Puppet & AWS on Wuaki.tv

Transcript

1. PUPPET & AWS ON WUAKI.TV Thursday, January 10, 13

2. PUPPET? Thursday, January 10, 13

3. WHAT DOES PUPPET PROVIDES? Stop Administrating your environment and start

   developing it. Re-usable software and configurations. Provides DSL Support for multiple OS ( OSX, Solaris, Linux, Windows) Thursday, January 10, 13

4. PUPPET ENVIRONMENTS Thursday, January 10, 13

5. PUPPET ENVIRONMENTS Environments provides flexibility Production Staging OpsTools Offices Reports

   & Notifications Hipchat Log Puppet-dashboard Thursday, January 10, 13

6. PUPPET MODULES AND AWS Common modules BASE.pp Specific Module depends

   on $ec2_security_groups Thursday, January 10, 13

7. PUPPET CERTIFICATION AUTHORITY Thursday, January 10, 13

8. PUPPETCA Configuration allows for manual sync. Client or Server initiated

   sync. Client/Server configuration leverages a Certificate Authority (CA) on the puppet master to sign client certificates to verify authenticity. All data transmission between Master and Agent are encrypted. Thursday, January 10, 13

9. AWS & PUPPET Thursday, January 10, 13

10. Amazon AMI are not flexible. Amazon Instances boots using DHCP.

    How can PuppetCA trust your AMI. Autoscaling is heaven but.... managing hosts isn’t. AWS ISSUES Thursday, January 10, 13

11. SOLVING AWS ISSUES Leverage EC2 Security Groups to give context

    to an AMI. PuppetMaster can allow domains to be autosigned (autosign.conf). Create a cron so you can look for new instances and sign their SSL.* Autosign certain scopes (*.wuaki.tv) Manually sign SSL* * not efficient with autoscaling. Thursday, January 10, 13

12. Thursday, January 10, 13

13. THANKS. QUESTIONS? Twitter: rhoml E-mail: [email protected] I do Ops at

    Thursday, January 10, 13