Puppet at Janrain

James Loope

In the beginning...

Awesomeness

More awesomeness

Less awesome

Opposite of awesome

Totally awesome

Wagons Ho!

We're not in Kansas Anymore

On demand resources!

Features!

APIs!

Impermanence!

Competition!

APIs!

Sometimes you have to let go

it's not your puppy, it's just an instance

Persistence does not make it better

Entropy will get you in the end

Do it right the first time, make it repeatable

Puppet keeps us sane

class apps::zookeeper-server ( $nodes ) { package { "zookeeperd" : ensure => installed }

service { "zookeeper": ensure => running, enable => true, hasstatus => true, pattern => "zookeeper", require => Package["zookeeperd"] }

file { "/etc/zookeeper/conf/zoo.cfg" : content => template("apps/zookeeper/zoo.cfg.erb") }}

Version control lets us work together

>git branch -r origin/HEAD -> origin/master origin/development origin/master

Environments keep us safe

development > staging > production

Scary API's?

Simple tools keep us efficient

> createaserver.rb -a ami-e2af508b -n test1.janrain.com -S

Fog launches an Ubuntu base ami

server = compute.servers.create(:image_id => options[:ami], :flavor_id => options[:type], :groups => options[:groups], :user_data => 'puppet: conf: agent: server: 'puppet.janrain.com' certname: '"test1.janrain.com"' environment: "development" pluginsync: true waitforcert: true

● Ubuntu cloud-init installs puppet○ https://help.ubuntu.com/community/CloudInit○ also: work around for provider prerequisite problem

● Puppet starts up and waits for signing○ our utility signs the cert over the REST api

■ http://docs.puppetlabs.com/guides/rest_api.html

curl -i --cert ~/.puppetcred/puppet.crt --key ~/.puppetcred/puppet.key --cacert ~/.puppetcred/ca_crt.pem https://puppet.janrain.com/development/certificate_status/test1.janrain.com -H 'Content-Type: text/pson' -X PUT --data '{"desired_state":"signed"}'

● Puppet starts up and installs our base from common modules○ users○ groups○ ssh pubkeys○ common apps○ metrics and monitors

■ collectd■ nagios■ mcollective

● Puppet sets up the DNS○ via REST API ○ http://dyn.com/dns/dynect-managed-dns/

● Puppet manages our instance volumes with lvm○ https://github.com/puppetlabs/puppet-lvm

● Puppet deploys application code with vcsrepo○ https://github.com/puppetlabs/puppet-vcsrepo

Tadah!

ssh test1.janrain.com Welcome to Ubuntu 11.04 (GNU/Linux 2.6.38-8-virtual i686)jloope@test1.janrain.com:~$

The dashboard gives us insight

Avoiding the Stampede

● It's hard to keep the PuppetMaster's load predictable● Puppetcommander● Initiates runs in an orderly fashion● Can be globally disabled

https://github.com/puppetlabs/mcollective-plugins/tree/master/agent/puppetd/commander/

What's next?

● External Node classifier● LXC Development Environment● Build => Bundle => Scale● Puppet and Zookeeper via Facter

In conclusion