• Implement and test (start with “no-op”)
May 2017 11
![Page 12: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/12.jpg)
Directory structuremodules/ntp/manifests/init.pp
files/ntp.conf
May 2017 12
![Page 13: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/13.jpg)
# modules/ntp/manifests/init.pp
class ntp {package { 'ntp':ensure => installed,
}
file { '/etc/ntp.conf':source => 'puppet:///modules/ntp/ntp.conf',owner => 'root',group => 'root',mode => '0644',require => Package['ntp'],
}
service { 'ntp':ensure => running,enable => true,require => File['/etc/ntp.conf'],
}}
May 2017 13
![Page 14: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/14.jpg)
# manifests/site.pp
node 'node1' {include ntp
}
May 2017 14
![Page 15: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/15.jpg)
Testing the prototype
May 2017 15
# puppet apply --noop \--modules modules manifests/site.pp
![Page 16: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/16.jpg)
Next steps
• Top-level node roles• Add features you need now (don't try to do everything at once)• Convince, teach, and assist your team• Continue until you have no more questions about your environment• Find more modules on https://forge.puppet.com/
May 2017 16
![Page 17: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/17.jpg)
Puppet workflow in HCC
• Roles and profiles• Hiera• R10K• Git
May 2017 17
Puppet
R10KGit
![Page 18: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/18.jpg)
May 2017 18
Puppet
R10KGit
clone, commit, pushpull, merge….etc.
Puppetfile
environment = productionenvironment = test
You can add more:Gerrit,
Jenkins….
![Page 19: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/19.jpg)
What does this workflow look like?
May 2017 19
• git clone git@git-server:puppet• git checkout –b mybranch• … make some changes…• git add/commit/push• On you test node: puppet agent –t –environment=mybranch• Merge it to production!
![Page 20: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/20.jpg)
Roles and Profiles
May 2017 20
![Page 21: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/21.jpg)
Advocating to colleagues
• Work is front-loaded, so early work seems much more costly• System might undo work done by others
• Add comments at the top of managed config files• Offer to help colleagues port• Work with at least one other person• Be as transparent as possible
• Commit emails• Document how to port an existing host
May 2017 21
![Page 22: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/22.jpg)
Advocating to management
• Work more efficiently (get more done)• Not an all-or-nothing proposition: start with a few systems and go slow• Document and report success stories
• Deployment speed improvements• Patch deployment improvements• Peer review anecdotes• Corrections made
May 2017 22
![Page 23: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/23.jpg)
Things to watch out for
• Also easy to make a mistake on several hosts at once• Test in isolation first, and with a no-op mode
• It's easy to get lazy and allow systems to fall out-of-sync• It's easy to let perfectionism take over
May 2017 23
![Page 24: Linux Clusters Institute: Configuration Management€¦ · Getting started • Pick a simple, common part of your configuration • ntp • resolv • nsswitch • sudoers • Implement](https://reader035.fdocuments.us/reader035/viewer/2022071012/5fca57df92f445153f51780e/html5/thumbnails/24.jpg)
Reference
• Puppet: https://puppet.com/• Puppet forge: https://forge.puppet.com/• R10k: https://github.com/puppetlabs/r10k• Roles and profiles: http://garylarizza.com/blog/2014/02/17/puppet-
workflow-part-2/
May 2017 24