Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
The Long, Twisty
Road to
Automation:
Implementing Puppet at the University
of Saskatchewan
environment
how
lessons
future
2
environment
3
service catalog
Alumni and
Advancement
Consumer
Information
Facilities
Mangement
Library Systems
Application
Development
C...
application catalog
5
before
•  templates
•  automation
•  group policy
•  scripts
•  manual documentation
6
challenges
●  change control
●  culture change
●  development/test/production
●  ill defined standards
●  silos
7
why bother
8
we have problems
•  speed up deployment.
•  configuration drift
•  standardize
•  troubleshooting
9
how
10
getting started
•  weekly architecture team meetings
•  puppet ramp up project
•  on site training
11
puppet architecture
# production branch control-repo/PuppetFile
forge http://forge.puppetlabs.com
# Modules from the Puppe...
initial git code workflow
13
production
test
development
merge
merge
better git code workflow
1414
production
test
development
merge
merge
feature
merge
15
class roles::analytics {
include profiles::base_rhel
include profiles::apache
include profiles::mod_auth_cas
include profi...
class roles::cs_bookware_as {
case $::hostname {
/^books(dev|test)?$/: {
accounts::user {'SASK':
comment => 'Bookware appl...
18
19
useful mco commands
mco find –W profiles::apache
mco puppet disable "Investigating a problem with the apache module. -NF" ...
lessons
21
lessons learned
•  confine custom facts by kernel
•  confine :kernel => %w(Linux SunOS FreeBSD Darwin)
•  https://puppet.c...
more lessons
Windows
I can do that with a
gpo
Linux
I have to do a lot of
typing just to change
one file?
Dba’s
Thou shalt...
Are we getting better?
24
•  PCI DSS
•  increase speed of deployment
•  centrally managed system administrators
desktop
future
25
Room for improvement
•  code review
•  pull requests
•  dynamic environments
•  large number of role classes
•  vRealize
26
Questions?
@linuxgurl
jennifer.hadley@usask.ca
27
Prochain SlideShare
Chargement dans…5
×

PuppetConf 2016: The Long, Twisty Road to Automation: Implementing Puppet at the University of Saskatchewan – Jennifer Hadley, University of Saskatchewan

130 vues

Publié le

Here are the slides from Jennifer Hadley's PuppetConf 2016 presentation called The Long, Twisty Road to Automation: Implementing Puppet at the University of Saskatchewan. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa

Publié dans : Technologie
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

PuppetConf 2016: The Long, Twisty Road to Automation: Implementing Puppet at the University of Saskatchewan – Jennifer Hadley, University of Saskatchewan

  1. 1. The Long, Twisty Road to Automation: Implementing Puppet at the University of Saskatchewan
  2. 2. environment how lessons future 2
  3. 3. environment 3
  4. 4. service catalog Alumni and Advancement Consumer Information Facilities Mangement Library Systems Application Development Content and Collaboration Finance and Procurement Printing Services Assesment Services Device Management Human Resources Relationship Management BroadCast and Streaming Email and Calendering Identity and Access Reporting, Data and Analytics Classroom Technology Emergency Notification Learning Management Research Computing Communications E-Portfolio Lecture Capture Storage 4
  5. 5. application catalog 5
  6. 6. before •  templates •  automation •  group policy •  scripts •  manual documentation 6
  7. 7. challenges ●  change control ●  culture change ●  development/test/production ●  ill defined standards ●  silos 7
  8. 8. why bother 8
  9. 9. we have problems •  speed up deployment. •  configuration drift •  standardize •  troubleshooting 9
  10. 10. how 10
  11. 11. getting started •  weekly architecture team meetings •  puppet ramp up project •  on site training 11
  12. 12. puppet architecture # production branch control-repo/PuppetFile forge http://forge.puppetlabs.com # Modules from the Puppet Forge mod "puppetlabs/inifile", '1.4.2‘ # systems written modules moduledir 'site-modules/systems' mod 'profiles', :git => 'git@git.usask.ca:puppet/profiles.git', :ref => 'production' mod 'roles', :git => 'git@git.usask.ca:puppet/roles.git', :ref => 'production' 12
  13. 13. initial git code workflow 13 production test development merge merge
  14. 14. better git code workflow 1414 production test development merge merge feature merge
  15. 15. 15
  16. 16. class roles::analytics { include profiles::base_rhel include profiles::apache include profiles::mod_auth_cas include profiles::mysql ::apache::mod { 'auth_basic': } ::apache::mod { 'authn_file': } class { 'profiles::php': display_errors => 'Off', display_startup_errors => 'On', track_errors => 'On', } class profiles::mod_auth_cas { package { 'sds-mod_auth_cas': ensure => 'installed',} file { '/etc/httpd/conf.d/ z50_mod_auth_cas.conf': ensure => present, require => Package['httpd'], content => '# CAS setup LoadModule auth_cas_module modules/ mod_auth_cas.so CASCookiePath /var/mod_auth_cas/ CASLoginURL https://<redacted>/cas/login CASValidateURL https://<redacted>/cas/ serviceValidate CASTimeout 36000 CASIdleTimeout 3600 <Location /> CASScope / </Location>',} 16
  17. 17. class roles::cs_bookware_as { case $::hostname { /^books(dev|test)?$/: { accounts::user {'SASK': comment => 'Bookware application account', home => '/home/SASK/USERS', home_mode => '750', } /^booksdb(dev|test)?$/: { postgresql::server::config_entry { 'max_connections' : ensure => present, value => '200', } 17
  18. 18. 18
  19. 19. 19
  20. 20. useful mco commands mco find –W profiles::apache mco puppet disable "Investigating a problem with the apache module. -NF" - C /profiles::apache/ mco package mariadb status 20
  21. 21. lessons 21
  22. 22. lessons learned •  confine custom facts by kernel •  confine :kernel => %w(Linux SunOS FreeBSD Darwin) •  https://puppet.com/blog/wsus-client-module-beginners-guide •  long lived branches make more work •  base_os generic role 22
  23. 23. more lessons Windows I can do that with a gpo Linux I have to do a lot of typing just to change one file? Dba’s Thou shalt not play in development Service owners How are you slower at this. 23
  24. 24. Are we getting better? 24 •  PCI DSS •  increase speed of deployment •  centrally managed system administrators desktop
  25. 25. future 25
  26. 26. Room for improvement •  code review •  pull requests •  dynamic environments •  large number of role classes •  vRealize 26
  27. 27. Questions? @linuxgurl jennifer.hadley@usask.ca 27

×