Puppet for dummies - 4developers

http://joind.in/6328
Puppet for
Dummies
4developers - 18 april 2012
Poznań - Poland
woensdag 18 april 12

View Slide

Joshua Thijssen
Freelance consultant, developer and
trainer @ NoxLogic / Techademy
Development in PHP, Python, Perl,
C, Java and some sysadmin
Blog: http://adayinthelifeof.nl
Email: [email protected]
Twitter: @jaytaph
oh hai!
2

View Slide

3

View Slide

What is puppet and why should I care?
3

View Slide

What is puppet and why should I care?
3
(answer: it’s cool and because I told you so)

View Slide

“People are ﬁnally ﬁguring out puppet and
how it gets you to the pub by 4pm.
Note that I’ve been at this pub since 2pm.”
- Jorge Castro
4

View Slide

5

View Slide

Puppet is a (not necessarily the) solution for
the following problem:
How do we setup, manage, synchronize,
and upgrade our internal and external
infrastructure?
6

View Slide

Sysadmin!
Y U no ﬁx problem!
7

View Slide

Sysadmin!
Y U no ﬁx problem!
NO
7

View Slide

LAMP-stack
8

View Slide

LAMP-stack
Linux
Apache
MySQL
PHP
8

View Slide

LAMPGMVNMCSTRAH-stack
9

View Slide

LAMPGMVNMCSTRAH-stack
Linux
Apache
MySQL
PHP
Gearman
MongoDB
CouchDB
Solr
Tika
Redis
ActiveMQ
Hadoop
Varnish
Ngnix
Memcache
9

View Slide

10

View Slide

10
How do we control our infrastructure?

View Slide

➡ Solution 1: We don’t,
10

View Slide

➡ Solution 2: We outsource,
10

View Slide

➡ Solution 2: We outsource,
➡ Solution 3: We automate the process.
10

View Slide

‣ Solution 1: we don’t
11

View Slide

➡ It’s not funny: you ﬁnd it more often
than not. Especially inside small
development companies.
11

View Slide

➡ Internal sysadmin, but he’s too busy
with development to do sysadmin.
11

View Slide

➡ We only act on escalation
11

View Slide

➡ We only act on escalation
➡ reactive, not proactive
11

View Slide

‣ Solution 2: we outsource
12

View Slide

➡ Expensive $LA’s.
12

View Slide

➡ What about INTERNAL servers like your
development systems and
infrastructure?
12

View Slide

infrastructure?
➡ Fight between stability and agility.
12

View Slide

infrastructure?
➡ Fight between stability and agility.
➡ Does your hosting company decide on
whether you can use PHP5.3???
12

View Slide

‣ Solution 3: we do it ourselves and automate
13

View Slide

➡ We are in charge.
13

View Slide

➡ You can do what you like
13

View Slide

➡ Use: cfEngine, chef, puppet.
13

View Slide

➡ Use: cfEngine, chef, puppet.
➡ When done right, maintenance should
not be difficult.
13

View Slide

PUPPET
14

View Slide

➡ Open source conﬁguration management tool.
➡ Written in Ruby
➡ Open source: https://github.com/puppetlabs
➡ Commercial version available (puppet enterprise)
15

View Slide

➡ Don’t tell HOW to do stuff.
➡ Tell WHAT to do.
¹
¹ It’s not actually true, but good enough for now...
16

View Slide

➡ Don’t tell HOW to do stuff.
➡ Tell WHAT to do.
¹
¹ It’s not actually true, but good enough for now...
“yum install httpd”
“apt-get install apache2”
“install and run the apache webserver”
16

View Slide

17
Schematic representation of a puppet infrastructure

View Slide

Puppet
17
Schematic representation of a puppet infrastructure

View Slide

Puppet CA
Puppet
Master
Puppet
Agent
https
18

View Slide

Puppet CA
Puppet
Master
Puppet
Agent
Puppet
Agent
Puppet
Agent
https
18

View Slide

Puppet
master
Puppet
client
19

View Slide

Puppet
master
Puppet
client
Check credentials
19

View Slide

Puppet
master
Puppet
client
Check credentials
Send facts
19

View Slide

Puppet
master
Puppet
client
Check credentials
Send facts
Returns “catalog”
19

View Slide

Puppet
master
Puppet
client
Check credentials
Send facts
Returns “catalog”
Report results
19

View Slide

➡ Catalogs are “compiled” manifests
➡ Manifests are puppet deﬁnitions
➡ <ﬁlename>.pp
➡ Puppet DSL
➡ De-cla-ra-tive language
➡ Version your manifests! (git/svn)
20

View Slide

package { “strace” :
ensure => present,
}
file { “/home/jaytaph/secret-ingredient.txt” :
ensure => present,
mode => 0600,
user => ‘jaytaph’,
group => ‘noxlogic’,
content => “beer”,
}
21

View Slide

package { “httpd” :
ensure => present,
}
service { “httpd”:
running => true,
enable => true,
}
22

View Slide

ensure => present,
}
service { “httpd”:
running => true,
enable => true,
}
require => Package[“httpd”],
22

View Slide

‣ Different distributions, different names
Centos / Redhat
service: httpd
package: httpd
conﬁg: /etc/httpd/conf/httpd.conf
vhosts: /etc/httpd/conf.d/*.conf
Debian / Ubuntu
service: apache2
package: apache2
conﬁg: /etc/apache2/httpd.conf
vhosts: /etc/apache2/sites-available
23

View Slide

$operatingsystem is a FACT
package { “webserver”:
case $operatingsystem {
centos, redhat { $apache = “httpd” }
debian, ubuntu { $apache = “apache2” }
default : { fail(‘I don’t know this OS/distro’) }
}
name => $apache,
ensure => installed,
}
24

View Slide

[[email protected] ~]# facter --puppet
architecture => x86_64
fqdn => puppetnode1.noxlogic.local
interfaces => eth1,eth2,lo
ipaddress_eth1 => 192.168.1.114
ipaddress_eth2 => 192.168.56.200
kernel => Linux
kernelmajversion => 2.6
operatingsystem => CentOS
operatingsystemrelease => 6.0
processor0 => Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz
puppetversion => 2.6.9
‣ A simple list with info (also useable in your own tools)
25

View Slide

node default {
$def_packages = [ “mc”, “strace”, “sysstat” ]
package { $def_packages :
ensure => latest,
}
}
/etc/puppet/manifests/site.pp:
‣ “Main” manifest
26

View Slide

Deﬁning nodes - regular expressions
node /^web\d+\.example\.local$/ {
ensure => latest,
}
}
node /^db\d+\.example\.local$/ {
package { “mysql-server” :
}
}
27

View Slide

node basenode {
user { “jaytaph” :
ensure => present,
gid => 1000,
uid => 1000,
home => “/home/jaytaph”,
shell => “/bin/sh”,
password => “supersecrethashedpassword”,
managehome => true,
}
}
node /^.+\.example\.local/ inherits basenode {
...
}
‣ Node inheritance
28

View Slide

‣ Group together into a class
29

View Slide

class webserver {
service { “apache”:
ensure => running,
require => Package[“apache”],
}
package { “apache” :
}
}
29

View Slide

class webserver {
service { “apache”:
ensure => running,
require => Package[“apache”],
}
package { “apache” :
}
}
file { “vhost_${webserver_name}” :
path => “/etc/httpd/conf/10-vhost.conf”,
content => template(“vhost.template.erb”),
notify => Service[“httpd”],
}
29

View Slide

:80>
ServerName <%= webserver_name %>
ServerAlias <%= webserver_alias %>
DocumentRoot <%= webserver_docroot %>

vhost.template.erb
30
‣ ERB templates can contain custom variables and facts

View Slide

node “web01.example.local” inherits base {
$webserver_name = “web01.example.local”
$webserver_alias = “www.example.local”
$webserver_docroot = “/var/www/web01”
include webserver
}
node “web02.example.local” inherits base {
$webserver_name = “web02.example.local”
$webserver_alias = “crm.example.local”
$webserver_docroot = “/var/www/web02”
include webserver
}
31

View Slide

➡ A puppet module is a collection of
resources, classes, templates.
➡ Used for easy distribution and code-reuse.
➡ Self-contained, run out-of-the-box
32

View Slide

➡ puppetforge / github
➡ Create your own (and share!).
➡ Use the ones from puppet enterprise edition.
➡ Use the standard layout / best practices
33

View Slide

class ntp::install {
package{"ntpd":
ensure => latest
}
}
class ntp::config {
File{
require => Class["ntp::install"],
notify => Class["ntp::service"],
owner => "root",
group => "root",
mode => 644
}
file{"/etc/ntp.conf":
source => "puppet:///ntp/ntp.conf";
"/etc/ntp/step-tickers":
source => "puppet:///ntp/step-tickers";
}
}
class ntp::service {
service{"ntp":
ensure => running,
enable => true,
require => Class["ntp::config"],
}
}
class ntp {
include ntp::install, ntp::config, ntp::service
}
34

View Slide

➡ (Unit)test your modules
➡ Test them with:
puppet apply --noop
➡ More advanced testing: cucumber /
cucumber-puppet (BDD)
35

View Slide

http://docs.puppetlabs.com/references/stable/type.html
➡ Almost everything.
➡ standard 48 different resource types
➡ Ranging from “ﬁle” to “cron” to “ssh_key”
to “user” to “selinux”.
➡ Can control your Cisco routers and
windows machines too (sortakinda)
36

View Slide

http://media.techtarget.com/digitalguide/images/Misc/puppetDashboard.gif
37

View Slide

38

View Slide

39
➡ Puppet went from v0.25 to v2.6.
➡ REST interface since 2.6. XMLRPC before
that.
➡ One binary to rule them all (puppet).
➡ Puppet v2.7 switched from GPLv2 to
apache2.0 license.

View Slide

➡ --test does not mean dry-run!
(--noop does).
➡ It’s not object oriented. (puppet class !
= php class)
➡ It’s a declarative language.
40

View Slide

41

View Slide

➡ Puppet agent “calls” the master every 30 minutes.
➡ But what about realtime command & control?
➡ “Puppet kick”... (meh)
➡ MCollective (Marionette Collective)
42

View Slide

➡ Which systems running a database and have
16GB or less?
➡ Which systems are using <50% of available
memory?
➡ Restart all apache services in timezone
GMT+5.
43

View Slide

ACTIVEMQ
Client
MCollective
Server
Node
Middleware
Client
MCollective
Server
MCollective
Server
‣ Middleware takes care of distribution,
‣ queued, broadcast etc..
Collective
44

View Slide

http://docs.puppetlabs.com/mcollective/reference/basic/subcollectives.html
45

View Slide

Filter out nodes based on facts
$ mc-facts operatingsystem
Report for fact: operatingsystem
CentOS found 3 times
Debian found 14 times
Solaris found 4 times
$ mc-facts -W operatingsystem=Centos operatingsystemrelease
Report for fact: operatingsystemrelease
6.0 found 1 times
5.6 found 2 times
46

View Slide

➡ Display all running processes
➡ Run or deploy software
➡ Restart services
➡ Start puppet agent
➡ Upgrade your systems
47

View Slide

-ETOOMUCHINFO
Let’s recap
48

View Slide

➡ Conﬁguration management tool.
➡ Focusses on “what” instead of “how”.
➡ Scales from 1 to 100K+ systems.
➡ Uses descriptive manifests.
49

View Slide

➡ Useful for sysadmins and developers.
➡ Keeps your infrastructure in sync.
➡ Keeps your infrastructure versioned.
➡ MCollective controls your hosts based
on facts, not names.
50

View Slide

There is no reason NOT to control your infrastructure.
Having only 3 servers is NOT a reason.
51
You will be able to join the rest of us in the pub early.

View Slide

http://farm1.static.ﬂickr.com/73/163450213_18478d3aa6_d.jpg 52

View Slide

Please rate my talk on joind.in:
http://joind.in/6328
Thank you
53
Find me on twitter: @jaytaph
Find me for development and training: www.noxlogic.nl
Find me on email: [email protected]
Find me for blogs: www.adayinthelifeof.nl

View Slide

Puppet for dummies - 4developers

Puppet for dummies - 4developers

Joshua Thijssen

More Decks by Joshua Thijssen

Other Decks in Programming

Featured

Transcript