introduction to configuration management
TRANSCRIPT
R.I.Pienaar
Malta DevOps August 2016
Introduction to Configuration Management
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
Who am I?• Malta since December 2015
• Consultant for 20+ years
• Government, Finance, Health, Social Media, Fortune 50, Startups
• DevOps, Automation, Architect, Development
• Open Source @ github.com/ripienaar
• Linux since Kernel 99 alpha p11
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
ConfigurationManagement
for Devs and Ops
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
CM - What’s the problem?
Not CONSISTENT
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
CM - What’s the problem?
Not REPRODUCABLE
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
CM - What’s the problem?
Not INTERESTING
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
CM - What’s the problem?
Not SCALABLE
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
CM - What’s the problem?
Not COMPLETE
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
CM - What’s the problem?
Not PREDICTABLE
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
Hypothetical Toolset
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
CM - Wishes?
ProgrammableInfrastructure
Domain Specific Language
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
CM - Wishes?
ProgrammableInfrastructure
Platform and OS Independent
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
CM - Wishes?
ProgrammableInfrastructure
Complete Server Lifecycle
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
CM - Wishes?
ProgrammableInfrastructure
Extendible via Plugins and APIs
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
CM - Wishes?
ProgrammableInfrastructure
Learns from Development
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
CM - Wishes?
OpenSource, APIs and Docs
Community, IRC, Slack, GitHub, Users
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
CM - Wishes?
CommercialOwned
Support, Training, Conferences, Certs
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
Puppet
• 10 years old
• Commercially owned Open Source
• Client Server or Standalone Architecture
• Used by 10s of 1000s of companies
• Useful to small and large companies, even single servers
• 4 400 reusable modules, write your own
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
Puppet Resourcespackage{“httpd”: ensure => “present”
}
file{“/etc/httpd/conf/httpd.conf”: owner => “root”, group => “root”, mode => “0644”, source => “puppet:///modules/apache/httpd.conf”
}
service{“httpd”: ensure => “running”, enable => true
}
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
Puppet Typespackage{“httpd”: ensure => “present”
}
file{“/etc/httpd/conf/httpd.conf”: owner => “root”, group => “root”, mode => “0644”, source => “puppet:///modules/apache/httpd.conf”
}
service{“httpd”: ensure => “running”, enable => true
}
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
Puppet Titlespackage{“httpd”: ensure => “present”
}
file{“/etc/httpd/conf/httpd.conf”: owner => “root”, group => “root”, mode => “0644”, source => “puppet:///modules/apache/httpd.conf”
}
service{“httpd”: ensure => “running”, enable => true
}
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
Puppet Parameterspackage{“httpd”: ensure => “present”
}
file{“/etc/httpd/conf/httpd.conf”: owner => “root”, group => “root”, mode => “0644”, source => “puppet:///modules/apache/httpd.conf”
}
service{“httpd”: ensure => “running”, enable => true
}
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
Puppet Relationshipspackage{“httpd”: …
}
file{“/etc/httpd/conf/httpd.conf”: …, require => Package[“httpd”], notify => Service[“httpd”]
}
service{“httpd”: …, require => File[“/etc/httpd/conf/httpd.conf”]
}
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
Puppet Collectionsclass apache { include apache::install include apache::config include apache::service
}
class apache::install { package{ … }; package{ … }
}
class apache::config { file{ … }; file{ … }
}
class apache::service { service{ … }; service{ … }
}
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
Puppet Relationspackage{“httpd”: …
}
file{“/etc/httpd/conf/httpd.conf”: …, require => Class[“apache::install”], notify => Class[“apache::service”]
}
service{“httpd”: …, require => Class[“apache::config”]
}
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
Puppet Nodesnode “dev1.example.net” { include roles::lamp_dev
}
class roles::lamp_dev { include profile::lamp_webserver include profile::lamp_mysqlserver
}
class profile::lamp_webserver { include php include apache
}
class profile::lamp_mysqlserver { include mysql
}
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
Puppet Facts$ facter … os => { architecture => "x86_64", distro => { codename => "Core", description => "CentOS Linux release 7.2.1511 (Core)", id => "CentOS", release => { full => "7.2.1511", major => "7", minor => "2" }, specification => ":core-4.1-amd64:core-4.1-noarch" }, family => "RedHat", hardware => "x86_64", name => "CentOS", release => { full => "7.2.1511", major => "7", minor => "2" }, selinux => { enabled => false } } …
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
Puppet Facts
class site::common { if $facts[“os”][“family”] == “RedHat” {
include site::redhat_common
} elsif $facts[“os”][“family”] == “Debian” { include site::debian_common
} else { fail(“Unknown operating system family”)
} }
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
Puppet Site Policies• /srv/www - root:root
• /etc/httpd/conf.d/<site>.conf
• /srv/www/<site> - root:root
• /srv/www/<site>/html - owner:owner
• /srv/www/<site>/logs/access_log - root:root
• /srv/www/<site>/logs/error_log - root:root
• <site> log rotation
• <site> backups
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
Puppet Site Policies
site::vhost{“example.com”: }
Day to Day Usage
$client_sites = [“example1.com”, “example2.com”]
site::vhost{$client_sites: }
site::vhost{“example.com”: aliases => [“www.example.com”, “www.other.com”], owner => “acme”, allow_override => “All”, options => “Indexes”
}
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
Puppet Site PoliciesPolicy Set by Web Team - Creates Utility
define site::vhost ( $port, $owner, $group, … ) { apache::vhost{$name: port => $port, docroot => “/srv/www/${name}/html”, docroot_owner => $owner, docroot_group => $group,
}
bacula::backup_policy{$name: …} sensu::monitor{$name: …}
}
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
Puppet TestingLearning from Development - Unit Testing
describe “site::vhost” do let(:title) { “example.com” }
it { is_expected to contain_apache__vhost(“example.com”) .with ( “port” => “80”, “docroot” => “/srv/www/example.com/html” …
) }
end
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
Puppet TestingLearning from Development - Integration Testing
describe package(“httpd”) do it { should be_installed }
end
describe service(“httpd”) do it { should be_enabled } it { should be_running }
end
describe file(“/srv/www/example.com/html”) do it { should exist } it { should be_directory } it { be_owned_by “root” }
end
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
Puppet Reporting
http://theforeman.org
R.I.Pienaar | [email protected] | http://devco.net | @ripienaar
Questions?
twitter: @ripienaaremail: [email protected]: www.devco.net
github: ripienaarfreenode: Volcane
slack.puppet.com: ripienaar
http://learn.puppet.com/https://www.devco.net/