Date post: | 21-Jun-2015 |
Category: |
Technology |
Upload: | alex-su |
View: | 2,661 times |
Download: | 1 times |
One-click DeploymentFabric and Puppet integration
Alex Su2013/09/25
Classification 04/13/2023
1
2 Classification 04/13/2023
What is a system admin?
Don’t look at me...
I wasn’t the last one to touch it...
5 Classification 04/13/2023
Everything the SameEverything Distinct
Manuallyyum install nginx
vi /etc/nginx/conf.d/test.conf
service nginx start
Shell Script
yum install nginx
mkdir -p /etc/nginx/conf.d
cat > /etc/nginx/conf.d/test.conf<<EOF
server {
listen 443;
ssl on;
}
EOF
service nginx start
install-nginx.sh
scp install-nginx.sh root@server:~/
ssh -o PasswordAuthentication=no -q -t -t “~/install-nginx.sh”
One Goal:
Revolutionize
System
Administration
Fabric command-line toolfor streamlining the use of SSH for
application deployment or systems administration tasks
Make executing shell commands over SSH easy and Pythonic
Stop administrating your environment and start developing it...
Re-usable code for managing your software & configurations
Installation$ pip install fabric
$ pip install jinja2
$ sudo apt-get install fabric
fabfile.py@task
def install_package():
run("yum install nginx")
fabfile.py@task
def update_conf():
if exists("/etc/nginx/conf.d"):
run("mkdir -p /etc/nginx/conf.d")
put(”test.conf", "/etc/nginx/conf.d/test.conf")
fabfile.py@task
def start_daemon():
run("service nginx start")
fabfile.py@task
def deploy():
execute(install_package)
execute(update_conf)
execute(start_daemon)
Task Argumentsfrom fabric.api import task
@task
def hello(name="world"):
print("Hello %s!" % name)
Task Arguments$ fab hello:name=Alex
Hello Alex!
Done.
$ fab hello:Alex
Hello Alex!
Done.
Templatedef update_conf():
context = {
'http_port' : 80,
'https_port' : 443
}
src_path = 'test.conf'
dest_path = '/etc/nginx/conf.d/test.conf'
files.upload_template(src_path, dest_path, context = context)
Template Fileserver {
listen %(http_port)d;
}
server {
listen %(https_port)d;
}
Template with Jinja2def update_conf():
context = {
‘ports' : [80, 443]
}
src_path = 'test.conf'
dest_path = '/etc/nginx/conf.d/test.conf'
files.upload_template(src_path, dest_path, context = context, use_jinja = True)
Template File with Jinja2{%- for port in ports %}
server {
listen {{ port }};
}
{%- endfor %}
Execute Modelfrom fabric.api import run, env
env.hosts = ['host1', 'host2']
@task
def taskA():
run('ls')
@task
def taskB():
run('whoami')
Execute Model$ fab -l
Available commands:
taskA
taskB
Execute Model$ fab taskA taskB
taskA executed on host1
taskA executed on host2
taskB executed on host1
taskB executed on host2
Execute Model by Rolefrom fabric.api import run, env
env.roledefs = {
'web': ['www1', 'www2', 'www3'],
'dns': ['ns1', 'ns2']
}
def taskA():
run('ls')
def taskB():
run('whoami')
Execute Model by Role$ fab -R dns taskA taskB
taskA executed on ns1
taskA executed on ns2
taskB executed on ns1
taskB executed on ns2
Execute Model by Hosts$ fab -H ns1,www1 taskA taskB
taskA executed on ns1
taskA executed on www1
taskB executed on ns1
taskB executed on www1
Arbitrary remote commands$ fab -H ns1,www1 -- whoami
task executed on ns1
task executed on www1
Cuisine https://github.com/sebastien/cuisine
Chef-like functionality for Fabric
Covers file/dir operations, user/group operations, package operations
Cuisine text_* : Text-processing functions
file_* : File operations
dir_* : Directory operations
package_* : Package management operations
command_* : Shell commands availability
user_* : User creation commands
group* : Group creation commands
mode_* : Configures cuisine's behaviour within the current session.
select_* : Selects a specific option, such as package back-end (apt, yum, zypper, or pacman)
30 Classification 04/13/2023
Live Demo
Drawbacks Not easy to implement by pure operators
Leak high-level function support User, file, package, service management Built-in environment variables
Leak smart error handling
Would do all things every time (depends on the implementation)
No log, no history
To many SSH communications (keepalive argument would help)
Puppet Provides a Domain Specific Language (DSL) to script
with Classes, conditionals, selectors, variables, basic math, etc.
Supports Linux, Solaris, BSD, OS X, Windows
Stop administrating your environment and start developing it...
Re-usable code for managing your software & configurations
33 Classification 04/13/2023
apt-get install nginx
vi /etc/nginx/conf.d/test.conf
service nginx start
Debian
yum install nginx
vi /etc/nginx/conf.d/test.conf
service nginx start
Redhat
An Analogy
Programming SysAdmin
Low-level, non-portable
Assembly commands and files
Abstract, portable
Java / Python / Ruby Resources
A Partial List of Puppet types
Packages • Supports 30 different package providers• Abstracted for your OS automatically• Specify ‘installed’, ‘absent’, or ‘latest’ for desired
state• Change from ‘installed’ to ‘latest’ and deploy for
quick Upgrade
Services • Supports 10 different ‘init’ frameworks• Control whether a service starts on boot or is
required to be running always• A service can be notified to restart if a
configuration file has been changed
Files/Directories
• Specify ownership & permissions• Load content from ‘files/’, ‘templates/’ or custom
strings• Create symlinks• Supports 5 types to verify a file checksum• Purge a directory of files not ‘maintained’
Dashboard
apt-get install nginxvi /etc/nginx/conf.d/test.confservice nginx start
Package
Configuration
Service
Configuration should get modified after package installation
Service should restart when configuration changes
Sample classesclass nginx::server { $conf_dir = "/etc/nginx/conf.d" $http_port = 80 $https_port = 443
package {"nginx": ensure => installed } -> file {"nginx_conf": path => "$conf_dir/test.conf", content => template("nginx/conf/test.conf.erb"), owner => 'nginx', group => 'nginx', mode => 644, ensure => file } -> service {"nginx": enable => true, ensure => running }}
Template Puppet templates are flat files containing Embedded
Ruby (ERB) variables
server {
listen <%= @http_port %>;
}
server {
listen <%= @https_port %>;
}
NodeNode definitions look just like classes, including supporting inheritance, but they are special in that when a node (a managed computer running the Puppet client) connects to the Puppet master daemon.
node ‘www1' { include nginx:server}
ModulesA module is just a directory with stuff in it, and the magic comes from putting that stuff where Puppet expects to find it.
Module Structure
Network Overview
Configuration allows for manual synchronizations or a set increment
Client or server initiated synchronizations
Client/Server configuration leverages a Certificate Authority (CA) on the Puppet Master to sign client certificates to verify authenticity
Transmissions of all data between a master & client are encrypted
Every Client Retrieve resource catalog from central server
Determine resource order
Check each resource in turn, fixing if necessary
Rinse and repeat, every 30 minutes
Every Resource Retrieve current state (e.g., by querying dpkg db or
doing a stat)
Compare to desired state
Fix, if necessary (or just log)
Drawbacks Hard to prepare the environment
Install Ruby, puppet packages Set up host name, domain name Put ssh public key to every client Configure certificate
Hard to control deployment time (in daemon mode)
Hard to support rolling upgrade
No global view, no service dependency control across hosts
Combine Fabric and Puppet Fabric
When Operators trigger puppet to deploy packages one by one or
parallelly Rolling upgrade
Where Use fab -R or fab -H
Initial functions Global setup and teardown functions
Puppet What
Define puppet nodes
How Define puppet classes and templates
Reporting Update the status to puppet dashboard
Initial functions Create EC2 instances (optional)
Setup SSH keys to all remote hosts
Configure yum repositories
Install puppet and ruby packages
Configure puppet and update new hosts to cert list
Global setup functions Mandatory
Backup Clean yum cache Sync fabric configurations to puppet pp files Restart puppet master service
Optional Clean the environment if necessary Put ssh public key Put yum repo files Install system development tools Install ruby and puppet packages Update puppet patches Configure puppet environment
Global teardown functions Start/stop services across hosts
Send email/SMS notifications to members
Do health/sanity check
52 Classification 04/13/2023
Questions?