oscar: rapid iteration with vagrant and puppet enterprise - puppetconf 2013

OscarRapid Iteration with Vagrant

and Puppet EnterpriseAdrien Thebo | Puppet Labs

@nullfinch | Freenode: finch

Hi.

Introductions n’ stuffOn/Off Operations/Development, ~8 years

Devops before it was cool

Introductions n’ stuffPuppet Labs, 2.5 years

Operations Engineer, 2 yearsCommunity Software Engineer, 6 months

Things I do

r10kBetter Puppet deployment, powered by robots

Puppet modulespuppet-networkpuppet-portagepuppet-filemapper

So how about that Vagrant?

Mandatory audience fun time!Who has…

heard of Vagrant?tried Vagrant?used Vagrant regularly?developed on Vagrant or plugins?created Vagrant?

A brief introduction to Vagrant

Good idea, bad ideaGood idea: hand crafted, one of a kind artisan furnitureBad idea: hand crafted, one of a kind artisan VMs

Before VagrantHand rolled VMs

No automationUnreproducibleFull of forgotten hacks

Vagrant is…Local VM infrastructure without the pain

Easy to configureReproduciblePortable

Vagrant Workflowgenerateprovisionuse/breakdiscardIt’s your very own cloud!

Laying the GroundworkOperations @ Puppet Labs… Support @ Puppet Labs?Infrastructure & client support

The problem space

Supporting PE 2Need to reproduce customer problems

Various supported platformsVarious node configurations

Supporting PE 2Speed/reproducibility paramount

Have to meet SLAAlso handle other operations work

Support ♥ VagrantReceive ticketDuplicate client environmentBuild environmentReproduce & debugHelp customer^W^Wprofit!!!

LimitationsIf this presentation was all roses and butterflies

Then it would be very boring.

Choose your own adventureLike any tool, Vagrant makes tradeoffsSome use cases are easier than others

Vagrant excels at…Static/Stable environmentsConfigure VM definitionSet up provisioninggit commit -m 'Add Vagrantfile'

Vagrant struggles with…Highly mutable environmentsComplex provisioning stepsConfiguration reuse

Partial configurationDistributable configuration

The Vagrantfile DSLPro - all the power of RubyCon - all the power of Ruby

A descent into madness

(I’m sorry.)

DONT. DO. THIS.

# vi: set ft=ruby :require 'yaml'

begin # Load config yaml_config = File.join(File.dirname(__FILE__), "config.yaml") config = nil

File.open(yaml_config) do |fd| config = YAML.load(fd.read) end

nodes = config["nodes"] profiles = config["profiles"]

nodes.each do |node|

# Set default PE configuration, and allow node overriding of these values defaults = {"pe" => config['pe']}

node.merge!(defaults) do |key, oldval, newval|

if oldval.is_a? Hash newval.merge oldval else warn "Tried to merge hash values with #{key} => [#{oldval}, #{newval}], but was not a hash. Using #{oldval}." oldval end end

profile = node["profile"] node.merge! profiles[profile] endrescue => e puts "Malformed or missing config.yaml: #{e}" puts e.backtrace exit!(1)end

# This is an extension of the common node definition, as it makes provisions# for customizing the master for more seamless interaction with the base# systemdef provision_master(config, node, attributes)

# Manifests and modules need to be mounted on the master via shared folders, # but the default /vagrant mount has permissions and ownership that conflicts # with the master and pe-puppet. We mount these folders separately with # loosened permissions. config.vm.share_folder 'manifests', '/manifests', './manifests', :extra => 'fmode=644,dmode=755,fmask=022,dmask=022' config.vm.share_folder 'modules', '/modules', './modules', :extra => 'fmode=644,dmode=755,fmask=022,dmask=022'

# Update puppet.conf to add the manifestdir directive to point to the # /manifests mount, if the directive isn't already present. node.vm.provision :shell do |shell| shell.inline = <<-EOTsed -i '2 {/manifest/ !i\ manifestdir = /manifests}' /etc/puppetlabs/puppet/puppet.confEOT end

# Update puppet.conf to add the modulepath directive to point to the # /module mount, if it hasn't already been set. node.vm.provision :shell do |shell| shell.inline = <<-EOTsed -i '/modulepath/ {/vagrant/ !s,$,:/modules,}' /etc/puppetlabs/puppet/puppet.confEOT end

# Rewrite the olde site.pp config since it's not used, and warn people # about this. node.vm.provision :shell do |shell| shell.inline = %{echo "# /etc/puppetlabs/puppet/manifests is not used; see /manifests." > /etc/puppetlabs/puppet/manifests/site.pp} end

# Boost RAM for the master so that activemq doesn't asplode node.vm.customize([ "modifyvm", :id, "--memory", "1024" ])

# Enable autosigning on the master node.vm.provision :shell do |shell| shell.inline = %{echo '*' > /etc/puppetlabs/puppet/autosign.conf} endend

# Adds the vagrant configuration tweaksdef configure_node(config, node, attributes)

node.vm.box = attributes["boxname"]

# Apply all specified port forwards attributes["forwards"].each do |(src, dest)| node.vm.forward_port src, dest end if attributes["forwards"] # <-- I am a monster

# Add in optional per-node configuration node.vm.box_url = attributes["boxurl"] if attributes["boxurl"] node.vm.network :hostonly, attributes["address"] if attributes["address"] node.vm.boot_mode = attributes[:gui] if attributes[:gui]end

# Provide provisioning details for this nodedef provision_node(config, node, attributes)

# Hack in faux DNS # Puppet enterprise requires something resembling functioning DNS to be # installed correctly attributes["hosts_entries"].each do |entry| node.vm.provision :shell do |shell| shell.inline = %{grep "#{entry}" /etc/hosts || echo "#{entry}" >> /etc/hosts} end end

# Set the machine hostname node.vm.provision :shell do |shell| shell.inline = %{hostname #{attributes["name"]}} end

node.vm.provision :shell do |shell| shell.inline = %{domainname puppetlabs.test} endend

def install_pe(config, node, attributes)

# Customize the answers file for each node node.vm.provision :shell do |shell| shell.inline = %{sed -e 's/%%CERTNAME%%/#{attributes["name"]}/' < /vagrant/answers/#{attributes["role"]}.txt > /tmp/answers.txt} end

# If the PE version is 0.0.0, bypass puppet installation. # This could easily make later provisioning fail.

if attributes['pe']['version'].match %r[̂0\.0] warn "Requested PE version was set to #{attributes['pe']['version']}; will not automatically install PE" return end

# Assemble the installer command fragments = [] fragments << "2>&1" fragments << attributes['pe']['installer']['executable'] fragments << '-a /tmp/answers.txt' fragments << attributes['pe']['installer']['args'].join(' ')

installer_cmd = fragments.join(' ').gsub(':version', attributes['pe']['version'])

# Install Puppet Enterprise if it hasn't been installed yet. If the machine # is rebooted then this provisioning step will be skipped. node.vm.provision :shell do |shell| shell.inline = <<-EOTif ! [ -f /opt/pe_version ]; then #{installer_cmd}fi EOT endend

Vagrant::Config.run do |config|

# Generate a list of nodes with static IP addresses hosts_entries = nodes.select {|h| h["address"]}.map {|h| %{#{h["address"]} #{h["name"]}}}

# Tweak each host for Puppet Enterprise, and then install PE itself. nodes.each do |attributes| config.vm.define attributes["name"] do |node|

attributes["hosts_entries"] = hosts_entries

configure_node(config, node, attributes) provision_node(config, node, attributes) install_pe(config, node, attributes)

if attributes["role"].match /master/ provision_master(config, node, attributes) end end endend

Vagrant and networkingNo default internal networkingFlaky DHCPDNS resolution

Vagrant and networkingSolutions!

Run your own infrastructure!DHCPDBIND

The realityCan’t support every configurationShouldn’t support every configurationBatteries not included

Introducing Oscar

Oscar in a nutshellSet of Vagrant pluginsBuilt for mutable environments

An overviewvagrant-hostsvagrant-auto_networkvagrant-pe_buildvagrant-config_builderoscar

Vagrant hostsDNS record types:

starting with A: A, AAAA, AFSDB, APLstarting with C: CAA, CERT, CNAMEstarting with D: DHCID, DLV, DNAME, DNSKEY, DS…

We need: name -> ip address

Vagrant hostsInside of a transitory environmentQuery private network addresses-> /etc/hostsGo do something you care aboutOr manage BIND on $platform

Vagrant Auto-networkHave to add extra interfacesf$&k it. STATIC IP ADDRESSES FOR ALL

config.vm.network :private_network, :auto_network => true

Vagrant PE BuildPE configuration optimized for VagrantDownload installers on demand

Vagrant config builderConfiguration as data

Before config builderVagrantfile

config.vm.define :puppetmaster do |box| flavor = :centos_6 set_box box, S3_BOXES[:centos_64_nocm]

# NOTE: Hostonly _may_ mean no internets if this adapter gets found first!!! # Check /etc/resolv.conf ! box.vm.network :hostonly, "192.168.23.20"

# NOTE: Share folders, such as Git checkouts of the Puppet source code share_puppet_source box

box.vm.provision :shell, :inline => BOOTSTRAPS[flavor] provision_box box, 'server.pp'end

After config builderroles.yaml

---roles: puppetmaster: private_networks: - {auto_network: true} synced_folders: - {host_path: ~/Source/puppetlabs, guest_path: /puppetlabs} provisioners: - {type: hosts} - {type: pe_bootstrap, role: master}

puppetagent: private_networks: - {auto_network: true} provisioners: - {type: hosts} - {type: pe_bootstrap}

After config buildervms.yaml

---vms: - name: master box: centos_64_nocom roles: puppetmaster - name: agent box: debian_64_nocm roles: puppetagent

Pick your data sourceYAMLJSONXMLinterpretive dance

What does Oscar do?Dependencies!Everything is a standalone pluginMix and match

What does Oscar do?Templates and defaultsSane defaults to get you started

PE stack in a boxConfigure your development environment like productionDevelop your modules in complete isolationSimulate app deployments before going livePre-production in a box!Stable Puppet environment

What Oscar gets youAll the perks of VagrantMinimal user setupComplex config made easy

What Oscar gets youGoal - from zero to PE in vagrant up

Who uses it?Commercial SupportOpen Source SupportSales EngineeringPeople… and stuff…

Demo time!Basic spin upSales eng env

Questions?

Try it yourselfCode on GithubUnder active developmentcontributions accepted!

ThanksTom Linkin!Chris Barker!Charlie Sharpsteen!Hunter Haugen!Adam Crews!The fabulous Puppet and Vagrant community!Exclamation points!Many others!

CreditsLayout by NanocPresentation by Reveal.jsConsciousness by caffeine