Puppet is a system for centrally specifying and managing infrastructure consisting of 3 main parts: 1) A declarative, resource-oriented language for specifying infrastructure, 2) An execution engine for applying specs repeatably, and 3) Daemons and tools that determine Puppet's distributed architecture. Puppet allows infrastructure to be coded and centrally managed from a Puppet master, bringing consistency across machines while reducing manual work. It uses SSL and provides a certificate authority to securely manage infrastructure at scale.
12. Resource Providers
• 29 package types
• Users in NetInfo, useradd, pw
• Support for Debian, Ubuntu, Red Hat, Solaris,
OS X, Gentoo, SuSE, FreeBSD, and more
• Windows support was announced this
week
13. 2) An
engine for
applying
specs
repeatably
Image from http://www.flickr.com/photos/jurvetson/480227362/sizes/l/
39. Think like Puppet
thinks
• Resources,not text snippets or
lines added to files
40. Think like Puppet
thinks
• Resources,not text snippets or
lines added to files
• What
resources are you
managing?
41. Think like Puppet
thinks
• Resources,not text snippets or
lines added to files
• What
resources are you
managing?
• How are they related to each
other?
46. Relationships
matter but are often
Configuration should get
modifed after package
installation
30
Service should restart when
Configuration configuration changes
30
Service
47. Relationships
matter but are often
Configuration should get
Package modifed after package
installation
30
Service should restart when
Configuration configuration changes
30
Service
48. Relationships provide
ordering and
notification
"Exec[createrepo-PM-RHEL5-noarch]"
"Yumrepo[PM-RHEL5-x86_64]"
"Package[postgresql-server]"
"Postgres::Role[puppet]"
"Package[thttpd]"
"File[/var/www/thttpd/html/yum-PM-RHEL5-x86_64]" "File[/var/www/thttpd/html/yum-PM-RHEL5-noarch]"
"Exec[rsync-rpmdir-PM-RHEL5-x86_64]" "Exec[rsync-rpmdir-PM-RHEL5-noarch]"
"Exec[createrepo-PM-RHEL5-x86_64]"
"Yumrepo[PM-RHEL5-noarch]"
60. Status and
Roadmap
• In production usage for years
• Aboutto release a new version with
significant internal refactoring
• Adding simple graphical tools this
year
Idempotency is what allows us to manage a machine through its whole lifecycle
client/server, cert mgmt, etc.
* Every connection is encrypted, and the only connection that isn’t authenticated is the one that asks for a signed cert
* Client certs
* Autosign, manual sign, manual certificate generation
* You don’t even have to use it
This uses the same model as the rest of puppet -- it chooses the appropriate provider for the local system. You can edit resources, and it even works over the network.
* The assembly programmers fought the adoption of C
* Fear for your career if you’re a bit too fond of assembly
* It’s not about fewer people, it’s about higher quality and productivity
* Are there more or fewer programmers today than in the days of assembly?
These are house finches, reminding one of the finches Darwin observed in the Galapagos. I want to cause sysadmin speciation.
Firefighter? Architect? Developer? Tape-changer? All of the above?
Do you have any computers?
This is shareable, releasable code.
Classes are analogous with tags
We’re doing the same thing with different commands on different platforms
And you don’t even need to centralize it.