Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Managed Puppet Servers
Search
Julian Meier
November 10, 2015
Technology
0
88
Managed Puppet Servers
Speech at the Zürich Puppet Meetup in November 2015.
Julian Meier
November 10, 2015
Tweet
Share
Other Decks in Technology
See All in Technology
反実仮想機械学習とは何か
usaito
PRO
11
4.1k
コンテナセキュリティの基本と脅威への対策
kyohmizu
3
750
プラットフォームってつくることより計測することが重要なんじゃないかという話 / Platform Engineering Meetup #8
taishin
1
340
長期間TiDBを使ってきた話 @ 私たちはなぜNewSQLを使うのかTiDB選定5社が語る選定理由と活用LT / Experiences with TiDB Over Time
chibiegg
2
880
エンジニアのキャリアをちょっと楽しくする3本の軸/Three Pillars to Make an Engineer's Career More Enjoyable
kwappa
0
2.6k
一生覚えておきたい「システム開発=コミュニケーション」〜初めての実務案件振り返りLT〜
maimyyym
0
120
開発生産性大幅アップ!Postman VS Code拡張機能
nagix
2
370
Databricks における 『MLOps』
databricksjapan
2
170
MLOpsの「壁」を乗り越える、LINEヤフーの Data Quality as Code
lycorptech_jp
PRO
5
460
JAWS-UG Bedrock Claude Night
yamahiro
3
560
最近たまに見かけるTiDBってなんだ? - Findy
pingcap0315
2
770
Postman v10リリース後を振り返る / Looking back at Postman v10 after release
yokawasa
1
160
Featured
See All Featured
The World Runs on Bad Software
bkeepers
PRO
61
6.7k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
187
16k
Rebuilding a faster, lazier Slack
samanthasiow
73
8.2k
Fashionably flexible responsive web design (full day workshop)
malarkey
398
65k
How to train your dragon (web standard)
notwaldorf
73
5.2k
Scaling GitHub
holman
457
140k
Mobile First: as difficult as doing things right
swwweet
216
8.6k
How To Stay Up To Date on Web Technology
chriscoyier
782
250k
StorybookのUI Testing Handbookを読んだ
zakiyama
13
4.6k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
2
1.3k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
322
20k
Robots, Beer and Maslow
schacon
PRO
155
7.9k
Transcript
Managed Puppet Servers Julian Meier November 2015
Julian Meier ICT System Engineer @ Swisscom
[email protected]
twitter.com/_juame github.com/juame
Idea & Goals • a small team (working in Luzern)
• simple goal: automate tasks and help others within the company to do so (legacy - non-cloud services)
Puppet • every team wants to start with Puppet… •
every team has different requirements… • several layers of responsibilities: • OS-Team —> root ;-) • Application Team —> sudo (list of commands)
Puppet … provide Automation Stack (Puppet):
Puppet
ENC - External Node Classifier Simple solution with YAML and
Hiera (https://github.com/Zetten/puppet-hiera-enc): puppet.conf: [master] node_terminus = exec external_nodes = /etc/puppetlabs/code/enc/enclassifier git checkout —> Puppet Module: vcsrepo + script returns simple YAML + protects environment + future: use any other system…
Hieradata I hiera.yaml: --- :backends: - yaml - eyaml …
:yaml: :datadir: /etc/puppetlabs/code/environments/%{environment}/hieradata … :eyaml: :datadir: /etc/puppetlabs/code/environments/%{environment}/hieradata :extension: eyaml :pkcs7_private_key: /etc/puppetlabs/puppet/keys/private_key.pkcs7.pem :pkcs7_public_key: /etc/puppetlabs/puppet/keys/public_key.pkcs7.pem
Hieradata II hiera.yaml: --- … :hierarchy: - secure/nodes/%{::clientcert} - secure/services/%{::service}/%{::stack}/%{::role}
- secure/services/%{::service}/%{::stack} - secure/services/%{::service}/%{::role} - nodes/%{::clientcert} - services/%{::service}/%{::stack}/%{::role} - services/%{::service}/%{::stack} - services/%{::service}/%{::role} - services/%{::service} - locations/%{::location} - common
Hieradata III
Roles & Profiles How we do it… —> Roles are
defined in Hiera —> Profiles are Puppet Modules (shared / service specific) —> Forge / Internal Modules site.pp: hiera_include('default_classes', []) hiera_include($role,[]) role_repository_server.yaml:
Forge Module: ospuppet https://forge.puppetlabs.com/juame/ospuppet —> Manage Puppet Agent —> Manage
Puppet Server —> Manage Puppet Master Configs Dependencies: - puppetlabs/inifile - puppetlabs/hocon
ospuppet class { ::ospuppet::server: package_version => '2.1.1-1.el7', service_running => true,
service_enabled => true, init_settings_java_xms => '2g', init_settings_java_xmx => '2g', init_settings_java_maxpermsize => '256m', init_settings_custom_settings => {}, init_settings_custom_subsettings => {}, puppetserver_max_active_instances => undef, puppetserver_admin_client_whitelist => [ $::fqdn ], puppetserver_custom_settings => {}, webserver_client_auth => 'want', webserver_ssl_host => '0.0.0.0', webserver_ssl_port => '8140', webserver_custom_settings => {}, } class { '::ospuppet::master': custom_settings = { "node_terminus" => { 'ensure' => 'present', 'setting' => 'node_terminus', 'value' => ‘exec', }, }, hiera_eyaml_package_version => '2.0.8', hiera_backends => [ 'yaml', 'eyaml' ], hiera_hierarchy => [ 'secure/nodes/%{::clientcert}', ... ‘common', ], hiera_yaml_datadir => …, }
Questions? Thanks!