puppet – torne seu datacenter ágil

Download Puppet – Torne Seu Datacenter áGil

Post on 16-Apr-2017

2.913 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

Puppet

Puppet Torne seu datacenter gil

Jeferson Rodrigues

Breve apresentao

Quiz:

- Quandos sysadmin temos aqui?

- Quantos sysadmin tem alguma afinidade com programao?

- E se a configurao fosse vista como programavel?

Bom, a nossa paletra tem duas partes. Uma breve indroduo ao Puppet e como utilzamos o Puppet no ambiente do Terra.

Puppet

Como surgiu?

A que se destina?

Pra quem se destina?

www.puppetlabs.com/company/overview/Surge como sucessor do cfengine para administrar um ou milhares de servidores, ou 10000 servidores conforme a idia do idealizador. um framework open-source robusto, flexivel e estensivel.
Destina-se a automao e gerencia de configurao, tambem utilizado como soluo para execuo de tarefas repetitivas. Por exemplo ...

Se destina especialmente para administradores de sistemas (sysadmin).
5 minutos falando da historia

Puppet: Modelo

Componentes

Manifest

Classes

Resource Types

Defines

Templates

Facter

Irei demostrar na sequencia o que cada item e qual sua funcionalidade.

Puppet: Componentes

Puppetmasterd o servidor central da soluo.

Puppetd o cliente da soluo que busca o catlogo compilado e reporta informaes do sistema para servidor.

Puppet um aplicativo, em especial, para teste do catlogo.

Puppetmasterd is a central management daemon. In most installations, youll have one puppetmasterd server and each managed machine will run puppetd. By default, puppetmasterd runs a certificate authority, which you can read more about in the security section.Puppetmasterd will automatically serve up puppet orders to managed systems, as well as files and templates.

Puppetd runs on each managed node. By default, it will wake up every 30 minutes (configurable), check in with puppetmasterd, send puppetmasterd new information about the system (facts), and then recieve a compiled catalog containing the desired system configuration that should be applied as ordered by the central server.

When running Puppet locally (for instance, to test manifests, or in a non-networked disconnected case), puppet is run instead of puppetd. It then uses local files, and does not try to contact the central server. Otherwise, it behaves the same as puppetd.

Puppet: Manifest

O Manifest uma declarao de expresses para controlar o Puppet.

uma linguagem de domnio especfica.

Catalogo que tem como responsabilidade de agrupar os facter, classes e seus resources.

Puppet: Manifest

Catalogo que tem como responsabilidade de agrupar os facter, classes e seus resources

Puppet: Classe e Resource Types

Classe uma estrutura lgica para agrupar recursos.

Resource a unidade fundamental do Puppet. O resource representa aspectos do sistema, por exemplo, um servio, um arquivo ou diretrio, um pacote ou qualquer outro resource customizado e relacionados.

Puppet: Classe e Resource Types

class nginx {

package { "nginx":

ensure => "installed";

}

file { "/etc/nginx/nginx.conf":

owner => "root",

group => "root",

mode => 644,

require => Package["nginx"],

notify => Service["nginx"],

source => "puppet://$server/files/$platform/etc/nginx/nginx.conf";

}

service { "nginx":

restart => "/usr/sbin/nginx -s reload > /dev/null",

binary => "nginx",

ensure => "running",

require => File["/etc/nginx/nginx.conf"];

}

}

Criando uma classe para instalar e configurar de maneira automaitzada o webserver nginx

Explicar com calma cada passo do exemplo...

Puppet: Resource Types

exec { "nginx-reload":

path => "/usr/bin:/usr/sbin:/bin",

command => "nginx -s reload > /dev/null",

onlyif => "nginx -t -c /etc/nginx/nginx.conf > /dev/null",

subscribe => File["/etc/nginx/nginx.conf"],

refreshonly => true,

require => File["/etc/nginx/nginx.conf"];

}

user { "www":

provider => useradd,

comment => 'Web User',

ensure => 'present',

home => '/var/www',

shell => '/sbin/nologin';

}

idem

Puppet: Resource Types

cron { "tmpwatch-varnish":

command => "/usr/sbin/tmpwatch -qm 6 /var/log/varnish",

user => "root",

minute => 30;

}

group { "www":

gid => 503;

}

idem

Puppet: Define

Define muito semelhante a uma classe, mas possvel reaproveitar um codigo e manipul-lo por criterios.

Ponte com resolv.conf. Exemplo em multiplos datacenters

Definitions, on the other hand, can be reused many times on the same node. They essentially work as if you created your own Puppet type just by using the language. They are meant to be evaluated multiple times, with different inputs each time. This means you can pass variable values into the defines.Both classes and defines are very useful and you should make use of them when building out your puppet infrastructure.

ClassesClasses are introduced with the class keyword, and their contents are wrapped in curly braces. The following simple example creates a simple class that manages two seperate files:

Puppet: Define

define resolv_conf ($domainname = "$domain", $searchpath, $nameservers) {

case $operatingsystem {

FreeBSD: { $group = "wheel" }

default: { $group = "root" }

}

file { "/etc/resolv.conf":

owner => root,

group => $group,

mode => 444,

content => template('header.erb', 'resolv.conf.erb')

}

}

Por exemplo, o resolv.conf de um servidor em uma determinada localidade consulta servidores de DNS especificos.

Explicar para criana....

Puppet: Define

class resolv::client {

case $datacenter {

MIA: {

resolv_conf { "resolv.conf":

domainname => 'terra.com',

searchpath => ['terra.com', 'tpn.terra.com'],

nameservers => ['10.253.120.200', '10.253.120.201', '10.253.120.202'];

}

}

default: {

resolv_conf { "resolv.conf":

domainname => 'terra.com.br',

searchpath => ['tpn.terra.com', 'terra.com.br'],

nameservers => ['10.225.54.200', '10.225.54.201', '10.225.54.202'];

}

}

}

}

Idem.... Explicar para criana

Puppet: Template resolv.conf.erb

domain

search

nameserver

options rotate

############################### By Puppet##############################

domain terra.com.brsearch tpn.terra.com terra.com.brnameserver 10.225.54.200nameserver 10.225.54.201nameserver 10.225.54.202options rotate

Header.erb

resolv.conf.erbcat /etc/resolv.conf

Puppet: Nodes

node basenode {

include ntp::client include puppet::client include resolv::client include host::ssh

}

node_terminus = plainBasenode um modelo padro que adotamos que todo o servidor deve ter.

J o monit-web-poa classe que herda caracteriscas de basenode e constroe um servidor do frontend da monitoracao ....

Puppet: Nodes

class monit-web-poa inherits basenode {

$platform = 'monit-web-poa'

$datacenter = 'POA'

include apache

include php

include semon::web

include semon::util

include oracle::client

nfs::mount { "/nfs/semon-rrd01" : }

nfs::mount { "/nfs/semon-rrd02" : }

}

node_terminus = ldap

Facter!Basenode um modelo padro que adotamos que todo o servidor deve ter.

J o monit-web-poa classe que herda caracteriscas de basenode e constroe um servidor do frontend da monitoracao ....

Facter

Facter uma biblioteca em ruby destina a reunir informaes do sistemas para tomada de deciso do Puppet.

Reune informaes de sistema operacional, por exemplo, verso do kernel, distribuio, numero de interfaces de redes e outras.

Facter is an independent, cross-platform Ruby library designed to gather information on all the nodes you will be managing with Puppet. It is available on all platforms that Puppet is available.

Quick information gathering on nodesFacter is a lightweight program that gathers basic node information about the hardware and operating system. Facter is especially useful for retrieving things like operating system names, hardware characteristics, IP addresses, MAC addresses, and SSH keys.

Facter

[root@puppet-master01-poa ~]# facter

architecture => x86_64

domain => tpn.terra.com

facterversion => 1.5.7

fqdn => puppet-master01-poa.tpn.terra.com

hardwareisa => x86_64

hostname => puppet-master01-poa

interfaces => eth0

ipaddress => 200.176.14.72

ipaddress_eth0 => 200.176.14.72

is_virtual => false

kernel => Linux

kernelmajversion => 2.6

kernelversion => 2.6.18

lsbdistdescription => CentOS release 5.5 (Final)

lsbdistid => CentOS

lsbdistrelease => 5.5

lsbmajdistrelease => 5

Aqui a saida dos facter que podemos utilizar para tomada de decisso, por exemplo, a construo de um define...

Facter

# Dell Agent

smuxpeer .1.3.6.1.4.1.674.10892.1

# HP Agent

dlmod cmaX /usr/lib64/libcmaX64.so

dlmod cmaX /usr/lib/libcmaX.so