1. Tame your Infrastructureusing Puppet Presented for Linux Fest Northwest 2009 by Mark Foster

2. Agenda

Why Puppet? Pros / Cons / Suitability

Installation

Facter, Types and other constructs

Implementation

Scaling

Integration

Resources

3. What is Puppet

Developed by Luke Kanies and Reductive Labs

Declarative language

Client / Server model

It lets you manage "things" from a central location

Packages (software)

Services (daemons)

Processes (think cron jobs)

Users & Groups

Arbitrary stuff

4. What is Puppet (2)

Providers

• packaging (yum, rpm, apt, deb, dpkg, gem...)

• users/group management (useradd/adduser, userdel, pw)

Variables and Conditionals!

Ruby underneath, flexible, modular

Authenticated & authorized communication

5. Why Puppet?

Traditional system administration is tedious

Sys admins must know/learn a # of O/S flavors

It's better - you'll never do system administration the same think TiVo

6. WhynotPuppet?

Learning curve

You might have a established heterogeneous/legacy environment

You might be too lazy to get around to it

You're already using another mediation layer that does the job

7. Suitability cacti trac Bad Good nagios apache munin mysql ssh sudo ntp 8. Suitability, cont.

Simple applications are easier to integrate

flat-file configurations help

fancy setup wizards work against puppet

web-based setups also

9. Puppet Components

Server: puppetmasterd

• Listens on port 8140/tcp

• runs as user puppet

• Encrypted (SSL) communication

• Certificate and thus authorization managed using puppetca command (or autoenroll)

• integrated fileserver

Clients: puppetd

• connects to puppetmaster every hour

• runs as user root

10. Puppet Components (2)

Puppet CA

• Command line utility to approve certificates

• Must by run as root

Facter

• runs on the client

• basic name = value pairs (Facts)

11. Installation

Fedora / Red Hat / CentOS

• yum install puppet puppetmaster

• Hint: use the EPEL repo

Debian / Ubuntu

• aptitude install puppet puppetmaster

• Hint: use backports on Etch

Warning: versions < 0.24.x are to be avoided

12. Installation (gem)

No package? No problem... Use a (ruby) gem

aptitude -y install lsb-release rubygems

gem install puppet -y

/var/lib/gems/1.8/bin/puppetd

13. Commands

Puppet daemon control

/etc/init.d/puppetmaster start|stop|restart

/etc/init.d/puppet start

Puppetca

puppetca --list

puppetca --sign

14. Commands (2)

Debug

• Puppet master

• sudo -u puppet

• /usr/sbin/puppetmasterd

• • --no-daemonize verbose --debug

• Puppet client

• sudo /usr/sbin/puppetd

• • --no-daemonize --verbose --debug

15. Types: node node default {include someclass } node example-host inherits default { include anotherclass } node hostname inherits example-host {} 16. Types: File file { /etc/resolv.conf: owner => root, group => root, mode => 644, } file { "/etc/ssl/certs/4bd04d2f.0":ensure => link, target => "/etc/ssl/certs/bpca3.crt" } 17. Types: File (2) file { /etc/resolv.conf: owner => root, group => root, mode => 644, source => puppet:///files/etc/resolv.conf } file { /etc/resolv.conf: owner => root, group => root, mode => 644, content => template(" puppet:///files/etc/ resolv.conf.erb") , } 18. Types: Package package {nscd: ensure => installed } 19. Types: Service service {nscd: enable => true, ensure => running, } 20. Classes class { nscd: package {nscd: ensure => installed } service {nscd: enable => true, ensure => running, hasrestart => true, require => Package[nscd], } file {/etc/nscd.conf: source => puppet:///files/etc/nscd.conf, notify => Service[nscd], require =>P ackage [nscd], } } 21. Defines define rFile ( $group=root,$owner=root,$mode=644,$replace=true,$links=manage ) { file{ $name: group=>$group, owner=>$owner, mode=>$mode, source=>[ "puppet:///$domain/$hostname/$name", "puppet:///$domain/$role/$name", "puppet:///$domain/$name", "puppet:///$site/$name", "puppet:///global/$name"], replace=>$replace, links=>$links } } 22. Plugins Facter.add("test1") do setcode do %x{/bin/hostname -f} end end 23. Modules

Usingmodules is recommended approach

Organization of modules...

puppet/modules/

puppet/modules/custom/

24. Modules (2)

Layout of a module (a look inside)

manifests/

• init.pp

files/

templates/

plugins/

25. Rollout

How will you deploy puppet?

• On new hosts only

• Retrofit

• All or some

There is no one-size-fits-all strategy

Full-on adoption, limited retrofit or new hosts only

Combine with attrition and you can be fully puppetized real soon

Don't forget learning curve

26. Implementation

Bare bones

• Default install (puppetmaster/webrick)

• Suitable for smaller sites 1-20 hosts

• RCS for revision control

• flat file node control

• monolithic (not multiple environments or sites)

27. Implementation v2 Upgrades for scalability & performance

WEBrick -> Mongrel

Mongrel cluster fronted by Apache (mod_balance), Nginx (fair) or HAProxy

Additional nodes w/ shared storage

Subversion or CVS or Git

Distributed puppetmasters (per site)

28. Implementation v2.1 Upgrades for manageability & integrity

External node classification

• LDAP integration

• Database integration

• • Stored configuration (storeconfig)

Puppetshow

Puppet Recruiter

iClassify

• https://wiki.hjksolutions.com/display/IC/Home

29. VCS Integration

Subversion or CVS or Git

• pre/post commit hooks

• svnspam

• propset tags for $Id$ and $URL$ interpolation

30. Database Integration

SQLite, MySQL or PostgreSQL

storeconfig

• dumb name

• put facts and other metadata into a database

• Clean and easy to setup!

• allows for naginator and external resources

31. Database Integration 32. Resources

Puppet home page http://reductivelabs.com/trac/puppet/

BitPusher home page http://www.bitpusher.com/