puppet and software delivery
TRANSCRIPT
Puppet and Software deliveryPuppet and Software deliveryPuppet and Software deliveryPuppet and Software deliveryPuppet and Software deliveryPuppet and Software deliveryPuppet and Software deliveryPuppet and Software deliveryPuppet and Software deliveryPuppet and Software deliveryPuppet and Software deliveryPuppet and Software deliveryPuppet and Software deliveryPuppet and Software deliveryPuppet and Software deliveryPuppet and Software deliveryPuppet and Software delivery
Shipping your product with Puppet codeShipping your product with Puppet codeShipping your product with Puppet codeShipping your product with Puppet codeShipping your product with Puppet codeShipping your product with Puppet codeShipping your product with Puppet codeShipping your product with Puppet codeShipping your product with Puppet codeShipping your product with Puppet codeShipping your product with Puppet codeShipping your product with Puppet codeShipping your product with Puppet codeShipping your product with Puppet codeShipping your product with Puppet codeShipping your product with Puppet codeShipping your product with Puppet code
Julien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien Pivotto
Belgian Puppet User GroupBelgian Puppet User GroupBelgian Puppet User GroupBelgian Puppet User GroupBelgian Puppet User GroupBelgian Puppet User GroupBelgian Puppet User GroupBelgian Puppet User GroupBelgian Puppet User GroupBelgian Puppet User GroupBelgian Puppet User GroupBelgian Puppet User GroupBelgian Puppet User GroupBelgian Puppet User GroupBelgian Puppet User GroupBelgian Puppet User GroupBelgian Puppet User GroupMarch 17, 2015March 17, 2015March 17, 2015March 17, 2015March 17, 2015March 17, 2015March 17, 2015March 17, 2015March 17, 2015March 17, 2015March 17, 2015March 17, 2015March 17, 2015March 17, 2015March 17, 2015March 17, 2015March 17, 2015
$::user$::user$::user$::user$::user$::user$::user$::user$::user$::user$::user$::user$::user$::user$::user$::user$::userJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien Pivotto
• Open-Source consultant at inuits.euOpen-Source consultant at inuits.euOpen-Source consultant at inuits.euOpen-Source consultant at inuits.euOpen-Source consultant at inuits.euOpen-Source consultant at inuits.euOpen-Source consultant at inuits.euOpen-Source consultant at inuits.euOpen-Source consultant at inuits.euOpen-Source consultant at inuits.euOpen-Source consultant at inuits.euOpen-Source consultant at inuits.euOpen-Source consultant at inuits.euOpen-Source consultant at inuits.euOpen-Source consultant at inuits.euOpen-Source consultant at inuits.euOpen-Source consultant at inuits.eu
• Puppet User since 2011Puppet User since 2011Puppet User since 2011Puppet User since 2011Puppet User since 2011Puppet User since 2011Puppet User since 2011Puppet User since 2011Puppet User since 2011Puppet User since 2011Puppet User since 2011Puppet User since 2011Puppet User since 2011Puppet User since 2011Puppet User since 2011Puppet User since 2011Puppet User since 2011• Speaker/attendee at PuppetcampsSpeaker/attendee at PuppetcampsSpeaker/attendee at PuppetcampsSpeaker/attendee at PuppetcampsSpeaker/attendee at PuppetcampsSpeaker/attendee at PuppetcampsSpeaker/attendee at PuppetcampsSpeaker/attendee at PuppetcampsSpeaker/attendee at PuppetcampsSpeaker/attendee at PuppetcampsSpeaker/attendee at PuppetcampsSpeaker/attendee at PuppetcampsSpeaker/attendee at PuppetcampsSpeaker/attendee at PuppetcampsSpeaker/attendee at PuppetcampsSpeaker/attendee at PuppetcampsSpeaker/attendee at Puppetcamps• Member of the Belgian PUGMember of the Belgian PUGMember of the Belgian PUGMember of the Belgian PUGMember of the Belgian PUGMember of the Belgian PUGMember of the Belgian PUGMember of the Belgian PUGMember of the Belgian PUGMember of the Belgian PUGMember of the Belgian PUGMember of the Belgian PUGMember of the Belgian PUGMember of the Belgian PUGMember of the Belgian PUGMember of the Belgian PUGMember of the Belgian PUG• Puppet core contributorPuppet core contributorPuppet core contributorPuppet core contributorPuppet core contributorPuppet core contributorPuppet core contributorPuppet core contributorPuppet core contributorPuppet core contributorPuppet core contributorPuppet core contributorPuppet core contributorPuppet core contributorPuppet core contributorPuppet core contributorPuppet core contributor• Puppet(labs) modules contributorPuppet(labs) modules contributorPuppet(labs) modules contributorPuppet(labs) modules contributorPuppet(labs) modules contributorPuppet(labs) modules contributorPuppet(labs) modules contributorPuppet(labs) modules contributorPuppet(labs) modules contributorPuppet(labs) modules contributorPuppet(labs) modules contributorPuppet(labs) modules contributorPuppet(labs) modules contributorPuppet(labs) modules contributorPuppet(labs) modules contributorPuppet(labs) modules contributorPuppet(labs) modules contributor• @roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie on irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/githubon irc/twitter/github
Welcome in 2015Welcome in 2015Welcome in 2015Welcome in 2015Welcome in 2015Welcome in 2015Welcome in 2015Welcome in 2015Welcome in 2015Welcome in 2015Welcome in 2015Welcome in 2015Welcome in 2015Welcome in 2015Welcome in 2015Welcome in 2015Welcome in 2015
• VVVVVVVVVVVVVVVVVirtualization• CCCCCCCCCCCCCCCCContainers• CCCCCCCCCCCCCCCCCloud• SSSSSSSSSSSSSSSSStateless software• SSSSSSSSSSSSSSSSScalable daemons
Distributing SoftwareDistributing SoftwareDistributing SoftwareDistributing SoftwareDistributing SoftwareDistributing SoftwareDistributing SoftwareDistributing SoftwareDistributing SoftwareDistributing SoftwareDistributing SoftwareDistributing SoftwareDistributing SoftwareDistributing SoftwareDistributing SoftwareDistributing SoftwareDistributing Software
• Plain FTP (+SCM)Plain FTP (+SCM)Plain FTP (+SCM)Plain FTP (+SCM)Plain FTP (+SCM)Plain FTP (+SCM)Plain FTP (+SCM)Plain FTP (+SCM)Plain FTP (+SCM)Plain FTP (+SCM)Plain FTP (+SCM)Plain FTP (+SCM)Plain FTP (+SCM)Plain FTP (+SCM)Plain FTP (+SCM)Plain FTP (+SCM)Plain FTP (+SCM)• TarballTarballTarballTarballTarballTarballTarballTarballTarballTarballTarballTarballTarballTarballTarballTarballTarball• Self-extracting tarballSelf-extracting tarballSelf-extracting tarballSelf-extracting tarballSelf-extracting tarballSelf-extracting tarballSelf-extracting tarballSelf-extracting tarballSelf-extracting tarballSelf-extracting tarballSelf-extracting tarballSelf-extracting tarballSelf-extracting tarballSelf-extracting tarballSelf-extracting tarballSelf-extracting tarballSelf-extracting tarball• curl|bashcurl|bashcurl|bashcurl|bashcurl|bashcurl|bashcurl|bashcurl|bashcurl|bashcurl|bashcurl|bashcurl|bashcurl|bashcurl|bashcurl|bashcurl|bashcurl|bash• Containers? What's inside?Containers? What's inside?Containers? What's inside?Containers? What's inside?Containers? What's inside?Containers? What's inside?Containers? What's inside?Containers? What's inside?Containers? What's inside?Containers? What's inside?Containers? What's inside?Containers? What's inside?Containers? What's inside?Containers? What's inside?Containers? What's inside?Containers? What's inside?Containers? What's inside?• Packages (.deb, .rpm,…)Packages (.deb, .rpm,…)Packages (.deb, .rpm,…)Packages (.deb, .rpm,…)Packages (.deb, .rpm,…)Packages (.deb, .rpm,…)Packages (.deb, .rpm,…)Packages (.deb, .rpm,…)Packages (.deb, .rpm,…)Packages (.deb, .rpm,…)Packages (.deb, .rpm,…)Packages (.deb, .rpm,…)Packages (.deb, .rpm,…)Packages (.deb, .rpm,…)Packages (.deb, .rpm,…)Packages (.deb, .rpm,…)Packages (.deb, .rpm,…)
Real WorldReal WorldReal WorldReal WorldReal WorldReal WorldReal WorldReal WorldReal WorldReal WorldReal WorldReal WorldReal WorldReal WorldReal WorldReal WorldReal WorldLicensed under a Creative Commons Attribution 2.0 License
https://www.flickr.com/photos/kwarz/13293732384/
Welcome in my worldWelcome in my worldWelcome in my worldWelcome in my worldWelcome in my worldWelcome in my worldWelcome in my worldWelcome in my worldWelcome in my worldWelcome in my worldWelcome in my worldWelcome in my worldWelcome in my worldWelcome in my worldWelcome in my worldWelcome in my worldWelcome in my world
• CCCCCCCCCCCCCCCCComplex SW• SSSSSSSSSSSSSSSSSelf-hosting• SSSSSSSSSSSSSSSSStateless software• SSSSSSSSSSSSSSSSScalable daemons
Software distributionSoftware distributionSoftware distributionSoftware distributionSoftware distributionSoftware distributionSoftware distributionSoftware distributionSoftware distributionSoftware distributionSoftware distributionSoftware distributionSoftware distributionSoftware distributionSoftware distributionSoftware distributionSoftware distribution
• SSSSSSSSSSSSSSSSSoftware (Source code or binaries)• UUUUUUUUUUUUUUUUUser guide• IIIIIIIIIIIIIIIIInstallation guide• PPPPPPPPPPPPPPPPPeople who install the software
Challenges of SW distributionChallenges of SW distributionChallenges of SW distributionChallenges of SW distributionChallenges of SW distributionChallenges of SW distributionChallenges of SW distributionChallenges of SW distributionChallenges of SW distributionChallenges of SW distributionChallenges of SW distributionChallenges of SW distributionChallenges of SW distributionChallenges of SW distributionChallenges of SW distributionChallenges of SW distributionChallenges of SW distribution
• AAAAAAAAAAAAAAAAArtifacts• SSSSSSSSSSSSSSSSSecurity• HHHHHHHHHHHHHHHHHW requirements• SSSSSSSSSSSSSSSSSW requirements• UUUUUUUUUUUUUUUUUpgrades• MMMMMMMMMMMMMMMMMaintenance• MMMMMMMMMMMMMMMMMonitoring
IntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroductionIntroduction
Artifacts: PackagingArtifacts: PackagingArtifacts: PackagingArtifacts: PackagingArtifacts: PackagingArtifacts: PackagingArtifacts: PackagingArtifacts: PackagingArtifacts: PackagingArtifacts: PackagingArtifacts: PackagingArtifacts: PackagingArtifacts: PackagingArtifacts: PackagingArtifacts: PackagingArtifacts: PackagingArtifacts: Packaging
• Consistency checks, file listsConsistency checks, file listsConsistency checks, file listsConsistency checks, file listsConsistency checks, file listsConsistency checks, file listsConsistency checks, file listsConsistency checks, file listsConsistency checks, file listsConsistency checks, file listsConsistency checks, file listsConsistency checks, file listsConsistency checks, file listsConsistency checks, file listsConsistency checks, file listsConsistency checks, file listsConsistency checks, file lists• Dependencies resolvingDependencies resolvingDependencies resolvingDependencies resolvingDependencies resolvingDependencies resolvingDependencies resolvingDependencies resolvingDependencies resolvingDependencies resolvingDependencies resolvingDependencies resolvingDependencies resolvingDependencies resolvingDependencies resolvingDependencies resolvingDependencies resolving• RepositoriesRepositoriesRepositoriesRepositoriesRepositoriesRepositoriesRepositoriesRepositoriesRepositoriesRepositoriesRepositoriesRepositoriesRepositoriesRepositoriesRepositoriesRepositoriesRepositories• GPG-SigningGPG-SigningGPG-SigningGPG-SigningGPG-SigningGPG-SigningGPG-SigningGPG-SigningGPG-SigningGPG-SigningGPG-SigningGPG-SigningGPG-SigningGPG-SigningGPG-SigningGPG-SigningGPG-Signing• Lots of toolsLots of toolsLots of toolsLots of toolsLots of toolsLots of toolsLots of toolsLots of toolsLots of toolsLots of toolsLots of toolsLots of toolsLots of toolsLots of toolsLots of toolsLots of toolsLots of tools• VersioningVersioningVersioningVersioningVersioningVersioningVersioningVersioningVersioningVersioningVersioningVersioningVersioningVersioningVersioningVersioningVersioning• Unique artifacts, reproducible buildUnique artifacts, reproducible buildUnique artifacts, reproducible buildUnique artifacts, reproducible buildUnique artifacts, reproducible buildUnique artifacts, reproducible buildUnique artifacts, reproducible buildUnique artifacts, reproducible buildUnique artifacts, reproducible buildUnique artifacts, reproducible buildUnique artifacts, reproducible buildUnique artifacts, reproducible buildUnique artifacts, reproducible buildUnique artifacts, reproducible buildUnique artifacts, reproducible buildUnique artifacts, reproducible buildUnique artifacts, reproducible build• CfgMgmt integration (Puppet, Chef…)CfgMgmt integration (Puppet, Chef…)CfgMgmt integration (Puppet, Chef…)CfgMgmt integration (Puppet, Chef…)CfgMgmt integration (Puppet, Chef…)CfgMgmt integration (Puppet, Chef…)CfgMgmt integration (Puppet, Chef…)CfgMgmt integration (Puppet, Chef…)CfgMgmt integration (Puppet, Chef…)CfgMgmt integration (Puppet, Chef…)CfgMgmt integration (Puppet, Chef…)CfgMgmt integration (Puppet, Chef…)CfgMgmt integration (Puppet, Chef…)CfgMgmt integration (Puppet, Chef…)CfgMgmt integration (Puppet, Chef…)CfgMgmt integration (Puppet, Chef…)CfgMgmt integration (Puppet, Chef…)
DependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependenciesDependencies
• Use packages alsoUse packages alsoUse packages alsoUse packages alsoUse packages alsoUse packages alsoUse packages alsoUse packages alsoUse packages alsoUse packages alsoUse packages alsoUse packages alsoUse packages alsoUse packages alsoUse packages alsoUse packages alsoUse packages also• Version your repositoriesVersion your repositoriesVersion your repositoriesVersion your repositoriesVersion your repositoriesVersion your repositoriesVersion your repositoriesVersion your repositoriesVersion your repositoriesVersion your repositoriesVersion your repositoriesVersion your repositoriesVersion your repositoriesVersion your repositoriesVersion your repositoriesVersion your repositoriesVersion your repositories• Test your dependenciesTest your dependenciesTest your dependenciesTest your dependenciesTest your dependenciesTest your dependenciesTest your dependenciesTest your dependenciesTest your dependenciesTest your dependenciesTest your dependenciesTest your dependenciesTest your dependenciesTest your dependenciesTest your dependenciesTest your dependenciesTest your dependencies• Distribution, Upstream packagesDistribution, Upstream packagesDistribution, Upstream packagesDistribution, Upstream packagesDistribution, Upstream packagesDistribution, Upstream packagesDistribution, Upstream packagesDistribution, Upstream packagesDistribution, Upstream packagesDistribution, Upstream packagesDistribution, Upstream packagesDistribution, Upstream packagesDistribution, Upstream packagesDistribution, Upstream packagesDistribution, Upstream packagesDistribution, Upstream packagesDistribution, Upstream packages• Mirror and cherry pick from upstream reposMirror and cherry pick from upstream reposMirror and cherry pick from upstream reposMirror and cherry pick from upstream reposMirror and cherry pick from upstream reposMirror and cherry pick from upstream reposMirror and cherry pick from upstream reposMirror and cherry pick from upstream reposMirror and cherry pick from upstream reposMirror and cherry pick from upstream reposMirror and cherry pick from upstream reposMirror and cherry pick from upstream reposMirror and cherry pick from upstream reposMirror and cherry pick from upstream reposMirror and cherry pick from upstream reposMirror and cherry pick from upstream reposMirror and cherry pick from upstream repos• Limit the number of dependenciesLimit the number of dependenciesLimit the number of dependenciesLimit the number of dependenciesLimit the number of dependenciesLimit the number of dependenciesLimit the number of dependenciesLimit the number of dependenciesLimit the number of dependenciesLimit the number of dependenciesLimit the number of dependenciesLimit the number of dependenciesLimit the number of dependenciesLimit the number of dependenciesLimit the number of dependenciesLimit the number of dependenciesLimit the number of dependencies
AutomationAutomationAutomationAutomationAutomationAutomationAutomationAutomationAutomationAutomationAutomationAutomationAutomationAutomationAutomationAutomationAutomation
• AAAAAAAAAAAAAAAAAutomate all the things• OOOOOOOOOOOOOOOOOS, Monitoring, Application• RRRRRRRRRRRRRRRRReproducable builds• RRRRRRRRRRRRRRRRRepositories management
Cultural changesCultural changesCultural changesCultural changesCultural changesCultural changesCultural changesCultural changesCultural changesCultural changesCultural changesCultural changesCultural changesCultural changesCultural changesCultural changesCultural changes
• NNNNNNNNNNNNNNNNNo more manual work• UUUUUUUUUUUUUUUUUse an appropriate toolchain• MMMMMMMMMMMMMMMMManual action = Error prone• WWWWWWWWWWWWWWWWWhat did I change 3 years ago?
DocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentationDocumentation
• NNNNNNNNNNNNNNNNNo more complex install guides• PPPPPPPPPPPPPPPPPuppet training• VVVVVVVVVVVVVVVVValid for several products
Licensed under a Creative Commons Attribution 2.0 Licensehttps://www.flickr.com/photos/jimmcd/4859841581
PuppetPuppetPuppetPuppetPuppetPuppetPuppetPuppetPuppetPuppetPuppetPuppetPuppetPuppetPuppetPuppetPuppet
• WWWWWWWWWWWWWWWWWidely used Automation tool• VVVVVVVVVVVVVVVVVery mature• CCCCCCCCCCCCCCCCClient/Server mode• SSSSSSSSSSSSSSSSStandalone mode• DDDDDDDDDDDDDDDDDeclarative• SSSSSSSSSSSSSSSSScales
What to automate?What to automate?What to automate?What to automate?What to automate?What to automate?What to automate?What to automate?What to automate?What to automate?What to automate?What to automate?What to automate?What to automate?What to automate?What to automate?What to automate?
ApplicationReverse Proxy / DatabasesMonitoringOperation SystemPlatform
To manage or not?To manage or not?To manage or not?To manage or not?To manage or not?To manage or not?To manage or not?To manage or not?To manage or not?To manage or not?To manage or not?To manage or not?To manage or not?To manage or not?To manage or not?To manage or not?To manage or not?
You have to be able to chose whichpart you will setup with Puppet.
Use Puppet modulesUse Puppet modulesUse Puppet modulesUse Puppet modulesUse Puppet modulesUse Puppet modulesUse Puppet modulesUse Puppet modulesUse Puppet modulesUse Puppet modulesUse Puppet modulesUse Puppet modulesUse Puppet modulesUse Puppet modulesUse Puppet modulesUse Puppet modulesUse Puppet modules
Use separate meta-modules for OS,Dependencies, Monitoring,Application… And include them onlyof needed.
Yes, no or noopYes, no or noopYes, no or noopYes, no or noopYes, no or noopYes, no or noopYes, no or noopYes, no or noopYes, no or noopYes, no or noopYes, no or noopYes, no or noopYes, no or noopYes, no or noopYes, no or noopYes, no or noopYes, no or noop
• IIIIIIIIIIIIIIIIInclude or not each class• YYYYYYYYYYYYYYYYYou can put a whole class in no-op• include myapp_osinclude myapp_osinclude myapp_osinclude myapp_osinclude myapp_osinclude myapp_osinclude myapp_osinclude myapp_osinclude myapp_osinclude myapp_osinclude myapp_osinclude myapp_osinclude myapp_osinclude myapp_osinclude myapp_osinclude myapp_osinclude myapp_os• class {'myapp_os': noop => true,}class {'myapp_os': noop => true,}class {'myapp_os': noop => true,}class {'myapp_os': noop => true,}class {'myapp_os': noop => true,}class {'myapp_os': noop => true,}class {'myapp_os': noop => true,}class {'myapp_os': noop => true,}class {'myapp_os': noop => true,}class {'myapp_os': noop => true,}class {'myapp_os': noop => true,}class {'myapp_os': noop => true,}class {'myapp_os': noop => true,}class {'myapp_os': noop => true,}class {'myapp_os': noop => true,}class {'myapp_os': noop => true,}class {'myapp_os': noop => true,}
Puppet ModulesPuppet ModulesPuppet ModulesPuppet ModulesPuppet ModulesPuppet ModulesPuppet ModulesPuppet ModulesPuppet ModulesPuppet ModulesPuppet ModulesPuppet ModulesPuppet ModulesPuppet ModulesPuppet ModulesPuppet ModulesPuppet Modules
External modulesExternal modulesExternal modulesExternal modulesExternal modulesExternal modulesExternal modulesExternal modulesExternal modulesExternal modulesExternal modulesExternal modulesExternal modulesExternal modulesExternal modulesExternal modulesExternal modules
• PPPPPPPPPPPPPPPPPick the best ones• PPPPPPPPPPPPPPPPPuppetlabs modules• UUUUUUUUUUUUUUUUUpstream modules• MMMMMMMMMMMMMMMMModules active on Github• FFFFFFFFFFFFFFFFForge rating• TTTTTTTTTTTTTTTTTesting, doc• MMMMMMMMMMMMMMMMModules that fit your usecase
Review the modules you plan to include. Youdo not want bad code in your app, whywould you want it in the code that deploysyour app?
Contribute backContribute backContribute backContribute backContribute backContribute backContribute backContribute backContribute backContribute backContribute backContribute backContribute backContribute backContribute backContribute backContribute back
• GGGGGGGGGGGGGGGGGet feedback (peer review)• EEEEEEEEEEEEEEEEEasier to maintain in long term• FFFFFFFFFFFFFFFFForces you to write tests• HHHHHHHHHHHHHHHHHelp other people• PPPPPPPPPPPPPPPPPuppet is not your core business
Your modulesYour modulesYour modulesYour modulesYour modulesYour modulesYour modulesYour modulesYour modulesYour modulesYour modulesYour modulesYour modulesYour modulesYour modulesYour modulesYour modules
• EEEEEEEEEEEEEEEEEveryone has write access• FFFFFFFFFFFFFFFFFollow code standards (puppet-lint)• BBBBBBBBBBBBBBBBBe future-proof• SSSSSSSSSSSSSSSSSeparation between code and data
Your puppet treeYour puppet treeYour puppet treeYour puppet treeYour puppet treeYour puppet treeYour puppet treeYour puppet treeYour puppet treeYour puppet treeYour puppet treeYour puppet treeYour puppet treeYour puppet treeYour puppet treeYour puppet treeYour puppet tree
• YYYYYYYYYYYYYYYYYour tree is next to your app code• SSSSSSSSSSSSSSSSSubmodules of your app• GGGGGGGGGGGGGGGGGets the same version number• PPPPPPPPPPPPPPPPParameters matches your apps parameters
Distribute your treeDistribute your treeDistribute your treeDistribute your treeDistribute your treeDistribute your treeDistribute your treeDistribute your treeDistribute your treeDistribute your treeDistribute your treeDistribute your treeDistribute your treeDistribute your treeDistribute your treeDistribute your treeDistribute your tree
• PPPPPPPPPPPPPPPPPackage the whole tree in a package• UUUUUUUUUUUUUUUUUse package dependencies to pull puppet• MMMMMMMMMMMMMMMMMaybe add a helper script for the first run
• YYYYYYYYYYYYYYYYYour tree is next to your app code• SSSSSSSSSSSSSSSSSubmodules of your app• GGGGGGGGGGGGGGGGGets the same version number• CCCCCCCCCCCCCCCCContains the right parameters
Puppet Agent or masterlessPuppet Agent or masterlessPuppet Agent or masterlessPuppet Agent or masterlessPuppet Agent or masterlessPuppet Agent or masterlessPuppet Agent or masterlessPuppet Agent or masterlessPuppet Agent or masterlessPuppet Agent or masterlessPuppet Agent or masterlessPuppet Agent or masterlessPuppet Agent or masterlessPuppet Agent or masterlessPuppet Agent or masterlessPuppet Agent or masterlessPuppet Agent or masterless
• PPPPPPPPPPPPPPPPPuppet has 2 modes• PPPPPPPPPPPPPPPPPull your catalog• AAAAAAAAAAAAAAAAApply it from files• BBBBBBBBBBBBBBBBBoth have advantages• DDDDDDDDDDDDDDDDDepends on what you want
Masterless modeMasterless modeMasterless modeMasterless modeMasterless modeMasterless modeMasterless modeMasterless modeMasterless modeMasterless modeMasterless modeMasterless modeMasterless modeMasterless modeMasterless modeMasterless modeMasterless mode
• OOOOOOOOOOOOOOOOOne-time run• NNNNNNNNNNNNNNNNNo daemon running• NNNNNNNNNNNNNNNNNo need for a Puppet master• NNNNNNNNNNNNNNNNNo exported resources• NNNNNNNNNNNNNNNNNo PuppetDB
Agent modeAgent modeAgent modeAgent modeAgent modeAgent modeAgent modeAgent modeAgent modeAgent modeAgent modeAgent modeAgent modeAgent modeAgent modeAgent modeAgent mode
• RRRRRRRRRRRRRRRRRun every X time (to be tuned)• CCCCCCCCCCCCCCCCConsitency check• RRRRRRRRRRRRRRRRRequires one master• PPPPPPPPPPPPPPPPPuppet daemon running (as root)• RRRRRRRRRRRRRRRRReports sent to the master
PuppetDBPuppetDBPuppetDBPuppetDBPuppetDBPuppetDBPuppetDBPuppetDBPuppetDBPuppetDBPuppetDBPuppetDBPuppetDBPuppetDBPuppetDBPuppetDBPuppetDB
• RRRRRRRRRRRRRRRRRequires a master• SSSSSSSSSSSSSSSSStores facts and reports• EEEEEEEEEEEEEEEEEasy to query• DDDDDDDDDDDDDDDDDashboards available• EEEEEEEEEEEEEEEEExported resources
HieraHieraHieraHieraHieraHieraHieraHieraHieraHieraHieraHieraHieraHieraHieraHieraHiera
• DDDDDDDDDDDDDDDDData separation• YYYYYYYYYYYYYYYYYou classes should have a stable API• YYYYYYYYYYYYYYYYYour main class dispatches to othermodules
• UUUUUUUUUUUUUUUUUse functions:▶ cccccccccccccccccreate_resource▶ mmmmmmmmmmmmmmmmmysql_deepmerge
Automatic Parameter LookupAutomatic Parameter LookupAutomatic Parameter LookupAutomatic Parameter LookupAutomatic Parameter LookupAutomatic Parameter LookupAutomatic Parameter LookupAutomatic Parameter LookupAutomatic Parameter LookupAutomatic Parameter LookupAutomatic Parameter LookupAutomatic Parameter LookupAutomatic Parameter LookupAutomatic Parameter LookupAutomatic Parameter LookupAutomatic Parameter LookupAutomatic Parameter Lookup
• class::param: "foobar"class::param: "foobar"class::param: "foobar"class::param: "foobar"class::param: "foobar"class::param: "foobar"class::param: "foobar"class::param: "foobar"class::param: "foobar"class::param: "foobar"class::param: "foobar"class::param: "foobar"class::param: "foobar"class::param: "foobar"class::param: "foobar"class::param: "foobar"class::param: "foobar"• AAAAAAAAAAAAAAAAAvailable in Puppet 3+• SSSSSSSSSSSSSSSSShould be avoided (obscurification)• NNNNNNNNNNNNNNNNNice to have for edge cases
SecuritySecuritySecuritySecuritySecuritySecuritySecuritySecuritySecuritySecuritySecuritySecuritySecuritySecuritySecuritySecuritySecurity
• PPPPPPPPPPPPPPPPPuppet agent runs as root• TTTTTTTTTTTTTTTTThe master runs as "puppet" user• IIIIIIIIIIIIIIIIIsolated on a separated host• PPPPPPPPPPPPPPPPPuppetDB/Server only listens to Loopback• PPPPPPPPPPPPPPPPPut a reverse proxy (even for server)
Security - Master/ServerSecurity - Master/ServerSecurity - Master/ServerSecurity - Master/ServerSecurity - Master/ServerSecurity - Master/ServerSecurity - Master/ServerSecurity - Master/ServerSecurity - Master/ServerSecurity - Master/ServerSecurity - Master/ServerSecurity - Master/ServerSecurity - Master/ServerSecurity - Master/ServerSecurity - Master/ServerSecurity - Master/ServerSecurity - Master/Server
• DDDDDDDDDDDDDDDDDo not use autosign• YYYYYYYYYYYYYYYYYou can rely on external CA• IIIIIIIIIIIIIIIIIsolate the service from the application• QQQQQQQQQQQQQQQQQuery PuppetDB from your monitoring tool
Pre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing Puppet
Pre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing PuppetPre Existing Puppet
• TTTTTTTTTTTTTTTTThere might be a puppet setup• WWWWWWWWWWWWWWWWWork in a separated environment• PPPPPPPPPPPPPPPPPuppet hieradata in a subdirectory• PPPPPPPPPPPPPPPPPrefix your custom functions• BBBBBBBBBBBBBBBBBe careful with exported resources
RuntimeRuntimeRuntimeRuntimeRuntimeRuntimeRuntimeRuntimeRuntimeRuntimeRuntimeRuntimeRuntimeRuntimeRuntimeRuntimeRuntime
Deploy your Puppet treeDeploy your Puppet treeDeploy your Puppet treeDeploy your Puppet treeDeploy your Puppet treeDeploy your Puppet treeDeploy your Puppet treeDeploy your Puppet treeDeploy your Puppet treeDeploy your Puppet treeDeploy your Puppet treeDeploy your Puppet treeDeploy your Puppet treeDeploy your Puppet treeDeploy your Puppet treeDeploy your Puppet treeDeploy your Puppet tree
• IIIIIIIIIIIIIIIIInstall your puppet tree package• IIIIIIIIIIIIIIIIInstall the hiera files (versioned?)• OOOOOOOOOOOOOOOOOne puppet apply to deploy a basic server• TTTTTTTTTTTTTTTTThen the first agent run to deploy PuppetDBand the rest
• TTTTTTTTTTTTTTTTThere is no puppetlabs-puppet module
ConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusion
Shipping with puppet codeShipping with puppet codeShipping with puppet codeShipping with puppet codeShipping with puppet codeShipping with puppet codeShipping with puppet codeShipping with puppet codeShipping with puppet codeShipping with puppet codeShipping with puppet codeShipping with puppet codeShipping with puppet codeShipping with puppet codeShipping with puppet codeShipping with puppet codeShipping with puppet code
• EEEEEEEEEEEEEEEEEveryone gets benefits• FFFFFFFFFFFFFFFFFrom devs to QA to customers• NNNNNNNNNNNNNNNNNeed to review how you release• NNNNNNNNNNNNNNNNNeed to review how you deploy your OS• PPPPPPPPPPPPPPPPPuppet code is part of your app
AdvantagesAdvantagesAdvantagesAdvantagesAdvantagesAdvantagesAdvantagesAdvantagesAdvantagesAdvantagesAdvantagesAdvantagesAdvantagesAdvantagesAdvantagesAdvantagesAdvantages
• SSSSSSSSSSSSSSSSSetup your app easily (internally andexternally)
• GGGGGGGGGGGGGGGGGet consistent deployments at severalcustomer
• PPPPPPPPPPPPPPPPPredict what will be deployed• GGGGGGGGGGGGGGGGGet a clear view of the infrastructure• SSSSSSSSSSSSSSSSSay bye bye to long procedures
There is workThere is workThere is workThere is workThere is workThere is workThere is workThere is workThere is workThere is workThere is workThere is workThere is workThere is workThere is workThere is workThere is work
• BBBBBBBBBBBBBBBBBig cultural changes▶ RRRRRRRRRRRRRRRRRoot access?▶ TTTTTTTTTTTTTTTTThe shell script works…▶ IIIIIIIIIIIIIIIII can't do X anymore…
• PPPPPPPPPPPPPPPPPurge old artifacts on updates• DDDDDDDDDDDDDDDDDeal with your data• KKKKKKKKKKKKKKKKKeep that infra up to date
Open the pandora box!Open the pandora box!Open the pandora box!Open the pandora box!Open the pandora box!Open the pandora box!Open the pandora box!Open the pandora box!Open the pandora box!Open the pandora box!Open the pandora box!Open the pandora box!Open the pandora box!Open the pandora box!Open the pandora box!Open the pandora box!Open the pandora box!
• MMMMMMMMMMMMMMMMMonitoring• BBBBBBBBBBBBBBBBBest practices enforcement• RRRRRRRRRRRRRRRRRepositories management• BBBBBBBBBBBBBBBBBring your own tools
Thank youThank youThank youThank youThank youThank youThank youThank youThank youThank youThank youThank youThank youThank youThank youThank youThank you
Any question?Any question?Any question?Any question?Any question?Any question?Any question?Any question?Any question?Any question?Any question?Any question?Any question?Any question?Any question?Any question?Any question?
ContactContactContactContactContactContactContactContactContactContactContactContactContactContactContactContactContact
Julien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien PivottoJulien [email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie@roidelapluie
inuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitsinuitshttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.euhttps://inuits.eu
[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636+32 473 441 636