Islands: Puppet at Bulletproof Networks
-
Upload
lindsay-holmwood -
Category
Technology
-
view
1.652 -
download
1
description
Transcript of Islands: Puppet at Bulletproof Networks
![Page 1: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/1.jpg)
Islands
![Page 2: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/2.jpg)
![Page 3: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/3.jpg)
Who are these guys?
![Page 4: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/4.jpg)
Mick Pollard@aussielunix
&
Lindsay Holmwood@auxesis
![Page 5: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/5.jpg)
Puppet users for > 5 years
![Page 6: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/6.jpg)
BULLETPROOF
![Page 7: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/7.jpg)
IaaS &Managed Services
![Page 8: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/8.jpg)
Movember Australian Museum Rebel Group
Blackmores Angus & Robertson Telstra
Perisher BlueScope Steel Woolworths
DMG Radio Clive Peters Deloitte
Clemenger budget.gov.au Nissan
AOC Nova Sydney Airports
Whirlpool Smooth Theiss
Borders Fosters Country Road
Midas Australian Geographic Sensis
Tourism Victoria ABS AusPost
DET FWA Vodafone
![Page 9: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/9.jpg)
Using Puppet since 2008
![Page 10: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/10.jpg)
![Page 11: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/11.jpg)
Unique challenges
![Page 12: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/12.jpg)
Strong isolation
![Page 13: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/13.jpg)
Network segregationwith VLANs
![Page 14: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/14.jpg)
Central Puppetmasterisnʼt an option
![Page 15: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/15.jpg)
Thorough change control
![Page 16: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/16.jpg)
Rapid growth
![Page 17: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/17.jpg)
![Page 18: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/18.jpg)
How do we use Puppet?
![Page 19: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/19.jpg)
Standalone systems
(puppetmaster-less)
![Page 20: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/20.jpg)
Internal infrastructure
![Page 21: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/21.jpg)
Full customer environments
![Page 22: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/22.jpg)
![Page 23: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/23.jpg)
Standalone systems
(puppetmaster-less)
![Page 24: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/24.jpg)
Campaign driven
business
![Page 25: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/25.jpg)
budget.gov.au
![Page 26: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/26.jpg)
movember.com
![Page 27: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/27.jpg)
mamamia.com.au
![Page 28: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/28.jpg)
Reverseproxies
![Page 29: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/29.jpg)
Nginxwith customisation
![Page 30: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/30.jpg)
Rump
![Page 31: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/31.jpg)
More detail in
John Ferlitoʼstalk at 14.00
![Page 32: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/32.jpg)
![Page 33: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/33.jpg)
Internal infrastructure
![Page 34: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/34.jpg)
Vanilla
![Page 35: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/35.jpg)
One Puppetmaster
![Page 36: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/36.jpg)
Ubuntu(Lucid or Precise)
![Page 37: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/37.jpg)
![Page 38: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/38.jpg)
Full customer environments
![Page 39: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/39.jpg)
Every customer has their own puppetmaster
![Page 40: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/40.jpg)
“Islands of Puppet”
![Page 41: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/41.jpg)
Copypasta
![Page 42: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/42.jpg)
Configuration drift
![Page 43: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/43.jpg)
![Page 44: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/44.jpg)
apache
![Page 45: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/45.jpg)
apache
![Page 46: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/46.jpg)
apache
customer-a
![Page 47: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/47.jpg)
apache
customer-a
![Page 48: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/48.jpg)
apache
customer-a
customer-b
![Page 49: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/49.jpg)
apache
customer-a
customer-b
![Page 50: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/50.jpg)
apache
customer-a
customer-b
customer-c
![Page 51: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/51.jpg)
apache
customer-a
customer-b
customer-c
![Page 52: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/52.jpg)
apache
customer-a
customer-b
customer-c
customer-d
![Page 53: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/53.jpg)
![Page 54: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/54.jpg)
Poor code share
![Page 55: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/55.jpg)
What if customers
edit the code?
![Page 56: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/56.jpg)
How dowe maintain
common code?
![Page 57: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/57.jpg)
![Page 58: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/58.jpg)
Commonalities
![Page 59: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/59.jpg)
Mix of Puppet
versions
![Page 60: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/60.jpg)
0.25 (as provided by
Ubuntu)
![Page 61: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/61.jpg)
2.7 (as provided by Puppet Labs)
![Page 62: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/62.jpg)
Mix of Operating Systems
![Page 63: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/63.jpg)
lucid precise
2.7 internal infrastructure some customers
0.25 most customers
![Page 64: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/64.jpg)
![Page 65: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/65.jpg)
Passenger > webrick
![Page 66: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/66.jpg)
--no-daemonize
![Page 67: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/67.jpg)
Default behaviour is orthogonal to
change control
![Page 68: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/68.jpg)
We don't want systems to change
without control
![Page 69: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/69.jpg)
All changes initiated byan engineer
![Page 70: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/70.jpg)
nodes + roles
![Page 71: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/71.jpg)
node 'stlyqy-lvs02.cust.bulletproof.net' { server { $fqdn: }
include snmp::server::lvs include sysctl::lvs
include keepalive::lvs
include network::conntrack::modules include network::conntrack::hashsize include network::bonding::activebackup include network::type::bonded_vlan
include ript}
![Page 72: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/72.jpg)
node 'stlyqy-lvs02.cust.bulletproof.net' { server { $fqdn: }
include snmp::server::lvs include sysctl::lvs
include keepalive::lvs
include network::conntrack::modules include network::conntrack::hashsize include network::bonding::activebackup include network::type::bonded_vlan
include ript}
![Page 73: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/73.jpg)
define server($collectd_client_report_to='collectd.bulletproof.net') { include motd include augeas include apt include utils include puppet::client
include ssh::server include ssh::authorized_keys include ntp::client include postfix::satellite
include ruby::dev include ruby::rubygems
include bzr::client include git::common include git::github
include snmp::server include vmware::tools
include apparmor::disable collectd::client { "${fqdn}": report_to => $collectd_client_report_to }}
![Page 74: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/74.jpg)
app_serverdatabase_serverfile_servermanagement_servermemcache_servermonitor_serverproxy_serverpuppetmaster_serverredis_serversingle_serversphinx_serverstatic_server
![Page 75: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/75.jpg)
Heira is the future
![Page 76: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/76.jpg)
![Page 77: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/77.jpg)
We useCapistrano
![Page 78: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/78.jpg)
ssh in-a-parallel-for-loop
![Page 79: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/79.jpg)
Why cap and not mcollective?
![Page 80: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/80.jpg)
We deploy everything with cap
![Page 81: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/81.jpg)
Monitoring configurationFirewall configuration
Web applicationsInternal tools
![Page 82: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/82.jpg)
Consistent deployment tool across all projects
![Page 83: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/83.jpg)
Principle of least surprise
![Page 84: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/84.jpg)
Engineers learn1 tool
![Page 85: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/85.jpg)
Puppet is no different to the
rest of our stack
![Page 86: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/86.jpg)
![Page 87: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/87.jpg)
How do we usecap + Puppet?
![Page 88: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/88.jpg)
Puppet changes
![Page 89: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/89.jpg)
cap puppet:go ROLES=lvs options="--noop"cap puppet:go ROLES=lvs
![Page 90: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/90.jpg)
![Page 91: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/91.jpg)
Smoke tests
![Page 92: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/92.jpg)
$ cap puppet:go options="--noop"
# ...
infmon hosts serves a Nagios page over https
Finished in 1.67 seconds1 example, 0 failures
![Page 93: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/93.jpg)
Works out all roles that hosts within a
run belong to
![Page 94: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/94.jpg)
Runs tests tagged with those roles
![Page 95: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/95.jpg)
Fast feedback on
change success
![Page 96: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/96.jpg)
![Page 97: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/97.jpg)
Bootstrapping
![Page 98: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/98.jpg)
cap node:bootstrap HOSTFILTER=lvs-08.bp.net
![Page 99: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/99.jpg)
Takes VM in unknown state
![Page 100: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/100.jpg)
Brings into known state for Puppet 2.7 run
![Page 101: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/101.jpg)
![Page 102: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/102.jpg)
Limitations
![Page 103: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/103.jpg)
Singling out hosts is tricky
![Page 104: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/104.jpg)
Re-using data across commands
requires... creativity
![Page 105: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/105.jpg)
servers = []
run "mysql -e \"SHOW MASTER STATUS;\" | tail -n 1" do |channel, type, data| hostname = channel[:host] filename = data.split(/\s+/).first position = data.split(/\s+/).last servers << { :hostname => hostname, :filename => filename, :position => position }end
![Page 106: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/106.jpg)
ROLESand
HOSTFILTER
![Page 107: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/107.jpg)
![Page 108: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/108.jpg)
TLDR;
![Page 109: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/109.jpg)
There are edge cases
![Page 110: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/110.jpg)
It does the job
![Page 111: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/111.jpg)
![Page 112: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/112.jpg)
How have we tried to solve
them?
![Page 113: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/113.jpg)
First iteration
![Page 114: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/114.jpg)
Modules
![Page 115: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/115.jpg)
modules/apache/
| manifests/init.pp
| files/
| templates/
| lib/
| README.markdown
![Page 116: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/116.jpg)
Stored on GitHub
![Page 117: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/117.jpg)
Drink from the firehose
![Page 118: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/118.jpg)
![Page 119: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/119.jpg)
puppet-module-tool
![Page 120: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/120.jpg)
github.compuppetlabs/puppet-module-tool
![Page 121: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/121.jpg)
gem install puppet-module
![Page 122: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/122.jpg)
Modulefile
![Page 123: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/123.jpg)
puppet-module build
![Page 124: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/124.jpg)
Turns
![Page 125: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/125.jpg)
modules/apache/
| manifests/init.pp
| files/
| templates/
| lib/
| README.markdown
![Page 126: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/126.jpg)
into
![Page 127: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/127.jpg)
bulletproofnetworks-apache-1.3.0.tar.gz
![Page 128: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/128.jpg)
Puppet forge
![Page 129: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/129.jpg)
![Page 130: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/130.jpg)
Public by default
![Page 131: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/131.jpg)
Not great if you don't want to open source all your secret sauce
![Page 132: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/132.jpg)
But puppet-module-tool is interesting...
![Page 133: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/133.jpg)
...can we fake the forge?
![Page 134: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/134.jpg)
![Page 135: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/135.jpg)
Pain points
![Page 136: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/136.jpg)
Arduous release
workflow
![Page 137: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/137.jpg)
Better suited for infrequent
changes
![Page 138: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/138.jpg)
High barrier of entry for customers to submit patches
![Page 139: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/139.jpg)
Sharing bugfixes & improvements
requires significant refactoring
![Page 140: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/140.jpg)
Limited reporting on customer lag
![Page 141: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/141.jpg)
Second iteration
![Page 142: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/142.jpg)
Bundler
![Page 143: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/143.jpg)
![Page 144: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/144.jpg)
Gemfile
![Page 145: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/145.jpg)
#!/usr/bin/env ruby
source :rubygems
gem 'capistrano', '2.9.0'gem 'capistrano-ext', '1.2.1'gem 'colorize'gem 'puppet', '2.7.13'gem 'puppet-module'
group :test do gem 'rspec', '2.8.0' gem 'mechanize' gem 'puppet-lint'end
![Page 146: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/146.jpg)
Can we reuse it?
![Page 147: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/147.jpg)
Tim Sharpe@ GitHub
(@rodjek)
![Page 148: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/148.jpg)
Messy working prototype
![Page 149: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/149.jpg)
pre-alpha quality
![Page 150: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/150.jpg)
More research required
![Page 151: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/151.jpg)
Librarian
![Page 152: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/152.jpg)
“A framework for bundlers”
![Page 153: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/153.jpg)
librarian-chefmanages Chef repositories
![Page 154: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/154.jpg)
by Jay Feldblumgithub.com
applicationsonline/librarian
![Page 155: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/155.jpg)
![Page 156: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/156.jpg)
librarian-puppet
![Page 157: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/157.jpg)
“You can all stop using git submodules now”
![Page 158: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/158.jpg)
gem install librarian-puppet --pre
![Page 159: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/159.jpg)
github.comrodjek/librarian-puppet
![Page 160: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/160.jpg)
Bundler-like behavior
for Puppet
![Page 161: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/161.jpg)
Puppetfile
![Page 162: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/162.jpg)
![Page 163: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/163.jpg)
#!/usr/bin/env ruby
forge "http://forge.puppetlabs.com"
mod "puppetlabs/razor"mod "puppetlabs/ntp", "0.0.3"
![Page 164: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/164.jpg)
#!/usr/bin/env ruby
forge "http://forge.puppetlabs.com"
mod "puppetlabs/razor"mod "puppetlabs/ntp", "0.0.3"
mod "stdlib", :git => "git://github.com/puppetlabs/puppetlabs-stdlib.git"
![Page 165: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/165.jpg)
#!/usr/bin/env ruby
forge "http://forge.puppetlabs.com"
mod "puppetlabs/razor"mod "puppetlabs/ntp", "0.0.3"
mod "apt", :git => "git://github.com/puppetlabs/puppetlabs-apt.git" :ref => 'feature/master/dans_refactor'
mod "stdlib", :git => "git://github.com/puppetlabs/puppetlabs-stdlib.git"
![Page 166: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/166.jpg)
One canonical module
![Page 167: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/167.jpg)
modules/ in
.gitignore
![Page 168: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/168.jpg)
librarian-puppet outdated
tells you what needs to be updated
![Page 169: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/169.jpg)
librarian-puppet update
updates your modules
![Page 170: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/170.jpg)
Demo!http://aussielunix.github.com/jenkins-appliance/
![Page 171: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/171.jpg)
![Page 172: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/172.jpg)
Policy
![Page 173: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/173.jpg)
Always use a module'smaster
![Page 174: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/174.jpg)
Make changes to modules as
usual
![Page 175: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/175.jpg)
git commit &&
git push the module
![Page 176: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/176.jpg)
Make module changes generic
by default
![Page 177: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/177.jpg)
Only branch a module when:
![Page 178: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/178.jpg)
1. something is superclient specific
![Page 179: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/179.jpg)
2. there is an unmissable deadline
![Page 180: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/180.jpg)
3. testing ideas
![Page 181: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/181.jpg)
Set a reminder to merge changes into
master
![Page 182: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/182.jpg)
Use pull requests on GitHub for
dangerous changes
![Page 183: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/183.jpg)
![Page 184: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/184.jpg)
Take aways:
![Page 185: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/185.jpg)
Puppet modulesare pretty neat
![Page 186: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/186.jpg)
Keep feedback loops short
![Page 187: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/187.jpg)
Code shareis king
![Page 188: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/188.jpg)
![Page 189: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/189.jpg)
Do you have similar
problems?
![Page 190: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/190.jpg)
How do you solve them?
![Page 191: Islands: Puppet at Bulletproof Networks](https://reader034.fdocuments.in/reader034/viewer/2022042714/554f3e00b4c90572088b5117/html5/thumbnails/191.jpg)
Thank you!