Introduction to Puppet

Transcript

1. INTRO TO PUPPET: IDEMPOTENT, MADE EASY thessaloniki.rb: Θεσσαλονίκη September 24,

   2013 Robert Terhaar [email protected] Atlantic Dynamic New York, NY 1 Wednesday, September 25, 13

2. COMPANY & PERSONAL BIO • Built custom cloud & IT

   management systems for: • Finance // Bio-Tech // Start-ups // Advertising • Sysadmin since 1998 • Puppet user for ~6 years • Based in NYC 2 Wednesday, September 25, 13

3. INTRO TO PUPPET: IDEMPOTENT- MADE EASY 3 Wednesday, September 25,

   13

4. intro {'puppet': idempotent => 'easy', } 4 Wednesday, September 25,

   13

5. OUTLINE • What is Puppet? • How Puppet works •

   Why Puppet instead of ________? • The Code • Installation • Syntax Introduction • Module Organization Example • Demo! 5 Wednesday, September 25, 13

6. WHAT IS PUPPET? • Ruby Gem • Agent and Server

   • Idempotent methods called “resources” • Reproducible configuration of your systems 6 Wednesday, September 25, 13

7. WHAT IS PUPPET? FINANCIAL TELCO/SP INTERNET TECH GOVERNMENT DEFENSE EDUCATION

   MANUFACTURING RETAIL MEDIA 7 Wednesday, September 25, 13

8. WHAT IS PUPPET? • Install includes agent and server (PuppetMaster)

   • The server is just HTTP (scales up w/ Passenger) • Security is handled via two-way SSL handshake • Can be used with server, or stand-alone 8 Wednesday, September 25, 13

9. 1 * N = N IDEMPOTENT ONE EXECUTION, OR MANY

   - ALWAYS THE SAME RESULTS 9 Wednesday, September 25, 13

10. HOW PUPPET WORKS 10 Wednesday, September 25, 13

11. HOW PUPPET WORKS 11 Wednesday, September 25, 13

12. WHY PUPPET INSTEAD OF __________? 12 Wednesday, September 25, 13

13. THE EVOLUTION OF SYSTEM CONFIGURATION 13 Wednesday, September 25, 13

14. PUPPET VS. MANUAL CONFIGURATION • Manual config (SSH’ing to servers)

    is: • Not idempotent • Error-prone • Not reproducible • Does not scale • Lacks ability to audit • Causes system fragmentation • Creates configuration anarchy! 14 Wednesday, September 25, 13

15. PUPPET VS. CUSTOM SCRIPTS • Always more work than you

    expect • Not idempotent • Difficult to collaborate with other people • Not portable to other operating systems • Difficult to test 15 Wednesday, September 25, 13

16. PUPPET VS. CAPISTRANO/FABRIC • These tools are... • Not idempotent

    • Designed for deployments, not system config Puppet is the Police officer Capistrano/Fabric is the construction worker • Police maintain order • Construction workers fix/replace components 16 Wednesday, September 25, 13

17. PUPPET VS. CHEF • Chef has some great ideas, but...

    • Server software is complicated, and Erlang?? • No dependency graph- one failure aborts entire run • Too easy to write “bad” Chef code (non-idempotent) • Too much Ruby code is sent to the clients, insecure? • Puppet (and the Puppet DSL) • Easier for non-programmers • Static analysis of DSL code is possible • Possible to develop and test in smaller modules • Has (per-resource) NOOP MODE! 17 Wednesday, September 25, 13

18. PUPPET VS. SALT/ANSIBLE • They are written in Python (I

    love Python) • Evolved from Puppet and Mcollective • Not as mature as Puppet (or Chef) • Focus more on remote execution • Puppet focuses on Auditing and Reporting 18 Wednesday, September 25, 13

19. THE CODE 19 Wednesday, September 25, 13

20. INSTALL Puppet Open Source: http://docs.puppetlabs.com/guides/ puppetlabs_package_repositories.html $ sudo rpm -ivh

    http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-7.noarch.rpm Puppet Enterprise: http://info.puppetlabs.com/download-pe.html 20 Wednesday, September 25, 13

21. HYPOTHETICAL RESOURCE SYNTAX resource_type {'unique resource': ensure => ‘some state’,

    arg1 => ‘setting1’, notify => OtherResource[‘unique2’], } 21 Wednesday, September 25, 13

22. FILE RESOURCE SYNTAX http://docs.puppetlabs.com/puppet/2.7/reference/lang_visual_index.html file {'ntp.conf': path => '/etc/ntp.conf', ensure

    => file, content => template('ntp/ntp.conf'), owner => root, mode => 0644, } • file: The resource type • ntp.conf: The title • path: An attribute • '/etc/ntp.conf': A value; in this case, a string • template('ntp/ntp.conf'): A function call that returns a value; in this case, the template function, with the name of a template in a module as its argument 22 Wednesday, September 25, 13

23. MODULE ORGANIZATION • Resources (DSL Code) • Class ( class

    foo { resource{‘x’:} } ) • Manifests (.pp files) • Modules (Folders) • Environments (Optional) • Puppet Master (or file path for master-less puppet) 23 Wednesday, September 25, 13

24. MODULE ORGANIZATION site.pp Top-level manifest puppet.conf Default Puppet Options installed

    to server and agent /etc/puppet/modules collections of manifests templates and files that are dynamically assigned 24 Wednesday, September 25, 13

25. Questions? Robert Terhaar [email protected] Atlantic Dynamic New York, NY 25

    Wednesday, September 25, 13

26. DEMO! 26 Wednesday, September 25, 13