$30 off During Our Annual Pro Sale. View Details »

Managing CoreOS with Puppet

Gareth Rushgrove
December 06, 2016
Technology
1
420

Managing CoreOS with Puppet

A quick look at how to use Puppet with the CoreOS operating system. A little background on what configuration management really is, how to use Puppet on a container-centric operating system, and some of the advantages of doing so.

Gareth Rushgrove

December 06, 2016
Tweet

More Decks by Gareth Rushgrove

See All by Gareth Rushgrove
GTM vs Open Source
garethr
0
640
Software Build of Materials For Cloud Native applications
garethr
1
320
Evolving vulnerabilities in CycloneDX
garethr
0
270
Configuration security is a developer problem
garethr
2
1.9k
Patterns for secure container base image management
garethr
1
1.8k
Testing configuration with Open Policy Agent
garethr
0
460
Building a Docker Image Packaging Pipeline Using GitHub Actions
garethr
5
1.9k
The perils of configuration security
garethr
1
180
Shifting Terraform security left
garethr
3
1.5k

Other Decks in Technology

See All in Technology
開発生産性大幅アップ!Postman VS Code拡張機能
nagix
0
120
スタートアップにおける、チーム拡大を見据えたコンポーネント分割の取り組み
rynsuke
2
780
device mapperによるディスクI/O障害のエミュレーション
sat
PRO
2
420
技術コミュニティ参加のすすめ
minorun365
PRO
4
270
噂の Amazon Bedrock を Java から使ってみる #javado
tacck
1
130
ROSCon 2023参加報告:Real-Time Workshop & Zenoh's Current Status and Forecast
takasehideki
1
210
サービスの1等地ホーム画面改善と効果的なステークホルダーマネジメント / Improvement of Prime Location Home Screen for Services and Effective Stakeholder Management
rilmayer
0
150
AutoGenで作るLLM Agen
peisuke
1
220
Cloud Security Day 2023パネルディスカッション資料
coconala_engineer
0
150
なぜコピペで使うコンポーネント集を利用するのか?
mottox2
6
4.6k
CI/CDプロセスの拡充からはじめる技術的負債の解消/Eliminate technical debt, starting with expanding CI/CD processes
onecareer_tech
0
160
APIシナリオテストツールとしてのrunn / 4 API testing tools
k1low
0
260

Featured

See All Featured
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
185
15k
Infographics Made Easy
chrislema
236
17k
Optimizing for Happiness
mojombo
368
68k
Agile that works and the tools we love
rasmusluckow
323
20k
Bootstrapping a Software Product
garrettdimon
PRO
299
110k
Unsuck your backbone
ammeep
660
56k
jQuery: Nuts, Bolts and Bling
dougneiner
57
6.9k
Happy Clients
brianwarren
91
6.1k
Faster Mobile Websites
deanohume
296
29k
Automating Front-end Workflow
addyosmani
1354
200k
Build your cross-platform service in a week with App Engine
jlugia
223
17k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
0
1k

Transcript

  1. (without introducing more risk)
    Managing CoreOS
    with Puppet
    Puppet
    Gareth Rushgrove
    What? Why? How?

    View Slide

  2. (without introducing more risk)
    @garethr

    View Slide

  3. (without introducing more risk)
    Gareth Rushgrove

    View Slide

  4. (without introducing more risk)
    What we’ll cover
    This talk

    View Slide

  5. - What is configuration management?
    - CoreOS and Config management?
    - Running Puppet on CoreOS
    - Useful super powers
    Gareth Rushgrove

    View Slide

  6. I’m assuming some knowledge of
    CoreOS and of Puppet (or similar tools)
    Gareth Rushgrove

    View Slide

  7. (without introducing more risk)
    LIVE DEMOS

    View Slide

  8. (without introducing more risk)
    Useful background
    What is Configuration
    Management?

    View Slide

  9. - 1950s research
    - 1960s 480 series
    - 1991 MIL-HDBK-61
    - 1998 ANSI-EIA-649
    Gareth Rushgrove

    View Slide

  10. - Identification
    - Control
    - Status accounting
    - Verification and audit
    Gareth Rushgrove
    Military Handbook Configuration Management Guidance MIL-HDBK-61B

    View Slide

  11. Configuration management verifies
    that a system is identified and
    documented in sufficient detail
    Gareth Rushgrove
    National Consensus Standard for Configuration Management EIA-649

    View Slide

  12. Configuration management verifies
    that a system performs as intended
    Gareth Rushgrove
    National Consensus Standard for Configuration Management EIA-649

    View Slide

  13. (without introducing more risk)
    The why
    But CoreOS and
    Config Management?

    View Slide

  14. Fleet unit files tend toward chaos
    Gareth Rushgrove
    Gabriel Monroy, CTO, Dies and CoreOS contributor


    View Slide

  15. Don't use cloud init for
    configuration management
    Gareth Rushgrove
    Gabriel Monroy, CTO, Dies and CoreOS contributor


    View Slide

  16. (without introducing more risk)
    900 line user data script!

    View Slide

  17. (without introducing more risk)
    With embedded YAML

    View Slide

  18. (without introducing more risk)
    and systemd unit files

    View Slide

  19. (without introducing more risk)
    jumanjihouse/puppet-on-coreos

    View Slide

  20. Cloud-init is fine for bootstrapping
    CoreOS, but sometimes you want to
    consolidate inventory data
    for all your hosts
    Gareth Rushgrove
    Paul Morgan, Architect, NYSE


    View Slide

  21. (without introducing more risk)
    École Polytechnique Fédérale
    de Lausanne

    View Slide

  22. Continuous (re)configuration: add
    or modify services without
    reinstalling or rebooting
    Gareth Rushgrove
    École Polytechnique Fédérale de Lausanne


    View Slide

  23. Specialized configuration of individual
    nodes when you really do need it.
    eg. gateway node with the physical
    Ethernet connection to the
    outside world
    Gareth Rushgrove
    École Polytechnique Fédérale de Lausanne


    View Slide

  24. (without introducing more risk)
    @billcloud_me

    View Slide

  25. (without introducing more risk)
    @GarciaXuxo

    View Slide

  26. (without introducing more risk)
    When everything is a container
    How to run Puppet

    View Slide

  27. (without introducing more risk)
    Container-centric infrastrucure

    View Slide

  28. (without introducing more risk)
    Available on Docker Store

    View Slide

  29. (without introducing more risk)
    Talk driven development

    View Slide

  30. (without introducing more risk)
    Gareth Rushgrove
    Puppet in containers
    $ docker pull garethr/puppet-agent-coreos
    $ docker pull garethr/facter-coreos
    $ docker pull puppet/r10k

    View Slide

  31. (without introducing more risk)
    Gareth Rushgrove
    Helpful aliases
    alias puppet="docker run --rm --privileged \
    -v /tmp:/tmp -v /etc:/etc \
    -v /var:/var -v /usr:/usr \
    -v /var/run/dbus:/var/run/dbus \
    -v /run/systemd:/run/system \
    garethr/puppet-agent-coreos"

    View Slide

  32. (without introducing more risk)
    Gareth Rushgrove
    Facter
    $ facter os
    {
    architecture => "x86_64",
    family => "CoreOS",
    hardware => "x86_64",
    name => "CoreOS",
    release => {
    full => "1185.3.0",
    major => "1185",
    minor => "3"
    },
    selinux => {

    View Slide

  33. (without introducing more risk)
    Gareth Rushgrove
    Manage modules with r10k
    $ docker run -v /etc:/etc \
    -v /home/core/Puppetfile:/Puppetfile:ro \
    puppet/r10k puppetfile install --verbose \
    --moduledir /etc/puppetlabs/code/modules

    View Slide

  34. (without introducing more risk)
    Gareth Rushgrove
    Puppet resource
    $ puppet resource service etcd
    service { 'etcd':
    ensure => 'stopped',
    enable => 'true',
    }
    $ puppet resource service etcd ensure=running
    $ sudo systemctl status etcd
    etcd.service - etcd
    Loaded: loaded (/usr/lib/systemd/system/etcd.service; static;
    disabled)
    Active: active (running) since Fri 2016-12-02 16:36:13 UTC; 5

    View Slide

  35. (without introducing more risk)
    LIVE DEMOS

    View Slide

  36. (without introducing more risk)
    Nice hack, now what?
    New things you can do

    View Slide

  37. Obviously you can manage your
    users, groups, services, ssh-keys,
    DNS, etc. using Puppet
    Gareth Rushgrove

    View Slide

  38. You can have a consistent user
    interface across your CoreOS and
    non-CoreOS hosts
    Gareth Rushgrove
    (In larger organisations this can make it easier to introduce a new OS like CoreOS too)

    View Slide

  39. (without introducing more risk)
    No SSH

    View Slide

  40. (without introducing more risk)
    Inventory with PuppetDB

    View Slide

  41. (without introducing more risk)
    Gareth Rushgrove
    Puppet Query Language
    inventory { facts.os.name = "CoreOS" }

    View Slide

  42. (without introducing more risk)
    Gareth Rushgrove
    Nodes not running latest
    nodes[certname] { facts.osfamily = "CoreOS" and
    !(facts.os.release = "1185.3.0") }

    View Slide

  43. (without introducing more risk)
    Gareth Rushgrove
    More complex queries
    inventory { facts.osfamily = "CoreOS" and
    facts.datacentre = "Lon1" and
    resources { type = "Service" and
    title = "etcd" and
    parameters.ensure = "stopped" } }

    View Slide

  44. (without introducing more risk)
    Visibility and dashboards

    View Slide

  45. (without introducing more risk)
    Questions?
    And thanks for listening

    View Slide