Can Puppet help you run Docker on a T2.micro?

Presented by: Neil Millardwww.mitese.co.uk

whoami

• Always programming

• IT professional since 1995

• Devops / Infrastructure as Code

• Helicopter pilot

Encryptinator!

• Uses https://github.com/TomPoulton/hiera-eyaml Ruby gem

• Containerised Sinatra app

agenda

• Masterless puppet

• Hieradata

• Roles and Profiles

• Modules

• Ordering

• AWS EC2

• Stages

• Docker

Why Masterless puppet

• Pets VS

• Scale UP

Cattle

Scale OUT

http://www.slideshare.net/gmccance/cern-data-centre-evolution - attrib Bill Baker/Microsoft

https://www.iha.com

Why Masterless puppet

• Puppet Masters

• Pets

• Maintenance

• Care

• Sometimes fragile

Why Masterless puppet

• Rebuild rather than reconfigure

• Temporary

• Build Server

-> work/develop

-> destroy server

Masterless puppet

• Bootstrapping

• Cloud-init

• userdata- Environment- Role

Masterless puppet

• Bake or not to bake?

• Preparing to run puppetTru-strap https://github.com/MSMFG/tru-strapArgs: Provisioning or configuration repository

Role + Environment Facts, for hiera lookup

• Install puppet

Masterless puppet

• Fetch configuration (infrastructure as code)

• Puppet• hieradata

• Puppetfiles

• manifests

• modules• profiles

• roles

• https://github.com/neilmillard/puppet-dockerhost

agenda

• Masterless puppet

• Hieradata

• Roles and Profiles

• Modules (via Puppetfiles)

• Ordering

• AWS EC2

• Stages

• Docker

hieradata

• Separation of data from codedocker::run { $container:

image => $image,

command => $command,

memory_limit => $memory_limit,

cpuset => $cpuset,

ports => $ports,

expose => $expose,

volumes => $volumes,

links => $links,

use_name => $use_name,

running => $running,

volumes_from => $volumes_from,

net => $net,

username => $username,

hostname => $hostname,

env => $env,

dns => $dns,

dns_search => $dns_search,

lxc_conf => $lxc_conf,

restart_service => $restart_service,

disable_network => $disable_network,

privileged => $privileged,

detach => $detach,

extra_parameters => $extra_parameters,

pull_on_start => $pull_on_start,

depends => $depends,

tty => $tty,

require => $requires,

}

eyamld:

image: "nginx"

ports:

- "80:80"

env:

- NGINX_HOST=foobar.com

- NGINX_PORT=80

use_name: true

docker::run { ‘eyamld’:

image => "nginx",

command => undef,

memory_limit => 0b,

cpuset => [],

ports => ["80:80“],

expose => [],

volumes => [],

links => [],

use_name => true,

running => true,

volumes_from => [],

net => 'bridge',

username => false,

hostname => false,

env => [NGINX_HOST=foobar.com,

NGINX_PORT=80

],

dns => [],

dns_search => [],

lxc_conf => [],

restart_service => true,

disable_network => false,

privileged => false,

detach => true,

extra_parameters => undef,

pull_on_start => false,

depends => [],

tty => false,

require => [],

}

+ =

hieradata

• Separation of data from code

• Automatic parameter lookup# In this example, $parameter's value gets set # when `myclass` is eventually declared.# Class definition:class myclass ($parameter_one = "default text") {

file {'/tmp/foo':ensure => file,content => $parameter_one,

}}

hieradata

• Separation of data from code

• Automatic parameter lookup

• Code reuse with lookups

profile::docker_containers::containers:

eyamld:

image: "nginx"

ports:

- "80:80"

env:

- NGINX_HOST=foobar.com

- NGINX_PORT=80

use_name: true

# profile::docker_containers

class profile::docker_containers

($containers={}) {

create_resources (

'profile::docker_container', $containers )

}

hieradata

• Hiera.yaml – configuration

---

:backends:

- eyaml

- yaml

:eyaml:

:datadir: /etc/puppetlabs/puppet/hieradata

:pkcs7_private_key: /etc/puppet/secure/keys/private_key.pkcs7.pem

:pkcs7_public_key: /etc/puppet/secure/keys/public_key.pkcs7.pem

:yaml:

:datadir: /etc/puppetlabs/puppet/hieradata

:hierarchy:

- "%{::init_env}/%{::init_role}"

- "%{::init_role}"

- "%{::init_env}"

- common

Roles and Profiles• Business Layer (Roles)

only includes profilesno logicone server, one role

• Implementation Layer (Profiles)Includes classesModules and Resourcescreate_resources{}

Craig Dunn - http://www.slideshare.net/PuppetLabs/roles-talkPuppet - https://docs.puppet.com/pe/2016.2/r_n_p_intro.html

http://www.slideshare.net/DaeHyung/learning-puppet-basic-thing #64

Roles and Profiles

• Defined as classes within either Roles Module or Profiles Module

• Roles contain Profiles

• Use include, require or class

class role::dockerhost {

include ::profile::base

include ::profile::os_limits

include ::profile::docker_base

include ::profile::docker_containers

class { '::profile::swapfile':

before => Class['profile::base']

}

}

# profile::docker_containers

class profile::docker_containers

($containers={}) {

create_resources (

'profile::docker_container', $containers )

}

Modules

• Puppetforge or Git (Github)

Modules

• Librarian or r10k from Puppetfile

forge "https://forgeapi.puppetlabs.com"

# Base modules

mod "saz/timezone", "3.0.1"

mod "saz/rsyslog", "4.0.2"

agenda

• Masterless puppet

• Hieradata

• Roles and Profiles

• Modules

• Ordering

• AWS EC2

• Stages

• Docker

ordering

• Puppet execution is in parallel

• Dependencies need order

anchor { 'ntp::begin': } ->

class { '::ntp::install': } ->

class { '::ntp::config': } ~>

class { '::ntp::service': } ->

anchor { 'ntp::end': }

ordering

• Require and beforeclass { ‘install-ssl':

installdir => "$installdir",

require => Exec['unarchive-source'],

before => File['copy-init-file'],

}

ordering

• ->

• Everything else is attempted at the same time

->

class { ‘install-ssl':

installdir => "$installdir",

}

->

The Puppet Run

• Puppet catalog compilation

• Puppet catalog apply

http://www.slideshare.net/bernstein_aaron/puppet-introduction-26593192 #25

Data

Hieradata

agenda

• Masterless puppet

• Hieradata

• Roles and Profiles

• Modules

• Ordering

• AWS EC2

• Stages

• Docker

AWS EC2

• Flexible workloads

• Is limiting on memory

• May need a swapfile

Model vCPU (burst) Mem (GiB)

t2.nano 1 0.5

t2.micro 1 1

t2.small 1 2

t2.medium 2 4

t2.large 2 8

Stages

• Simple manifests best

• swapfile stage

stage { 'swapfile':

before => Stage['main'],

}

class { '::profile::swapfile':

stage => swapfile

before => Class['profile::base']

}

Stages

• Catalog compiles

• Runs each stage based on order

Notice: Compiled catalog for ip-10-96-4-130.internal in environment production in 2.10

Notice: /Stage[swapfile]/Profile::Swapfile/Exec[Create swap file /mnt/swap.1]/returns:

Notice: /Stage[swapfile]/Profile::Swapfile/File[/mnt/swap.1]/mode: mode changed '0644'

...

Notice: /Stage[main]/Profile::Docker_base/Exec[yum install -y docker-io]/returns:

Notice: /Stage[main]/Docker::Service/File[/etc/sysconfig/docker]/content: content

Stages

• Ordering across stages WILL break

• WARNING – use with care. Can cause dependency cycles

agenda

• Masterless puppet

• Hieradata

• Roles and Profiles

• Modules

• Ordering

• AWS EC2

• Stages

• Docker

Docker

• Containershttps://docs.docker.com/engine/understanding-docker/

Docker

• WhaleSay$ docker run docker/whalesay cowsay boo Unable to find image 'docker/whalesay:latest' locally latest: Pulling from docker/whalesaye9e06b06e14c: Pull completea82efea989f9: Pull complete37bea4ee0c81: Pull complete...99da72cfe067: Pull complete5d5bd9951e26: Pull completefb434121fc77: Already exists Digest: sha256:d6ee73f978a366cf97974115abe9c4099ed59c6f75c23d03c64446bb9cd49163 Status: Downloaded newer image for docker/whalesay:latest_____ < boo >-----\

Docker

• Dockerhost configurationdocker run --name eweb -p 80:80 –e “NGINX_HOST=foobar.com” –e “NGINX_PORT=80” –d nginx

• Docker compose

profile::docker_containers::containers:

eweb:

image: "nginx"

ports:

- "80:80"

env:

- NGINX_HOST=foobar.com

- NGINX_PORT=80

use_name: true

# profile::docker_containers

class profile::docker_containers

($containers={}) {

create_resources (

'profile::docker_container', $containers )

}

Docker

• Volumes

• Network

• Resource Constraints

• Ref: https://docs.docker.com/engine/reference/run/

Docker

• Production?

• Serverless

• Jenkins builds

• Scale

Docker

• Swarm

https://docs.docker.com/engine/swarm/swarm-tutorial/

https://github.com/jimfdavies/vagrant-docker-swarm

• Amazon EC2 Container Servicecontainer management that supports Docker containers

Can Puppet help you run Docker on a T2.micro?

• Boot, prep and build instance

• Puppet builds catalog and apply configuration from your heiradata

• Fetch images and run dockercontainers

Neil Millard

Mitese Groupw: www.mitese.co.uk & https://github.com/neilmillarde: neil@mitese.co.uk