Puppet at GitHub (PuppetCamp Raleigh 2013)

and other adventures in ChatOps
Puppet at GitHub

View Slide

@wfarr
GitHub Operations
Known Aliases: King of Kebabs
The Computer Guy
Mr. RealTalk
Probably a delinquent

View Slide

The State of Puppet at GitHub


View Slide

 The State of Puppet at GitHub
boxen/puppet-*


View Slide

~1 YEAR OLD

View Slide

OPEN SOURCED 3 MONTHS AGO

View Slide

~180 PUBLIC MODULES

View Slide

2 EXTERNAL MAINTAINERS
@fromonesrc @JHaals

View Slide

THE STACK


View Slide

PUPPET 3.2


View Slide

MASTER-LESS


View Slide

RUBY 1.8.7


View Slide

RUN MANUALLY


View Slide

github/puppet


View Slide

~5 YEARS OLD

View Slide

2010
2011
2012
2013

View Slide

CODE COMMITS

View Slide

CODE ADDITIONS

View Slide

CODE DELETIONS

View Slide

CONTRIBUTIONS (PAST YEAR)
~2k commits
~150 commits

View Slide

CONTRIBUTIONS (PAST YEAR)
~23% of all commits

View Slide

AN AVERAGE WEEK
About 50 Pull Requests and 25 Issues comprising
300 commits across 24 authors


View Slide

THE STACK


View Slide

PUPPET 2.7.GITHUB


View Slide

SINGLE PUPPETMASTER


View Slide

RUBY 1.8.7


View Slide

RUN VIA CRON JOB


View Slide

PUPPETDB


View Slide

CUSTOM NODE DEFINITIONS


View Slide

How GitHub writes Puppet


View Slide

 How GitHub Writes Puppet
PUPPETLABS/STDLIB

View Slide

PARAMETER VALIDATION

View Slide

class redis::server(
$data_dir = '/var/lib/redis',
$manage_service = false,
$package = 'redis-server'
) {
validate_bool($manage_service)
validate_absolute_path($data_dir)
validate_re($package, '^redis2?-server$',
"Redis::Server[${name}]: package must be either redis-server or redis2-server: $
{package}")
}

View Slide

DATA MUNGING

View Slide

define ruby::version(
$env = {}
) {
$default_environment = {
'CC' => 'clang',
'CFLAGS' => '-O2'
}
$ruby_build_environment = merge($default_environment, $env)
exec { "install ruby version ${name}":
environment => join_keys_to_values($ruby_build_environment, '=')
}
}

View Slide

RESOURCE HANDLING

View Slide

class redis::server(
$data_dir = '/var/lib/redis'
) {
if ! defined_with_params(User[redis], { ensure => 'present' }) {
user { 'redis': ensure => 'present', group => 'redis' }
}
}

View Slide

$latest_tcs_version = "${::ruby::root}/versions/1.9.3-p231-tcs-github-1.0.30"
$tcs_alias = "${::ruby::root}/versions/1.9.3-p231-tcs-github"
$desired_params = {
'ensure' => 'link',
'target' => $latest_tcs_version,
'force' => true
}
File {
ensure => link,
target => $latest_tcs_version,
force => true
}
ensure_resource('file', $tcs_alias, $desired_params)

View Slide

GITHUB::ROLE::*

View Slide

NODE CONFIGURATION

View Slide

node /^github-redis\d+[a-z]?-rs1-prd.iad.github.net$/ {
class { 'github::role::redis':
env => 'production',
private_ipv4 => $::ipaddress,
}
}

View Slide

ROLE CONFIGURATION

View Slide

class github::role::redis($env, $private_ipv4) {
validate_re($env, '^(vagrant|staging|production)$')
validate_re($private_ipv4, '^\d+\.\d+\.\d+\.\d+$')
$monitor = $env ? { 'production' => true, default => false }
class {
'github::core':
monitor => $monitor,
private_address => $private_ipv4 ;
'redis::server':
bind_address => $private_ipv4,
monitor => $monitor ;
}
}

View Slide


ABSTRACTION
How GitHub Writes Puppet

View Slide

class github::core($monitor) {
include github::common_packages
include github::staff
class {
'github::ssh':
monitor => $monitor ;
'github::ipv6':
ensure => absent ;
}
}

View Slide

class github::ipv6($ensure = present) {
if $::lsbdistcodename != 'squeeze' {
file { '/etc/modprobe.d/ipv6':
ensure => $ensure,
mode => '0444',
source => 'puppet:///modules/github//etc/modprobe.d/ipv6',
}
} else {
$value = $ensure ? { present => 0, default => 1 }
sysctl { 'net.ipv6.conf.all.disable_ipv6':
value => $value,
}
}
}

View Slide


AUGEAS

View Slide

class redis::server($bind_address, $data_dir, $monitor, $port) {
redis::config {
'dir':
value => $data_dir,
require => File[$data_dir];
'bind':
value => $bind_address;
'port':
value => $port;
'daemonize':
value => 'yes';
}
}

View Slide

define redis::config($value, $ensure = present) {
validate_re($ensure, '^(present|absent)$')
$changes = $ensure ? { present => "set ${name} ${value}", default => "rm ${name}" }
augeas { "Set Redis config '${name}' to '${value}'":
changes => $changes,
context => '/files/etc/redis/redis.conf',
lens => 'Redis.lns',
incl => '/etc/redis/redis.conf',
require => File['/etc/redis/redis.conf']
}
}

View Slide

CODE SHARE

View Slide


LIBRARIAN-PUPPET

View Slide


HENSON

View Slide

How GitHub deploys Puppet


View Slide

KEEP IT CLEAN
 How GitHub Deploys Puppet

View Slide

rodjek/puppet-lint


View Slide

KEEP IT GREEN

View Slide

rodjek/rspec-puppet


View Slide

tmm1/test-queue


View Slide

KEEP IT LEAN

View Slide

$ git commit -am "can't lint this"
modules/github/manifests/role/redis.pp: syntax ok
modules/github/manifests/role/redis.pp - WARNING: => is not properly aligned on line 118
1 errors found, aborting commit.

View Slide


View Slide

CHATOPS

View Slide

/puppet env worker
#=>
worker1.rs.github.com: production

View Slide

/puppet run worker2
#=> Running puppet on worker2.rs.github.com/production

View Slide

/puppet noop feature_branch worker2
#=> Running puppet on worker2.rs.github.com/feature_branch --noop

View Slide

/puppet force feature_branch worker2
#=> Running puppet on worker2.rs.github.com/feature_branch

View Slide

/puppet disable worker2
#=> Disabling puppet on worker2.rs.github.com

View Slide

/puppet enable worker2
#=> Disabling puppet on worker2.rs.github.com

View Slide

/puppet last_run worker2

View Slide

/puppet certs
#=>
"wills-macbook-pro.local" (A4:5B:AC:B9:E1:85:8B:2B:0E:8B:62:F9:03:32:C9:03)

View Slide

The Future of Puppet at GitHub


View Slide

boxen/puppet-*



View Slide

SHELL "REMEMBER TO RUN" SUPPORT


View Slide

You haven't run Boxen in over a week. =(
We really recommend running Boxen regularly. It's way better that way!
Do you want to run boxen now? (y/N) y
# boxen
Updating Boxen.
...


View Slide

OPT-OUT


View Slide

touch $HOME/.boxen-never-prompt-for-updates


View Slide

PUPPETMASTER SUPPORT


View Slide

OPT-IN ONLY


View Slide

HIERA SUPPORT


View Slide

"uncomfortunities"


View Slide

UBUNTU SUPPORT


View Slide

UBUNTU PRECISE


View Slide

github/puppet



View Slide

RUBY 1.9.3


View Slide

PUPPET 3.X


View Slide

GPANEL: ENC


View Slide


lol censored

View Slide

MCOLLECTIVE


View Slide

REPLACING PARTS OF GITHUB/SHELL


View Slide

STRUCTURED DATA > SED/AWK


View Slide

HIERA


View Slide

THANKS
speakerdeck.com/wfarr/
puppet-at-github-
puppetcamp-raleigh-2013

View Slide

Puppet at GitHub (PuppetCamp Raleigh 2013)

Puppet at GitHub (PuppetCamp Raleigh 2013)

Will Farrington

More Decks by Will Farrington

Other Decks in Technology

Featured

Transcript