introduction to configuration management

R.I.Pienaar

Malta DevOps August 2016

Introduction to Configuration Management

R.I.Pienaar | [email protected] | http://devco.net | @ripienaar

Who am I?• Malta since December 2015

• Consultant for 20+ years

• Government, Finance, Health, Social Media, Fortune 50, Startups

• DevOps, Automation, Architect, Development

• Open Source @ github.com/ripienaar

• Linux since Kernel 99 alpha p11

mailto:[email protected]


ConfigurationManagement

for Devs and Ops



CM - What’s the problem?

Not CONSISTENT




Not REPRODUCABLE




Not INTERESTING




Not SCALABLE




Not COMPLETE




Not PREDICTABLE



Hypothetical Toolset



CM - Wishes?

ProgrammableInfrastructure

Domain Specific Language



CM - Wishes?


Platform and OS Independent



CM - Wishes?


Complete Server Lifecycle



CM - Wishes?


Extendible via Plugins and APIs



CM - Wishes?


Learns from Development



CM - Wishes?

OpenSource, APIs and Docs

Community, IRC, Slack, GitHub, Users



CM - Wishes?

CommercialOwned

Support, Training, Conferences, Certs



Puppet

• 10 years old

• Commercially owned Open Source

• Client Server or Standalone Architecture

• Used by 10s of 1000s of companies

• Useful to small and large companies, even single servers

• 4 400 reusable modules, write your own



Puppet Resourcespackage{“httpd”: ensure => “present”

}

file{“/etc/httpd/conf/httpd.conf”: owner => “root”, group => “root”, mode => “0644”, source => “puppet:///modules/apache/httpd.conf”

}

service{“httpd”: ensure => “running”, enable => true

}



Puppet Typespackage{“httpd”: ensure => “present”

}


}


}



Puppet Titlespackage{“httpd”: ensure => “present”

}


}


}



Puppet Parameterspackage{“httpd”: ensure => “present”

}


}


}



Puppet Relationshipspackage{“httpd”: …

}

file{“/etc/httpd/conf/httpd.conf”: …, require => Package[“httpd”], notify => Service[“httpd”]

}

service{“httpd”: …, require => File[“/etc/httpd/conf/httpd.conf”]

}



Puppet Collectionsclass apache { include apache::install include apache::config include apache::service

}

class apache::install { package{ … }; package{ … }

}

class apache::config { file{ … }; file{ … }

}

class apache::service { service{ … }; service{ … }

}



Puppet Relationspackage{“httpd”: …

}

file{“/etc/httpd/conf/httpd.conf”: …, require => Class[“apache::install”], notify => Class[“apache::service”]

}

service{“httpd”: …, require => Class[“apache::config”]

}



Puppet Nodesnode “dev1.example.net” { include roles::lamp_dev

}

class roles::lamp_dev { include profile::lamp_webserver include profile::lamp_mysqlserver

}

class profile::lamp_webserver { include php include apache

}

class profile::lamp_mysqlserver { include mysql

}



Puppet Facts$ facter … os => { architecture => "x86_64", distro => { codename => "Core", description => "CentOS Linux release 7.2.1511 (Core)", id => "CentOS", release => { full => "7.2.1511", major => "7", minor => "2" }, specification => ":core-4.1-amd64:core-4.1-noarch" }, family => "RedHat", hardware => "x86_64", name => "CentOS", release => { full => "7.2.1511", major => "7", minor => "2" }, selinux => { enabled => false } } …



Puppet Facts

class site::common { if $facts[“os”][“family”] == “RedHat” {

include site::redhat_common

} elsif $facts[“os”][“family”] == “Debian” { include site::debian_common

} else { fail(“Unknown operating system family”)

} }



Puppet Site Policies• /srv/www - root:root

• /etc/httpd/conf.d/<site>.conf

• /srv/www/<site> - root:root

• /srv/www/<site>/html - owner:owner

• /srv/www/<site>/logs/access_log - root:root

• /srv/www/<site>/logs/error_log - root:root

• <site> log rotation

• <site> backups



Puppet Site Policies

site::vhost{“example.com”: }

Day to Day Usage

$client_sites = [“example1.com”, “example2.com”]

site::vhost{$client_sites: }

site::vhost{“example.com”: aliases => [“www.example.com”, “www.other.com”], owner => “acme”, allow_override => “All”, options => “Indexes”

}


http://example.com

http://example1.com

http://example2.com

http://example.com

http://www.example.com

http://www.other.com


Puppet Site PoliciesPolicy Set by Web Team - Creates Utility

define site::vhost ( $port, $owner, $group, … ) { apache::vhost{$name: port => $port, docroot => “/srv/www/${name}/html”, docroot_owner => $owner, docroot_group => $group,

}

bacula::backup_policy{$name: …} sensu::monitor{$name: …}

}



Puppet TestingLearning from Development - Unit Testing

describe “site::vhost” do let(:title) { “example.com” }

it { is_expected to contain_apache__vhost(“example.com”) .with ( “port” => “80”, “docroot” => “/srv/www/example.com/html” …

) }

end


http://example.com

http://example.com

http://example.com


Puppet TestingLearning from Development - Integration Testing

describe package(“httpd”) do it { should be_installed }

end

describe service(“httpd”) do it { should be_enabled } it { should be_running }

end

describe file(“/srv/www/example.com/html”) do it { should exist } it { should be_directory } it { be_owned_by “root” }

end


http://example.com/html


Puppet Reporting

http://theforeman.org



Questions?

twitter: @ripienaaremail: [email protected]: www.devco.net

github: ripienaarfreenode: Volcane

slack.puppet.com: ripienaar

http://learn.puppet.com/https://www.devco.net/


introduction to configuration management

Technology