Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Developing your Windows environments with Puppet

Developing your Windows environments with Puppet

From packer build to mco puppet runonce, automate and version your entire workflow in code.

Peter Ericson

October 29, 2013
Tweet

More Decks by Peter Ericson

Other Decks in Technology

Transcript

  1. About me • I like OSs! • I don’t like

    typing the same thing more than twice… • …so naturally I’m into automation! • I also like distributed systems and RESTful web services…
  2. • High maintenance cost • Low flexibility • Focus is

    removed from business value Hand crafted machines, no CM (idealised)
  3. Automated OS install, CM • One Puppet Master • Sheep

    herd well, outliers seldom get lost because of pack awareness • Cheap - utilising shared infrastructure (road), able to adapt to peak traffic
  4. Hand crafted machines, no CM (reality) • chaos! • configuration

    drift • slow turnaround • key-man risks • focus and energy spent in the wrong areas
  5. Introducing The Sheep- Cat Herding Spectrum Hand crafted machines, no

    CM Hand crafted machines, CM Automated OS install, CM
  6. Beyond the physical (and virtual physical) • The environment is

    defined in code • Changes to the environment happen in code (e.g. Git branches, pull requests, etc) • Environments are hooked into CI/CD
  7. Insert analogy here… • There does not currently exist an

    automated way to produce sheep that are ready to be shawn and/or butchered • Infrastructure as code allows us to do something more meta
  8. What are we building? • A Puppet Master • A

    Vagrant Base Box (Windows) • Two nodes (Windows)
  9. Vagrant.configure("2") do |config| ! config.vm.define :puppet do |puppet| puppet.vm.box =

    "precise64_vmware" puppet.vm.box_url = "http://files.vagrantup.com/precise64_vmware.box" puppet.vm.hostname = "puppet" ! puppet.vm.provider :vmware_fusion do |v| v.vmx["memsize"] = 1024 v.vmx["rtc.diffFromUTC"] = 0 end ! puppet.vm.provision :shell, :path => "provision.sh" Vagrantfile
  10. if [ ! -e /opt/puppet/bin/puppet ]; then ! # fix

    hosts (add missing fqdn) sed -i 's/^127\.0\.0\.1.*/127.0.0.1 localhost/' /etc/hosts sed -i 's/^127\.0\.1\.1.*/127.0.1.1 puppet.localdomain puppet/' /etc/hosts ! # set apt proxy and update echo 'Acquire::http::Proxy "http://192.168.13.1:3128/";' >> /etc/apt/apt.conf apt-get update ! # install extra packages apt-get install -y rsync samba ! # install puppet enterprise tar xzf /vagrant/puppet-enterprise-3.1.0-ubuntu-12.04-amd64.tar.gz -C /tmp /tmp/puppet-enterprise-3.1.0-ubuntu-12.04-amd64/puppet-enterprise-installer -a / vagrant/puppet-enterprise-3.1.0-ubuntu-12.04-amd64.answers provision.sh (part 1/2)
  11. q_all_in_one_install=y q_backup_and_purge_old_configuration=n q_backup_and_purge_old_database_directory=n q_database_host=localhost q_database_install=y q_database_port=5432 q_database_root_password=uSQJSzwTfYAyxywAiZ1R q_database_root_user=pe-postgres q_install=y q_pe_database=y

    q_puppet_cloud_install=n q_puppet_enterpriseconsole_auth_database_name=console_auth q_puppet_enterpriseconsole_auth_database_password=CLUM7ShY0qcjj0LV5eDv q_puppet_enterpriseconsole_auth_database_user=console_auth q_puppet_enterpriseconsole_auth_password=password q_puppet_enterpriseconsole_auth_user_email=admin@puppet.localdomain q_puppet_enterpriseconsole_database_name=console q_puppet_enterpriseconsole_database_password=16DAKlq0Ke0YBtYCFyP5 q_puppet_enterpriseconsole_database_user=console q_puppet_enterpriseconsole_httpd_port=443 q_puppet_enterpriseconsole_install=y q_puppet_enterpriseconsole_master_hostname=puppet.localdomain q_puppet_enterpriseconsole_smtp_host=localhost q_puppet_enterpriseconsole_smtp_password= q_puppet_enterpriseconsole_smtp_port=25 q_puppet_enterpriseconsole_smtp_use_tls=n q_puppet_enterpriseconsole_smtp_user_auth=n q_puppet_enterpriseconsole_smtp_username= q_puppet_symlinks_install=y q_puppetagent_certname=puppet.localdomain q_puppetagent_install=y q_puppetagent_server=puppet.localdomain q_puppetdb_database_name=pe-puppetdb q_puppetdb_database_password=cIunOpWBPRJqv3RbAywZ q_puppetdb_database_user=pe-puppetdb q_puppetdb_hostname=puppet.localdomain q_puppetdb_install=y q_puppetdb_port=8081 q_puppetmaster_certname=puppet.localdomain q_puppetmaster_dnsaltnames=puppet,puppet.localdomain q_puppetmaster_enterpriseconsole_hostname=localhost q_puppetmaster_enterpriseconsole_port=443 q_puppetmaster_install=y q_run_updtvpkg=n q_vendor_packages_install=y puppet-enterprise-3.1.0- ubuntu-12.04-amd64.answers q_puppetmaster_install=y
  12. # setup autosign for *.localdomain echo '*.localdomain' > /etc/puppetlabs/puppet/autosign.conf !

    # add windows nodes to hosts as they come online # XXX this is less than ideal sudo -i -u root crontab -l > /tmp/crontab cat >> /tmp/crontab <<EOF * * * * * for n in \`/opt/puppet/bin/puppet cert list --all | grep '^+ "[a-z][a-z]*\.localdomain"' | grep -v '^+ "puppet\.' | sed 's/^+ "\(.*\)\..*/\1/'\`; do grep "\$n\.localdomain" /etc/hosts || echo \`nmblookup \$n | grep -v ^querying | awk '{print \$1}'\` \$n.localdomain \$n >> /etc/hosts; done EOF sudo -i -u root crontab /tmp/crontab rm -f /tmp/crontab ! … ! else ! # copy manifests and modules to puppet master rsync -prtv --delete --exclude \*~ /vagrant/manifests/ /etc/puppetlabs/puppet/manifests/ rsync -prtv --delete --exclude \*~ /vagrant/modules/ /etc/puppetlabs/puppet/modules/ ! # queue a puppet run on all nodes sudo -i -u peadmin mco puppet runonce -v # sudo -i -u peadmin mco puppet -F osfamily=windows runonce -v ! fi provision.sh (part 2/2)
  13. { "variables": { … }, ! "builders": [ … ],

    ! "provisioners": [ … ], ! "post-processors": [ … ] ! } template.json
  14. { "type": "vmware", "guest_os_type": "windows7srv-64", ! "vmx_data": { "memsize": 2048,

    "numvcpus": 1 }, ! "disk_size": 50000, ! "iso_url": "./7601.17514.101119-1850_x64fre_server_eval_en-us-GRMSXEVAL_EN_DVD.iso", "iso_checksum": "30832ad76ccfa4ce48ccb936edefe02079d42fb1da32201bf9e3a880c8ed6312", "iso_checksum_type": "sha256", ! "ssh_username": "Administrator", "ssh_password": "{{user `password`}}", ! "boot_wait": "5m", ! "floppy_files": [ "scripts/Autounattend.xml", "scripts/cygwin.bat", "scripts/winrm.bat", "scripts/vmware.cer" ], ! "shutdown_command": "shutdown /d p:4:1 /s /t 0", ! "tools_upload_flavor": "windows" } builders
  15. { "variables": { … }, ! "builders": [ … ],

    ! "provisioners": [ … ], ! "post-processors": [ … ] ! } template.json
  16. { "type": "shell", "script": "scripts/vmware.sh", "execute_command": "chmod +x {{.Path}}; {{.Vars}}

    http_proxy={{user `proxy`}} {{.Path}}" }, { "type": "shell", "inline": [ "mkdir -p .ssh", "echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr +kz4TjGYe7gHzIw +niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBck FXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL +GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX +FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key' >> .ssh/authorized_keys" ], "execute_command": "chmod +x {{.Path}}; {{.Vars}} http_proxy={{user `proxy`}} {{.Path}}" } provisioners
  17. { "variables": { … }, ! "builders": [ … ],

    ! "provisioners": [ … ], ! "post-processors": [ … ] ! } template.json
  18. else ! # copy manifests and modules to puppet master

    rsync -prtv --delete --exclude \*~ /vagrant/manifests/ /etc/ puppetlabs/puppet/manifests/ rsync -prtv --delete --exclude \*~ /vagrant/modules/ /etc/ puppetlabs/puppet/modules/ ! # queue a puppet run on all nodes sudo -i -u peadmin mco puppet runonce -v # sudo -i -u peadmin mco puppet -F osfamily=windows runonce -v ! fi provision.sh (part 2/2)
  19. Demo - puppetlabs-ntp • Does not currently have Windows support…

    • …So expect it to fail on Windows vagrant provision puppet
  20. puppetlabs-ntp • Fork the puppetlabs repo, make some changes, submit

    a pull request • https://github.com/pdericson/puppetlabs- ntp