Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Puppet configuration management

Quick overview of puppet and hiera

  • Identifiez-vous pour voir les commentaires

  • Soyez le premier à aimer ceci

Puppet configuration management

  1. 1. Puppet Configuration Management Credit: Miki Yoshihito https://flic.kr/p/7JNRuf
  2. 2. # whoami • Simon Hanmer – IT Consultant – Sysadmin, Infrastructure architect, server wrangler.
  3. 3. Overview • Infrastructure as code! • Describe the configuration using some ‘language’ – Deploy predictably – Deploy rapidly – Deploy often
  4. 4. Overview • Puppet – Deploy (first installations) – Enforce (Prevent changes) – Audit (Report changes) • Like many tools, two versions – Open source, free as in beer – Enterprise – self hosted, with support (about $100 per node per year)
  5. 5. Overview • Typically used to configure hosts with installed OS, but can provision – Bare metal – Virtual – Cloud – Even non-server (F5 for example)
  6. 6. Deployment Models • Standalone – Single server enforcing own configuration • Distributed – Master servers (single or multiple) – Clients – Secure – servers have to be registered with masters and can only see their own configurations, communications encrypted with SSL. • Can run as single-shot or at regular intervals
  7. 7. Architecture Puppet Server Puppet Client Facts (information about client) Manifests Puppet Client
  8. 8. Facter [simon@webconfig ~]$ facter > facter.txt architecture => x86_64 blockdevice_sda_model => VBOX HARDDISK blockdevice_sda_size => 8589934592 blockdevice_sda_vendor => ATA dhcp_servers => {"system"=>"10.0.3.2", "enp0s8"=>"10.0.3.2"} domain => lrn2.co.uk fqdn => webconfig.lrn2.co.uk hostname => webconfig interfaces => enp0s3,enp0s8,lo ipaddress => 192.168.56.20 ipaddress_enp0s3 => 192.168.56.20 ipaddress_enp0s8 => 10.0.3.15 ipaddress_lo => 127.0.0.1 is_virtual => true kernel => Linux kernelmajversion => 3.10 kernelrelease => 3.10.0-229.4.2.el7.x86_64 kernelversion => 3.10.0 macaddress => 08:00:27:4c:0a:12 macaddress_enp0s3 => 08:00:27:4c:0a:12 macaddress_enp0s8 => 08:00:27:70:b2:a7 memoryfree => 1.13 GB memoryfree_mb => 1155.09 memorysize => 1.28 GB memorysize_mb => 1310.63 operatingsystem => CentOS operatingsystemmajrelease => 7 operatingsystemrelease => 7.1.1503 os => {"name"=>"CentOS", "family"=>"RedHat", "release"=>{"major"=>"7", "minor"=>"1", "full"=>"7.1.1503"}} osfamily => RedHat physicalprocessorcount => 1 processor0 => Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz processorcount => 1 processors => {"models"=>["Intel(R) Core(TM) i7- 4600U CPU @ 2.10GHz"], "count"=>1, "physicalcount"=>1} selinux => true selinux_enforced => true selinux_policyversion => 28 timezone => BST uniqueid => a8c01438 virtual => virtualbox
  9. 9. Process flow facter node classifier hiera puppet
  10. 10. Hiera • Remember ‘Infrastructure as code’? – Most people start hard-coding configuration – Lots of duplication – Separate code and config – Repo’s (tip: separate code & config) – Encrypt sensitive data • Hiera to the rescue!
  11. 11. Hiera • Hierarchy • Decreasing specialisation of information • Definitions override those lower in hierarchy, so /hosts/somehost.com would override /production • Common definitions can be pushed further down the hierarchy which leads to less duplication :hierarchy: − "hosts/%{::fqdn}" − "environment/%{::environment}/%{::operatingsytem}" − "domain/%{::domain}" − "os/%{::operatingsystem}" − "environment/%{::environment}" − common
  12. 12. Hiera • Uses YAML or JSON files • Start with classes classes: − component::webserver − component::mysql_server − component::git_repos − component::wordpress − cron
  13. 13. Hiera • Then data web::vhosts blog.anotherwordpress.com-ssl: servername: blog.anotherwordpress.com port: 443 docroot: /var/www/blog.anotherwordpress.com override: all ssl: true ssl_cert: /etc/ssl/certs/real_lfa.crt wordpress: blog.anotherwordpress.com: docroot: /var/www/blog.anotherwordpress.com db_name: blog db_host: localhost db_user: blog_dba db_password: ENC[PKCS7,mIIBeQYaKoZIhvcNAQc+oIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJ KoZIhvcNAQEBBQAEggEAD2Z15kvHip4y22WRm+aa+VCpXa08rKYxxMzEJNdGR9RpdEARXMcUhn uTeSdf/uDtk4QICN6D/yhEaoG6TotShlLQv2q1uNIeUyf9HHpuvdBwYgQkz1bSES5+alDh/X9H 7IQdtcosNPM4L+2QGb8rygNOTAREALPasswordptH8cN7EDKjLuye4JiNoAKk22mxYTZCuvwq2 88HnSB/4Tn2iOyT+Ms3mjzOJ2RYYviMcD6BlmDpqbp2iG6iUILbvTzowNjJY9ijCIZISEyQMbx fTDBGeaaPrTomdNxpOX4/xEGUGgv7GFYTHMW4hDMHaJF/l8Y+mfBS9WlHKb+9Pb9iDA8Bgkqhk iG9w0BBwEwHQYJYIZIAWUDBAEqBBDKy7nvaZxyXwXO5cSjZXXwgBC9dNAU19EFHVTZiCoBKDAk ]
  14. 14. Puppet resources • Dozen or so built-in resource types • and define your own • Enforce ordering – i.e. install package before enabling service • cron • exec • file • group • host • interface • mailalias • package • router • ssh_authorized_key • user • vlan + others
  15. 15. Puppet Module class component::wordpress { user { 'wordpress' : ensure => present } $wordpress = hiera_hash('wordpress') create_resources(wordpress_site, $wordpress) } # define wordpress resource type define wordpress_site($variables_go_here) { wordpress::instance { "wordpress_$site" : install_dir => $docroot, wp_owner => apache, wp_group => apache, version => 'latest', db_host => $db_host, db_name => $db_name, db_user => $db_user, db_password => $db_password, create_db => true, create_db_user => true } apache::vhost { $site: port => '80', docroot => $docroot, docroot_owner => apache, docroot_group => apache, docroot_mode => '0777' } }
  16. 16. Pros Cons • Free or paid support although I’ve seen puppetlabs employees deliver free support through community • Established (2005) but regular updates • Deploy to bare metal, VMs or cloud • open source modules via forge.puppetlabs.com – both PuppetLabs and individuals • Good documentation – online and printed books • Language is declarative, so by default order of implementation isn’t guaranteed • Default deployment can only handle 10s of nodes, but easy to scale this (using Passenger)
  17. 17. What next? • puppetlabs.com – Downloads – Documentation – Training VMs • forge.puppetlabs.com – Module repository

×