Developing your Windows environments with Puppet

Transcript

1. Developing your Windows environments with Puppet Peter Ericson @pdericson [email protected]

2. About me • I like OSs! • I don’t like

   typing the same thing more than twice… • …so naturally I’m into automation! • I also like distributed systems and RESTful web services…
3. None

4. • High maintenance cost • Low flexibility • Focus is

   removed from business value Hand crafted machines, no CM (idealised)
5. None

6. Automated OS install, CM • One Puppet Master • Sheep

   herd well, outliers seldom get lost because of pack awareness • Cheap - utilising shared infrastructure (road), able to adapt to peak traffic
7. None

8. Hand crafted machines, no CM (reality) • chaos! • configuration

   drift • slow turnaround • key-man risks • focus and energy spent in the wrong areas

9. Introducing The Sheep- Cat Herding Spectrum

10. Introducing The Sheep- Cat Herding Spectrum Hand crafted machines, no

    CM

11. Introducing The Sheep- Cat Herding Spectrum Hand crafted machines, no

    CM Hand crafted machines, CM

12. Introducing The Sheep- Cat Herding Spectrum Hand crafted machines, no

    CM Hand crafted machines, CM Automated OS install, CM

13. Beyond the physical (and virtual physical) • The environment is

    defined in code • Changes to the environment happen in code (e.g. Git branches, pull requests, etc) • Environments are hooked into CI/CD

14. Insert analogy here… • There does not currently exist an

    automated way to produce sheep that are ready to be shawn and/or butchered • Infrastructure as code allows us to do something more meta

15. Demos…

16. What are we building? • A Puppet Master • A

    Vagrant Base Box (Windows) • Two nodes (Windows)

17. vagrant up --provider=vmware_fusion puppet Demo - A Puppet Master

18. Vagrant.configure("2") do |config| ! config.vm.define :puppet do |puppet| puppet.vm.box =

    "precise64_vmware" puppet.vm.box_url = "http://files.vagrantup.com/precise64_vmware.box" puppet.vm.hostname = "puppet" ! puppet.vm.provider :vmware_fusion do |v| v.vmx["memsize"] = 1024 v.vmx["rtc.diffFromUTC"] = 0 end ! puppet.vm.provision :shell, :path => "provision.sh" Vagrantfile

19. if [ ! -e /opt/puppet/bin/puppet ]; then ! # fix

    hosts (add missing fqdn) sed -i 's/^127\.0\.0\.1.*/127.0.0.1 localhost/' /etc/hosts sed -i 's/^127\.0\.1\.1.*/127.0.1.1 puppet.localdomain puppet/' /etc/hosts ! # set apt proxy and update echo 'Acquire::http::Proxy "http://192.168.13.1:3128/";' >> /etc/apt/apt.conf apt-get update ! # install extra packages apt-get install -y rsync samba ! # install puppet enterprise tar xzf /vagrant/puppet-enterprise-3.1.0-ubuntu-12.04-amd64.tar.gz -C /tmp /tmp/puppet-enterprise-3.1.0-ubuntu-12.04-amd64/puppet-enterprise-installer -a / vagrant/puppet-enterprise-3.1.0-ubuntu-12.04-amd64.answers provision.sh (part 1/2)

20. q_all_in_one_install=y q_backup_and_purge_old_configuration=n q_backup_and_purge_old_database_directory=n q_database_host=localhost q_database_install=y q_database_port=5432 q_database_root_password=uSQJSzwTfYAyxywAiZ1R q_database_root_user=pe-postgres q_install=y q_pe_database=y

    q_puppet_cloud_install=n q_puppet_enterpriseconsole_auth_database_name=console_auth q_puppet_enterpriseconsole_auth_database_password=CLUM7ShY0qcjj0LV5eDv q_puppet_enterpriseconsole_auth_database_user=console_auth q_puppet_enterpriseconsole_auth_password=password q_puppet_enterpriseconsole_auth_user_email=admin@puppet.localdomain q_puppet_enterpriseconsole_database_name=console q_puppet_enterpriseconsole_database_password=16DAKlq0Ke0YBtYCFyP5 q_puppet_enterpriseconsole_database_user=console q_puppet_enterpriseconsole_httpd_port=443 q_puppet_enterpriseconsole_install=y q_puppet_enterpriseconsole_master_hostname=puppet.localdomain q_puppet_enterpriseconsole_smtp_host=localhost q_puppet_enterpriseconsole_smtp_password= q_puppet_enterpriseconsole_smtp_port=25 q_puppet_enterpriseconsole_smtp_use_tls=n q_puppet_enterpriseconsole_smtp_user_auth=n q_puppet_enterpriseconsole_smtp_username= q_puppet_symlinks_install=y q_puppetagent_certname=puppet.localdomain q_puppetagent_install=y q_puppetagent_server=puppet.localdomain q_puppetdb_database_name=pe-puppetdb q_puppetdb_database_password=cIunOpWBPRJqv3RbAywZ q_puppetdb_database_user=pe-puppetdb q_puppetdb_hostname=puppet.localdomain q_puppetdb_install=y q_puppetdb_port=8081 q_puppetmaster_certname=puppet.localdomain q_puppetmaster_dnsaltnames=puppet,puppet.localdomain q_puppetmaster_enterpriseconsole_hostname=localhost q_puppetmaster_enterpriseconsole_port=443 q_puppetmaster_install=y q_run_updtvpkg=n q_vendor_packages_install=y puppet-enterprise-3.1.0- ubuntu-12.04-amd64.answers q_puppetmaster_install=y

21. # setup autosign for *.localdomain echo '*.localdomain' > /etc/puppetlabs/puppet/autosign.conf !

    # add windows nodes to hosts as they come online # XXX this is less than ideal sudo -i -u root crontab -l > /tmp/crontab cat >> /tmp/crontab <<EOF * * * * * for n in \`/opt/puppet/bin/puppet cert list --all | grep '^+ "[a-z][a-z]*\.localdomain"' | grep -v '^+ "puppet\.' | sed 's/^+ "\(.*\)\..*/\1/'\`; do grep "\$n\.localdomain" /etc/hosts || echo \`nmblookup \$n | grep -v ^querying | awk '{print \$1}'\` \$n.localdomain \$n >> /etc/hosts; done EOF sudo -i -u root crontab /tmp/crontab rm -f /tmp/crontab ! … ! else ! # copy manifests and modules to puppet master rsync -prtv --delete --exclude \*~ /vagrant/manifests/ /etc/puppetlabs/puppet/manifests/ rsync -prtv --delete --exclude \*~ /vagrant/modules/ /etc/puppetlabs/puppet/modules/ ! # queue a puppet run on all nodes sudo -i -u peadmin mco puppet runonce -v # sudo -i -u peadmin mco puppet -F osfamily=windows runonce -v ! fi provision.sh (part 2/2)

22. packer build -var proxy=http://192.168.13.1:3128 template.json Demo - A Vagrant Base

    Box (Windows)

23. { "variables": { … }, ! "builders": [ … ],

    ! "provisioners": [ … ], ! "post-processors": [ … ] ! } template.json

24. { "type": "vmware", "guest_os_type": "windows7srv-64", ! "vmx_data": { "memsize": 2048,

    "numvcpus": 1 }, ! "disk_size": 50000, ! "iso_url": "./7601.17514.101119-1850_x64fre_server_eval_en-us-GRMSXEVAL_EN_DVD.iso", "iso_checksum": "30832ad76ccfa4ce48ccb936edefe02079d42fb1da32201bf9e3a880c8ed6312", "iso_checksum_type": "sha256", ! "ssh_username": "Administrator", "ssh_password": "{{user `password`}}", ! "boot_wait": "5m", ! "floppy_files": [ "scripts/Autounattend.xml", "scripts/cygwin.bat", "scripts/winrm.bat", "scripts/vmware.cer" ], ! "shutdown_command": "shutdown /d p:4:1 /s /t 0", ! "tools_upload_flavor": "windows" } builders

25. { "variables": { … }, ! "builders": [ … ],

    ! "provisioners": [ … ], ! "post-processors": [ … ] ! } template.json

26. { "type": "shell", "script": "scripts/vmware.sh", "execute_command": "chmod +x {{.Path}}; {{.Vars}}

    http_proxy={{user `proxy`}} {{.Path}}" }, { "type": "shell", "inline": [ "mkdir -p .ssh", "echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr +kz4TjGYe7gHzIw +niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBck FXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL +GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX +FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key' >> .ssh/authorized_keys" ], "execute_command": "chmod +x {{.Path}}; {{.Vars}} http_proxy={{user `proxy`}} {{.Path}}" } provisioners

27. { "variables": { … }, ! "builders": [ … ],

    ! "provisioners": [ … ], ! "post-processors": [ … ] ! } template.json

28. { "type": "vagrant", "output": "windows.box", "compression_level": 0 } post-processors

29. vagrant up --provider=vmware_fusion foo bar Demo - Two nodes (Windows)

30. Let’s get coding • Add windows support to Puppet Forge

    puppetlabs-ntp

31. else ! # copy manifests and modules to puppet master

    rsync -prtv --delete --exclude \*~ /vagrant/manifests/ /etc/ puppetlabs/puppet/manifests/ rsync -prtv --delete --exclude \*~ /vagrant/modules/ /etc/ puppetlabs/puppet/modules/ ! # queue a puppet run on all nodes sudo -i -u peadmin mco puppet runonce -v # sudo -i -u peadmin mco puppet -F osfamily=windows runonce -v ! fi provision.sh (part 2/2)

32. mod 'puppetlabs/ntp' ! #mod 'ntp', # :git => '[email protected]:pdericson/puppetlabs- ntp.git',

    # :ref => 'windows' ! mod 'puppetlabs/registry' Puppetfile

33. Demo - puppetlabs-ntp • Does not currently have Windows support…

    • …So expect it to fail on Windows vagrant provision puppet

34. puppetlabs-ntp • Fork the puppetlabs repo, make some changes, submit

    a pull request • https://github.com/pdericson/puppetlabs- ntp

35. #mod 'puppetlabs/ntp' ! mod 'ntp', :git => '[email protected]:pdericson/puppetlabs-ntp.git', :ref =>

    'windows' ! mod 'puppetlabs/registry' Puppetfile (updated)

36. Demo - puppetlabs-ntp (fork) • Working? • If it isn’t

    repeat vagrant provision puppet

37. More... • https://github.com/pdericson/talk-pupwin • @pdericson • [email protected]