Intro to Puppet

Transcript

1. What’s Puppet

2. Sysadmin en la onda DevOps Drupal developer 10 años sysadmin

   3 años con Puppet 8 años con Drupal http://atlantic-canary.net http://github.com/jonhattan @_jonhattan_ Jonathan Araña Cruz (aka jonhattan)

3. Caballeros

4. What? • Configuration management • Written in Ruby • Free

   software (Apache 2.0) • Current version 3.6 - towards 4.0 • PuppetLabs, since 2005 • Other products ◦ Puppet Enterprise ◦ MCollective

5. Puppet CLI tool root@chamber:~# puppet help Usage: puppet <subcommand> [options]

   <action> [options] … root@chamber:~# puppet help <subcommand> root@chamber:~# puppet man <subcommand> => man puppet-<subcommand>

6. Index • Resource Abstraction Layer • Puppet Language • Modules

   • Stored configuration • Puppet Master • Reporting

7. RAL: Resource types (I) • Resource types: high-level models ◦

   Some types: package, service, file, user, cron,... ◦ Providers: implementers on different systems ◦ Providers for package: apt, yum, pip, gem, pear,... • Available resource types ◦ Puppet built-in reference: http://docs.puppetlabs. com/references/latest/type.html ◦ Cheatsheet: http://docs.puppetlabs.com/puppet_core_types_cheatsheet.pdf ◦ Provided by 3rd party modules

8. root@chamber:~# puppet resource --types anchor augeas computer cron database database_grant

   database_user exec file file_line filebucket firewall firewallchain group host ini_setting ini_subsetting interface k5login macauthorization mailalias maillist mcx mount mysql_database mysql_grant mysql_user nagios_command nagios_contact nagios_contactgroup nagios_host nagios_hostdependency network_config network_route notify package postgresql_conf router schedule scheduled_task selboolean selmodule service ssh_authorized_key sshkey RAL: Resource types (II)

9. root@chamber:~# puppet describe -s user Manage users. This type is

   mostly built to manage system users, so it is lacking some features useful for managing normal users. Parameters ---------- ensure, expiry, gid, groups, home, keys, managehome, membership, name, password, password_max_age, password_min_age, salt, shell,system, uid Providers --------- aix, directoryservice, hpuxuseradd, ldap, pw, user_role_add, useradd, windows_adsi RAL: Resource types (III)

10. RAL: Resources (I) • Resource: instance of a resource type

    ◦ Example: root user, ntp service, vim package,... ◦ System discovery ◦ Interactive management via CLI ◦ Abstraction layer!

11. RAL: Resources (II) root@chamber:~# puppet resource user --list user {

    'root': ensure => 'present', comment => 'root', gid => '0', home => '/root', password => '$6$szUwrw3k.uAo.', password_max_age => '99999', password_min_age => '0', shell => '/bin/bash', uid => '0', } user { 'www-data': ensure => 'present', comment => 'www-data', gid => '33', home => '/var/www', password => '*', password_max_age => '99999', password_min_age => '0', shell => '/bin/sh', uid => '33', }

12. RAL: Resources (III) root@chamber:~# puppet resource user root shell=/bin/dash Notice:

    /User[root]/shell: shell changed '/bin/bash' to '/bin/dash' user { 'root': ensure => 'present', shell => '/bin/dash', } root@chamber:~# puppet resource user root --edit

13. Index • Resource Abstraction Layer • => Puppet Language •

    Modules • Stored configuration • Puppet Master • Reporting

14. Puppet Language (I) • Declarative, Domain Specific Language (DSL) •

    Purpose of the language: ◦ Describe desired state of the system by declaring resources ◦ Every other part of the language exists to add flexibility and convenience to the way resources are declared • Programs are called manifests • A manifest is compiled into a catalog

15. Example manifest: Hello world root@chamber:~# echo "notify {'hello world': }"

    > hello-world.pp root@chamber:~# puppet apply hello-world.pp Notice: Compiled catalog for chamber.faita.net in environment production in 0.02 seconds Notice: hello world Notice: /Stage[main]/Main/Notify[hello world]/message: defined 'message' as 'hello world' Notice: Finished catalog run in 3.15 seconds

16. Example manifest: “The trifecta” case $operatingsystem { centos, redhat: {

    $service_name = 'ntpd' } debian, ubuntu: { $service_name = 'ntp' } } package { 'ntp': ensure => installed, } service { 'ntp': name => $service_name, ensure => running, enable => true, subscribe => File['ntp.conf'], } file { '/etc/ntp.conf': ensure => file, require => Package['ntp'], source => 'puppet:///modules/ntp/ntp.conf', }

17. Puppet Language (II) • Some language constructs ◦ Nodes ◦

    Classes ◦ Defines ◦ Variables, Conditionals ◦ Dependency relationships ◦ Anchors, tags, collectors, run-stages,...

18. Nodes • Block of code included in one node’s catalog

    • ENC • Ref: http://docs.puppetlabs.com/puppet/latest/reference/lang_node_definitions.html # site.pp node 'foo.example.com' { ... } node '/^(bar|baz)\.example\.net$/' { ... }

19. Classes (I) • Block of code to group resources •

    Parameterized • Singleton • Ref : http://docs.puppetlabs.com/puppet/latest/reference/lang_classes.html

20. Classes (II) # file: ntp.pp class ntp ( $ntpserver =

    ‘one.pool.ntp.org’, ) { package { 'ntp': … } service { 'ntp': … } file {'/etc/ntp.conf': … } } # file: manifest.pp import ntp.pp # Include the class. include ntp # Alternatively this way you can override params class {‘ntp’: ntpserver => ‘other.pool.ntp.org’ } # puppet apply manifest.pp

21. Defines (I) • Blocks of code that can be evaluated

    multiple times with different parameters • Once defined, they act like a new (compound) resource type

22. Defines (II) define apache::vhost ($port, $docroot, $servername = $title, $vhost_name

    = '*') { include apache # contains Package['httpd'] and Service['httpd'] include apache::params # contains common config settings $vhost_dir = $apache::params::vhost_dir file { "${vhost_dir}/${servername}.conf": content => template('apache/vhost-default.conf.erb'), owner => 'www', group => 'www', mode => '644', require => Package['httpd'], notify => Service['httpd'], } }

23. Puppet Language (III) • Other related components ◦ Functions ◦

    Facter ◦ Hiera • Language reference: http://docs.puppetlabs. com/puppet/latest/reference/index.html

24. Functions • Implemented in ruby • Enrich puppet language with

    handy features • Examples: ◦ include ◦ template() • Built-in functions: http://docs.puppetlabs.com/references/latest/function. html • Puppet stdlib: https://github.com/puppetlabs/puppetlabs-stdlib • Custom: http://docs.puppetlabs.com/guides/custom_functions.html

25. Facts • System information, available as “global variables” in manifests

    root@chamber:~# facter architecture => amd64 fqdn => chamber.faita.net hostname => chamber interfaces => eth0,lo ipaddress => 10.0.0.2 ipaddress_eth0 => 10.0.0.2 ipaddress_lo => 127.0.0.1 is_virtual => true kernel => Linux kernelmajversion => 3.2 lsbdistcodename => wheezy lsbdistid => Debian lsbdistrelease => 7.5 lsbmajdistrelease => 7 osfamily => Debian processor0 => Intel(R) Core(TM) i7- 3770 CPU @ 3.40GHz processor1 => Intel(R) Core(TM) i7- 3770 CPU @ 3.40GHz processorcount => 2 puppetversion => 3.6.0 virtual => xenu

26. Hiera (I) • Key/value lookup tool for configuration data •

    Hierarchical • Avoid repetition ◦ Write common data for most nodes ◦ Override some values for nodes with a specific role ◦ Override some of those values for one or two unique nodes • Ref: http://docs.puppetlabs.com/hiera/1/

27. Hiera (II) # file /etc/hiera.yaml --- :backends: - yaml :yaml:

    :datadir: /etc/puppet/hiera :hierarchy: - "os/%{lsbdistid}" - "groups/%{::domain}" - "node/%{::fqdn}" - common # Files in /etc/puppet/hiera/ os/RedHat.yaml os/Debian.yaml groups/example.net.yaml groups/example.com.yaml hiera/nodes/bar.example.com.yaml hiera/nodes/baz.example.net.yaml hiera/nodes/foo.example.com.yaml

28. Hiera (III) # os/RedHat.yaml packages: - httpd # os/Debian.yaml packages:

    - apache2 # nodes/foo.example.com.yaml packages: - apache2-mpm-itk

29. Index • Resource Abstraction Layer • Puppet Language • =>

    Modules • Stored configuration • Puppet Master • Reporting

30. Modules (I) • Self-contained bundles of code and data •

    Manifests, classes, defines, files, templates, functions, tests,... • Directory tree: MODULENAME/manifests/ MODULENAME/files/ MODULENAME/templates/ MODULENAME/lib/ MODULENAME/facts.d/ MODULENAME/tests/ MODULENAME/spec/

31. Modules (II) • Best practices / well-known patterns • Ref:

    http://docs.puppetlabs.com/puppet/latest/reference/modules_fundamentals.html • Puppet forge: https://forge.puppetlabs.com • CLI subcommand: puppet module install puppetlabs/mysql • Librarian: https://github.com/rodjek/librarian-puppet

32. Index • Resource Abstraction Layer • Puppet Language • Modules

    • => Stored configuration • Puppet Master • Reporting

33. Stored configuration • Centralized store of puppet-produced data ◦ Nodes,

    resources, relationships, facts ◦ Catalog run log • Exported resources • Inventory service: http://docs.puppetlabs.com/guides/inventory_service. html • Active Record (sql backends) • PuppetDB: http://docs.puppetlabs.com/puppetdb/2.0/index.html

34. Index • Resource Abstraction Layer • Puppet Language • Modules

    • Stored configuration • => Puppet Master • Reporting

35. Puppet Master • Pull-based agent/master mode • REST API •

    Master stores manifests • Agent requests its catalog to the master • Ref: http://docs.puppetlabs.com/learning/agent_master_basic.html

36. Standalone (puppet apply site.pp)

37. Index • Resource Abstraction Layer • Puppet Language • Modules

    • Nodes, ENC • Store configs, PuppetDB • Puppet Master • => Reporting

38. Reporting (I) • Agent send reports at the end of

    every run ◦ Logs ◦ Metrics: time, resources, changes • Report handlers: http, log, tagmail • Ref: http://docs.puppetlabs.com/references/latest/report.html • Puppet Dashboard: web interface ◦ web interface: node classification and reporting feature ◦ Ref: https://github.com/sodabrew/puppet-dashboard

39. Reporting (II)

40. Questions?