Running a Benevolent Puppet Regime

@sethgoings

PuppetRegime?

BenevolentPuppet

Regime?

PuppetRegime?

a system that is directed by an outside authority that leads to hardships on those

governed

BenevolentPuppet

Regime?

a system that is directed by an outside authority that leads to improved operations

on those governed

a system that is directed by an outside authority that leads to improved operations

on those governed

People Computers

80

40

hundreds

thousands

Ol’ Perly

… but …

… won’t allow Puppet on his machine because it will totally destroy his glorious

dotfiles ...

… why change what is working just fine? ...

2 years ago...

Which statement best describes your ability to work on Puppet

modules?

I try to avoid working on Puppet modules.

I can add new Puppet modules to support a new feature or add functionality for a related

story and I am familiar with how to test Puppet modules.

I try to avoid working on Puppet modules.

I can read Puppet code and generally figure out what a Puppet module is supposed to do.

Survey Quotes

I don’t use Puppet

Are the currently used Puppet modules available in a repository for viewing and/or

editing by any team member?

I wasn't aware that I had access ...

I feel like our Puppet modules are guarded. I am happy and able to contribute but don't

feel like there is a culture that supports this.

What do you do when you run into issues with Puppet?

I say nothing and hope someone else will run into the problem and fix it later.

I investigate and resolve the issue myself using online documentation or other

resources.

I file a Jira issue with steps to reproduce the problem.

I ask a subject matter expert for assistance.

Survey Quotes

I've never had to do anything with Puppet.

I do know that Puppet has never worked on my dev environment and when I asked for

help people ran away from me.

… also Puppet attacked and killed my family.

I like the idea of Puppet, but I have no idea how to get started or how it works. I can blow through the examples and tutorials

online, but I have no idea how to contribute or improve our internal Puppet infrastructure.

2 years ago...

It’s not Puppet’s faultit’s how we’re using Puppet

or how we’ve built our modules

How long does it take to set up a new machine for any engineer?(have hardware, need OS and packages installed required for their duties)

A. 1 hour (10 points)B. 1 day (5 points)C. 1 week (1 point)D. > 1 week (0 points)

How long does it take to fulfill a normal priority request from someone to install a service on every one of your machines (including production)?

A. 1 hour (10 points)B. 1 day (5 points)C. 1 week (1 point)D. > 1 week (0 points)

How long does it take to fulfill an emergency request from someone to install a service on every one of your machines (including production)?

A. 1 hour (10 points)B. 1 day (5 points)C. 1 week (1 point)D. > 1 week (0 points)

Who contributes to the advancement of your infrastructure via Puppet?

A. everyone (10 points)B. the team that owns it (5 points)C. the person who owns it (1 point)D. no one (0 points)

35 - 40 = Killin’ it. (why aren’t you up here?)

20 - 34 = It’s not your first Puppet show, is it?

5 - 19 = You’re average!

0 - 4 = Did you pass math class?

People could help but “can’t”

Low Involvement

People who know how to maintain/advance Puppet are too

tied up in fixing problems

Strained Group

Puppet is perceived as something that gets in the way / is inconvenient

Processes and Team Subverted

Low Invo

lve

Strained Group

Low Invo

lve

Process Subverted

Low Invo

lve Strained Group

Hard work will not ensure quality

Best efforts will not ensure quality

Gadgetscomputers or investment in machinery

will not ensure quality

It is not enough to do your best;

you must know what to do

and then do your best.

PuppetRegime?

a system that is directed by an outside authority that leads to hardships on those

governed

BenevolentPuppet

Regime?

a system that is directed by an outside authority that leads to improved operations

on those governed

a system that is directed by an outside authority that leads to improved operations

on those governed

People Computers

Commit to Collaboration

Who contributes to the advancement of your infrastructure via Puppet?

Low Involvement

Commit to Collaboration

Commit to Collaboration

Commit to Collaboration

Low Involvement

Automate Authority

How long does it take to fulfill a request someone to install a service on every one of your machines (including production)?

Strained Group

http://www.youtube.com/watch?v=0VxXBAaB_WE

Automate Authority

github.com/puppetlabs/beaker

---provisioner: name: puppet_apply manifests_path: test/manifests manifest: site.pp modules_path: local hiera_data_path: test/hieradata puppet_test: true

platforms: - name: debian-7.8-64-puppet driver_plugin: vagrant driver_config: box: puppetlabs/debian-7.8-64-puppet box_url: puppetlabs/debian-7.8-64-puppet

suites: - name: default - name: kitchen_dev - name: postgres - name: docker_ship - name: java

platforms: - name: debian-7.8-64-puppet driver_plugin: vagrant driver_config: box: puppetlabs/debian-7.8-64-puppet box_url: puppetlabs/debian-7.8-64-puppet

provisioner: name: puppet_apply manifests_path: test/manifests manifest: site.pp modules_path: local hiera_data_path: test/hieradata puppet_test: true

suites: - name: postgres

describe "Postgres Packages" do pg_packages = %w[ postgresql-9.2 postgresql-client-9.2 postgresql-contrib-9.2 postgresql-9.2-pgextwlist ]

...

describe "Postgres Packages" do ... pg_packages.each do |pkg| it "#{pkg} is installed" do expect(package(pkg)).to be_installed end end

end

Strained Group

Automate Authority

How long does it take to fulfill a request someone to install a service on every one of your machines (including production)?

Rebuild Ruthlessly

How long does it take to set up a new machine for any engineer?(have hardware, need OS and packages installed required for their duties)

Strained Group

Processes and Team Subverted

How long does it take to fulfill a request someone to install a service on every one of your machines (including production)?

Kif Kroker:Captain, may I have a word with you?

Captain Zapp Brannigan:No.

Kif Kroker:It's an emergency, sir.

Captain Zapp Brannigan:Come back when it's a catastrophe.

[ loud rumbling ]

Captain Zapp Brannigan:Oh, very well.

- hosts: localhost

tasks: ...

- hosts: build_slaves serial: 2

roles: ... - jenkins-slave

tasks: ...

- name: get jenkins cli jar local_action: get_url url="https://<jenkins>/jnlpJars/jenkins-cli.jar" dest="{{ jenkins_cli }}" run_once: true

- name: put Jenkins slave offline

- name: wait for Jenkins slave to become idle

- name: initiate Foreman build

- name: restart server

- name: verify server is dead

- name: wait for server to come back alive

- name: launch Jenkins slave

- name: put Jenkins slave online

- name: put Jenkins slave offline

- name: wait for Jenkins slave to become idle

- name: initiate Foreman build

- name: restart server

- name: verify server is dead

- name: wait for server to come back alive

- name: launch Jenkins slave

- name: put Jenkins slave online

- name: put Jenkins slave offline

- name: wait for Jenkins slave to become idle

- name: initiate Foreman build

- name: restart server

- name: verify server is dead

- name: wait for server to come back alive

- name: launch Jenkins slave

- name: put Jenkins slave online

- name: put Jenkins slave offline

- name: wait for Jenkins slave to become idle

- name: initiate Foreman build

- name: restart server

- name: verify server is dead

- name: wait for server to come back alive

- name: launch Jenkins slave

- name: put Jenkins slave online

- name: put Jenkins slave offline

- name: wait for Jenkins slave to become idle

- name: initiate Foreman build

- name: restart server

- name: verify server is dead

- name: wait for server to come back alive

- name: launch Jenkins slave

- name: put Jenkins slave online

- name: put Jenkins slave offline

- name: wait for Jenkins slave to become idle

- name: initiate Foreman build

- name: restart server

- name: verify server is dead

- name: wait for server to come back alive

- name: launch Jenkins slave

- name: put Jenkins slave online

- name: put Jenkins slave offline

- name: wait for Jenkins slave to become idle

- name: initiate Foreman build

- name: restart server

- name: verify server is dead

- name: wait for server to come back alive

- name: launch Jenkins slave

- name: put Jenkins slave online

- name: put Jenkins slave offline

- name: wait for Jenkins slave to become idle

- name: initiate Foreman build

- name: restart server

- name: verify server is dead

- name: wait for server to come back alive

- name: launch Jenkins slave

- name: put Jenkins slave online

http://www.youtube.com/watch?v=Axm2-0_KWuw

http://www.youtube.com/watch?v=QveWPygQbvc

Rebuild Ruthlessly

Strained Group

Processes and Team Subverted

… and …

Preseed Problems

ApproxProblems

Initial Puppet

Run Problems

A few weeks ago...

I rebuilt my development environmenttoday

by myselfwithout any problems!

I rebuilt my development environmenttoday

by myselfwithout any problems!

I rebuilt my development environmenttoday

by myselfwithout any problems!

Just yesterday...

No Jenkins

user?

When I realized what was happening, I had a small heart attack

You may have saved a HUGE headache from happening tomorrow.

Thanks!

Rebuild Ruthlessly

PuppetRegime

a system that is directed by an outside authority that leads to hardships on those

governed

Process Subverted

Low Invo

lve Strained Group

BenevolentPuppetRegime

a system that is directed by an outside authority that leads to improved operations

on those governed

People Computers

High Invo

lve

High Invo

lve Performant Team

High Invo

lve

Rewarding Process

Performant Team

Commit to Collaboration

Automate Authority

Rebuild Ruthlessly

@sethgoingsseth.goings@readytalk.com