Upload
fl-jonathan-arana-cruz
View
380
Download
0
Embed Size (px)
DESCRIPTION
Introduction to Puppet to Las Palmas DevOps group.
Citation preview
What’s Puppet
Sysadmin en la onda DevOpsDrupal developer
10 años sysadmin3 años con Puppet8 años con Drupal
http://atlantic-canary.nethttp://github.com/jonhattan
@_jonhattan_
Jonathan Araña Cruz (aka jonhattan)
Caballeros
What?● Configuration management● Written in Ruby● Free software (Apache 2.0)● Current version 3.6 - towards 4.0● PuppetLabs, since 2005● Other products
○ Puppet Enterprise○ MCollective
Puppet CLI toolroot@chamber:~# puppet help
Usage: puppet <subcommand> [options] <action> [options]
…
root@chamber:~# puppet help <subcommand>
root@chamber:~# puppet man <subcommand>
=> man puppet-<subcommand>
Index● Resource Abstraction Layer● Puppet Language● Modules● Stored configuration● Puppet Master● Reporting
RAL: Resource types (I)● Resource types: high-level models
○ Some types: package, service, file, user, cron,... ○ Providers: implementers on different systems○ Providers for package: apt, yum, pip, gem, pear,...
● Available resource types○ Puppet built-in reference: http://docs.puppetlabs.
com/references/latest/type.html
○ Cheatsheet: http://docs.puppetlabs.com/puppet_core_types_cheatsheet.pdf
○ Provided by 3rd party modules
root@chamber:~# puppet resource --types
anchoraugeascomputercrondatabasedatabase_grantdatabase_userexecfilefile_linefilebucketfirewallfirewallchaingrouphost
ini_settingini_subsettinginterfacek5loginmacauthorizationmailaliasmaillistmcxmountmysql_databasemysql_grantmysql_usernagios_commandnagios_contactnagios_contactgroup
nagios_hostnagios_hostdependencynetwork_confignetwork_routenotifypackagepostgresql_confrouterschedulescheduled_taskselbooleanselmoduleservicessh_authorized_keysshkey
RAL: Resource types (II)
root@chamber:~# puppet describe -s user
Manage users. This type is mostly built to manage systemusers, so it is lacking some features useful for managing normalusers.
Parameters---------- ensure, expiry, gid, groups, home, keys, managehome, membership, name, password, password_max_age, password_min_age, salt, shell,system, uidProviders--------- aix, directoryservice, hpuxuseradd, ldap, pw, user_role_add, useradd, windows_adsi
RAL: Resource types (III)
RAL: Resources (I)● Resource: instance of a resource type
○ Example: root user, ntp service, vim package,...○ System discovery○ Interactive management via CLI○ Abstraction layer!
RAL: Resources (II)root@chamber:~# puppet resource user --list
user { 'root': ensure => 'present', comment => 'root', gid => '0', home => '/root', password => '$6$szUwrw3k.uAo.', password_max_age => '99999', password_min_age => '0', shell => '/bin/bash', uid => '0',}
user { 'www-data': ensure => 'present', comment => 'www-data', gid => '33', home => '/var/www', password => '*', password_max_age => '99999', password_min_age => '0', shell => '/bin/sh', uid => '33',}
RAL: Resources (III)root@chamber:~# puppet resource user root shell=/bin/dash
Notice: /User[root]/shell: shell changed '/bin/bash' to '/bin/dash'user { 'root': ensure => 'present', shell => '/bin/dash',}
root@chamber:~# puppet resource user root --edit
Index● Resource Abstraction Layer● => Puppet Language● Modules● Stored configuration● Puppet Master● Reporting
Puppet Language (I)● Declarative, Domain Specific Language (DSL)● Purpose of the language:
○ Describe desired state of the system by declaring resources
○ Every other part of the language exists to add flexibility and convenience to the way resources are declared
● Programs are called manifests● A manifest is compiled into a catalog
Example manifest: Hello world root@chamber:~# echo "notify {'hello world': }" > hello-world.pp
root@chamber:~# puppet apply hello-world.pp
Notice: Compiled catalog for chamber.faita.net in environment production in 0.02 seconds
Notice: hello world
Notice: /Stage[main]/Main/Notify[hello world]/message: defined 'message' as 'hello world'
Notice: Finished catalog run in 3.15 seconds
Example manifest: “The trifecta”case $operatingsystem { centos, redhat: { $service_name = 'ntpd' } debian, ubuntu: { $service_name = 'ntp' }}package { 'ntp': ensure => installed,}service { 'ntp': name => $service_name, ensure => running, enable => true, subscribe => File['ntp.conf'],}file { '/etc/ntp.conf': ensure => file, require => Package['ntp'], source => 'puppet:///modules/ntp/ntp.conf',}
Puppet Language (II)● Some language constructs
○ Nodes○ Classes○ Defines○ Variables, Conditionals○ Dependency relationships○ Anchors, tags, collectors, run-stages,...
Nodes● Block of code included in one node’s catalog● ENC● Ref: http://docs.puppetlabs.com/puppet/latest/reference/lang_node_definitions.html
# site.pp
node 'foo.example.com' {
...
}
node '/^(bar|baz)\.example\.net$/' {
...
}
Classes (I)● Block of code to group resources● Parameterized● Singleton● Ref : http://docs.puppetlabs.com/puppet/latest/reference/lang_classes.html
Classes (II)# file: ntp.pp
class ntp ($ntpserver = ‘one.pool.ntp.org’,) { package { 'ntp': … } service { 'ntp': … } file {'/etc/ntp.conf': … }}
# file: manifest.pp
import ntp.pp
# Include the class.include ntp
# Alternatively this way you can override paramsclass {‘ntp’: ntpserver => ‘other.pool.ntp.org’}
# puppet apply manifest.pp
Defines (I)● Blocks of code that can be evaluated multiple
times with different parameters● Once defined, they act like a new
(compound) resource type
Defines (II)define apache::vhost ($port, $docroot, $servername = $title, $vhost_name = '*') {
include apache # contains Package['httpd'] and Service['httpd']
include apache::params # contains common config settings
$vhost_dir = $apache::params::vhost_dir
file { "${vhost_dir}/${servername}.conf":
content => template('apache/vhost-default.conf.erb'),
owner => 'www',
group => 'www',
mode => '644',
require => Package['httpd'],
notify => Service['httpd'],
}
}
Puppet Language (III)● Other related components
○ Functions○ Facter○ Hiera
● Language reference: http://docs.puppetlabs.com/puppet/latest/reference/index.html
Functions● Implemented in ruby● Enrich puppet language with handy features● Examples:
○ include○ template()
● Built-in functions: http://docs.puppetlabs.com/references/latest/function.html
● Puppet stdlib: https://github.com/puppetlabs/puppetlabs-stdlib
● Custom: http://docs.puppetlabs.com/guides/custom_functions.html
Facts● System information, available as “global variables” in
manifestsroot@chamber:~# facter
architecture => amd64fqdn => chamber.faita.nethostname => chamberinterfaces => eth0,loipaddress => 10.0.0.2ipaddress_eth0 => 10.0.0.2ipaddress_lo => 127.0.0.1is_virtual => truekernel => Linuxkernelmajversion => 3.2lsbdistcodename => wheezy
lsbdistid => Debianlsbdistrelease => 7.5lsbmajdistrelease => 7osfamily => Debianprocessor0 => Intel(R) Core(TM) i7-3770 CPU @ 3.40GHzprocessor1 => Intel(R) Core(TM) i7-3770 CPU @ 3.40GHzprocessorcount => 2puppetversion => 3.6.0virtual => xenu
Hiera (I)● Key/value lookup tool for configuration data● Hierarchical● Avoid repetition
○ Write common data for most nodes○ Override some values for nodes with a specific role○ Override some of those values for one or two unique
nodes● Ref: http://docs.puppetlabs.com/hiera/1/
Hiera (II)# file /etc/hiera.yaml
---:backends: - yaml:yaml: :datadir: /etc/puppet/hiera:hierarchy: - "os/%{lsbdistid}" - "groups/%{::domain}" - "node/%{::fqdn}" - common
# Files in /etc/puppet/hiera/
os/RedHat.yamlos/Debian.yaml
groups/example.net.yamlgroups/example.com.yaml
hiera/nodes/bar.example.com.yamlhiera/nodes/baz.example.net.yamlhiera/nodes/foo.example.com.yaml
Hiera (III)# os/RedHat.yaml
packages: - httpd
# os/Debian.yaml
packages: - apache2
# nodes/foo.example.com.yaml
packages: - apache2-mpm-itk
Index● Resource Abstraction Layer● Puppet Language● => Modules● Stored configuration● Puppet Master● Reporting
Modules (I)● Self-contained bundles of code and data● Manifests, classes, defines, files, templates,
functions, tests,...● Directory tree: MODULENAME/manifests/
MODULENAME/files/MODULENAME/templates/MODULENAME/lib/MODULENAME/facts.d/MODULENAME/tests/MODULENAME/spec/
Modules (II)● Best practices / well-known patterns● Ref: http://docs.puppetlabs.com/puppet/latest/reference/modules_fundamentals.html
● Puppet forge: https://forge.puppetlabs.com
● CLI subcommand: puppet module install puppetlabs/mysql
● Librarian: https://github.com/rodjek/librarian-puppet
Index● Resource Abstraction Layer● Puppet Language● Modules● => Stored configuration● Puppet Master● Reporting
Stored configuration● Centralized store of puppet-produced data
○ Nodes, resources, relationships, facts○ Catalog run log
● Exported resources● Inventory service: http://docs.puppetlabs.com/guides/inventory_service.
html
● Active Record (sql backends)● PuppetDB: http://docs.puppetlabs.com/puppetdb/2.0/index.html
Index● Resource Abstraction Layer● Puppet Language● Modules● Stored configuration● => Puppet Master● Reporting
Puppet Master● Pull-based agent/master mode● REST API● Master stores manifests● Agent requests its catalog to the master● Ref: http://docs.puppetlabs.com/learning/agent_master_basic.html
Standalone (puppet apply site.pp)
Index● Resource Abstraction Layer● Puppet Language● Modules● Nodes, ENC● Store configs, PuppetDB● Puppet Master● => Reporting
Reporting (I)● Agent send reports at the end of every run
○ Logs○ Metrics: time, resources, changes
● Report handlers: http, log, tagmail● Ref: http://docs.puppetlabs.com/references/latest/report.html
● Puppet Dashboard: web interface○ web interface: node classification and reporting
feature○ Ref: https://github.com/sodabrew/puppet-dashboard
Reporting (II)
Questions?