Puppet Camp NYC 2014: Build a Modern Infrastructure in 45 min!
Tame your Infrastructure with Puppet
-
Upload
delimiter -
Category
Technology
-
view
6.314 -
download
5
description
Transcript of Tame your Infrastructure with Puppet
- 1. Tame your Infrastructureusing Puppet Presented for Linux Fest Northwest 2009 by Mark Foster
2. Agenda
- Why Puppet? Pros / Cons / Suitability
- Installation
- Facter, Types and other constructs
- Implementation
- Scaling
- Integration
- Resources
3. What is Puppet
- Developed by Luke Kanies and Reductive Labs
- Declarative language
- Client / Server model
- It lets you manage "things" from a central location
- Packages (software)
- Services (daemons)
- Processes (think cron jobs)
- Users & Groups
- Arbitrary stuff
4. What is Puppet (2)
- Providers
-
- packaging (yum, rpm, apt, deb, dpkg, gem...)
-
- users/group management (useradd/adduser, userdel, pw)
- Variables and Conditionals!
- Ruby underneath, flexible, modular
- Authenticated & authorized communication
5. Why Puppet?
- Traditional system administration is tedious
- Sys admins must know/learn a # of O/S flavors
- It's better - you'll never do system administration the same think TiVo
6. WhynotPuppet?
- Learning curve
- You might have a established heterogeneous/legacy environment
- You might be too lazy to get around to it
- You're already using another mediation layer that does the job
7. Suitability cacti trac Bad Good nagios apache munin mysql ssh sudo ntp 8. Suitability, cont.
- Simple applications are easier to integrate
- flat-file configurations help
- fancy setup wizards work against puppet
- web-based setups also
9. Puppet Components
- Server: puppetmasterd
-
- Listens on port 8140/tcp
-
- runs as user puppet
-
- Encrypted (SSL) communication
-
- Certificate and thus authorization managed using puppetca command (or autoenroll)
-
- integrated fileserver
- Clients: puppetd
-
- connects to puppetmaster every hour
-
- runs as user root
10. Puppet Components (2)
- Puppet CA
-
- Command line utility to approve certificates
-
- Must by run as root
- Facter
-
- runs on the client
-
- basic name = value pairs (Facts)
11. Installation
- Fedora / Red Hat / CentOS
-
- yum install puppet puppetmaster
-
- Hint: use the EPEL repo
- Debian / Ubuntu
-
- aptitude install puppet puppetmaster
-
- Hint: use backports on Etch
- Warning: versions < 0.24.x are to be avoided
12. Installation (gem)
- No package? No problem... Use a (ruby) gem
- aptitude -y install lsb-release rubygems
- gem install puppet -y
- /var/lib/gems/1.8/bin/puppetd
13. Commands
- Puppet daemon control
- /etc/init.d/puppetmaster start|stop|restart
- /etc/init.d/puppet start
- Puppetca
- puppetca --list
- puppetca --sign
14. Commands (2)
- Debug
-
- Puppet master
-
- sudo -u puppet
-
- /usr/sbin/puppetmasterd
-
-
- --no-daemonize verbose --debug
-
-
- Puppet client
-
- sudo /usr/sbin/puppetd
-
-
- --no-daemonize --verbose --debug
-
15. Types: node node default {include someclass } node example-host inherits default { include anotherclass } node hostname inherits example-host {} 16. Types: File file { /etc/resolv.conf: owner => root, group => root, mode => 644, } file { "/etc/ssl/certs/4bd04d2f.0":ensure => link, target => "/etc/ssl/certs/bpca3.crt" } 17. Types: File (2) file { /etc/resolv.conf: owner => root, group => root, mode => 644, source => puppet:///files/etc/resolv.conf } file { /etc/resolv.conf: owner => root, group => root, mode => 644, content => template(" puppet:///files/etc/ resolv.conf.erb") , } 18. Types: Package package {nscd: ensure => installed } 19. Types: Service service {nscd: enable => true, ensure => running, } 20. Classes class { nscd: package {nscd: ensure => installed } service {nscd: enable => true, ensure => running, hasrestart => true, require => Package[nscd], } file {/etc/nscd.conf: source => puppet:///files/etc/nscd.conf, notify => Service[nscd], require =>P ackage [nscd], } } 21. Defines define rFile ( $group=root,$owner=root,$mode=644,$replace=true,$links=manage ) { file{ $name: group=>$group, owner=>$owner, mode=>$mode, source=>[ "puppet:///$domain/$hostname/$name", "puppet:///$domain/$role/$name", "puppet:///$domain/$name", "puppet:///$site/$name", "puppet:///global/$name"], replace=>$replace, links=>$links } } 22. Plugins Facter.add("test1") do setcode do %x{/bin/hostname -f} end end 23. Modules
- Usingmodules is recommended approach
- Organization of modules...
- puppet/modules/
- puppet/modules/custom/
24. Modules (2)
- Layout of a module (a look inside)
- manifests/
-
- init.pp
- files/
- templates/
- plugins/
25. Rollout
- How will you deploy puppet?
-
- On new hosts only
-
- Retrofit
-
- All or some
- There is no one-size-fits-all strategy
- Full-on adoption, limited retrofit or new hosts only
- Combine with attrition and you can be fully puppetized real soon
- Don't forget learning curve
26. Implementation
- Bare bones
-
- Default install (puppetmaster/webrick)
-
- Suitable for smaller sites 1-20 hosts
-
- RCS for revision control
-
- flat file node control
-
- monolithic (not multiple environments or sites)
27. Implementation v2 Upgrades for scalability & performance
- WEBrick -> Mongrel
- Mongrel cluster fronted by Apache (mod_balance), Nginx (fair) or HAProxy
- Additional nodes w/ shared storage
- Subversion or CVS or Git
- Distributed puppetmasters (per site)
28. Implementation v2.1 Upgrades for manageability & integrity
- External node classification
-
- LDAP integration
-
- Database integration
-
-
- Stored configuration (storeconfig)
-
- Puppetshow
- Puppet Recruiter
- iClassify
-
- https://wiki.hjksolutions.com/display/IC/Home
29. VCS Integration
- Subversion or CVS or Git
-
- pre/post commit hooks
-
- svnspam
-
- propset tags for $Id$ and $URL$ interpolation
30. Database Integration
- SQLite, MySQL or PostgreSQL
- storeconfig
-
- dumb name
-
- put facts and other metadata into a database
-
- Clean and easy to setup!
-
- allows for naginator and external resources
31. Database Integration 32. Resources
- Puppet home page http://reductivelabs.com/trac/puppet/
- BitPusher home page http://www.bitpusher.com/