Puppet: Infrastructure as Code - IT Pro Forum · 15-02-2011 · Luke Kanies luke@puppetlabs.com...

transcript

Luke Kaniesluke@puppetlabs.comFounder, Puppet Labs

Portland, OregonUSA

Puppet: Infrastructure

as Code

Tuesday, February 15, 2011

How Puppet Works

Define: !"#$%&'(()#*+%,)-./0/#"1)%% ./23'/3)%45'%,)+"32%/%30/($%56%0)./#"52+$"(+%7)#8))2%0)+5'0-)+%8"#$"2%0)'+/7.)%95,'.)+:%;$)+)%95,'.)+%,)6"2)%45'0%"260/+#0'-#'0)%"2%"#+%,)+"0),%+#/#):

Simulate:%!"#$%#$"+%0)+5'0-)%% 30/($<%&'(()#%"+%'2"=')%"2%"#+%/7"."#4%#5%+"9'./#)%,)(.549)2#+<%)2/7."23%45'%#5%#)+#%-$/23)+%8"#$5'#%,"+0'(#"52%#5%45'0%"260/+#0'-#'0):

% Enforce:%&'(()#%-59(/0)+%45'0%% +4+#)9%#5%#$)%,)+"0),%+#/#)%/+%45'%,)6"2)%"#<%/2,%/'#59/#"-/..4%)2650-)+%"#%#5%#$)%,)+"0),%+#/#)%)2+'0"23%45'0%+4+#)9%"+%"2%-59(."/2-):

% Report: &'(()#%>/+$75/0,%0)(50#+%% #0/-?%0)./#"52+$"(+%7)#8))2%-59(52)2#+%/2,%/..%-$/23)+<%/..58"23%45'%#5%?))(%'(%8"#$%+)-'0"#4%/2,%-59(."/2-)%9/2,/#)+:%@2,%8"#$%#$)%5()2%@&A%45'%-/2%"2#)30/#)%&'(()#%8"#$%#$"0,%(/0#4%952"#50"23%#55.+:

>BCADB>C;@;B

EFDDBG;C;@;B

A;BD@;B%@G>%AGEDB@

CB%EHIBD@

SSH0Tuesday, February 15, 2011

Puppet Is Pervasive

Financial

TechnologyEntertainmentWeb

Defense

GPL, written in Ruby

Why does Puppet exist?

Embarrassment

FearTuesday, February 15, 2011

Somebody has to do something, and it's just incredibly pathetic that it has to be us. -- Jerry Garcia

Why didn’t someone else make it?

Sysadmins do too much

Image from http://flickr.com/photos/shirleytwofeathers/2068713495/Tuesday, February 15, 2011

Image from http://flickr.com/photos/kenskritters/2128853769/

Speciation

Sysadmins know too much

Programming SysAdmin

Low-level, non-portable

Assembly commands and files

Abstract, portable

C* Resources

Shell scripts are infrastructure assembly code

* For small values of abstract

It’s not about fewer sysadmins

Would your boss pick:

•The current service quality at a lower price?

•A higher service quality at the current price?

Let’s talk about you

Some questions

•How many of you have written software to manage computers?

Some questions

•How many of you have written software to manage computers?

•How many have published this software?

Developer Sysadmin

Three people

Puppet allows you to bridge that gap

Image from http://www.flickr.com/photos/patrick-smith-photography/2969769911/sizes/o/

#devops

Either you can manage many machines with little

effort

Either you can manage many machines with little

effort

Or you can’t

Model-driven Management

Resource Abstraction Layer (RAL)

Do you really care how rpm works?

Resource Providers

• 29 package types

• Users in NetInfo, useradd, pw

• Builtin support for RHEL, OS X, Solaris, Debian, Ubuntu, Gentoo, SuSE, FreeBSD, and more

Your infrastructure is code

Code is compiledinto a catalog

The client gets a catalog, not code

Least Privilege isin the house

If it’s not in the catalog, it’s not

managed

If it’s not in the catalog, it can’t affect the

system

Compiled Catalogsare a DAG

"Exec[createrepo-PM-RHEL5-noarch]"

"Yumrepo[PM-RHEL5-x86_64]"

"Yumrepo[PM-RHEL5-noarch]"

"Package[postgresql-server]"

"Package[thttpd]"

"File[/var/www/thttpd/html/yum-PM-RHEL5-noarch]""File[/var/www/thttpd/html/yum-PM-RHEL5-x86_64]"

"Exec[rsync-rpmdir-PM-RHEL5-x86_64]"

"Exec[createrepo-PM-RHEL5-x86_64]"

"Postgres::Role[puppet]"

"Exec[rsync-rpmdir-PM-RHEL5-noarch]"

The model gives you more data and more

guarantees

Is this file being managed by Puppet?

Which services will I need to restart if I edit

this file?

Who requires this package?

Classes are modeled

Code or Data?

Multi Node

Use Puppet to create composable configurations and manage the enterprise infrastructure

Define relationships between resources. ! "#$%!&'(()$*!+,'!-).#/)!+,'0!1,-'2)3!4+!/,-)!52633#.#56$#,/3*!3'5%!63!")4!7)08)0!,0!96$6463)*!622,:#/;!+,'!$,!-).#/)!0)26$#,/3%#(3!4)$:))/!0)3,'05)3!6/-!5,/.#;'0)!$%,'36/-3!,.!3)08)03!6$!,/5)<!

Assign resource relationships automatically.!! =,'!56/!$%)/!633#;/!6/-!-)(2,+!5,/.#;'06$#,/3!8#6!&'(()$!963%4,60-*!,0!:#$%!+,'0!,:/!5'3$,1#>)-!?@9A!$,,23<

Via Puppet Dashboard

CustomExternal Source

(CMDB, LDAP, etc.)

Reusable, composable configurations. !! "#$%!&'(()$!+,'!56/!0)B'3)!1,-'2)3!650,33!1'2$#(2)!/,-)3*!#/!:%6$)8)0!5,14#/6$#,/!+,'!/))-*!0)-'5#/;!0)()$#$#8)!$63C3!6/-!)2#1#/6$#/;!)00,0B(0,/)!350#($3<!

9DEDAD7F "FA!7FGHFG D&&!7FGHFG 7F?IGJE=

"FA!7=7EF@7 9DEDAD7F!7=7EF@7 D&&KJ?DEJLM!7=7EF@7

ML9F ML9F

Puppet is Idempotent

Puppet Platform

MCollectivehandlessequencing

Puppet Master

Puppet Dashboard

Puppet AgentFacter

Node 3rd Party Systems

Puppet Module Forge

Modules

How Puppet Manages Data Flow for Individual Nodes

Facts!"#$%&'#$(#%'($%&)*+,-.#'$'+/+$+0&1/$-/(#,2$/&$/"#$3144#/$5+(/#)6

Catalog3144#/$1(#($/"#$7+8/($/&8&*4-,#$+$9+/+,&:$/"+/(4#8-2-#($"&;$/"#$%&'#("&1,'$0#$8&%2-:1)#'6

Report8+%$+,(&$(#%'$'+/+$/&$/"-)'$4+)/<$/&&,(6

Report!"#$%&'#$)#4&)/($0+8=$/&$3144#/$-%'-8+/-%:$/"#$8&%2-:1)+/-&%$-($8&*4,#/#>$;"-8"$-($?-(-0,#$-%$/"#$3144#/$@+("0&+)'6

Report CollectorA3144#/$&)$B)'$4+)/<$/&&,C

PuppetMaster

SSL secure encryption on all data transport

Uses SSL, and provides a Certificate Authority

Image from http://www.flickr.com/photos/piet_musterd/2307596484/sizes/l/Tuesday, February 15, 2011

ralsh - a thin API wrapper

How to use Puppet

The strategic version

Seek the pain

Image from http://www.flickr.com/photos/pagedooley/2147718252/sizes/l/Tuesday, February 15, 2011

Solve the simple problems

Add the infrastructure features you always

wanted

How to use PuppetThe tactical version

Think like Puppet thinks

• Resources, not text snippets or lines added to files

• What resources are you managing?

• How are they related to each other?

Replace Shell Scripts with Resources

Becomes:

Relationships matter but are often implicit

Package

Service

Service should restart whenconfiguration changesConfiguration

Configuration should get modifed after package installation

Explicit Relationships

Relationships provide ordering and notification

"Exec[createrepo-PM-RHEL5-noarch]"

"Yumrepo[PM-RHEL5-x86_64]"

"Yumrepo[PM-RHEL5-noarch]"

"Package[postgresql-server]"

"Package[thttpd]"

"File[/var/www/thttpd/html/yum-PM-RHEL5-noarch]""File[/var/www/thttpd/html/yum-PM-RHEL5-x86_64]"

"Exec[rsync-rpmdir-PM-RHEL5-x86_64]"

"Exec[createrepo-PM-RHEL5-x86_64]"

"Postgres::Role[puppet]"

"Exec[rsync-rpmdir-PM-RHEL5-noarch]"

Classes document Intent

Organize files into modules

Provide platform abstraction

Debian

Red Hat

Provide platform abstraction

Debian

Red Hat

Portability and Naming

Class Membership

Puppet in the cloud

Heavily used in EC2, VMWare, Xen, etc

Golden Image or Foil Ball?

Image from http://www.flickr.com/photos/fungep/2516767121/sizes/l_

pulabs

ppetThe people behind

Puppet

Bad product,hungry Luke

From 3 to 32 people in 18 months

Just launchedPuppet Enterprise

pulabs

Questions?Tuesday, February 15, 2011

Puppet: Infrastructure as Code - IT Pro Forum · 15-02-2011 · Luke Kanies luke@puppetlabs.com...

Documents