SlideShare une entreprise Scribd logo

Unix Automation using centralized configuration management tool

T
Torrid Networks Private Limited
Technologie
1  sur  3
Télécharger pour lire hors ligne
Admin  |  How To _______________________________________________________________________________________________________ pet Pup w Sho Automating UNIX Administration A Puppet show can turn out to be real entertainment for UNIX administrators. I n the UNIX operating system problems in the UNIX environment occur due everything is a file, which makes to ad-hoc changes, which can be mitigated it an easy-to-manage and by following proper change management administrator-friendly system. procedures. Handling and monitoring ad-hoc The traditional way of managing UNIX was changes, and restoring the previous state, to use the telnet interface, but being a plain- remains a challenge for organisations. text protocol, telnet exposes you to the risk of Meeting such challenges is quite workable network snooping and compromise of login for a small set-up of 1-20 servers and a dedicated credentials. SSH works on an encrypted channel UNIX administration. But during hardware to overcome the snooping issues. A UNIX failure or other problems, where the servers administrator can SSH into the box from a need to be reconfigured from scratch, it takes a remote machine and change the configuration lot of effort and time in restoring the servers to or execute commands remotely. the previous state. To handle such scenarios, a Generally, it is considered a good practice to quick solution would be to hire another UNIX take a configuration backup before making any administrator who could act as a secondary changes to the production configuration so that resource and offloads other activities from the the old configuration is available for roll-back. primary resource during disaster conditions. Also, as a part of the organisation’s policy, the Think about a scenario of managing a same base configuration should be configured globally-distributed data centre with 500 *NIX on all the servers to reflect consistency and as servers or more, comprising Solaris, Debian, a server-hardening practice. A majority of the Ubuntu, Fedora, CentOS, etc. Here, servers 40  |  June 2009 | LInuX For You | www.LinuxForu.com
____________________________________________________________________________________________________________ How To  |  Admin are running with the same base configuration and packages, where configuration files need to be checked-out to a version- Client Client Client controlled repository. Only planned changes are allowed and the previous configuration state is restored for unplanned puppetd puppetd puppetd changes. Additionally, centralised user and policy management, along with automated configuration recovery during disaster conditions are required. In such a case, building a team of 10-20 administrators would not be a recommended approach. Network Rather, using a centralised configuration tool to automate the administration tasks would be a better option to follow. Along with commercial tools like BladeLogic and OpsWare, there are a couple of open source systems automation and configuration management tools available like Bcfg2, Cfengine puppet Master and Puppet. Cfengine has been an administrator’s favourite configuration management framework since the past few years Figure 1: A typical Puppet set-up and is widely being used by many companies. Puppet turns out to be a next-generation configuration management tool to 5. Now, create a sample manifest file to start the Puppet overcome many of Cfengine’s weaknesses. server. This is just a test manifest and more complex Puppet is written in Ruby and is released under the GPL. It manifests can be created using this tool, which will be supports a number of operating systems like CentOS, Debian, demonstrated later. Put the following contents into the file FreeBSD, Gentoo, OpenBSD, Solaris, SuSE Linux, Ubuntu, using Vim or any other text editor. The purpose here is to etc. Puppet is being used by many organisations including create /tmp/testfile on a node (puppet client) if it doesn’t Google, which uses it to manage all Mac desktops, laptops and exist: Linux clients. A list of other Puppet users can be fetched from class test_class { reductivelabs.com/trac/puppet/wiki/WhosUsingPuppet file { “/tmp/testfile”: ensure => present, Puppet installation mode => 644, Puppet installation is fairly easy and is, in fact, a matter owner => root, of seconds. Puppet runs in client-server configuration, group => root where the client polls the server at port 8140 every 30 } minutes to check for the new instructions or to match the } configuration files. The client also listens to a port to have node puppetclient { push-updates from the server. In Puppet terminology, a include test_class client is called a Puppet node and a server is called a Puppet } master. Figure 1 shows the set-up. The following few steps demonstrate the installation In the above content, the upper section defines a steps for the CentOS operating system—a similar approach class named test_class that ensures that /tmp/testfile with can be followed for other supported systems: the defined permission is present on the client where On the server side: the class will be included. In the lower section, client 1. Define the hostname for server as puppet.domain.com puppetclient includes the test_class and Puppet will create 2. Puppet can be installed using yum, but packages are not the file with the set permission on puppetclient if it doesn’t part of the default CentOS repositories or installation DVD. already exist. Once done, start the Puppet server using the Even though it is available at DAG’s repository, the versions following command: are outdated. The best repository for Puppet is EPEL (Extra service puppetmaster start Packages for Enterprise Linux—see fedoraproject.org/wiki/ 6. The Puppet server is now installed and configured to listen EPEL). Puppet RPMs can either be directly downloaded to incoming connections from agents. Default installation and installed, or the yum repository can be configured to comes with Webrick, which is not a good Web server to do the job. To use the EPEL repository, run the following handle loads from a higher number of Puppet agents. command as a root user: Apache and Mongrel can solve this problem. Refer to the rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release- Puppet wiki for instructions on configuring Puppet with 5-3.noarch.rpm Mongrel. 3. Now install the Puppet server by issuing the following On the client side: command: 1. Define the hostname for the server as puppetclient. yum install puppet-server domain.com 4. Install ruby-rdoc to enable Puppet command line help: 2. Configure the EPEL repository using the following yum install ruby-rdoc command again: www.LinuxForu.com | LInuX For You | June 2009 | 41
Admin  |  How To ____________________________________________________________________________________________________________ rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release- exec { “/usr/sbin/start_vhost”: } 5-3.noarch.rpm } 3. Install puppet and ruby-rdoc: Sample 4: To start a service as per the remote operating yum install puppet ruby-rdoc system: This completes installation of the Puppet server class httpd_service_start { and client. case $operatingsystem { Before proceeding further, make sure that the redhat: { service { “httpd”: ensure => running }} systems timing for the Puppet server and client are in debian: { service { “apache”: ensure => running }} sync. Now, from the client, issue the following command default: { service { “apache2”: ensure => running }} to get approval from the server as its subscriber: } puppetd --verbose --server puppet.domain.com } This will display the following output: Sample 5: To create a user: info: Creating a new certificate request for pclient.torridnetworks.com class virt_users { info: Creating a new SSL key at /var/lib/puppet/ssl/private_keys/ @user { “jsmith”: puppetclient.domain.com.pem ensure => “present”, In the above command, the client has raised a uid => “507”, request to the server to be registered as a subscriber. Now, gid => “507”, the server needs to approve the subscriptions. To view the comment => “John Smith”, pending subscriptions, issue the following command on home => “/nfs/HR/home/jsmith”, the server: shell => “/bin/bash”, puppetca --list } The above command will give the name of the node Sample 6: To manage Cron job: that needs to be approved or signed by the server. In the class set_cron_syscheck { next command, sign that node: cron { “syscheck”: puppetca -s puppetclient.domain.com command => “/usr/bin/syscheck”, Once the client is approved by the server, the class user => “root”, assigned to the client will be executed. In this case, a file hour => “18”, /tmp/testfile will be created on puppetclient.domain.com. minute => “0” If the created file is deleted, it will be recreated on the next } polling, i.e., within the next 30 minutes. } Once the basic Puppet infrastructure is ready, Sample 7: Transferring a file from the Puppet server: different classes can be created to accomplish different class httpd_conf{ tasks. file { “httpd.conf”: source => “puppet://puppetmaster/httpd/conf/httpd.conf” Some sample Puppet classes } Below are a few sample classes for quick reference. } Sample 1: To install Apache and run the httpd service: Of course, much more detailed manifests can be created class apache { to manage multiple servers with heterogeneous UNIX package { httpd: ensure => installed } operating systems. Subversion can be configured with service { “httpd”: Puppet to store configuration files and track changes, so ensure => running, that the changes can be reverted to a previous state. require => Package[“httpd”], Reporting is one of the important aspects of a } configuration management system. Reporting from a } configuration management system can provide information Sample 2: To stop the mdmdp service: on performance and compliance to policies and standards. class redhat { Puppet’s reporting engine is limited at this stage, but still service { allows some useful basic reporting that can be graphed and “mdmdp”: displayed. enable => true, So, all in all, Puppet can be a real boost for UNIX ensure => stopped, administrators. } } By: Dhruv Soi Sample 3: To execute commands: The author is the founder and principal consultant, Torrid class start_vhost { Networks, and chair, OWASP India. He can be reached at $noop = true dhruv.soi@torridnet.com exec { “/usr/sbin/start_ws”: } 42  |  June 2009 | LInuX For You | www.LinuxForu.com

Recommandé

Lavigne sept11 bsdmag
Lavigne sept11 bsdmagLavigne sept11 bsdmag
Lavigne sept11 bsdmagDru Lavigne
 
Asiabsdcon14 lavigne
Asiabsdcon14 lavigneAsiabsdcon14 lavigne
Asiabsdcon14 lavigneDru Lavigne
 
Installation
InstallationInstallation
Installationrumoorthyit
 
Cluster management (supercomputer)
Cluster management (supercomputer)Cluster management (supercomputer)
Cluster management (supercomputer)Hary HarysMatta
 
Ilf2013
Ilf2013Ilf2013
Ilf2013Dru Lavigne
 
Domino9on centos6
Domino9on centos6Domino9on centos6
Domino9on centos6a8us
 
Howto Pxeboot
Howto PxebootHowto Pxeboot
Howto PxebootRogério Sampaio
 
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...mfrancis
 

Recommandé

Lavigne sept11 bsdmag
Lavigne sept11 bsdmagLavigne sept11 bsdmag
Lavigne sept11 bsdmagDru Lavigne
 
Asiabsdcon14 lavigne
Asiabsdcon14 lavigneAsiabsdcon14 lavigne
Asiabsdcon14 lavigneDru Lavigne
 
Installation
InstallationInstallation
Installationrumoorthyit
 
Cluster management (supercomputer)
Cluster management (supercomputer)Cluster management (supercomputer)
Cluster management (supercomputer)Hary HarysMatta
 
Ilf2013
Ilf2013Ilf2013
Ilf2013Dru Lavigne
 
Domino9on centos6
Domino9on centos6Domino9on centos6
Domino9on centos6a8us
 
Howto Pxeboot
Howto PxebootHowto Pxeboot
Howto PxebootRogério Sampaio
 
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...
OSGi provisioning deep dive and demo (Subsystems, Repository, Contracts and m...mfrancis
 
Vcenter Server Appliance - Testing
Vcenter Server Appliance - TestingVcenter Server Appliance - Testing
Vcenter Server Appliance - TestingHary HarysMatta
 
Lavigne bsdmag july
Lavigne bsdmag julyLavigne bsdmag july
Lavigne bsdmag julyDru Lavigne
 
Tlf2014
Tlf2014Tlf2014
Tlf2014Dru Lavigne
 
Fedora Atomic Workshop handout for Fudcon Pune 2015
Fedora Atomic Workshop handout for Fudcon Pune 2015Fedora Atomic Workshop handout for Fudcon Pune 2015
Fedora Atomic Workshop handout for Fudcon Pune 2015rranjithrajaram
 
Article may11 bsdmag
Article may11 bsdmagArticle may11 bsdmag
Article may11 bsdmagDru Lavigne
 
101 1.2 boot the system
101 1.2 boot the system101 1.2 boot the system
101 1.2 boot the systemAcácio Oliveira
 
Automated Amazon EC2 Cloud deployments with openQRM
Automated Amazon EC2 Cloud deployments with openQRMAutomated Amazon EC2 Cloud deployments with openQRM
Automated Amazon EC2 Cloud deployments with openQRMopenQRM Enterprise GmbH
 
.ppt
.ppt.ppt
.pptwebhostingguy
 
Simplify and run your development environments with Vagrant on OpenStack
Simplify and run your development environments with Vagrant on OpenStackSimplify and run your development environments with Vagrant on OpenStack
Simplify and run your development environments with Vagrant on OpenStackB1 Systems GmbH
 
Medooze MCU Video Multiconference Server Installation and configuration guide...
Medooze MCU Video Multiconference Server Installation and configuration guide...Medooze MCU Video Multiconference Server Installation and configuration guide...
Medooze MCU Video Multiconference Server Installation and configuration guide...sreeharsha43
 
Ilf2011
Ilf2011Ilf2011
Ilf2011Dru Lavigne
 
Comparação entre XenServer 6.2 e VMware VSphere 5.1 - Comparison of Citrix Xe...
Comparação entre XenServer 6.2 e VMware VSphere 5.1 - Comparison of Citrix Xe...Comparação entre XenServer 6.2 e VMware VSphere 5.1 - Comparison of Citrix Xe...
Comparação entre XenServer 6.2 e VMware VSphere 5.1 - Comparison of Citrix Xe...Lorscheider Santiago
 
12 yum
12 yum12 yum
12 yumjosemanuelacostarendon
 
Mancoosi
MancoosiMancoosi
MancoosifOSSa - Free Open Source Software Academia Conference
 
Asiabsdcon15
Asiabsdcon15Asiabsdcon15
Asiabsdcon15Dru Lavigne
 
02.12.2012 ubuntu 12.1 server guide
02.12.2012 ubuntu 12.1 server guide02.12.2012 ubuntu 12.1 server guide
02.12.2012 ubuntu 12.1 server guideEl Alex Andrade
 
PXE Lot or PXE Lite
PXE Lot or PXE LitePXE Lot or PXE Lite
PXE Lot or PXE Lite1E: Software Lifecycle Automation
 
Relax and Recover on POWER (Updated 05-2017)
Relax and Recover on POWER (Updated 05-2017)Relax and Recover on POWER (Updated 05-2017)
Relax and Recover on POWER (Updated 05-2017)Sebastien Chabrolles
 
Testing real-time Linux. What to test and how
Testing real-time Linux. What to test and how Testing real-time Linux. What to test and how
Testing real-time Linux. What to test and how Chirag Jog
 
Linux Desktop Automation
Linux Desktop AutomationLinux Desktop Automation
Linux Desktop AutomationRui Lapa
 
Scalable Systems Management with Puppet
Scalable Systems Management with PuppetScalable Systems Management with Puppet
Scalable Systems Management with PuppetPuppet
 
Scalable systems management with puppet
Scalable systems management with puppetScalable systems management with puppet
Scalable systems management with puppetPuppet
 

Contenu connexe

Tendances

Vcenter Server Appliance - Testing
Vcenter Server Appliance - TestingVcenter Server Appliance - Testing
Vcenter Server Appliance - TestingHary HarysMatta
 
Lavigne bsdmag july
Lavigne bsdmag julyLavigne bsdmag july
Lavigne bsdmag julyDru Lavigne
 
Fedora Atomic Workshop handout for Fudcon Pune 2015
Fedora Atomic Workshop handout for Fudcon Pune 2015Fedora Atomic Workshop handout for Fudcon Pune 2015
Fedora Atomic Workshop handout for Fudcon Pune 2015rranjithrajaram
 
Article may11 bsdmag
Article may11 bsdmagArticle may11 bsdmag
Article may11 bsdmagDru Lavigne
 
Automated Amazon EC2 Cloud deployments with openQRM
Automated Amazon EC2 Cloud deployments with openQRMAutomated Amazon EC2 Cloud deployments with openQRM
Automated Amazon EC2 Cloud deployments with openQRMopenQRM Enterprise GmbH
 
Simplify and run your development environments with Vagrant on OpenStack
Simplify and run your development environments with Vagrant on OpenStackSimplify and run your development environments with Vagrant on OpenStack
Simplify and run your development environments with Vagrant on OpenStackB1 Systems GmbH
 
Medooze MCU Video Multiconference Server Installation and configuration guide...
Medooze MCU Video Multiconference Server Installation and configuration guide...Medooze MCU Video Multiconference Server Installation and configuration guide...
Medooze MCU Video Multiconference Server Installation and configuration guide...sreeharsha43
 
Comparação entre XenServer 6.2 e VMware VSphere 5.1 - Comparison of Citrix Xe...
Comparação entre XenServer 6.2 e VMware VSphere 5.1 - Comparison of Citrix Xe...Comparação entre XenServer 6.2 e VMware VSphere 5.1 - Comparison of Citrix Xe...
Comparação entre XenServer 6.2 e VMware VSphere 5.1 - Comparison of Citrix Xe...Lorscheider Santiago
 
02.12.2012 ubuntu 12.1 server guide
02.12.2012 ubuntu 12.1 server guide02.12.2012 ubuntu 12.1 server guide
02.12.2012 ubuntu 12.1 server guideEl Alex Andrade
 
Relax and Recover on POWER (Updated 05-2017)
Relax and Recover on POWER (Updated 05-2017)Relax and Recover on POWER (Updated 05-2017)
Relax and Recover on POWER (Updated 05-2017)Sebastien Chabrolles
 
Testing real-time Linux. What to test and how
Testing real-time Linux. What to test and how Testing real-time Linux. What to test and how
Testing real-time Linux. What to test and how Chirag Jog
 
Linux Desktop Automation
Linux Desktop AutomationLinux Desktop Automation
Linux Desktop AutomationRui Lapa
 

Tendances (20)

Vcenter Server Appliance - Testing
Vcenter Server Appliance - TestingVcenter Server Appliance - Testing
Vcenter Server Appliance - Testing
 
Lavigne bsdmag july
Lavigne bsdmag julyLavigne bsdmag july
Lavigne bsdmag july
 
Tlf2014
Tlf2014Tlf2014
Tlf2014
 
Fedora Atomic Workshop handout for Fudcon Pune 2015
Fedora Atomic Workshop handout for Fudcon Pune 2015Fedora Atomic Workshop handout for Fudcon Pune 2015
Fedora Atomic Workshop handout for Fudcon Pune 2015
 
Article may11 bsdmag
Article may11 bsdmagArticle may11 bsdmag
Article may11 bsdmag
 
101 1.2 boot the system
101 1.2 boot the system101 1.2 boot the system
101 1.2 boot the system
 
Automated Amazon EC2 Cloud deployments with openQRM
Automated Amazon EC2 Cloud deployments with openQRMAutomated Amazon EC2 Cloud deployments with openQRM
Automated Amazon EC2 Cloud deployments with openQRM
 
.ppt
.ppt.ppt
.ppt
 
Simplify and run your development environments with Vagrant on OpenStack
Simplify and run your development environments with Vagrant on OpenStackSimplify and run your development environments with Vagrant on OpenStack
Simplify and run your development environments with Vagrant on OpenStack
 
Medooze MCU Video Multiconference Server Installation and configuration guide...
Medooze MCU Video Multiconference Server Installation and configuration guide...Medooze MCU Video Multiconference Server Installation and configuration guide...
Medooze MCU Video Multiconference Server Installation and configuration guide...
 
Ilf2011
Ilf2011Ilf2011
Ilf2011
 
Comparação entre XenServer 6.2 e VMware VSphere 5.1 - Comparison of Citrix Xe...
Comparação entre XenServer 6.2 e VMware VSphere 5.1 - Comparison of Citrix Xe...Comparação entre XenServer 6.2 e VMware VSphere 5.1 - Comparison of Citrix Xe...
Comparação entre XenServer 6.2 e VMware VSphere 5.1 - Comparison of Citrix Xe...
 
12 yum
12 yum12 yum
12 yum
 
Mancoosi
MancoosiMancoosi
Mancoosi
 
Asiabsdcon15
Asiabsdcon15Asiabsdcon15
Asiabsdcon15
 
02.12.2012 ubuntu 12.1 server guide
02.12.2012 ubuntu 12.1 server guide02.12.2012 ubuntu 12.1 server guide
02.12.2012 ubuntu 12.1 server guide
 
PXE Lot or PXE Lite
PXE Lot or PXE LitePXE Lot or PXE Lite
PXE Lot or PXE Lite
 
Relax and Recover on POWER (Updated 05-2017)
Relax and Recover on POWER (Updated 05-2017)Relax and Recover on POWER (Updated 05-2017)
Relax and Recover on POWER (Updated 05-2017)
 
Testing real-time Linux. What to test and how
Testing real-time Linux. What to test and how Testing real-time Linux. What to test and how
Testing real-time Linux. What to test and how
 
Linux Desktop Automation
Linux Desktop AutomationLinux Desktop Automation
Linux Desktop Automation
 

Similaire à Unix Automation using centralized configuration management tool

Scalable Systems Management with Puppet
Scalable Systems Management with PuppetScalable Systems Management with Puppet
Scalable Systems Management with PuppetPuppet
 
Scalable systems management with puppet
Scalable systems management with puppetScalable systems management with puppet
Scalable systems management with puppetPuppet
 
Instalando Cacti no CentOS 5
Instalando Cacti no CentOS 5Instalando Cacti no CentOS 5
Instalando Cacti no CentOS 5Carlos Eduardo
 
The Switch as a Server - PuppetConf 2014
The Switch as a Server - PuppetConf 2014The Switch as a Server - PuppetConf 2014
The Switch as a Server - PuppetConf 2014Puppet
 
the NML project
the NML projectthe NML project
the NML projectLei Yang
 
Puppet slides for intelligrape
Puppet slides for intelligrapePuppet slides for intelligrape
Puppet slides for intelligrapeSharad Aggarwal
 
One click deployment
One click deploymentOne click deployment
One click deploymentAlex Su
 
Enabling ceph-mgr to control Ceph services via Kubernetes
Enabling ceph-mgr to control Ceph services via KubernetesEnabling ceph-mgr to control Ceph services via Kubernetes
Enabling ceph-mgr to control Ceph services via Kubernetesmountpoint.io
 
Eucalyptus on Xen - Build Enterprise Private Cloud | Torry Harris Whitepaper
Eucalyptus on Xen - Build Enterprise Private Cloud | Torry Harris WhitepaperEucalyptus on Xen - Build Enterprise Private Cloud | Torry Harris Whitepaper
Eucalyptus on Xen - Build Enterprise Private Cloud | Torry Harris WhitepaperTorry Harris Business Solutions
 
Manage your switches like servers
Manage your switches like serversManage your switches like servers
Manage your switches like serversCumulus Networks
 
Ovms ops manager_admin
Ovms ops manager_adminOvms ops manager_admin
Ovms ops manager_adminsati1981
 
Drupal Continuous Integration with Jenkins - The Basics
Drupal Continuous Integration with Jenkins - The BasicsDrupal Continuous Integration with Jenkins - The Basics
Drupal Continuous Integration with Jenkins - The BasicsJohn Smith
 
Install websphere message broker 8 RHEL 6 64 bits
Install websphere message broker 8 RHEL 6 64 bitsInstall websphere message broker 8 RHEL 6 64 bits
Install websphere message broker 8 RHEL 6 64 bitsManuel Vega
 
4 implementation
4 implementation4 implementation
4 implementationhanmya
 
final proposal-Xen based Hypervisor in a Box
final proposal-Xen based Hypervisor in a Boxfinal proposal-Xen based Hypervisor in a Box
final proposal-Xen based Hypervisor in a BoxParamkusham Shruthi
 
John Spray - Ceph in Kubernetes
John Spray - Ceph in KubernetesJohn Spray - Ceph in Kubernetes
John Spray - Ceph in KubernetesShapeBlue
 
Know thyubuntu
Know thyubuntuKnow thyubuntu
Know thyubuntuchkmao
 
Deploying datacenters with Puppet - PuppetCamp Europe 2010
Deploying datacenters with Puppet - PuppetCamp Europe 2010Deploying datacenters with Puppet - PuppetCamp Europe 2010
Deploying datacenters with Puppet - PuppetCamp Europe 2010Puppet
 
Nuxeo5 - Continuous Integration
Nuxeo5 - Continuous IntegrationNuxeo5 - Continuous Integration
Nuxeo5 - Continuous IntegrationPASCAL Jean Marie
 

Similaire à Unix Automation using centralized configuration management tool (20)

Scalable Systems Management with Puppet
Scalable Systems Management with PuppetScalable Systems Management with Puppet
Scalable Systems Management with Puppet
 
Scalable systems management with puppet
Scalable systems management with puppetScalable systems management with puppet
Scalable systems management with puppet
 
Puppet demo
Puppet demoPuppet demo
Puppet demo
 
Instalando Cacti no CentOS 5
Instalando Cacti no CentOS 5Instalando Cacti no CentOS 5
Instalando Cacti no CentOS 5
 
The Switch as a Server - PuppetConf 2014
The Switch as a Server - PuppetConf 2014The Switch as a Server - PuppetConf 2014
The Switch as a Server - PuppetConf 2014
 
the NML project
the NML projectthe NML project
the NML project
 
Puppet slides for intelligrape
Puppet slides for intelligrapePuppet slides for intelligrape
Puppet slides for intelligrape
 
One click deployment
One click deploymentOne click deployment
One click deployment
 
Enabling ceph-mgr to control Ceph services via Kubernetes
Enabling ceph-mgr to control Ceph services via KubernetesEnabling ceph-mgr to control Ceph services via Kubernetes
Enabling ceph-mgr to control Ceph services via Kubernetes
 
Eucalyptus on Xen - Build Enterprise Private Cloud | Torry Harris Whitepaper
Eucalyptus on Xen - Build Enterprise Private Cloud | Torry Harris WhitepaperEucalyptus on Xen - Build Enterprise Private Cloud | Torry Harris Whitepaper
Eucalyptus on Xen - Build Enterprise Private Cloud | Torry Harris Whitepaper
 
Manage your switches like servers
Manage your switches like serversManage your switches like servers
Manage your switches like servers
 
Ovms ops manager_admin
Ovms ops manager_adminOvms ops manager_admin
Ovms ops manager_admin
 
Drupal Continuous Integration with Jenkins - The Basics
Drupal Continuous Integration with Jenkins - The BasicsDrupal Continuous Integration with Jenkins - The Basics
Drupal Continuous Integration with Jenkins - The Basics
 
Install websphere message broker 8 RHEL 6 64 bits
Install websphere message broker 8 RHEL 6 64 bitsInstall websphere message broker 8 RHEL 6 64 bits
Install websphere message broker 8 RHEL 6 64 bits
 
4 implementation
4 implementation4 implementation
4 implementation
 
final proposal-Xen based Hypervisor in a Box
final proposal-Xen based Hypervisor in a Boxfinal proposal-Xen based Hypervisor in a Box
final proposal-Xen based Hypervisor in a Box
 
John Spray - Ceph in Kubernetes
John Spray - Ceph in KubernetesJohn Spray - Ceph in Kubernetes
John Spray - Ceph in Kubernetes
 
Know thyubuntu
Know thyubuntuKnow thyubuntu
Know thyubuntu
 
Deploying datacenters with Puppet - PuppetCamp Europe 2010
Deploying datacenters with Puppet - PuppetCamp Europe 2010Deploying datacenters with Puppet - PuppetCamp Europe 2010
Deploying datacenters with Puppet - PuppetCamp Europe 2010
 
Nuxeo5 - Continuous Integration
Nuxeo5 - Continuous IntegrationNuxeo5 - Continuous Integration
Nuxeo5 - Continuous Integration
 

Dernier

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Dernier (20)

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Unix Automation using centralized configuration management tool

  • 1. Admin  |  How To _______________________________________________________________________________________________________ pet Pup w Sho Automating UNIX Administration A Puppet show can turn out to be real entertainment for UNIX administrators. I n the UNIX operating system problems in the UNIX environment occur due everything is a file, which makes to ad-hoc changes, which can be mitigated it an easy-to-manage and by following proper change management administrator-friendly system. procedures. Handling and monitoring ad-hoc The traditional way of managing UNIX was changes, and restoring the previous state, to use the telnet interface, but being a plain- remains a challenge for organisations. text protocol, telnet exposes you to the risk of Meeting such challenges is quite workable network snooping and compromise of login for a small set-up of 1-20 servers and a dedicated credentials. SSH works on an encrypted channel UNIX administration. But during hardware to overcome the snooping issues. A UNIX failure or other problems, where the servers administrator can SSH into the box from a need to be reconfigured from scratch, it takes a remote machine and change the configuration lot of effort and time in restoring the servers to or execute commands remotely. the previous state. To handle such scenarios, a Generally, it is considered a good practice to quick solution would be to hire another UNIX take a configuration backup before making any administrator who could act as a secondary changes to the production configuration so that resource and offloads other activities from the the old configuration is available for roll-back. primary resource during disaster conditions. Also, as a part of the organisation’s policy, the Think about a scenario of managing a same base configuration should be configured globally-distributed data centre with 500 *NIX on all the servers to reflect consistency and as servers or more, comprising Solaris, Debian, a server-hardening practice. A majority of the Ubuntu, Fedora, CentOS, etc. Here, servers 40  |  June 2009 | LInuX For You | www.LinuxForu.com
  • 2. ____________________________________________________________________________________________________________ How To  |  Admin are running with the same base configuration and packages, where configuration files need to be checked-out to a version- Client Client Client controlled repository. Only planned changes are allowed and the previous configuration state is restored for unplanned puppetd puppetd puppetd changes. Additionally, centralised user and policy management, along with automated configuration recovery during disaster conditions are required. In such a case, building a team of 10-20 administrators would not be a recommended approach. Network Rather, using a centralised configuration tool to automate the administration tasks would be a better option to follow. Along with commercial tools like BladeLogic and OpsWare, there are a couple of open source systems automation and configuration management tools available like Bcfg2, Cfengine puppet Master and Puppet. Cfengine has been an administrator’s favourite configuration management framework since the past few years Figure 1: A typical Puppet set-up and is widely being used by many companies. Puppet turns out to be a next-generation configuration management tool to 5. Now, create a sample manifest file to start the Puppet overcome many of Cfengine’s weaknesses. server. This is just a test manifest and more complex Puppet is written in Ruby and is released under the GPL. It manifests can be created using this tool, which will be supports a number of operating systems like CentOS, Debian, demonstrated later. Put the following contents into the file FreeBSD, Gentoo, OpenBSD, Solaris, SuSE Linux, Ubuntu, using Vim or any other text editor. The purpose here is to etc. Puppet is being used by many organisations including create /tmp/testfile on a node (puppet client) if it doesn’t Google, which uses it to manage all Mac desktops, laptops and exist: Linux clients. A list of other Puppet users can be fetched from class test_class { reductivelabs.com/trac/puppet/wiki/WhosUsingPuppet file { “/tmp/testfile”: ensure => present, Puppet installation mode => 644, Puppet installation is fairly easy and is, in fact, a matter owner => root, of seconds. Puppet runs in client-server configuration, group => root where the client polls the server at port 8140 every 30 } minutes to check for the new instructions or to match the } configuration files. The client also listens to a port to have node puppetclient { push-updates from the server. In Puppet terminology, a include test_class client is called a Puppet node and a server is called a Puppet } master. Figure 1 shows the set-up. The following few steps demonstrate the installation In the above content, the upper section defines a steps for the CentOS operating system—a similar approach class named test_class that ensures that /tmp/testfile with can be followed for other supported systems: the defined permission is present on the client where On the server side: the class will be included. In the lower section, client 1. Define the hostname for server as puppet.domain.com puppetclient includes the test_class and Puppet will create 2. Puppet can be installed using yum, but packages are not the file with the set permission on puppetclient if it doesn’t part of the default CentOS repositories or installation DVD. already exist. Once done, start the Puppet server using the Even though it is available at DAG’s repository, the versions following command: are outdated. The best repository for Puppet is EPEL (Extra service puppetmaster start Packages for Enterprise Linux—see fedoraproject.org/wiki/ 6. The Puppet server is now installed and configured to listen EPEL). Puppet RPMs can either be directly downloaded to incoming connections from agents. Default installation and installed, or the yum repository can be configured to comes with Webrick, which is not a good Web server to do the job. To use the EPEL repository, run the following handle loads from a higher number of Puppet agents. command as a root user: Apache and Mongrel can solve this problem. Refer to the rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release- Puppet wiki for instructions on configuring Puppet with 5-3.noarch.rpm Mongrel. 3. Now install the Puppet server by issuing the following On the client side: command: 1. Define the hostname for the server as puppetclient. yum install puppet-server domain.com 4. Install ruby-rdoc to enable Puppet command line help: 2. Configure the EPEL repository using the following yum install ruby-rdoc command again: www.LinuxForu.com | LInuX For You | June 2009 | 41
  • 3. Admin  |  How To ____________________________________________________________________________________________________________ rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release- exec { “/usr/sbin/start_vhost”: } 5-3.noarch.rpm } 3. Install puppet and ruby-rdoc: Sample 4: To start a service as per the remote operating yum install puppet ruby-rdoc system: This completes installation of the Puppet server class httpd_service_start { and client. case $operatingsystem { Before proceeding further, make sure that the redhat: { service { “httpd”: ensure => running }} systems timing for the Puppet server and client are in debian: { service { “apache”: ensure => running }} sync. Now, from the client, issue the following command default: { service { “apache2”: ensure => running }} to get approval from the server as its subscriber: } puppetd --verbose --server puppet.domain.com } This will display the following output: Sample 5: To create a user: info: Creating a new certificate request for pclient.torridnetworks.com class virt_users { info: Creating a new SSL key at /var/lib/puppet/ssl/private_keys/ @user { “jsmith”: puppetclient.domain.com.pem ensure => “present”, In the above command, the client has raised a uid => “507”, request to the server to be registered as a subscriber. Now, gid => “507”, the server needs to approve the subscriptions. To view the comment => “John Smith”, pending subscriptions, issue the following command on home => “/nfs/HR/home/jsmith”, the server: shell => “/bin/bash”, puppetca --list } The above command will give the name of the node Sample 6: To manage Cron job: that needs to be approved or signed by the server. In the class set_cron_syscheck { next command, sign that node: cron { “syscheck”: puppetca -s puppetclient.domain.com command => “/usr/bin/syscheck”, Once the client is approved by the server, the class user => “root”, assigned to the client will be executed. In this case, a file hour => “18”, /tmp/testfile will be created on puppetclient.domain.com. minute => “0” If the created file is deleted, it will be recreated on the next } polling, i.e., within the next 30 minutes. } Once the basic Puppet infrastructure is ready, Sample 7: Transferring a file from the Puppet server: different classes can be created to accomplish different class httpd_conf{ tasks. file { “httpd.conf”: source => “puppet://puppetmaster/httpd/conf/httpd.conf” Some sample Puppet classes } Below are a few sample classes for quick reference. } Sample 1: To install Apache and run the httpd service: Of course, much more detailed manifests can be created class apache { to manage multiple servers with heterogeneous UNIX package { httpd: ensure => installed } operating systems. Subversion can be configured with service { “httpd”: Puppet to store configuration files and track changes, so ensure => running, that the changes can be reverted to a previous state. require => Package[“httpd”], Reporting is one of the important aspects of a } configuration management system. Reporting from a } configuration management system can provide information Sample 2: To stop the mdmdp service: on performance and compliance to policies and standards. class redhat { Puppet’s reporting engine is limited at this stage, but still service { allows some useful basic reporting that can be graphed and “mdmdp”: displayed. enable => true, So, all in all, Puppet can be a real boost for UNIX ensure => stopped, administrators. } } By: Dhruv Soi Sample 3: To execute commands: The author is the founder and principal consultant, Torrid class start_vhost { Networks, and chair, OWASP India. He can be reached at $noop = true dhruv.soi@torridnet.com exec { “/usr/sbin/start_ws”: } 42  |  June 2009 | LInuX For You | www.LinuxForu.com