Vagrant, Puppet & Chef #FTW - SunshinePHP 2014

View Slide

Hi, I’m Thijs

View Slide

I’m an
at
Evangelist

View Slide

I’m a
at
board member

View Slide

I’m
@ThijsFeryn
on Twitter

View Slide

Please give me
feedback !
http://joind.in/10535

View Slide

View Slide

Create and configure
lightweight,
reproducible, and
portable development
environments.

View Slide

Written in Ruby
By Mitchell Hashimoto
in 2010

View Slide

A layer on top of

View Slide

View Slide

Why?
Why?
Why?

View Slide

View Slide

•Environment per project
•Dev ~= Test ~= Staging ~= Prod
•Easy to define & transport
•Easy to tear down
•Provisionable: infrastructure as code
•Versionable
•Shared across the team

View Slide

$ vagrant
Usage: vagrant [-‐v] [-‐h] command []
!
-‐v, -‐-‐version Print the version and exit.
-‐h, -‐-‐help Print this help.
!
Available subcommands:
box
destroy
halt
init
package
plugin
provision
reload
resume
ssh
ssh-‐config
status
suspend
up

View Slide

Generates a
Vagrantfile
$ vagrant init -‐h
Usage: vagrant init [box-‐name] [box-‐url]

View Slide

•Select base box
•Choose virtualization provider
•Configure VM parameters
•Configure networking
•Tweak SSH settings
•Mount local folders
•Provision machine
What does a Vagrantfile do?

View Slide

$ vagrant init
A `Vagrantfile` has been placed in this
directory. You are now
ready to `vagrant up` your first virtual
environment! Please read
the comments in the Vagrantfile as well
as documentation on
`vagrantup.com` for more information on
using Vagrant.
# -‐*-‐ mode: ruby -‐*-‐
# vi: set ft=ruby :
!
Vagrant.configure("2") do |config|
config.vm.box = "base"
end

View Slide

$ vagrant init precise32 http://
files.vagrantup.com/precise32.box
A `Vagrantfile` has been placed in this
directory. You are now
ready to `vagrant up` your first virtual
environment! Please read
the comments in the Vagrantfile as well as
documentation on
`vagrantup.com` for more information on
using Vagrant.
# -‐*-‐ mode: ruby -‐*-‐
# vi: set ft=ruby :
!
config.vm.box = "precise32"
config.vm.box_url = "http://
files.vagrantup.com/precise32.box"
end

View Slide

$vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
[default] Box 'precise32' was not found. Fetching box from specified URL for
the provider 'virtualbox'. Note that if the URL does not have
a box for this provider, you should interrupt Vagrant now and add
the box yourself. Otherwise Vagrant will attempt to download the
full box prior to discovering this error.
Downloading or copying the box...
Extracting
box...################################################################%
(Rate: /s, Estimated time remaining: ))
Successfully added box 'precise32' with provider 'virtualbox'!
[default] Importing base box 'precise32'...
[default] Matching MAC address for NAT networking...
[default] Setting the name of the VM...
[default] Clearing any previously set forwarded ports...
[default] Creating shared folders metadata...
[default] Clearing any previously set network interfaces...
[default] Preparing network interfaces based on configuration...
[default] Forwarding ports...
[default] -‐-‐ 22 => 2222 (adapter 1)
[default] Booting VM...
[default] Waiting for VM to boot. This can take a few minutes.
[default] VM booted and ready for use!
[default] Configuring and enabling network interfaces...
[default] Mounting shared folders...
[default] -‐-‐ /vagrant

View Slide

Boxes

View Slide

http://vagrantbox.es

View Slide

https://github.com/
jedi4ever/veewee
Build
your own
boxes

View Slide

$ vagrant box
Usage: vagrant box []
!
Available subcommands:
add
list
remove
repackage

View Slide

$ vagrant box list
precise32 (virtualbox)
!
$ vagrant box remove precise32 virtualbox
Removing box 'precise32' with provider 'virtualbox'...
!
$ vagrant box add precise32 http://files.vagrantup.com/
precise32.box -‐-‐provider virtualbox
Extracting
box...#####################################################
###########% (Rate: /s, Estimated time remaining: ))
Successfully added box 'precise32' with provider
'virtualbox'!
!
$ vagrant box repackage precise32 virtualbox
!
$ ls -‐lh
-‐rw-‐r-‐-‐r-‐-‐ 1 thijs staff 275M 10 okt 16:06 package.box

View Slide

$ vagrant box list
precise32 (virtualbox)
!
$ vagrant box remove precise32 virtualbox
Removing box 'precise32' with provider 'virtualbox'...
!
$ vagrant box add precise32
precise32.box
Extracting
box...#####################################################
###########% (Rate: /s, Estimated time remaining: ))
Successfully added box 'precise32' with provider
'virtualbox'!
!
$ vagrant box repackage precise32 virtualbox
!
$ ls -‐lh
-‐rw-‐r-‐-‐r-‐-‐ 1 thijs staff 275M 10 okt 16:06 package.box
# -‐*-‐ mode: ruby -‐*-‐
# vi: set ft=ruby :
!
end
Vagrantﬁle
can do this
too

View Slide

$ tar xvzf package.box
x ./box-‐disk1.vmdk
x ./box.ovf
x ./metadata.json
x ./Vagrantfile
Content of
a box ﬁle

View Slide

Vagrant up & running

View Slide

$ vagrant up
[default] Importing base box 'precise32'...
[default] Matching MAC address for NAT networking...
[default] -‐-‐ 22 => 2222 (adapter 1)
When
VM doesn’t
exist

View Slide

!
$ vagrant up
[default] VirtualBox VM is already running.
$ vagrant status
Current machine states:
!
default running (virtualbox)
When VM
exists & is
running

View Slide

$ vagrant suspend
[default] Saving VM state and suspending execution...
$ vagrant status
!
default saved (virtualbox)
$ vagrant up
[default] Resuming suspended VM...
[default] Waiting for VM to boot. This can take a few
minutes.
Suspend &
resume

View Slide

$ vagrant halt
[default] Attempting graceful shutdown of VM...
$ vagrant status
!
default poweroff (virtualbox)
$ vagrant up
[default] -‐-‐ 22 => 2222 (adapter 1)
Stop & start

View Slide

$ vagrant destroy
Are you sure you want to destroy the 'default' VM? [y/N] y
[default] Forcing shutdown of VM...
[default] Destroying VM and associated drives...
$ vagrant status
!
default not created (virtualbox)
Destroy

View Slide

Connect

View Slide

$ vagrant ssh
Linux debian-‐7 3.2.0-‐4-‐amd64 #1 SMP Debian 3.2.46-‐1 x86_64
!
The programs included with the Debian GNU/Linux system are
free software;
the exact distribution terms for each program are described
in the
individual files in /usr/share/doc/*/copyright.
!
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the
extent
permitted by applicable law.
Last login: Mon Jul 15 13:13:36 2013 from 10.0.2.2
[email protected]‐7:~$ sudo su
[email protected]‐7:/home/vagrant
No login
or password
required

View Slide

[email protected]‐7:/home/vagrant# cat .ssh/authorized_keys
ssh-‐rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8
YVr+kz4TjGYe7gHzIw
+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6Iedp
lqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7P
tixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL
+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm
+R4LOzFUGaHqHDLKLX
+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ==
vagrant insecure public key
Public key

View Slide

$ vagrant ssh-‐config
Host default
HostName 127.0.0.1
User vagrant
Port 2222
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
PasswordAuthentication no
IdentityFile "/Users/thijs/.vagrant.d/insecure_private_key"
IdentitiesOnly yes
LogLevel FATAL
Username,
host, port &
private key
location

View Slide

$ cat ~/.vagrant.d/insecure_private_key
-‐-‐-‐-‐-‐BEGIN RSA PRIVATE KEY-‐-‐-‐-‐-‐
MIIEogIBAAKCAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzI
w+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoP
kcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2
hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NO
Td0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcW
yLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQIBIwKCAQEA4iqWPJXtzZA68mKd
ELs4jJsdyky+ewdZeNds5tjcnHU5zUYE25K+ffJED9qUWICcLZDc81TGWjHyAqD1
Bw7XpgUwFgeUJwUlzQurAv+/ySnxiwuaGJfhFM1CaQHzfXphgVml+fZUvnJUTvzf
TK2Lg6EdbUE9TarUlBf/xPfuEhMSlIE5keb/Zz3/LUlRg8yDqz5w+QWVJ4utnKnK
iqwZN0mwpwU7YSyJhlT4YV1F3n4YjLswM5wJs2oqm0jssQu/BT0tyEXNDYBLEF4A
sClaWuSJ2kjq7KhrrYXzagqhnSei9ODYFShJu8UWVec3Ihb5ZXlzO6vdNQ1J9Xsf
4m+2ywKBgQD6qFxx/Rv9CNN96l/4rb14HKirC2o/orApiHmHDsURs5rUKDx0f9iP
cXN7S1uePXuJRK/5hsubaOCx3Owd2u9gD6Oq0CsMkE4CUSiJcYrMANtx54cGH7Rk
EjFZxK8xAv1ldELEyxrFqkbE4BKd8QOt414qjvTGyAK+OLD3M2QdCQKBgQDtx8pN
CAxR7yhHbIWT1AH66+XWN8bXq7l3RO/ukeaci98JfkbkxURZhtxV/HHuvUhnPLdX
3TwygPBYZFNo4pzVEhzWoTtnEtrFueKxyc3+LjZpuo+mBlQ6ORtfgkr9gBVphXZG
YEzkCD3lVdl8L4cw9BVpKrJCs1c5taGjDgdInQKBgHm/fVvv96bJxc9x1tffXAcj
3OVdUN0UgXNCSaf/3A/phbeBQe9xS+3mpc4r6qvx+iy69mNBeNZ0xOitIjpjBo2+
dBEjSBwLk5q5tJqHmy/jKMJL4n9ROlx93XS+njxgibTvU6Fp9w+NOFD/HvxB3Tcz
6+jJF85D5BNAG3DBMKBjAoGBAOAxZvgsKN+JuENXsST7F89Tck2iTcQIT8g5rwWC
P9Vt74yboe2kDT531w8+egz7nAmRBKNM751U/95P9t88EDacDI/Z2OwnuFQHCPDF
llYOUI+SpLJ6/vURRbHSnnn8a/XG+nzedGH5JGqEJNQsz+xT2axM0/W/CRknmGaJ
kda/AoGANWrLCz708y7VYgAtW2Uf1DPOIYMdvo6fxIB5i9ZfISgcJ/bbCUkFrhoH
+vq/5CIWxCPp0f85R4qxxQ5ihxJ0YDQT9Jpx4TMss4PSavPaBH3RXow5Ohe+bYoQ
NE5OgEXk2wVfZczCZpigBKbKZHNYcelXtTt/nP3rsCuGcM4h53s=
-‐-‐-‐-‐-‐END RSA PRIVATE KEY-‐-‐-‐-‐-‐
Private key

View Slide

The portability
of a
Vagrantfile

View Slide

Add
Vagrantﬁle to
VCS

View Slide

Share
Vagrantfile
Share dev env

View Slide

Infrastructure as code

View Slide

You probably
remember this one
# -‐*-‐ mode: ruby -‐*-‐
# vi: set ft=ruby :
!
end

View Slide

Networking

View Slide

Networking
config.vm.network :forwarded_port, guest: 80, host:
8080
config.vm.network :public_network
config.vm.network :private_network, ip:
"192.168.10.10"
Bridged network
Port forwarding
Private IP space

View Slide

# -‐*-‐ mode: ruby -‐*-‐
# vi: set ft=ruby :
!
config.vm.box_url = "http://files.vagrantup.com/
precise32.box"
config.vm.network :private_network, ip: "192.168.10.10"
end
$ vagrant up
...
[default] Preparing network interfaces based on
configuration...
[default] -‐-‐ 22 => 2222 (adapter 1)
Yes,
there is port
forwarding
involved

View Slide

# -‐*-‐ mode: ruby -‐*-‐
# vi: set ft=ruby :
!
precise32.box"
config.vm.network :forwarded_port, guest: 80, host: 8080
end
$ vagrant up
...
configuration...
[default] -‐-‐ 22 => 2222 (adapter 1)
[default] -‐-‐ 80 => 8080 (adapter 1) There’s
port 80

View Slide

# -‐*-‐ mode: ruby -‐*-‐
# vi: set ft=ruby :
!
precise32.box"
config.vm.network :public_network
end

View Slide

$ vagrant up
...
Bringing machine 'default' up with 'virtualbox'
provider...
[default] Clearing any previously set network
interfaces...
[default] Available bridged network interfaces:
1) en1: Wi-‐Fi (AirPort)
2) en0: Ethernet
3) p2p0
What interface should the network bridge to? 1
configuration...
[default] -‐-‐ 22 => 2222 (adapter 1)
Choose
interface

View Slide

config.vm.network "public_network", :bridge =>
'en1: Wi-‐Fi (AirPort)'
Assign interface in Vagrantﬁle

View Slide

Synced folders

View Slide

Local ﬁlesystem available in VM

View Slide

Save directly from your editor/IDE

View Slide

$ vagrant up
...
config.vm.synced_folder "web/", "/var/www"
$ vagrant up
...
[default] -‐-‐ /var/www
Extra mount
Default mount

View Slide

VM properties

View Slide

config.vm.hostname = "mymachine"
config.vm.provider :virtualbox do |v|
v.customize ["modifyvm", :id, '-‐-‐chipset', 'ich9']
v.customize ["modifyvm", :id, "-‐-‐natdnshostresolver1", "on"]
v.customize ["modifyvm", :id, "-‐-‐ioapic", "on"]
v.customize ["modifyvm", :id, "-‐-‐memory", 2048]
v.customize ["modifyvm", :id, "-‐-‐cpus", "4"]
#v.gui = true
end
VM properties

View Slide

Provisioning

View Slide

•Add specific software
•Create configuration files
•Execute commands
•Create users
•Manage services
•Automatically executed on vagrant up
Provisioning

View Slide

Having an
exact copy of
your production
environment

View Slide

•Shell
•Ansible
•Chef Solo
•Chef Client
•Puppet Apply
•Puppet Agent
Provisioning

View Slide

Shell

View Slide

shell
config.vm.provision :shell, :inline => "mount
-‐t tmpfs -‐o size=50m,mode=0777 tmpfs /vagrant/
app/cache"
Mount RAM disk volume

View Slide

shell
$script = <echo I am provisioning...
date > /etc/vagrant_provisioned_at
SCRIPT
!
config.vm.provision "shell", inline: $script
end
Inject Ruby

View Slide

shell
config.vm.provision "shell", path: "script.sh"
end
Point to script in your current folder
config.vm.provision "shell", path: "https://
example.com/provisioner.sh"
end
Point to external script

View Slide

View Slide

Written by Ruby
By Opscode in 2009

View Slide

Written by Ruby
By Puppetlabs in 2005

View Slide

•Written in Ruby
•Open source with enterprise revenue model
•Similar features
•Both have a standalone and server-side
edition
•Supported by a large community
•Modularized components
•Use packages for software installs
•Use templating for custom files
•Filesystem methods
•...
Chef & Puppet

View Slide

Chef vs Puppet
Chef Puppet
Modules Cookbooks Modules
Actions Recipes Manifests
Language Ruby extended with DSL DSL
Running order Sequential “Random”
Approach Define actions Define state
Programming style Procedural “OO-like”

View Slide

Let’s do some Chef

View Slide

•Download cookbooks (https://github.com/
opscode-cookbooks)
•Configure chef.cookbooks_path in
Vagrantfile
•Add recipes using chef.add_recipe in
Vagrantfile
•Configure attributes with chef.json
•Group custom actions in custom cookbook
How to use Chef Solo

View Slide

config.vm.provision :chef_solo do |chef|
chef.cookbooks_path = ./tools/chef/cookbooks"
chef.add_recipe "mysql::server"
chef.json = {
"mysql" => {
"server_root_password" => "foo",
"server_repl_password" => "foo",
"server_debian_password" => "foo"
}
}
end
Vagrantfile

View Slide

cookbook
├── README.md
├── attributes
├── definitions
├── files
│ └── default
├── libraries
├── metadata.rb
├── providers
├── recipes
│ └── default.rb
├── resources
└── templates
└── default
Chef cookbook layout

View Slide

MySQL attributes
default['mysql']['port'] = 3306
default['mysql']['nice'] = 0
!
case node['platform_family']
when 'debian'
default['mysql']['server']['packages'] = %w[mysql-‐server]
default['mysql']['service_name'] = 'mysql'
default['mysql']['basedir'] = '/usr'
default['mysql']['data_dir'] = '/var/lib/mysql'
default['mysql']['root_group'] = 'root'
default['mysql']['mysqladmin_bin'] = '/usr/bin/mysqladmin'
default['mysql']['mysql_bin'] = '/usr/bin/mysql'
default['mysql']['conf_dir'] = '/etc/mysql'
default['mysql']['confd_dir'] = '/etc/mysql/conf.d'
default['mysql']['socket'] = '/var/run/mysqld/
mysqld.sock'
default['mysql']['pid_file'] = '/var/run/mysqld/
mysqld.pid'
default['mysql']['old_passwords'] = 0
default['mysql']['grants_path'] = '/etc/mysql/grants.sql'
...

View Slide

MySQL server recipe
...
group 'mysql' do
action :create
end
!
user 'mysql' do
comment 'MySQL Server'
gid 'mysql'
system true
home node['mysql']['data_dir']
shell '/sbin/nologin'
end
!
node['mysql']['server']['packages'].each do |name|
package name do
action :install
notifies :start, 'service[mysql]', :immediately
end
end
...

View Slide

MySQL template
[client]
host = localhost
user = debian-‐sys-‐maint
password = <%= node['mysql']['server_debian_password'] %>
socket = <%= node['mysql']['socket'] %>
!
[mysql_upgrade]
host = localhost
user = debian-‐sys-‐maint
password = <%= node['mysql']['server_debian_password'] %>
socket = <%= node['mysql']['socket'] %>
basedir = /usr

View Slide

•Cron
•Directory
•Execute
•File
•Git
•Group
•Link
•Log
•Package
•Service
•Template
•User
•...
!
Typical Chef resources

View Slide

Let’s write some
Chef ourselves

View Slide

execute 'update apt' do
command "apt-‐get update"
action :run
end
!
package 'mysql-‐server' do
action :install
notifies :start, 'service[mysql]', :immediately
end
!
package 'apache2' do
action :install
notifies :start, 'service[apache2]', :delayed
end
!
package 'php5' do
action :install
notifies :reload, 'service[apache2]', :delayed
end
./tools/chef/cookbooks/project/recipes/default.rb

View Slide

execute 'assign-‐root-‐password' do
command "/usr/bin/mysqladmin -‐u root password '#{node['project']
['server_root_password']}'"
action :run
only_if "/usr/bin/mysql -‐u root -‐e 'show databases;'"
end
!
service 'mysql' do
service_name 'mysql'
supports :status => true, :restart => true, :reload => true
action :enable
end
!
service 'apache2' do
service_name 'apache2'
supports :status => true, :restart => true, :reload => true
action :enable
end
./tools/chef/cookbooks/project/recipes/default.rb

View Slide

# -‐*-‐ mode: ruby -‐*-‐
# vi: set ft=ruby :
!
precise32.box
config.vm.provision :chef_solo do |chef
chef.cookbooks_path = ./tools/chef/cookbooks"
chef.add_recipe "project"
chef.json = {
"project" => {
"server_root_password" => "foo"
}
}
end
end
Your Vagrantfile

View Slide

$ vagrant up
...
[default] -‐-‐ /tmp/vagrant-‐chef-‐1/chef-‐solo-‐1/cookbooks
[default] Running provisioner: chef_solo...
Generating chef JSON and uploading...
Running chef-‐solo...
...
Vagrant up

View Slide

[2013-‐10-‐21T10:37:22+00:00] INFO: *** Chef 11.4.4 ***
[2013-‐10-‐21T10:37:22+00:00] INFO: Setting the run_list to
["recipe[project]"] from JSON
[2013-‐10-‐21T10:37:22+00:00] INFO: Run List is [recipe[project]]
[2013-‐10-‐21T10:37:22+00:00] INFO: Run List expands to [project]
[2013-‐10-‐21T10:37:22+00:00] INFO: Starting Chef Run for debian-‐7.1.0
[2013-‐10-‐21T10:37:22+00:00] INFO: Running start handlers
[2013-‐10-‐21T10:37:22+00:00] INFO: Start handlers complete.
[2013-‐10-‐21T10:37:24+00:00] INFO: Processing package[mysql-‐server] action
install (project::default line 1)
[2013-‐10-‐21T10:37:59+00:00] INFO: package[mysql-‐server] sending start action
to service[mysql] (immediate)
[2013-‐10-‐21T10:37:59+00:00] INFO: Processing service[mysql] action start
(project::default line 10)
[2013-‐10-‐21T10:37:59+00:00] INFO: Processing execute[assign-‐root-‐password]
action run (project::default line 5)
[2013-‐10-‐21T10:37:59+00:00] INFO: execute[assign-‐root-‐password] ran
successfully
[2013-‐10-‐21T10:37:59+00:00] INFO: Processing service[mysql] action enable
[2013-‐10-‐21T10:37:59+00:00] INFO: Chef Run complete in 37.208173462 seconds
[2013-‐10-‐21T10:37:59+00:00] INFO: Running report handlers
[2013-‐10-‐21T10:37:59+00:00] INFO: Report handlers complete
Output

View Slide

Let’s do some Puppet

View Slide

•Download modules (https://github.com/
puppetlabs/)
•Configure puppet.module_path,
puppet.manifests_path &
puppet.manifest_file in Vagrantfile
•Provisioning flow happens in the main
manifest
•Configure attributes with puppet.facter
How to use Puppet Apply

View Slide

Vagrantfile
config.vm.provision :puppet do |puppet|
puppet.manifests_path = "./tools/puppet/manifests"
puppet.module_path = "./tools/puppet/modules"
puppet.manifest_file = "init.pp"
puppet.options = ['-‐-‐verbose']
end
include mysql::server
class { '::mysql::server':
root_password => 'foo'
}
init.pp
Override password
Default

View Slide

Puppet module layout
module
├── README.md
├── files
├── lib
├── metadata.json
├── spec
├── manifests
│ └── init.pp
│ └── params.pp
├── resources
└── templates
└── tests

View Slide

MySQL params
class mysql::params {
!
$manage_config_file = true
$old_root_password = ''
$purge_conf_dir = false
$restart = false
$root_password = 'UNSET'
$server_package_ensure = 'present'
$server_service_manage = true
$server_service_enabled = true
# mysql::bindings
$bindings_enable = false
$java_package_ensure = 'present'
$java_package_provider = undef
$perl_package_ensure = 'present'
$perl_package_provider = undef
$php_package_ensure = 'present'
$php_package_provider = undef
$python_package_ensure = 'present'
$python_package_provider = undef
$ruby_package_ensure = 'present'
$ruby_package_provider = undef

View Slide

MySQL params 2
...
case $::osfamily {
'RedHat': {
if $::operatingsystem == 'Fedora' and
(is_integer($::operatingsystemrelease) and $::operatingsystemrelease >=
19 or $::operatingsystemrelease == "Rawhide") {
$client_package_name = 'mariadb'
$server_package_name = 'mariadb-‐server'
} else {
$client_package_name = 'mysql'
$server_package_name = 'mysql-‐server'
}
$basedir = '/usr'
$config_file = '/etc/my.cnf'
$datadir = '/var/lib/mysql'
$log_error = '/var/log/mysqld.log'
$pidfile = '/var/run/mysqld/mysqld.pid'
$root_group = 'root'
$server_service_name = 'mysqld'
$socket = '/var/lib/mysql/mysql.sock'
$ssl_ca = '/etc/mysql/cacert.pem'
$ssl_cert = '/etc/mysql/server-‐cert.pem'

View Slide

MySQL server manifest
class mysql::server (
$config_file = $mysql::params::config_file,
$manage_config_file = $mysql::params::manage_config_file,
$old_root_password = $mysql::params::old_root_password,
$override_options = {},
$package_ensure = $mysql::params::server_package_ensure,
$package_name = $mysql::params::server_package_name,
$purge_conf_dir = $mysql::params::purge_conf_dir,
$remove_default_accounts = false,
$restart = $mysql::params::restart,
$root_group = $mysql::params::root_group,
$root_password = $mysql::params::root_password,
$service_enabled =
$mysql::params::server_service_enabled,
$service_manage = $mysql::params::server_service_manage,
$service_name = $mysql::params::server_service_name,
$service_provider =
$mysql::params::server_service_provider,
# Deprecated parameters
$enabled = undef,
$manage_service = undef
) inherits mysql::params {
...

View Slide

MySQL template
[client]
user=root
host=localhost
<% unless scope.lookupvar('mysql::server::root_password')
== 'UNSET' -‐%>
password='<%=
scope.lookupvar('mysql::server::root_password') %>'
<% end -‐%>
socket=<%= @options['client']['socket'] -‐%>
ERB style too!

View Slide

•Computer
•Cron
•Exec
•File
•Filebucket
•Group
•Host
•Interface
•Package
•Service
•Sshkey
•User
Typical Puppet resources

View Slide

Let’s write some
Puppet ourselves

View Slide

exec { "apt-‐update":
command => "/usr/bin/apt-‐get update",
}
!
package { 'mysql-‐server':
ensure => present,
require => Exec['apt-‐update'],
notify => Service['mysql'],
}
!
package { 'apache2':
ensure => present,
notify => Package['php5'],
}
!
package { 'php5':
ensure => present,
notify => Service['apache2'],
}
./tools/puppet/manifests/init.pp

View Slide

exec { 'assign-‐root-‐password':
command => "/usr/bin/mysqladmin -‐u root password $root_password",
require => Package["mysql-‐server"],
onlyif => "/usr/bin/mysql -‐u root -‐e 'show databases;'"
}

service { "mysql":
name => "mysql",
ensure => running,
enable => true,
hasrestart => true,
require => Package["mysql-‐server"],
}
!
service { "apache2":
name => "apache2",
ensure => running,
enable => true,
hasrestart => true,
require => Package["apache2"],
}
./tools/puppet/manifests/init.pp

View Slide

Your Vagrantfile
# -‐*-‐ mode: ruby -‐*-‐
# vi: set ft=ruby :
!
precise32.box
config.vm.provision :puppet do |puppet|
puppet.manifests_path = "puppet/manifests"
puppet.module_path = "puppet/modules"
puppet.manifest_file = "init.pp"
puppet.facter = {
"root_password" => "foo",
}
end
end

View Slide

$ vagrant up
...
[default] -‐-‐ /tmp/vagrant-‐puppet/manifests
[default] -‐-‐ /tmp/vagrant-‐puppet/modules-‐0
[default] Running provisioner: puppet...
Running Puppet with init.pp...
Notice: /Stage[main]//Exec[apt-‐update]/returns: executed
successfully
Notice: /Stage[main]//Package[mysql-‐server]/ensure: ensure
changed 'purged' to 'present'
Service[mysql]
Notice: /Stage[main]//Service[mysql]: Triggered 'refresh' from
1 events
Notice: /Stage[main]//Exec[assign-‐root-‐password]/returns:
executed successfully
Notice: /Stage[main]//Package[apache2]/ensure: ensure changed
'purged' to 'present'
Notice: /Stage[main]//Package[php5]/ensure: ensure changed
'purged' to 'present'
Notice: /Stage[main]//Service[apache2]: Triggered 'refresh'
from 1 events
Notice: Finished catalog run in 222.55 seconds

View Slide

[2013-‐10-‐21T10:37:22+00:00] INFO: *** Chef 11.4.4 ***
[2013-‐10-‐21T10:37:22+00:00] INFO: Setting the run_list to
["recipe[project]"] from JSON
[2013-‐10-‐21T10:37:22+00:00] INFO: Run List is [recipe[project]]
[2013-‐10-‐21T10:37:22+00:00] INFO: Run List expands to [project]
[2013-‐10-‐21T10:37:22+00:00] INFO: Starting Chef Run for debian-‐7.1.0
[2013-‐10-‐21T10:37:22+00:00] INFO: Running start handlers
[2013-‐10-‐21T10:37:22+00:00] INFO: Start handlers complete.
[2013-‐10-‐21T10:37:24+00:00] INFO: Processing package[mysql-‐server] action
install (project::default line 1)
[2013-‐10-‐21T10:37:59+00:00] INFO: package[mysql-‐server] sending start action
to service[mysql] (immediate)
[2013-‐10-‐21T10:37:59+00:00] INFO: Processing service[mysql] action start
[2013-‐10-‐21T10:37:59+00:00] INFO: Processing execute[assign-‐root-‐password]
action run (project::default line 5)
[2013-‐10-‐21T10:37:59+00:00] INFO: execute[assign-‐root-‐password] ran
successfully
[2013-‐10-‐21T10:37:59+00:00] INFO: Processing service[mysql] action enable
[2013-‐10-‐21T10:37:59+00:00] INFO: Chef Run complete in 37.208173462 seconds
[2013-‐10-‐21T10:37:59+00:00] INFO: Running report handlers
[2013-‐10-‐21T10:37:59+00:00] INFO: Report handlers complete
Output

View Slide

Chef or Puppet?

View Slide

Re-provision
$ vagrant provision
When
machine
is running

View Slide

Problems with
provisioning

View Slide

•Provisioning is often slow (especially
when installing lots of packages)
•Quality of public cookbooks/manifests
•Support on cookbooks/manifests
•Writing it yourself can be difficult
•Some cookbooks/manifests only work
on certain Linux distros
Problems with provisioning

View Slide

•Possible solution for slow provisioning
•Is not the same as vagrant box
repackage
•Use exported box as new base box
•No provisioning required on startup
•Possibility of doing “light” provisioning
instead
Re-distribute current VM
$ vagrant package

View Slide

Multi-machine setup

View Slide

# -‐*-‐ mode: ruby -‐*-‐
# vi: set ft=ruby :
!
!
config.vm.provision "shell", inline: "/usr/bin/apt-‐get update"
config.vm.box = "debian-‐7.1.0"

config.vm.define "web", primary: true do |web|
web.vm.hostname = "web"
web.vm.network :private_network, ip: "192.168.33.10"
web.vm.synced_folder "web/", "/var/www"
web.vm.provision :puppet do |puppet|
puppet.manifest_file = "web.pp"
end
end
!
config.vm.define "db" do |db|
db.vm.hostname = "db"
db.vm.network :private_network, ip: "192.168.33.11"
db.vm.provision :puppet do |puppet|
puppet.manifest_file = "db.pp"
puppet.facter = {
"root_password" => "foo",
}
end
end
end

View Slide

$ vagrant up
Bringing machine 'web' up with 'virtualbox' provider...
Bringing machine 'db' up with 'virtualbox' provider...
[web] Importing base box 'debian-‐7.1.0'...
[web] Matching MAC address for NAT networking...
[web] Setting the name of the VM...
[web] Clearing any previously set forwarded ports...
[web] Creating shared folders metadata...
[web] Clearing any previously set network interfaces...
[web] Preparing network interfaces based on configuration...
[web] Forwarding ports...
[web] -‐-‐ 22 => 2222 (adapter 1)
[web] Booting VM...
[web] Waiting for VM to boot. This can take a few minutes.
[web] VM booted and ready for use!
[web] Configuring and enabling network interfaces...
[web] Mounting shared folders...
[web] -‐-‐ /vagrant
[web] -‐-‐ /var/www
[web] -‐-‐ /tmp/vagrant-‐puppet/manifests
[web] -‐-‐ /tmp/vagrant-‐puppet/modules-‐0
[web] Running provisioner: shell...
[web] Running: inline script
[web] Running provisioner: puppet...
Running Puppet with web.pp...

View Slide

[db] Importing base box 'debian-‐7.1.0'...
[db] Matching MAC address for NAT networking...
[db] Setting the name of the VM...
[db] Clearing any previously set forwarded ports...
[db] Fixed port collision for 22 => 2222. Now on port 2200.
[db] Creating shared folders metadata...
[db] Clearing any previously set network interfaces...
[db] Preparing network interfaces based on configuration...
[db] Forwarding ports...
[db] -‐-‐ 22 => 2200 (adapter 1)
[db] Booting VM...
[db] Waiting for VM to boot. This can take a few minutes.
[db] VM booted and ready for use!
[db] Configuring and enabling network interfaces...
[db] Mounting shared folders...
[db] -‐-‐ /vagrant
[db] -‐-‐ /tmp/vagrant-‐puppet/manifests
[db] -‐-‐ /tmp/vagrant-‐puppet/modules-‐0
[db] Running provisioner: shell...
[db] Running: inline script
[db] Running provisioner: puppet...
Running Puppet with db.pp...

View Slide

Control the machines

View Slide

vagrant up
vagrant ssh
vagrant destroy
vagrant up web
vagrant ssh web
vagrant destroy web
vagrant up db
vagrant ssh db
vagrant destroy db
All VM’s
Primary VM
All VM’s

View Slide

Vagrant up
#FTW

View Slide

Please give me
feedback !
http://joind.in/10535

View Slide

View Slide

Vagrant, Puppet & Chef #FTW - SunshinePHP 2014

Vagrant, Puppet & Chef #FTW - SunshinePHP 2014

Thijs Feryn

More Decks by Thijs Feryn

Other Decks in Technology

Featured

Transcript