Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014
-
Upload
puppet-labs -
Category
Technology
-
view
426 -
download
0
description
Transcript of Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014
![Page 1: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/1.jpg)
Puppet for Everybody!Federated and Hierarchical
Puppet Enterprise
Chris Bowles, Senior Systems Administrator
University of Texas at Austin
![Page 2: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/2.jpg)
Puppet for Everybody? Absolutely!• Development• Operations• Management
source: http://goo.gl/Mjr0dy
![Page 3: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/3.jpg)
Continuum of Expertise
Novice• Puppet Console• Variables
Medium• Hiera
Expert• Code• Custom
Facts• Custom
Functions
![Page 4: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/4.jpg)
UT Puppet Canon• Inclusive• Secure by Default• Federation
![Page 5: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/5.jpg)
UT Puppet Toolset
UT Puppet Community
Nested Configs
Puppet Enterprise
Code/DataFederation
![Page 6: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/6.jpg)
UT Puppet Community
UT Puppet Community
Nested Configs
Puppet Enterprise
Code/DataFederation
![Page 7: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/7.jpg)
UT Puppet Culture• Module Coding Standards• Module Documentation Standards• Power to the People
![Page 8: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/8.jpg)
Puppet Console• Classes• Console Groups
(role/profile)• Console Variables
Configured Server!
Module CodeHieraExpert
UT Puppet Diagram
Novice
![Page 9: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/9.jpg)
Nested Configs
UT Puppet (standards,
culture)
Nested Configs
Puppet Enterprise
Code/DataFederation
![Page 10: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/10.jpg)
Nesting: Roles/Profiles
• Wiki server configurationsRoles
• Apache configurationsProfiles• Secure by default• standardized• configurableBASE
![Page 11: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/11.jpg)
Minifigure Metaphor
• Default “torso” provided• Configurable: can change the
color of the cowl (black or very, very dark grey)
• Role/Profile: Can choose the head and arms, cape, etc…
From: https://www.flickr.com/photos/spielbrick/8201894577
![Page 12: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/12.jpg)
Nest all the things!• Groups• Variables• hiera? (yup, more on that later)
![Page 13: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/13.jpg)
Puppet Console• Nested groups• role/profile• assign classes &
variables to nodes
Configured Server!
Module CodeHieraExpert
Roadmap: Console Nesting
Novice
![Page 14: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/14.jpg)
Nested Console Groups
source: http://goo.gl/tUdl5U
![Page 15: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/15.jpg)
Nested Console Groups
BASE
profile_apache
role_wiki
wiki-01
secure defaults
Apache configs
Wiki configs
Node-specific configs
![Page 16: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/16.jpg)
Nesting (from the node POV)
Contains Classes/Variables
from:
Node wiki-01
BASE profile_apache role_wiki
![Page 17: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/17.jpg)
Don’t forget the Blog!
Node-level
Roles
Profiles
Secure Defaults BASE
profile_apache
role_blog
blog-01 blog-02
role_wiki
wiki-01 wiki-02
• Configurations come from nested groups
• No repetition!
![Page 18: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/18.jpg)
What’s in a name (prefix)?
Role
Profile
Top BASE
profile_apache
role_blog role_wiki
Puppet Console will display:(alphabetical)• BASE• profile_apache• role_blog• role_wiki
![Page 19: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/19.jpg)
Console Building Blocks!
source: http://goo.gl/CHwab0
![Page 20: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/20.jpg)
BASE: BASE group
![Page 21: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/21.jpg)
Profile: profile_apache group
![Page 22: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/22.jpg)
Role: role_wiki group
![Page 23: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/23.jpg)
Node: wiki-01.puppetconf.com
![Page 24: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/24.jpg)
Puppet Console components• Classes
• Variables
• Group(s)
• Nodes
ssh
$::ssh_port
BASE, Profile_apache, role_wiki
wiki-01
![Page 25: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/25.jpg)
Class Inheritance (immutable)BASE
assigns: ssh
profile_apacheinherits: ssh assigns: apache
role_wiki inherits: ssh, apache
nodeInherits: ssh, apache
![Page 26: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/26.jpg)
Variable Inheritance (child wins)BASEN/A
profile_apachehttp_port = 80
role_blogN/A
blog-01http_port= 80
role_wikihttp_port = 8080
wiki-01http_port= 8080
![Page 27: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/27.jpg)
All together now!
source: http://goo.gl/K91CJA
![Page 28: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/28.jpg)
wiki-01 (annotated)Variable overrides from role_wiki group
Group membership and source(s)
Classes: combined from nested groups
![Page 29: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/29.jpg)
Puppet Console• Console Groups
(role/profile)• Console Variables
Configured Server!
Module CodeHieraExpert
Roadmap: Hiera Nesting
Novice
![Page 30: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/30.jpg)
Hiera: for complex variables
key: value
key2: value2
• Arrays • Hashes
source: http://goo.gl/ge45I1
Think backend data mapping
![Page 31: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/31.jpg)
Nested Groups => Hiera pathsBASE
N/A
profile_apacheprofile = apache
role_wikirole = wiki
wiki-01Inherits:
profile,role
./
./apache/
./apache/wiki/
![Page 32: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/32.jpg)
Nesting Hiera w/ group variables
Role(s)• ./$profile/$role
Profile(s)• ./$profile/
BASE• ./
(no variable)
$profile
$role
Broadto
Specific
![Page 33: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/33.jpg)
Hiera.yaml – specific to broad
Specificto
Broad
---:backends: - yaml:hierarchy: - '%{profile}/%{role}/common' - '%{profile}/common' - 'common':logger: console:yaml: :datadir: /etc/puppetlabs/puppet/hieradata
![Page 34: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/34.jpg)
Hiera.yaml – specific to broad
Specificto
Broad
---:backends: - yaml:hierarchy: - '%{profile}/%{role}/common' - '%{profile}/common' - 'common':logger: console:yaml: :datadir: /etc/puppetlabs/puppet/hieradata
![Page 35: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/35.jpg)
Putting it together
"Denslow's Humpty Dumpty 1904" by William Wallace Denslow – Library of Congress [1]. Licensed under Public domain via Wikimedia Commons – http://commons.wikimedia.org/wiki/File:Denslow%27s_Humpty_Dumpty_1904.jpg
![Page 36: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/36.jpg)
Console => HieraNested Console Groups Hiera
profile_apacheprofile = apache
Role_wikirole = wiki
./apache/
./apache/wiki/
wiki-01 nodeprofile= apache, role= wiki
BASEnone
./
Hiera search order1. ./apache/wiki/common.yaml2. ./apache/common.yaml3. ./common.yaml
![Page 37: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/37.jpg)
Advanced Hiera Usage• “This data is exactly what I need… almost”• firewall, sudoers• +1
• Check out: – hiera_hash – hiera_array
![Page 38: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/38.jpg)
Code/Data Separation
UT Puppet (standards,
culture)
Nested Configs
Puppet Enterprise
Code/DataFederation
![Page 39: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/39.jpg)
Code/Data Federation
Wiki source
Apachesource
BASEsource
Puppet Server
![Page 40: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/40.jpg)
Code Federation
puppet.conf
modulepath=
/opt/puppet/modules/base:
/opt/puppet/modules/apache:
/opt/puppet/modules/wiki:
BASE Repo
Apache Repo
WikiRepo
VCSREPO
Separate sources enable role separation via ACLs
![Page 41: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/41.jpg)
Data Federation
• ./hieradata/ =
./common.yaml
./apache/common.yaml
./apache/wiki/common.yaml
BASERepo
ApacheRepo
WikiRepo
VCSREPO
Separate ACLs for Hiera data as well
![Page 42: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/42.jpg)
A peek into the future…
source: http://goo.gl/9GwKyQ
![Page 43: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/43.jpg)
Git Workflow• Instead of this… • 1 git repo / module
Core SVN repo(modules)
Apache SVN repo(modules)
Head (production) branch
Non-production branches (created as needed)
![Page 44: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/44.jpg)
CI/CD• r10k push deployments (faster!)• Puppet Environments defined by code (Puppetfile)• Automated Testing/Deployment
Git repos
r10k
Puppet
![Page 45: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/45.jpg)
Takeaways• Puppet Enterprise can be:
– Inclusive– Secure by Default– Highly Federated
• Nurture your Puppet community• Nest your configs!
![Page 46: Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014](https://reader035.fdocuments.in/reader035/viewer/2022062616/549941b9b4795902178b4620/html5/thumbnails/46.jpg)
Thanks! Any Questions?• Slide deck available from PuppetLabs• UT Puppet Architecturehttps://wikis.utexas.edu/x/
OreZAw• Contact information:
– Chris Bowles• Email: [email protected]• Twitter: @cbowlesUT
Puppet Man, Sulayman Bowles 2014