Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Mozilla and Puppet

Mozilla and Puppet

We review how Mozilla IT is using Puppet and our future plans, including a secrets module, Hiera, open sourcing our puppet modules, and more

Also available at http://bits.inatree.org/mozilla-puppet-scale11x.pdf

Brandon Burton

February 22, 2013
Tweet

More Decks by Brandon Burton

Other Decks in Technology

Transcript

  1. Friday, February 22, 13

    View full-size slide

  2. Friday, February 22, 13

    View full-size slide

  3. MOZILLA AND PUPPET
    Friday, February 22, 13

    View full-size slide

  4. WHO AM I?
    BRANDON BURTON
    @SOLARCE
    MOZILLA WEB OPERATIONS
    LOLCAT ENTHUSIAST
    Friday, February 22, 13

    View full-size slide

  5. SHOUTOUT
    MOZILLA IT INFRASTRUCTURE TEAM
    @JABBADOW
    @FLOATINGATOLL
    @LIMED
    @JUSTDAVEMILLER
    @UBERJ_
    @TUCKERWHAT
    DIGI
    Friday, February 22, 13

    View full-size slide

  6. TODAY
    OVERALL LAYOUT
    BEST PRACTICES FOR MODULES/MANIFESTS
    SCALING PUPPETMASTERS
    PUPPETCTL
    PUPPET DASHBOARD
    NAGIOS
    Friday, February 22, 13

    View full-size slide

  7. FOCUSING ON MOZILLA IT
    ALSO RELENG - PUPPETAGAIN
    Friday, February 22, 13

    View full-size slide

  8. OVERALL LAYOUT
    MODULES/
    |__FILES/
    |__MANIFESTS/
    |__TEMPLATES/
    MANIFESTS/NODES/
    HIERA/
    Friday, February 22, 13

    View full-size slide

  9. BEST PRACTICES
    BASED ON PUPPETLABS
    SVN PRECOMMIT HOOK
    |__CHECK-PUPPET-SYNTAX
    |__CHECK-TEMPLATE-
    SYNTAX
    PUPPET-LINT
    Friday, February 22, 13

    View full-size slide

  10. SCALING
    PUPPETMASTERS
    AT LEAST A PUPPETMASTER PER DC
    FRONTEND/BACKENDS
    FRONTEND DOES ALL SSL ACTIONS
    NON-SSL ACTIONS PROXIED TO BACKENDS
    Friday, February 22, 13

    View full-size slide

  11. PUPPETCTL
    SCRIPT FOR DISABLING/ENABLING THE PUPPET AGENT
    HAS ARGUMENTS FOR AMOUNT OF TIME
    EDITS MOTD
    HTTPS://GITHUB.COM/MOZILLA-IT/PUPPETCTL
    Friday, February 22, 13

    View full-size slide

  12. PUPPET DASHBOARD
    CHECK FOR ERRORS
    INFRA TEAM KEEPS AN EYE ON IT
    HTTP://THEFOREMAN.ORG/
    Friday, February 22, 13

    View full-size slide

  13. NAGIOS
    PUPPET GENERATES OUR NAGIOS CONFIGS
    STALENESS CHECK BASED ON PUPPET DASHBOARD
    Friday, February 22, 13

    View full-size slide

  14. WHERE WE'RE GOING
    SECRETS MODULE
    HEIRA
    PUPPETDB
    OPEN SOURCING MODULES
    Friday, February 22, 13

    View full-size slide

  15. SECRETS MODULE
    PRIVATE REPOSITORY
    SSL CERTIFICATES
    SECRET BINARY FILES
    JUST A MODULE YOU CAN INCLUDE
    Friday, February 22, 13

    View full-size slide

  16. HEIRA
    PASSWORDS, CREDENTIALS, SECRETS
    HEIRA-GPG
    PARAMETERIZED CLASS DEFAULTS
    NOT ENTIRELY DECIDED YET
    Friday, February 22, 13

    View full-size slide

  17. PUPPETDB
    OVERLAPS WITH INTERNAL INVENTORY TOOL
    HTTPS://GITHUB.COM/MOZILLA/INVENTORY
    Friday, February 22, 13

    View full-size slide

  18. OPEN SOURCING MODULES
    DEPENDS ON SECRETS MODULE
    NOT A GOAL, BUT NEAR IT
    TRYING TO DEVELOP NEW MODULES IN PUBLIC
    E.G. HTTPS://GITHUB.COM/RTUCKER-MOZILLA/PUPPET-
    SSH-1/
    Friday, February 22, 13

    View full-size slide

  19. WANT TO KNOW MORE?
    HTTPS://BLOG.MOZILLA.ORG/IT/
    LCA 2013: PUPPET LIKE AN ADULT
    PUPPET CONF 2012: SCALING PUPPET
    HTTPS://GITHUB.COM/MOZILLA-IT
    Friday, February 22, 13

    View full-size slide

  20. SLIDES
    HTTPS://SPEAKERDECK.COM/SOLARCE/MOZILLA-AND-PUPPET
    Friday, February 22, 13

    View full-size slide

  21. KEEP ON ROCKIN'
    THE FREE WEB
    Friday, February 22, 13

    View full-size slide