Pro Yearly is on sale from $80 to $50! »

Managing CoreOS with Puppet

98234c645fe8c935edc0fec0186d28b8?s=47 Gareth Rushgrove
December 06, 2016
Technology
1
360

Managing CoreOS with Puppet

A quick look at how to use Puppet with the CoreOS operating system. A little background on what configuration management really is, how to use Puppet on a container-centric operating system, and some of the advantages of doing so.

98234c645fe8c935edc0fec0186d28b8?s=128

Gareth Rushgrove

December 06, 2016
Tweet

More Decks by Gareth Rushgrove

See All by Gareth Rushgrove
98234c645fe8c935edc0fec0186d28b8?s=48 garethr
2
1.2k
98234c645fe8c935edc0fec0186d28b8?s=48 garethr
1
940
98234c645fe8c935edc0fec0186d28b8?s=48 garethr
0
120
98234c645fe8c935edc0fec0186d28b8?s=48 garethr
4
1.3k
98234c645fe8c935edc0fec0186d28b8?s=48 garethr
1
110
98234c645fe8c935edc0fec0186d28b8?s=48 garethr
3
950
98234c645fe8c935edc0fec0186d28b8?s=48 garethr
3
1k
98234c645fe8c935edc0fec0186d28b8?s=48 garethr
2
460
98234c645fe8c935edc0fec0186d28b8?s=48 garethr
3
4k

Other Decks in Technology

See All in Technology
Eebedc2ee7ff95ffb9d9102c6d4a065c?s=48 line_devday2020
0
890
Eebedc2ee7ff95ffb9d9102c6d4a065c?s=48 line_devday2020
0
150
Eebedc2ee7ff95ffb9d9102c6d4a065c?s=48 line_devday2020
0
140
Eebedc2ee7ff95ffb9d9102c6d4a065c?s=48 line_devday2020
0
500
D16bc1f94b17ddc794c2dfb48ef59456?s=48 mosky
0
510
Ad04710a6e5202a36059db1092b1d13c?s=48 bomccss
2
880
Eebedc2ee7ff95ffb9d9102c6d4a065c?s=48 line_devday2020
0
100
9e7a653ed313b3da4b263a772bfc5026?s=48 clustervr
0
160
8d80af14296180866264212adbfb587e?s=48 godan
1
160
Eebedc2ee7ff95ffb9d9102c6d4a065c?s=48 line_devday2020
0
110
0d29d155ce5c5a93ed46363626da3ea7?s=48 ocise
0
680
Eebedc2ee7ff95ffb9d9102c6d4a065c?s=48 line_devday2020
0
120

Featured

See All Featured
4262b9cfacfb6b2c77f23e1d0310cd3e?s=48 myddelton
107
11k
Af6a12710770ad9a7cfd08c97efd40d3?s=48 pedronauck
651
110k
E837d2996f52008ace055a08fbfff992?s=48 frogandcode
125
20k
5f2da528927a2ec9ba4fec2069cbc958?s=48 kneath
218
15k
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
6
610
C51b39fa3c79ccb99dcb8a076bc98287?s=48 brianwarren
83
4.6k
78b475797a14c84799063c7cd073962f?s=48 holman
460
280k
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
5
590
9fa239b3154a0169d99ab7bf1422dd12?s=48 marcelosomers
220
15k
3d4519fd34b76fb265fc0237f3792bd4?s=48 danielanewman
1
410
D8fc2580cfaca035f666d9e4ee79a7f7?s=48 mongodb
23
3.7k
F383c6a4dc55e331bbe2987b622cee6b?s=48 stephaniewalter
258
11k

Transcript

  1. (without introducing more risk) Managing CoreOS with Puppet Puppet Gareth

    Rushgrove What? Why? How?

  2. (without introducing more risk) @garethr

  3. (without introducing more risk) Gareth Rushgrove

  4. (without introducing more risk) What we’ll cover This talk

  5. - What is configuration management? - CoreOS and Config management?

    - Running Puppet on CoreOS - Useful super powers Gareth Rushgrove

  6. I’m assuming some knowledge of CoreOS and of Puppet (or

    similar tools) Gareth Rushgrove

  7. (without introducing more risk) LIVE DEMOS

  8. (without introducing more risk) Useful background What is Configuration Management?

  9. - 1950s research - 1960s 480 series - 1991 MIL-HDBK-61

    - 1998 ANSI-EIA-649 Gareth Rushgrove

  10. - Identification - Control - Status accounting - Verification and

    audit Gareth Rushgrove Military Handbook Configuration Management Guidance MIL-HDBK-61B

  11. Configuration management verifies that a system is identified and documented

    in sufficient detail Gareth Rushgrove National Consensus Standard for Configuration Management EIA-649

  12. Configuration management verifies that a system performs as intended Gareth

    Rushgrove National Consensus Standard for Configuration Management EIA-649

  13. (without introducing more risk) The why But CoreOS and Config

    Management?

  14. Fleet unit files tend toward chaos Gareth Rushgrove Gabriel Monroy,

    CTO, Dies and CoreOS contributor “ ”

  15. Don't use cloud init for configuration management Gareth Rushgrove Gabriel

    Monroy, CTO, Dies and CoreOS contributor “ ”

  16. (without introducing more risk) 900 line user data script!

  17. (without introducing more risk) With embedded YAML

  18. (without introducing more risk) and systemd unit files

  19. (without introducing more risk) jumanjihouse/puppet-on-coreos

  20. Cloud-init is fine for bootstrapping CoreOS, but sometimes you want

    to consolidate inventory data for all your hosts Gareth Rushgrove Paul Morgan, Architect, NYSE “ ”

  21. (without introducing more risk) École Polytechnique Fédérale de Lausanne

  22. Continuous (re)configuration: add or modify services without reinstalling or rebooting

    Gareth Rushgrove École Polytechnique Fédérale de Lausanne “ ”

  23. Specialized configuration of individual nodes when you really do need

    it. eg. gateway node with the physical Ethernet connection to the outside world Gareth Rushgrove École Polytechnique Fédérale de Lausanne “ ”

  24. (without introducing more risk) @billcloud_me

  25. (without introducing more risk) @GarciaXuxo

  26. (without introducing more risk) When everything is a container How

    to run Puppet

  27. (without introducing more risk) Container-centric infrastrucure

  28. (without introducing more risk) Available on Docker Store

  29. (without introducing more risk) Talk driven development

  30. (without introducing more risk) Gareth Rushgrove Puppet in containers $

    docker pull garethr/puppet-agent-coreos $ docker pull garethr/facter-coreos $ docker pull puppet/r10k

  31. (without introducing more risk) Gareth Rushgrove Helpful aliases alias puppet="docker

    run --rm --privileged \ -v /tmp:/tmp -v /etc:/etc \ -v /var:/var -v /usr:/usr \ -v /var/run/dbus:/var/run/dbus \ -v /run/systemd:/run/system \ garethr/puppet-agent-coreos"

  32. (without introducing more risk) Gareth Rushgrove Facter $ facter os

    { architecture => "x86_64", family => "CoreOS", hardware => "x86_64", name => "CoreOS", release => { full => "1185.3.0", major => "1185", minor => "3" }, selinux => {

  33. (without introducing more risk) Gareth Rushgrove Manage modules with r10k

    $ docker run -v /etc:/etc \ -v /home/core/Puppetfile:/Puppetfile:ro \ puppet/r10k puppetfile install --verbose \ --moduledir /etc/puppetlabs/code/modules

  34. (without introducing more risk) Gareth Rushgrove Puppet resource $ puppet

    resource service etcd service { 'etcd': ensure => 'stopped', enable => 'true', } $ puppet resource service etcd ensure=running $ sudo systemctl status etcd etcd.service - etcd Loaded: loaded (/usr/lib/systemd/system/etcd.service; static; disabled) Active: active (running) since Fri 2016-12-02 16:36:13 UTC; 5

  35. (without introducing more risk) LIVE DEMOS

  36. (without introducing more risk) Nice hack, now what? New things

    you can do

  37. Obviously you can manage your users, groups, services, ssh-keys, DNS,

    etc. using Puppet Gareth Rushgrove

  38. You can have a consistent user interface across your CoreOS

    and non-CoreOS hosts Gareth Rushgrove (In larger organisations this can make it easier to introduce a new OS like CoreOS too)

  39. (without introducing more risk) No SSH

  40. (without introducing more risk) Inventory with PuppetDB

  41. (without introducing more risk) Gareth Rushgrove Puppet Query Language inventory

    { facts.os.name = "CoreOS" }

  42. (without introducing more risk) Gareth Rushgrove Nodes not running latest

    nodes[certname] { facts.osfamily = "CoreOS" and !(facts.os.release = "1185.3.0") }

  43. (without introducing more risk) Gareth Rushgrove More complex queries inventory

    { facts.osfamily = "CoreOS" and facts.datacentre = "Lon1" and resources { type = "Service" and title = "etcd" and parameters.ensure = "stopped" } }

  44. (without introducing more risk) Visibility and dashboards

  45. (without introducing more risk) Questions? And thanks for listening