puppet camp europe 2011 hackability
DESCRIPTION
Watch along with the video at https://www.youtube.com/watch?v=ag-bI5lr55s Luke Kanies, CEO and Founder of Puppet Labs, talks on "Making Puppet More Hackable" at PuppetCamp Europe '11, Amsterdam, Netherlands. Learn more: http://www.puppetlabs.comTRANSCRIPT
Wireless
• Any “BvB Hotspot...” network
• New browser page
• User: bvbhotspotPassword: berlag33
Friday, May 13, 2011
pulabs
ppet
Friday, May 13, 2011
QuestionAuthority
Friday, May 13, 2011
Puppet Labs
Friday, May 13, 2011
Puppet Labs•40 employees
Friday, May 13, 2011
Puppet Labs•40 employees•Fantastic investors and board members
Friday, May 13, 2011
Puppet Labs•40 employees•Fantastic investors and board members
•I’m still CEO
Friday, May 13, 2011
Puppet 2.7
Friday, May 13, 2011
Apache License
Friday, May 13, 2011
FacesFriday, May 13, 2011
StaticCompiler
Friday, May 13, 2011
CertificateAPI
Friday, May 13, 2011
DeterministicOrdering
For otherwise unrelated resources
Friday, May 13, 2011
EnhancedGraph
ManagementFriday, May 13, 2011
Puppet Enterprise
Friday, May 13, 2011
Always based on full releases
Friday, May 13, 2011
Looking for Partners
Friday, May 13, 2011
PE 1.1 - 5/11
•MCollective•RHEL 4/5/6, SLES, Solaris
Friday, May 13, 2011
PE 1.2 - 6/11
•Discovery•Provisioning
Friday, May 13, 2011
Q3•Full Windows support•2.7 base•Change Lifecycle Management
Friday, May 13, 2011
Faces, Hackability, and Marketing
Friday, May 13, 2011
Puppet is different, but not in
straightforward ways
Friday, May 13, 2011
AwkwardFriday, May 13, 2011
I wanted to tell The Story of Why
Friday, May 13, 2011
A bit of history: Cfengine
Friday, May 13, 2011
I had no control•Stuck with whatever application logic it shipped with
•Core components were mandatory
Friday, May 13, 2011
Do Not Question•Why is this file here?•What requires this package?•What will happen if I change this file?
•Do these classes conflict?
Friday, May 13, 2011
Not Extensible
Friday, May 13, 2011
“Puppet is Different”
Friday, May 13, 2011
Easily extensible, everywhere
A quick count shows 10 kinds of extensibility
Friday, May 13, 2011
The Puppet world•Facts•Resources•Catalogs•Edges•Events
Friday, May 13, 2011
Questions can be asked of every artifact
• Is this file being managed?• What happens if I restart this service?• Who requires this package?• Did my service restart?• Were there any failures?
Friday, May 13, 2011
Data > Code•Caching•Validation•Implementation Independence•Integration
Friday, May 13, 2011
The Graph Matters
"Exec[createrepo-PM-RHEL5-noarch]"
"Yumrepo[PM-RHEL5-x86_64]"
"Yumrepo[PM-RHEL5-noarch]"
"Package[postgresql-server]"
"Package[thttpd]"
"File[/var/www/thttpd/html/yum-PM-RHEL5-noarch]""File[/var/www/thttpd/html/yum-PM-RHEL5-x86_64]"
"Exec[rsync-rpmdir-PM-RHEL5-x86_64]"
"Exec[createrepo-PM-RHEL5-x86_64]"
"Postgres::Role[puppet]"
"Exec[rsync-rpmdir-PM-RHEL5-noarch]"
Friday, May 13, 2011
An Aside: The Competition
Friday, May 13, 2011
AFAIK, Puppet is the only tool that provides:
• A complete list of every resource managed in your entire infrastructure
• A complete list of every dependency in your entire infrastructure
• A complete list of every single change that’s ever happened in your entire infrastructure
• With full run simulation and inspection
...all in a queryable, storable, cacheable way
Friday, May 13, 2011
Progress?Cfengine
Puppet•Declarative•Only data on clients, no code•Explicit dependencies
Chef
•Imperative•Code runs on client•Implicit dependencies
•Declarative•Code runs on client•Implicit dependencies
Friday, May 13, 2011
How do we talk about this? Market this?
Friday, May 13, 2011
“Puppet is Model-Driven”
Friday, May 13, 2011
Compile Apply
Code
Catalog
Report
Procedural
Friday, May 13, 2011
Code Catalog ReportCompile Apply
Model-driven
It’s the artifacts that matter
Friday, May 13, 2011
Code Catalog ReportCompile Apply
Policy Complian RemedyCMDB
LDAP CMDB Nagios
Friday, May 13, 2011
No one knows what ‘model driven’
means
Friday, May 13, 2011
“Puppet is hackable”
Props to Nick Fagerland
Friday, May 13, 2011
But it wasn’t really true
Friday, May 13, 2011
You could *program* it, but not hack it like
a sysadmin would
Friday, May 13, 2011
Really: Encapsulated, modular and data-
driven
Friday, May 13, 2011
Unfortunately the applications hard-code
our logic•Download plugins•Upload Facts•Download Catalog•Apply Catalog•Send Report
Friday, May 13, 2011
Other application world-views exist
• Only update catalogs during maintenance windows
• Push catalog updates• Send fact updates 10x as often as puppet runs• Combine multiple catalogs on the client side
and run them together• Compile catalogs for hundreds of hosts and
compare them• Manually view catalog diffs before deploying
Friday, May 13, 2011
It doesn’t make sense to extend the core apps
with this logic
Friday, May 13, 2011
And doing it yourself is too hard with current
tools
Friday, May 13, 2011
So we should expose everything and let you build what you want
Friday, May 13, 2011
Functions•Compiler•Transactions•Network•Indirector•Parser•RAL
Friday, May 13, 2011
Data•Facts•Catalog•Reports•Resource Types (AST and RAL)•Nodes•Certificates
Friday, May 13, 2011
Interfaces
Friday, May 13, 2011
Puppet Faces
Friday, May 13, 2011
A framework for exposing, combining,
and extending core Puppet functions and
data types
Friday, May 13, 2011
A collection of Faces that does this in Ruby
and on the CLI
Friday, May 13, 2011
Good: It directly exposes Puppet internals in a
hackable way
Friday, May 13, 2011
Bad: It directly exposes Puppet internals
Friday, May 13, 2011
Examples• puppet catalog find <host>• puppet facts upload• puppet certificate sign <host>• puppet file find <sum>
Friday, May 13, 2011
Easily extensible• puppet config info <name>• puppet catalog select <host> <type>• puppet file diff <sum> <sum>• puppet node clean <name>• puppet catalog diff <host> <host>
Friday, May 13, 2011
What we’re working on
Friday, May 13, 2011
Team and Community
Friday, May 13, 2011
Flattening the on-ramp
Friday, May 13, 2011
Ad-hocTooling
Friday, May 13, 2011
Cross-NodeApplications
Friday, May 13, 2011
Databases
Friday, May 13, 2011
ChangeLifecycle
Friday, May 13, 2011
Questions?
Friday, May 13, 2011