Date post: | 27-Aug-2014 |
Category: |
Software |
Upload: | fl-jonathan-arana-cruz |
View: | 372 times |
Download: | 0 times |
What’s Puppet
Sysadmin en la onda DevOpsDrupal developer
10 años sysadmin3 años con Puppet8 años con Drupal
http://atlantic-canary.nethttp://github.com/jonhattan
@_jonhattan_
Jonathan Araña Cruz (aka jonhattan)
Caballeros
What?● Configuration management● Written in Ruby● Free software (Apache 2.0)● Current version 3.6 - towards 4.0● PuppetLabs, since 2005● Other products
○ Puppet Enterprise○ MCollective
Puppet CLI toolroot@chamber:~# puppet help
Usage: puppet <subcommand> [options] <action> [options]
…
root@chamber:~# puppet help <subcommand>
root@chamber:~# puppet man <subcommand>
=> man puppet-<subcommand>
Index● Resource Abstraction Layer● Puppet Language● Modules● Stored configuration● Puppet Master● Reporting
RAL: Resource types (I)● Resource types: high-level models
○ Some types: package, service, file, user, cron,... ○ Providers: implementers on different systems○ Providers for package: apt, yum, pip, gem, pear,...
● Available resource types○ Puppet built-in reference: http://docs.puppetlabs.
com/references/latest/type.html
○ Cheatsheet: http://docs.puppetlabs.com/puppet_core_types_cheatsheet.pdf
○ Provided by 3rd party modules
root@chamber:~# puppet resource --types
anchoraugeascomputercrondatabasedatabase_grantdatabase_userexecfilefile_linefilebucketfirewallfirewallchaingrouphost
ini_settingini_subsettinginterfacek5loginmacauthorizationmailaliasmaillistmcxmountmysql_databasemysql_grantmysql_usernagios_commandnagios_contactnagios_contactgroup
nagios_hostnagios_hostdependencynetwork_confignetwork_routenotifypackagepostgresql_confrouterschedulescheduled_taskselbooleanselmoduleservicessh_authorized_keysshkey
RAL: Resource types (II)
root@chamber:~# puppet describe -s user
Manage users. This type is mostly built to manage systemusers, so it is lacking some features useful for managing normalusers.
Parameters---------- ensure, expiry, gid, groups, home, keys, managehome, membership, name, password, password_max_age, password_min_age, salt, shell,system, uidProviders--------- aix, directoryservice, hpuxuseradd, ldap, pw, user_role_add, useradd, windows_adsi
RAL: Resource types (III)
RAL: Resources (I)● Resource: instance of a resource type
○ Example: root user, ntp service, vim package,...○ System discovery○ Interactive management via CLI○ Abstraction layer!
RAL: Resources (II)root@chamber:~# puppet resource user --list
user { 'root': ensure => 'present', comment => 'root', gid => '0', home => '/root', password => '$6$szUwrw3k.uAo.', password_max_age => '99999', password_min_age => '0', shell => '/bin/bash', uid => '0',}
user { 'www-data': ensure => 'present', comment => 'www-data', gid => '33', home => '/var/www', password => '*', password_max_age => '99999', password_min_age => '0', shell => '/bin/sh', uid => '33',}
RAL: Resources (III)root@chamber:~# puppet resource user root shell=/bin/dash
Notice: /User[root]/shell: shell changed '/bin/bash' to '/bin/dash'user { 'root': ensure => 'present', shell => '/bin/dash',}
root@chamber:~# puppet resource user root --edit
Index● Resource Abstraction Layer● => Puppet Language● Modules● Stored configuration● Puppet Master● Reporting
Puppet Language (I)● Declarative, Domain Specific Language (DSL)● Purpose of the language:
○ Describe desired state of the system by declaring resources
○ Every other part of the language exists to add flexibility and convenience to the way resources are declared
● Programs are called manifests● A manifest is compiled into a catalog
Example manifest: Hello world root@chamber:~# echo "notify {'hello world': }" > hello-world.pp
root@chamber:~# puppet apply hello-world.pp
Notice: Compiled catalog for chamber.faita.net in environment production in 0.02 seconds
Notice: hello world
Notice: /Stage[main]/Main/Notify[hello world]/message: defined 'message' as 'hello world'
Notice: Finished catalog run in 3.15 seconds
Example manifest: “The trifecta”case $operatingsystem { centos, redhat: { $service_name = 'ntpd' } debian, ubuntu: { $service_name = 'ntp' }}package { 'ntp': ensure => installed,}service { 'ntp': name => $service_name, ensure => running, enable => true, subscribe => File['ntp.conf'],}file { '/etc/ntp.conf': ensure => file, require => Package['ntp'], source => 'puppet:///modules/ntp/ntp.conf',}
Puppet Language (II)● Some language constructs
○ Nodes○ Classes○ Defines○ Variables, Conditionals○ Dependency relationships○ Anchors, tags, collectors, run-stages,...
Nodes● Block of code included in one node’s catalog● ENC● Ref: http://docs.puppetlabs.com/puppet/latest/reference/lang_node_definitions.html
# site.pp
node 'foo.example.com' {
...
}
node '/^(bar|baz)\.example\.net$/' {
...
}
Classes (I)● Block of code to group resources● Parameterized● Singleton● Ref : http://docs.puppetlabs.com/puppet/latest/reference/lang_classes.html
Classes (II)# file: ntp.pp
class ntp ($ntpserver = ‘one.pool.ntp.org’,) { package { 'ntp': … } service { 'ntp': … } file {'/etc/ntp.conf': … }}
# file: manifest.pp
import ntp.pp
# Include the class.include ntp
# Alternatively this way you can override paramsclass {‘ntp’: ntpserver => ‘other.pool.ntp.org’}
# puppet apply manifest.pp
Defines (I)● Blocks of code that can be evaluated multiple
times with different parameters● Once defined, they act like a new
(compound) resource type
Defines (II)define apache::vhost ($port, $docroot, $servername = $title, $vhost_name = '*') {
include apache # contains Package['httpd'] and Service['httpd']
include apache::params # contains common config settings
$vhost_dir = $apache::params::vhost_dir
file { "${vhost_dir}/${servername}.conf":
content => template('apache/vhost-default.conf.erb'),
owner => 'www',
group => 'www',
mode => '644',
require => Package['httpd'],
notify => Service['httpd'],
}
}
Puppet Language (III)● Other related components
○ Functions○ Facter○ Hiera
● Language reference: http://docs.puppetlabs.com/puppet/latest/reference/index.html
Functions● Implemented in ruby● Enrich puppet language with handy features● Examples:
○ include○ template()
● Built-in functions: http://docs.puppetlabs.com/references/latest/function.html
● Puppet stdlib: https://github.com/puppetlabs/puppetlabs-stdlib
● Custom: http://docs.puppetlabs.com/guides/custom_functions.html
Facts● System information, available as “global variables” in
manifestsroot@chamber:~# facter
architecture => amd64fqdn => chamber.faita.nethostname => chamberinterfaces => eth0,loipaddress => 10.0.0.2ipaddress_eth0 => 10.0.0.2ipaddress_lo => 127.0.0.1is_virtual => truekernel => Linuxkernelmajversion => 3.2lsbdistcodename => wheezy
lsbdistid => Debianlsbdistrelease => 7.5lsbmajdistrelease => 7osfamily => Debianprocessor0 => Intel(R) Core(TM) i7-3770 CPU @ 3.40GHzprocessor1 => Intel(R) Core(TM) i7-3770 CPU @ 3.40GHzprocessorcount => 2puppetversion => 3.6.0virtual => xenu
Hiera (I)● Key/value lookup tool for configuration data● Hierarchical● Avoid repetition
○ Write common data for most nodes○ Override some values for nodes with a specific role○ Override some of those values for one or two unique
nodes● Ref: http://docs.puppetlabs.com/hiera/1/
Hiera (II)# file /etc/hiera.yaml
---:backends: - yaml:yaml: :datadir: /etc/puppet/hiera:hierarchy: - "os/%{lsbdistid}" - "groups/%{::domain}" - "node/%{::fqdn}" - common
# Files in /etc/puppet/hiera/
os/RedHat.yamlos/Debian.yaml
groups/example.net.yamlgroups/example.com.yaml
hiera/nodes/bar.example.com.yamlhiera/nodes/baz.example.net.yamlhiera/nodes/foo.example.com.yaml
Hiera (III)# os/RedHat.yaml
packages: - httpd
# os/Debian.yaml
packages: - apache2
# nodes/foo.example.com.yaml
packages: - apache2-mpm-itk
Index● Resource Abstraction Layer● Puppet Language● => Modules● Stored configuration● Puppet Master● Reporting
Modules (I)● Self-contained bundles of code and data● Manifests, classes, defines, files, templates,
functions, tests,...● Directory tree: MODULENAME/manifests/
MODULENAME/files/MODULENAME/templates/MODULENAME/lib/MODULENAME/facts.d/MODULENAME/tests/MODULENAME/spec/
Modules (II)● Best practices / well-known patterns● Ref: http://docs.puppetlabs.com/puppet/latest/reference/modules_fundamentals.html
● Puppet forge: https://forge.puppetlabs.com
● CLI subcommand: puppet module install puppetlabs/mysql
● Librarian: https://github.com/rodjek/librarian-puppet
Index● Resource Abstraction Layer● Puppet Language● Modules● => Stored configuration● Puppet Master● Reporting
Stored configuration● Centralized store of puppet-produced data
○ Nodes, resources, relationships, facts○ Catalog run log
● Exported resources● Inventory service: http://docs.puppetlabs.com/guides/inventory_service.
html
● Active Record (sql backends)● PuppetDB: http://docs.puppetlabs.com/puppetdb/2.0/index.html
Index● Resource Abstraction Layer● Puppet Language● Modules● Stored configuration● => Puppet Master● Reporting
Puppet Master● Pull-based agent/master mode● REST API● Master stores manifests● Agent requests its catalog to the master● Ref: http://docs.puppetlabs.com/learning/agent_master_basic.html
Standalone (puppet apply site.pp)
Index● Resource Abstraction Layer● Puppet Language● Modules● Nodes, ENC● Store configs, PuppetDB● Puppet Master● => Reporting
Reporting (I)● Agent send reports at the end of every run
○ Logs○ Metrics: time, resources, changes
● Report handlers: http, log, tagmail● Ref: http://docs.puppetlabs.com/references/latest/report.html
● Puppet Dashboard: web interface○ web interface: node classification and reporting
feature○ Ref: https://github.com/sodabrew/puppet-dashboard
Reporting (II)
Questions?