2014-11-11 multiple approaches to managing puppet modules @ puppet camp seattle

Multiple approaches tomanaging your Puppet

modulesPuppet Camp Seattle

2014-11-11

Seattle, WA

LearnPuppet.comGarrett Honeycutt

[email protected]@learnpuppet

mailto:[email protected]

https://twitter.com/learnpuppet

# whoami

http://www.linkedin.com/in/garretthoneycutt© 2014 GH Solutions, LLC

http://www.linkedin.com/in/garretthoneycutt

LearnPuppet.comAudits

Consulting

TrainingAdvanced Topics with Test Driven Development

© 2014 GH Solutions, LLC

http://learnpuppet.com

@fossetcon


https://twitter.com/fossetcon

ModulesA module is a self contained directory structure for encapsulating

puppet code.© 2014 GH Solutions, LLC

Metadata# Modulefile

name 'ghoneycutt-nscd'version '1.0.2'source 'git://github.com/ghoneycutt/puppet-module-nscd.git'author 'ghoneycutt'license 'Apache License, Version 2.0'summary 'manage NSCD - name service cache daemon'description 'Manage every aspect of NSCD - name service cache daemon'project_page 'https://github.com/ghoneycutt/puppet-module-nscd'dependency 'puppetlabs/stdlib', '>= 3.2.0'


Metadata# metadata.json{ "name": "ghoneycutt-nscd", "version": "1.0.2", "author": "ghoneycutt", "summary": "manage NSCD - name service cache daemon", "license": "Apache License, Version 2.0", "source": "git://github.com/ghoneycutt/puppet-module-nscd.git", "project_page": "https://github.com/ghoneycutt/puppet-module-nscd", "issues_url": "https://github.com/ghoneycutt/puppet-module-nscd/issues", "description": "Manage every aspect of NSCD - name service cache daemon", "dependencies": [ {"name":"puppetlabs/stdlib","version_requirement":">= 3.2.0"} ]}


SkeletonProvides a template for generating new modules

https://github.com/ghoneycutt/puppet-module-skeleton

$ git clone https://github.com/ghoneycutt/puppet-module-skeleton$ VARDIR=`puppet config print vardir`$ mkdir -p $VARDIR/puppet-module/skeleton/$ rsync -avp --exclude .git puppet-module-skeleton/ \ $VARDIR/puppet-module/skeleton/


https://github.com/ghoneycutt/puppet-module-skeleton

Generate a module$ cd /etc/puppet/modules$ puppet module generate <forgename>-<modulename>$ mv <forgename-modulename> <modulename>


Componentsghoneycutt-motdghoneycutt-motd/.fixtures.ymlghoneycutt-motd/.gitignoreghoneycutt-motd/.travis.ymlghoneycutt-motd/Gemfileghoneycutt-motd/LICENSEghoneycutt-motd/Modulefileghoneycutt-motd/README.mdghoneycutt-motd/Rakefileghoneycutt-motd/manifestsghoneycutt-motd/manifests/init.ppghoneycutt-motd/specghoneycutt-motd/spec/classesghoneycutt-motd/spec/classes/init_spec.rbghoneycutt-motd/spec/fixturesghoneycutt-motd/spec/fixtures/manifestsghoneycutt-motd/spec/fixtures/manifests/site.ppghoneycutt-motd/spec/fixtures/modulesghoneycutt-motd/spec/spec_helper.rbghoneycutt-motd/testsghoneycutt-motd/tests/init.pp

In the beginning...Things were simple. We stuck all of our modules into one repo.Luke told me it was a good idea and we spent time puppetizing

the setup.© 2014 GH Solutions, LLC

In the beginning...That was 2008.


Looking backEveryone has to be on the same release cycle or you get

dependency issues.© 2014 GH Solutions, LLC

ScaleThis scales to one organization with one release cycle who are

not concerned with others using their code.© 2014 GH Solutions, LLC

Pro'sEasy to get started


Con'sEverything is released at the same time

Promotes forking

Merge hell© 2014 GH Solutions, LLC

AnalysisAvoid at all costs.

Separate repo for each module© 2014 GH Solutions, LLC

PuppetfileSimple file that lists your modules, where to get them, and at what version.

# git repomod 'nscd', :git => 'git://github.com/ghoneycutt/puppet-module-nscd.git', :ref => 'v1.0.0'


PuppetfileAlso supports the Puppet Forge

# puppet forgeforge 'https://forgeapi.puppetlabs.com'mod 'puppetlabs/stdlib', '4.2.1'


PuppetfileCan be validated and kept under revision control.

ruby -c Puppetfile© 2014 GH Solutions, LLC

ghoneycutt's puppet-moduleshttps://github.com/ghoneycutt/puppet-modules

All of the modules and their dependencies that I write, use, and support.

apache inittab pam rubyapt localization passenger selinuxcommon make pe_gem sshconcat motd portage stdlibdnsclient mysql postgresql sysklogdfacter network puppet timezonefirewall nfs puppetdb typesgcc nisclient r10k utilsgit nrpe rancid vcsrepohosts nscd redhat vimhtpasswd nsswitch rpcbind wgetinifile ntp rsyslog xinetd


https://github.com/ghoneycutt/puppet-modules

Puppet < 3.6Search path for modules

modulepath = /etc/puppet/environments/$environment/modules:/etc/puppet/modules


Puppet >= 3.6modulepath is deprecated

Warning: Setting modulepath is deprecated in puppet.conf. Seehttp://links.puppetlabs.com/env-settings-deprecations (at/usr/lib/ruby/site_ruby/1.8/puppet/settings.rb:1095:in`issue_deprecations')


Puppet >= 3.6environmentpath = /etc/puppet/environmentsbasemodulepath = /etc/puppet/modules


environmentpathA search path for directory environments. Under $environmentpath are directories for each

$environment and under those are modules and manifests.

/etc/puppet/environments├── dev│ ├── manifests│ │ └── site.pp│ └── modules│ ├── apache│ ├── ...│ └── zookeeper├── fix_it│ ├── manifests│ │ └── site.pp│ └── modules│ ├── apache│ ├── ...│ └── zookeeper└── production ├── manifests │ └── site.pp └── modules ├── apache ├── ... └── zookeeper


basemodulepathSearch path for global modules. This is essentially appended to the modulepath.

basemodulepath = /var/local/ghoneycutt-modules© 2014 GH Solutions, LLC

Managed by RyanColeman

@ryanycoleman

https://twitter.com/ryanycoleman

Puppet ForgeRepo of puppet modules with dependency tracking.


Puppet Forge -- Demo Time

search

# puppet module search openstackinstall

# puppet module install puppetlabs-openstack© 2014 GH Solutions, LLC

Search by metadata


Pro'sGreat way to find new modules

Can filter by OS and Puppet version

Can install from command line

Resolves dependencies© 2014 GH Solutions, LLC

Con'sInstalling from the command line leavesyou without something to track inversion control.

Resolving dependencies based onmodules' metadata can be troublesome.


AnalysisUse the forge to find modules

Install from the command line whendeveloping to make note of yourdependencies

Potentially use forge in your Puppetfile© 2014 GH Solutions, LLC

Written by Tim Sharpe@rodjek


https://twitter.com/rodjek

librarian-puppetIterates through Puppetfile and recursively solves dependencies

for you.© 2014 GH Solutions, LLC

Installation# sudo gem install -V librarian-puppet

Usage# cd /path/to/dir_with_Puppetfile# librarian-puppet install -v


Pro'sUses a Puppetfile, so you havesomething in version control

Handles dependencies© 2014 GH Solutions, LLC

Con'sHandles dependencies - this is anightmare with a large set of diversemodules


AnalysisAfter experiencing a lot of frustration with the dependency

management, I gave up on this and moved to librarian-puppet-simple. Big props to Tim for writing this and Puppetfile which has

became a standard.© 2014 GH Solutions, LLC

Written by Dan Bode@bodepd


https://twitter.com/bodepd

librarian-puppet-simpleIterates through Puppetfile without any dependency management.


Installation# sudo gem install -V librarian-puppet-simple

UsageSimilar to librarian-puppet

# cd /path/to/dir_with_Puppetfile# librarian-puppet install -v


Pro'sNo dependency management

Uses a Puppetfile, so you havesomething in version control


Con's..nope..


AnalysisDan is my hero. After becoming frustrated with librarian-puppet'sdependency management, this tool simply iterates over a list of

modules, which is awesomely simple.© 2014 GH Solutions, LLC

Written by Adrien Thebo@nullfinch


https://twitter.com/nullfinch

InstallationThere's a module for that https://github.com/acidprime/r10k


https://github.com/acidprime/r10k

Work flow[foo@laptop]# git checkout -b fixit \ vi Puppetfile \ ruby -c Puppetfile \ git commit -a \ git push origin fixit[root@puppet]# r10k deploy environment -vp && \ service httpd graceful


Automate deploy step with ssh keys# Hiera entry using ghoneycutt/sshssh::keys: r10k: ensure: 'present' user: 'root' type: 'rsa' key: 'AAAAB3Nz....' options: 'command="/usr/bin/r10k deploy environment -vp \ && /sbin/service httpd graceful"'# ~/.ssh/config on your workstationHost r10k User root Hostname puppet.example.com IdentityFile /Users/gh/.ssh/r10k

[foo@laptop]# ssh r10k© 2014 GH Solutions, LLC

Add a rake task

# Rakefiletask :deploy do sh 'ssh r10k'end[foo@laptop]# rake deploy


MCollectiveinclude r10k::mcollective from acidprime/r10k

[foo@laptop]$ mco r10k synchronize© 2014 GH Solutions, LLC

https://github.com/acidprime/r10k

Pro'sMake's it really easy to do development

Do not need access to the puppetmaster

Uses a Puppetfile, so you havesomething in version control


Con's..nope..

You need a centralized git repo, which hopefully you already have:)


AnalysisThebo is my hero, r10k provides an easy work flow for developersto make changes in their environment all without shell access on

the puppet master.© 2014 GH Solutions, LLC

Continued LearningPuppet modules

Use my modules https://github.com/ghoneycutt/puppet-modulesand send me pull requests.



Continued LearningRuby

Follow facter and submit pull requests.© 2014 GH Solutions, LLC

https://github.com/puppetlabs/facter/

Continued LearningAsk and Solve Puppet questions

https://ask.puppetlabs.com - Recommend the weekly digest.© 2014 GH Solutions, LLC

https://ask.puppetlabs.com

Continued LearningPuppet modules

Use my modules https://github.com/ghoneycutt/puppet-modulesand send me pull requests.

Ruby

Follow facter and submit pull requests.

Ask and Solve Puppet questions

https://ask.puppetlabs.com - Recommend the weekly digest.© 2014 GH Solutions, LLC


https://github.com/puppetlabs/facter/

https://ask.puppetlabs.com

Multiple approaches tomanaging your Puppet

modulesPuppet Camp Seattle

2014-11-11

Seattle, WA

LearnPuppet.comGarrett Honeycutt

[email protected]@learnpuppet

mailto:[email protected]

https://twitter.com/learnpuppet

2014-11-11 multiple approaches to managing puppet modules @ puppet camp seattle

Engineering