Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Managed Puppet Servers
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Julian Meier
November 10, 2015
Technology
0
90
Managed Puppet Servers
Speech at the Zürich Puppet Meetup in November 2015.
Julian Meier
November 10, 2015
Tweet
Share
Other Decks in Technology
See All in Technology
小さく始めるBCP ― 多プロダクト環境で始める最初の一歩
kekke_n
1
360
OCI Database Management サービス詳細
oracle4engineer
PRO
1
7.4k
15 years with Rails and DDD (AI Edition)
andrzejkrzywda
0
180
(金融庁共催)第4回金融データ活用チャレンジ勉強会資料
takumimukaiyama
0
140
OWASP Top 10:2025 リリースと 少しの日本語化にまつわる裏話
okdt
PRO
2
320
コスト削減から「セキュリティと利便性」を担うプラットフォームへ
sansantech
PRO
3
1.4k
生成AI時代にこそ求められるSRE / SRE for Gen AI era
ymotongpoo
5
2.8k
Context Engineeringの取り組み
nutslove
0
300
セキュリティについて学ぶ会 / 2026 01 25 Takamatsu WordPress Meetup
rocketmartue
1
290
茨城の思い出を振り返る ~CDKのセキュリティを添えて~ / 20260201 Mitsutoshi Matsuo
shift_evolve
PRO
1
210
Agile Leadership Summit Keynote 2026
m_seki
1
530
入社1ヶ月でデータパイプライン講座を作った話
waiwai2111
1
250
Featured
See All Featured
Fireside Chat
paigeccino
41
3.8k
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
The Power of CSS Pseudo Elements
geoffreycrofte
80
6.2k
The Language of Interfaces
destraynor
162
26k
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
davidcarrasco
1
49
Agile Actions for Facilitating Distributed Teams - ADO2019
mkilby
0
110
Music & Morning Musume
bryan
47
7.1k
GitHub's CSS Performance
jonrohan
1032
470k
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
53
Building an army of robots
kneath
306
46k
Principles of Awesome APIs and How to Build Them.
keavy
128
17k
Transcript
Managed Puppet Servers Julian Meier November 2015
Julian Meier ICT System Engineer @ Swisscom
[email protected]
twitter.com/_juame github.com/juame
Idea & Goals • a small team (working in Luzern)
• simple goal: automate tasks and help others within the company to do so (legacy - non-cloud services)
Puppet • every team wants to start with Puppet… •
every team has different requirements… • several layers of responsibilities: • OS-Team —> root ;-) • Application Team —> sudo (list of commands)
Puppet … provide Automation Stack (Puppet):
Puppet
ENC - External Node Classifier Simple solution with YAML and
Hiera (https://github.com/Zetten/puppet-hiera-enc): puppet.conf: [master] node_terminus = exec external_nodes = /etc/puppetlabs/code/enc/enclassifier git checkout —> Puppet Module: vcsrepo + script returns simple YAML + protects environment + future: use any other system…
Hieradata I hiera.yaml: --- :backends: - yaml - eyaml …
:yaml: :datadir: /etc/puppetlabs/code/environments/%{environment}/hieradata … :eyaml: :datadir: /etc/puppetlabs/code/environments/%{environment}/hieradata :extension: eyaml :pkcs7_private_key: /etc/puppetlabs/puppet/keys/private_key.pkcs7.pem :pkcs7_public_key: /etc/puppetlabs/puppet/keys/public_key.pkcs7.pem
Hieradata II hiera.yaml: --- … :hierarchy: - secure/nodes/%{::clientcert} - secure/services/%{::service}/%{::stack}/%{::role}
- secure/services/%{::service}/%{::stack} - secure/services/%{::service}/%{::role} - nodes/%{::clientcert} - services/%{::service}/%{::stack}/%{::role} - services/%{::service}/%{::stack} - services/%{::service}/%{::role} - services/%{::service} - locations/%{::location} - common
Hieradata III
Roles & Profiles How we do it… —> Roles are
defined in Hiera —> Profiles are Puppet Modules (shared / service specific) —> Forge / Internal Modules site.pp: hiera_include('default_classes', []) hiera_include($role,[]) role_repository_server.yaml:
Forge Module: ospuppet https://forge.puppetlabs.com/juame/ospuppet —> Manage Puppet Agent —> Manage
Puppet Server —> Manage Puppet Master Configs Dependencies: - puppetlabs/inifile - puppetlabs/hocon
ospuppet class { ::ospuppet::server: package_version => '2.1.1-1.el7', service_running => true,
service_enabled => true, init_settings_java_xms => '2g', init_settings_java_xmx => '2g', init_settings_java_maxpermsize => '256m', init_settings_custom_settings => {}, init_settings_custom_subsettings => {}, puppetserver_max_active_instances => undef, puppetserver_admin_client_whitelist => [ $::fqdn ], puppetserver_custom_settings => {}, webserver_client_auth => 'want', webserver_ssl_host => '0.0.0.0', webserver_ssl_port => '8140', webserver_custom_settings => {}, } class { '::ospuppet::master': custom_settings = { "node_terminus" => { 'ensure' => 'present', 'setting' => 'node_terminus', 'value' => ‘exec', }, }, hiera_eyaml_package_version => '2.0.8', hiera_backends => [ 'yaml', 'eyaml' ], hiera_hierarchy => [ 'secure/nodes/%{::clientcert}', ... ‘common', ], hiera_yaml_datadir => …, }
Questions? Thanks!
SiteGround - Reliable hosting with speed, security, and support you can count on.
kekke_n
oracle4engineer
andrzejkrzywda
takumimukaiyama
okdt
sansantech
ymotongpoo
nutslove
rocketmartue
shift_evolve
m_seki
waiwai2111
paigeccino
wjessup
cassininazir
geoffreycrofte
destraynor
davidcarrasco
mkilby
bryan
jonrohan
marketingsoph
kneath
keavy
![Julian Meier ICT System Engineer @ Swisscom [email protected] twitter.com/_juame github.com/juame](https://files.speakerdeck.com/presentations/2443428f3d9245c1aa1b7fc32207bbe5/slide_1.jpg){kind=link}
