puppet camp seattle 2014: puppet: cloud infrastructure as code
DESCRIPTION
AndTRANSCRIPT
![Page 1: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/1.jpg)
Cloud Infrastructure
as Code
Andrew Parker
Puppet Labs
@aparker42
![Page 2: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/2.jpg)
In 1889
![Page 3: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/3.jpg)
![Page 4: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/4.jpg)
![Page 5: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/5.jpg)
Tickets please
![Page 6: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/6.jpg)
Eureka !
![Page 7: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/7.jpg)
Herman's Invention
![Page 8: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/8.jpg)
Herman, grows a Mustache
![Page 9: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/9.jpg)
The Tabulating Machine
![Page 10: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/10.jpg)
Automation makes IT better!
![Page 11: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/11.jpg)
![Page 12: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/12.jpg)
![Page 13: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/13.jpg)
![Page 14: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/14.jpg)
![Page 15: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/15.jpg)
![Page 16: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/16.jpg)
![Page 17: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/17.jpg)
![Page 18: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/18.jpg)
![Page 19: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/19.jpg)
![Page 20: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/20.jpg)
![Page 21: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/21.jpg)
![Page 22: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/22.jpg)
Puppet
A language and infrastructure
![Page 23: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/23.jpg)
Puppet Resources
• Describes the desired configuration state of
individual elements of the system being
managed
user { 'henrik': # A user named 'henrik'
ensure => present, # should exist
shell => '/bin/bash' # with this shell
}
![Page 24: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/24.jpg)
Puppet Resources
package{ 'apache2': # A packaged named 'apache2'
ensure => present # should be installed
}
![Page 25: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/25.jpg)
Puppet Language
• The Puppet Language has constructs to
– compose sets of resources into classes
– define order of operations on resources
– define custom resources
![Page 26: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/26.jpg)
Common Pattern; Package, File,
Service
class webserver {
package{ 'apache2':
ensure => present
}
file { '/etc/apache2/apache2.conf':
content => template('apache2/apache2.erb'),
require => Package['apache2']
}
service { 'apache2':
ensure => running,
subscribe => File['/etc/apache2/apache2.conf']
}
}
![Page 27: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/27.jpg)
Presto – a Web Server
• Now we can build a webserver with this:
node kermit.example.com {
include webserver
}
![Page 28: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/28.jpg)
Infra == Code == Text
![Page 29: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/29.jpg)
Infra == Code == Text
![Page 30: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/30.jpg)
Infra == Code == Text
![Page 31: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/31.jpg)
![Page 32: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/32.jpg)
Cloud Infrastructure
(as Code)
![Page 33: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/33.jpg)
Turtles All The Way Down
![Page 34: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/34.jpg)
Turtles All The Way Down
Cloud
![Page 35: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/35.jpg)
Google Compute Engine
• Express infrastructure as
– VM Instances
– Networks
– Firewalls
– Disks
![Page 36: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/36.jpg)
Build your own?
puppet module install puppetlabs-gce_compute
![Page 37: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/37.jpg)
A Disk
gce_disk { 'mydisk':
ensure => present,
size_gb => '2'
}
![Page 38: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/38.jpg)
A Network
gce_network { 'mynetwork':
ensure => present,
gateway => '10.0.1.1',
range => '10.0.1.0/24'
}
![Page 39: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/39.jpg)
An Instance
gce_instance { 'myinstance':
ensure => present,
zone => 'us-central1-a',
machine => 'n1-standard-1',
image => "${images}/ubuntu-12-04-v20120621"
}
![Page 40: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/40.jpg)
New Pattern; Network, Firewall,
(Disk), Instance
class app_stack {
gce_network { 'appnet':
ensure => present,
range => '10.0.1.0/24'
} ->
gce_firewall { 'webhttp':
ensure => present,
allow => 'tcp:80',
network => 'appnet'
} ->
gce_instance { 'server1':
ensure => present,
network => 'appnet'
}
}
![Page 41: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/41.jpg)
Turtles All The Way Down
Application
Cloud
![Page 42: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/42.jpg)
Modules & Classes
gce_instance { 'myinstance':
ensure => present,
. . .
modules => [ 'puppetlabs-mysql',
'martasd/mediawiki',
. . .
],
enc_classes => {
mediawiki => {server_name => "$gce_external_ip"}
}
}
![Page 43: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/43.jpg)
Turtles All The Way Down
Puppet
Cloud
![Page 44: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/44.jpg)
Setting up a master
gce_instance { 'pe-master':
ensure => present,
. . .
startupscript => ‘puppet-enterprise.sh’,
metadata => {
‘pe_role’ => ‘master’, ‘pe_version’ => ‘3.6.1’ }
}
gce_instance { ‘agent-1’:
ensure => present,
. . .
startupscript => ‘puppet-enterprise.sh’,
metadata => {
‘pe_role’ => ‘agent’, ‘pe_version’ => ‘3.6.1’,
‘pe_master’ => ‘pe-master’ }
}
![Page 45: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/45.jpg)
Turtles All The Way Down
Application
Puppet
Cloud
![Page 46: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/46.jpg)
Security 90s Style
Master
Agent
Agent
![Page 47: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/47.jpg)
Autosign# Whether (and how) to autosign certificate requests.
# This setting
# is only relevant on a puppet master acting as a
# certificate authority (CA).
#
# Valid values are true (autosigns all certificate
# requests; not recommended),
# false (disables autosigning certificates), or the
# absolute path to a file.
[master]
autosign = true
![Page 48: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/48.jpg)
Autosign# Whether (and how) to autosign certificate requests.
# This setting
# is only relevant on a puppet master acting as a
# certificate authority (CA).
#
# Valid values are true (autosigns all certificate
# requests; not recommended),
# false (disables autosigning certificates), or the
# absolute path to a file.
[master]
autosign = $confdir/autosign.conf
![Page 49: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/49.jpg)
Autosign# Whether (and how) to autosign certificate requests.
# This setting
# is only relevant on a puppet master acting as a
# certificate authority (CA).
#
# Valid values are true (autosigns all certificate
# requests; not recommended),
# false (disables autosigning certificates), or the
# absolute path to a file.
[master]
autosign = $confdir/my_autosign
trusted_node_data = true
[agent]
csr_attributes = $confdir/csr_attributes.yaml
![Page 50: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/50.jpg)
Autosign
# Produce attributes for the csr based on instance
metadata
MD="http://metadata/computeMetadata/v1/instance"
INSTANCE=$(curl -fs -H "Metadata-Flavor: Google"
$MD/zone)
NAME=$(curl -fs -H "Metadata-Flavor: Google"
$MD/attributes/puppet_instancename)
UUID=$(curl -fs -H "Metadata-Flavor: Google" $MD/id)
cat > $PUPPET_DIR/csr_attributes.yaml <<END
custom_attributes:
![Page 51: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/51.jpg)
Autosign
# Produce attributes for the csr based on instance
metadata
MD="http://metadata/computeMetadata/v1/instance"
INSTANCE=$(curl -fs -H "Metadata-Flavor: Google"
$MD/zone)
NAME=$(curl -fs -H "Metadata-Flavor: Google"
$MD/attributes/puppet_instancename)
UUID=$(curl -fs -H "Metadata-Flavor: Google" $MD/id)
cat > $PUPPET_DIR/csr_attributes.yaml <<END
custom_attributes:
![Page 52: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/52.jpg)
Trust your data
Master Agent
CSR
Certificate
Facts/Certificate
Catalog
![Page 53: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/53.jpg)
Why do this?
• How fast can you change?
• How frequent?
• At what cost?
• What is your level of automation?
![Page 54: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/54.jpg)
So what became of Herman Hollerith?
![Page 55: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/55.jpg)
![Page 56: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/56.jpg)
So what became of Herman Hollerith?
![Page 57: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/57.jpg)
So what became of Herman Hollerith?
![Page 58: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/58.jpg)
Questions ?
![Page 59: Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code](https://reader033.vdocuments.mx/reader033/viewer/2022060121/5594533b1a28abe14f8b4768/html5/thumbnails/59.jpg)
Puppetize!