So I Wrote a Manifest
-
Upload
puppet -
Category
Technology
-
view
719 -
download
0
Transcript of So I Wrote a Manifest
SO I WROTE A MANIFEST…
What next?
Ryan Armstrong@cavaliercoder
cavaliercodercavaliercoder.com
WHAT TO AUTOMATE FIRST?
We shouldn’t be looking at each local area and trying to trim it. We should be trying to optimize the whole system
- Eliyahu M. Goldratt
Ryan Armstrong@cavaliercoder
cavaliercodercavaliercoder.com
Project Start
Server build request Change Mgmt Server build QA
Firewall request Change Mgmt
Database request
Storage assessment
Security assessment
Firewall implementation
Server build
Presentation layer request
App install QA
Cap/Av assessment Change Mgmt Storage
provisioningStorage request
Change mgmt Database provisioning
Load Balancer request Change mgmt LB Config
provisioning
Config mgmtRev. Proxy
config provisioing
Ryan Armstrong@cavaliercoder
cavaliercodercavaliercoder.com
Man Machine
Method MeasureRyan Armstrong
@cavaliercodercavaliercoder
cavaliercoder.com
# install IIS corepackage { ‘IIS-CommonHttpFeatures’ : ensure => present,}
THE METHOD
Install the IIS Web server feature by navigating to Control Panel, Programs, Turn Windows Features on or off. Drill down to Internet Information Services, World Wide Web Services and tick Common HTTP Features. Click OK, OK.Validate the install by navigating to Administrative Tools, Services and ensure the World Wide Web service is started. Secondly open a web browser and navigate to http://localhost and ensure the IIS Welcome page is displayed.
Ryan Armstrong@cavaliercoder
cavaliercodercavaliercoder.com
THE MEASURE
THE MACHINE
Ryan Armstrong@cavaliercoder
cavaliercodercavaliercoder.com
THE MAN?OR WOMAN #WWCODE
Ryan Armstrong@cavaliercoder
cavaliercodercavaliercoder.com
Any improvements made anywhere besides the bottleneck are an illusion.
- Gene Kim
Ryan Armstrong@cavaliercoder
cavaliercodercavaliercoder.com
Project Start
Server build request Change Mgmt Server build QA
Firewall request Change Mgmt
Database request
Storage assessment
Security assessment
Firewall implementation
Server build
Presentation layer request
App install QA
Cap/Av assessment Change Mgmt Storage
provisioningStorage request
Change mgmt Database provisioning
Load Balancer request Change mgmt LB Config
provisioning
Config mgmtRev. Proxy
config provisioing
Ryan Armstrong@cavaliercoder
cavaliercodercavaliercoder.com
SOURCE CONTROL
Ryan Armstrong@cavaliercoder
cavaliercodercavaliercoder.com
Ryan Armstrong@cavaliercoder
cavaliercodercavaliercoder.com
Bug:Doc shot
Branch: Fix Doc shooting
Tag: Doc alive
Bug:McFly Jr
Jailed
Tag: I’m OUT Griff
Branch: Where we’re
going…
Branch: Almanac
Bug: Biff rich!
Branch:Took that guys
wallet Tag: Almanac burned
Release v1.0.0
HTTPS://WWW.ATLASSIAN.COM/GIT/
HTTP://ROGERDUDLER.GITHUB.IO/GIT-GUIDE/
Ryan Armstrong@cavaliercoder
cavaliercodercavaliercoder.com
TYING MODULES TOGETHER
Ryan Armstrong@cavaliercoder
cavaliercodercavaliercoder.com
IIS 8.5
MVC.Net
Choco
Backup
agentAVAgent
SQL Server
Logstash
Zabbixagent
WSUS
httpd
MySQL
Bambooagent
Vmwaretools
ActiveMQ
IIS 8.5
Java RE
HA Proxy
Tomcat
ElasticSearch
PHP
Redis
ROLES AND PROFILES
Ryan Armstrong@cavaliercoder
cavaliercodercavaliercoder.com
- org/ # ‘org’ module - .git/ # git database (hidden)- manifests/
- roles/- my_app.pp # class org::role::my_app
- profiles/- iis85.pp # class org::profile::iis85- mvc_net.pp # class org::profile::mvcnet- my_app.pp # class org::profile::my_app
- resources/- service_account.pp # define org::resources::service_account
- ...
ROLES(BUSINESS LAYER)
• Apply directly to a host (one per host)• Assigned in site.pp or ENC• May only contain profiles• Accepts no parameters # standard configuration for custom
# MVC.Net applicationclass org::roles::my_app { include ::org::profiles::iis85 include ::org::profiles::dotnet45 include ::org::profiles::mvc_net include ::org::profiles::my_app}
PROFILES(IMPLEMENTATION LAYER)
• Only applied via Roles• Contains resources• May accept parameters from hiera• Parameters are defined with site
specific defaults# standard IIS 8.5 configurationclass org::profiles::iis85 ( $log_mount = ‘\\\\log_server\\logs’,) { package { ‘IIS-CommonHttpFeatures’ : ensure => present, }
...
RESOURCES(COMPONENT LAYER)
• Declared with define for repeating an implementation on a nodeE.g. User accounts
• Only applied via Profiles• Complex resources should become
their own module• Rarely used
Ryan Armstrong@cavaliercoder
cavaliercodercavaliercoder.com
# standard local service accountdefine org::resources::svc_account ( $username = undef, $password = undef,) { user { $username : ensure => present, password => $password, } ...
DATA
• Applied via hiera• Only used when default parameter values are invalid• Target parameters in Profiles and external modules
org::profiles::iis85::log_path: \\logs01\logs
org::profiles::my_app::database_server: myapp-db01org::profiles::my_app::database_username: myapporg::profiles::my_app::database_password: P@ssw0Rd321
ROLES AND PROFILES
• https://puppetlabs.com/presentations/designing-puppet-rolesprofiles-pattern• http://www.craigdunn.org/2012/05/239/• http://garylarizza.com/blog/2014/02/17/puppet-workflow-part-2/• http://sysadvent.blogspot.co.uk/2012/12/day-13-configuration-management-
as-legos.html
MOVING FROM DEV TO PROD
Needs:• Isolate landscapes using Puppet “Environments”• Definitive state for each environment
• Module versions• Hiera data• Node classification (site.pp)
• Import modules from multiple sources• Automation + audit trail please
R10K DYNAMIC ENVIRONMENTS
• Puppet Environments reduced to one Git repo: r10k-control
r10k-control
GitLab
R10K DYNAMIC ENVIRONMENTS
• Puppet Environments reduced to one Git repo: r10k-control• Each Environment becomes one git branch
Dev Test Prod
r10k-control
GitLab
R10K DYNAMIC ENVIRONMENTS
• Puppet Environments reduced to one Git repo: r10k-control• Each Environment becomes one git branch
• Definitive list of module versions capturedin a Puppetfile
Dev Test Prod
r10k-control
Puppetfile Puppetfile Puppetfile
GitLab
R10K DYNAMIC ENVIRONMENTS
• Puppet Environments reduced to one Git repo: r10k-control• Each Environment becomes one git branch
• Definitive list of module versions captured in a Puppetfile
• Run r10k deploy environment -p tosync environments
Dev Test Prod
r10k-control
Puppetfile Puppetfile Puppetfile
GitLab
Dev Master
Dev Test Prod
r10kGitLab
Prod Master
Dev Test Prod
r10k
Dev Test Prod
r10k-control
Puppetfile Puppetfile Puppetfile
Modules
Prod Servers
Test ServersDev Servers
QUE?
Ryan Armstrong@cavaliercoder
cavaliercodercavaliercoder.com