Download - Managing Oracle Solaris Systems with Puppet

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Managing Solaris Systems with Puppet

Glynn Foster, Product ManagerOracle Solaris Core Technologies


Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

3


The Nirvana of Enterprise Cloud Computing

• Increasing business responsiveness and agility

– Rapid resource & application provisioning

– Seamless scale up and scale out

• Enabling self-service computing– Better capacity planning and asset utilization

– Centralized monitoring and reporting

• Ensuring security and compliance

– Reduce costs due to human error


Virtualization Drives Management Costs

5

0

10

20

30

40

50

60

70

80

90

$0

$50

$100

$150

$200

$250

$300

'96 '97 '98 '99 '00 '01 '02 '03 '04 '05 '06 '07 '08 '09 '10 '11 '12 '13

Servers (M)Spending ($B)

Physical Servers (M)

Virtual Servers (M)

Management & Administration


What is Puppet?

• Open source configuration management

– Written in Ruby

– Licensed under Apache License 2.0

• Defines and enforces configuration state– Ensures consistency and dependability

– Optimized for complete software lifecycle

• Scales to cloud environments

–Automation on a huge scale

–Easily extensible

6


Puppet Cross Platform Support


How Does it Work?

Client collects dataabout itself using Facts1

8

3Master compiles a catalogbased on data for how theclient should be configured

2 Client sends factsto Puppet master

4Master sends catalogback to client

5Client configures itselfand reports back to master

Puppet Master

Puppet Agents

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 9

Puppet Master

Puppet Agents

Puppet Agent / Master

Puppet Agents

Puppet Agent / Master

Puppet Agents

Puppet Master

Scaling to the Enterprise


• Co-engineered with Oracle hardware and software stack

• Highest performance with Software in Silicon

Oracle Solaris – Best for Enterprise

• Full VM lockdown

• Automated compliance monitoring and reporting

• Agile self-serviceenvironments

• Application driven SDN

• Engineered for mission critical workloads

• Zero overhead virtualization


Puppet in Oracle Solaris

• Native IPS Package

– Single package for Agent and Master

• Integrated with SMF

– Automatic service restart

– Puppet configuration through SMF stencils

• New resources for different OS features

– Packaging, Networking, SMF

11


Getting Started with Puppet

• Install Puppet Master/Agent# pkg install puppet

• Recommended: Ensure time synchronizationbetween master and agents

12

IPS Server

Puppet, Facterand dependencies



• Configure Puppet master# svccfg -s puppet:master setprop config/server = master.fqdn.com

# svccfg -s puppet:master refresh

# svcadm enable puppet:master

• Configure Puppet agent# svccfg -s puppet:agent setprop config/server = master.fqdn.com

# svccfg -s puppet:agent refresh

13

Puppet Master

Puppet Agent



• Create SSL keys/certs and test connection on agent# puppet agent --test --server master.fqdn.com

• List and sign SSL cert on master# puppet cert list

# puppet cert sign agent.fqdn.com

• Re-test and start agent# puppet agent --test --server master.fqdn.com

# svcadm enable puppet:agent

14

Puppet Master

Puppet Agent


Puppet Resources, Types and Manifests

• Resources are used to model system configuration

For example:

A package that should be installedA service that should be enabled A file that should be created

• Puppet’s Resource Abstraction Layer (RAL) consists of– High level model called a type

– A platform specific implementation called a provider

• Administrator write manifests to declare resources andtheir state using a declarative language

15


Solaris Resources Types

• Software lifecycle

– boot_environment

– package *

– pkg_facet

– pkg_mediator

– pkg_publisher

– pkg_variant

• Data management

– zfs *

– zpool *

• Service and configuration

– service *

– svccfg

• Name services– dns

– ldap

– nis

– nsswitch

• Virtualization

– zone *

16

* Upstream in Puppet community


Solaris Resources Types

• Datalinks

– address_object

– address_properties

– etherstub

– ip_tunnel

– link_aggregation

– link_properties

– vnic

– solaris_vlan

• IP

– interface_properties

– ip_interface

– vni_interface

• Users/groups

– user *

– group *

• Other– file *

– exec *

17

* Upstream in Puppet community


Resource Declarations

file { ‘/etc/passwd’:

ensure => file,

owner => ‘root’,

group => ‘root’,

mode => ‘0600’,

}

type { ‘title’:

attribute => value,

}

18


Describing Resource Types

19


Querying Puppet Resources

20


Puppet Site Manifest

• Located in /etc/puppet/manifests/site.pp

– Can centrally define resources for all clients

– Split out specific functionality using classes and modules

– Test using puppet apply --noop (masterless)

• Define desired end state goal

For example, to ensure a non-global zone is running:zone { 'myzone':

ensure => 'running',

zonecfg_export => ’zonecfg.txt',

}

21


Testing Puppet Changes

22


Applying Puppet Changes

23


Puppet Configuration with SMF Stencils

• Puppet configuration is managed through SMF

– Make changes to master and agent in SMF

– Automatically synchronizes /etc/puppet/puppet.conf

# svccfg -s puppet:master setprop config/<option> = <value>

# svccfg -s puppet:master refresh

24


Puppet Environments with SMF Service Instances

25


Good Puppet Practices

• A good approach to adopting Puppet

– Start with master-less mode

– Store configuration state in version control (GIT/Mercurial/SVN)

– Separate data from the code in manifests (Hiera)

– Transition to agent/master mode

• Use iterative process to develop

– Dev Ops!

• Take advantage of Puppet Forge– Lots of help from upstream community

26


Oracle Solaris Deployment

27

Automated Installer Image Packaging SystemUnified Archives


IPS / Automated InstallerUnified Archives / Puppet / Compliance

11.2

Secure, Compliant Application DeploymentAgile application provisioning in the cloud with Solaris

Develop & TestVerify for

ComplianceLock Down VM

Securely Deploy into Production

Generate Reports for Compliance

28

11.311.3

11.2 11.2 11.2


COMPLETE.

SDNVirtualization OpenStackOS


Puppet Resources

• Puppet Upstream Community

– http://www.puppetlabs.com

• Oracle Solaris 11 Configuration Management

– http://www.oracle.com/technetwork/server-storage/solaris11/technologies/configuration-management-2237948.html

• Oracle Solaris 11 Lifecycle Management– http://www.oracle.com/technetwork/server-storage/solaris11/technologies/lifecycle-

management-2237945.html

30

Other Resources

http://www.puppetlabs.com

http://www.oracle.com/technetwork/server-storage/solaris11/technologies/configuration-management-2237948.html

http://www.oracle.com/technetwork/server-storage/solaris11/technologies/lifecycle-management-2237945.html


More Information

• oracle.com/solaris

• @ORCL_Solaris

• facebook.com/oraclesolaris

• Oracle Solaris Insider

• blogs.oracle.com/solaris

• youtube.com/oraclesolaris

Oracle Solaris resources

Download - Managing Oracle Solaris Systems with Puppet

Top Related