Puppet Module Reusability

Puppet Module
Reusability
Learning from shipping to the Forge
Gareth Rushgrove

View Slide

Who
(Who is this person?)

View Slide

@garethr

View Slide

UK Government
Digital Service

View Slide

View Slide

Last code
I wrote

View Slide

View Slide

7. Gareth Rushgrove

View Slide

Last puppet
module I wrote

View Slide

The Problem
(Sharing modules is hard)

View Slide

Not invented here
syndrome
1

View Slide

A search for
puppet-apache

View Slide

145
Gareth Rushgrove

View Slide

Puppetlabs
apache

View Slide

67
contributors
Gareth Rushgrove

View Slide

281
forks
Gareth Rushgrove

View Slide

281
Gareth Rushgrove

View Slide

Vendor everything
pattern
2

View Slide

Not publishing to the
Forge
3

View Slide

Puppet
Forge

View Slide

Undocumented
modules
4

View Slide

Ofﬁcial docs
guidelines

View Slide

(Too) opinionated
conﬁguration
5

View Slide

Sometimes I just
want to write nginx
conﬁguration
Gareth Rushgrove

View Slide

Duplicate resources
6

View Slide

Package { 'build-essential’:
ensure => installed,
}
Gareth Rushgrove

View Slide

Stdlib
(Start here)

View Slide

Standard
Library from
Puppetlabs

View Slide

Fail fast
Gareth Rushgrove

View Slide

Validation
Gareth Rushgrove

View Slide

Useful error
messages
Gareth Rushgrove

View Slide

fail("${::operatingsystem}
not supported")
Gareth Rushgrove

View Slide

validate_string
Gareth Rushgrove

View Slide

validate_string($version)
Gareth Rushgrove

View Slide

not a string.
Gareth Rushgrove

View Slide

validate_slength
Gareth Rushgrove

View Slide

validate_re
Gareth Rushgrove

View Slide

validate_hash
Gareth Rushgrove

View Slide

Gareth Rushgrove
validate_cmd

View Slide

validate_bool
Gareth Rushgrove

View Slide

Avoid duplicate
resources
Gareth Rushgrove

View Slide

Package { 'build-essential’:
ensure => installed,
}
Gareth Rushgrove

View Slide

include 'gcc'
Gareth Rushgrove

View Slide

package{[
'python-pip',
'python-ldap',
]:
ensure => installed
}
Gareth Rushgrove

View Slide

ensure_packages
Gareth Rushgrove

View Slide

ensure_packages([
'python-pip',
'python-ldap',
])
Gareth Rushgrove

View Slide

ensure_resource
Gareth Rushgrove

View Slide

Nicer interfaces
Gareth Rushgrove

View Slide

str2bool
Gareth Rushgrove

View Slide

any2array
Gareth Rushgrove

View Slide

And much more
Gareth Rushgrove

View Slide

Dependency
management is
everywhere
(Else)

View Slide

NPM, Bundler, Pip,
Mix, Leiningen
Gareth Rushgrove

View Slide

Librarian
Puppet

View Slide

r10k

View Slide

echo 'modules' >> .gitignore
Gareth Rushgrove

View Slide

dependency 'puppetlabs/stdlib'
dependency 'garethr/erlang'
dependency 'maestrodev/wget'
Gareth Rushgrove

View Slide

forge "http://forge.puppetlabs.com"
mod 'puppetlabs/ruby'
mod 'puppetlabs/ntp'
mod 'puppetlabs/git'
mod 'puppetlabs/vcsrepo'
mod 'puppetlabs/apt'
mod 'puppetlabs/gcc'
Gareth Rushgrove

View Slide

librarian-puppet install
Gareth Rushgrove

View Slide

A Nice
Module Pattern
(Structuring modules for reuse)

View Slide

R.I.Pienaar

View Slide

install, conﬁg,
service, params
Gareth Rushgrove

View Slide

manifests
!"" config.pp
!"" init.pp
!"" install.pp
!"" params.pp
#"" service.pp
Gareth Rushgrove

View Slide

class sample (
) inherits sample::params {
class { 'sample::install': } ->
class { 'sample::config': } ~>
class { 'sample::service': } ->
Class['sample']
}
Gareth Rushgrove

View Slide

anchor { 'sample::begin': } ->
class { 'sample::install': } ->
class { 'sample::config': }
class { 'sample::service': } ->
anchor { 'sample::end': }
Gareth Rushgrove

View Slide

Anchor['sample::begin'] ~>
Class['sample::service']
Class['sample::install'] ~>
Class['sample::config'] ~>
Gareth Rushgrove

View Slide

Puppet module tool
Gareth Rushgrove

View Slide

puppet module generate name
Gareth Rushgrove

View Slide

Default module
skeleton
Gareth Rushgrove

View Slide

In puppet
source code

View Slide

!"" manifests
!"" spec
!"" tests
!"" Modulefile
!"" .gitignore
#"" README
Gareth Rushgrove

View Slide

Creating your own
module skeleton
Gareth Rushgrove

View Slide

~/.puppet/var/puppet-module/skeleton
Gareth Rushgrove

View Slide

puppet module
skeleton

View Slide

!"" manifests
!"" spec
!"" tests
!"" templates
!"" files
!"" lib
!"" Gemfile
Gareth Rushgrove

View Slide

!"" Rakefile
!"" .nodeset.yml
!"" .fixtures.yml
!"" .travis.yml
!"" Modulefile
!"" .gitignore
#"" README.md
Gareth Rushgrove

View Slide

Creates install,
conﬁg, service,
params classes
Gareth Rushgrove

View Slide

Dependency
management with
Bundler
Gareth Rushgrove

View Slide

Better unit testing
setup using rspec-
puppet-helper
Gareth Rushgrove

View Slide

Adds syntax and lint
checking
Gareth Rushgrove

View Slide

Adds Travis CI
conﬁguration
Gareth Rushgrove

View Slide

Adds integration tests
with rspec-system
Gareth Rushgrove

View Slide

Adds module
management with
maestrodev
blacksmith
Gareth Rushgrove

View Slide

Focus on the
interface
Gareth Rushgrove

View Slide

Minimize number of
entry points
Gareth Rushgrove

View Slide

Allow overriding
provided templates
Gareth Rushgrove

View Slide

Multi-OS Support
(Where to abstract the diﬀerences)

View Slide

Vary default
parameters
Gareth Rushgrove

View Slide

Keep logic in one
place
Gareth Rushgrove

View Slide

case $::osfamily {
'Debian': {
}
'RedHat', 'Amazon': {
}
default: {
fail("${::operatingsystem} not su
}
Gareth Rushgrove

View Slide

ARM-9 Data
in Modules

View Slide

garethr-erlang

View Slide

0.0.x supported
Ubuntu only
Gareth Rushgrove

View Slide

0.1.x supports
Ubuntu, Debian,
Redhat, Suse
Gareth Rushgrove

View Slide

Gareth Rushgrove

View Slide

Pull requests to
the rescue

View Slide

View Slide

Insist on tests with
open source
contributions
Gareth Rushgrove

View Slide

Module Testing
(Code should have tests)

View Slide

Why test a
declarative
language?
Gareth Rushgrove

View Slide

Modules increasingly
contain logic
Gareth Rushgrove

View Slide

take arguments
Gareth Rushgrove

View Slide

have interfaces with
other modules
Gareth Rushgrove

View Slide

used in many Ruby
and Puppet version
combinations
Gareth Rushgrove

View Slide

Good news. The tools
got better
Gareth Rushgrove

View Slide

puppet-lint
Gareth Rushgrove

View Slide

Puppet
style guide

View Slide

Available
as a gem

View Slide

puppet-lint --with-filename /etc/puppet/modules
foo/manifests/bar.pp: trailing whitespace found
on line 1
apache/manifests/server.pp: variable not enclosed
in {} on line 56
Gareth Rushgrove

View Slide

puppet-syntax
Gareth Rushgrove

View Slide

Validate Puppet
and ERB syntax

View Slide

require 'puppet-syntax/tasks/puppet-syntax'
Gareth Rushgrove

View Slide

bundle exec rake syntax
---> syntax:manifests
---> syntax:templates
Gareth Rushgrove

View Slide

rspec-puppet
Gareth Rushgrove

View Slide

Unit testing
for Puppet

View Slide

context "epel enabled" do
let(:params) {{ :epel_enable => true }}
it { should contain_class('epel') }
end
Gareth Rushgrove

View Slide

context "epel disabled" do
let(:params) {{ :epel_enable => false }}
it { should_not contain_class('epel') }
end
Gareth Rushgrove

View Slide

Fixtures,
matchers

View Slide

Test the interface not
the implementation
Gareth Rushgrove

View Slide

All of the above
Gareth Rushgrove

View Slide

task :test => [
:syntax,
:lint,
:spec,
]
Gareth Rushgrove

View Slide

bundle exec rake test
Gareth Rushgrove

View Slide

Gareth Rushgrove

View Slide

Nice continuous
integration

View Slide

View Slide

Test pull request
branches too

View Slide

---
language: ruby
before_install: rm Gemfile.lock || true
rvm:
- 1.8.7
- 1.9.3
script: bundle exec rake test
env:
matrix:
- PUPPET_VERSION="~> 2.7.0"
Gareth Rushgrove

View Slide

A matrix of
possibilities
Gareth Rushgrove

View Slide

rspec-system
Gareth Rushgrove

View Slide

Integration
test against
real systems

View Slide

Puppet
helpers for
rspec-system

View Slide

Vagrant
driver

View Slide

VSphere
provider

View Slide

Test that Puppet runs
without errors
Gareth Rushgrove

View Slide

it 'should run without errors' do
pp = "class { 'sample': }"
puppet_apply(pp) do |r|
r.exit_code.should == 2
end
end
Gareth Rushgrove

View Slide

Test runs are
idempotent
Gareth Rushgrove

View Slide

it 'should run without errors' do
pp = "class { 'sample': }"
puppet_apply(pp) do |r|
r.exit_code.should == 2
r.refresh
r.exit_code.should be_zero
end
end
Gareth Rushgrove

View Slide

Test that the module
installs relevant
binaries
Gareth Rushgrove

View Slide

it 'should install the erl binary' do
shell 'which erl' do |r|
r.stdout.should =~ /\/usr\/bin\/e
r.stderr.should be_empty
r.exit_code.should be_zero
end
end
Gareth Rushgrove

View Slide

Test against different
operating systems
Gareth Rushgrove

View Slide

default_set: 'centos-64-x64'
sets:
'centos-64-x64':
nodes:
"main.foo.vm":
prefab: 'centos-64-x64'
'fedora-18-x64':
nodes:
"main.foo.vm":
prefab: 'fedora-18-x64'
'debian-607-x64':
nodes:
"main.foo.vm":
Gareth Rushgrove

View Slide

Room for
improvements
(Making reuse easier in Puppet)

View Slide

Run your own Forge
1

View Slide

A more secure Forge
2

View Slide

Bless a dependency
management tool
3

View Slide

Optional
dependencies
4

View Slide

dependency 'puppetlabs/stdlib'
optional_dependency 'puppetlabs/apache'
Gareth Rushgrove

View Slide

Private classes
5

View Slide

private class elixir::install {
Gareth Rushgrove

View Slide

Parameter naming
conventions
6

View Slide

example42
Proposal

View Slide

Interfaces in Puppet
7

View Slide

interface packageandservice {
$version
$enable
$package_name
$template
}
Gareth Rushgrove

View Slide

class diamond (
$version,
$enable,
$package_name,
$template,
) {
implements packageandservice
Gareth Rushgrove

View Slide

Questions?
(And thanks for listening)

View Slide

Puppet Module Reusability

Puppet Module Reusability

Gareth Rushgrove

More Decks by Gareth Rushgrove

Other Decks in Technology

Featured

Transcript