puppet camp dc: puppet for everybody
DESCRIPTION
Puppet Camp DC: "Puppet for Everybody" by Christopher Bowles, University of Texas at AustinTRANSCRIPT
Puppet for Everybody!Federated and Hierarchical
Puppet Enterprise
Chris Bowles, Senior Systems Administrator
University of Texas at Austin
Everybody? Absolutely!• Development• Operations• Management
source: http://goo.gl/Mjr0dy
Continuum of Expertise
Novice• Puppet Console• Variables
Medium• Hiera
Expert• Code
Puppet as a Service
UT Puppet API
(standards, culture)
Code/DataFederation
Puppet Enterprise
HierarchicalConfigs
Centrally Managed / Maintained
Puppet as as Service
DB groupWeb group
Foogroup
Standard Puppet API
Puppet Console Configured Server!
Class
ConsoleVariable(string)
Hiera Variable(complex)
Shared culture
Hierarchical Configurations
Node-level
Business Group(s)
Defaults Enterprise
Database
Node
Web
• Shared area = business logic
• All configs in groups
• Plug and play
Federation (of control)• United States of Puppet
mysql
oracle
Enforce Broad configs
at “Federal Level”
Set specific configs at
“State Level”
source: http://goo.gl/22neR7
Puppet as a Service (at UT)
• Code or contentApps
• i.e. ApacheServices• secure• standardized• configurableBASE
Roles / Profiles
Building Blocks
source: http://goo.gl/CHwab0
Puppet Console components• Classes
• Variables
• Group(s)
• Nodes
ssh
$::ssh_listenport
Database
dbserver-01
Puppet Console Group Nesting!
source: http://goo.gl/tUdl5U
Class Inheritance (immutable)
BASE group assigns: ssh
FOO group inherits: ssh assigns: syslog
nodeInherits: ssh, syslog
Variable Inheritance (child wins)
Base groupssh_listenport = 22
Foo groupssh_listenport = 72
node1ssh_listenport = 72
Foo2 groupssh_listenport = 99
node2ssh_listenport = 99
All together now!
source: http://goo.gl/K91CJA
BASE group
Classes: ssh
Variable:
ssh_listenport => 22
DB group
Classes: mysql
Variables: ssh_listenport => 99
db-server (node)
Classes: ssh , mysql
Variables:
ssh_port => 99 (from DB group)
Classes: additive
VariablesClosest to the node wins
ENC node: RSOP
Mysql class from DB group)
Ssh class from ALL group
Ssh_port override from DB group (2222)
List of all the groups that the node belongs to.
Hierarchy is implied via the Source attr. See ALL group.
Puppet Console:Building a federated hierarchy
Subgroup
Group
Top BASE
group_foo
sub_bar
group_db
sub_mysql sub_oracle
What’s in a name?
Puppet Console will display: (alphabetical)• BASE• group_db• group_foo• subgroup_bar• subgroup_mysql• subgroup_oracle
A Little more about Console Variables…
class
Console variable
Config
Console Variables =top level Variables ($::foo)• init.pp
• params.pp
One more level: Hiera
source: http://goo.gl/3tfaVi
Hiera: used for complex variables
key: value
key2: value2
• Arrays • Hashes
source: http://goo.gl/ge45I1
Hiera:Building a federated hierarchy
Subgroup
Group
Top BASE
group_foo
sub_bar
group_db
sub_mysql sub_oracle
Creating hiera directory-based hierarchieswith console variables
Subgroup(s)• ./$group/$sub
Group(s)• ./$group/
Top• ./
(no variable)
$group
$sub
Broadto
Specific
Hiera.yaml – rubber, meet road
Top• ./common.yaml
Group(s)• ./$group/
common.yaml
Subgroup(s)• ./$group/$sub/
common.yaml‘%{group}/%{sub}/common’
‘%{group}/common’
‘common’
SpecificTo
Broad
Console Groups map to HieraNested Console Groups
Variables(above the waterline)
Hiera(below the waterline)
BASE(no variable required)
Foogroup = foo
Barsub = bar
./
./foo/
./foo/bar/
Putting it together!
Nested Console GroupVariable
Hiera (files based on hiera.yaml)
DBgroup = db
MySQLsub = mysql
./db/
./db/mysql/
mysql nodedept=db, svc= mysql
BASE(no variables) ./
Hiera search path for mysql node:1. ./common.yaml2. ./db/common.yaml3. ./db/mysql/common.yaml
Advanced Hiera Usage• “This data is exactly what I need… almost”• firewall, sudoers• +1
• Check out: – hiera_hash – hiera_array
Code/Data Federation
Puppet Classes/Data
Subgroup source
Groupsource
BASEsource
Code Federation
puppet.conf
modulepath=
/opt/puppet/modules/base:
/opt/puppet/modules/group:
/opt/puppet/modules/sub:
BASE Repo
Group Repo
Subgroup Repo
VCSREPO
Data Federation (via VCSREPO)
• ./hieradata/ =
./common.yaml
./$group/common.yaml
./$group/$sub/common.yaml
BASERepo
groupRepo
subgroupRepo
VCSREPO
Puppet Class Namespaces• Namespaces prevent class collisions• ${group}_name• Examples:
– base_ssh– db_ssh– mysql_ssh
A peek into the future…
source: http://goo.gl/9GwKyQ
Git Workflow• Instead of this… • 1 git repo / module
Core SVN repo(modules)
Group SVN repo(modules)
Head (production) branch
Non-production branches (created as needed)
CI/CD• r10k push deployments (faster!)• Puppet Environments defined by code (Puppetfile)• Automated Testing
Git repos
r10k
Puppet
Takeaways!• “Puppet as a Service” – Can provide
hierarchical/federated configuration management as a service by building on top of Puppet Enterprise
• Hierarchical Configs: building blocks that match organizational structure, plug and play
• Federation: Empowering users at all levels of the enterprise
Thanks! Any Questions?• Note: slide deck available from PuppetLabs
• Contact information:– Chris Bowles
• Email: [email protected]