Hacking The Data out of Puppet

Dan Bode| Puppet Labs
[email protected]
Hacking
The Data
out of Puppet

View Slide

# puppetconf # puppetize @ puppetlabs
Who is this talk for?
•  People who already understand Puppet
•  Developers or people who are dev-curious

View Slide

Shameless plug

View Slide

What is it about?
•  Deconstructing Puppet to data

View Slide

Dissecting a Puppet Run
Puppet as Data

View Slide

Facter, who am I?

Agent

Hi! your facts are:

kernel=linux

ipaddress=10.0.0.3

macaddress=…

View Slide

Hi Mr. Master,

I need a catalog. Here
are my facts

http://www.dgcomputers.org/testimonials.php

Agent

facts

View Slide

facts

Agent

Thanks for you facts.

I’ll just store them in
PuppetDB

PuppetDB

View Slide

PuppetDB

facts

ENC

Agent

Mr. ENC, is this host
deﬁned as an external
node?

Yep, he should be an
apache server. Here is
the deﬁnition

nodes

View Slide

PuppetDB

facts

Agent

Just compiled your
catalog. One sec while
I store it in PuppetDB.

catalog

View Slide

PuppetDB

facts

Agent

catalog

Here is your
catalog. Send me
a report and let
me know how it
went!

catalog

View Slide

PuppetDB

facts

Agent

catalog

I hate to be a
bother, but can
you compute
the md5sums of
a few ﬁles?

catalog

View Slide

PuppetDB

facts

Agent

Just ﬁnished applying.
Here are the results.

report

catalog

View Slide

Interacting with Puppet’s Data
Termini and the indirector

View Slide

facts ﬁnd from
terminus facter

Agent

View Slide

catalog ﬁnd from
terminus rest

http://www.dgcomputers.org/testimonials.php

Agent

facts

View Slide

facts

Agent

facts save to terminus
puppetdb

PuppetDB

View Slide

PuppetDB

facts

ENC

Agent

node ﬁnd from
terminus exec (or
ldap)

nodes

View Slide

PuppetDB

facts

Agent

catalog ﬁnd from
terminus compiler

catalog

View Slide

PuppetDB

facts

Agent

catalog save to
terminus puppetdb

catalog

View Slide

Facter
ENC

Disecting a Puppet Run
Compiler

Conﬁg
Catalogs

Nodes/
Manifest

Reports

Facts

View Slide

CLI commands
puppet
facts
find

puppet
node
find

puppet
catalog
find

View Slide

CLI Puppet Facts
# mkdir –p /tmp/yaml/facts
# puppet facts find node_name --render-as yaml \
> /tmp/yaml/facts/node_name.yaml

View Slide

Creating a node (optional):
# puppet node find node_name \
--node_terminus=exec \
--external_nodes=/etc/puppet/nodes.sh \
--facts_terminus=yaml \
--clientyamldir=/tmp/yaml/ --render-as=yaml \
> /tmp/yaml/nodes/node_name.yaml

View Slide

Creating a catalog:
# puppet catalog find node_name \
--facts_terminus=yaml \
# puppet catalog find node_name \
--node_terminus=yaml \
--manifest=/etc/puppet/manifest/site.pp \
--modulepath=/etc/puppet/modules/
--clientyamldir=/tmp/yaml/ > /tmp/catalog.yaml

View Slide

Fun with IRB
Puppet::Node::Facts.indirection.ﬁnd
facts

Puppet::Node.new
nodes

Puppet::Catalog.indirection.ﬁnd
catalog

View Slide

IRB Facts
irb:> require ‘puppet/face’
> facts=Puppet::Face[:facts, :current].find('node’)

View Slide

Access a Fact value (irb):
…
> facts.values['ipaddress']
=> "10.0.2.15"

View Slide

Creating a node (from irb):
…
> node=Puppet::Node.new('node_name',
{:classes => {:foo => {:bar => :baz}}})
>node.merge(facts.values)

View Slide

Creating a catalog:
…
irb> catalog=Puppet::Resource::Catalog.indirection.\
find('node_name’, :node => node)

View Slide

Use Cases

View Slide

Inspecting the catalog:
•  What types are in the catalog?
irb> catalog.resources.collect do |r| r.type end.uniq
•  Gimme a resource:
irb>catalog.resource(‘Package[httpd]’)

View Slide

Rspec Puppet:
let :facts do
{:operatingsystem => ‘Redhat’}
end
let :params do
{:bind_address => ‘0.0.0.0’
end
it { should contain_file(‘/tmp/foo.conf’) }

View Slide

Thundering Herd
Pre-compile catalogs for faster auto-scaling

View Slide

Applying pre-compiled
catalogs:
puppet apply --catalog /tmp/catalog.json –server
puppet-fileserver

View Slide

DMZ
tcp over USB

View Slide

Use Cases

View Slide

Hacking reports
Everything in Puppet is a state transition
User[‘dan’] : absent -> present
User[‘dan’][‘shell’] -> ‘/sbin/nologin’ -> /bin/bash

View Slide

Setting up the agent:
[agent]
report=true

View Slide

Archive reports in your
yamldir
[master]
reports = store

View Slide

Puppet reports
$ cd `puppet config print reportdir`
$ ls
node1 node2 node3
$ ls node1

View Slide

Every report from every run
ever
$ ls node1
201206060256.yaml 201206060303.yaml
201206060519.yaml 201206122349.yaml
201206122354.yaml 201206130002.yaml

View Slide

Lets crack one open!
Irb > require ‘yaml’
>reports=YAML.load_file('201206130002.yaml')

View Slide

Have a look
>(reports.methods - Object.methods).sort
Notice the following methods:

View Slide

High level data
> reports.exit_status
⇒ 0
> reports.status
=> "unchanged"
> reports.host
⇒ ”node1”

View Slide

metrics
> reports.metrics.keys
⇒ ["resources", "events", "changes", "time"]
> reports.metrics['resources']
⇒ [‘failed’, 0],[ ‘changed’, ‘7’]

View Slide

And the awesome sauce
> reports.resource_statuses.keys
=> ["Package[xinetd]", "File[/srv/node/1]",
"Package[swift]", "Exec[compile fragments]",
"Package[swift-container]", "File[/var/opt/lib/pe-
puppet/concat/_etc_swift_object-server.conf]",
"File[/etc/rsync.d/frag-account]”]

View Slide

> status = reports.resource_statuses
> status.keys
=> ["Package[xinetd]", "File[/srv/node/1]",
"Package[swift]", "Exec[compile fragments]",
"Package[swift-container]", "File[/var/opt/lib/pe-
puppet/concat/_etc_swift_object-server.conf]",
"File[/etc/rsync.d/frag-account]”]

View Slide

>events = status["File[/etc/swift/swift.conf]"].events
> events.first.status
⇒ "success”
> events.first.desired_value
⇒ :present
> events.first.previous_value
=> :absent

View Slide

Thank You
Dan Bode| Puppet Labs
[email protected]

View Slide

View Slide

Hacking The Data out of Puppet

Hacking The Data out of Puppet

Puppet Labs

More Decks by Puppet Labs

Other Decks in Technology

Featured

Transcript