Date post: | 15-Jul-2015 |
Category: |
Technology |
Upload: | glynnfoster |
View: | 802 times |
Download: | 1 times |
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Managing Solaris Systems with Puppet
Glynn Foster, Product ManagerOracle Solaris Core Technologies
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
3
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
The Nirvana of Enterprise Cloud Computing
• Increasing business responsiveness and agility
– Rapid resource & application provisioning
– Seamless scale up and scale out
• Enabling self-service computing– Better capacity planning and asset utilization
– Centralized monitoring and reporting
• Ensuring security and compliance
– Reduce costs due to human error
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Virtualization Drives Management Costs
5
0
10
20
30
40
50
60
70
80
90
$0
$50
$100
$150
$200
$250
$300
'96 '97 '98 '99 '00 '01 '02 '03 '04 '05 '06 '07 '08 '09 '10 '11 '12 '13
Servers (M)Spending ($B)
Physical Servers (M)
Virtual Servers (M)
Management & Administration
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
What is Puppet?
• Open source configuration management
– Written in Ruby
– Licensed under Apache License 2.0
• Defines and enforces configuration state– Ensures consistency and dependability
– Optimized for complete software lifecycle
• Scales to cloud environments
–Automation on a huge scale
–Easily extensible
6
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
How Does it Work?
Client collects dataabout itself using Facts1
8
3Master compiles a catalogbased on data for how theclient should be configured
2 Client sends factsto Puppet master
4Master sends catalogback to client
5Client configures itselfand reports back to master
Puppet Master
Puppet Agents
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 9
Puppet Master
Puppet Agents
Puppet Agent / Master
Puppet Agents
Puppet Agent / Master
Puppet Agents
Puppet Master
Scaling to the Enterprise
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
• Co-engineered with Oracle hardware and software stack
• Highest performance with Software in Silicon
Oracle Solaris – Best for Enterprise
• Full VM lockdown
• Automated compliance monitoring and reporting
• Agile self-serviceenvironments
• Application driven SDN
• Engineered for mission critical workloads
• Zero overhead virtualization
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Puppet in Oracle Solaris
• Native IPS Package
– Single package for Agent and Master
• Integrated with SMF
– Automatic service restart
– Puppet configuration through SMF stencils
• New resources for different OS features
– Packaging, Networking, SMF
11
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Getting Started with Puppet
• Install Puppet Master/Agent# pkg install puppet
• Recommended: Ensure time synchronizationbetween master and agents
12
IPS Server
Puppet, Facterand dependencies
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Getting Started with Puppet
• Configure Puppet master# svccfg -s puppet:master setprop config/server = master.fqdn.com
# svccfg -s puppet:master refresh
# svcadm enable puppet:master
• Configure Puppet agent# svccfg -s puppet:agent setprop config/server = master.fqdn.com
# svccfg -s puppet:agent refresh
13
Puppet Master
Puppet Agent
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Getting Started with Puppet
• Create SSL keys/certs and test connection on agent# puppet agent --test --server master.fqdn.com
• List and sign SSL cert on master# puppet cert list
# puppet cert sign agent.fqdn.com
• Re-test and start agent# puppet agent --test --server master.fqdn.com
# svcadm enable puppet:agent
14
Puppet Master
Puppet Agent
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Puppet Resources, Types and Manifests
• Resources are used to model system configuration
For example:
A package that should be installedA service that should be enabled A file that should be created
• Puppet’s Resource Abstraction Layer (RAL) consists of– High level model called a type
– A platform specific implementation called a provider
• Administrator write manifests to declare resources andtheir state using a declarative language
15
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Solaris Resources Types
• Software lifecycle
– boot_environment
– package *
– pkg_facet
– pkg_mediator
– pkg_publisher
– pkg_variant
• Data management
– zfs *
– zpool *
• Service and configuration
– service *
– svccfg
• Name services– dns
– ldap
– nis
– nsswitch
• Virtualization
– zone *
16
* Upstream in Puppet community
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Solaris Resources Types
• Datalinks
– address_object
– address_properties
– etherstub
– ip_tunnel
– link_aggregation
– link_properties
– vnic
– solaris_vlan
• IP
– interface_properties
– ip_interface
– vni_interface
• Users/groups
– user *
– group *
• Other– file *
– exec *
17
* Upstream in Puppet community
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Resource Declarations
file { ‘/etc/passwd’:
ensure => file,
owner => ‘root’,
group => ‘root’,
mode => ‘0600’,
}
type { ‘title’:
attribute => value,
}
18
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Puppet Site Manifest
• Located in /etc/puppet/manifests/site.pp
– Can centrally define resources for all clients
– Split out specific functionality using classes and modules
– Test using puppet apply --noop (masterless)
• Define desired end state goal
For example, to ensure a non-global zone is running:zone { 'myzone':
ensure => 'running',
zonecfg_export => ’zonecfg.txt',
}
21
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Puppet Configuration with SMF Stencils
• Puppet configuration is managed through SMF
– Make changes to master and agent in SMF
– Automatically synchronizes /etc/puppet/puppet.conf
# svccfg -s puppet:master setprop config/<option> = <value>
# svccfg -s puppet:master refresh
24
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Puppet Environments with SMF Service Instances
25
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Good Puppet Practices
• A good approach to adopting Puppet
– Start with master-less mode
– Store configuration state in version control (GIT/Mercurial/SVN)
– Separate data from the code in manifests (Hiera)
– Transition to agent/master mode
• Use iterative process to develop
– Dev Ops!
• Take advantage of Puppet Forge– Lots of help from upstream community
26
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Oracle Solaris Deployment
27
Automated Installer Image Packaging SystemUnified Archives
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
IPS / Automated InstallerUnified Archives / Puppet / Compliance
11.2
Secure, Compliant Application DeploymentAgile application provisioning in the cloud with Solaris
Develop & TestVerify for
ComplianceLock Down VM
Securely Deploy into Production
Generate Reports for Compliance
28
11.311.3
11.2 11.2 11.2
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
COMPLETE.
SDNVirtualization OpenStackOS
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Puppet Resources
• Puppet Upstream Community
– http://www.puppetlabs.com
• Oracle Solaris 11 Configuration Management
– http://www.oracle.com/technetwork/server-storage/solaris11/technologies/configuration-management-2237948.html
• Oracle Solaris 11 Lifecycle Management– http://www.oracle.com/technetwork/server-storage/solaris11/technologies/lifecycle-
management-2237945.html
30
Other Resources
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
More Information
• oracle.com/solaris
• @ORCL_Solaris
• facebook.com/oraclesolaris
• Oracle Solaris Insider
• blogs.oracle.com/solaris
• youtube.com/oraclesolaris
Oracle Solaris resources