11 Ways to Hack Puppet for Fun and Productivity - Luke Kanies - Velocity 2012
1. 11 Ways to hack
Puppet for Fun and
Luke Kanies
Founder and CEO, Puppet
Labs
Founder of Puppet
@puppetmasterd
luke@puppetlabs.com
2. Puppet
Deploy 1,800 machines in 2 hours
Mobile Phone vs. 25 machines per day with HP Investors
Company Opsware
Scaled from 0 to over 10,000
servers
in 2 months without training
287 servers per SysAdmin
vs. 19 for BMC BladeLogic
Over 50,000 systems
managed by Puppet
Financial Entertainment Technology Defense Web
18. Resource Abstraction
computer package
cron port
file resources
group router
host service
interface sshkey
k5login stage
mailalias user
maillist vcsrepo
mcx vlan
mount yumrepo
19. Cross Platform
Red Hat Solaris
Fedora OS X Windows
Debian AIX
Cisco
Ubuntu HP-UX
CentOS OpenBSD F5
SuSE FreeBSD
20. Workflow
1 Define: With Puppet's declarative
language you design a graph of
relationships between resources within
reusable modules. These modules define
your infrastructure in its desired state.
E
R AG
VE
CO
SE
EA
CR
IN
ND
E A
I T E R AT
4 Report: Puppet Dashboard reports 2 Simulate: With this resource
track relationships between graph, Puppet is unique in its
components and all changes, allowing ability to simulate deployments, enabling
you to keep up with security and you to test changes without disruption
compliance mandates. And with the to your infrastructure.
open API you can integrate Puppet with
third party monitoring tools.
CURRENT 3 Enforce: Puppet compares your
STATE system to the desired state as you
define it, and automatically enforces it
DESIRED
STATE to the desired state ensuring your system
is in compliance.
21. Change Propagation
Node
1 Facts
The node sends
normalized data
about itself to the
Puppet Master.
SSL secure 2 Catalog
Puppet uses the Facts to
encryption compile a Catalog that
on all data specifies how the node
transport should be configured.
Report 3
The node
reports back
to Puppet
indicating the
configuration is
complete, which
is visible in the Puppet
Puppet Dashboard. Master 4 Report Collector
(Puppet or 3rd party tool)
Report
can also send data
to third party tools.
40. Data
Node
1 Facts
The node sends
normalized data
about itself to the
Puppet Master.
SSL secure 2 Catalog
Puppet uses the Facts to
encryption compile a Catalog that
on all data specifies how the node
transport should be configured.
Report 3
The node
reports back
to Puppet
indicating the
configuration is
complete, which
is visible in the Puppet
Puppet Dashboard. Master 4 Report Collector
(Puppet or 3rd party tool)
Report
can also send data
to third party tools.
79. Controllable
Node
1 Facts
The node sends
normalized data
about itself to the
Puppet Master.
SSL secure 2 Catalog
Puppet uses the Facts to
encryption compile a Catalog that
on all data specifies how the node
transport should be configured.
Report 3
The node
reports back
to Puppet
indicating the
configuration is
complete, which
is visible in the Puppet
Puppet Dashboard. Master 4 Report Collector
(Puppet or 3rd party tool)
Report
can also send data
to third party tools.
Commercial tools built for the execs\nOSS built for the toolbuilders, or maybe advanced users\nWe needed a tool that everyone could use\n
We make decisions for you\n1000 knobs\nBrain, complexity blah blah blah\nComplexity through building blocks, rather than big things\n
Fundamental technology that everyone could build on\nThis presentation is largely about the platform aspects\n
Fear that the world would still look the same in 10 years\n- after all, it hadn’t changed much in the previous 10\n- rsh to ssh, but...\nEmbarrassment at how bad the state of IT was\nHatred of thinking SSH was a management tool\n
\n
We don’t want no-ops, we want pervasive ops, accessible ops\n
\n
\n
Remember when 1000 machines was a lot?\n1000 machines by Friday\n1000 machines every Friday\n
Remember maintenance windows?\n96% of outages are caused by human error\n
Air gap\nLeast privilege\nUntrusted clients\n
\n
Platonic ideal of a machine\n
\n
Full ruby DSL\n
Do you really care how RPM works?\nFull simulation mode\nDiscovery, diff, and change\nEasily extensible\nLots of custom types\n
\n
\n
Every half an hour\nHow change progresses through your infrastructure\nExplain:\nFacts\nCatalog\nReport\n
\n
Agent on all of your nodes\nOptional master for compilation, reporting, etc.\n- with no central master, no reporting\n- compilation can be distributed for load reasons\nDashboard is reporting\nForge for code sharing\nLots and lots of data\nAll modes share the same code paths\n
\n
\n
What we’re talking about today\n
\n
\n
\n
Focused on content, not form\nWant to be clear I haven’t sold out\n
\n
\n
These slides and examples prove I haven’t sold out\n
\n
\n
\n
\n
\n
750 GB of data per day\n
Every half an hour\nHow change progresses through your infrastructure\nExplain:\nFacts\nCatalog\nReport\n
Graph\nResources and dependencies`\n
\n
\n
\n
\n
\n
\n
\n
Unfortunately seems to be broken in 2.7.17\nWill be default in 3.0, hopefully\n
Remote files can change w/o affecting configuration\nEasily compare contents\nMuch less network traffic\n
Note the lots of files, throughout the conversation\n
Note that all conversation is up front, rather than on demand\n
Few file content changes, thus much more efficient\nHack because it’s complex\nBut will be default soon - seamless upgrade\nAll about performance and change control\n
\n
\n
29 lines of code\n8 line method does all the work\n
29 lines of code\n8 line method does all the work\n
\n
\n
\n
\n
\n
Simple, but...\nNote very reusable\nLots of content built into the shell script\n
Existing vcsrepo type that you should use for this\n
Better logs\nCreate and delete\nAuditing\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
Every half an hour\nHow change progresses through your infrastructure\nExplain:\nFacts\nCatalog\nReport\n