Introduction to puppet - Hands on Session at HPI Potsdam
-
Upload
christoph-oelmueller -
Category
Technology
-
view
583 -
download
3
description
Transcript of Introduction to puppet - Hands on Session at HPI Potsdam
![Page 2: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/2.jpg)
*Agenda
*why configuration management?
*puppet DSL - declarative resources instead of procedural code
*writing Puppet manifests
*anatomy of a Puppet run
*using Puppet without/with a master
*nice2knows
*master of Puppets (hands on)
*nice2know cont.
*Q & A
![Page 3: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/3.jpg)
*why configuration management
Lazy admins, DevOps and Managers
![Page 4: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/4.jpg)
*why configuration management
admins are generally as lazy as possible...
for s in $(<some_outdated_list.txt)
do
ssh $s „/bin/false“
done
http://optempo.com/images/trained_monkey.gif
![Page 5: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/5.jpg)
*lazy admin cont.
manually
ssh loop
centralized procedural
• sequential – slow• system-dependant• inventory-
dependant• what about
authorization?
![Page 6: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/6.jpg)
*DevOps toolset
* from dev to prod
* reproducable configurations
* system (*nix flavour) independency
DEV TEST PROD
![Page 7: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/7.jpg)
*management view
* managed „things“ can...
* ...be compliant
* ...be reported
* ...fullfill security requirements
![Page 8: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/8.jpg)
*don‘t forget these...
http://wikipedia.orghttp://www.business-cloud.de/cloudstorage-ja-aber-bitte-sicher/
![Page 9: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/9.jpg)
*Puppet DSLdeclarative resources instead of procedural
code
![Page 10: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/10.jpg)
*Puppet DSL
1. describe what you want to be configured
2. (don‘t care how it is done)
3. describe dependencies
file package service types
win *nix deb rpm POSIX win providers
![Page 11: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/11.jpg)
package{„ntp“: ensure => installed }
file{„/etc/ntp.conf“: ensure => present, user => root, group => root, mode => 644, source => puppet://...}
service{„/etc/ntp.conf“: ensure => running,}
![Page 12: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/12.jpg)
package{„ntp“: ensure => installed }
file{„/etc/ntp.conf“: ensure => present, user => root, group => root, mode => 644, source => puppet://..., require => Package[‚ntp‘]}
service{„ntpd“: ensure => running, require => File[‚/etc/ntp.conf‘]}
![Page 13: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/13.jpg)
*resource ordering
before after
without refresh
before => Resource[‚name‘] require => Resource[‚name‘]
with refresh notify => Resource[‚name‘] subscribe => Resource[‚name‘]
in our resources
chaining syntax
Resource[‚‘] -> Resource[‚name‘] ~> Resource[‚name‘] mind th
e ca
se!
![Page 14: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/14.jpg)
*anatomy of a Puppet run
![Page 15: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/15.jpg)
1. retreive plugins from server
2. get „facts“ on client and send them to master
3. compile catalog and send it to the client
4. apply catalog on client
5. process report
![Page 16: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/16.jpg)
*names, names, names...
* Manifest: your Puppet DSL (*.pp)
* Catalog: serialized host specific DSL
* Facts: host specific set of vars
* Plugins: puppet extensions
* facts, types, providers, reports...
![Page 17: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/17.jpg)
*get server facts - facter
[root@puppet ~]# facter
architecture => x86_64
augeasversion => 0.9.0
bios_release_date => 12/01/2006
bios_vendor => innotek GmbH
bios_version => VirtualBox
blockdevice_sda_model => VBOX HARDDISK
blockdevice_sda_size => 214748364800
blockdevice_sda_vendor => ATA
domain => example.com
facterversion => 1.7.2
filesystems => ext4,iso9660
fqdn => puppet.example.com
hardwareisa => x86_64
hardwaremodel => x86_64
hostname => puppet
id => root
interfaces => eth0,lo
ipaddress => 10.0.2.15
ipaddress_eth0 => 10.0.2.15
ipaddress_lo => 127.0.0.1
is_virtual => true
kernel => Linux
![Page 18: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/18.jpg)
*writing manifests
node definitions & modules & delivering content
![Page 19: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/19.jpg)
*node definitions
%manifestdir/site.pp:node frontend.example.com {
file{‚/etc/apache2/httpd.conf‘:
ensure => present,
...
}
...
}
node db1.example.com {
...
}
which
type
s ge
tting
app
lied
where
?
![Page 20: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/20.jpg)
*node definitions cont
%manifestdir/site.pp:node frontend.example.com {
# file{‚/etc/apache2/httpd.con‘:
# ensure => present,
# ...
#}
include apache2
# class{„apache2“:}
}
node db1.example.com {
...
}
use
mod
ules
!
![Page 21: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/21.jpg)
*modules – putting it all together
directory structure in %modulepath:
mkdir –p modulename/{manifests,files,templates,lib,spec}
- manifests : where your .pp goes
- files : where your static content goes
- templates : where your dynamic content goes
(remember facts)
- lib : where your advanced puppet knowledge goes
- specs : home of Q&A‘s happiness
![Page 22: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/22.jpg)
*modules – init.pp
%modulepath/modulename/manifests/init.pp:
class modulename() {
file{„/tmp/testfile.conf“:
ensure => present,
...
}
package{„mypackage“:
ensure => latest,
}
service{„myinitscript“:
ensure => running
}
}
![Page 23: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/23.jpg)
* delivering content – the file type
# static file content
file{„/tmp/testfile1.conf“:
ensure => present,
source => „puppet://mymodule/testfile1.conf“
}
# templating
file{„/tmp/testfile2.conf“:
ensure => present,
content => template(„testfile2.conf.erb“)
}
remember the dire
ctorie
s „files“
and „templates“
...
![Page 24: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/24.jpg)
*using puppetone binary to rule them all - faces
![Page 25: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/25.jpg)
[root@puppet ~]# puppet helpUsage: puppet <subcommand> [options] <action> [options]
Available subcommands: agent The puppet agent daemon apply Apply Puppet manifests locally cert Manage certificates and requests master The puppet master daemon module Creates, installs and searches for modules on the Puppet Forge. parser Interact directly with the parser.
puppet apply: • apply manifests locally• no master needed• no centralized fileserver
• test • headless puppet
• no SSL-communication allowed
???
![Page 26: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/26.jpg)
[root@puppet ~]# puppet helpUsage: puppet <subcommand> [options] <action> [options]
Available subcommands: agent The puppet agent daemon apply Apply Puppet manifests locally cert Manage certificates and requests master The puppet master daemon module Creates, installs and searches for modules on the Puppet Forge. parser Interact directly with the parser.
puppet master: • starts https service• TCP/8140• internal webserver (ruby)• scalable (mod_passenger)
puppet agent:• manages puppet runs on client
• regularly• one-time
SSL
![Page 27: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/27.jpg)
[root@puppet ~]# puppet helpUsage: puppet <subcommand> [options] <action> [options]
Available subcommands: agent The puppet agent daemon apply Apply Puppet manifests locally cert Manage certificates and requests master The puppet master daemon module Creates, installs and searches for modules on the Puppet Forge. parser Interact directly with the parser.
puppet module: • interacts with puppetlabs module repository
puppet parser validate:• syntax check manifests
![Page 28: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/28.jpg)
*nice2knowpre-Hands-On...
![Page 29: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/29.jpg)
*nice2know
* find puppets configuration:
* puppet config print
* puppet.conf (PE vs. OSE)
* debugging puppet:
* puppet parser validate <file.pp>
* puppet agent/apply –-noop (use it!!!)
* running agent in „test“ mode
* includes one-time
* includes verbose
* doesn‘t include noop!!!
![Page 30: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/30.jpg)
*master of puppets
Hands-On
![Page 31: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/31.jpg)
*Tasks 1
* connect to your learning instance and play around a bit
* launch puppet help
* launch a puppet master
* launch a client side puppet run
* find configuration files
* inspect the process list / ports
* find your manifests, site.pp, modules
* create an empty testfile via local puppet run
* implement a NTP module _1
*make sure NTPd is installed
* deliver your ntp.conf via puppet
*make sure NTPd is running
pin
g y
ou
rself if
idle
: p
ing
loca
lhost
![Page 32: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/32.jpg)
*Tasks 2
* implement a NTP module _2
*make sure NTPd is installed
* deliver your ntp.conf via puppet – dynamic content
*make sure NTPd is running
pin
g y
ou
rself if
idle
: p
ing
loca
lhost
![Page 33: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/33.jpg)
*Tasks 3
* implement a NTP module _3
*make sure NTPd is installed
* deliver your ntp.conf via puppet
* dynamic file content
* make sure NTPd is running
* first install NTPd, then configure it, then handle the service
* restart the service, if configuration file has been changed
pin
g y
ou
rself if
idle
: p
ing
loca
lhost
![Page 34: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/34.jpg)
*nice2knowpost-Hands-On...
![Page 35: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/35.jpg)
*nice2know
* puppets internal CA
* on master: puppet cert --list --all
* on client: NIL
* rm –rf /var/lib/puppet/ssl
* don‘t repeat others
* forge.puppetlabs.com – puppet module
* ask others:
*ask.puppetlabs.com
![Page 36: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/36.jpg)
*Nice2know cont.
* resource ordering f*ck-ups?!
* puppet agent –t –-graph --noop
![Page 37: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/37.jpg)
external
internal
regulary
one-time
*discussion
* how to trigger a puppet run?
puppet agent
cron‘d one-time
ssh‘d one-time
MCollective
![Page 38: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/38.jpg)
*Q & Agot questions?
![Page 39: Introduction to puppet - Hands on Session at HPI Potsdam](https://reader035.fdocuments.in/reader035/viewer/2022062418/554bb862b4c90530298b4998/html5/thumbnails/39.jpg)
*build your labvagrant & puppet