Managing Network DevicesNan Liu // Sept. 27, 2012
Monday, September 17, 12
Network Devices
• Why Puppet?
• Puppet Device
• Load Balancer Demo
• Developing Devices (Advanced)
Monday, September 17, 12
Application Deployment
• Server + Puppet
• ???
• Profit!
Monday, September 17, 12
Missing Step?
• Linking Application Services
Monday, September 17, 12
#puppetize
• Network Device + Puppet
Monday, September 17, 12
Puppet Proxy Agent
• Certificates
• Retrieves Device Plugins
• Retrieves Device Catalog
• Connects to Device
• Apply Device Resources
• Reports to Master
Monday, September 17, 12
Proxy Agent
• WorkflowDevice Proxy Agent Puppet Master
Device Connect
Plugins
Custom Facts
Finish
Report?
Compile Catalog(functions)
Apply Catalog
puppet report
Report Procesor
Device Cert
Device resource
Monday, September 17, 12
Commands
• facter
• puppet resource
• puppet apply (maybe)
• puppet device
Monday, September 17, 12
Device.conf
• $confdir/device.conf:[node1_name]type <device_type>url <protocol://username:password@url/>
[node2_name]type <device_type>url <protocol://username:password@url/>
Monday, September 17, 12
Device $vardir
• $vardir(/var/lib/puppet /var/opt/lib/pe-puppet)# tree ./devices└── f5.puppetlabs.lan ├── client_yaml ├── facts ├── ssl └── state
Monday, September 17, 12
Puppet Resource
• Abstraction (Type/Provider)
• Declarative (Language)
• Idempotent (Enforcement)
Monday, September 17, 12
Manifest v.s. GUIf5_pool { 'apt.puppetlabs.com': ensure => 'present', action_on_service_down => 'SERVICE_DOWN_ACTION_NONE', allow_nat_state => 'STATE_ENABLED', allow_snat_state => 'STATE_ENABLED', client_ip_tos => '65535', client_link_qos => '65535', gateway_failsafe_unit_id => '0', lb_method => 'LB_METHOD_ROUND_ROBIN', member => {'10.10.0.22:8080' => {...}, '10.10.0.23:8080' => {...}, '10.10.0.24:80' => {...}}, minimum_active_member => '0', minimum_up_member => '0', minimum_up_member_action => 'HA_ACTION_FAILOVER', minimum_up_member_enabled_state => 'STATE_DISABLED', monitor_association => {...}, server_ip_tos => '65535', server_link_qos => '65535', simple_timeout => '0', slow_ramp_time => '10',}
Monday, September 17, 12
Manifests = Text
• Version Control
• Auditing
• Workflow
Monday, September 17, 12
Resource Demo
• export FACTER_url=https://admin:admin@f5/
• puppet resource f5_*
Monday, September 17, 12
Web Module
• web::site definition:define web::site ( $port = '80', # F5 pool member settings: $connection_limit = '0', $dynamic_ratio = '1', $priority = '0', $ratio = '1') { # setup web service.}
Monday, September 17, 12
Web Server Nodes
• webservers nodes:node /^webserver21/ { web::site { 'apt.puppetlabs.com': port => '8080', }}
node /^webserver22/ { web::site { 'apt.puppetlabs.com': port => '80', connection_limit => '100', } web::site { 'yum.puppetlabs.com': port => '8080', }}
Monday, September 17, 12
Composing Services
• Network Device = Nodesnode 'f5.puppetlabs.lan' { f5_virtualserver { 'apt.puppetlabs.com': ... } f5_pool { 'apt.puppetlabs.com': ... } f5_monitor { 'apt.puppetlabs.com': ... }}
Monday, September 17, 12
Problem?
• f5_pool member ip address:
Monday, September 17, 12
Export Resources?• ONLY export/collect resources.
• f5_poolmember ?
f5_pool { 'apt.puppetlabs.com': ensure => 'present', lb_method => 'LB_METHOD_ROUND_ROBIN', member => { '10.10.0.22:8080' => {}, '10.10.0.23:8081' => {}, '10.10.0.24:80' => {}, },}
Monday, September 17, 12
Resources Meta Type
• Puppet Resources:
• Does not support Resource subset =/purge poolmember in pool ‘X’ ?
resources { 'f5_poolmember': purge => true,}
Monday, September 17, 12
Query Puppet DB
• ruby-puppetdb:https://github.com/ripienaar/ruby-puppetdb
• puppetdb query:https://github.com/dalen/puppet-puppetdbquery
Monday, September 17, 12
Puppet Catalog
• Puppet Catalog = Resources + Relationship
• Facts + Manifests => compilation => Catalog
Agent Master
Facts
Monday, September 17, 12
Puppet Catalog
• Puppet Catalog = Resources + Relationship
• Facts + Manifests => compilation => Catalog
Agent Master
Facts
Monday, September 17, 12
Puppet Catalog
• Puppet Catalog = Resources + Relationship
• Facts + Manifests => compilation => Catalog
Agent Master
Monday, September 17, 12
Puppet Catalog
• Puppet Catalog = Resources + Relationship
• Facts + Manifests => compilation => Catalog
Agent Master
Monday, September 17, 12
Puppet Catalog
• Puppet Catalog = Resources + Relationship
• Facts + Manifests => compilation => Catalog
Agent Master
Monday, September 17, 12
Puppet Catalog
• Puppet Catalog = Resources + Relationship
• Facts + Manifests => compilation => Catalog
Agent Master
Catalog
Monday, September 17, 12
Puppet Catalog
• Puppet Catalog = Resources + Relationship
• Facts + Manifests => compilation => Catalog
Agent Master
Catalog
Monday, September 17, 12
Puppet DB
• Stores all client catalogs
Web Server 1 Web Server 2
Master Puppet DB
Monday, September 17, 12
Puppet DB
• Stores all client catalogs
Web Server 1 Web Server 2
Master Puppet DB
Monday, September 17, 12
Puppet DB
• Stores all client catalogs
Web Server 1 Web Server 2
Master Puppet DB
Monday, September 17, 12
Puppet DB
• Stores all client catalogs
Web Server 1 Web Server 2
Master Puppet DB
Monday, September 17, 12
Puppet DB
• Stores all client catalogs
Web Server 1 Web Server 2
Master Puppet DB
Monday, September 17, 12
web::loadbalancerdefine web::loadbalancer ( $site = $name, $address, $port = 80) { f5_virtualserver { $name: ensure => 'present', connection_limit => '0', default_pool_name => $name, destination => "${address}:${port}", require => F5_pool[$name], } # $member = ??? f5_pool { $name: ensure => 'present', lb_method => 'LB_METHOD_ROUND_ROBIN', member => $member, }}
Monday, September 17, 12
Query Puppet DB
• puppet query resource --query='Class[web::server]' --filter='Web::Site[apt.puppetlabs.com]' --render-as yaml "Web::Site[apt.puppetlabs.com]": - parameters: port: "8080" nodes: - webserver22 - webserver23 - parameters: port: "80" connection_limit: "100" nodes: - webserver24
Monday, September 17, 12
Pool Member
• Results
$ip_facts = query_facts('ipaddress', 'Class[web::server]')$websites = query_resources('Class[web::server]', "Web::Site[${site}]")$member = web_poolmember($ip_facts, $websites)
{ "10.0.2.24:80" => { "connection_limit" => "0", "ratio" => "1", "priority" => "3", "dynamic_ratio" => "1" }, "10.0.2.22:8080" => { "connection_limit" => "0", "ratio" => "1", "priority" => "1", "dynamic_ratio" => "1"}}
Monday, September 17, 12
Device Node
• F5 node:node 'f5.puppetlabs.lan' { web::loadbalancer { 'apt.puppetlabs.com': address => '192.168.1.200', } web::loadbalancer { 'yum.puppetlabs.com': address => '192.168.1.201', } web::loadbalancer { 'download.puppetlabs.com': address => '192.168.1.202', }}
Monday, September 17, 12
Demo
• Update web::site deployment
• Update F5 Loadbalancer
Monday, September 17, 12
Developing Devices
• WARNING:Recommend developing regular Puppet Type/Provider first.Recommend developing regular Puppet Type/Provider first.Recommend developing regular Puppet Type/Provider first.Recommend developing regular Puppet Type/Provider first....
• Puppet Type/Provider Session (Dan)
Monday, September 17, 12
Developing Devices
• Transport
• Facter
• Type
• Provider (retrieve/set)
Monday, September 17, 12
Transport
• device.conf
• telnet
• ssh
• iControl (SOAP)
• (netconf)
[node_name]type <device_type>url <protocol://username:password@url/>
Monday, September 17, 12
Initialize Device
• puppet/util/network_device.rbclass Puppet::Util::NetworkDevice ... def self.init(device) require "puppet/util/network_device/#{device.provider}/device" @current = Puppet::Util::NetworkDevice. const_get(device.provider.capitalize). const_get(:Device).new(device.url) rescue => detail raise "Can't load #{device.provider} for #{device.name}: #{detail}" endend
Monday, September 17, 12
device.rb
• puppet/util/network_device/<type>/device.rbclass Puppet::Util::NetworkDevice::Juniper
attr_accessor :url, :transport
def initialize(url) @url = URI.parse(url) @transport = Puppet::Util::NetworkDevice::Transport::Juniper.new end end
def facts @facts ||= Puppet::Util::NetworkDevice::Transport::Juniper::facts.new(@transport) @facts.retrieve endend
Monday, September 17, 12
Device Facts
• puppet/util/network_device/<type>/facts.rb
Monday, September 17, 12
Type
• apply_to_all
• apply_to_host
• apply_to_devicePuppet::Type.newtype(:f5_monitor) do @doc = "Manage F5 monitor." apply_to_device ensurable ... newproperty(:template_state) do desc "The monitor templates' enabled/disabled states." newvalues(/^STATE_(DISABLED|ENABLED)$/) endend
Monday, September 17, 12
Provider• ssh/telnet:
output = transport.command('sh interface')
• Access custom transport: def self.transport if Facter.value(:url) then Puppet.debug "F5: connecting via facter url." @device ||= Puppet::Util::NetworkDevice::F5::Device.new(Facter.value(:url)) else @device ||= Puppet::Util::NetworkDevice.current raise Puppet::Error, "Error Msg..." unless @device end
@tranport = @device.transport end
Monday, September 17, 12
Testing
• Puppet Resource (self.instances)
• Puppet Apply (apply_to_host)
Monday, September 17, 12
Future
• Software defined infrastructure
• Systems (Google Compute Engine as Resource)
• Application (puppet agent)
• Network (puppet device)
Monday, September 17, 12
Questions?
Monday, September 17, 12
Thank you for attending
Monday, September 17, 12
Top Related