What’s Puppet

Sysadmin en la onda DevOpsDrupal developer

10 años sysadmin3 años con Puppet8 años con Drupal

http://atlantic-canary.nethttp://github.com/jonhattan

@_jonhattan_

Jonathan Araña Cruz (aka jonhattan)

Caballeros

What?● Configuration management● Written in Ruby● Free software (Apache 2.0)● Current version 3.6 - towards 4.0● PuppetLabs, since 2005● Other products

○ Puppet Enterprise○ MCollective

Puppet CLI toolroot@chamber:~# puppet help

Usage: puppet <subcommand> [options] <action> [options]

…

root@chamber:~# puppet help <subcommand>

root@chamber:~# puppet man <subcommand>

=> man puppet-<subcommand>

Index● Resource Abstraction Layer● Puppet Language● Modules● Stored configuration● Puppet Master● Reporting

RAL: Resource types (I)● Resource types: high-level models

○ Some types: package, service, file, user, cron,... ○ Providers: implementers on different systems○ Providers for package: apt, yum, pip, gem, pear,...

● Available resource types○ Puppet built-in reference: http://docs.puppetlabs.

com/references/latest/type.html

○ Cheatsheet: http://docs.puppetlabs.com/puppet_core_types_cheatsheet.pdf

○ Provided by 3rd party modules

root@chamber:~# puppet resource --types

anchoraugeascomputercrondatabasedatabase_grantdatabase_userexecfilefile_linefilebucketfirewallfirewallchaingrouphost

ini_settingini_subsettinginterfacek5loginmacauthorizationmailaliasmaillistmcxmountmysql_databasemysql_grantmysql_usernagios_commandnagios_contactnagios_contactgroup

nagios_hostnagios_hostdependencynetwork_confignetwork_routenotifypackagepostgresql_confrouterschedulescheduled_taskselbooleanselmoduleservicessh_authorized_keysshkey

RAL: Resource types (II)

root@chamber:~# puppet describe -s user

Manage users. This type is mostly built to manage systemusers, so it is lacking some features useful for managing normalusers.

Parameters---------- ensure, expiry, gid, groups, home, keys, managehome, membership, name, password, password_max_age, password_min_age, salt, shell,system, uidProviders--------- aix, directoryservice, hpuxuseradd, ldap, pw, user_role_add, useradd, windows_adsi

RAL: Resource types (III)

RAL: Resources (I)● Resource: instance of a resource type

○ Example: root user, ntp service, vim package,...○ System discovery○ Interactive management via CLI○ Abstraction layer!

RAL: Resources (II)root@chamber:~# puppet resource user --list

user { 'root': ensure => 'present', comment => 'root', gid => '0', home => '/root', password => '$6$szUwrw3k.uAo.', password_max_age => '99999', password_min_age => '0', shell => '/bin/bash', uid => '0',}

user { 'www-data': ensure => 'present', comment => 'www-data', gid => '33', home => '/var/www', password => '*', password_max_age => '99999', password_min_age => '0', shell => '/bin/sh', uid => '33',}

RAL: Resources (III)root@chamber:~# puppet resource user root shell=/bin/dash

Notice: /User[root]/shell: shell changed '/bin/bash' to '/bin/dash'user { 'root': ensure => 'present', shell => '/bin/dash',}

root@chamber:~# puppet resource user root --edit

Index● Resource Abstraction Layer● => Puppet Language● Modules● Stored configuration● Puppet Master● Reporting

Puppet Language (I)● Declarative, Domain Specific Language (DSL)● Purpose of the language:

○ Describe desired state of the system by declaring resources

○ Every other part of the language exists to add flexibility and convenience to the way resources are declared

● Programs are called manifests● A manifest is compiled into a catalog

Example manifest: Hello world root@chamber:~# echo "notify {'hello world': }" > hello-world.pp

root@chamber:~# puppet apply hello-world.pp

Notice: Compiled catalog for chamber.faita.net in environment production in 0.02 seconds

Notice: hello world

Notice: /Stage[main]/Main/Notify[hello world]/message: defined 'message' as 'hello world'

Notice: Finished catalog run in 3.15 seconds

Example manifest: “The trifecta”case $operatingsystem { centos, redhat: { $service_name = 'ntpd' } debian, ubuntu: { $service_name = 'ntp' }}package { 'ntp': ensure => installed,}service { 'ntp': name => $service_name, ensure => running, enable => true, subscribe => File['ntp.conf'],}file { '/etc/ntp.conf': ensure => file, require => Package['ntp'], source => 'puppet:///modules/ntp/ntp.conf',}

Puppet Language (II)● Some language constructs

○ Nodes○ Classes○ Defines○ Variables, Conditionals○ Dependency relationships○ Anchors, tags, collectors, run-stages,...

Nodes● Block of code included in one node’s catalog● ENC● Ref: http://docs.puppetlabs.com/puppet/latest/reference/lang_node_definitions.html

# site.pp

node 'foo.example.com' {

...

}

node '/^(bar|baz)\.example\.net$/' {

...

}

Classes (I)● Block of code to group resources● Parameterized● Singleton● Ref : http://docs.puppetlabs.com/puppet/latest/reference/lang_classes.html

Classes (II)# file: ntp.pp

class ntp ($ntpserver = ‘one.pool.ntp.org’,) { package { 'ntp': … } service { 'ntp': … } file {'/etc/ntp.conf': … }}

# file: manifest.pp

import ntp.pp

# Include the class.include ntp

# Alternatively this way you can override paramsclass {‘ntp’: ntpserver => ‘other.pool.ntp.org’}

# puppet apply manifest.pp

Defines (I)● Blocks of code that can be evaluated multiple

times with different parameters● Once defined, they act like a new

(compound) resource type

Defines (II)define apache::vhost ($port, $docroot, $servername = $title, $vhost_name = '*') {

include apache # contains Package['httpd'] and Service['httpd']

include apache::params # contains common config settings

$vhost_dir = $apache::params::vhost_dir

file { "${vhost_dir}/${servername}.conf":

content => template('apache/vhost-default.conf.erb'),

owner => 'www',

group => 'www',

mode => '644',

require => Package['httpd'],

notify => Service['httpd'],

}

}

Puppet Language (III)● Other related components

○ Functions○ Facter○ Hiera

● Language reference: http://docs.puppetlabs.com/puppet/latest/reference/index.html

Functions● Implemented in ruby● Enrich puppet language with handy features● Examples:

○ include○ template()

● Built-in functions: http://docs.puppetlabs.com/references/latest/function.html

● Puppet stdlib: https://github.com/puppetlabs/puppetlabs-stdlib

● Custom: http://docs.puppetlabs.com/guides/custom_functions.html

Facts● System information, available as “global variables” in

manifestsroot@chamber:~# facter

architecture => amd64fqdn => chamber.faita.nethostname => chamberinterfaces => eth0,loipaddress => 10.0.0.2ipaddress_eth0 => 10.0.0.2ipaddress_lo => 127.0.0.1is_virtual => truekernel => Linuxkernelmajversion => 3.2lsbdistcodename => wheezy

lsbdistid => Debianlsbdistrelease => 7.5lsbmajdistrelease => 7osfamily => Debianprocessor0 => Intel(R) Core(TM) i7-3770 CPU @ 3.40GHzprocessor1 => Intel(R) Core(TM) i7-3770 CPU @ 3.40GHzprocessorcount => 2puppetversion => 3.6.0virtual => xenu

Hiera (I)● Key/value lookup tool for configuration data● Hierarchical● Avoid repetition

○ Write common data for most nodes○ Override some values for nodes with a specific role○ Override some of those values for one or two unique

nodes● Ref: http://docs.puppetlabs.com/hiera/1/

Hiera (II)# file /etc/hiera.yaml

---:backends: - yaml:yaml: :datadir: /etc/puppet/hiera:hierarchy: - "os/%{lsbdistid}" - "groups/%{::domain}" - "node/%{::fqdn}" - common

# Files in /etc/puppet/hiera/

os/RedHat.yamlos/Debian.yaml

groups/example.net.yamlgroups/example.com.yaml

hiera/nodes/bar.example.com.yamlhiera/nodes/baz.example.net.yamlhiera/nodes/foo.example.com.yaml

Hiera (III)# os/RedHat.yaml

packages: - httpd

# os/Debian.yaml

packages: - apache2

# nodes/foo.example.com.yaml

packages: - apache2-mpm-itk

Index● Resource Abstraction Layer● Puppet Language● => Modules● Stored configuration● Puppet Master● Reporting

Modules (I)● Self-contained bundles of code and data● Manifests, classes, defines, files, templates,

functions, tests,...● Directory tree: MODULENAME/manifests/

MODULENAME/files/MODULENAME/templates/MODULENAME/lib/MODULENAME/facts.d/MODULENAME/tests/MODULENAME/spec/

Modules (II)● Best practices / well-known patterns● Ref: http://docs.puppetlabs.com/puppet/latest/reference/modules_fundamentals.html

● Puppet forge: https://forge.puppetlabs.com

● CLI subcommand: puppet module install puppetlabs/mysql

● Librarian: https://github.com/rodjek/librarian-puppet

Index● Resource Abstraction Layer● Puppet Language● Modules● => Stored configuration● Puppet Master● Reporting

Stored configuration● Centralized store of puppet-produced data

○ Nodes, resources, relationships, facts○ Catalog run log

● Exported resources● Inventory service: http://docs.puppetlabs.com/guides/inventory_service.

html

● Active Record (sql backends)● PuppetDB: http://docs.puppetlabs.com/puppetdb/2.0/index.html

Index● Resource Abstraction Layer● Puppet Language● Modules● Stored configuration● => Puppet Master● Reporting

Puppet Master● Pull-based agent/master mode● REST API● Master stores manifests● Agent requests its catalog to the master● Ref: http://docs.puppetlabs.com/learning/agent_master_basic.html

Standalone (puppet apply site.pp)

Index● Resource Abstraction Layer● Puppet Language● Modules● Nodes, ENC● Store configs, PuppetDB● Puppet Master● => Reporting

Reporting (I)● Agent send reports at the end of every run

○ Logs○ Metrics: time, resources, changes

● Report handlers: http, log, tagmail● Ref: http://docs.puppetlabs.com/references/latest/report.html

● Puppet Dashboard: web interface○ web interface: node classification and reporting

feature○ Ref: https://github.com/sodabrew/puppet-dashboard

Reporting (II)

Questions?