Puppet: Automation Matters -...

Puppet: Automation MattersConfiguration Management with Puppet

Gary LarizzaPS EngineerPuppet Labs

Thursday, October 6, 2011

Puppet: Automation MattersConfiguration Management with Puppet


Gary Larizza

• Former Director of Technology for Education in USA (all Mac environment)

• Current Professional Services Engineer

• Using Puppet down to the desktop since 2009

• Training and consulting on Puppet Implementations


Indisposed


The Problem

• Many nodes (Desktops, Laptops, Servers)

• Just enough automation to survive

• Drift has you down

• Scripts for everything

• What documentation?


The Old Way


A Gold Master for Everything

• Model Image

• Netrestore

• Wash, Rinse, Repeat


Why Modular?#!/bin/sh

#set machine names back to generic

/usr/sbin/scutil --set ComputerName

"OSX_Standard_Image"

/usr/sbin/scutil --set LocalHostName "osximg"

#delete swapfiles

rm /private/var/vm/swapfile*

#delete volume info DB

rm /private/var/db/volinfo.database

#cleanup local admin's home dir

rm -rf /Users/admin/Desktop/*

rm -rf /Users/admin/Documents/*

rm -rf /Users/admin/Library/Caches/*

rm -rf /Users/admin/Library/Recent\ Servers/*

rm -rf /Users/admin/Library/Logs/*

rm -rf /Users/admin/Library/Keychains/*

rm -rf /Users/admin/Library/Preferences/

ByHost/*

rm -f /Users/admin/Library/Preferences/

com.apple.recentitems.plist

rm -rf /Users/admin/Movies/*

rm -rf /Users/admin/Music/*

rm -rf /Users/admin/Pictures/*

rm -rf /Users/admin/Public/Drop\ Box/*

#clean up global caches and temp data

rm -rf /Library/Caches/*

rm -rf /System/Library/Caches/*

rm -rf /Users/Shared/*

rm -f /private/etc/ssh_host*

rm /private/var/log/alf.log

rm /Library/Preferences/SystemConfiguration/

NetworkInterfaces.plist

#Leopard - cleanup local KDC, see http://

support.apple.com/kb/TS1245

/usr/sbin/systemkeychain -k /Library/

Keychains/System.keychain -C -f

rm -rf /var/db/krb5kdc

/usr/bin/defaults delete /System/Library/

LaunchDaemons/com.apple.configureLocalKDC

Disabled

#cleanup root's home dir

rm -rf /private/var/root/Desktop/*

rm -rf /private/var/root/Documents/*

rm -rf /private/var/root/Downloads/*

rm -rf /private/var/root/Library/Caches/*

rm -rf /private/var/root/Library/Recent\

Servers/*

rm -rf /private/var/root/Library/Logs/*

rm -rf /private/var/root/Library/Keychains/*

rm -rf /private/var/root/Library/Preferences/

ByHost/*

rm -f /private/var/root/Library/Preferences/

com.apple.recentitems.plist

rm -rf /private/var/root/Public/Drop\ Box/*

touch /private/var/log/alf.log

rm /private/var/log/cups/access_log

touch /private/var/log/cups/access_log

rm /private/var/log/cups/error_log

touch /private/var/log/cups/error_log

rm /private/var/log/cups/page_log

touch /private/var/log/cups/page_log

rm /private/var/log/daily.out

rm /private/var/log/ftp.log*

touch /private/var/log/ftp.log

rm -rf /private/var/log/httpd/*

rm /private/var/log/lastlog

rm /private/var/log/lookupd.log*

rm /private/var/log/lpr.log*

rm /private/var/log/mail.log*

touch /private/var/log/lpr.log

rm /private/var/log/mail.log*

touch /private/var/log/mail.log

rm /private/var/log/monthly.out

rm /private/var/log/run_radmind.log

rm -rf /private/var/log/samba/*

rm /private/var/log/secure.log

touch /private/var/log/secure.log

rm /private/var/log/system.log*

touch /private/var/log/system.log

rm /private/var/log/weekly.out

rm /private/var/log/windowserver.log

touch /private/var/log/windowserver.log

rm /private/var/log/windowserver_last.log

rm /private/var/log/wtmp.*


http://support.apple.com/kb/TS1245




State Drift

• Updates

• ‘New’ Software for Install

• Immediate Changes

• One-off modifications

• Image sprawl


In Summary:

• Too many Images/Configurations

• Duplicated efforts

• MCX isn’t comprehensive

• Don’t need to manage EVERYTHING

• Notes and memos EVERYWHERE

• I’m Cheap


Enter Puppet

• Define what NEEDS to be done

• Model your ideal state with simple resources

• Configured State vs. Running State

• Choose your level of commitment

• Useful with Local Admins


Resource Abstraction Layer


Puppet Resources

file { '/var/db/.AppleSetupDone': ensure => present, mode => '0600', owner => 'root', group => 'wheel',}


Type

Puppet Resources



Type Title

Puppet Resources



Type Title

Attributes

Puppet Resources



Bare Machine

Provisioning

Base Install

Configure

Assigned Role

Maintenance

Puppet’s Task


Facter• Describes aspects of your machine - “facts”

• Facts written in Ruby...for now

• Nice library of existing facts

• Custom facts are easy

• End up ‘shelling out’


Factergarys-mbp:$ facterdomain => puppetlabs.lanfacterversion => 1.5.8fqdn => garys-mbp.puppetlabs.lanhardwaremodel => x86_64hostname => garys-mbpkernel => Darwinmacosx_buildversion => 10K549macosx_productname => Mac OS Xmacosx_productversion => 10.6.8macosx_productversion_major => 10.6macosx_productversion_minor => 8<...>




Sample Fact

Facter.add("computername") do confine :kernel => :darwin setcode('scutil --get ComputerName'.chomp)end

computername scutil --get ComputerName


Sample Fact




Sample Fact



Fact name


Sample Fact



Command to Execute

Fact name


Sample Fact



Command to Execute

Fact name


Sample Fact

Facter.add("printerlist") do setcode do %x(lpstat -a | cut -d ' ' -f 1).split("\n").join(",") endend


Sample Fact

Facter.add("printerlist") do setcode do %x(lpstat -a | cut -d ' ' -f 1).split("\n").join(",") endend

Output: Main_Phaser,Phaser,Phaser_8560_24


Why choose Puppet?

• Single base image

• Central Git Repo

• ‘Extends’ MCX

• Your state - guaranteed

• Self-documenting

• Idempotent


Puppet Syntaxfile { '/etc/motd': ensure => present, content => "Don't break my stuff!",}

file { '/etc/sudoers': ensure => present, owner => 'root', group => 'wheel', mode => '0440', source => 'puppet:///modules/sudo/sudoers',}


package { 'Chrome.pkg': ensure => present, source => 'http://puppet/pkgs/Chrome.pkg',}

file { '/Library/LaunchDaemons/com.google.keystone.daemon.plist': ensure => present, source => 'puppet:///modules/chrome/com.google.keystone.daemon', require => Package['Chrome.pkg'], notify => Service['com.google.keystone.daemon'],}

service { 'com.google.keystone.daemon': ensure => running,}

Puppet Manifest


http://puppet/pkgs/Chrome.pkg

http://puppet/pkgs/Chrome.pkg

Puppet Syntax

$facter = 'facter-1.6.0.dmg'$pkg_base = 'http://puppet.server.com/pkgs'

package { $facter: source => "${pkg_base}/${facter}", before => Package[$puppet],}

(variables)


http://puppet.server.com/pkgs

http://puppet.server.com/pkgs

puppet resource (i.e. ralsh)

• Formerly known as ralsh, or “Resource Abstraction Layer Shell”

• Tool to inspect a running system

• Outputs Puppet code


DEMO


For More Information

• The Book “Pro Puppet”!

• http://amzn.to/puppetbook

• http://puppetlabs.com

• http://groups.google.com/group/puppet-users

• http://glarizza.posterous.com

• #puppet on freenode


http://amzn.to/puppetbook

http://amzn.to/puppetbook

http://puppetlabs.com

http://puppetlabs.com

http://groups.google.com/group/puppet-users

http://groups.google.com/group/puppet-users

http://glarizza.posterous.com

http://glarizza.posterous.com

Call Me!

• glarizza on Twitter

• [email protected]

• Visit Portland - It’s Nice!


mailto:[email protected]

mailto:[email protected]


Date post:	28-Jul-2018
Category:	Documents
Upload:	lythuan
View:	230 times
Download:	0 times