Puppet: Automation Matters -...
Transcript of Puppet: Automation Matters -...
Puppet: Automation MattersConfiguration Management with Puppet
Gary LarizzaPS EngineerPuppet Labs
Thursday, October 6, 2011
Puppet: Automation MattersConfiguration Management with Puppet
Thursday, October 6, 2011
Gary Larizza
• Former Director of Technology for Education in USA (all Mac environment)
• Current Professional Services Engineer
• Using Puppet down to the desktop since 2009
• Training and consulting on Puppet Implementations
Thursday, October 6, 2011
Indisposed
Thursday, October 6, 2011
The Problem
• Many nodes (Desktops, Laptops, Servers)
• Just enough automation to survive
• Drift has you down
• Scripts for everything
• What documentation?
Thursday, October 6, 2011
The Old Way
Thursday, October 6, 2011
A Gold Master for Everything
• Model Image
• Netrestore
• Wash, Rinse, Repeat
Thursday, October 6, 2011
Why Modular?#!/bin/sh
#set machine names back to generic
/usr/sbin/scutil --set ComputerName
"OSX_Standard_Image"
/usr/sbin/scutil --set LocalHostName "osximg"
#delete swapfiles
rm /private/var/vm/swapfile*
#delete volume info DB
rm /private/var/db/volinfo.database
#cleanup local admin's home dir
rm -rf /Users/admin/Desktop/*
rm -rf /Users/admin/Documents/*
rm -rf /Users/admin/Library/Caches/*
rm -rf /Users/admin/Library/Recent\ Servers/*
rm -rf /Users/admin/Library/Logs/*
rm -rf /Users/admin/Library/Keychains/*
rm -rf /Users/admin/Library/Preferences/
ByHost/*
rm -f /Users/admin/Library/Preferences/
com.apple.recentitems.plist
rm -rf /Users/admin/Movies/*
rm -rf /Users/admin/Music/*
rm -rf /Users/admin/Pictures/*
rm -rf /Users/admin/Public/Drop\ Box/*
#clean up global caches and temp data
rm -rf /Library/Caches/*
rm -rf /System/Library/Caches/*
rm -rf /Users/Shared/*
rm -f /private/etc/ssh_host*
rm /private/var/log/alf.log
rm /Library/Preferences/SystemConfiguration/
NetworkInterfaces.plist
#Leopard - cleanup local KDC, see http://
support.apple.com/kb/TS1245
/usr/sbin/systemkeychain -k /Library/
Keychains/System.keychain -C -f
rm -rf /var/db/krb5kdc
/usr/bin/defaults delete /System/Library/
LaunchDaemons/com.apple.configureLocalKDC
Disabled
#cleanup root's home dir
rm -rf /private/var/root/Desktop/*
rm -rf /private/var/root/Documents/*
rm -rf /private/var/root/Downloads/*
rm -rf /private/var/root/Library/Caches/*
rm -rf /private/var/root/Library/Recent\
Servers/*
rm -rf /private/var/root/Library/Logs/*
rm -rf /private/var/root/Library/Keychains/*
rm -rf /private/var/root/Library/Preferences/
ByHost/*
rm -f /private/var/root/Library/Preferences/
com.apple.recentitems.plist
rm -rf /private/var/root/Public/Drop\ Box/*
touch /private/var/log/alf.log
rm /private/var/log/cups/access_log
touch /private/var/log/cups/access_log
rm /private/var/log/cups/error_log
touch /private/var/log/cups/error_log
rm /private/var/log/cups/page_log
touch /private/var/log/cups/page_log
rm /private/var/log/daily.out
rm /private/var/log/ftp.log*
touch /private/var/log/ftp.log
rm -rf /private/var/log/httpd/*
rm /private/var/log/lastlog
rm /private/var/log/lookupd.log*
rm /private/var/log/lpr.log*
rm /private/var/log/mail.log*
touch /private/var/log/lpr.log
rm /private/var/log/mail.log*
touch /private/var/log/mail.log
rm /private/var/log/monthly.out
rm /private/var/log/run_radmind.log
rm -rf /private/var/log/samba/*
rm /private/var/log/secure.log
touch /private/var/log/secure.log
rm /private/var/log/system.log*
touch /private/var/log/system.log
rm /private/var/log/weekly.out
rm /private/var/log/windowserver.log
touch /private/var/log/windowserver.log
rm /private/var/log/windowserver_last.log
rm /private/var/log/wtmp.*
Thursday, October 6, 2011
State Drift
• Updates
• ‘New’ Software for Install
• Immediate Changes
• One-off modifications
• Image sprawl
Thursday, October 6, 2011
In Summary:
• Too many Images/Configurations
• Duplicated efforts
• MCX isn’t comprehensive
• Don’t need to manage EVERYTHING
• Notes and memos EVERYWHERE
• I’m Cheap
Thursday, October 6, 2011
Enter Puppet
• Define what NEEDS to be done
• Model your ideal state with simple resources
• Configured State vs. Running State
• Choose your level of commitment
• Useful with Local Admins
Thursday, October 6, 2011
Resource Abstraction Layer
Thursday, October 6, 2011
Puppet Resources
file { '/var/db/.AppleSetupDone': ensure => present, mode => '0600', owner => 'root', group => 'wheel',}
Thursday, October 6, 2011
Type
Puppet Resources
file { '/var/db/.AppleSetupDone': ensure => present, mode => '0600', owner => 'root', group => 'wheel',}
Thursday, October 6, 2011
Type Title
Puppet Resources
file { '/var/db/.AppleSetupDone': ensure => present, mode => '0600', owner => 'root', group => 'wheel',}
Thursday, October 6, 2011
Type Title
Attributes
Puppet Resources
file { '/var/db/.AppleSetupDone': ensure => present, mode => '0600', owner => 'root', group => 'wheel',}
Thursday, October 6, 2011
Bare Machine
Provisioning
Base Install
Configure
Assigned Role
Maintenance
Puppet’s Task
Thursday, October 6, 2011
Facter• Describes aspects of your machine - “facts”
• Facts written in Ruby...for now
• Nice library of existing facts
• Custom facts are easy
• End up ‘shelling out’
Thursday, October 6, 2011
Factergarys-mbp:$ facterdomain => puppetlabs.lanfacterversion => 1.5.8fqdn => garys-mbp.puppetlabs.lanhardwaremodel => x86_64hostname => garys-mbpkernel => Darwinmacosx_buildversion => 10K549macosx_productname => Mac OS Xmacosx_productversion => 10.6.8macosx_productversion_major => 10.6macosx_productversion_minor => 8<...>
Thursday, October 6, 2011
Thursday, October 6, 2011
Thursday, October 6, 2011
Sample Fact
Facter.add("computername") do confine :kernel => :darwin setcode('scutil --get ComputerName'.chomp)end
computername scutil --get ComputerName
Thursday, October 6, 2011
Sample Fact
Facter.add("computername") do confine :kernel => :darwin setcode('scutil --get ComputerName'.chomp)end
computername scutil --get ComputerName
Thursday, October 6, 2011
Sample Fact
Facter.add("computername") do confine :kernel => :darwin setcode('scutil --get ComputerName'.chomp)end
computername scutil --get ComputerName
Fact name
Thursday, October 6, 2011
Sample Fact
Facter.add("computername") do confine :kernel => :darwin setcode('scutil --get ComputerName'.chomp)end
computername scutil --get ComputerName
Command to Execute
Fact name
Thursday, October 6, 2011
Sample Fact
Facter.add("computername") do confine :kernel => :darwin setcode('scutil --get ComputerName'.chomp)end
computername scutil --get ComputerName
Command to Execute
Fact name
Thursday, October 6, 2011
Sample Fact
Facter.add("printerlist") do setcode do %x(lpstat -a | cut -d ' ' -f 1).split("\n").join(",") endend
Thursday, October 6, 2011
Sample Fact
Facter.add("printerlist") do setcode do %x(lpstat -a | cut -d ' ' -f 1).split("\n").join(",") endend
Output: Main_Phaser,Phaser,Phaser_8560_24
Thursday, October 6, 2011
Why choose Puppet?
• Single base image
• Central Git Repo
• ‘Extends’ MCX
• Your state - guaranteed
• Self-documenting
• Idempotent
Thursday, October 6, 2011
Puppet Syntaxfile { '/etc/motd': ensure => present, content => "Don't break my stuff!",}
file { '/etc/sudoers': ensure => present, owner => 'root', group => 'wheel', mode => '0440', source => 'puppet:///modules/sudo/sudoers',}
Thursday, October 6, 2011
package { 'Chrome.pkg': ensure => present, source => 'http://puppet/pkgs/Chrome.pkg',}
file { '/Library/LaunchDaemons/com.google.keystone.daemon.plist': ensure => present, source => 'puppet:///modules/chrome/com.google.keystone.daemon', require => Package['Chrome.pkg'], notify => Service['com.google.keystone.daemon'],}
service { 'com.google.keystone.daemon': ensure => running,}
Puppet Manifest
Thursday, October 6, 2011
Puppet Syntax
$facter = 'facter-1.6.0.dmg'$pkg_base = 'http://puppet.server.com/pkgs'
package { $facter: source => "${pkg_base}/${facter}", before => Package[$puppet],}
(variables)
Thursday, October 6, 2011
puppet resource (i.e. ralsh)
• Formerly known as ralsh, or “Resource Abstraction Layer Shell”
• Tool to inspect a running system
• Outputs Puppet code
Thursday, October 6, 2011
DEMO
Thursday, October 6, 2011
For More Information
• The Book “Pro Puppet”!
• http://amzn.to/puppetbook
• http://puppetlabs.com
• http://groups.google.com/group/puppet-users
• http://glarizza.posterous.com
• #puppet on freenode
Thursday, October 6, 2011
Call Me!
• glarizza on Twitter
• Visit Portland - It’s Nice!
Thursday, October 6, 2011
Thursday, October 6, 2011