DevOps: Automating Your Infrastructure with Puppet

Transcript

1. DevOps: Automating Your Infrastructure with Puppet Scott Smerchek @smerchek scottsmerchek.com

   Saturday, May 4, 13

2. What is DevOps? •a collaborative culture between technical teams. (Dev,

   Ops, and QA) •aligning goals and sharing strategies •improve efficiency and quality of code shipped Saturday, May 4, 13

3. What is DevOps, in practice? •Get buy-in from the organization

   at large •Integrated dev and ops teams •Leverage automation •Continuous integration/deployment •Infrastructure as code •Prod-like environments for dev/staging Saturday, May 4, 13

4. DevOps at Softek •Small team, developers also happen to be

   ops •ISV in Health Care: we deploy a server to each client (there is no cloud option) •Building a server was a tedious, fragile process eating away at engineer’s time •Servers in the field are all configured slightly differently •Deploy code to a client about every 6 months Saturday, May 4, 13

5. What did we do? •Wipe/rebuild QA machines with a command

   •Split apart the monolithic installer •Monitoring production servers (Zabbix) •Started deploying everything with Puppet Saturday, May 4, 13

6. Benefits • Never forget to restart a service after a

   config change • Reliable, predictable deployments • Reproduce environments with ease • Avoid configuration creep • Audit changes to prod environments • Dev, QA, Staging, Prod environments match • Once tedious tasks become trivial Saturday, May 4, 13

7. So, what is Puppet? •Configuration management •Automate repetitive tasks •Declarative

   way to define the configuration of a machine •Enforce the defined configuration (on an interval) •Report the differences and changes made Saturday, May 4, 13

8. Set the file mode file  {  '/etc/motd':    ensure  

    =>  file,    content  =>  'Hello  World',    mode        =>  '0644', } Saturday, May 4, 13

9. Use a template file  {  '/etc/motd':    ensure    =>

    file,    content  =>  template('site/motd.erb'),    mode        =>  '0644', } Saturday, May 4, 13

10. motd.erb -­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐ Welcome  to  the  host  name  <%=  hostname  %>

    <%=  operatingsystem  %>  <%=  operatingsystemrelease  %> -­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐ FQDN:  <%=  fqdn  %> IP:      <%=  ipaddress  %> This  host  is  managed  by  the  Puppet  Master,  <%=  servername   %>. Saturday, May 4, 13

11. Package -> Config -> Service package  {  'openssh-­‐server':    ensure

       =>  installed, } Saturday, May 4, 13

12. Package -> Config -> Service package  {  'openssh-­‐server':    ensure

       =>  installed, } file  {  '/etc/ssh/sshd_config':    source    =>  'puppet:///modules/sshd/sshd_config',    owner      =>  'root',    group      =>  'root',    mode        =>  '0640', } Saturday, May 4, 13

13. Package -> Config -> Service package  {  'openssh-­‐server':    ensure

       =>  installed, } file  {  '/etc/ssh/sshd_config':    source    =>  'puppet:///modules/sshd/sshd_config',    owner      =>  'root',    group      =>  'root',    mode        =>  '0640',    require  =>  Package['openssh-­‐server'], } Saturday, May 4, 13

14. Package -> Config -> Service package  {  'openssh-­‐server':    ensure

       =>  installed, } file  {  '/etc/ssh/sshd_config':    source    =>  'puppet:///modules/sshd/sshd_config',    owner      =>  'root',    group      =>  'root',    mode        =>  '0640',    require  =>  Package['openssh-­‐server'], } service  {  'sshd':    ensure  =>  running,    enable  =>  true, } Saturday, May 4, 13

15. Package -> Config -> Service package  {  'openssh-­‐server':    ensure

       =>  installed, } file  {  '/etc/ssh/sshd_config':    source    =>  'puppet:///modules/sshd/sshd_config',    owner      =>  'root',    group      =>  'root',    mode        =>  '0640',    notify    =>  Service['sshd'],    require  =>  Package['openssh-­‐server'], } service  {  'sshd':    ensure  =>  running,    enable  =>  true, } Saturday, May 4, 13

16. Finding Modules •The Puppet Forge (forge.puppetlabs.com) •Over 1000 modules •Organized

    by supported OS •Github •Most puppet forge modules live here Saturday, May 4, 13

17. Can’t find one? •Build it •Package it •Submit it Saturday,

    May 4, 13

18. A Puppet Dashboard •External Node Classifier (ENC) •Provides a UI

    to manage nodes •A must-have for Puppet Master deployments •A couple options: •Puppet Dashboard •Foreman Saturday, May 4, 13

19. Puppet on Windows • Pretty good support • file, package,

    service, schedule_task, exec • There are some caveats • Be careful with casing, backslashes, and line endings • User passwords are cleartext docs.puppetlabs.com/windows/writing.html Saturday, May 4, 13

20. Make the Transition • Fix pain points • Automate what

    you can • Start small or with internal/non-critical applications • Get buy-in from your org • Test things out with vagrant • Prefer modifications through Puppet over remoting to the machine and doing it manually Saturday, May 4, 13

21. Tools •Puppet syntax highlighting •Vim-puppet •Sublime-puppet •Puppet-lint •Puppet-rspec •Puppet-playground Saturday,

    May 4, 13

22. Other Resources • docs.puppetlabs.com/guides/ installation.html • docs.puppetlabs.com/learning/ • docs.puppetlabs.com/puppet/3/reference •

    docs.puppetlabs.com/references/latest/ type.html • forge.puppetlabs.com/ Saturday, May 4, 13