london puppet camp 2015: hiscox
TRANSCRIPT
![Page 1: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/1.jpg)
Six Weird Facts about Puppet on Windows… and more facts worth knowing3 November 2015Presented by Jeremy McGee and Steven Hawkins
![Page 2: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/2.jpg)
Disclaimer:This is probably not the recommended approach. But it works for us
![Page 3: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/3.jpg)
Who are Hiscox?
3
USAAtlantaChicagoLos AngelesNew York CitySan FranciscoWhite Plains
GuernseySt Peter Port
Latin American gatewayMiami
BermudaHamilton
EuropeAmsterdamBordeauxBrusselsCologneDublinHamburgLisbonLyonMadridMunichParis
UKBirminghamColchesterGlasgowLeedsLondonMaidenheadManchesterYorkAsiaBangkok Hong KongSingapore
International specialist insurer£2.0B in GWP 2,000 employees
![Page 4: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/4.jpg)
The Hiscox IT landscape
Hiscox is an insurance company.Where possible we buy, not build.The organisation relies on customised, packaged applications.This has its own challenges.
4
![Page 5: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/5.jpg)
Deployment stack
5
Pace
of chan
ge
Stage Item Examples ToolsReady Application
componentsDLLs, SQL scripts, configuration
IBM UrbanCodeOctopus Deploy
Deployed Middleware IIS, JBoss Puppet
Configured Server configuration
NTFS, registry PuppetInstalled Server
applicationsAV, SQL Server VMware
templatesBuilt Operating
systemOS, partitions, AD membership
VMwaretemplates
Provisioned Orchestration CMP/ITSM VMwarePurchased Requisition CMP/ITSM
Pace
of chan
ge
![Page 6: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/6.jpg)
Using Puppet on Windows
![Page 7: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/7.jpg)
Installation
7
![Page 8: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/8.jpg)
Puppet Agent is Ruby-based and cross-platform
8
![Page 9: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/9.jpg)
Weird Fact Number OneYou need a Linux master
![Page 10: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/10.jpg)
The Puppet Master is just a file system
10
![Page 11: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/11.jpg)
Weird Fact Number TwoThere’s no package manager
![Page 12: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/12.jpg)
Package manager alternatives
There’s Chocolatey, which is immature;the usual “Programs and Features” control panel, which doesn’t handle versions well;storing each file individually, which doesn’t scale;or direct use of archives, which is ugly.
12
![Page 13: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/13.jpg)
I like archives: the best of a poor choice
13
![Page 14: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/14.jpg)
Windows Package Manager
Chocolatey is the way to go as far as package management for Puppet on Windows, but how does it work for enterprise?Not so well, it turns out. Packages vary in quality and most go off to other provider’s Web sites for installers.So, take control:
– Write your own Chocolatey packages– Manage Chocolatey packages and providers’ installers locally
14
![Page 15: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/15.jpg)
Chocolatey configuration
- It’s actually quite simple to write your own Chocolatey puppet module. We change the following configuration- Disable ‘chocolatey’ source- Add a new source to your internal Chocolateyrepository- Set
autoUninstaller = trueallowGlobalConfirmation = truefailOnAutoUninstaller = true- Add an API key to be able to push new packages to your internal Chocolatey repository
15
![Page 16: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/16.jpg)
Creating a Chocolatey packageis easier than might you think- choco newThen edit as needed. Finally- cpack- choco push
16
![Page 17: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/17.jpg)
Creating a ChocolateypackageLive Demo
17
![Page 18: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/18.jpg)
Great – but what does this mean for Puppet?
18
Becomes...
![Page 19: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/19.jpg)
Great – but what does this mean for Puppet?
19
This!!!
![Page 20: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/20.jpg)
Weird Fact Number ThreeThere are backslashes as path separators, and spaces in filenames
![Page 21: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/21.jpg)
That module again
21
!
!
!?
![Page 22: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/22.jpg)
PowerShell to the rescue
22
![Page 23: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/23.jpg)
Weird Fact Number FourPowerShell isn’t the default provider
![Page 24: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/24.jpg)
Weird Fact Number FiveWindows ACLs are special
![Page 25: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/25.jpg)
Windows and ACLs
Puppet supports Windows access control lists natively, but the defaults are Linux style, not Windows.So you won’t get what you expect.Typically, Administrator won’t have access.We use native Windows utilities to apply permissions and wrap this up in PowerShell modules.
![Page 26: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/26.jpg)
Weird Fact Number SixIt all works very well
![Page 27: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/27.jpg)
Our results
We have 120+ test servers, 22+ environments, and in total about 20 modules in use.We have 100% automation of deployments from bare operating system to production deployments.We have no access to production servers.This has saved several thousand pounds over alternative approaches and means we can deploy much more frequently.
27
![Page 28: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/28.jpg)
Some other facts worth knowing
![Page 29: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/29.jpg)
We found this the hard way
The Puppet documentation is just the start. Network with colleagues across your organisation and in other companies too.Invest in a training / scratch environment.Keep abreast of new Puppet modules.Buy Puppet Enterprise support. It’s good!
29
![Page 30: London Puppet Camp 2015: Hiscox](https://reader033.vdocuments.mx/reader033/viewer/2022042908/58f2a45b1a28ab27088b459f/html5/thumbnails/30.jpg)
Thank youwww.hiscox.co.uk@jeremymcgee