Love / Hate PuppetStephen Johnson

Stephen@puppetlabs.com

Background

• Puppetlabs employ for a a year

• I have been using Puppet since 0.24

• Currently working on the hiera_debug and rseencfile projects

What is this

• Its not a puppet bashing

• Interesting Puppet behavior

• What i love about puppet

Interesting Behavior

• Type Casting

• Type Equality

• Inconsistencies

• Scoping

Type Casting (FTW)

• $wibble = “3” (String)

• $wibble2 = “2” (String)

• $wtf = $wibble + wibble2 ?

Int

Type Equality

• $wibble = '3'

• $wibble2 = '2'

• $wibble3 = $wibble + $wibble2

• $wibbletest = 5

• is $wibble3 == $wibbletest

Yes

Type Equality 2

• $wibble = ‘true’

• $wibble2 = true

• is $wibble == $wibble2

No

Type Equality 3

• $wibble = 0

• $wibble2 = -1

• are they equal to true

Yes

Totally Confused Now

Type Equality

• There are many many more

• Be careful with data lookups from hiera

Inconsistencies

• Noop on a class

Noop on class

• class{'testtwo': noop => true ;}

• All the resources are noop surely

The code

The output

Scoping

• Thank good for 3.0

• Removing dynamic scoping

2.7

• Dynamic scoping is very very very dangerous

• Always use full scoped values

3.0

• It has been removed

• Full scope variables

Facts

• Top level variables

• Do not trust them as sent from client

• Dont use if $::hostname ==

• Export FACTER_hostname=‘puppetmaster’

• puppet agent -t

• See my blog on thatbytes.co.uk

Is not all bad

• All languages have interesting behavior

• Look at the famous “WAT’ talk from Gary Bernhardt

• www.destroyallsoftware.com/talks/wat

What i love

• Exported Resources

• Puppet

• Hiera

Exported Resources

• Nagios is so hard to setup all those config files

• Dns is so hard we have to track all those ip address

Nagios Automated

• Nagiosnode  webserver  {

       @@file  {  "/etc/nagios/conf.d/$::fqdn.apachecheck.conf":              content  =>  "nagios  check  stuff  \n",              tag  =>  "nagioscheck",                    }              }            node  nagiosmachine  {                File  <<|  tag  ==  'nagioscheck'  |>>            }

Export the resource

• @@file  {  "/etc/nagios/conf.d/$::fqdn.apachecheck.conf":  

           content  =>  template(‘apache/nagioscheck.erb’),              tag  =>  "nagioscheck",                    }

• Tagged with nagioscheck

• Have a apache::nagios class ?

Collect the resource

File  <<|  tag  ==  'nagioscheck'  |>>

• Using the tag previously

• In your nagios::server class

How does that work

• Puppetdb

• Stores configs

• Scalable

• AWESOMENESS

Puppet

• Automation

• Abstraction

• Repeatable

• Reportable

• AWESOMEABLE

Puppet gets you Knowledge

• Version controlled infrastructure

• Convergence

• Reporting

• Query-ability

• Removing the snowflakes

Hiera

• Puppet modules without hard-coded data are easily shared and more re-usable

• Infrastructure configuration can be managed without needing to edit Puppet code

• The data problem

Bad Data

if ( $::environment == ‘dev’ ) { $ntpserver = ‘192.168.2.1’} else { if ( $::fqdn == ‘host4.mycorp.com’) { $ntpserver = ‘127.0.0.1’ } else { $ntpserver = ‘213.21.6.4’ }}

Good Data

$ntpserver = hiera(‘ntpserver’)

:hierarchy:

- %{operatingsystem}

- %{environment}

- %{fqdn}

- common

Remove Data from Code

• Hiera uses information to determine a hierarchy

• Top down hierarchy for overriding configuration values based on roles, environments, locations.... or anything else

• And do this without any coding!

Puppet 3.0

• Hiera is integrated into the core product

• Introduces data mapping for parameterized classes

• Backwards compatible

Hiera_Debug

Hiera

• What where the variables

• How looked the variables up

Debug File

Learn more

• git://github.com/nfagerlund/evil-made-manifest.git