Puppet is an open source configuration management tool that has been available since 2005. It uses a desired state configuration language to define how nodes should be configured. Puppet combines node facts, configuration data, and the node model to generate a catalog that is applied at regular intervals to manage nodes. The HashiCorp suite includes tools like Packer, Vagrant, Terraform, Consul, and Vault that can be used along with Puppet for tasks like building images, provisioning VMs, managing infrastructure as code, service discovery, and secrets management.
2. ~$ whoami~$ whoami
● I used to be a Molecular Biologist,I used to be a Molecular Biologist,
● Then became a Dev,Then became a Dev,
● Now an Ops.Now an Ops.
● Open Source Consultant @Open Source Consultant @inuits.euinuits.eu
3.
4. PuppetPuppet
● Open Source configuration management toolOpen Source configuration management tool
since 2005since 2005
● Desired State DSL on top of rubyDesired State DSL on top of ruby
● Client – Server architectureClient – Server architecture
● Runs on pretty much any OSRuns on pretty much any OS
● Combines node info (Facter), node configCombines node info (Facter), node config
(Hiera), node model (DSL) into a catalogue that(Hiera), node model (DSL) into a catalogue that
is applies at regular intervalsis applies at regular intervals
6. PackerPacker
● Open Source tool to make OS imagesOpen Source tool to make OS images
● Supports Cloud Providers, Docker, Vbox, …Supports Cloud Providers, Docker, Vbox, …
(builders)(builders)
● Has hooks to provision the base imagesHas hooks to provision the base images
(provisioners)(provisioners)
● Create artifacts (Post-Processors)Create artifacts (Post-Processors)
9. VagrantVagrant
● Open Source tool to bootstrap local vmsOpen Source tool to bootstrap local vms
– Build by packer!Build by packer!
● Supports many vm Providers, Docker, Vbox, …Supports many vm Providers, Docker, Vbox, …
● Has hooks to provision the base imagesHas hooks to provision the base images
(provisioners), Puppet, Chef, Ansible, Bash(provisioners), Puppet, Chef, Ansible, Bash
14. TerraformTerraform
● Open Source Automation ToolOpen Source Automation Tool
● ““cloud” orientedcloud” oriented
● Cloud are API’sCloud are API’s
● API’s orientedAPI’s oriented
Terraform is an open source automation toolTerraform is an open source automation tool
which can deal with any kind of CRUD api’s –which can deal with any kind of CRUD api’s –
including major cloud providersincluding major cloud providers
15. HCLHCL
● Hashicorp Configuration LanguageHashicorp Configuration Language
● Yet another cfgmgmt DSLYet another cfgmgmt DSL
● Desired stateDesired state
● Used by multiple hashicorp tools but also 3rdUsed by multiple hashicorp tools but also 3rd
party toolsparty tools
16. The Terraform modelThe Terraform model
● You model your infrastructureYou model your infrastructure
● You make a planYou make a plan
● If ok, you apply that planIf ok, you apply that plan
● Current state is saved for future changesCurrent state is saved for future changes
$ terraform (fmt, validate, plan, apply)$ terraform (fmt, validate, plan, apply)
17. Lets magic a nodeLets magic a node
resourceresource "azurerm_virtual_machine" "puppetmaster" {"azurerm_virtual_machine" "puppetmaster" {
name = "vm-${var.node_name}"name = "vm-${var.node_name}"
location = "${var.azure_region_name}"location = "${var.azure_region_name}"
resource_group_name = "${var.resource_group}"resource_group_name = "${var.resource_group}"
network_interface_ids = ["$network_interface_ids = ["$
{azurerm_network_interface.puppetmaster.id}"]{azurerm_network_interface.puppetmaster.id}"]
vm_size = "${var.vm_size}"vm_size = "${var.vm_size}"
storage_image_referencestorage_image_reference {{
id = "${var.packerimage_id}" # ← your packer image idid = "${var.packerimage_id}" # ← your packer image id
}}
storage_os_diskstorage_os_disk {{
......
}}
os_profileos_profile {{
......
}}
}}
22. ConsulConsul
● Open Source Service Discovery ToolOpen Source Service Discovery Tool
● Build-in KV storeBuild-in KV store
● Service Mesh toolService Mesh tool
27. X509 is hardX509 is hard
#!/usr/bin/env bash#!/usr/bin/env bash
apt-get install puppetserverapt-get install puppetserver
puppet config set --section agent environment ${environment}puppet config set --section agent environment ${environment}
puppet config set --section master dns_alt_names puppet config set --section master dns_alt_names
puppet,puppetmaster.service.consul,puppetmaster.query.consulpuppet,puppetmaster.service.consul,puppetmaster.query.consul
systemctl start puppetserversystemctl start puppetserver
28. What about thatWhat about that
chicken?chicken?
#!/usr/bin/env bash#!/usr/bin/env bash
consul agent -retry-join "provider=azure consul agent -retry-join "provider=azure
tag_name=consul tag_name=consul
tenant_id=${tid} tenant_id=${tid}
client_id=${cid} client_id=${cid}
subscription_id=$cid} subscription_id=$cid}
secret_access_key=${ro_key}"secret_access_key=${ro_key}"
puppet config set --section agent environment ${environment}puppet config set --section agent environment ${environment}
puppet config set --section agent server puppet.service.consulpuppet config set --section agent server puppet.service.consul
/opt/puppetlabs/bin/puppet agent -t/opt/puppetlabs/bin/puppet agent -t
30. VaultVault
● Open Source tool to do secrets managementOpen Source tool to do secrets management
● Secure, store and tightly control access toSecure, store and tightly control access to
tokens, passwords, certificates, encryption keystokens, passwords, certificates, encryption keys
for protecting secrets and other sensitive datafor protecting secrets and other sensitive data
using a UI, CLI, or HTTP API.using a UI, CLI, or HTTP API.
● Certificate managementCertificate management
● Password rotatationPassword rotatation
37. NomadNomad
● Open Source tool to do dynamic workloadOpen Source tool to do dynamic workload
schedulingscheduling
● Batch, containerized, and non-containerizedBatch, containerized, and non-containerized
applications.applications.
● Has native Consul and Vault integrations.Has native Consul and Vault integrations.
40. BoltBolt
● Open Source tool to do task orchestrationOpen Source tool to do task orchestration
● Aimed at fire and forget 2nd day operationsAimed at fire and forget 2nd day operations
41. Bolt && TerraformBolt && Terraform
~/terraform_provision/inventory.yaml~/terraform_provision/inventory.yaml
groups:groups:
- name: terraform- name: terraform
nodes: [] # This will be populated by the Bolt plannodes: [] # This will be populated by the Bolt plan
config:config:
transport: sshtransport: ssh
ssh:ssh:
private-key: ~/.ssh/id_rsa-phraselessprivate-key: ~/.ssh/id_rsa-phraseless
user: ubuntuuser: ubuntu
host-key-check: falsehost-key-check: false
49. Icinga Director & ConsulIcinga Director & Consul
github.com/attachmentgenie/icingaweb2-module-consul.gitgithub.com/attachmentgenie/icingaweb2-module-consul.git
50. Query ConsulQuery Consul
use SensioLabsConsulServiceFactory;use SensioLabsConsulServiceFactory;
public functionpublic function fetchData()fetchData()
{{
$sf = new ServiceFactory($sf = new ServiceFactory(
arrayarray('base_uri' => $this->getSetting('consul_url'))('base_uri' => $this->getSetting('consul_url'))
););
$agent = $sf->get('agent');$agent = $sf->get('agent');
return json_decode($agent->members()->getBody());return json_decode($agent->members()->getBody());
}}
public functionpublic function listColumns()listColumns()
{{
return array_keys((array) current($this->fetchData()));return array_keys((array) current($this->fetchData()));
}}