puppet user group - austin - razor - scott mcclellan
TRANSCRIPT
Outline
❖ What problem does it solve?❖ Node Lifecycle❖ Demo Beginning❖ Configuring Razor❖ Demo Ending❖ Questions
Problem Statement
Problem:How do I dynamically deploy operating systems to bare metal nodes using hardware facts and metadata?
Problem Statement
Problem:How do I dynamically deploy operating systems to bare metal nodes using hardware facts and metadata?
Solution:Razor’s iPXE provisioning
Additional Uses
It can also be used for:● Node inventory
○ Anything that can PXE boot● Run script(s) during provisioning process
○ Notify external systems○ Modify install
Node Lifecycle
● Discovery Phase● Task Phase● Broker Phase● Reinstallation
Node
Node Lifecycle - Discovery Phase
What do I do now?
Node
TFTP Server
Node Lifecycle - Discovery Phase
What do I do now?
Node
TFTP Server
Razor Server
Node, meet Razor
Node Lifecycle - Discovery Phase
What do I do now?
Node
TFTP Server
Razor Server
Node, meet Razor
What do I do now?
Node Lifecycle - Discovery Phase
What do I do now?
Node
TFTP Server
Razor Server
Node, meet Razor
You’re new!Boot this microkernel
What do I do now?
Node Lifecycle - Discovery Phase
Node
The node boots the microkernel- Centos 7 NetInstall ISO- Very small (~145M)
Microkernel then runs Facter and reports back to Razor server
Node Lifecycle - Discovery Phase
Node Razor Server
Facter returned these $results
...And the Discovery Phase is over for the node
In that case… run this OS installer!
Node Lifecycle - Task Phase
Node
The node runs the prescribed task- Typically involves many requests for
files/templates from the Razor server- This is like running the ISO file remotely- Install questions can be answered via
- Preseed files (Ubuntu)- Kickstart files (Redhat)- Unattended.xml (Windows)- ...Etc.
Node Lifecycle - Task Phase
Node
Razor ships with several stock tasks- Centos 6 & 7- CoreOS 1- Debian Wheezy- Redhat 6 & 7- Ubuntu (Lucid, Precise, Trusty)- VMWare ESXi 5.5- Windows (8-pro, 2012r2)- ...Or write your own!
Node Lifecycle - Task Phase
Node
The clean-slate operating system is now installed!
…But it’d be nice if there were some system which could install programs, configure files, start services…
This is the transition to the Broker Phase
Node Lifecycle - Broker Phase
Node
Razor Server
What should I do now?
Run this broker file.
Puppet Master
Where’s your install file?
Welcome, run install.bash.
Node Lifecycle - Reinstallation
Node Razor Server
Reboot (IPMI request)
What do I do now?
You’re new! Run this microkernel
Demo BeginningUsing PE Razor Vagrant Stack (https://github.com/npwalker/pe-razor-vagrant-stack)
Demo - Commands
● vagrant up● (optional) wget http://stedolan.github.io/jq/download/linux64/jq
sudo mv jq /usr/bin && sudo chmod 755 /usr/bin/jqrazor create-hook --name counter --hook-type counter
● Boot the new node in VirtualBox using Internal Network Razor_Network● # Check out node on razor-server via `razor nodes`● Go to https://192.168.51.22, add class pe_repo::platform::ubuntu_1404_amd64 to
PE Master (creds: admin - puppetlabs)● vagrant ssh puppet-master -c 'sudo /opt/puppet/bin/puppet agent -t'● vagrant ssh razor-server● razor create-repo --name trusty --iso-url file:///vagrant/v-root/ubuntu-14.04.2-server-
amd64.iso --task ubuntu/trusty# Unpacks to /opt/puppet/var/razor/repo/trusty
Demo - Commands (cont.)
● razor create-broker --name puppet-pe --broker-type puppet-pe --configuration server=puppet-master# Broker code exists in /opt/puppet/share/razor-server/brokers/puppet-pe.broker
● razor create-policy --name trusty --repo trusty --broker puppet-pe \--root-password secret --hostname '${id}'
● # Wait for provisioning to finish● # Check that the node is registered at https://192.168.51.22● To add custom tasks, use directory /opt/puppet/share/razor-server/tasks● To add custom hooks, use directory /opt/puppet/share/razor-server/hooks● Custom tags can be used to classify nodes via hardware characteristics or metadata
Configuring Razor
Razor Server
Configuring Razor
Razor can be configured via two methods:● Direct API calls using JSON
○ API for each command is discoverable via /api endpoint.
● [pe-]razor-client (Command Line Interface)○ Wrapper for JSON○ Adds conveniences:
■ Datatype coercion■ Collection building (arrays, objects)■ Easy-to-query help for commands
Configuring Razor
Several pieces:● Repos● Tasks● Tags● Brokers● Policies● Hooks
Configuring Razor - Repos
Repo: Wrapper for the files within an ISO
razor create-repo \ --name centos-6.4 \ --iso-url $url_to_iso \ --task centos
Configuring Razor - Tasks
Task: How to install the repo● Task can exist on disk or be created via API
Configuring Razor - Tags
Tag: Classifying nodes by facts and metadata
razor create-tag \ --name database \ --rule ‘[“=”, [“fact”, “processorcount”], “4”]’
This tag called “database” will be applied to any nodes with exactly 4 processors.
Configuring Razor - Brokers
Broker: What to do after the install● Code must exist on disk● Instantiated via API
razor create-broker --name puppet-pe \ -c server=puppet.example.org \ --broker-type puppet-pe
The broker-type corresponds to the files/templates on disk.
Configuring Razor - Policies
Policy: Contract for when to install which repo
razor create-policy --json policy.json
{ "name": "databases", "repo": "centos-6.4", "task": "centos", "broker": "puppet-pe", "hostname": "host${id}.example.com", "root-password": "secret", "max-count": 2, "tags": ["database"]}
Configuring Razor - Policies
How does Razor know which policy to use?
Let’s say a new node qualifies for only “tag1”...
Name Max Count Node Count Tags Enabled?
First Policy 4 4 tag1 YES
Second Policy nil 0 tag1, tag2 YES
Third Policy 20 2 NO
Fourth Policy nil 0 tag1 YES
Configuring Razor - Policies
How does Razor know which policy to use?
Let’s say a new node qualifies for only “tag1”...
Name Max Count Node Count Tags Enabled?
First Policy 4 4 tag1 YES
Second Policy nil 0 tag1, tag2 YES
Third Policy 20 2 NO
Fourth Policy nil 0 tag1 YES
Configuring Razor - Hooks
Hook: Running arbitrary code at points in a node’s lifecycle
○ Code must exist on disk■ Executable files named after their triggering event■ Files receive input including node info, hook configuration,
bound policy○ Instantiated via API
razor create-hook --name counter \ --hook-type counter \ -c value=0
Configuring Razor - Hooks
Which events can trigger hooks?
● `node-registered`: triggered after a node has been registered, i.e. after its facts have been set for the first time by the Microkernel.
● `node-bound-to-policy`: triggered after a node has been bound to a policy. The script input contains a `policy` property with the details of the policy that has been bound to the node.
● `node-unbound-from-policy`: triggered after a node has been marked as uninstalled by the `reinstall-node` command and thus been returned to the set of nodes available for installation.
● `node-deleted`: triggered after a node has been deleted.● `node-booted`: triggered every time a node boots via iPXE.● `node-facts-changed`: triggered whenever a node changes its facts.● `node-install-finished`: triggered when a policy finishes its last step.
Configuring Razor - Brownfield
Razor, by default, assumes that any node it sees is ready for installation.
This means without the proper precautions, Razor could install over existing machines.
To avoid this, these precautions can be made (in decreasing order of severity):● `protect_new_nodes` configuration setting in config.yaml
○ In combination with the `reinstall-node` command● `register-node` command● Limit every policy max_count or disable all policies
○ Nodes will sit in the microkernel until a policy is available
Demo Ending
User Feedback
“I am a big fan of Puppet Razor. I recently got it implemented on my virtual environment. It works like a charm.” - Ajeet Raina (Dell)
“Just wanted to give a heartfelt thanks to all of the people involved with this project. It's not even a finished product yet and already it seriously rocks.
The integration with PE is definitely kick ass.” - Alex Scoble (TEK Systems)
“As a new user of Razor I second your thoughts Alex.
Thanks Razor team” - Amit Shah
Resources
FOSS Razor repositories:- https://github.com/puppetlabs/razor-server- https://github.com/puppetlabs/razor-client- https://github.com/puppetlabs/razor-el-mk
FOSS Razor docs:- https://github.com/puppetlabs/razor-server/wiki
PE Razor docs:- https://docs.puppetlabs.com/pe/latest/razor_using.html
PE Razor Vagrant Stack:- https://github.com/npwalker/pe-razor-vagrant-stack
Mailing list: [email protected]
Questions?