PuppetConf. 2016: Puppet Best Practices: Roles & Profiles – Gary Larizza, Puppet

“Best Practices”- Roles & ProfilesGary Larizza

Knowing your Role(s)…and your Profile(s)

Best Practice-ish: Roles & Profiles 9

class profile::jenkins { $jenkins_port = hiera(’jenkins_port’) $java_dist = hiera(’java_dist’) $java_version = hiera(’java_version’)

class { ’::jenkins’: install_java => false, port => $jenkins_port, }

class { ’::java’: distribution => $java_dist, version => $java_version, before => Class[‘jenkins’], }}

class role::ci_server { include profile::jenkins include profile::myorg include profile::hubot}

1.Lots of tech 2.Lots of terms 3.Lots of variations

“Best Practices”(i.e. “Some people do this - not me, but some people…”)

CS-STANDARDS

CS-STANDARDS


● Focus on having a “complexity escalation path”

● Module in Control Repo? Module in its own Repo?

● Package in profile::mycorp::packages -> package in its own module

● Team interoperability and comprehension

● i.e. “Do we need a profile for simple, one-module tech?”

● Minimize magic

Your Standard

Profile(s)(to s or not to s…)


● In the Control Repo

● Escalation: Separate module

● Escalation: Separate module for each profile

Profiles - storage





Profiles - storage





Profiles - storage


● Name the module “profile” ● Or “profiles” ● Or “lamp” ● (i.e. It doesn’t matter because I don’t work with you) ●Escalation: prepend each profile module ●wrapper_apache●profile_apache

Profiles - naming


● Name each profile according to tech

● profile::{nginx,apache}● Escalation: May extend to implementation if it makes

sense

● profile::ssh::{server,client}

Profiles - naming


Profiles may be parameterized to provide an API to the implementation

Profiles - usage


Limit resource-style declaration of a profile

Profiles - usage

class { ‘profile::ntp’: }

include profile::ntp


Profiles may declare other profiles

Profiles - usage


●Only site-specific resources declared in profiles ●Certificates ●Credentials ●Customizations

Profiles - usage


Profiles may be platform-based

Profiles - usage

● profile::windows::iis● profile::linux::ntp● profile::osx::loginwindow


Profiles may be single-point-of-entry

Profiles - usage

profile::dns_nameservers -> profile::dns_nameservers::{linux,windows}

Roles(and if we don’t get no tolls…)


Roles - naming

sfnetdevap12-01


Roles - naming

sfnetdevap12-01


Roles - naming

sfnetdevap12-01


Roles - naming

sfnetdevap12-01


Roles - naming

sfnetdevap12-01


Roles - naming

sfnetdevap12-01


Roles - naming

role::app_server


Roles are named according to type

Roles - naming


Roles may be namespaced for clarity

Roles - naming

● role::app_server::pci● These names are to assist YOU


Roles - storage● In the Control Repo

● Single ‘role’ module


● Escalation: Separate module for each role


Can roles contain conditional logic?

Roles - naming

● If Windows then IIS profile, if Linux then JBoss

● Separate roles per platform

●What’s more important to track/visualize?


Can roles be inherited?

Roles - naming


Summary

DO WHAT CAUSES LESS FRICTION BETWEEN TEAMS AND IS EASY TO

FOLLOW!


Questions?


Summary

●Everything is terrible ●No one is happy

Date post:	15-Apr-2017
Category:	Technology
Upload:	puppet
View:	234 times
Download:	0 times

PuppetConf. 2016: Puppet Best Practices: Roles & Profiles – Gary Larizza, Puppet

Technology