Puppet Camp Charlotte 2015: Managing middleware with Puppet
Transcript of Puppet Camp Charlotte 2015: Managing middleware with Puppet
MANAGING
MIDDLEWARE WITH
PUPPET Nate Loomis
key topics
WHAT IS MIDDLEWARE?
middleware is…
middleware is…
middleware is…
New Node Needed
App Deployed Provisioned
Middleware Installed
The step after the provisioned state where the middleware
is installed is the key step in determining a server’s role.
Platform Ready
middleware is…
• Other names for middleware • Application Infrastructure
• Peer-to-Peer Software
• Application Software
• Types of middleware • Web Server software (like Apache HTTPD)
• Application Server software (like JBoss Application Server or KONY Mobile Application Server)
• Content Management systems (like Atlassian Confluence)
• Messaging servers, MOMs, ESBs (like Apache ActiveMQ)
• Orchestration (like Cisco Process Orchestrator)
• API Management (like IBM API Management)
• Tools that support application development and delivery (like Jenkins CI)
middleware is…
Middleware is the software layer that lies between the
operating system and the applications on each side of a
distributed computer network. Typically, it supports
complex, distributed business software applications.
Source: Wikipedia
middleware is…
xkcd.com comic strip
WHY IS ACTIVE STATE
MANAGEMENT OF
MIDDLEWARE IMPORTANT?
why active management is important
Source: Popper, N (Aug 2, 2012) Knight Capital Says Trading Glitch Cost It $440 Million. The New York Times Company (online)
why active management is important
Source: Securities and Exchange Commission,
sec.gov/litigation
why active management is important
• Misconfiguration of middleware can be costly.
• Middleware is also an ideal target.
CNET: DDoS attacks intensified in first half of 2014
The volume and intensity of DDoS attacks in the first half of
the year reached new heights…
CNET: Heartbleed bug: What you need to know
The security vulnerability has implications for users across the
Web…
CNET: New DoS attack uses Web servers as zombies
Imperva says Web server-based botnet offers more attack
power…
why active management is important
Therefore, patching
middleware is
critical
• Finding the stable
version
• Patching rapidly
without stepping on
the app-specific
configuration
Active management
is something to
consider
Source: Top 50 Vulnerable products,
CVEdetails.com – data from MITRE’s CVE
website
WHAT ARE SOME SPECIFIC
CHALLENGES TO MANAGING
MIDDLEWARE?
specific challenges
• More than one software development lifecycle (SDLC)
• Ownership of directories with an automated approach
• Maintaining idempotency
• Managing customizations
• Naming conflicts
• Middleware configuration can be changed in three key events
1. Patching or update to standards
2. Prod fix made directly to server
3. Release of application with specific config needs
more than one software development lifecycle
Patching Support App Release
ownership of directories
• Segmenting ownership
ownership of directories
• Backing module code
…
maintaining idempotency
Idempotence is a property where certain operations can
be applied multiple times without changing the result.
• Example of idempotency = absolute value
abs(abs(abs(-1))) = 1
managing customizations
• How do we adopt a strategy that allows us to accommodate specific corporate requirements and still stay close to the community or forge module?
• Examples of typical customizations necessary for middleware:
1. Different package (often products must be hardened according to security baselines)
2. Asset tagging
3. Test automation hooks
4. Addition of the SSL Certificate and related files
5. Addition of plugins (like apache modules)
6. Support for multiple product versions
7. Modified directory permissions
8. Redirection of the logs to $logroot
9. Defaults for specific file resources
10. Custom functions or classes
naming conflicts
• Multiple middleware teams
• Multiple module authors
• Every class or defined type name maps directly to the
filepath within Puppet’s modulepath.
• So how do we avoid duplicate resource declarations or
path conflicts?
WHAT HAVE WE LEARNED
THAT MAY BE USEFUL TO
YOU?
lessons learned
1. You must bring the team members supporting the
product along with you.
2. Only one system and team should be accountable for
the configuration of the product.
3. Spend the time on the module to ensure it is
idempotent.
4. Isolate company customizations in a wrapper module..
5. Give the rest back to the community.
isolate customizations in a wrapper
List of typical customizations from before: 1. Different package (often products must be hardened according to
security baselines)
2. Asset tagging
3. Test automation hooks
4. Addition of the SSL Certificate and related files
5. Addition of plugins (like apache modules)
6. Support for multiple product versions
7. Modified directory permissions
8. Redirection of the logs to $logroot
9. Defaults for specific file resources
10. Custom functions or classes
Wrapper module approach
• puppet-apache
• puppet-wf_apache
isolate customizations in a wrapper
give the rest back to the community
• Give back
• Your custom code becomes standard, community-supported code
• Growth opportunity for your team members
Wells Fargo IT and Legal have worked to determine a path
for this to happen. Submission with corporate emails is a
requirement.
QUESTIONS?