developing it infrastructures with puppet

Programmare Infrastrutture IT con PuppetAlessandro Franceschi / Lab42

Infrastructure progressiocum Puppet

Alessandro Franceschi / Lab42CodeMotion 2012 Roma

Creative Commons BY-NC-SA 3.0

IT Infrastructures development with Puppet

From Opsto DevOps

Tempus fugitFlexible... elastic... scalableWhat’s behind these cloudy words?

Panta rei Automation is a matter of survival

Alea iacta estOps like automation!

( since Bourne shell ... )

Errarehumanum estFrom a bunch of custom scripts

to Standard Integrated Tools

Factotum

Have you heard about this Puppet|Chef | CfEngine stuff?

Doctum docesInfrastructure as code

Scripta manent,verba volantServers Infrastructure Change under...

version control!

Repetitia iuvantCode behaves always in the same way:

Consistent setups

Ignorantia legis non excusatCode can be tested.

Infrastructure Code too.

Mastersof Puppet

GratisOpenSource from www.puppetlabs.com

Cui prodest?

Source: www.puppetlabs.com

Divide et ImperaMany Puppet nodes One Puppet Master

ServerUser: puppet

Process: /usr/bin/ruby /usr/sbin/puppetmasterdListen: TCP 0.0.0.0:8140

ClientsUser: rootProcess: /usr/bin/ruby /usr/sbin/puppetd -t

Status Quo

“A declarative language to describe system status”

package { 'openssh-server': ensure => present, before => File['/etc/ssh/sshd_config'], } file { '/etc/ssh/sshd_config': ensure => file, mode => 600, source => '/root/learning-manifests/sshd_config', } service { 'sshd': ensure => running, enable => true, subscribe => File['/etc/ssh/sshd_config'], }

A declarative language

Veni vidi vici

Ex AequoOperating System Abstraction

DeusExMachina

# This File is Managed by Puppet

Mater semper certa est,pater nunquamO: Who changed that file?!

info: Filebucket[/var/lib/puppet/clientbucket]: Adding /etc/resolv.conf(d7fbc1695489ce896d30b7b04d72887c)info: //test/File[/etc/resolv.conf]: Filebucketed /etc/resolv.conf to main with sum d7fbc1695489ce896d30b7b04d72887c

Old file is copied in:/var/lib/puppet/clientbucket/d/7/f/b/c/1/6/9/d7fbc1695489ce896d30b7b04d72887c/content

Enough graphics, show me some

Puppet code!

Nodes definitionsIn Puppet code:/etc/puppet/manifests/site.pp

node 'prod-fep-1' { $status = "prod" include role_fep}

node 'prod-fep-2' { $status = "prod" include role_fep}

node 'test-fep-1' { $status = "test" include role_fep}

node 'dev-fep-1' { $status = "dev" include role_fep}

[...]

On an External Node Classifier (ENC)

The Foreman

Puppet Dashboard

Puppet Enterprise Console

Classes (collections of resources)class role_fep { $role="fep"

include general # We see it in the next slide

include apache include php::pear include php::dev include php::oci8 apache::module { "rewrite": } apache::module { "proxy": templatefile => "proxy.conf.erb" } php::module { "gd": } php::pear::module { "apc": } php::pear::module { "XML_Serializer": use_package => "no" } php::pecl::config { "http_proxy": value => "$proxy_server" } [...]

# Sample custom files file { ‘/data’: ensure => directory, } file { ‘/data/www’: ensure => $::operatingsystem ? { /(?i:Centos|RedHat|Scientific|Fedora)/ => ‘/var/www/html’, /(?i:Debian|Ubuntu|Mint)/ => ‘/var/www’, }, require => File[‘/data’]: }}

Classes ( a baseline common to all nodes ) class general {

include puppet include users include openssh include hosts include resolver include sudo include snmpd include nrpe include munin

case $::operatingsystem { ubuntu,debian: { include apt include exim } centos,redhat: { include yum } default: { } }

}

Modules - Directory layout/etc/puppet/modules/ ($modulepath)

apache/

apache/manifests/ apache/manifests/init.pp apache/manifests/module.pp

apache/lib/ apache/lib/puppet/ apache/lib/puppet/parser/ apache/lib/puppet/parser/functions apache/lib/puppet/provider/ apache/lib/puppet/type/ apache/lib/facter/ apache/templates/

apache/files/

apache/spec/ apache/spec/classes/ apache/spec/defines/

apache/Modulefile

apache/README.md

Puppet Manifests ( code in the Puppet DSL )

Static filesErb Templates (files with dynamic content)

Puppet extensions ( code in Ruby )

One Application, One Module, One class

Rspec tests

Module’s metadata for the Puppet Forge

Modules - Files autoloading

class autofs {

package { autofs: ensure => present, }

service { autofs: ensure => running, enable => true, }

file { "auto.homes": path => “/etc/auto.homes”, source => "puppet://$servername/modules/autofs/auto.homes" }

}

class autofs {

[...]

file { "/etc/auto.master": content => template("autofs/auto.master.erb") }

}

Sourced (static) files are searched in:$modulepath/autofs/files/auto.homes

Templates (Ruby ERB) are searched in:$modulepath/autofs/templates/auto.master.erb

LINKSfor a better living

https://bitly.com/wnvqaN - How to start with Puppet - Useful links

http://puppetlabs.com/community/puppet-camp/ - PuppetCamps

http://www.example42.com/ - Example42 Puppet modules ( disclaimer ;-)

http://docs.puppetlabs.com/ - PuppetLabs documentation

http://planetpuppet.org/ - Planet Puppet - Feeds aggregator

A new language to learnEffectiveness needs practice

If there’s code , there are bugsMake Puppet the Enforcer not the Violator

Discipline in Systems managementMore time to make things done (the first time)

Great Power gives Great Responsibilities

Automated Systems Setups Coherent InfrastructureTrack and History of ChangeInstallations ReplicabilityQuick propagation of changes Aligned Environments for Test/[...]/ProdAutomated monitoring

DO UT DES

ad maiora

Graphics: www.tatlin.net

Questions?

@alvagante