© 2009 VMware Inc. All rights reserved

Puppet Primer Robbie Jerrom – Solution Architect VMware

Twitter- @robbiej

Disclaimer

The material in the presentation is based from my exploration and learning of puppet.

My views are my own and not necessarily shared by PuppetLabs or VMware.

2 Confidential

About me..

I’m a Solution Architect at VMware.

Ex- IBM where I did many things.. The most relevant to this presentation is running the WebSphere build team for 2 years..

.. And it hurt.. Every version of AIX / Solaris / Windows & Early Linux environments.. All from a single build environment .. Distributed around the globe.

I wish Puppet had existed back then !

3 Confidential

Software Eats the World..

“Puppet Labs Secures $30 Million

Investment From VMware”

4 Confidential

5

So what is Puppet.. And why would I care ?

Old school software deployment.. • Production

• Dev / Test

• Service Support

• Many of the challenges are the same and our solutions very similar.. Scripts… lots and lots of them..

- Perl / PowerShell / Bash / SH / Make / Awk - Whatever your particular poison was you or your team created scripts to make

things easier. - Then you left.. Or got promoted.. And the next guy did the same.. Probably in

their favourite scripting language.

6 Confidential

Result… script hell..

Growing complexity.. Inherited ‘mess’, undocumented and unmanageable.

7 Confidential

As a concept.. A script is ‘how to do something’

Scripts of any variety typically fall into describing how to perform a task.

• Copy file a to location b If that fails log an error and stop.

• Compile file a found in location b If that fails log an error and stop

• Start Application server Call deploy script for myapplication found in location b.

And they usually spawn more scripts !

8 Confidential

A new way..

Puppet takes a different approach.. Puppet is a state machine, it takes a declarative approach to configuration management.

You tell puppet ‘what’ and it works out the ‘how’. With Puppet you are providing a definition of what it means to be:

• A Webserver

• An Application server

• A Proxy server

9 Confidential

Puppet Operating Layers

10 Confidential

Deployment

Configuration & Resource Abstraction

Transactional Layer

Deployment Layer

Client Server Architecture

11 Confidential

Node Node Node Node

Node Node

(Puppet) Master

Configuration & Resource Abstraction Layer

Much more on this shortly..

12 Confidential

Configuration & Resource Abstraction

Modules Classes Packages Files Services Resources

Transaction Layer

To complete the picture..

14 Confidential

Puppet Enterprise

Everything to Puppet is a resource

15 Confidential

[root@puppet ~]# puppet resource user robbie user { 'robbie': ensure => 'present', comment => 'Robbie', gid => '500', groups => ['sudoers'], home => '/home/robbie', password => '$1$W3RSF$sQhH9VeK1f5IwR.TNCj8y1', password_max_age => '99999', password_min_age => '0', shell => '/bin/bash', uid => '500', }

Doing something in Puppet..

Simple example – Single machine not client server.

16 Confidential

Doing something in Puppet..

A puppet managed environment consists of a number of core files.

• site.pp - starting point for Puppet default configurations.

• node.pp – file host descriptions.

• modules\ - collection of .pp files to define your environment.

17 Confidential

site.pp

import "templates.pp"

import "node.pp"

# global defaults

Package {

provider => $operatingsystem ? { debian => aptitude,

redhat => up2date }

}

18 Confidential

include vim

node basenode

{service {“telnet":ensure => "stopped", }}

node ‘proxy.example.com’ inherits basenode

{ include proxy }

node /^www\d+\.example\.com/ inherits basenode

{ include webserver }

node /^app\d+\.example\.com/ inherits basenode

{ include appserver

package {‘vim’ : ensure => present }}

node basenode { service {“telnet":ensure => "stopped", } }

node.pp

19 Confidential

node ‘proxy.example.com’ inherits basenode { include proxy }

node /^www\d+\.example\.com/ inherits basenode { include webserver } Regex to include : www1.example.com www2.example.com …. etc.

node /^app\d+\.example\.com inherits basenode { include appserver package {‘vim’ : ensure => present }} Regex to include : app1.example.com app2.example.com …. etc.

Package/File/Service

file – Manage Local Files • ensure { present, absent, file, directory, link }

• source

• Content

• purge

package – Package management • ensure {present, latest, version, absent, purged }

• Name

• source

20 Confidential

Package/File/Service

service – System services management • ensure {running, stopped}

• enable {true, false}

• hasrestart {true,false}

Notify – log a message

• message {“hello world!”}

21 Confidential

Simple Puppet Example – Part of SSH Module

22 Confidential

package { ssh: ensure => latest, } file { /etc/ssh/sshd_config: source => puppet:///modules/ssh/sshd_config, require => Package[ssh], notify => Service[sshd], } service { sshd: ensure => running, subscribe => Package[ssh], }

Modules

23 Confidential

Apply to a node..

Lets make a webserver then an app server.

24 Confidential

The new platform scenario

Puppet makes things far quicker.. 1. Add the new node..

• And any variations or missing configurations will be reported.

• Factor will pull the new platform specifics and report up to puppetmaster.

• Puppet will deploy & configure software as per the node policy.

2. Update App Specific Manifests & Configs if new platform. 3. Done !

25 Confidential

Things I’ve learnt..

SSL Cert’s are a pain anytime and place. • The Puppet Labs site has some great guides on configuration and

management of these but I still spent a reasonable amount of time fighting with them.

• Make sure DNS is working .. See above.. If your hostnames don’t match certs get upset – For local testing /etc/hosts might be easier.

• Start small.. SSH / Tomcat are great little examples.. WebSphere or JBoss not so much. Apache is a good learning exercise.

• MS Windows adds complexity, consider each windows version a completely different platform. Some services provided by puppet do not work on Windows yet.

26 Confidential

Final words.. Questions ?

VMware & PuppetLabs.. working together on some ‘cool stuff’.

Right now vCloud Automation Centre & AppDirector products can take advantage of Puppet.

If you’re a VMware person, its worth becoming a Puppet person too.

27 Confidential

Thanks for listening..

Special thanks to the guys at PuppetLabs; Reid & Chris for technical support, t-shirts, stickers and books.

28 Confidential