Date post: | 16-Apr-2017 |
Category: |
Technology |
Upload: | puppet |
View: | 476 times |
Download: | 0 times |
Six Weird Facts about Puppet on Windows… and more facts worth knowing3 November 2015Presented by Jeremy McGee and Steven Hawkins
Disclaimer:This is probably not the recommended approach. But it works for us
Who are Hiscox?
3
USAAtlantaChicagoLos AngelesNew York CitySan FranciscoWhite Plains
GuernseySt Peter Port
Latin American gatewayMiami
BermudaHamilton
EuropeAmsterdamBordeauxBrusselsCologneDublinHamburgLisbonLyonMadridMunichParis
UKBirminghamColchesterGlasgowLeedsLondonMaidenheadManchesterYorkAsiaBangkok Hong KongSingapore
International specialist insurer£2.0B in GWP 2,000 employees
The Hiscox IT landscape
Hiscox is an insurance company.Where possible we buy, not build.The organisation relies on customised, packaged applications.This has its own challenges.
4
Deployment stack
5
Pace
of chan
ge
Stage Item Examples ToolsReady Application
componentsDLLs, SQL scripts, configuration
IBM UrbanCodeOctopus Deploy
Deployed Middleware IIS, JBoss Puppet
Configured Server configuration
NTFS, registry PuppetInstalled Server
applicationsAV, SQL Server VMware
templatesBuilt Operating
systemOS, partitions, AD membership
VMwaretemplates
Provisioned Orchestration CMP/ITSM VMwarePurchased Requisition CMP/ITSM
Pace
of chan
ge
Using Puppet on Windows
Installation
7
Puppet Agent is Ruby-based and cross-platform
8
Weird Fact Number OneYou need a Linux master
The Puppet Master is just a file system
10
Weird Fact Number TwoThere’s no package manager
Package manager alternatives
There’s Chocolatey, which is immature;the usual “Programs and Features” control panel, which doesn’t handle versions well;storing each file individually, which doesn’t scale;or direct use of archives, which is ugly.
12
I like archives: the best of a poor choice
13
Windows Package Manager
Chocolatey is the way to go as far as package management for Puppet on Windows, but how does it work for enterprise?Not so well, it turns out. Packages vary in quality and most go off to other provider’s Web sites for installers.So, take control:
– Write your own Chocolatey packages– Manage Chocolatey packages and providers’ installers locally
14
Chocolatey configuration
- It’s actually quite simple to write your own Chocolatey puppet module. We change the following configuration- Disable ‘chocolatey’ source- Add a new source to your internal Chocolateyrepository- Set
autoUninstaller = trueallowGlobalConfirmation = truefailOnAutoUninstaller = true- Add an API key to be able to push new packages to your internal Chocolatey repository
15
Creating a Chocolatey packageis easier than might you think- choco newThen edit as needed. Finally- cpack- choco push
16
Creating a ChocolateypackageLive Demo
17
Great – but what does this mean for Puppet?
18
Becomes...
Great – but what does this mean for Puppet?
19
This!!!
Weird Fact Number ThreeThere are backslashes as path separators, and spaces in filenames
That module again
21
!
!
!?
PowerShell to the rescue
22
Weird Fact Number FourPowerShell isn’t the default provider
Weird Fact Number FiveWindows ACLs are special
Windows and ACLs
Puppet supports Windows access control lists natively, but the defaults are Linux style, not Windows.So you won’t get what you expect.Typically, Administrator won’t have access.We use native Windows utilities to apply permissions and wrap this up in PowerShell modules.
Weird Fact Number SixIt all works very well
Our results
We have 120+ test servers, 22+ environments, and in total about 20 modules in use.We have 100% automation of deployments from bare operating system to production deployments.We have no access to production servers.This has saved several thousand pounds over alternative approaches and means we can deploy much more frequently.
27
Some other facts worth knowing
We found this the hard way
The Puppet documentation is just the start. Network with colleagues across your organisation and in other companies too.Invest in a training / scratch environment.Keep abreast of new Puppet modules.Buy Puppet Enterprise support. It’s good!
29
Thank youwww.hiscox.co.uk@jeremymcgee