honeycutt garret expanded_intro_to_puppet_for_mailru
TRANSCRIPT
Expanded Introductionto Puppet
рамках Форума технологий Mail.Ru
2012-04-24Moscow, RU
Garrett HoneycuttProfessional Services Consultant
[email protected]://linkedin.com/in/garretthoneycutt
The one-off myth
Your systems are not beautiful snowflakes
photo from http://beesknees67.deviantart.com/
The one-off myth
• Only temporary
The one-off myth
• Only temporary
• Replicas for pre-production environments
The one-off myth
• Only temporary
• Replicas for pre-production environments
• Disaster recovery
Why?
Why?
• reduce entropy
Why?
• reduce entropy• disaster recovery
Why?
• reduce entropy• disaster recovery• change management
Why?
• reduce entropy• disaster recovery• change management• infrastructure as code
Text
Puppet Community Ecosystem
4,000 person mailing list
900 conversations a month750 people at all times in IRC
(dedicated channel)
Puppet DistributionBundled with major OS !
2500+ people contributing to documentation
and code
Puppet Community Active participation !
Puppet Contributors Framework enhancements !
300+ modules contributed to Puppet Forge
Financial
TechnologyEntertainmentWeb
Defense
Puppet is Pervasive
Puppet EnterpriseWhat it is:• Puppet and related components packaged and
integrated in one install:• Puppet• Puppet Master• Dashboard• Facter• Ruby• Apache• Passenger, etc.
Puppet Enterprise
• Fully QA’d stack of Puppet and dependencies• Simplified installation• Ease of maintenance• Pre-configured for scalability and performance• Predictable enhancement delivery• Enhanced enterprise class Support
How Puppet Works
Define: !"#$%&'(()#*+%,)-./0/#"1)%% ./23'/3)%45'%,)+"32%/%30/($%56%0)./#"52+$"(+%7)#8))2%0)+5'0-)+%8"#$"2%0)'+/7.)%95,'.)+:%;$)+)%95,'.)+%,)6"2)%45'0%"260/+#0'-#'0)%"2%"#+%,)+"0),%+#/#):
1
Simulate:%!"#$%#$"+%0)+5'0-)%% 30/($<%&'(()#%"+%'2"=')%"2%"#+%/7"."#4%#5%+"9'./#)%,)(.549)2#+<%)2/7."23%45'%#5%#)+#%-$/23)+%8"#$5'#%,"+0'(#"52%#5%45'0%"260/+#0'-#'0):
2
% Enforce:%&'(()#%-59(/0)+%45'0%% +4+#)9%#5%#$)%,)+"0),%+#/#)%/+%45'%,)6"2)%"#<%/2,%/'#59/#"-/..4%)2650-)+%"#%#5%#$)%,)+"0),%+#/#)%)2+'0"23%45'0%+4+#)9%"+%"2%-59(."/2-):
3
% Report: &'(()#%>/+$75/0,%0)(50#+%% #0/-?%0)./#"52+$"(+%7)#8))2%-59(52)2#+%/2,%/..%-$/23)+<%/..58"23%45'%#5%?))(%'(%8"#$%+)-'0"#4%/2,%-59(."/2-)%9/2,/#)+:%@2,%8"#$%#$)%5()2%@&A%45'%-/2%"2#)30/#)%&'(()#%8"#$%#$"0,%(/0#4%952"#50"23%#55.+:
4
>BCADB>C;@;B
EFDDBG;C;@;B
A;BD@;B%@G>%AGEDB@
CB%EHIBD@
JB
Multi Node
Use Puppet to create composable configurations and manage the enterprise infrastructure
Define Your Resources in Modules. ! "#$%!&'(()$*!+,'!-).#/)!+,'0!1,-'2)3!4+!/,-)!52633#.#56$#,/3*!3'5%!63!")4!7)08)0!,0!96$6463)*!622,:#/;!+,'!$,!-).#/)!0)26$#,/3%#(3!4)$:))/!0)3,'05)3!6/-!5,/.#;'0)!$%,'36/-3!,.!3)08)03!6$!,/5)<!
1
Assign resource relationships automatically.!! =,'!56/!$%)/!633#;/!6/-!-)(2,+!5,/.#;'06$#,/3!8#6!&'(()$!963%4,60-*!,0!:#$%!+,'0!,:/!5'3$,1#>)-!?@9A!$,,23<
Via Puppet Dashboard
CustomExternal Source
(CMDB, LDAP, etc.)
2
Reusable, composable configurations. !! "#$%!&'(()$!+,'!56/!0)B'3)!1,-'2)3!650,33!1'2$#(2)!/,-)3*!#/!:%6$)8)0!5,14#/6$#,/!+,'!/))-*!0)-'5#/;!0)()$#$#8)!$63C3!6/-!)2#1#/6$#/;!)00,0B(0,/)!350#($3<!
3
"DA!7DEFDE7 9GHGAG7D!7DEFDE7 G&&IJ?GHJKL!7DEFDE7
LK9D
LK9D LK9D
LK9D LK9D
LK9D
9GHGAG7D "DA!7DEFDE G&&!7DEFDE 7D?MEJH=Mod
ules
Puppet Assigns and Maintains a Node’s Desired Role
Managing Configuration Drift
How Puppet Manages Data Flow for Individual Nodes
Facts!"#$%&'#$(#%'($%&)*+,-.#'$'+/+$+0&1/$-/(#,2$/&$/"#$3144#/$5+(/#)6
1
Catalog3144#/$1(#($/"#$7+8/($/&8&*4-,#$+$9+/+,&:$/"+/(4#8-2-#($"&;$/"#$%&'#("&1,'$0#$8&%2-:1)#'6
2
Report8+%$+,(&$(#%'$'+/+$/&$/"-)'$4+)/<$/&&,(6
4
Report!"#$%&'#$)#4&)/($0+8=$/&$3144#/$-%'-8+/-%:$/"#$8&%2-:1)+/-&%$-($8&*4,#/#>$;"-8"$-($?-(-0,#$-%$/"#$3144#/$@+("0&+)'6
3
Report CollectorA3144#/$&)$B)'$4+)/<$/&&,C
Node
PuppetMaster
SSL secure encryption on all data transport
Facts
Automatically Maintained Asset
Inventory
architecture => i386domain => localfacterversion => 1.6.6fqdn => sliver.localhardwareisa => i386hardwaremodel => i386hostname => sliverid => ghinterfaces => lo0,gif0,stf0,en0,en1,fw0ipaddress => 192.168.101.185ipaddress_en1 => 192.168.101.185ipaddress_lo0 => 127.0.0.1is_virtual => falsekernel => Darwinkernelmajversion => 10.8kernelrelease => 10.8.0kernelversion => 10.8.0memoryfree => 102.80 MB
Custom Facts
How Puppet Manages Data Flow for Individual Nodes
Facts!"#$%&'#$(#%'($%&)*+,-.#'$'+/+$+0&1/$-/(#,2$/&$/"#$3144#/$5+(/#)6
1
Catalog3144#/$1(#($/"#$7+8/($/&8&*4-,#$+$9+/+,&:$/"+/(4#8-2-#($"&;$/"#$%&'#("&1,'$0#$8&%2-:1)#'6
2
Report8+%$+,(&$(#%'$'+/+$/&$/"-)'$4+)/<$/&&,(6
4
Report!"#$%&'#$)#4&)/($0+8=$/&$3144#/$-%'-8+/-%:$/"#$8&%2-:1)+/-&%$-($8&*4,#/#>$;"-8"$-($?-(-0,#$-%$/"#$3144#/$@+("0&+)'6
3
Report CollectorA3144#/$&)$B)'$4+)/<$/&&,C
Node
PuppetMaster
SSL secure encryption on all data transport
Catalog
• Automatically maintained comprehensive resource list
• Easily validated against compliance requirements prior to client configuration
How Puppet Manages Data Flow for Individual Nodes
Facts!"#$%&'#$(#%'($%&)*+,-.#'$'+/+$+0&1/$-/(#,2$/&$/"#$3144#/$5+(/#)6
1
Catalog3144#/$1(#($/"#$7+8/($/&8&*4-,#$+$9+/+,&:$/"+/(4#8-2-#($"&;$/"#$%&'#("&1,'$0#$8&%2-:1)#'6
2
Report8+%$+,(&$(#%'$'+/+$/&$/"-)'$4+)/<$/&&,(6
4
Report!"#$%&'#$)#4&)/($0+8=$/&$3144#/$-%'-8+/-%:$/"#$8&%2-:1)+/-&%$-($8&*4,#/#>$;"-8"$-($?-(-0,#$-%$/"#$3144#/$@+("0&+)'6
3
Report CollectorA3144#/$&)$B)'$4+)/<$/&&,C
Node
PuppetMaster
SSL secure encryption on all data transport
Reporting
• Comprehensive report of every change ever made, correlated to every resource being managed
• Easily validated against compliance requirements after reach run
Reporting
•http/https•log•store•tagmail
Reporting
What not How
What not how
Example Resource Types• cron
• exec
• file
• group
• host
• zfs
• mount
• package
• service
• sshkey
• user
Package-File-Service
File Serving
Templates
Templates - Advanced
Syntax Checking
Storeconfigs Ability to pass data between nodes, via a database acting as a proxy
• MySQL• SQLite3• PostgreSQL• Oracle
Storeconfigs
External Node Classifier
•Puppet Dashboard
•Your own CMDB
External Node Classifier
A script that takes $certname as an argument and outputs YAML to STDOUT
External Node Classifier
External Node Classifier
Expanded Introductionto Puppet
рамках Форума технологий Mail.Ru
2012-04-24Moscow, RU
Garrett HoneycuttProfessional Services Consultant
[email protected]://linkedin.com/in/garretthoneycutt