Adam Kosmin presented on automating the Puppet distribution network at the Puppet Conference on September 23, 2011. The objectives of the project were to support multiple sites, automate continuous replication between sites, and support QA workflows. The design included branch testing where changes are tested on a non-production server before being merged. Synchronization between master and slave nodes was achieved using native Puppet types and secure rsync. A modular design separated the code into master and slave roles.
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Presentation
1. Automating The Puppet Distribution Network
Adam Kosmin – Reliant Security, Inc.
Puppet Conference
September 23, 2011
Adam Kosmin – Reliant Security, Inc. (Puppet Conference) Puppet Distribution Network
Automating The September 23, 2011 1/1
2. Part I: Design
Objectives
Support multiple sites
Adam Kosmin – Reliant Security, Inc. (Puppet Conference) Puppet Distribution Network
Automating The September 23, 2011 2/1
3. Part I: Design
Objectives
Support multiple sites
Automate continuous replication
Adam Kosmin – Reliant Security, Inc. (Puppet Conference) Puppet Distribution Network
Automating The September 23, 2011 2/1
4. Part I: Design
Objectives
Support multiple sites
Automate continuous replication
Support QA work-flow
Adam Kosmin – Reliant Security, Inc. (Puppet Conference) Puppet Distribution Network
Automating The September 23, 2011 2/1
5. Project Requirements
Branch Testing
http://tinyurl.com/puppetbranch
Synchronization
Slaves will pull from a central data store.
Modular Design
Master Slave
Accounts Accounts
Synchronization
Web Server
Adam Kosmin – Reliant Security, Inc. (Puppet Conference) Puppet Distribution Network
Automating The September 23, 2011 3/1
6. Branch Testing Review
Motivation
QA = Develop and test in the real world.
Assumptions
VCS is in use which supports branching and merging.
Puppet is used in a client/server model.
/etc/puppet is a working directory on the master.
Workflow
Commit into testing branch.
Sync manifests and start puppetmasterd on a non-standard port.
Run agent against the non-standard port using –noop.
Merge testing branch into trunk if QA passes.
Adam Kosmin – Reliant Security, Inc. (Puppet Conference) Puppet Distribution Network
Automating The September 23, 2011 4/1
7. Synchronization
Requirement Provided via
Periodic pull via rsync Native Puppet Types
Secure (dumb) clients http://tinyurl.com/sec-auto-rsync
Adam Kosmin – Reliant Security, Inc. (Puppet Conference) Puppet Distribution Network
Automating The September 23, 2011 5/1
8. Modular Design: The Big Picture
Adam Kosmin – Reliant Security, Inc. (Puppet Conference) Puppet Distribution Network
Automating The September 23, 2011 6/1
9. Part II: Example Code
http://tinyurl.com/relsecprescode
Scaffolding
manifests/site.pp
manifests/nodes/*
modules/puppet/manifests/master.pp
modules/puppet/manifests/slave.pp
Work Flow
bin/commit
modules/puppet/templates/slave/global/puppet slave rsync.sh.erb
modules/puppet/templates/slave/global/puppet slave webrick.sh.erb
Adam Kosmin – Reliant Security, Inc. (Puppet Conference) Puppet Distribution Network
Automating The September 23, 2011 7/1