SlideShare une entreprise Scribd logo

Puppet configuration management

Télécharger en tant que PPTX, PDF
Simon Hanmer
Simon Hanmer

Quick overview of puppet and hiera

Technologie
1  sur  17
Puppet Configuration Management Credit: Miki Yoshihito https://flic.kr/p/7JNRuf
# whoami • Simon Hanmer – IT Consultant – Sysadmin, Infrastructure architect, server wrangler.
Overview • Infrastructure as code! • Describe the configuration using some ‘language’ – Deploy predictably – Deploy rapidly – Deploy often
Overview • Puppet – Deploy (first installations) – Enforce (Prevent changes) – Audit (Report changes) • Like many tools, two versions – Open source, free as in beer – Enterprise – self hosted, with support (about $100 per node per year)
Overview • Typically used to configure hosts with installed OS, but can provision – Bare metal – Virtual – Cloud – Even non-server (F5 for example)
Deployment Models • Standalone – Single server enforcing own configuration • Distributed – Master servers (single or multiple) – Clients – Secure – servers have to be registered with masters and can only see their own configurations, communications encrypted with SSL. • Can run as single-shot or at regular intervals
Architecture Puppet Server Puppet Client Facts (information about client) Manifests Puppet Client
Facter [simon@webconfig ~]$ facter > facter.txt architecture => x86_64 blockdevice_sda_model => VBOX HARDDISK blockdevice_sda_size => 8589934592 blockdevice_sda_vendor => ATA dhcp_servers => {"system"=>"10.0.3.2", "enp0s8"=>"10.0.3.2"} domain => lrn2.co.uk fqdn => webconfig.lrn2.co.uk hostname => webconfig interfaces => enp0s3,enp0s8,lo ipaddress => 192.168.56.20 ipaddress_enp0s3 => 192.168.56.20 ipaddress_enp0s8 => 10.0.3.15 ipaddress_lo => 127.0.0.1 is_virtual => true kernel => Linux kernelmajversion => 3.10 kernelrelease => 3.10.0-229.4.2.el7.x86_64 kernelversion => 3.10.0 macaddress => 08:00:27:4c:0a:12 macaddress_enp0s3 => 08:00:27:4c:0a:12 macaddress_enp0s8 => 08:00:27:70:b2:a7 memoryfree => 1.13 GB memoryfree_mb => 1155.09 memorysize => 1.28 GB memorysize_mb => 1310.63 operatingsystem => CentOS operatingsystemmajrelease => 7 operatingsystemrelease => 7.1.1503 os => {"name"=>"CentOS", "family"=>"RedHat", "release"=>{"major"=>"7", "minor"=>"1", "full"=>"7.1.1503"}} osfamily => RedHat physicalprocessorcount => 1 processor0 => Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz processorcount => 1 processors => {"models"=>["Intel(R) Core(TM) i7- 4600U CPU @ 2.10GHz"], "count"=>1, "physicalcount"=>1} selinux => true selinux_enforced => true selinux_policyversion => 28 timezone => BST uniqueid => a8c01438 virtual => virtualbox
Process flow facter node classifier hiera puppet
Hiera • Remember ‘Infrastructure as code’? – Most people start hard-coding configuration – Lots of duplication – Separate code and config – Repo’s (tip: separate code & config) – Encrypt sensitive data • Hiera to the rescue!
Hiera • Hierarchy • Decreasing specialisation of information • Definitions override those lower in hierarchy, so /hosts/somehost.com would override /production • Common definitions can be pushed further down the hierarchy which leads to less duplication :hierarchy: − "hosts/%{::fqdn}" − "environment/%{::environment}/%{::operatingsytem}" − "domain/%{::domain}" − "os/%{::operatingsystem}" − "environment/%{::environment}" − common
Hiera • Uses YAML or JSON files • Start with classes classes: − component::webserver − component::mysql_server − component::git_repos − component::wordpress − cron
Hiera • Then data web::vhosts blog.anotherwordpress.com-ssl: servername: blog.anotherwordpress.com port: 443 docroot: /var/www/blog.anotherwordpress.com override: all ssl: true ssl_cert: /etc/ssl/certs/real_lfa.crt wordpress: blog.anotherwordpress.com: docroot: /var/www/blog.anotherwordpress.com db_name: blog db_host: localhost db_user: blog_dba db_password: ENC[PKCS7,mIIBeQYaKoZIhvcNAQc+oIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJ KoZIhvcNAQEBBQAEggEAD2Z15kvHip4y22WRm+aa+VCpXa08rKYxxMzEJNdGR9RpdEARXMcUhn uTeSdf/uDtk4QICN6D/yhEaoG6TotShlLQv2q1uNIeUyf9HHpuvdBwYgQkz1bSES5+alDh/X9H 7IQdtcosNPM4L+2QGb8rygNOTAREALPasswordptH8cN7EDKjLuye4JiNoAKk22mxYTZCuvwq2 88HnSB/4Tn2iOyT+Ms3mjzOJ2RYYviMcD6BlmDpqbp2iG6iUILbvTzowNjJY9ijCIZISEyQMbx fTDBGeaaPrTomdNxpOX4/xEGUGgv7GFYTHMW4hDMHaJF/l8Y+mfBS9WlHKb+9Pb9iDA8Bgkqhk iG9w0BBwEwHQYJYIZIAWUDBAEqBBDKy7nvaZxyXwXO5cSjZXXwgBC9dNAU19EFHVTZiCoBKDAk ]
Puppet resources • Dozen or so built-in resource types • and define your own • Enforce ordering – i.e. install package before enabling service • cron • exec • file • group • host • interface • mailalias • package • router • ssh_authorized_key • user • vlan + others
Puppet Module class component::wordpress { user { 'wordpress' : ensure => present } $wordpress = hiera_hash('wordpress') create_resources(wordpress_site, $wordpress) } # define wordpress resource type define wordpress_site($variables_go_here) { wordpress::instance { "wordpress_$site" : install_dir => $docroot, wp_owner => apache, wp_group => apache, version => 'latest', db_host => $db_host, db_name => $db_name, db_user => $db_user, db_password => $db_password, create_db => true, create_db_user => true } apache::vhost { $site: port => '80', docroot => $docroot, docroot_owner => apache, docroot_group => apache, docroot_mode => '0777' } }
Pros Cons • Free or paid support although I’ve seen puppetlabs employees deliver free support through community • Established (2005) but regular updates • Deploy to bare metal, VMs or cloud • open source modules via forge.puppetlabs.com – both PuppetLabs and individuals • Good documentation – online and printed books • Language is declarative, so by default order of implementation isn’t guaranteed • Default deployment can only handle 10s of nodes, but easy to scale this (using Passenger)
What next? • puppetlabs.com – Downloads – Documentation – Training VMs • forge.puppetlabs.com – Module repository

Recommandé

Puppet Camp Sydney 2015: The (Im)perfect Puppet Module
Puppet Camp Sydney 2015: The (Im)perfect Puppet ModulePuppet Camp Sydney 2015: The (Im)perfect Puppet Module
Puppet Camp Sydney 2015: The (Im)perfect Puppet ModulePuppet
 
Puppet Camp Atlanta 2014: Continuous Deployment of Puppet Modules
Puppet Camp Atlanta 2014: Continuous Deployment of Puppet ModulesPuppet Camp Atlanta 2014: Continuous Deployment of Puppet Modules
Puppet Camp Atlanta 2014: Continuous Deployment of Puppet ModulesPuppet
 
Using Vagrant, Puppet, Testing & Hadoop
Using Vagrant, Puppet, Testing & HadoopUsing Vagrant, Puppet, Testing & Hadoop
Using Vagrant, Puppet, Testing & HadoopPuppet
 
Puppet Development Workflow
Puppet Development WorkflowPuppet Development Workflow
Puppet Development WorkflowJeffery Smith
 
Devops, Dungeons & Dragons
Devops, Dungeons & Dragons Devops, Dungeons & Dragons
Devops, Dungeons & Dragons David Lutz
 
Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014Puppet
 
Puppet - Configuration Management Made Eas(ier)
Puppet - Configuration Management Made Eas(ier)Puppet - Configuration Management Made Eas(ier)
Puppet - Configuration Management Made Eas(ier)Aaron Bernstein
 
Docker
Docker Docker
Docker Andrea Laspada
 

Recommandé

Puppet Camp Sydney 2015: The (Im)perfect Puppet Module
Puppet Camp Sydney 2015: The (Im)perfect Puppet ModulePuppet Camp Sydney 2015: The (Im)perfect Puppet Module
Puppet Camp Sydney 2015: The (Im)perfect Puppet ModulePuppet
 
Puppet Camp Atlanta 2014: Continuous Deployment of Puppet Modules
Puppet Camp Atlanta 2014: Continuous Deployment of Puppet ModulesPuppet Camp Atlanta 2014: Continuous Deployment of Puppet Modules
Puppet Camp Atlanta 2014: Continuous Deployment of Puppet ModulesPuppet
 
Using Vagrant, Puppet, Testing & Hadoop
Using Vagrant, Puppet, Testing & HadoopUsing Vagrant, Puppet, Testing & Hadoop
Using Vagrant, Puppet, Testing & HadoopPuppet
 
Puppet Development Workflow
Puppet Development WorkflowPuppet Development Workflow
Puppet Development WorkflowJeffery Smith
 
Devops, Dungeons & Dragons
Devops, Dungeons & Dragons Devops, Dungeons & Dragons
Devops, Dungeons & Dragons David Lutz
 
Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014Puppet
 
Puppet - Configuration Management Made Eas(ier)
Puppet - Configuration Management Made Eas(ier)Puppet - Configuration Management Made Eas(ier)
Puppet - Configuration Management Made Eas(ier)Aaron Bernstein
 
Docker
Docker Docker
Docker Andrea Laspada
 
Docker internals
Docker internalsDocker internals
Docker internalsRohit Jnagal
 
A Introduction of Packer
A Introduction of PackerA Introduction of Packer
A Introduction of PackerFreyr Lin
 
EC2 AMI Factory with Chef, Berkshelf, and Packer
EC2 AMI Factory with Chef, Berkshelf, and PackerEC2 AMI Factory with Chef, Berkshelf, and Packer
EC2 AMI Factory with Chef, Berkshelf, and PackerGeorge Miranda
 
Packer, where DevOps begins
Packer, where DevOps beginsPacker, where DevOps begins
Packer, where DevOps beginsJeff Hung
 
Usecase examples of Packer
Usecase examples of Packer Usecase examples of Packer
Usecase examples of Packer Hiroshi SHIBATA
 
Docker and Puppet for Continuous Integration
Docker and Puppet for Continuous IntegrationDocker and Puppet for Continuous Integration
Docker and Puppet for Continuous IntegrationGiacomo Vacca
 
C#: Globalization and localization
C#: Globalization and localizationC#: Globalization and localization
C#: Globalization and localizationRohit Vipin Mathews
 
Connascence
ConnascenceConnascence
ConnascenceKevin Rutherford
 
Superb Supervision of Short-lived Servers with Sensu
Superb Supervision of Short-lived Servers with SensuSuperb Supervision of Short-lived Servers with Sensu
Superb Supervision of Short-lived Servers with SensuPaul O'Connor
 
Puppet Conf 2012 - Managing Network Devices with Puppet
Puppet Conf 2012 - Managing Network Devices with PuppetPuppet Conf 2012 - Managing Network Devices with Puppet
Puppet Conf 2012 - Managing Network Devices with PuppetNan Liu
 
Deploying puppet code at light speed
Deploying puppet code at light speedDeploying puppet code at light speed
Deploying puppet code at light speedTomas Doran
 
Dates aghhhh!!?!?!?!
Dates aghhhh!!?!?!?!Dates aghhhh!!?!?!?!
Dates aghhhh!!?!?!?!Tomas Doran
 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)rajdeep
 
Docker puppetcamp london 2013
Docker puppetcamp london 2013Docker puppetcamp london 2013
Docker puppetcamp london 2013Tomas Doran
 
Storage device
Storage deviceStorage device
Storage deviceh00271567
 
Thinking through puppet code layout
Thinking through puppet code layoutThinking through puppet code layout
Thinking through puppet code layoutTomas Doran
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Contenu connexe

En vedette

A Introduction of Packer
A Introduction of PackerA Introduction of Packer
A Introduction of PackerFreyr Lin
 
EC2 AMI Factory with Chef, Berkshelf, and Packer
EC2 AMI Factory with Chef, Berkshelf, and PackerEC2 AMI Factory with Chef, Berkshelf, and Packer
EC2 AMI Factory with Chef, Berkshelf, and PackerGeorge Miranda
 
Packer, where DevOps begins
Packer, where DevOps beginsPacker, where DevOps begins
Packer, where DevOps beginsJeff Hung
 
Usecase examples of Packer
Usecase examples of Packer Usecase examples of Packer
Usecase examples of Packer Hiroshi SHIBATA
 
Docker and Puppet for Continuous Integration
Docker and Puppet for Continuous IntegrationDocker and Puppet for Continuous Integration
Docker and Puppet for Continuous IntegrationGiacomo Vacca
 
C#: Globalization and localization
C#: Globalization and localizationC#: Globalization and localization
C#: Globalization and localizationRohit Vipin Mathews
 
Superb Supervision of Short-lived Servers with Sensu
Superb Supervision of Short-lived Servers with SensuSuperb Supervision of Short-lived Servers with Sensu
Superb Supervision of Short-lived Servers with SensuPaul O'Connor
 
Puppet Conf 2012 - Managing Network Devices with Puppet
Puppet Conf 2012 - Managing Network Devices with PuppetPuppet Conf 2012 - Managing Network Devices with Puppet
Puppet Conf 2012 - Managing Network Devices with PuppetNan Liu
 
Deploying puppet code at light speed
Deploying puppet code at light speedDeploying puppet code at light speed
Deploying puppet code at light speedTomas Doran
 
Dates aghhhh!!?!?!?!
Dates aghhhh!!?!?!?!Dates aghhhh!!?!?!?!
Dates aghhhh!!?!?!?!Tomas Doran
 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)rajdeep
 
Docker puppetcamp london 2013
Docker puppetcamp london 2013Docker puppetcamp london 2013
Docker puppetcamp london 2013Tomas Doran
 
Storage device
Storage deviceStorage device
Storage deviceh00271567
 
Thinking through puppet code layout
Thinking through puppet code layoutThinking through puppet code layout
Thinking through puppet code layoutTomas Doran
 

En vedette (16)

Docker internals
Docker internalsDocker internals
Docker internals
 
A Introduction of Packer
A Introduction of PackerA Introduction of Packer
A Introduction of Packer
 
EC2 AMI Factory with Chef, Berkshelf, and Packer
EC2 AMI Factory with Chef, Berkshelf, and PackerEC2 AMI Factory with Chef, Berkshelf, and Packer
EC2 AMI Factory with Chef, Berkshelf, and Packer
 
Packer, where DevOps begins
Packer, where DevOps beginsPacker, where DevOps begins
Packer, where DevOps begins
 
Usecase examples of Packer
Usecase examples of Packer Usecase examples of Packer
Usecase examples of Packer
 
Docker and Puppet for Continuous Integration
Docker and Puppet for Continuous IntegrationDocker and Puppet for Continuous Integration
Docker and Puppet for Continuous Integration
 
C#: Globalization and localization
C#: Globalization and localizationC#: Globalization and localization
C#: Globalization and localization
 
Connascence
ConnascenceConnascence
Connascence
 
Superb Supervision of Short-lived Servers with Sensu
Superb Supervision of Short-lived Servers with SensuSuperb Supervision of Short-lived Servers with Sensu
Superb Supervision of Short-lived Servers with Sensu
 
Puppet Conf 2012 - Managing Network Devices with Puppet
Puppet Conf 2012 - Managing Network Devices with PuppetPuppet Conf 2012 - Managing Network Devices with Puppet
Puppet Conf 2012 - Managing Network Devices with Puppet
 
Deploying puppet code at light speed
Deploying puppet code at light speedDeploying puppet code at light speed
Deploying puppet code at light speed
 
Dates aghhhh!!?!?!?!
Dates aghhhh!!?!?!?!Dates aghhhh!!?!?!?!
Dates aghhhh!!?!?!?!
 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)
 
Docker puppetcamp london 2013
Docker puppetcamp london 2013Docker puppetcamp london 2013
Docker puppetcamp london 2013
 
Storage device
Storage deviceStorage device
Storage device
 
Thinking through puppet code layout
Thinking through puppet code layoutThinking through puppet code layout
Thinking through puppet code layout
 

Dernier

Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 

Dernier (20)

Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 

Puppet configuration management

  • 2. # whoami • Simon Hanmer – IT Consultant – Sysadmin, Infrastructure architect, server wrangler.
  • 3. Overview • Infrastructure as code! • Describe the configuration using some ‘language’ – Deploy predictably – Deploy rapidly – Deploy often
  • 4. Overview • Puppet – Deploy (first installations) – Enforce (Prevent changes) – Audit (Report changes) • Like many tools, two versions – Open source, free as in beer – Enterprise – self hosted, with support (about $100 per node per year)
  • 5. Overview • Typically used to configure hosts with installed OS, but can provision – Bare metal – Virtual – Cloud – Even non-server (F5 for example)
  • 6. Deployment Models • Standalone – Single server enforcing own configuration • Distributed – Master servers (single or multiple) – Clients – Secure – servers have to be registered with masters and can only see their own configurations, communications encrypted with SSL. • Can run as single-shot or at regular intervals
  • 8. Facter [simon@webconfig ~]$ facter > facter.txt architecture => x86_64 blockdevice_sda_model => VBOX HARDDISK blockdevice_sda_size => 8589934592 blockdevice_sda_vendor => ATA dhcp_servers => {"system"=>"10.0.3.2", "enp0s8"=>"10.0.3.2"} domain => lrn2.co.uk fqdn => webconfig.lrn2.co.uk hostname => webconfig interfaces => enp0s3,enp0s8,lo ipaddress => 192.168.56.20 ipaddress_enp0s3 => 192.168.56.20 ipaddress_enp0s8 => 10.0.3.15 ipaddress_lo => 127.0.0.1 is_virtual => true kernel => Linux kernelmajversion => 3.10 kernelrelease => 3.10.0-229.4.2.el7.x86_64 kernelversion => 3.10.0 macaddress => 08:00:27:4c:0a:12 macaddress_enp0s3 => 08:00:27:4c:0a:12 macaddress_enp0s8 => 08:00:27:70:b2:a7 memoryfree => 1.13 GB memoryfree_mb => 1155.09 memorysize => 1.28 GB memorysize_mb => 1310.63 operatingsystem => CentOS operatingsystemmajrelease => 7 operatingsystemrelease => 7.1.1503 os => {"name"=>"CentOS", "family"=>"RedHat", "release"=>{"major"=>"7", "minor"=>"1", "full"=>"7.1.1503"}} osfamily => RedHat physicalprocessorcount => 1 processor0 => Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz processorcount => 1 processors => {"models"=>["Intel(R) Core(TM) i7- 4600U CPU @ 2.10GHz"], "count"=>1, "physicalcount"=>1} selinux => true selinux_enforced => true selinux_policyversion => 28 timezone => BST uniqueid => a8c01438 virtual => virtualbox
  • 10. Hiera • Remember ‘Infrastructure as code’? – Most people start hard-coding configuration – Lots of duplication – Separate code and config – Repo’s (tip: separate code & config) – Encrypt sensitive data • Hiera to the rescue!
  • 11. Hiera • Hierarchy • Decreasing specialisation of information • Definitions override those lower in hierarchy, so /hosts/somehost.com would override /production • Common definitions can be pushed further down the hierarchy which leads to less duplication :hierarchy: − "hosts/%{::fqdn}" − "environment/%{::environment}/%{::operatingsytem}" − "domain/%{::domain}" − "os/%{::operatingsystem}" − "environment/%{::environment}" − common
  • 12. Hiera • Uses YAML or JSON files • Start with classes classes: − component::webserver − component::mysql_server − component::git_repos − component::wordpress − cron
  • 13. Hiera • Then data web::vhosts blog.anotherwordpress.com-ssl: servername: blog.anotherwordpress.com port: 443 docroot: /var/www/blog.anotherwordpress.com override: all ssl: true ssl_cert: /etc/ssl/certs/real_lfa.crt wordpress: blog.anotherwordpress.com: docroot: /var/www/blog.anotherwordpress.com db_name: blog db_host: localhost db_user: blog_dba db_password: ENC[PKCS7,mIIBeQYaKoZIhvcNAQc+oIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJ KoZIhvcNAQEBBQAEggEAD2Z15kvHip4y22WRm+aa+VCpXa08rKYxxMzEJNdGR9RpdEARXMcUhn uTeSdf/uDtk4QICN6D/yhEaoG6TotShlLQv2q1uNIeUyf9HHpuvdBwYgQkz1bSES5+alDh/X9H 7IQdtcosNPM4L+2QGb8rygNOTAREALPasswordptH8cN7EDKjLuye4JiNoAKk22mxYTZCuvwq2 88HnSB/4Tn2iOyT+Ms3mjzOJ2RYYviMcD6BlmDpqbp2iG6iUILbvTzowNjJY9ijCIZISEyQMbx fTDBGeaaPrTomdNxpOX4/xEGUGgv7GFYTHMW4hDMHaJF/l8Y+mfBS9WlHKb+9Pb9iDA8Bgkqhk iG9w0BBwEwHQYJYIZIAWUDBAEqBBDKy7nvaZxyXwXO5cSjZXXwgBC9dNAU19EFHVTZiCoBKDAk ]
  • 14. Puppet resources • Dozen or so built-in resource types • and define your own • Enforce ordering – i.e. install package before enabling service • cron • exec • file • group • host • interface • mailalias • package • router • ssh_authorized_key • user • vlan + others
  • 15. Puppet Module class component::wordpress { user { 'wordpress' : ensure => present } $wordpress = hiera_hash('wordpress') create_resources(wordpress_site, $wordpress) } # define wordpress resource type define wordpress_site($variables_go_here) { wordpress::instance { "wordpress_$site" : install_dir => $docroot, wp_owner => apache, wp_group => apache, version => 'latest', db_host => $db_host, db_name => $db_name, db_user => $db_user, db_password => $db_password, create_db => true, create_db_user => true } apache::vhost { $site: port => '80', docroot => $docroot, docroot_owner => apache, docroot_group => apache, docroot_mode => '0777' } }
  • 16. Pros Cons • Free or paid support although I’ve seen puppetlabs employees deliver free support through community • Established (2005) but regular updates • Deploy to bare metal, VMs or cloud • open source modules via forge.puppetlabs.com – both PuppetLabs and individuals • Good documentation – online and printed books • Language is declarative, so by default order of implementation isn’t guaranteed • Default deployment can only handle 10s of nodes, but easy to scale this (using Passenger)
  • 17. What next? • puppetlabs.com – Downloads – Documentation – Training VMs • forge.puppetlabs.com – Module repository