SlideShare une entreprise Scribd logo

Setting up Puppet at Colruyt

Puppet
Puppet

"Setting up puppet at Colruyt" by Eric Seynaeve at Puppet Camp Ghent 2013.

Technologie
1  sur  30
Télécharger pour lire hors ligne
Puppet at Colruyt Puppet Camp 2013 eric.seynaeve@colruyt.be
Overview • Colruyt ? • Why Puppet ? • Setup • Lessons learned • Future 2
Colruyt • Largest retailer in Belgium – Several shop enseignes – Also food services 3
Colruyt • Also active in France and Luxembourg – Food service over full France territory – Shops 4
Colruyt Long history of automation 60’s today 5
Colruyt • Linux usage – 430+ Colruyt shops Colruyt, Okay, Dreamland, Dreambaby, Bioplanet, … – 50+ SPAR shops Migration to Linux busy – 150+ production servers Websites, Databases, Accounting, … 6
Why Puppet ? • Background in Linux Servers team – System engineers – Do shell programming but not programmers – Long history of ‘Not Build Here’ • Background in IT Colruyt – Specialized groups (DBA, Network, SAN, …) – Most don’t want to package and configure Some want to have some control – Co-managed servers 7
Why Puppet ? • Old system configuration management – Home build system – Worked well … but … • Takes lots of effort to main • There were important limitations • Not ready for the future • We’re on our own • We’re no experts 8
Why Puppet ? • Advantages Puppet – Noop (aka dry-run) option – Enterprise support – 3th party support – Large and active community – Flexible –… 9
Setup • Using Puppet Enterprise • One puppet master for each environment Controlled PE upgrades • Using Subversion as version control system • Other teams: Only package scripts/apps Linux Servers team: Also manages configurations 10
Setup • Light-weight wrapper CLI-menu – Easier for the teams – Lowers learning curve – Reduces risk for errors Editing package *asslib_infrascript_colruyt* within group *infrascript* 1) ** back 10) ** Status with subversion 2) ** Create file or dir 11) ** View diff with subversion 3) ** Edit file 12) ** Resolve subversion conflict 4) ** Revert file or dir 13) ** Commit to subversion 5) ** Rename file or dir 14) ** Package 6) ** Delete file or dir 15) ** Promote to rese 7) ** Customize spec file 16) ** Promote right away 8) ** View logs from subversion 17) ** Ask to adjust configs 9) ** Update from subversion Enter a number: 11
Setup • Managing resource definitions – Putting resource definitions of one type of resource in one module • Easier to fine out what is done on our server park • Using virtual resources • Realized with tags when needed 12
Setup • Managing resource definitions – Creating a wrapper around Puppet code • Easier for the team • Consistency in definitions • Lowers learning curve • Flexibility for the future 13
Example: cron • Main module: zz_cron_systlinux_colruyt • init.pp class zz_cron_systlinux_colruyt { include setup … @zz_cron_systlinux_colruyt::conf {'netbackup': user => 'root', command => '/opt/openv/netbackup/check_bp_conf.sh >/var/tmp/check_bp.conf.log', minute => '0', hour => '7', tag => 'zz_tag_netbackup_systlinux_colruyt', } } 14
Example: cron • setup.pp – Installs the needed rpms – Manages the service – Changes OS defaults to our likings 15
Example: cron • conf.pp – Defines the wrapper – Using sensible defaults define zz_cron_systlinux_colruyt::conf ( { $user, cron { "$user $command": $command, ensure => $ensure, $ensure = present, user => $user, $hour = undef, command => $command, $minute = undef, minute => $minute, $weekday = undef, hour => $hour, $month = undef, weekday => $weekday, $monthday = undef month => $month, ) monthday => $monthday, } } 16
Example: cron • Realization happens in a separate module – Groups all zz_* modules together – Makes life easier for the team define base_systlinux_colruyt::configure { … include zz_cron_systlinux_colruyt Zz_cron_systlinux_colruyt::Conf <| tag == "zz_tag_${name}" |> … } 17
Example: cron • In netbackup module – one line to add all zz_* modules class netbackup_systlinux_colruyt { base_systlinux_colruyt::configure {'netbackup_systlinux_colruyt':} … } 18
Setup: params_systlinux_colruyt • Sometimes server specific configs are needed • Module params_systlinux_colruyt – Defines several ‘global’ parameters – Can be overridden in the node definition – Using sensible defaults $topology = 'int', class params_systlinux_colruyt ( ) – Syntax check if ! ( $topology in [ 'int', 'dmz', 'shop' ] ) { fail("topology is not 'int', 'dmz' or 'shop' (${topology})") } 19
Setup: params_systlinux_colruyt • Used in node definitions: node 'svlirc99' { class {'params_systlinux_colruyt': topology => 'dmz', } … } • Used in puppet configurations – Templates – .pp files 20
Setup: base_systlinux_colruyt When requiring … do this: Minimal Red Hat setup and no puppet agent Create iso file with ‘none’ puppet config Reservation server with as little of us as possible Create node and only include class base_systlinux_colruyt::minimal Reservation server with our own packages and Create node and only include class configuration changes base_systlinux_colruyt::basic Server with Create node and include • our basic tools (reports, netbackup agent, ITO • base_systlinux_colruyt agent, sophos, …) Includes basic tools • other software (oracle, was, …) • Other required modules (oracle, was, …) 21
Lessons learned • Setup naming conventions <bla>_<group>_colruyt – Prevents naming clashes with others – Easier to parse • Humans • Scripts 22
Lessons learned • When packaging rpms, always start from version control system – Forces people to check in – Ensures you can always recreate rpms from scratch 23
Lessons learned • Make sure you can link a version on the server back to the version in the VCS – Include VCS revision number in rpm version number • 1.<revision>-1 • 1.<revision>-<ISO date> – Keep track of VCS revision number on Puppet master 24
Lessons learned • Keep loggings of all executions – Created wrapper puppet run script – Defaults to noop 25
Puppet annoyances • There are hidden ‘features’ with tags – When using ‘::’ in tags, things get complicated • abc::xyz – Creates tag abc::xyz – Creates tag abc – Creates tag xyz 26
Puppet annoyances – Every resource in a module gets the module name as tag – Also classes get class name as tag • Added ‘zz_tag_’ to tags 27
Puppet annoyances • Mount resource adds mount to fstab – Even if the resource fails – Working together with PuppetLabs 28
Puppet annoyances • Rpm updated outside of puppet ? – No trigger at the next puppet run – Needed • Upgrades done by consultants • Override permissions for Red Hat rpms 29
Future • Switch to Hiera ? – Removes our ‘house-build’ abstraction system ? – Speed up puppet runs ? • Use Gepetto for more IDE-type editing • Setup Puppet unit testing • Look into MCollective • … 30

Recommandé

Dbdeployer
DbdeployerDbdeployer
Dbdeployer
Giuseppe Maxia
 
LSA2 - 01 Virtualization with KVM
LSA2 - 01 Virtualization with KVMLSA2 - 01 Virtualization with KVM
LSA2 - 01 Virtualization with KVM
Marian Marinov
 
Inspection and maintenance tools (Linux / OpenStack)
Inspection and maintenance tools (Linux / OpenStack)Inspection and maintenance tools (Linux / OpenStack)
Inspection and maintenance tools (Linux / OpenStack)
Gerard Braad
 
Linux con europe_2014_f
Linux con europe_2014_fLinux con europe_2014_f
Linux con europe_2014_f
sprdd
 
Making Your Capistrano Recipe Book
Making Your Capistrano Recipe BookMaking Your Capistrano Recipe Book
Making Your Capistrano Recipe Book
Tim Riley
 
Using cobbler in a not so small environment 1.77
Using cobbler in a not so small environment 1.77Using cobbler in a not so small environment 1.77
Using cobbler in a not so small environment 1.77
chhorn
 
MYSQLDUMP & ZRM COMMUNITY (EN)
MYSQLDUMP & ZRM COMMUNITY (EN)MYSQLDUMP & ZRM COMMUNITY (EN)
MYSQLDUMP & ZRM COMMUNITY (EN)
Cédric P
 
Storage based on_openstack_mariocho
Storage based on_openstack_mariochoStorage based on_openstack_mariocho
Storage based on_openstack_mariocho
Mario Cho
 

Recommandé

Dbdeployer
DbdeployerDbdeployer
Dbdeployer
Giuseppe Maxia
 
LSA2 - 01 Virtualization with KVM
LSA2 - 01 Virtualization with KVMLSA2 - 01 Virtualization with KVM
LSA2 - 01 Virtualization with KVM
Marian Marinov
 
Inspection and maintenance tools (Linux / OpenStack)
Inspection and maintenance tools (Linux / OpenStack)Inspection and maintenance tools (Linux / OpenStack)
Inspection and maintenance tools (Linux / OpenStack)
Gerard Braad
 
Linux con europe_2014_f
Linux con europe_2014_fLinux con europe_2014_f
Linux con europe_2014_f
sprdd
 
Making Your Capistrano Recipe Book
Making Your Capistrano Recipe BookMaking Your Capistrano Recipe Book
Making Your Capistrano Recipe Book
Tim Riley
 
Using cobbler in a not so small environment 1.77
Using cobbler in a not so small environment 1.77Using cobbler in a not so small environment 1.77
Using cobbler in a not so small environment 1.77
chhorn
 
MYSQLDUMP & ZRM COMMUNITY (EN)
MYSQLDUMP & ZRM COMMUNITY (EN)MYSQLDUMP & ZRM COMMUNITY (EN)
MYSQLDUMP & ZRM COMMUNITY (EN)
Cédric P
 
Storage based on_openstack_mariocho
Storage based on_openstack_mariochoStorage based on_openstack_mariocho
Storage based on_openstack_mariocho
Mario Cho
 
Containers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux KernelContainers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux Kernel
OpenVZ
 
Get mysql clusterrunning-windows
Get mysql clusterrunning-windowsGet mysql clusterrunning-windows
Get mysql clusterrunning-windows
JoeSg
 
Effective service and resource management with systemd
Effective service and resource management with systemdEffective service and resource management with systemd
Effective service and resource management with systemd
David Timothy Strauss
 
First steps on CentOs7
First steps on CentOs7First steps on CentOs7
First steps on CentOs7
Marc Cortinas Val
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup.
Neeraj Shrimali
 
Mysql wp cluster_quickstart_windows
Mysql wp cluster_quickstart_windowsMysql wp cluster_quickstart_windows
Mysql wp cluster_quickstart_windows
Rogério Rocha
 
Guava
GuavaGuava
Guava
fbenault
 
Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...
Jérôme Petazzoni
 
PostgreSQL on EXT4, XFS, BTRFS and ZFS
PostgreSQL on EXT4, XFS, BTRFS and ZFSPostgreSQL on EXT4, XFS, BTRFS and ZFS
PostgreSQL on EXT4, XFS, BTRFS and ZFS
Tomas Vondra
 
Guava Overview Part 2 Bucharest JUG #2
Guava Overview Part 2 Bucharest JUG #2 Guava Overview Part 2 Bucharest JUG #2
Guava Overview Part 2 Bucharest JUG #2
Andrei Savu
 
Comparison of-foss-distributed-storage
Comparison of-foss-distributed-storageComparison of-foss-distributed-storage
Comparison of-foss-distributed-storage
Marian Marinov
 
Modern net bsd kernel module
Modern net bsd kernel moduleModern net bsd kernel module
Modern net bsd kernel module
Masaru Oki
 
SiteGround Tech TeamBuilding
SiteGround Tech TeamBuildingSiteGround Tech TeamBuilding
SiteGround Tech TeamBuilding
Marian Marinov
 
Thinking outside the box, learning a little about a lot
Thinking outside the box, learning a little about a lotThinking outside the box, learning a little about a lot
Thinking outside the box, learning a little about a lot
Mark Broadbent
 
Bare metal Hadoop provisioning
Bare metal Hadoop provisioningBare metal Hadoop provisioning
Bare metal Hadoop provisioning
GoDataDriven
 
Cgroup resource mgmt_v1
Cgroup resource mgmt_v1Cgroup resource mgmt_v1
Cgroup resource mgmt_v1
sprdd
 
Backup with Bareos and ZFS - by Christian Reiß
Backup with Bareos and ZFS - by Christian ReißBackup with Bareos and ZFS - by Christian Reiß
Backup with Bareos and ZFS - by Christian Reiß
NETWAYS
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawn
Gábor Nyers
 
My Sq Ldb Tut
My Sq Ldb TutMy Sq Ldb Tut
My Sq Ldb Tut
AkramWaseem
 
CloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫るCloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫る
samemoon
 
Puppet
PuppetPuppet
Puppet
csrocks
 
Deploying systemd at scale
Deploying systemd at scaleDeploying systemd at scale
Deploying systemd at scale
Davide Cavalca
 

Contenu connexe

Tendances

Get mysql clusterrunning-windows
Get mysql clusterrunning-windowsGet mysql clusterrunning-windows
Get mysql clusterrunning-windows
JoeSg
 
Mysql wp cluster_quickstart_windows
Mysql wp cluster_quickstart_windowsMysql wp cluster_quickstart_windows
Mysql wp cluster_quickstart_windows
Rogério Rocha
 
Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...
Jérôme Petazzoni
 
Modern net bsd kernel module
Modern net bsd kernel moduleModern net bsd kernel module
Modern net bsd kernel module
Masaru Oki
 
Cgroup resource mgmt_v1
Cgroup resource mgmt_v1Cgroup resource mgmt_v1
Cgroup resource mgmt_v1
sprdd
 
Backup with Bareos and ZFS - by Christian Reiß
Backup with Bareos and ZFS - by Christian ReißBackup with Bareos and ZFS - by Christian Reiß
Backup with Bareos and ZFS - by Christian Reiß
NETWAYS
 

Tendances (20)

Containers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux KernelContainers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux Kernel
 
Get mysql clusterrunning-windows
Get mysql clusterrunning-windowsGet mysql clusterrunning-windows
Get mysql clusterrunning-windows
 
Effective service and resource management with systemd
Effective service and resource management with systemdEffective service and resource management with systemd
Effective service and resource management with systemd
 
First steps on CentOs7
First steps on CentOs7First steps on CentOs7
First steps on CentOs7
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup.
 
Mysql wp cluster_quickstart_windows
Mysql wp cluster_quickstart_windowsMysql wp cluster_quickstart_windows
Mysql wp cluster_quickstart_windows
 
Guava
GuavaGuava
Guava
 
Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...
 
PostgreSQL on EXT4, XFS, BTRFS and ZFS
PostgreSQL on EXT4, XFS, BTRFS and ZFSPostgreSQL on EXT4, XFS, BTRFS and ZFS
PostgreSQL on EXT4, XFS, BTRFS and ZFS
 
Guava Overview Part 2 Bucharest JUG #2
Guava Overview Part 2 Bucharest JUG #2 Guava Overview Part 2 Bucharest JUG #2
Guava Overview Part 2 Bucharest JUG #2
 
Comparison of-foss-distributed-storage
Comparison of-foss-distributed-storageComparison of-foss-distributed-storage
Comparison of-foss-distributed-storage
 
Modern net bsd kernel module
Modern net bsd kernel moduleModern net bsd kernel module
Modern net bsd kernel module
 
SiteGround Tech TeamBuilding
SiteGround Tech TeamBuildingSiteGround Tech TeamBuilding
SiteGround Tech TeamBuilding
 
Thinking outside the box, learning a little about a lot
Thinking outside the box, learning a little about a lotThinking outside the box, learning a little about a lot
Thinking outside the box, learning a little about a lot
 
Bare metal Hadoop provisioning
Bare metal Hadoop provisioningBare metal Hadoop provisioning
Bare metal Hadoop provisioning
 
Cgroup resource mgmt_v1
Cgroup resource mgmt_v1Cgroup resource mgmt_v1
Cgroup resource mgmt_v1
 
Backup with Bareos and ZFS - by Christian Reiß
Backup with Bareos and ZFS - by Christian ReißBackup with Bareos and ZFS - by Christian Reiß
Backup with Bareos and ZFS - by Christian Reiß
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawn
 
My Sq Ldb Tut
My Sq Ldb TutMy Sq Ldb Tut
My Sq Ldb Tut
 
CloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫るCloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫る
 

Similaire à Setting up Puppet at Colruyt

Virtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetVirtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + Puppet
Omar Reygaert
 
Quick-and-Easy Deployment of a Ceph Storage Cluster with SLES
Quick-and-Easy Deployment of a Ceph Storage Cluster with SLESQuick-and-Easy Deployment of a Ceph Storage Cluster with SLES
Quick-and-Easy Deployment of a Ceph Storage Cluster with SLES
Jan Kalcic
 

Similaire à Setting up Puppet at Colruyt (20)

Puppet
PuppetPuppet
Puppet
 
Deploying systemd at scale
Deploying systemd at scaleDeploying systemd at scale
Deploying systemd at scale
 
Cobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsCobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale Environments
 
Cobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsCobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale Environments
 
Linux kernel modules
Linux kernel modulesLinux kernel modules
Linux kernel modules
 
PowerShell - Be A Cool Blue Kid
PowerShell - Be A Cool Blue KidPowerShell - Be A Cool Blue Kid
PowerShell - Be A Cool Blue Kid
 
Manage your switches like servers
Manage your switches like serversManage your switches like servers
Manage your switches like servers
 
Kubernetes Walk Through from Technical View
Kubernetes Walk Through from Technical ViewKubernetes Walk Through from Technical View
Kubernetes Walk Through from Technical View
 
Lean Drupal Repositories with Composer and Drush
Lean Drupal Repositories with Composer and DrushLean Drupal Repositories with Composer and Drush
Lean Drupal Repositories with Composer and Drush
 
LXC
LXCLXC
LXC
 
MINCS - containers in the shell script (Eng. ver.)
MINCS - containers in the shell script (Eng. ver.)MINCS - containers in the shell script (Eng. ver.)
MINCS - containers in the shell script (Eng. ver.)
 
24HOP Introduction to Linux for SQL Server DBAs
24HOP Introduction to Linux for SQL Server DBAs24HOP Introduction to Linux for SQL Server DBAs
24HOP Introduction to Linux for SQL Server DBAs
 
Virtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetVirtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + Puppet
 
Fluo CICD OpenStack Summit
Fluo CICD OpenStack SummitFluo CICD OpenStack Summit
Fluo CICD OpenStack Summit
 
Resource Management of Docker
Resource Management of DockerResource Management of Docker
Resource Management of Docker
 
Docker Security Paradigm
Docker Security ParadigmDocker Security Paradigm
Docker Security Paradigm
 
Quick-and-Easy Deployment of a Ceph Storage Cluster with SLES
Quick-and-Easy Deployment of a Ceph Storage Cluster with SLESQuick-and-Easy Deployment of a Ceph Storage Cluster with SLES
Quick-and-Easy Deployment of a Ceph Storage Cluster with SLES
 
Tuning systemd for embedded
Tuning systemd for embeddedTuning systemd for embedded
Tuning systemd for embedded
 
Puppet Camp NYC 2014: Build a Modern Infrastructure in 45 min!
Puppet Camp NYC 2014: Build a Modern Infrastructure in 45 min!Puppet Camp NYC 2014: Build a Modern Infrastructure in 45 min!
Puppet Camp NYC 2014: Build a Modern Infrastructure in 45 min!
 
20100425 Configuration Management With Puppet Lfnw
20100425 Configuration Management With Puppet Lfnw20100425 Configuration Management With Puppet Lfnw
20100425 Configuration Management With Puppet Lfnw
 

Plus de Puppet

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
Puppet
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)
Puppet
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
Puppet
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
Puppet
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
Puppet
 

Plus de Puppet (20)

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyaml
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscode
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance code
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden Windows
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael Pinson
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping ground
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User Group
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOps
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
 

Dernier

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 

Dernier (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

Setting up Puppet at Colruyt

  • 1. Puppet at Colruyt Puppet Camp 2013 eric.seynaeve@colruyt.be
  • 2. Overview • Colruyt ? • Why Puppet ? • Setup • Lessons learned • Future 2
  • 3. Colruyt • Largest retailer in Belgium – Several shop enseignes – Also food services 3
  • 4. Colruyt • Also active in France and Luxembourg – Food service over full France territory – Shops 4
  • 5. Colruyt Long history of automation 60’s today 5
  • 6. Colruyt • Linux usage – 430+ Colruyt shops Colruyt, Okay, Dreamland, Dreambaby, Bioplanet, … – 50+ SPAR shops Migration to Linux busy – 150+ production servers Websites, Databases, Accounting, … 6
  • 7. Why Puppet ? • Background in Linux Servers team – System engineers – Do shell programming but not programmers – Long history of ‘Not Build Here’ • Background in IT Colruyt – Specialized groups (DBA, Network, SAN, …) – Most don’t want to package and configure Some want to have some control – Co-managed servers 7
  • 8. Why Puppet ? • Old system configuration management – Home build system – Worked well … but … • Takes lots of effort to main • There were important limitations • Not ready for the future • We’re on our own • We’re no experts 8
  • 9. Why Puppet ? • Advantages Puppet – Noop (aka dry-run) option – Enterprise support – 3th party support – Large and active community – Flexible –… 9
  • 10. Setup • Using Puppet Enterprise • One puppet master for each environment Controlled PE upgrades • Using Subversion as version control system • Other teams: Only package scripts/apps Linux Servers team: Also manages configurations 10
  • 11. Setup • Light-weight wrapper CLI-menu – Easier for the teams – Lowers learning curve – Reduces risk for errors Editing package *asslib_infrascript_colruyt* within group *infrascript* 1) ** back 10) ** Status with subversion 2) ** Create file or dir 11) ** View diff with subversion 3) ** Edit file 12) ** Resolve subversion conflict 4) ** Revert file or dir 13) ** Commit to subversion 5) ** Rename file or dir 14) ** Package 6) ** Delete file or dir 15) ** Promote to rese 7) ** Customize spec file 16) ** Promote right away 8) ** View logs from subversion 17) ** Ask to adjust configs 9) ** Update from subversion Enter a number: 11
  • 12. Setup • Managing resource definitions – Putting resource definitions of one type of resource in one module • Easier to fine out what is done on our server park • Using virtual resources • Realized with tags when needed 12
  • 13. Setup • Managing resource definitions – Creating a wrapper around Puppet code • Easier for the team • Consistency in definitions • Lowers learning curve • Flexibility for the future 13
  • 14. Example: cron • Main module: zz_cron_systlinux_colruyt • init.pp class zz_cron_systlinux_colruyt { include setup … @zz_cron_systlinux_colruyt::conf {'netbackup': user => 'root', command => '/opt/openv/netbackup/check_bp_conf.sh >/var/tmp/check_bp.conf.log', minute => '0', hour => '7', tag => 'zz_tag_netbackup_systlinux_colruyt', } } 14
  • 15. Example: cron • setup.pp – Installs the needed rpms – Manages the service – Changes OS defaults to our likings 15
  • 16. Example: cron • conf.pp – Defines the wrapper – Using sensible defaults define zz_cron_systlinux_colruyt::conf ( { $user, cron { "$user $command": $command, ensure => $ensure, $ensure = present, user => $user, $hour = undef, command => $command, $minute = undef, minute => $minute, $weekday = undef, hour => $hour, $month = undef, weekday => $weekday, $monthday = undef month => $month, ) monthday => $monthday, } } 16
  • 17. Example: cron • Realization happens in a separate module – Groups all zz_* modules together – Makes life easier for the team define base_systlinux_colruyt::configure { … include zz_cron_systlinux_colruyt Zz_cron_systlinux_colruyt::Conf <| tag == "zz_tag_${name}" |> … } 17
  • 18. Example: cron • In netbackup module – one line to add all zz_* modules class netbackup_systlinux_colruyt { base_systlinux_colruyt::configure {'netbackup_systlinux_colruyt':} … } 18
  • 19. Setup: params_systlinux_colruyt • Sometimes server specific configs are needed • Module params_systlinux_colruyt – Defines several ‘global’ parameters – Can be overridden in the node definition – Using sensible defaults $topology = 'int', class params_systlinux_colruyt ( ) – Syntax check if ! ( $topology in [ 'int', 'dmz', 'shop' ] ) { fail("topology is not 'int', 'dmz' or 'shop' (${topology})") } 19
  • 20. Setup: params_systlinux_colruyt • Used in node definitions: node 'svlirc99' { class {'params_systlinux_colruyt': topology => 'dmz', } … } • Used in puppet configurations – Templates – .pp files 20
  • 21. Setup: base_systlinux_colruyt When requiring … do this: Minimal Red Hat setup and no puppet agent Create iso file with ‘none’ puppet config Reservation server with as little of us as possible Create node and only include class base_systlinux_colruyt::minimal Reservation server with our own packages and Create node and only include class configuration changes base_systlinux_colruyt::basic Server with Create node and include • our basic tools (reports, netbackup agent, ITO • base_systlinux_colruyt agent, sophos, …) Includes basic tools • other software (oracle, was, …) • Other required modules (oracle, was, …) 21
  • 22. Lessons learned • Setup naming conventions <bla>_<group>_colruyt – Prevents naming clashes with others – Easier to parse • Humans • Scripts 22
  • 23. Lessons learned • When packaging rpms, always start from version control system – Forces people to check in – Ensures you can always recreate rpms from scratch 23
  • 24. Lessons learned • Make sure you can link a version on the server back to the version in the VCS – Include VCS revision number in rpm version number • 1.<revision>-1 • 1.<revision>-<ISO date> – Keep track of VCS revision number on Puppet master 24
  • 25. Lessons learned • Keep loggings of all executions – Created wrapper puppet run script – Defaults to noop 25
  • 26. Puppet annoyances • There are hidden ‘features’ with tags – When using ‘::’ in tags, things get complicated • abc::xyz – Creates tag abc::xyz – Creates tag abc – Creates tag xyz 26
  • 27. Puppet annoyances – Every resource in a module gets the module name as tag – Also classes get class name as tag • Added ‘zz_tag_’ to tags 27
  • 28. Puppet annoyances • Mount resource adds mount to fstab – Even if the resource fails – Working together with PuppetLabs 28
  • 29. Puppet annoyances • Rpm updated outside of puppet ? – No trigger at the next puppet run – Needed • Upgrades done by consultants • Override permissions for Red Hat rpms 29
  • 30. Future • Switch to Hiera ? – Removes our ‘house-build’ abstraction system ? – Speed up puppet runs ? • Use Gepetto for more IDE-type editing • Setup Puppet unit testing • Look into MCollective • … 30