Exported Configs == Better Puppet

Transcript

1. Stephen Johnson – PSE ([email protected]) Exported Resource = Better Puppet

   Monday, 8 April 13

2. About Me • Employed by Puppetlabs for One Year •

   Im Stephen (www.thatbytes.co.uk) • Using Puppet since 2007 • Deploy other peoples infrastructures for fun and Puppetlabs profit. Monday, 8 April 13

3. What i hate • Manual Deploys • Complex Deploys •

   Failures • To much typing • Not knowing about things Monday, 8 April 13

4. New Machine Processes • Gather new machine requirements • Machine

   built manually • Manually add the service • Manually add the monitoring Monday, 8 April 13

5. The new process • Automatic Build • PXE • Kickstart

   • Automatic Deployment of Application • Puppet • Mcollective • Manually add the monitoring checks • Manual Process ????????????? Monday, 8 April 13

6. Error Prone Process • Automatic Build the machine • Deploys

   everything using Puppet • Forget add the monitoring • Because someone else did it, didn’t they? • Machine fills up the disk • Kills the database • No alert was ever sent out Monday, 8 April 13

7. If its not monitored • Then it never failed •

   Until you get a call from the customer Monday, 8 April 13

8. Implement a process • Add a list requirements for monitoring

   • Qa the requirements • Forget a requirement • Or the requirements change Monday, 8 April 13

9. Inconsistent • Forget to monitor all the services on the

   machine • Easy to make mistakes • No base level of monitoring • Have to update all your old machines Monday, 8 April 13

10. Use a robot • People are flawed • Machines are

    good at remembering to do things • Are good at doing this over and over • With out making mistakes Monday, 8 April 13

11. How do we fix this • Take humans out of

    the equation • Don’t let them touch the monitoring system • Unless they really really really have to • Use Puppet / Puppetdb • Don't use the naginator type • Sorry luke Monday, 8 April 13

12. Goals • Standard base monitoring • Monitoring should be added

    automatically (not out of sync) • Do this configuration in the same place (obvious) • Should hide the implementation • Use configuration data fro monitoring config Monday, 8 April 13

13. Why Puppet • It knows about out services • As

    it configured them • Can generate config and share config out of the box (with Puppetdb) using Stored Configs Monday, 8 April 13

14. What are Stored Configs • The client exports the config

    to the puppetmaster • Its stored in Puppetdb • Later puppet runs on other machines can use this resources Monday, 8 April 13

15. Example client check • class  webserver  {      

     @@file  {  "/etc/nagios/conf.d/$::fqdn.apachecheck.conf":              content  =>  "nagios  check  stuff  \n",              tag  =>  "nagioscheck",                    }        #Install  all  our  webserver  stuff  as  well              } Monday, 8 April 13

16. Explanation • This resource isn’t realized on the current machine

    running puppet • Stored on the masted for use on other puppet runs • Tagged so we can search Monday, 8 April 13

17. Example server •  class  nagios::server  {        

           File  <<|  tag  ==  'nagioscheck'  |>>            } Monday, 8 April 13

18. Explanation • Every exported resource that is of type file

    and tag nagioscheck is created on the current machine • Configuration retrieved from the database (Puppetdb) Monday, 8 April 13

19. This gives us • Repeatable monitoring of services • Automated

    • Standardized base Nagios configuration • Automated • Add service checks to be added • Automated Monday, 8 April 13

20. Demo • Another way to watch me FAIL! Monday, 8

    April 13

21. Query Puppetdb • We can do this another way •

    Query Puppetdb for the information • Using that to generated config Monday, 8 April 13

22. Example • $hosts = query_nodes(dc=uk and Class[Apache]') • Get all

    the hosts with a class of Apache with a model of 17* and are in the dc uk • Uses facts • file (‘ukmonitoringapache’: • ensure=>present, content=>(‘template/apachecheck.erb’) path => ‘/etc/nagios.d/check/apache.conf‘) Monday, 8 April 13