Date post: | 11-May-2015 |
Category: |
Technology |
Upload: | subtitle |
View: | 555 times |
Download: | 4 times |
© 2009 VMware Inc. All rights reserved
Puppet Primer Robbie Jerrom – Solution Architect VMware
Twitter- @robbiej
Disclaimer
The material in the presentation is based from my exploration and learning of puppet.
My views are my own and not necessarily shared by PuppetLabs or VMware.
2 Confidential
About me..
I’m a Solution Architect at VMware.
Ex- IBM where I did many things.. The most relevant to this presentation is running the WebSphere build team for 2 years..
.. And it hurt.. Every version of AIX / Solaris / Windows & Early Linux environments.. All from a single build environment .. Distributed around the globe.
I wish Puppet had existed back then !
3 Confidential
Software Eats the World..
“Puppet Labs Secures $30 Million
Investment From VMware”
4 Confidential
5
So what is Puppet.. And why would I care ?
Old school software deployment.. • Production
• Dev / Test
• Service Support
• Many of the challenges are the same and our solutions very similar.. Scripts… lots and lots of them..
- Perl / PowerShell / Bash / SH / Make / Awk - Whatever your particular poison was you or your team created scripts to make
things easier. - Then you left.. Or got promoted.. And the next guy did the same.. Probably in
their favourite scripting language.
6 Confidential
Result… script hell..
Growing complexity.. Inherited ‘mess’, undocumented and unmanageable.
7 Confidential
As a concept.. A script is ‘how to do something’
Scripts of any variety typically fall into describing how to perform a task.
• Copy file a to location b If that fails log an error and stop.
• Compile file a found in location b If that fails log an error and stop
• Start Application server Call deploy script for myapplication found in location b.
And they usually spawn more scripts !
8 Confidential
A new way..
Puppet takes a different approach.. Puppet is a state machine, it takes a declarative approach to configuration management.
You tell puppet ‘what’ and it works out the ‘how’. With Puppet you are providing a definition of what it means to be:
• A Webserver
• An Application server
• A Proxy server
9 Confidential
Puppet Operating Layers
10 Confidential
Deployment
Configuration & Resource Abstraction
Transactional Layer
Deployment Layer
Client Server Architecture
11 Confidential
Node Node Node Node
Node Node
(Puppet) Master
Configuration & Resource Abstraction Layer
Much more on this shortly..
12 Confidential
Configuration & Resource Abstraction
Modules Classes Packages Files Services Resources
Transaction Layer
To complete the picture..
14 Confidential
Puppet Enterprise
Everything to Puppet is a resource
15 Confidential
[root@puppet ~]# puppet resource user robbie user { 'robbie': ensure => 'present', comment => 'Robbie', gid => '500', groups => ['sudoers'], home => '/home/robbie', password => '$1$W3RSF$sQhH9VeK1f5IwR.TNCj8y1', password_max_age => '99999', password_min_age => '0', shell => '/bin/bash', uid => '500', }
Doing something in Puppet..
Simple example – Single machine not client server.
16 Confidential
Doing something in Puppet..
A puppet managed environment consists of a number of core files.
• site.pp - starting point for Puppet default configurations.
• node.pp – file host descriptions.
• modules\ - collection of .pp files to define your environment.
17 Confidential
site.pp
import "templates.pp"
import "node.pp"
# global defaults
Package {
provider => $operatingsystem ? { debian => aptitude,
redhat => up2date }
}
18 Confidential
include vim
node basenode
{service {“telnet":ensure => "stopped", }}
node ‘proxy.example.com’ inherits basenode
{ include proxy }
node /^www\d+\.example\.com/ inherits basenode
{ include webserver }
node /^app\d+\.example\.com/ inherits basenode
{ include appserver
package {‘vim’ : ensure => present }}
node basenode { service {“telnet":ensure => "stopped", } }
node.pp
19 Confidential
node ‘proxy.example.com’ inherits basenode { include proxy }
node /^www\d+\.example\.com/ inherits basenode { include webserver } Regex to include : www1.example.com www2.example.com …. etc.
node /^app\d+\.example\.com inherits basenode { include appserver package {‘vim’ : ensure => present }} Regex to include : app1.example.com app2.example.com …. etc.
Package/File/Service
file – Manage Local Files • ensure { present, absent, file, directory, link }
• source
• Content
• purge
package – Package management • ensure {present, latest, version, absent, purged }
• Name
• source
20 Confidential
Package/File/Service
service – System services management • ensure {running, stopped}
• enable {true, false}
• hasrestart {true,false}
Notify – log a message
• message {“hello world!”}
21 Confidential
Simple Puppet Example – Part of SSH Module
22 Confidential
package { ssh: ensure => latest, } file { /etc/ssh/sshd_config: source => puppet:///modules/ssh/sshd_config, require => Package[ssh], notify => Service[sshd], } service { sshd: ensure => running, subscribe => Package[ssh], }
Modules
23 Confidential
Apply to a node..
Lets make a webserver then an app server.
24 Confidential
The new platform scenario
Puppet makes things far quicker.. 1. Add the new node..
• And any variations or missing configurations will be reported.
• Factor will pull the new platform specifics and report up to puppetmaster.
• Puppet will deploy & configure software as per the node policy.
2. Update App Specific Manifests & Configs if new platform. 3. Done !
25 Confidential
Things I’ve learnt..
SSL Cert’s are a pain anytime and place. • The Puppet Labs site has some great guides on configuration and
management of these but I still spent a reasonable amount of time fighting with them.
• Make sure DNS is working .. See above.. If your hostnames don’t match certs get upset – For local testing /etc/hosts might be easier.
• Start small.. SSH / Tomcat are great little examples.. WebSphere or JBoss not so much. Apache is a good learning exercise.
• MS Windows adds complexity, consider each windows version a completely different platform. Some services provided by puppet do not work on Windows yet.
26 Confidential
Final words.. Questions ?
VMware & PuppetLabs.. working together on some ‘cool stuff’.
Right now vCloud Automation Centre & AppDirector products can take advantage of Puppet.
If you’re a VMware person, its worth becoming a Puppet person too.
27 Confidential
Thanks for listening..
Special thanks to the guys at PuppetLabs; Reid & Chris for technical support, t-shirts, stickers and books.
28 Confidential