Managing Network DevicesNan Liu // Sept. 27, 2012

Monday, September 17, 12

Network Devices

• Why Puppet?

• Puppet Device

• Load Balancer Demo

• Developing Devices (Advanced)

Monday, September 17, 12

Application Deployment

• Server + Puppet

• ???

• Profit!

Monday, September 17, 12

Missing Step?

• Linking Application Services

Monday, September 17, 12

#puppetize

• Network Device + Puppet

Monday, September 17, 12

Puppet Proxy Agent

• Certificates

• Retrieves Device Plugins

• Retrieves Device Catalog

• Connects to Device

• Apply Device Resources

• Reports to Master

Monday, September 17, 12

Proxy Agent

• WorkflowDevice Proxy Agent Puppet Master

Device Connect

Plugins

Custom Facts

Finish

Report?

Compile Catalog(functions)

Apply Catalog

puppet report

Report Procesor

Device Cert

Device resource

Monday, September 17, 12

Commands

• facter

• puppet resource

• puppet apply (maybe)

• puppet device

Monday, September 17, 12

Device.conf

• $confdir/device.conf:[node1_name]type <device_type>url <protocol://username:password@url/>

[node2_name]type <device_type>url <protocol://username:password@url/>

Monday, September 17, 12

Device $vardir

• $vardir(/var/lib/puppet /var/opt/lib/pe-puppet)# tree ./devices└── f5.puppetlabs.lan ├── client_yaml ├── facts ├── ssl └── state

Monday, September 17, 12

Puppet Resource

• Abstraction (Type/Provider)

• Declarative (Language)

• Idempotent (Enforcement)

Monday, September 17, 12

Manifest v.s. GUIf5_pool { 'apt.puppetlabs.com':  ensure => 'present',  action_on_service_down => 'SERVICE_DOWN_ACTION_NONE',  allow_nat_state => 'STATE_ENABLED',  allow_snat_state => 'STATE_ENABLED',  client_ip_tos => '65535',  client_link_qos => '65535',  gateway_failsafe_unit_id => '0',  lb_method => 'LB_METHOD_ROUND_ROBIN',  member => {'10.10.0.22:8080' => {...}, '10.10.0.23:8080' => {...}, '10.10.0.24:80' => {...}},  minimum_active_member => '0',  minimum_up_member => '0',  minimum_up_member_action => 'HA_ACTION_FAILOVER',  minimum_up_member_enabled_state => 'STATE_DISABLED',  monitor_association => {...},  server_ip_tos => '65535',  server_link_qos => '65535',  simple_timeout => '0',  slow_ramp_time => '10',}

Monday, September 17, 12

Manifests = Text

• Version Control

• Auditing

• Workflow

Monday, September 17, 12

Resource Demo

• export FACTER_url=https://admin:admin@f5/

• puppet resource f5_*

Monday, September 17, 12

Web Module

• web::site definition:define web::site (  $port = '80', # F5 pool member settings:  $connection_limit = '0',  $dynamic_ratio = '1',  $priority = '0',  $ratio = '1') { # setup web service.}

Monday, September 17, 12

Web Server Nodes

• webservers nodes:node /^webserver21/ {  web::site { 'apt.puppetlabs.com':     port => '8080',  }}

node /^webserver22/ {  web::site { 'apt.puppetlabs.com':    port => '80',    connection_limit => '100',  }  web::site { 'yum.puppetlabs.com':    port => '8080',  }}

Monday, September 17, 12

Composing Services

• Network Device = Nodesnode 'f5.puppetlabs.lan' { f5_virtualserver { 'apt.puppetlabs.com':   ...  }  f5_pool { 'apt.puppetlabs.com':   ...  }  f5_monitor { 'apt.puppetlabs.com':    ...  }}

Monday, September 17, 12

Problem?

• f5_pool member ip address:

Monday, September 17, 12

Export Resources?• ONLY export/collect resources.

• f5_poolmember ?

f5_pool { 'apt.puppetlabs.com':  ensure => 'present',  lb_method => 'LB_METHOD_ROUND_ROBIN',  member => { '10.10.0.22:8080' => {},                 '10.10.0.23:8081' => {},            '10.10.0.24:80' => {},  },}

Monday, September 17, 12

Resources Meta Type

• Puppet Resources:

• Does not support Resource subset =/purge poolmember in pool ‘X’ ?

resources { 'f5_poolmember':  purge => true,}

Monday, September 17, 12

Query Puppet DB

• ruby-puppetdb:https://github.com/ripienaar/ruby-puppetdb

• puppetdb query:https://github.com/dalen/puppet-puppetdbquery

Monday, September 17, 12

Puppet Catalog

• Puppet Catalog = Resources + Relationship

• Facts + Manifests => compilation => Catalog

Agent Master

Facts

Monday, September 17, 12

Puppet Catalog

• Puppet Catalog = Resources + Relationship

• Facts + Manifests => compilation => Catalog

Agent Master

Facts

Monday, September 17, 12

Puppet Catalog

• Puppet Catalog = Resources + Relationship

• Facts + Manifests => compilation => Catalog

Agent Master

Monday, September 17, 12

Puppet Catalog

• Puppet Catalog = Resources + Relationship

• Facts + Manifests => compilation => Catalog

Agent Master

Monday, September 17, 12

Puppet Catalog

• Puppet Catalog = Resources + Relationship

• Facts + Manifests => compilation => Catalog

Agent Master

Monday, September 17, 12

Puppet Catalog

• Puppet Catalog = Resources + Relationship

• Facts + Manifests => compilation => Catalog

Agent Master

Catalog

Monday, September 17, 12

Puppet Catalog

• Puppet Catalog = Resources + Relationship

• Facts + Manifests => compilation => Catalog

Agent Master

Catalog

Monday, September 17, 12

Puppet DB

• Stores all client catalogs

Web Server 1 Web Server 2

Master Puppet DB

Monday, September 17, 12

Puppet DB

• Stores all client catalogs

Web Server 1 Web Server 2

Master Puppet DB

Monday, September 17, 12

Puppet DB

• Stores all client catalogs

Web Server 1 Web Server 2

Master Puppet DB

Monday, September 17, 12

Puppet DB

• Stores all client catalogs

Web Server 1 Web Server 2

Master Puppet DB

Monday, September 17, 12

Puppet DB

• Stores all client catalogs

Web Server 1 Web Server 2

Master Puppet DB

Monday, September 17, 12

web::loadbalancerdefine web::loadbalancer (   $site = $name, $address, $port = 80) {   f5_virtualserver { $name:    ensure => 'present',    connection_limit => '0',    default_pool_name => $name,    destination => "${address}:${port}",    require => F5_pool[$name],  } # $member = ???  f5_pool { $name:    ensure => 'present',    lb_method => 'LB_METHOD_ROUND_ROBIN',    member => $member,  }}

Monday, September 17, 12

Query Puppet DB

• puppet query resource --query='Class[web::server]' --filter='Web::Site[apt.puppetlabs.com]' --render-as yaml "Web::Site[apt.puppetlabs.com]": - parameters: port: "8080" nodes: - webserver22 - webserver23 - parameters: port: "80" connection_limit: "100" nodes: - webserver24

Monday, September 17, 12

Pool Member

• Results

$ip_facts = query_facts('ipaddress', 'Class[web::server]')$websites = query_resources('Class[web::server]', "Web::Site[${site}]")$member = web_poolmember($ip_facts, $websites)

{ "10.0.2.24:80" => { "connection_limit" => "0",  "ratio" => "1",    "priority" => "3", "dynamic_ratio" => "1" },  "10.0.2.22:8080" => { "connection_limit" => "0", "ratio" => "1",    "priority" => "1",    "dynamic_ratio" => "1"}}

Monday, September 17, 12

Device Node

• F5 node:node 'f5.puppetlabs.lan' {  web::loadbalancer { 'apt.puppetlabs.com':    address => '192.168.1.200',  }  web::loadbalancer { 'yum.puppetlabs.com':    address => '192.168.1.201',  }  web::loadbalancer { 'download.puppetlabs.com':     address => '192.168.1.202',  }}

Monday, September 17, 12

Demo

• Update web::site deployment

• Update F5 Loadbalancer

Monday, September 17, 12

Developing Devices

• WARNING:Recommend developing regular Puppet Type/Provider first.Recommend developing regular Puppet Type/Provider first.Recommend developing regular Puppet Type/Provider first.Recommend developing regular Puppet Type/Provider first....

• Puppet Type/Provider Session (Dan)

Monday, September 17, 12

Developing Devices

• Transport

• Facter

• Type

• Provider (retrieve/set)

Monday, September 17, 12

Transport

• device.conf

• telnet

• ssh

• iControl (SOAP)

• (netconf)

[node_name]type <device_type>url <protocol://username:password@url/>

Monday, September 17, 12

Initialize Device

• puppet/util/network_device.rbclass Puppet::Util::NetworkDevice  ...  def self.init(device)    require "puppet/util/network_device/#{device.provider}/device"    @current = Puppet::Util::NetworkDevice. const_get(device.provider.capitalize). const_get(:Device).new(device.url)  rescue => detail    raise "Can't load #{device.provider} for #{device.name}: #{detail}"  endend

Monday, September 17, 12

device.rb

• puppet/util/network_device/<type>/device.rbclass Puppet::Util::NetworkDevice::Juniper

  attr_accessor :url, :transport

  def initialize(url)    @url = URI.parse(url)    @transport = Puppet::Util::NetworkDevice::Transport::Juniper.new    end   end

  def facts    @facts ||= Puppet::Util::NetworkDevice::Transport::Juniper::facts.new(@transport)    @facts.retrieve  endend

Monday, September 17, 12

Device Facts

• puppet/util/network_device/<type>/facts.rb

Monday, September 17, 12

Type

• apply_to_all

• apply_to_host

• apply_to_devicePuppet::Type.newtype(:f5_monitor) do  @doc = "Manage F5 monitor."  apply_to_device  ensurable  ...  newproperty(:template_state) do    desc "The monitor templates' enabled/disabled states."    newvalues(/^STATE_(DISABLED|ENABLED)$/)  endend

Monday, September 17, 12

Provider• ssh/telnet:

output = transport.command('sh interface')

• Access custom transport:  def self.transport    if Facter.value(:url) then      Puppet.debug "F5: connecting via facter url."      @device ||= Puppet::Util::NetworkDevice::F5::Device.new(Facter.value(:url))    else      @device ||= Puppet::Util::NetworkDevice.current      raise Puppet::Error, "Error Msg..." unless @device    end

    @tranport = @device.transport  end

Monday, September 17, 12

Testing

• Puppet Resource (self.instances)

• Puppet Apply (apply_to_host)

Monday, September 17, 12

Future

• Software defined infrastructure

• Systems (Google Compute Engine as Resource)

• Application (puppet agent)

• Network (puppet device)

Monday, September 17, 12

Questions?

Monday, September 17, 12

Thank you for attending

Monday, September 17, 12