http://joind.in/6328
Puppet for
Dummies
4developers - 18 april 2012
Poznań - Poland
woensdag 18 april 12
Slide 2
Slide 2 text
Joshua Thijssen
Freelance consultant, developer and
trainer @ NoxLogic / Techademy
Development in PHP, Python, Perl,
C, Java and some sysadmin
Blog: http://adayinthelifeof.nl
Email: [email protected]
Twitter: @jaytaph
oh hai!
2
woensdag 18 april 12
Slide 3
Slide 3 text
3
woensdag 18 april 12
Slide 4
Slide 4 text
What is puppet and why should I care?
3
woensdag 18 april 12
Slide 5
Slide 5 text
What is puppet and why should I care?
3
(answer: it’s cool and because I told you so)
woensdag 18 april 12
Slide 6
Slide 6 text
“People are finally figuring out puppet and
how it gets you to the pub by 4pm.
Note that I’ve been at this pub since 2pm.”
- Jorge Castro
4
woensdag 18 april 12
Slide 7
Slide 7 text
5
woensdag 18 april 12
Slide 8
Slide 8 text
Puppet is a (not necessarily the) solution for
the following problem:
How do we setup, manage, synchronize,
and upgrade our internal and external
infrastructure?
6
woensdag 18 april 12
Slide 9
Slide 9 text
Sysadmin!
Y U no fix problem!
7
woensdag 18 april 12
Slide 10
Slide 10 text
Sysadmin!
Y U no fix problem!
NO
7
woensdag 18 april 12
Slide 11
Slide 11 text
LAMP-stack
8
woensdag 18 april 12
Slide 12
Slide 12 text
LAMP-stack
Linux
Apache
MySQL
PHP
8
woensdag 18 april 12
Slide 13
Slide 13 text
LAMPGMVNMCSTRAH-stack
9
woensdag 18 april 12
Slide 14
Slide 14 text
LAMPGMVNMCSTRAH-stack
Linux
Apache
MySQL
PHP
Gearman
MongoDB
CouchDB
Solr
Tika
Redis
ActiveMQ
Hadoop
Varnish
Ngnix
Memcache
9
woensdag 18 april 12
Slide 15
Slide 15 text
10
woensdag 18 april 12
Slide 16
Slide 16 text
10
How do we control our infrastructure?
woensdag 18 april 12
Slide 17
Slide 17 text
➡ Solution 1: We don’t,
10
How do we control our infrastructure?
woensdag 18 april 12
Slide 18
Slide 18 text
➡ Solution 1: We don’t,
➡ Solution 2: We outsource,
10
How do we control our infrastructure?
woensdag 18 april 12
Slide 19
Slide 19 text
➡ Solution 1: We don’t,
➡ Solution 2: We outsource,
➡ Solution 3: We automate the process.
10
How do we control our infrastructure?
woensdag 18 april 12
Slide 20
Slide 20 text
‣ Solution 1: we don’t
11
woensdag 18 april 12
Slide 21
Slide 21 text
➡ It’s not funny: you find it more often
than not. Especially inside small
development companies.
‣ Solution 1: we don’t
11
woensdag 18 april 12
Slide 22
Slide 22 text
➡ It’s not funny: you find it more often
than not. Especially inside small
development companies.
➡ Internal sysadmin, but he’s too busy
with development to do sysadmin.
‣ Solution 1: we don’t
11
woensdag 18 april 12
Slide 23
Slide 23 text
➡ It’s not funny: you find it more often
than not. Especially inside small
development companies.
➡ Internal sysadmin, but he’s too busy
with development to do sysadmin.
➡ We only act on escalation
‣ Solution 1: we don’t
11
woensdag 18 april 12
Slide 24
Slide 24 text
➡ It’s not funny: you find it more often
than not. Especially inside small
development companies.
➡ Internal sysadmin, but he’s too busy
with development to do sysadmin.
➡ We only act on escalation
➡ reactive, not proactive
‣ Solution 1: we don’t
11
woensdag 18 april 12
Slide 25
Slide 25 text
‣ Solution 2: we outsource
12
woensdag 18 april 12
Slide 26
Slide 26 text
➡ Expensive $LA’s.
‣ Solution 2: we outsource
12
woensdag 18 april 12
Slide 27
Slide 27 text
➡ Expensive $LA’s.
➡ What about INTERNAL servers like your
development systems and
infrastructure?
‣ Solution 2: we outsource
12
woensdag 18 april 12
Slide 28
Slide 28 text
➡ Expensive $LA’s.
➡ What about INTERNAL servers like your
development systems and
infrastructure?
➡ Fight between stability and agility.
‣ Solution 2: we outsource
12
woensdag 18 april 12
Slide 29
Slide 29 text
➡ Expensive $LA’s.
➡ What about INTERNAL servers like your
development systems and
infrastructure?
➡ Fight between stability and agility.
➡ Does your hosting company decide on
whether you can use PHP5.3???
‣ Solution 2: we outsource
12
woensdag 18 april 12
Slide 30
Slide 30 text
‣ Solution 3: we do it ourselves and automate
13
woensdag 18 april 12
Slide 31
Slide 31 text
➡ We are in charge.
‣ Solution 3: we do it ourselves and automate
13
woensdag 18 april 12
Slide 32
Slide 32 text
➡ We are in charge.
➡ You can do what you like
‣ Solution 3: we do it ourselves and automate
13
woensdag 18 april 12
Slide 33
Slide 33 text
➡ We are in charge.
➡ You can do what you like
➡ Use: cfEngine, chef, puppet.
‣ Solution 3: we do it ourselves and automate
13
woensdag 18 april 12
Slide 34
Slide 34 text
➡ We are in charge.
➡ You can do what you like
➡ Use: cfEngine, chef, puppet.
➡ When done right, maintenance should
not be difficult.
‣ Solution 3: we do it ourselves and automate
13
woensdag 18 april 12
Slide 35
Slide 35 text
PUPPET
14
woensdag 18 april 12
Slide 36
Slide 36 text
➡ Open source configuration management tool.
➡ Written in Ruby
➡ Open source: https://github.com/puppetlabs
➡ Commercial version available (puppet enterprise)
15
woensdag 18 april 12
Slide 37
Slide 37 text
➡ Don’t tell HOW to do stuff.
➡ Tell WHAT to do.
¹
¹ It’s not actually true, but good enough for now...
16
woensdag 18 april 12
Slide 38
Slide 38 text
➡ Don’t tell HOW to do stuff.
➡ Tell WHAT to do.
¹
¹ It’s not actually true, but good enough for now...
“yum install httpd”
“apt-get install apache2”
“install and run the apache webserver”
16
woensdag 18 april 12
Slide 39
Slide 39 text
17
Schematic representation of a puppet infrastructure
woensdag 18 april 12
Slide 40
Slide 40 text
Puppet
17
Schematic representation of a puppet infrastructure
woensdag 18 april 12
Slide 41
Slide 41 text
Puppet CA
Puppet
Master
Puppet
Agent
https
18
woensdag 18 april 12
Slide 42
Slide 42 text
Puppet CA
Puppet
Master
Puppet
Agent
Puppet
Agent
Puppet
Agent
https
18
woensdag 18 april 12
Slide 43
Slide 43 text
Puppet
master
Puppet
client
19
woensdag 18 april 12
➡ Catalogs are “compiled” manifests
➡ Manifests are puppet definitions
➡ <filename>.pp
➡ Puppet DSL
➡ De-cla-ra-tive language
➡ Version your manifests! (git/svn)
20
woensdag 18 april 12
‣ Group together into a class
29
woensdag 18 april 12
Slide 59
Slide 59 text
class webserver {
service { “apache”:
ensure => running,
require => Package[“apache”],
}
package { “apache” :
ensure => installed,
}
}
‣ Group together into a class
29
woensdag 18 april 12
Slide 60
Slide 60 text
class webserver {
service { “apache”:
ensure => running,
require => Package[“apache”],
}
package { “apache” :
ensure => installed,
}
}
file { “vhost_${webserver_name}” :
path => “/etc/httpd/conf/10-vhost.conf”,
content => template(“vhost.template.erb”),
notify => Service[“httpd”],
}
‣ Group together into a class
29
woensdag 18 april 12
Slide 61
Slide 61 text
:80>
ServerName <%= webserver_name %>
ServerAlias <%= webserver_alias %>
DocumentRoot <%= webserver_docroot %>
vhost.template.erb
30
‣ ERB templates can contain custom variables and facts
woensdag 18 april 12
Slide 62
Slide 62 text
node “web01.example.local” inherits base {
$webserver_name = “web01.example.local”
$webserver_alias = “www.example.local”
$webserver_docroot = “/var/www/web01”
include webserver
}
node “web02.example.local” inherits base {
$webserver_name = “web02.example.local”
$webserver_alias = “crm.example.local”
$webserver_docroot = “/var/www/web02”
include webserver
}
31
woensdag 18 april 12
Slide 63
Slide 63 text
➡ A puppet module is a collection of
resources, classes, templates.
➡ Used for easy distribution and code-reuse.
➡ Self-contained, run out-of-the-box
32
woensdag 18 april 12
Slide 64
Slide 64 text
➡ puppetforge / github
➡ Create your own (and share!).
➡ Use the ones from puppet enterprise edition.
➡ Use the standard layout / best practices
33
woensdag 18 april 12
Slide 65
Slide 65 text
class ntp::install {
package{"ntpd":
ensure => latest
}
}
class ntp::config {
File{
require => Class["ntp::install"],
notify => Class["ntp::service"],
owner => "root",
group => "root",
mode => 644
}
file{"/etc/ntp.conf":
source => "puppet:///ntp/ntp.conf";
"/etc/ntp/step-tickers":
source => "puppet:///ntp/step-tickers";
}
}
class ntp::service {
service{"ntp":
ensure => running,
enable => true,
require => Class["ntp::config"],
}
}
class ntp {
include ntp::install, ntp::config, ntp::service
}
34
woensdag 18 april 12
Slide 66
Slide 66 text
➡ (Unit)test your modules
➡ Test them with:
puppet apply --noop
➡ More advanced testing: cucumber /
cucumber-puppet (BDD)
35
woensdag 18 april 12
Slide 67
Slide 67 text
http://docs.puppetlabs.com/references/stable/type.html
➡ Almost everything.
➡ standard 48 different resource types
➡ Ranging from “file” to “cron” to “ssh_key”
to “user” to “selinux”.
➡ Can control your Cisco routers and
windows machines too (sortakinda)
36
woensdag 18 april 12
Slide 68
Slide 68 text
http://media.techtarget.com/digitalguide/images/Misc/puppetDashboard.gif
37
woensdag 18 april 12
Slide 69
Slide 69 text
38
woensdag 18 april 12
Slide 70
Slide 70 text
39
➡ Puppet went from v0.25 to v2.6.
➡ REST interface since 2.6. XMLRPC before
that.
➡ One binary to rule them all (puppet).
➡ Puppet v2.7 switched from GPLv2 to
apache2.0 license.
woensdag 18 april 12
Slide 71
Slide 71 text
➡ --test does not mean dry-run!
(--noop does).
➡ It’s not object oriented. (puppet class !
= php class)
➡ It’s a declarative language.
40
woensdag 18 april 12
Slide 72
Slide 72 text
41
woensdag 18 april 12
Slide 73
Slide 73 text
➡ Puppet agent “calls” the master every 30 minutes.
➡ But what about realtime command & control?
➡ “Puppet kick”... (meh)
➡ MCollective (Marionette Collective)
42
woensdag 18 april 12
Slide 74
Slide 74 text
➡ Which systems running a database and have
16GB or less?
➡ Which systems are using <50% of available
memory?
➡ Restart all apache services in timezone
GMT+5.
43
woensdag 18 april 12
Slide 75
Slide 75 text
ACTIVEMQ
Client
MCollective
Server
Node
Middleware
Client
MCollective
Server
MCollective
Server
‣ Middleware takes care of distribution,
‣ queued, broadcast etc..
Collective
44
woensdag 18 april 12
Slide 76
Slide 76 text
http://docs.puppetlabs.com/mcollective/reference/basic/subcollectives.html
45
woensdag 18 april 12
Slide 77
Slide 77 text
Filter out nodes based on facts
$ mc-facts operatingsystem
Report for fact: operatingsystem
CentOS found 3 times
Debian found 14 times
Solaris found 4 times
$ mc-facts -W operatingsystem=Centos operatingsystemrelease
Report for fact: operatingsystemrelease
6.0 found 1 times
5.6 found 2 times
46
woensdag 18 april 12
Slide 78
Slide 78 text
➡ Display all running processes
➡ Run or deploy software
➡ Restart services
➡ Start puppet agent
➡ Upgrade your systems
47
woensdag 18 april 12
Slide 79
Slide 79 text
-ETOOMUCHINFO
Let’s recap
48
woensdag 18 april 12
Slide 80
Slide 80 text
➡ Configuration management tool.
➡ Focusses on “what” instead of “how”.
➡ Scales from 1 to 100K+ systems.
➡ Uses descriptive manifests.
49
woensdag 18 april 12
Slide 81
Slide 81 text
➡ Useful for sysadmins and developers.
➡ Keeps your infrastructure in sync.
➡ Keeps your infrastructure versioned.
➡ MCollective controls your hosts based
on facts, not names.
50
woensdag 18 april 12
Slide 82
Slide 82 text
There is no reason NOT to control your infrastructure.
Having only 3 servers is NOT a reason.
51
You will be able to join the rest of us in the pub early.
woensdag 18 april 12
Slide 83
Slide 83 text
http://farm1.static.flickr.com/73/163450213_18478d3aa6_d.jpg 52
woensdag 18 april 12
Slide 84
Slide 84 text
Please rate my talk on joind.in:
http://joind.in/6328
Thank you
53
Find me on twitter: @jaytaph
Find me for development and training: www.noxlogic.nl
Find me on email: [email protected]
Find me for blogs: www.adayinthelifeof.nl
woensdag 18 april 12