Often, Docker or more generally containers and immutable infrastructure are viewed as a replacement for configuration management. This talk explains why that is not the case, and that they are in fact complementary.
Containers move the challenges that configuration management solves to different places in the application lifecycle. The talk explains where Puppet fits into this changed lifecycle, and what tools Puppet provides there.
Slides for a talk I gave at the Linux Foundation Colaboration Summit 2015
24. Gareth
Rushgrove’s
module:
https://forge.puppetlabs.com/garethr/docker
• Install
docker
• Manage
images
• Run
containers
• Version
3.3.2
just
released
25. class { 'docker':
tcp_bind => 'tcp://127.0.0.1:4243',
socket_bind => 'unix:///var/run/docker.sock',
version => latest
}
Setting
up
Docker
36. FROM fedora:20
MAINTAINER David Lutterkort <lutter@watzmann.net>
ADD puppet /tmp/puppet-docker
RUN yum -y install puppet;
/tmp/puppet-docker/bin/puppet-docker
Dockerfile
for
puppet
agent
37. > tree puppet
puppet/
├── bin
│ └── puppet-docker
├── config.yaml
└── ssl
├── agent-cert.pem
├── agent-private.pem
├── agent-public.pem
└── ca.pem
Support
files
39. FROM fedora:20
MAINTAINER David Lutterkort <lutter@watzmann.net>
ADD puppet /tmp/puppet-docker
RUN yum -y install puppet;
/tmp/puppet-docker/bin/puppet-docker
Dockerfile
for
puppet
agent
46. Links
• Manage
container
hosts
with
https://forge.puppetlabs.com/garethr/docker
• Sample
materials
for
puppet agent
etc.
at
https://github.com/lutter/puppet-‐docker
• Working
examples
https://github.com/garethr/puppet-‐docker-‐example
https://github.com/garethr/puppet-‐docker-‐vnext-‐example
Questions
?
Notes de l'éditeur
/me
~ 1.5 years at PL, before at Red Hat
provisioning → Razor
Puppet contributions back to 2006
Augeas
Who has used Docker ?
New (~ 2 years)
Best way to use
How do tools/processes need to change ?
Gives ppl most of what they really wanted from virt
Immutable artifact + application isolation
Research from the 1950’s
not just single node
traditional: package/file/service …
non-traditional:
cloud resources
network devices
manage all of it
openssl update -> restart http
sshd_config update -> restart sshd
one time setup is easy
audit changes
predict effect of changes
3 machines are easy
30 are hard
3000 impossible w/o tooling
not solved by containers, problem just shifts
Puppet since 2006
What did people do before then ?
Configuration through Documents
Word/txt/XML
PITA → Golden Image
Perl script that does everything
Consulting: Perl → Puppet
Brittle
Problematic with large numbers
custom DSL
who knows globally what is in containers ?
ops complaint: no idea what is in containers they deploy
Who’s used/using Puppet ?
“What makes it special? What is secret sauce? Why is this a superior approach?”
Infrastructure as Code
Other customization mechanisms:
Class parameters
Data injection (Hiera)
Modules
also: NC
~ 2800 modules
~ 1000 authors
Abstraction of multi-machine API
Plumb into docker module
ECS/GCE/Kubernetes
Easy way to get VM/instance with Docker up and running
Digital Ocean/EC2/Azure/GCP/desktop dirt
Integrate with Puppet mgmt
Puppet for ‘personalization’ of container
Puppet for auditing
Several possible approaches
Oneshot at container launch
run cron or init + puppetd
one agent per host