puppetizing multitier architecture - puppetconf 2014
DESCRIPTION
Puppetizing Multitier Architecture - Reid Vandewiele, Puppet LabsTRANSCRIPT
![Page 1: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/1.jpg)
2014
presented by
Puppetizing Multi-Tier Architecture Reid Vandewiele Solutions Engineer | Puppet Labs
![Page 2: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/2.jpg)
![Page 3: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/3.jpg)
![Page 4: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/4.jpg)
Monolithic Install Split Install
![Page 5: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/5.jpg)
Monolithic Install Split Install
![Page 6: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/6.jpg)
![Page 7: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/7.jpg)
![Page 8: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/8.jpg)
• Introduction
Multi-Tier Challenges • How to Define • How to Classify • How to Deploy
Agenda
![Page 9: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/9.jpg)
Multi-Tier Challenges • How to Define • How to Classify • How to Deploy
![Page 10: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/10.jpg)
![Page 11: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/11.jpg)
![Page 12: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/12.jpg)
![Page 13: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/13.jpg)
![Page 14: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/14.jpg)
![Page 15: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/15.jpg)
Profiles
![Page 16: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/16.jpg)
![Page 17: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/17.jpg)
![Page 18: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/18.jpg)
![Page 19: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/19.jpg)
![Page 20: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/20.jpg)
![Page 21: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/21.jpg)
class puppet_enterprise ( $interface, ... ) { ## REPRESENT THIS # # # # # # # # # # }
![Page 22: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/22.jpg)
![Page 23: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/23.jpg)
![Page 24: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/24.jpg)
Application Classes class pe ( $puppetdb_port = 8081, ... ) { } class pe::puppet_master ( $puppetdb_port = $pe::puppetdb_host, ... ) inherits pe { ... }
class pe::puppetdb ( $puppetdb_port = $pe::puppetdb_host, ... ) inherits pe { ... }
![Page 25: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/25.jpg)
Application Class class pe ( $puppet_master_host = undef, $puppet_master_port = undef, $puppet_console_host = undef, $puppet_console_port = undef, $puppetdb_database_host = undef, $puppetdb_database_port = undef, $puppetdb_database_name = undef, $puppetdb_database_username = undef, $puppetdb_database_password = undef, ... ) { ...
![Page 26: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/26.jpg)
Application Component Profile class pe::puppet_master ( $certificate_authority_host = $pe::certificate_authority_host, $certificate_authority_port = $pe::certificate_authority_port, $certificate_authority_proxy = true, $puppetdb_host = $pe::puppetdb_host, $puppetdb_port = $pe::puppetdb_port, $console_host = $pe::puppet_console_host, $console_port = $pe::puppet_console_port $reports = undef, $node_terminus = undef, ) inherits pe { ...
![Page 27: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/27.jpg)
• Model the Application
• Dynamism / Elasticity
Accomplished
Not Yet Accomplished
![Page 28: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/28.jpg)
?
![Page 29: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/29.jpg)
Pool_member <<| filter |>> pool_member { 'master_1': } pool_member { 'master_2': }
@@pool_member { 'master_1': }
@@pool_member{ 'master_2': }
storeconfigs
![Page 30: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/30.jpg)
storeconfigs
class pe::load_balancer ( ... ) inherits pe { Pool_member <<| filter |>> ... }
class pe::puppet_master ( ... ) inherits pe { @@pool_member { $::ipaddress: } ... }
![Page 31: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/31.jpg)
![Page 32: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/32.jpg)
clientcert=www1
app_pubkey=
ensure keypair!
clientcert=www1
app_pubkey=abc12
3
ensure keypair!
![Page 33: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/33.jpg)
Multi-Tier Challenges • How to Define • How to Classify • How to Deploy
![Page 34: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/34.jpg)
A collec+on of "things" (objects or numbers, etc). Each member is called an element of the set. There should be only one of each member (all members are unique).
Set
![Page 35: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/35.jpg)
Evaluation Order Matters
class { 'pe': instance_id => 'central'; } class { 'pe::puppet_master': }
class { 'pe::puppet_master': } class { 'pe': instance_id => 'central'; }
• Works
• Breaks
![Page 36: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/36.jpg)
Hiera -‐-‐-‐ :hierarchy: -‐ "clientcert/%{clientcert}" -‐ "app_instance/%{app_instance}" -‐ "env_tier/%{env_tier}" -‐ global :backends: -‐ yaml :yaml: :datadir: "/etc/puppetlabs/puppet/environments/%{environment}/data"
![Page 37: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/37.jpg)
Hiera All Managed Nodes
env_tier=development env_tier=production
appid=prod1 appid=prod2 appid=dev1 appid=dev2
![Page 38: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/38.jpg)
Application Class class pe ( $puppet_master_host = undef, $puppet_master_port = undef, $puppet_console_host = undef, $puppet_console_port = undef, $puppetdb_database_host = undef, $puppetdb_database_port = undef, $puppetdb_database_name = undef, $puppetdb_database_username = undef, $puppetdb_database_password = undef, ... ) { ...
![Page 39: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/39.jpg)
Application Class class pe ( $puppet_master_host = $::puppet_master_host , $puppet_master_port = $::puppet_master_port , $puppet_console_host = $::puppet_console_host, $puppet_console_port = $::puppet_console_port , $puppetdb_database_host = $::puppetdb_database_host, $puppetdb_database_port = $::puppetdb_database_port, $puppetdb_database_name = $::puppetdb_database_name, $puppetdb_database_username = $::puppetdb_database_username, $puppetdb_database_password = $::puppetdb_database_password, ... ) { ...
![Page 40: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/40.jpg)
Multi-Tier Challenges • How to Define • How to Classify • How to Deploy
![Page 41: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/41.jpg)
![Page 42: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/42.jpg)
2 1
Run Puppet!
Run Puppet!
![Page 43: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/43.jpg)
Run Puppet!
Run Puppet!
Run Puppet!
Run Puppet!
1 2 3 4
![Page 44: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/44.jpg)
Multi-Tier Challenges • How to Define • How to Classify • How to Deploy
Puppetizing Multi-Tier Architecture
![Page 45: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/45.jpg)
Anchors class pe ( ... ) { # ANCHORS # When building a complex multi-‐tier model, it is not known up front which # profiles will be deployed to a given node. However, some profiles when # deployed together have dependencies which must be expressed. For example, # the CA must be set up and configured before certificates can be requested. # Therefore the CA must be configured before any certificate-‐requiring # service. Since the profiles cannot express those dependencies directly # against each other, since they may or may not exist in a given node's # catalog, we instead have them express dependencies against common anchors. anchor { 'barrier: pe certificate_authority': } -‐> anchor { 'barrier: pe puppetdb_database': } -‐> anchor { 'barrier: pe puppetdb': } -‐> ...
![Page 46: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/46.jpg)
• Model the app as a class – Most important consideration is the interface
• Assign parameters to app, not just nodes – Complementary to the assignment of classes to nodes
• Take central control of Puppet run schedule – Or else account for eventual consistency
Puppetizing Multi-Tier Architecture
![Page 47: Puppetizing Multitier Architecture - PuppetConf 2014](https://reader034.vdocuments.site/reader034/viewer/2022052621/5587410fd8b42abc5d8b457a/html5/thumbnails/47.jpg)
Questions?