puppet camp dc: puppet for everybody

38
Puppet for Everybody! Federated and Hierarchical Puppet Enterprise Chris Bowles, Senior Systems Administrator University of Texas at Austin

Upload: puppet-labs

Post on 10-May-2015

496 views

Category:

Technology


2 download

DESCRIPTION

Puppet Camp DC: "Puppet for Everybody" by Christopher Bowles, University of Texas at Austin

TRANSCRIPT

Page 1: Puppet Camp DC: Puppet for Everybody

Puppet for Everybody!Federated and Hierarchical

Puppet Enterprise 

Chris Bowles, Senior Systems Administrator

University of Texas at Austin

Page 2: Puppet Camp DC: Puppet for Everybody

Everybody? Absolutely!• Development• Operations• Management

source: http://goo.gl/Mjr0dy

Page 3: Puppet Camp DC: Puppet for Everybody

Continuum of Expertise

Novice• Puppet Console• Variables

Medium• Hiera

Expert• Code

Page 4: Puppet Camp DC: Puppet for Everybody

Puppet as a Service

UT Puppet API

(standards, culture)

Code/DataFederation

Puppet Enterprise

HierarchicalConfigs

Page 5: Puppet Camp DC: Puppet for Everybody

Centrally Managed / Maintained

Puppet as as Service

DB groupWeb group

Foogroup

Page 6: Puppet Camp DC: Puppet for Everybody

Standard Puppet API

Puppet Console Configured Server!

Class

ConsoleVariable(string)

Hiera Variable(complex)

Shared culture

Page 7: Puppet Camp DC: Puppet for Everybody

Hierarchical Configurations

Node-level

Business Group(s)

Defaults Enterprise

Database

Node

Web

• Shared area = business logic

• All configs in groups

• Plug and play

Page 8: Puppet Camp DC: Puppet for Everybody

Federation (of control)• United States of Puppet

mysql

oracle

Enforce Broad configs

at “Federal Level”

Set specific configs at

“State Level”

source: http://goo.gl/22neR7

Page 9: Puppet Camp DC: Puppet for Everybody

Puppet as a Service (at UT)

• Code or contentApps

• i.e. ApacheServices• secure• standardized• configurableBASE

Roles / Profiles

Page 10: Puppet Camp DC: Puppet for Everybody

Building Blocks

source: http://goo.gl/CHwab0

Page 11: Puppet Camp DC: Puppet for Everybody

Puppet Console components• Classes

• Variables

• Group(s)

• Nodes

ssh

$::ssh_listenport

Database

dbserver-01

Page 12: Puppet Camp DC: Puppet for Everybody

Puppet Console Group Nesting!

source: http://goo.gl/tUdl5U

Page 13: Puppet Camp DC: Puppet for Everybody

Class Inheritance (immutable)

BASE group assigns: ssh

FOO group inherits: ssh assigns: syslog

nodeInherits: ssh, syslog

Page 14: Puppet Camp DC: Puppet for Everybody

Variable Inheritance (child wins)

Base groupssh_listenport = 22

Foo groupssh_listenport = 72

node1ssh_listenport = 72

Foo2 groupssh_listenport = 99

node2ssh_listenport = 99

Page 15: Puppet Camp DC: Puppet for Everybody

All together now!

source: http://goo.gl/K91CJA

Page 16: Puppet Camp DC: Puppet for Everybody

BASE group

Classes: ssh

Variable:

ssh_listenport => 22

DB group

Classes: mysql

Variables: ssh_listenport => 99

db-server (node)

Classes: ssh , mysql

Variables:

ssh_port => 99 (from DB group)

Classes: additive

VariablesClosest to the node wins

Page 17: Puppet Camp DC: Puppet for Everybody

ENC node: RSOP

Mysql class from DB group)

Ssh class from ALL group

Ssh_port override from DB group (2222)

List of all the groups that the node belongs to.

Hierarchy is implied via the Source attr. See ALL group.

Page 18: Puppet Camp DC: Puppet for Everybody

Puppet Console:Building a federated hierarchy

Subgroup

Group

Top BASE

group_foo

sub_bar

group_db

sub_mysql sub_oracle

Page 19: Puppet Camp DC: Puppet for Everybody

What’s in a name?

Puppet Console will display: (alphabetical)• BASE• group_db• group_foo• subgroup_bar• subgroup_mysql• subgroup_oracle

Page 20: Puppet Camp DC: Puppet for Everybody

A Little more about Console Variables…

class

Console variable

Config

Page 21: Puppet Camp DC: Puppet for Everybody

Console Variables =top level Variables ($::foo)• init.pp

• params.pp

Page 22: Puppet Camp DC: Puppet for Everybody

One more level: Hiera

source: http://goo.gl/3tfaVi

Page 23: Puppet Camp DC: Puppet for Everybody

Hiera: used for complex variables

key: value

key2: value2

• Arrays • Hashes

source: http://goo.gl/ge45I1

Page 24: Puppet Camp DC: Puppet for Everybody

Hiera:Building a federated hierarchy

Subgroup

Group

Top BASE

group_foo

sub_bar

group_db

sub_mysql sub_oracle

Page 25: Puppet Camp DC: Puppet for Everybody

Creating hiera directory-based hierarchieswith console variables

Subgroup(s)• ./$group/$sub

Group(s)• ./$group/

Top• ./

(no variable)

$group

$sub

Broadto

Specific

Page 26: Puppet Camp DC: Puppet for Everybody

Hiera.yaml – rubber, meet road

Top• ./common.yaml

Group(s)• ./$group/

common.yaml

Subgroup(s)• ./$group/$sub/

common.yaml‘%{group}/%{sub}/common’

‘%{group}/common’

‘common’

SpecificTo

Broad

Page 27: Puppet Camp DC: Puppet for Everybody

Console Groups map to HieraNested Console Groups

Variables(above the waterline)

Hiera(below the waterline)

BASE(no variable required)

Foogroup = foo

Barsub = bar

./

./foo/

./foo/bar/

Page 28: Puppet Camp DC: Puppet for Everybody

Putting it together!

Nested Console GroupVariable

Hiera (files based on hiera.yaml)

DBgroup = db

MySQLsub = mysql

./db/

./db/mysql/

mysql nodedept=db, svc= mysql

BASE(no variables) ./

Hiera search path for mysql node:1. ./common.yaml2. ./db/common.yaml3. ./db/mysql/common.yaml

Page 29: Puppet Camp DC: Puppet for Everybody

Advanced Hiera Usage• “This data is exactly what I need… almost”• firewall, sudoers• +1

• Check out: – hiera_hash – hiera_array

Page 30: Puppet Camp DC: Puppet for Everybody

Code/Data Federation

Puppet Classes/Data

Subgroup source

Groupsource

BASEsource

Page 31: Puppet Camp DC: Puppet for Everybody

Code Federation

puppet.conf

modulepath=

/opt/puppet/modules/base:

/opt/puppet/modules/group:

/opt/puppet/modules/sub:

BASE Repo

Group Repo

Subgroup Repo

VCSREPO

Page 32: Puppet Camp DC: Puppet for Everybody

Data Federation (via VCSREPO)

• ./hieradata/ =

./common.yaml

./$group/common.yaml

./$group/$sub/common.yaml

BASERepo

groupRepo

subgroupRepo

VCSREPO

Page 33: Puppet Camp DC: Puppet for Everybody

Puppet Class Namespaces• Namespaces prevent class collisions• ${group}_name• Examples:

– base_ssh– db_ssh– mysql_ssh

Page 34: Puppet Camp DC: Puppet for Everybody

A peek into the future…

source: http://goo.gl/9GwKyQ

Page 35: Puppet Camp DC: Puppet for Everybody

Git Workflow• Instead of this… • 1 git repo / module

Core SVN repo(modules)

Group SVN repo(modules)

Head (production) branch

Non-production branches (created as needed)

Page 36: Puppet Camp DC: Puppet for Everybody

CI/CD• r10k push deployments (faster!)• Puppet Environments defined by code (Puppetfile)• Automated Testing

Git repos

r10k

Puppet

Page 37: Puppet Camp DC: Puppet for Everybody

Takeaways!• “Puppet as a Service” – Can provide

hierarchical/federated configuration management as a service by building on top of Puppet Enterprise

• Hierarchical Configs: building blocks that match organizational structure, plug and play

• Federation: Empowering users at all levels of the enterprise

Page 38: Puppet Camp DC: Puppet for Everybody

Thanks! Any Questions?• Note: slide deck available from PuppetLabs

• Contact information:– Chris Bowles

• Email: [email protected]