Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Mozilla and Puppet

Mozilla and Puppet

We review how Mozilla IT is using Puppet and our future plans, including a secrets module, Hiera, open sourcing our puppet modules, and more

Also available at http://bits.inatree.org/mozilla-puppet-scale11x.pdf

Brandon Burton

February 22, 2013
Tweet

More Decks by Brandon Burton

Other Decks in Technology

Transcript

  1. Friday, February 22, 13

    View Slide

  2. Friday, February 22, 13

    View Slide

  3. MOZILLA AND PUPPET
    Friday, February 22, 13

    View Slide

  4. WHO AM I?
    BRANDON BURTON
    @SOLARCE
    MOZILLA WEB OPERATIONS
    LOLCAT ENTHUSIAST
    Friday, February 22, 13

    View Slide

  5. SHOUTOUT
    MOZILLA IT INFRASTRUCTURE TEAM
    @JABBADOW
    @FLOATINGATOLL
    @LIMED
    @JUSTDAVEMILLER
    @UBERJ_
    @TUCKERWHAT
    DIGI
    Friday, February 22, 13

    View Slide

  6. TODAY
    OVERALL LAYOUT
    BEST PRACTICES FOR MODULES/MANIFESTS
    SCALING PUPPETMASTERS
    PUPPETCTL
    PUPPET DASHBOARD
    NAGIOS
    Friday, February 22, 13

    View Slide

  7. FOCUSING ON MOZILLA IT
    ALSO RELENG - PUPPETAGAIN
    Friday, February 22, 13

    View Slide

  8. OVERALL LAYOUT
    MODULES/
    |__FILES/
    |__MANIFESTS/
    |__TEMPLATES/
    MANIFESTS/NODES/
    HIERA/
    Friday, February 22, 13

    View Slide

  9. BEST PRACTICES
    BASED ON PUPPETLABS
    SVN PRECOMMIT HOOK
    |__CHECK-PUPPET-SYNTAX
    |__CHECK-TEMPLATE-
    SYNTAX
    PUPPET-LINT
    Friday, February 22, 13

    View Slide

  10. SCALING
    PUPPETMASTERS
    AT LEAST A PUPPETMASTER PER DC
    FRONTEND/BACKENDS
    FRONTEND DOES ALL SSL ACTIONS
    NON-SSL ACTIONS PROXIED TO BACKENDS
    Friday, February 22, 13

    View Slide

  11. PUPPETCTL
    SCRIPT FOR DISABLING/ENABLING THE PUPPET AGENT
    HAS ARGUMENTS FOR AMOUNT OF TIME
    EDITS MOTD
    HTTPS://GITHUB.COM/MOZILLA-IT/PUPPETCTL
    Friday, February 22, 13

    View Slide

  12. PUPPET DASHBOARD
    CHECK FOR ERRORS
    INFRA TEAM KEEPS AN EYE ON IT
    HTTP://THEFOREMAN.ORG/
    Friday, February 22, 13

    View Slide

  13. NAGIOS
    PUPPET GENERATES OUR NAGIOS CONFIGS
    STALENESS CHECK BASED ON PUPPET DASHBOARD
    Friday, February 22, 13

    View Slide

  14. WHERE WE'RE GOING
    SECRETS MODULE
    HEIRA
    PUPPETDB
    OPEN SOURCING MODULES
    Friday, February 22, 13

    View Slide

  15. SECRETS MODULE
    PRIVATE REPOSITORY
    SSL CERTIFICATES
    SECRET BINARY FILES
    JUST A MODULE YOU CAN INCLUDE
    Friday, February 22, 13

    View Slide

  16. HEIRA
    PASSWORDS, CREDENTIALS, SECRETS
    HEIRA-GPG
    PARAMETERIZED CLASS DEFAULTS
    NOT ENTIRELY DECIDED YET
    Friday, February 22, 13

    View Slide

  17. PUPPETDB
    OVERLAPS WITH INTERNAL INVENTORY TOOL
    HTTPS://GITHUB.COM/MOZILLA/INVENTORY
    Friday, February 22, 13

    View Slide

  18. OPEN SOURCING MODULES
    DEPENDS ON SECRETS MODULE
    NOT A GOAL, BUT NEAR IT
    TRYING TO DEVELOP NEW MODULES IN PUBLIC
    E.G. HTTPS://GITHUB.COM/RTUCKER-MOZILLA/PUPPET-
    SSH-1/
    Friday, February 22, 13

    View Slide

  19. WANT TO KNOW MORE?
    HTTPS://BLOG.MOZILLA.ORG/IT/
    LCA 2013: PUPPET LIKE AN ADULT
    PUPPET CONF 2012: SCALING PUPPET
    HTTPS://GITHUB.COM/MOZILLA-IT
    Friday, February 22, 13

    View Slide

  20. SLIDES
    HTTPS://SPEAKERDECK.COM/SOLARCE/MOZILLA-AND-PUPPET
    Friday, February 22, 13

    View Slide

  21. KEEP ON ROCKIN'
    THE FREE WEB
    Friday, February 22, 13

    View Slide