login

Puppetmanaged.orgHow to use it in

yourenvironment

   

id

uid=500(Yaakov M. Nemoy) gid=500(Human) groups=10(wheel),501(Fedora Project Ambassador),502(Puppetmanaged.org

Developer),503(RHCE),666(UMC Utrecht BOFH)

   

elinks

● Puppetmanaged.org is a collection of (mostly) standalone common puppet modules for per service deployment of your infrastructure

● It's designed around principles of good configuration management

   

elinks

● Puppet● Mysql● Apache● Bind● Cobbler● Yum● Samba

● Zarafa● Openldap● Openvpn● Postfix● Monit● Munin● Nagios

   

elinks

● Authconfig● Autofs● Func● Iptables● NFS● NTP● Rsync

● Selinux● Ssh● Sudo● Trac● Virt● Xen● Pam

   

elinks

● Each module contains● A bunch of file declarations● Gets your service up and running● RHEL default configurations● Well defined classes with logical meaning● Every class has a disabled subclass for cleanup● A pony – development, testing, and production

branches

   

elinks

● pm.org is file based – just deliver the files and get out of the way

● There are five options for file locations● Environment + Host● Environment● System Wide + Host● System Wide● PM.org default

   

elinks

● puppet://$server/private/$environment/webserver/httpd.conf.$hostname

● puppet://$server/private/$environment/webserver/httpd.conf

● puppet://$server/files/webserver/httpd.conf.$hostname

● puppet://$server/files/webserver/httpd.conf

● puppet://$server/webserver/httpd.conf

   

elinks

node 'node1.example.org' { include webserver

webserver::virtualhost { "www.example.org": enable => true }

webserver::module::enable { "php": enable => true }}

   

elinks

● Uses definitions to create pseudo resources● Makes these modules very easy to adopt● Easy to deploy in your current infrastructure,

one module at a time● Easy to collaborate with upstream on

   

git clone

All modules in a git repository

   

make

● All you need is a git repo with a directory per module

● Each branch is a seperate environment● The master branch is the site-wide

configuration● The pm.org puppet module handles the rest

   

make

● Some services require OS version specific files, then you get twenty options● OS + minor version● OS + major version● OS● Default

● For example:● pam

   

make install

● ah... um.....

   

make install

● Actually this slide should be febootstrap/debootstrap

   

git svn

I can't talk about how to fix this in your environment...

   

git svn

Or can i?

[Insert Shamless Hire Me Plug]

   

git svn

The UMC Utrecht DBG née Genomics Center is a public institution, so we can talk about how we

solved the problem there

   

git foo

● There are good gateways for git and other source control

   

git svn

● We started with an old experimental version of pm.org● conf/manifests – this is our site manifest● distr/modules – one git repo per module● distr/files – legacy files● distr/files/private – file domain structure

● We only have one environment currently

   

git branch

● Each repo is cloned into the svn, then branched to a umc specific branch

● Since we're using svn, i freely use git rebase, so it's obvious which patches are not yet upstream

● The diff between development and umc is meant to be as short as possible

   

emacs

● Our umc branches normally just edit file locations and comment out code defined in legacy

● UMC specific classes are in conf/manifests/classes/*pp

   

git rebase

● Every time i commit to git, i can also commit it to our SVN

● Everytime someone else commits to svn, i can rebase the git on top

   

git push

● Commiting is then very easy, just switch to the right branch and push

● git format patch is great● There is a devel mailing list open for patches● Frequent patchers can probably get commit

access

   

publican

● Documentation is yet another git repo● We store it at documentation/● We branch and merge like usual

   

make install

● Move all code into modules or classes● Migrate to pm.org's puppet module managing

site.pp● Sort all files into distr/files/private● Ensure every module we have is pm.org quality

   

make install

● Move each git repo to its own toplevel in svn (except maybe distr/modules)

● git-svn handles mapping svn branches● Fix the puppet module to do svn too

   

cat /dev/future

● Environments per working group● Each group has write access to their own branch

● Porcelain – extensions on top of pm.org standard

● More modules● Better integration with external nodes

   

who

● ogd.nl● kolabsys.com● genomicscenter.nl● op.umcutrecht.nl● berica.nl● fedoraunity.org● puppetmanaged.org

● rpmfusion.org● kanarip.com

   

wget puppetmanaged.org

● http://www.puppetmanaged.org/● http://git.puppetmanaged.org/● http://www.puppetmanaged.org/mailman/listinfo

● Commits● Devel● Users

   

questions?

● loupgaroublond@gmail.com● loupgaroublond on practically every social

network, especially freenode● #ergo@freenode.net● Or just annoy kanarip

● the one with the ugly haircut