Contenu connexe Similaire à Puppet Conf 2012 - Managing Network Devices with Puppet Similaire à Puppet Conf 2012 - Managing Network Devices with Puppet (20) 2. Network Devices
• Why Puppet?
• Puppet Device
• Load Balancer Demo
• Developing Devices (Advanced)
Monday, September 17, 12
4. Missing Step?
• Linking Application Services
Monday, September 17, 12
5. #puppetize
• Network Device + Puppet
Monday, September 17, 12
6. Puppet Proxy Agent
• Certificates
• Retrieves Device Plugins
• Retrieves Device Catalog
• Connects to Device
• Apply Device Resources
• Reports to Master
Monday, September 17, 12
7. Proxy Agent
• Workflow Device Proxy Agent Puppet Master
Device Cert
Plugins
Device Connect
Custom Facts
Compile Catalog
(functions)
Apply Catalog
Device resource
puppet report
Report? Report Procesor
Finish
Monday, September 17, 12
8. Commands
• facter
• puppet resource
• puppet apply (maybe)
• puppet device
Monday, September 17, 12
9. Device.conf
• $confdir/device.conf:
[node1_name]
type <device_type>
url <protocol://username:password@url/>
[node2_name]
type <device_type>
url <protocol://username:password@url/>
Monday, September 17, 12
10. Device $vardir
• $vardir(/var/lib/puppet /var/opt/lib/pe-puppet)
# tree ./devices
└── f5.puppetlabs.lan
├── client_yaml
├── facts
├── ssl
└── state
Monday, September 17, 12
11. Puppet Resource
• Abstraction (Type/Provider)
• Declarative (Language)
• Idempotent (Enforcement)
Monday, September 17, 12
12. Manifest v.s. GUI
f5_pool { 'apt.puppetlabs.com':
ensure => 'present',
action_on_service_down => 'SERVICE_DOWN_ACTION_NONE',
allow_nat_state => 'STATE_ENABLED',
allow_snat_state => 'STATE_ENABLED',
client_ip_tos => '65535',
client_link_qos => '65535',
gateway_failsafe_unit_id => '0',
lb_method => 'LB_METHOD_ROUND_ROBIN',
member => {'10.10.0.22:8080' => {...},
'10.10.0.23:8080' => {...},
'10.10.0.24:80' => {...}},
minimum_active_member => '0',
minimum_up_member => '0',
minimum_up_member_action => 'HA_ACTION_FAILOVER',
minimum_up_member_enabled_state => 'STATE_DISABLED',
monitor_association => {...},
server_ip_tos => '65535',
server_link_qos => '65535',
simple_timeout => '0',
slow_ramp_time => '10',
}
Monday, September 17, 12
13. Manifests = Text
• Version Control
• Auditing
• Workflow
Monday, September 17, 12
14. Resource Demo
• export FACTER_url=https://admin:admin@f5/
• puppet resource f5_*
Monday, September 17, 12
15. Web Module
• web::site definition:
define web::site (
$port = '80',
# F5 pool member settings:
$connection_limit = '0',
$dynamic_ratio = '1',
$priority = '0',
$ratio = '1'
) {
# setup web service.
}
Monday, September 17, 12
16. Web Server Nodes
• webservers nodes:
node /^webserver21/ {
web::site { 'apt.puppetlabs.com':
port => '8080',
}
}
node /^webserver22/ {
web::site { 'apt.puppetlabs.com':
port => '80',
connection_limit => '100',
}
web::site { 'yum.puppetlabs.com':
port => '8080',
}
}
Monday, September 17, 12
17. Composing Services
• Network Device = Nodes
node 'f5.puppetlabs.lan' {
f5_virtualserver { 'apt.puppetlabs.com':
...
}
f5_pool { 'apt.puppetlabs.com':
...
}
f5_monitor { 'apt.puppetlabs.com':
...
}
}
Monday, September 17, 12
18. Problem?
• f5_pool member ip address:
Monday, September 17, 12
19. Export Resources?
• ONLY export/collect resources.
f5_pool { 'apt.puppetlabs.com':
ensure => 'present',
lb_method => 'LB_METHOD_ROUND_ROBIN',
member => { '10.10.0.22:8080' => {},
'10.10.0.23:8081' => {},
'10.10.0.24:80' => {},
},
}
• f5_poolmember ?
Monday, September 17, 12
20. Resources Meta Type
• Puppet Resources:
resources { 'f5_poolmember':
purge => true,
}
• Does not support Resource subset =/
purge poolmember in pool ‘X’ ?
Monday, September 17, 12
21. Query Puppet DB
• ruby-puppetdb:
https://github.com/ripienaar/ruby-puppetdb
• puppetdb query:
https://github.com/dalen/puppet-
puppetdbquery
Monday, September 17, 12
22. Puppet Catalog
• Puppet Catalog = Resources + Relationship
• Facts + Manifests => compilation => Catalog
Facts
Agent Master
Monday, September 17, 12
23. Puppet Catalog
• Puppet Catalog = Resources + Relationship
• Facts + Manifests => compilation => Catalog
Facts
Agent Master
Monday, September 17, 12
24. Puppet Catalog
• Puppet Catalog = Resources + Relationship
• Facts + Manifests => compilation => Catalog
Agent Master
Monday, September 17, 12
25. Puppet Catalog
• Puppet Catalog = Resources + Relationship
• Facts + Manifests => compilation => Catalog
Agent Master
Monday, September 17, 12
26. Puppet Catalog
• Puppet Catalog = Resources + Relationship
• Facts + Manifests => compilation => Catalog
Agent Master
Monday, September 17, 12
27. Puppet Catalog
• Puppet Catalog = Resources + Relationship
• Facts + Manifests => compilation => Catalog
Catalog
Agent Master
Monday, September 17, 12
28. Puppet Catalog
• Puppet Catalog = Resources + Relationship
• Facts + Manifests => compilation => Catalog
Catalog
Agent Master
Monday, September 17, 12
29. Puppet DB
• Stores all client catalogs
Master Puppet DB
Web Server 1 Web Server 2
Monday, September 17, 12
30. Puppet DB
• Stores all client catalogs
Master Puppet DB
Web Server 1 Web Server 2
Monday, September 17, 12
31. Puppet DB
• Stores all client catalogs
Master Puppet DB
Web Server 1 Web Server 2
Monday, September 17, 12
32. Puppet DB
• Stores all client catalogs
Master Puppet DB
Web Server 1 Web Server 2
Monday, September 17, 12
33. Puppet DB
• Stores all client catalogs
Master Puppet DB
Web Server 1 Web Server 2
Monday, September 17, 12
34. web::loadbalancer
define web::loadbalancer (
$site = $name, $address, $port = 80
) {
f5_virtualserver { $name:
ensure => 'present',
connection_limit => '0',
default_pool_name => $name,
destination => "${address}:${port}",
require => F5_pool[$name],
}
# $member = ???
f5_pool { $name:
ensure => 'present',
lb_method => 'LB_METHOD_ROUND_ROBIN',
member => $member,
}
}
Monday, September 17, 12
35. Query Puppet DB
• puppet query resource
--query='Class[web::server]'
--filter='Web::Site[apt.puppetlabs.com]'
--render-as yaml
"Web::Site[apt.puppetlabs.com]":
- parameters:
port: "8080"
nodes:
- webserver22
- webserver23
- parameters:
port: "80"
connection_limit: "100"
nodes:
- webserver24
Monday, September 17, 12
36. Pool Member
$ip_facts = query_facts('ipaddress', 'Class[web::server]')
$websites = query_resources('Class[web::server]',
"Web::Site[${site}]")
$member = web_poolmember($ip_facts, $websites)
• Results
{ "10.0.2.24:80" =>
{ "connection_limit" => "0",
"ratio" => "1",
"priority" => "3",
"dynamic_ratio" => "1" },
"10.0.2.22:8080" =>
{ "connection_limit" => "0",
"ratio" => "1",
"priority" => "1",
"dynamic_ratio" => "1"}
}
Monday, September 17, 12
37. Device Node
• F5 node:
node 'f5.puppetlabs.lan' {
web::loadbalancer { 'apt.puppetlabs.com':
address => '192.168.1.200',
}
web::loadbalancer { 'yum.puppetlabs.com':
address => '192.168.1.201',
}
web::loadbalancer { 'download.puppetlabs.com':
address => '192.168.1.202',
}
}
Monday, September 17, 12
38. Demo
• Update web::site deployment
• Update F5 Loadbalancer
Monday, September 17, 12
39. Developing Devices
• WARNING:
Recommend developing regular Puppet Type/Provider first.
Recommend developing regular Puppet Type/Provider first.
Recommend developing regular Puppet Type/Provider first.
Recommend developing regular Puppet Type/Provider first.
...
• Puppet Type/Provider Session (Dan)
Monday, September 17, 12
40. Developing Devices
• Transport
• Facter
• Type
• Provider (retrieve/set)
Monday, September 17, 12
41. Transport
• device.conf
[node_name]
type <device_type>
url <protocol://username:password@url/>
• telnet
• ssh
• iControl (SOAP)
• (netconf)
Monday, September 17, 12
42. Initialize Device
• puppet/util/network_device.rb
class Puppet::Util::NetworkDevice
...
def self.init(device)
require "puppet/util/network_device/#{device.provider}/device"
@current = Puppet::Util::NetworkDevice.
const_get(device.provider.capitalize).
const_get(:Device).new(device.url)
rescue => detail
raise "Can't load #{device.provider} for #{device.name}:
#{detail}"
end
end
Monday, September 17, 12
43. device.rb
• puppet/util/network_device/<type>/device.rb
class Puppet::Util::NetworkDevice::Juniper
attr_accessor :url, :transport
def initialize(url)
@url = URI.parse(url)
@transport = Puppet::Util::NetworkDevice::Transport::Juniper.new
end
end
def facts
@facts ||=
Puppet::Util::NetworkDevice::Transport::Juniper::facts.new(@transport)
@facts.retrieve
end
end
Monday, September 17, 12
44. Device Facts
• puppet/util/network_device/<type>/facts.rb
Monday, September 17, 12
45. Type
• apply_to_all
• apply_to_host
• apply_to_device
Puppet::Type.newtype(:f5_monitor) do
@doc = "Manage F5 monitor."
apply_to_device
ensurable
...
newproperty(:template_state) do
desc "The monitor templates' enabled/disabled states."
newvalues(/^STATE_(DISABLED|ENABLED)$/)
end
end
Monday, September 17, 12
46. Provider
• ssh/telnet:
output = transport.command('sh interface')
• Access custom transport:
def self.transport
if Facter.value(:url) then
Puppet.debug "F5: connecting via facter url."
@device ||=
Puppet::Util::NetworkDevice::F5::Device.new(Facter.value(:url))
else
@device ||= Puppet::Util::NetworkDevice.current
raise Puppet::Error, "Error Msg..." unless @device
end
@tranport = @device.transport
end
Monday, September 17, 12
47. Testing
• Puppet Resource (self.instances)
• Puppet Apply (apply_to_host)
Monday, September 17, 12
48. Future
• Software defined infrastructure
• Systems (Google Compute Engine as Resource)
• Application (puppet agent)
• Network (puppet device)
Monday, September 17, 12
