PuppetConf 2016: Easily Manage Software on Windows with Chocolatey – Rob Reynolds, Puppet
Puppet - Automagically Manage your Configuration
-
Upload
carlaasouza -
Category
Technology
-
view
2.710 -
download
2
description
Transcript of Puppet - Automagically Manage your Configuration
Puppet
Automagically Manage YourConfiguration
12/04/2010
Carla Souza
DevOps 2010 Brazil © Carla Souza
12/04/2010 DevOps 2010 Brazil © Carla Souza
12/04/2010 DevOps 2010 Brazil © Carla Souza
12/04/2010 DevOps 2010 Brazil © Carla Souza
Typical Sysadmin Job
• Repetitive
• Manual
• Tedious
12/04/2010 DevOps 2010 Brazil © Carla Souza
Typical Sysadmin Job
Installation
12/04/2010 DevOps 2010 Brazil © Carla Souza
Typical Sysadmin Job
Installation
Configuration
12/04/2010 DevOps 2010 Brazil © Carla Souza
Typical Sysadmin Job
Installation
Configuration
UpdatesFixes
Audits
12/04/2010 DevOps 2010 Brazil © Carla Souza
Typical Sysadmin Job
Installation
Configuration
UpdatesFixes
Audits
12/04/2010 DevOps 2010 Brazil © Carla Souza
After Configuration...
• What was it configured?– How?– Why?
12/04/2010 DevOps 2010 Brazil © Carla Souza
After Configuration...
• What was it configured?– How?– Why?
• We need Documentation!
12/04/2010 DevOps 2010 Brazil © Carla Souza
Documentation
• When was it configured?• Who configured it?• What were the configuration's
objectives?
12/04/2010 DevOps 2010 Brazil © Carla Souza
Documentation
• When was it configured?• Who configured it?• What were the configuration's
objectives?• Be consistent
12/04/2010 DevOps 2010 Brazil © Carla Souza
After configuration...
• Is it well configured?
12/04/2010 DevOps 2010 Brazil © Carla Souza
After configuration...
• Is it well configured?– Bad configuration is worse than no
configuration
12/04/2010 DevOps 2010 Brazil © Carla Souza
After configuration...
• Is it well configured?– Bad configuration is worse then no
configuration– We make mistakes!
12/04/2010 DevOps 2010 Brazil © Carla Souza
After configuration...
• Is it well configured?– Bad configuration is worse then no
configuration– We make mistakes!
• We need Tests!
12/04/2010 DevOps 2010 Brazil © Carla Souza
Tests
• Is the configuration correct?• Is it correctly configured?
12/04/2010 DevOps 2010 Brazil © Carla Souza
After Configuration...
• How to ensure that it will stay configured correctly over time?
12/04/2010 DevOps 2010 Brazil © Carla Souza
After Configuration...
• How to ensure that it will stay configured correctly over time?
• We need Maintenance!
12/04/2010 DevOps 2010 Brazil © Carla Souza
Maintenance
• Repetitive work– Every time you repeat one job, you waste
time
12/04/2010 DevOps 2010 Brazil © Carla Souza
Maintenance
• Repetitive work– Every time you repeat one job, you waste
time MONEY
12/04/2010 DevOps 2010 Brazil © Carla Souza
Documentation + Tests + Maintenance
12/04/2010 DevOps 2010 Brazil © Carla Souza
Documentation + Tests + Maintenance
Spend more time then you think
=
12/04/2010 DevOps 2010 Brazil © Carla Souza
Documentation + Tests + Maintenance
Spend more time then you think
Less time for real important work
=
=
12/04/2010 DevOps 2010 Brazil © Carla Souza
The more applications I have
12/04/2010 DevOps 2010 Brazil © Carla Souza
The more applications I have
More Risks=
12/04/2010 DevOps 2010 Brazil © Carla Souza
The more applications I have
More Risks=
+More need for documentation
12/04/2010 DevOps 2010 Brazil © Carla Souza
Cumulative Effect
• The time left will be only for fire fighting
12/04/2010 DevOps 2010 Brazil © Carla Souza
Cumulative Effect
• The time left will be only for fire fighting
• Important tasks will be left behind
12/04/2010 DevOps 2010 Brazil © Carla Souza
Cumulative Effect
• The time left will be only for fire fighting
• Important tasks will be left behind– Backups– Documentation update– User’s tickets
12/04/2010 DevOps 2010 Brazil © Carla Souza
Automation
• Good admins write their own tools
12/04/2010 DevOps 2010 Brazil © Carla Souza
Automation
• Good admins write their own tools• Install:
– Kickstart, jumpstart, imaging• Configuration + maintenance:
– SSH in a for loop• Ssh keys distributed over the network = lack of
secutiry
12/04/2010 DevOps 2010 Brazil © Carla Souza
Automation tools
• Great for ad-hoc or one time only tasks• Can be pushed out via cron
12/04/2010 DevOps 2010 Brazil © Carla Souza
Automation tools
• But do you always write scripts that are:
12/04/2010 DevOps 2010 Brazil © Carla Souza
Automation tools
• But do you always write scripts that are:– Concurrent safe?– Testable?– Reversible?– Legible?– Full of good logging?– Portable?
12/04/2010 DevOps 2010 Brazil © Carla Souza
Wish list
• Simple solutions
12/04/2010 DevOps 2010 Brazil © Carla Souza
Wish list
• Simple solutions– Elegant Domain Specific Language (DSL)
• Manage your servers by writing code, not running commands
– Platform independent– Centralized– Version Controlled
12/04/2010 DevOps 2010 Brazil © Carla Souza
Wish list
• Simple solutions– Easy to extend– Self documenting– Commercial support and trainning– Open source
12/04/2010 DevOps 2010 Brazil © Carla Souza
Puppet
• A Puppet Labs product• Since 2005• Written in Ruby• Extensible by modules• Client-server architecture (client pull)
12/04/2010 DevOps 2010 Brazil © Carla Souza
Puppet
• File server• SSL Certificates• Very active and helpful community
– Mailing lists, #puppet @ freenode• Open Source hosted on Github (GPL)
– https://github.com/puppetlabs• Book
12/04/2010 DevOps 2010 Brazil © Carla Souza
Puppet
12/04/2010 DevOps 2010 Brazil © Carla Souza
Puppet
Installation
Configuration
UpdatesFixes
Audits
12/04/2010 DevOps 2010 Brazil © Carla Souza
Components
• puppetmaster– Server daemon– Run as ‘puppet’ user
12/04/2010 DevOps 2010 Brazil © Carla Souza
Components
• puppetmaster– Server daemon– Run as ‘puppet’ user
• puppetd– Client daemon– Run as root– Pulling every 30min (default value)
12/04/2010 DevOps 2010 Brazil © Carla Souza
Components
• puppetca– Puppet’s Certificate Authority
12/04/2010 DevOps 2010 Brazil © Carla Souza
Components
• puppetca– Puppet’s Certificate Authority
• Facter– Gathers basic information about node’s
hardware and operation system
12/04/2010 DevOps 2010 Brazil © Carla Souza
Elements
• Types– A type is a particular element that Puppet
knows how to configure
12/04/2010 DevOps 2010 Brazil © Carla Souza
Elements
• Types– A type is a particular element that Puppet
knows how to configure
• Classes– A named collection of type objects
12/04/2010 DevOps 2010 Brazil © Carla Souza
Elements
• Providers– Specific implementation of a given
resource type
12/04/2010 DevOps 2010 Brazil © Carla Souza
Elements
• Providers– Specific implementation of a given
resource type
type: package
12/04/2010 DevOps 2010 Brazil © Carla Souza
Elements
• Providers– Specific implementation of a given
resource type
type: packageproviders: yum, dpkg, aptitude, apple, rpm, gem, freebsd
12/04/2010 DevOps 2010 Brazil © Carla Souza
Puppet’s installation
• yum install puppet-server puppet
• apt-get install puppetmaster puppet
• gem install puppet-2.6.4.gem
12/04/2010 DevOps 2010 Brazil © Carla Souza
Sample CodeInstall, Configure and Start Apache
12/04/2010 DevOps 2010 Brazil © Carla Souza
package {“httpd”:ensure => present,
}file {“/etc/httpd/conf/httpd.conf”:
owner => root, group => root, mode => 644,source => puppet:///modules/apache/httpd.conf,
}service {“httpd”:
ensure => running,enable => true,
}
Sample CodeResource Types
12/04/2010 DevOps 2010 Brazil © Carla Souza
package {“httpd”:ensure => present,
}file {“/etc/httpd/conf/httpd.conf”:
owner => root, group => root, mode => 644,source => puppet:///modules/apache/httpd.conf,
}service {“httpd”:
ensure => running,enable => true,
}
Sample CodeResource Titles
12/04/2010 DevOps 2010 Brazil © Carla Souza
package {“httpd”:ensure => present,
}file {“/etc/httpd/conf/httpd.conf”:
owner => root, group => root, mode => 644,source => puppet:///modules/apache/httpd.conf,
}service {“httpd”:
ensure => running,enable => true,
}
Sample CodeResources Parameters
12/04/2010 DevOps 2010 Brazil © Carla Souza
package {“httpd”:ensure => present,
}file {“/etc/httpd/conf/httpd.conf”:
owner => root, group => root, mode => 644,source => puppet:///modules/apache/httpd.conf,
}service {“httpd”:
ensure => running,enable => true,
}
Sample CodeResources Parameters
12/04/2010 DevOps 2010 Brazil © Carla Souza
package {“httpd”:ensure => present,
}file {“/etc/httpd/conf/httpd.conf”:
owner => root, group => root, mode => 644,source => puppet:///modules/apache/httpd.conf,require => Package[“httpd”]
}service {“httpd”:
ensure => running,enable => true,require => File[“/etc/httpd/conf/httpd.conf”]
}
Sample CodeResponding to change
12/04/2010 DevOps 2010 Brazil © Carla Souza
file{“/etc/httpd/conf/httpd.conf”:..notify => Service[“httpd”]
}ORservice{“httpd”:
.
.subscribe => File[“/etc/httpd/conf/httpd.conf”]
}
Sample CodeResource collections
class apache {include apache::installinclude apache::configinclude apache::service
}class apache::install {
package{.....}, package{.....}}class apache::config {
file{.....require => Class[“apache::install”],notify => Class[“apache::service”],
}}class apache::service {
service{.....require => Class[“apache::config”]
}} 12/04/2010 DevOps 2010 Brazil © Carla Souza
Sample CodeResource collections
class apache {include apache::installinclude apache::configinclude apache::service
}class apache::install {
package{.....}, package{.....}}class apache::config {
file{.....require => Class[“apache::install”],notify => Class[“apache::service”],
}}class apache::service {
service{.....require => Class[“apache::config”]
}} 12/04/2010 DevOps 2010 Brazil © Carla Souza
Sample CodeResource collections
class apache {include apache::installinclude apache::configinclude apache::service
}class apache::install {
package{.....}, package{.....}}class apache::config {
file{.....require => Class[“apache::install”],notify => Class[“apache::service”],
}}class apache::service {
service{.....require => Class[“apache::config”]
}} 12/04/2010 DevOps 2010 Brazil © Carla Souza
Elements
• Nodes– A configuration block matching a client
12/04/2010 DevOps 2010 Brazil © Carla Souza
Sample CodeNodes configuration
node “web1.your.com” {include apache
}
12/04/2010 DevOps 2010 Brazil © Carla Souza
Elements
• Templates– Apply code and variable substitution– Uses ERB
12/04/2010 DevOps 2010 Brazil © Carla Souza
Sample CodeTemplates
file{“/etc/httpd/conf.d/servertag.conf”:..content => template(“apache/servertag.erb”)
}
servertag.erb:
Header set X-httpd <%= hostname %>
12/04/2010 DevOps 2010 Brazil © Carla Souza
Sample CodeFile Source Selection
file{“/etc/httpd/conf/httpd.conf”:source => [“puppet:///apache/httpd.conf.${fqdn}”,
“puppet:///apache/httpd.conf.${domain}”, “puppet:///apache/httpd.conf”]
}
12/04/2010 DevOps 2010 Brazil © Carla Souza
Puppet
• puppetlabs.com– github.com/puppetlabs
• Follow me:– github.com/carlasouza– [email protected]
12/04/2010 DevOps 2010 Brazil © Carla Souza
Thank you!
12/04/2010 DevOps 2010 Brazil © Carla Souza