Puppet Conf 2012 - Managing Network Devices with Puppet

Download Puppet Conf 2012 - Managing Network Devices with Puppet

Post on 24-May-2015

2.847 views

Category:

Technology

10 download

Embed Size (px)

TRANSCRIPT

  • 1. Managing Network Devices Nan Liu // Sept. 27, 2012Monday, September 17, 12

2. Network Devices Why Puppet? Puppet Device Load Balancer Demo Developing Devices (Advanced)Monday, September 17, 12 3. Application Deployment Server + Puppet ??? Prot!Monday, September 17, 12 4. Missing Step? Linking Application ServicesMonday, September 17, 12 5. #puppetize Network Device + PuppetMonday, September 17, 12 6. Puppet Proxy Agent Certicates Retrieves Device Plugins Retrieves Device Catalog Connects to Device Apply Device Resources Reports to MasterMonday, September 17, 12 7. Proxy Agent Workow DeviceProxy AgentPuppet Master Device CertPlugins Device Connect Custom FactsCompile Catalog(functions) Apply Catalog Device resourcepuppet reportReport? Report Procesor FinishMonday, September 17, 12 8. Commands facter puppet resource puppet apply (maybe) puppet deviceMonday, September 17, 12 9. Device.conf $confdir/device.conf: [node1_name] type url [node2_name] type url Monday, September 17, 12 10. Device $vardir $vardir(/var/lib/puppet /var/opt/lib/pe-puppet) # tree ./devices f5.puppetlabs.lan client_yaml facts ssl stateMonday, September 17, 12 11. Puppet Resource Abstraction (Type/Provider) Declarative (Language) Idempotent (Enforcement)Monday, September 17, 12 12. Manifest v.s. GUIf5_pool { apt.puppetlabs.com:ensure=> present,action_on_service_down=> SERVICE_DOWN_ACTION_NONE,allow_nat_state => STATE_ENABLED,allow_snat_state=> STATE_ENABLED,client_ip_tos => 65535,client_link_qos => 65535,gateway_failsafe_unit_id=> 0,lb_method => LB_METHOD_ROUND_ROBIN,member=> {10.10.0.22:8080 => {...},10.10.0.23:8080 => {...},10.10.0.24:80 => {...}},minimum_active_member => 0,minimum_up_member => 0,minimum_up_member_action=> HA_ACTION_FAILOVER,minimum_up_member_enabled_state => STATE_DISABLED,monitor_association => {...},server_ip_tos => 65535,server_link_qos => 65535,simple_timeout=> 0,slow_ramp_time=> 10,}Monday, September 17, 12 13. Manifests = Text Version Control Auditing WorkowMonday, September 17, 12 14. Resource Demo export FACTER_url=https://admin:admin@f5/ puppet resource f5_*Monday, September 17, 12 15. Web Module web::site denition: define web::site ( $port = 80, # F5 pool member settings: $connection_limit = 0, $dynamic_ratio = 1, $priority= 0, $ratio = 1 ) { # setup web service. }Monday, September 17, 12 16. Web Server Nodes webservers nodes: node /^webserver21/ { web::site { apt.puppetlabs.com: port => 8080, } } node /^webserver22/ { web::site { apt.puppetlabs.com: port=> 80, connection_limit => 100, } web::site { yum.puppetlabs.com: port => 8080, } }Monday, September 17, 12 17. Composing Services Network Device = Nodes node f5.puppetlabs.lan { f5_virtualserver { apt.puppetlabs.com: ... } f5_pool { apt.puppetlabs.com: ... } f5_monitor { apt.puppetlabs.com: ... } }Monday, September 17, 12 18. Problem? f5_pool member ip address:Monday, September 17, 12 19. Export Resources? ONLY export/collect resources. f5_pool { apt.puppetlabs.com: ensure=> present, lb_method => LB_METHOD_ROUND_ROBIN, member=> { 10.10.0.22:8080 => {}, 10.10.0.23:8081 => {}, 10.10.0.24:80 => {}, }, } f5_poolmember ?Monday, September 17, 12 20. Resources Meta Type Puppet Resources: resources { f5_poolmember: purge => true, } Does not support Resource subset =/ purge poolmember in pool X ?Monday, September 17, 12 21. Query Puppet DB ruby-puppetdb: https://github.com/ripienaar/ruby-puppetdb puppetdb query: https://github.com/dalen/puppet- puppetdbqueryMonday, September 17, 12 22. Puppet Catalog Puppet Catalog = Resources + Relationship Facts + Manifests => compilation => CatalogFacts AgentMasterMonday, September 17, 12 23. Puppet Catalog Puppet Catalog = Resources + Relationship Facts + Manifests => compilation => Catalog Facts AgentMasterMonday, September 17, 12 24. Puppet Catalog Puppet Catalog = Resources + Relationship Facts + Manifests => compilation => Catalog AgentMasterMonday, September 17, 12 25. Puppet Catalog Puppet Catalog = Resources + Relationship Facts + Manifests => compilation => Catalog AgentMasterMonday, September 17, 12 26. Puppet Catalog Puppet Catalog = Resources + Relationship Facts + Manifests => compilation => Catalog AgentMasterMonday, September 17, 12 27. Puppet Catalog Puppet Catalog = Resources + Relationship Facts + Manifests => compilation => Catalog Catalog AgentMasterMonday, September 17, 12 28. Puppet Catalog Puppet Catalog = Resources + Relationship Facts + Manifests => compilation => Catalog Catalog AgentMasterMonday, September 17, 12 29. Puppet DB Stores all client catalogsMaster Puppet DB Web Server 1 Web Server 2Monday, September 17, 12 30. Puppet DB Stores all client catalogsMaster Puppet DB Web Server 1 Web Server 2Monday, September 17, 12 31. Puppet DB Stores all client catalogsMaster Puppet DB Web Server 1 Web Server 2Monday, September 17, 12 32. Puppet DB Stores all client catalogsMaster Puppet DB Web Server 1 Web Server 2Monday, September 17, 12 33. Puppet DB Stores all client catalogsMaster Puppet DB Web Server 1 Web Server 2Monday, September 17, 12 34. web::loadbalancerdefine web::loadbalancer ($site = $name,$address,$port = 80) {f5_virtualserver { $name:ensure=> present,connection_limit => 0,default_pool_name => $name,destination => "${address}:${port}",require => F5_pool[$name],}# $member = ???f5_pool { $name:ensure=> present,lb_method => LB_METHOD_ROUND_ROBIN,member=> $member,}}Monday, September 17, 12 35. Query Puppet DB puppet query resource --query=Class[web::server] --lter=Web::Site[apt.puppetlabs.com] --render-as yaml "Web::Site[apt.puppetlabs.com]":- parameters: port: "8080"nodes: - webserver22 - webserver23- parameters: port: "80" connection_limit: "100"nodes: - webserver24Monday, September 17, 12 36. Pool Member$ip_facts = query_facts(ipaddress, Class[web::server])$websites = query_resources(Class[web::server],"Web::Site[${site}]")$member = web_poolmember($ip_facts, $websites) Results { "10.0.2.24:80" => { "connection_limit" => "0", "ratio"=> "1", "priority" => "3", "dynamic_ratio"=> "1" }, "10.0.2.22:8080" => { "connection_limit" => "0", "ratio"=> "1", "priority" => "1", "dynamic_ratio"=> "1"} }Monday, September 17, 12 37. Device Node F5 node: node f5.puppetlabs.lan { web::loadbalancer { apt.puppetlabs.com: address => 192.168.1.200, } web::loadbalancer { yum.puppetlabs.com: address => 192.168.1.201, } web::loadbalancer { download.puppetlabs.com: address => 192.168.1.202, } }Monday, September 17, 12 38. Demo Update web::site deployment Update F5 LoadbalancerMonday, September 17, 12 39. Developing Devices WARNING: Recommend developing regular Puppet Type/Provider rst. Recommend developing regular Puppet Type/Provider rst. Recommend developing regular Puppet Type/Provider rst. Recommend developing regular Puppet Type/Provider rst. ... Puppet Type/Provider Session (Dan)Monday, September 17, 12 40. Developing Devices Transport Facter Type Provider (retrieve/set)Monday, September 17, 12 41. Transport device.conf [node_name] type url telnet ssh iControl (SOAP) (netconf)Monday, September 17, 12 42. Initialize Device puppet/util/network_device.rbclass Puppet::Util::NetworkDevice...def self.init(device)require "puppet/util/network_device/#{device.provider}/device"@current = Puppet::Util::NetworkDevice.const_get(device.provider.capitalize).const_get(:Device).new(device.url)rescue => detailraise "Cant load #{device.provider} for #{device.name}:#{detail}"endendMonday, September 17, 12 43. device.rb puppet/util/network_device//device.rb class Puppet::Util::NetworkDevice::Juniper attr_accessor :url, :transport def initialize(url) @url = URI.parse(url) @transport = Puppet::Util::NetworkDevice::Transport::Juniper.new end end def facts @facts ||= Puppet::Util::NetworkDevice::Transport::Juniper::facts.new(@transport) @facts.retrieve end endMonday, September 17, 12 44. Device Facts puppet/util/network_device//facts.rbMonday, September 17, 12 45. Type apply_to_all apply_to_host apply_to_devicePuppet::Type.newtype(:f5_monitor) do@doc = "Manage F5 monitor."apply_to_deviceensurable...newproperty(:template_state) dodesc "The monitor templates enabled/disabled states."newvalues(/^STATE_(DISABLED|ENABLED)$/)endendMonday, September 17, 12 46. Provider ssh/telnet: output = transport.command(sh interface) Access custom transport: def self.transport if Facter.value(:url) then Puppet.debug "F5: connecting via facter url." @device ||= Puppet::Util::NetworkDevice::F5::Device.new(Facter.value(:url)) else @device ||= Puppet::Util::NetworkDevice.current raise Puppet::Error, "Error Msg..." unless @device end @tranport = @device.transport endMonday, September 17, 12 47. Testing Puppet Resource (self.instances) Puppet Apply (apply_to_host)Monday, September 17, 12 48. Future Software dened infrastructure Systems (Google Compute Engine as Resource) Application (puppet agent) Network (puppet device)Monday, September 17, 12 49. Questions?Monday, September 17, 12 50. Thank you for attendingMonday, September 17, 12