Here are the slides from Chris Barker and David Soper's PuppetConf 2016 presentation called Policy-Based Management All the Way Down. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa

1. Puppet and UCS
Policy Based Management All The Way Down

2. 2
David Soper
Technical Marketing Engineer, Cisco

3. 3
Chris Barker
PrinciPAL Solutions Engineer, Puppet
@mrzarquon

4. Agenda
• razor
• ucs
• cvds (tying it all together)

5. Razor Policies: how they work
PE: Quick way to get razor
5

6. Define
6

7. Boot
7

8. Discover
8

9. Puppet
9

10. Puppet + UCS
Abstracting Workload Deployment
● A node’s role (classification) describes its intended use - the “what”
● E.g., OpenStack Ceph Storage node
● Has shared (security, compliance) and specific (DB) profiles
10

11. Puppet + UCS
Abstracting Workload Deployment
● So, what infrastructure is needed for my OpenStack Ceph node?
● Use profiles to define logical representations of workloads (filesystem, authentication, etc.)
● Write it once, deploy it anywhere
● Profiles describe resources and policies to apply to those resources - a provider applies policy
11

12. Puppet + UCS
Abstracting Workload Deployment
● Great, what about the OS and underlying infrastructure? Where do I define that?
● Just another set of profiles and policies: Razor for OS deployment and Cisco UCS for the
infrastructure
12

13. Cisco UCS Profiles and Policies
This is how I role

14. Puppet + UCS
You call that a profile? Now this is a profile.
● Your UCS service profile is just like your other Puppet profiles, but for the underlying infrastructure
● Logical representation of resources (compute/network/storage/etc.)
● Collection of policies to apply
● Did I mention “logical”? Profiles and policies can be changed as needed:
● Need more storage - just update your profile
● Need to change Firmware - just update a policy
14

15. Puppet + UCS
Cisco UCS: Define it Once and Use it Anywhere
15

16. Creating workflow

17. Puppet + UCS
Why Don’t You Just Tell Me the Name of the OS You’d Like to See?
17

18. Puppet + UCS
Why Don’t You Just Tell Me the Name of the OS You’d Like to See?
18

19. What is a CVD?
Hint: Cisco Validated Design

20. Puppet + UCS
Focus on the Fun Stuff (Automation)
● Automation is great, but you still have steps to follow
● Back on our Ceph node, what packages (versions), ports, etc. do I need?
● Ok Google, “OpenStack 7”
● Better: Ok Google, “OpenStack 7 CVD”
● Cisco Validated Design with comprehensive deployment instructions
● Cisco put the pieces together, made sure they work, then tells you how to deploy in detail
20

21. Puppet + UCS
This is Great - and only 351 Pages!
● Time to Automate
● Infrastructure profiles- define once and
deploy as needed
● OS profiles - name that role and
provision
● Puppet - define once and deploy as
needed
21

22. Demos

23. Demos

24. Demos

25. Configure (hardware)
UCS
Software defined hardware policy

26. Configure (software)
Razor -> Puppet
Razor ID Policy, Hands over to Puppet post OS Deploy

27. Puppet
(Drift Remediation)
Ensures desired end state

28. Questions?

29. 29