Copyright SageLogix, Inc, 2016. All Rights Reserved1
Using Puppet to Manage Oracle StacksTim KrupinskiSolution Architect - SageLogix
Copyright SageLogix, Inc, 2016. All Rights Reserved2
Agenda
Explaining DevOps Provisioning Services (IaaS) Security & Compliance Use Case – Puppet with Weblogic 12c Change Control
Copyright SageLogix, Inc, 2016. All Rights Reserved3
ExplainingDevOps
Copyright SageLogix, Inc, 2016. All Rights Reserved4
What is DevOps?
DevOps is a term combining Development and Operations More importantly…
– Represents a paradigm shift for IT management– Focuses on quicker deployments– Reduces human interaction– Relies on defining environments (or infrastructure) through code
Copyright SageLogix, Inc, 2016. All Rights Reserved5
But we’re not a coding shop
DevOps transforms the way you manage all aspects of your environments
Impacts…– Change Control– Compliance– Security
Don’t focus on the “D” Word
Copyright SageLogix, Inc, 2016. All Rights Reserved6
Why Adopt DevOps?From “State of DevOps 2016”
Copyright SageLogix, Inc, 2016. All Rights Reserved7
Puppet Chef Ansible SaltStack CFEngine
If only there were a tool…
How do we get there?
Copyright SageLogix, Inc, 2016. All Rights Reserved8
Introducing PuppetInsert Picture Here
Copyright SageLogix, Inc, 2016. All Rights Reserved9
Puppet Overview
Cross Platform – works with Windows, Linux, Solaris, and more Central idea is a “Manifest”
– Manifest describes the state of a system– Using an abstraction layer, manifests are platform agnostic
Works in a master / slave configuration Also works in “standalone” mode Extremely flexible and extensible to meet specific needs
Copyright SageLogix, Inc, 2016. All Rights Reserved10
Puppet Overview (Cont’d)
Manage configuration files via Templates Leverage “Puppet Forge” to download third party add-ons Currently Puppet Forge has plugins for just about everything…
Copyright SageLogix, Inc, 2016. All Rights Reserved11
Puppet Forge Oracle Modules
A plethora of user-supported modules are currently offered in the Puppet Forge…
Copyright SageLogix, Inc, 2016. All Rights Reserved12
Use Case with IaaS
Leverage Puppet Templates Combine with Oracle’s Orchestration API Benefits
– Write once, run often– Semantic– Extensible
Managing Orchestrations to Deploy a Server
Copyright SageLogix, Inc, 2016. All Rights Reserved13
Example Puppet Template
Puppet Template for a generic
TNSNAMES.ORA file
Copyright SageLogix, Inc, 2016. All Rights Reserved14
Example Orchestration File
Oracle Orchestration File that deploys an Oracle Linux server with two
volumes
Copyright SageLogix, Inc, 2016. All Rights Reserved15
Puppet with Compliance, Security, and Maintenance
Copyright SageLogix, Inc, 2016. All Rights Reserved16
Defining “Compliance”
Traditional definitions – PCI, HIPAA, SOX, etc…
Also extends to encompass any internal process, standards, etc– E.G. how you define firewall settings, or RBAC policies
Otherwise known as “check the box” type approach
Not your dad’s SOX
Copyright SageLogix, Inc, 2016. All Rights Reserved17
How Compliant Are You?
Situation: Need to produce a compliance report to determine whether you are following industry best-practices following a security breach.
Copyright SageLogix, Inc, 2016. All Rights Reserved18
How Compliant Are You?
2001 Solution: Task an intern with running through a list of possibly hundreds of metrics, on each system, and compile the results in an ad-hoc Excel file.
Time to complete: A week? Several weeks? A month?
Risk: Humans are bad at repetitive things, high chance of inaccurate data in the report
Copyright SageLogix, Inc, 2016. All Rights Reserved19
How Compliant Are You?
2010 Solution: Consult your bag-o-scripts that’s been homegrown in-house over the past decade.
Time to complete: A few days? A week?
Risk: Scripts don’t work consistently, and aren’t compatible with newer components of your IT footprint
Copyright SageLogix, Inc, 2016. All Rights Reserved20
How Compliant Are You?
2016 Solution: Just run an OpenSCAP report
Time to Complete: A few minutes.
Risks: You might have to look up the command again.
Copyright SageLogix, Inc, 2016. All Rights Reserved21
Benefits of OpenScap
Copyright SageLogix, Inc, 2016. All Rights Reserved22
Benefits of OpenScap
Copyright SageLogix, Inc, 2016. All Rights Reserved23
OpenSCAP Summary
Can use a tool like Puppet to manage reporting across infrastructure
Cross platform and open source
Ships with Oracle Linux
Oh, and it also does automatic remediation to fix violations
automatically
Copyright SageLogix, Inc, 2016. All Rights Reserved24
Summary
We can use our DevOps tool (Puppet) with our compliance tool (OpenSCAP) to reliably report on the state of our infrastructure in a real-time, human-readable way.
We can extend Puppet to even go so far as to automatically remediate issues when it finds them in an OpenSCAP report.
Copyright SageLogix, Inc, 2016. All Rights Reserved25
Case Study Using Puppet to deploy Weblogic 12c
Copyright SageLogix, Inc, 2016. All Rights Reserved26
The Problem
Client wanted to do a greenfield installation of Weblogic 12c
Between Development, Test, QA and Production, total deployment consisted of 9 different servers
Each server had specific requirements depending on the environment
Copyright SageLogix, Inc, 2016. All Rights Reserved27
Step 1 – The Manifest and Templates
A. Defined a class within puppet called “Weblogic 12c” and defined a manifest for it
B. Created a Template for the response files needed, which dynamically generated the correct configuration based on the host name and type (Dev, Test, Production)
C. Presented the mount point with software to relevant servers
Total Lead Time: 1 week
Copyright SageLogix, Inc, 2016. All Rights Reserved28
Step 2 – Test
Total Lead Time:2-3 Days
Copyright SageLogix, Inc, 2016. All Rights Reserved29
Step 3 - Deploy
Copyright SageLogix, Inc, 2016. All Rights Reserved30
What about a patch?
Follow the same method:– Write Once– Test– Deploy Often
Applies to Opatch (The patching utility for Oracle software) Also applies to OS
Or Change Control In General
Copyright SageLogix, Inc, 2016. All Rights Reserved31
Change Control
Clear and concise definitions of your environment Combine with a version control system like Git to have a full paper trail
of when changes were made, and who made them Better understanding of which change potentially caused a defect in a
system
Some benefits of using Puppet with CC
Copyright SageLogix, Inc, 2016. All Rights Reserved32
Top Related