SlideShare a Scribd company logo

Puppet camp london nov 2014 slides (1)

Puppet
Puppet
1 of 19
Download to read offline
FROM ZERO TO DELIVERY IN A LARGE ENTERPRISE PUPPET CAMP LONDON ALAN SCHWARZENBERGER (Head of Engineering – Tools & Automation) CHRIS SPENCE (All round nice guy) 17th NOVEMBER 2014
Outline - Background •Scale –many applications –each application has multiple contributing groups –many data centres around globe –many servers (>10k) •Complexity –many OS image variants –competing solutions from different teams –most products are 24x7 •Organisational tension •Previous failed attempts (not puppet) 2
Outline – Why & Aims •Why? –Simplify delivery to decrease cost, effort and time –Improve quality & transparency of change implementation –Standardise the way that change is performed –Introduce common workflows •Aims –Automated deployments & configuration management –Standard open source tools –Replace non-scalable legacy tools –Provide consistency from dev through to production –Modular and loosely coupled –Self service –Single scaled platform 3
Outline – Starting point •Previous toolsets –didn't scale, hard to workflow, hard to use •Small pockets of Puppet, Chef, Rundeck etc •Greenfield site for Puppet •Other initiatives informed solution –data aggregator –release management UI •External integrations with other tools using REST api •Workflow implied by overall data model and business structures •Multi-tenant problems 4
Design & Architecture •Puppet master solution, with Hiera and External Node Classifier •Resilient, horizontally scaled (mix of DNS, F5, Apache) •MoM, Compilers, Puppet DB, Puppet Dashboard •Directory Environments •Separate artifact distribution with caches around the globe –This could be a talk all on its own! –It turns out distributing things is hard. •Servers modelled in hiera, templated configuration 5 puppetmaster::servers: puppetmaster: upg-dev-moma.amers1.ciscloud servers: compiler1: group: compilers compiler2: group: compilers mom1: group: mom primary: true mom2: group: mom
Filling in the missing bits •Hiera at scale •Resilient CA •Handling server-side Ruby •Resilient & scaled PuppetDB •Merging Hiera from multiple contributors into a directory environment •Aggregating puppet code from multiple contributors for one stack •How do you release? –Components and Component Versions –Component Stacks, Component Stack Versions –Deployment Groups 6
Filling in the missing bits – Hiera at scale •Don’t put every value into Hiera –consider performance implications –keep values tightly coupled to code in the code •Use for what changes in different builds •Our chosen hierarchy: 7 --- :hierarchy: - "host/%{::fqdn}" - "server_type/%{server_type}/server_environment_class/%{server_environment_class}/deployment_location_code/%{deployment_location_code}" - "server_type/%{server_type}/server_environment_class/%{server_environment_class}" - "server_environment_class/%{server_environment_class}/deployment_location_code/%{deployment_location_code}" - "server_environment_class/%{server_environment_class}/server_environment_class_instance/%{server_environment_class_instance}" - "server_type/%{server_type}" - "deployment_location_code/%{deployment_location_code}" - "server_environment_class/%{server_environment_class}/region/%{region}" - "server_environment_class/%{server_environment_class}" - default :backends: - yaml :yaml: :datadir: "/platform/puppet/hieradata/%{::environment}" :merge_behavior: deeper
Filling in the missing bits – Resilient CA •Building a resilient pair of CA servers –Uses the Puppet CA –You can’t just rsync! –CAsync! •Copies certificates •Merges the inventory files •Works out latest CRL –Don’t forget the serial number offset! 8
Filling in the missing bits – Server-side Ruby •Server-side ruby is immutable – only one version! –functions, types, providers, core Puppet modules (inc forge modules) –Directory Environments – use basemodulepath for the server-side ruby –Multiple teams must contribute server side ruby to a single place 9
Filling in the missing bits – Scaling PuppetDB •PuppetDB with read slaves •Puppetlabs modules with a wrapper class •Set up PostgreSQL write ahead log (WAL) archiving 10
Filling in the missing bits – Merge & Aggregate •Merging Hiera from multiple contributors into a directory environment –Hieramerge - deep merge hashes –right to left priority wins •Aggregating puppet code from multiple contributors for one stack –Components, component stacks and deployment groups 11 foo = HieraMerge.new foo.dirs = [ "/base/module/path/hieradata", "/thing/otherthing/1.6.6.6/hieradata", "/thing/penguinthing/1.2.3/hieradata” ] foo.target = "/out/put/hieradata" foo.merge
How do you release? •How do you release software? –Components – what we release, e.g. MyWebApp –Component Versions – a point version MyWebApp-1.3.37 •That’s probably pretty normal •But we’re releasing multiple apps at a time from different groups –Component Stacks – MyWebApp + Monitoring –Component Stack Versions – MyWebApp 1.3.37 + Monitoring version 9 12
Components •Components –discrete sets of functionality –informed by organisation structures & application responsiblities •Component Versions –a release, published version of a discrete set of functionality –expected to be self contained without external dependencies other than on the base module –consumed into an rpm and become immutable ( Jordan Sissel for FPM) –never deployed on their own unless they are put in a component stack 13 { component: "winning", versionvalidated: "true", componentreleaseversion: "1.3.37", packageurl: "http://gitserver.mcgitserver/project/winning.git" }, { component: "losing", versionvalidated: "false", componentreleaseversion: "6.6.6", packageurl: "http://gitserver.mcgitserver/otherproject/losing.git", versionvalidationerror: "failed to download modules" },
Component Stacks & Deployment Groups •Component Stacks –one or more components which together describe the desired overall state of node •Component Stack Version –A release, published version of code, RPM packaged –rpm contains: •the hieradata, merged with hieramerge •an environment.conf •RPM dependencies to component versions –at install time use yum for dependency resolution –reuse of different component versions across stacks –component stack version becomes a Puppet Directory Environment •Deployment Group –nodes that need same component stack version –nodes that will be upgraded together (eg A/B side) –ENC integration – deploymentgroup controls which component stack version a node gets 14 { version: "9.1.1", versionvalidated: "true", componentstackname: "nigel", componentversion: [ { component: { component: "allyourbase", versionvalidated: "true", componentreleaseversion: "22.7”, }, { component: { component: "arebelongtous", versionvalidated: "true", componentreleaseversion: "3.141", }, ], }
Build workflow •Jenkins build server in full control –Remove deploy-time dependency on version control system & build server –Enforces immutability at point in time –BYO version control system (gitlab/github/svn) •driven from data in the data layer •we support reading from git directly (r10k) •we support people doing their own thing and giving us an artifact (tar/zip) 15
What’s the process? •Workflow –Component version built into rpm –Component versions built into a stack rpm with merged hieradata –Component stacks installed on puppetmasters using puppet –Stateful description of all versions of all apps/states through data layer –Validated/deprecated releases are marked –Data available to puppet master, so we can install and purge stacks using puppet and yum •We are treating Puppet releases as Software releases 16
Other interesting things •Standard internal Travis-CI like per repo testing •Self-service development for groups –managed dev master pinned to production release –has own CA, so downstream is independent –no ENC –iterate on published componentstackversions –quick iteration/self-service/pre-publish •Custom reporting events into the data layer 17 begin config = YAML::load_file '.config.yaml' rescue Errno::ENOENT config = {} end command = config['command'] ? config['command'] : 'rake lint && rake syntax' [command].flatten.each do |check| system(check) returnvalue = $? unless returnvalue.exitstatus == 0 exit(1) end end
Future and next steps •Adoption – going from 200 to >10000 nodes •Reporting into data layer from PuppetDB for a custom dashboard •Component dependencies because currently hidden/not explicit •User experience of building stacks needs improving •Fully automated acceptance testing –rspec-puppet gives some guarantees •Open sourcing interesting, novel & useful things –casync –hieramerge •Resolving split responsibility between OS and app 18
Contact us 19 Alan Schwarzenberger alan.schwarzenberger@thomsonreuters.com Or via LinkedIn Chris Spence github.com/fiddyspence chris.spence@thomsonreuters.com Or via LinkedIn

Recommended

3 Git
3 Git3 Git
3 GitFabio Fumarola
 
Develop with linux containers and docker
Develop with linux containers and dockerDevelop with linux containers and docker
Develop with linux containers and dockerFabio Fumarola
 
Chef, Vagrant and Friends
Chef, Vagrant and FriendsChef, Vagrant and Friends
Chef, Vagrant and FriendsBen McRae
 
Linux containers and docker
Linux containers and dockerLinux containers and docker
Linux containers and dockerFabio Fumarola
 
Dockerize All The Things
Dockerize All The ThingsDockerize All The Things
Dockerize All The ThingsChris Tankersley
 
CfgMgmtCamp 2015 - Managing the Content Lifecycle with Katello
CfgMgmtCamp 2015 - Managing the Content Lifecycle with KatelloCfgMgmtCamp 2015 - Managing the Content Lifecycle with Katello
CfgMgmtCamp 2015 - Managing the Content Lifecycle with KatelloStephen Benjamin
 
Using puppet, foreman and git to develop and operate a large scale internet s...
Using puppet, foreman and git to develop and operate a large scale internet s...Using puppet, foreman and git to develop and operate a large scale internet s...
Using puppet, foreman and git to develop and operate a large scale internet s...techblog
 
Deploying Hadoop-Based Bigdata Environments
Deploying Hadoop-Based Bigdata EnvironmentsDeploying Hadoop-Based Bigdata Environments
Deploying Hadoop-Based Bigdata EnvironmentsPuppet
 

Recommended

3 Git
3 Git3 Git
3 GitFabio Fumarola
 
Develop with linux containers and docker
Develop with linux containers and dockerDevelop with linux containers and docker
Develop with linux containers and dockerFabio Fumarola
 
Chef, Vagrant and Friends
Chef, Vagrant and FriendsChef, Vagrant and Friends
Chef, Vagrant and FriendsBen McRae
 
Linux containers and docker
Linux containers and dockerLinux containers and docker
Linux containers and dockerFabio Fumarola
 
Dockerize All The Things
Dockerize All The ThingsDockerize All The Things
Dockerize All The ThingsChris Tankersley
 
CfgMgmtCamp 2015 - Managing the Content Lifecycle with Katello
CfgMgmtCamp 2015 - Managing the Content Lifecycle with KatelloCfgMgmtCamp 2015 - Managing the Content Lifecycle with Katello
CfgMgmtCamp 2015 - Managing the Content Lifecycle with KatelloStephen Benjamin
 
Using puppet, foreman and git to develop and operate a large scale internet s...
Using puppet, foreman and git to develop and operate a large scale internet s...Using puppet, foreman and git to develop and operate a large scale internet s...
Using puppet, foreman and git to develop and operate a large scale internet s...techblog
 
Deploying Hadoop-Based Bigdata Environments
Deploying Hadoop-Based Bigdata EnvironmentsDeploying Hadoop-Based Bigdata Environments
Deploying Hadoop-Based Bigdata EnvironmentsPuppet
 
Automated Deployment and Configuration Engines. Ansible
Automated Deployment and Configuration Engines. AnsibleAutomated Deployment and Configuration Engines. Ansible
Automated Deployment and Configuration Engines. AnsibleAlberto Molina Coballes
 
Kash Kubernetified
Kash KubernetifiedKash Kubernetified
Kash KubernetifiedMichael Wojcikiewicz
 
Apache development with GitHub and Travis CI
Apache development with GitHub and Travis CIApache development with GitHub and Travis CI
Apache development with GitHub and Travis CIJukka Zitting
 
Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...
Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...
Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...StreamNative
 
Spot Trading - A case study in continuous delivery for mission critical finan...
Spot Trading - A case study in continuous delivery for mission critical finan...Spot Trading - A case study in continuous delivery for mission critical finan...
Spot Trading - A case study in continuous delivery for mission critical finan...SaltStack
 
Configuration manager presentation
Configuration manager presentationConfiguration manager presentation
Configuration manager presentationjeyg
 
Apache Curator: Past, Present and Future
Apache Curator: Past, Present and FutureApache Curator: Past, Present and Future
Apache Curator: Past, Present and FutureJordan Zimmerman
 
Chef: Smart infrastructure automation
Chef: Smart infrastructure automationChef: Smart infrastructure automation
Chef: Smart infrastructure automationJohannes H. P. Skov Frandsen
 
Automated MySQL failover with MHA: Getting started & moving past its quirks
Automated MySQL failover with MHA: Getting started & moving past its quirksAutomated MySQL failover with MHA: Getting started & moving past its quirks
Automated MySQL failover with MHA: Getting started & moving past its quirksColin Charles
 
SaltConf14 - Eric johnson, Google - Orchestrating Google Compute Engine with ...
SaltConf14 - Eric johnson, Google - Orchestrating Google Compute Engine with ...SaltConf14 - Eric johnson, Google - Orchestrating Google Compute Engine with ...
SaltConf14 - Eric johnson, Google - Orchestrating Google Compute Engine with ...SaltStack
 
Puppet & Perforce: Versioning Everything for Deployments
Puppet & Perforce: Versioning Everything for DeploymentsPuppet & Perforce: Versioning Everything for Deployments
Puppet & Perforce: Versioning Everything for DeploymentsPerforce
 
Integrate Openshift with Cloudforms
Integrate Openshift with CloudformsIntegrate Openshift with Cloudforms
Integrate Openshift with CloudformsMichael Lessard
 
Apache Kafka
Apache KafkaApache Kafka
Apache KafkaJoe Stein
 
Best Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker ContainersBest Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker ContainersBlueData, Inc.
 
PuppetCamp SEA 1 - Using Vagrant, Puppet, Testing & Hadoop
PuppetCamp SEA 1 - Using Vagrant, Puppet, Testing & HadoopPuppetCamp SEA 1 - Using Vagrant, Puppet, Testing & Hadoop
PuppetCamp SEA 1 - Using Vagrant, Puppet, Testing & HadoopWalter Heck
 
Running Cloudbreak on Kubernetes
Running Cloudbreak on KubernetesRunning Cloudbreak on Kubernetes
Running Cloudbreak on KubernetesFuture of Data Meetup
 
Discover Kafka on OpenShift: Processing Real-Time Financial Events at Scale (...
Discover Kafka on OpenShift: Processing Real-Time Financial Events at Scale (...Discover Kafka on OpenShift: Processing Real-Time Financial Events at Scale (...
Discover Kafka on OpenShift: Processing Real-Time Financial Events at Scale (...confluent
 
Virtual CD4PE Workshop
Virtual CD4PE WorkshopVirtual CD4PE Workshop
Virtual CD4PE WorkshopPuppet
 
Configuration Management Evolution at CERN
Configuration Management Evolution at CERNConfiguration Management Evolution at CERN
Configuration Management Evolution at CERNGavin McCance
 
SaltConf14 - Ryan Lane, Wikimedia - Immediate consistency with Trebuchet Depl...
SaltConf14 - Ryan Lane, Wikimedia - Immediate consistency with Trebuchet Depl...SaltConf14 - Ryan Lane, Wikimedia - Immediate consistency with Trebuchet Depl...
SaltConf14 - Ryan Lane, Wikimedia - Immediate consistency with Trebuchet Depl...SaltStack
 
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018Mandi Walls
 
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...OpenShift Origin
 

More Related Content

What's hot

Automated Deployment and Configuration Engines. Ansible
Automated Deployment and Configuration Engines. AnsibleAutomated Deployment and Configuration Engines. Ansible
Automated Deployment and Configuration Engines. AnsibleAlberto Molina Coballes
 
Apache development with GitHub and Travis CI
Apache development with GitHub and Travis CIApache development with GitHub and Travis CI
Apache development with GitHub and Travis CIJukka Zitting
 
Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...
Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...
Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...StreamNative
 
Spot Trading - A case study in continuous delivery for mission critical finan...
Spot Trading - A case study in continuous delivery for mission critical finan...Spot Trading - A case study in continuous delivery for mission critical finan...
Spot Trading - A case study in continuous delivery for mission critical finan...SaltStack
 
Configuration manager presentation
Configuration manager presentationConfiguration manager presentation
Configuration manager presentationjeyg
 
Apache Curator: Past, Present and Future
Apache Curator: Past, Present and FutureApache Curator: Past, Present and Future
Apache Curator: Past, Present and FutureJordan Zimmerman
 
Automated MySQL failover with MHA: Getting started & moving past its quirks
Automated MySQL failover with MHA: Getting started & moving past its quirksAutomated MySQL failover with MHA: Getting started & moving past its quirks
Automated MySQL failover with MHA: Getting started & moving past its quirksColin Charles
 
SaltConf14 - Eric johnson, Google - Orchestrating Google Compute Engine with ...
SaltConf14 - Eric johnson, Google - Orchestrating Google Compute Engine with ...SaltConf14 - Eric johnson, Google - Orchestrating Google Compute Engine with ...
SaltConf14 - Eric johnson, Google - Orchestrating Google Compute Engine with ...SaltStack
 
Puppet & Perforce: Versioning Everything for Deployments
Puppet & Perforce: Versioning Everything for DeploymentsPuppet & Perforce: Versioning Everything for Deployments
Puppet & Perforce: Versioning Everything for DeploymentsPerforce
 
Integrate Openshift with Cloudforms
Integrate Openshift with CloudformsIntegrate Openshift with Cloudforms
Integrate Openshift with CloudformsMichael Lessard
 
Apache Kafka
Apache KafkaApache Kafka
Apache KafkaJoe Stein
 
Best Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker ContainersBest Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker ContainersBlueData, Inc.
 
PuppetCamp SEA 1 - Using Vagrant, Puppet, Testing & Hadoop
PuppetCamp SEA 1 - Using Vagrant, Puppet, Testing & HadoopPuppetCamp SEA 1 - Using Vagrant, Puppet, Testing & Hadoop
PuppetCamp SEA 1 - Using Vagrant, Puppet, Testing & HadoopWalter Heck
 
Discover Kafka on OpenShift: Processing Real-Time Financial Events at Scale (...
Discover Kafka on OpenShift: Processing Real-Time Financial Events at Scale (...Discover Kafka on OpenShift: Processing Real-Time Financial Events at Scale (...
Discover Kafka on OpenShift: Processing Real-Time Financial Events at Scale (...confluent
 
Virtual CD4PE Workshop
Virtual CD4PE WorkshopVirtual CD4PE Workshop
Virtual CD4PE WorkshopPuppet
 
Configuration Management Evolution at CERN
Configuration Management Evolution at CERNConfiguration Management Evolution at CERN
Configuration Management Evolution at CERNGavin McCance
 
SaltConf14 - Ryan Lane, Wikimedia - Immediate consistency with Trebuchet Depl...
SaltConf14 - Ryan Lane, Wikimedia - Immediate consistency with Trebuchet Depl...SaltConf14 - Ryan Lane, Wikimedia - Immediate consistency with Trebuchet Depl...
SaltConf14 - Ryan Lane, Wikimedia - Immediate consistency with Trebuchet Depl...SaltStack
 

What's hot (20)

Automated Deployment and Configuration Engines. Ansible
Automated Deployment and Configuration Engines. AnsibleAutomated Deployment and Configuration Engines. Ansible
Automated Deployment and Configuration Engines. Ansible
 
Kash Kubernetified
Kash KubernetifiedKash Kubernetified
Kash Kubernetified
 
Apache development with GitHub and Travis CI
Apache development with GitHub and Travis CIApache development with GitHub and Travis CI
Apache development with GitHub and Travis CI
 
Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...
Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...
Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...
 
Spot Trading - A case study in continuous delivery for mission critical finan...
Spot Trading - A case study in continuous delivery for mission critical finan...Spot Trading - A case study in continuous delivery for mission critical finan...
Spot Trading - A case study in continuous delivery for mission critical finan...
 
Configuration manager presentation
Configuration manager presentationConfiguration manager presentation
Configuration manager presentation
 
Apache Curator: Past, Present and Future
Apache Curator: Past, Present and FutureApache Curator: Past, Present and Future
Apache Curator: Past, Present and Future
 
Chef: Smart infrastructure automation
Chef: Smart infrastructure automationChef: Smart infrastructure automation
Chef: Smart infrastructure automation
 
Automated MySQL failover with MHA: Getting started & moving past its quirks
Automated MySQL failover with MHA: Getting started & moving past its quirksAutomated MySQL failover with MHA: Getting started & moving past its quirks
Automated MySQL failover with MHA: Getting started & moving past its quirks
 
SaltConf14 - Eric johnson, Google - Orchestrating Google Compute Engine with ...
SaltConf14 - Eric johnson, Google - Orchestrating Google Compute Engine with ...SaltConf14 - Eric johnson, Google - Orchestrating Google Compute Engine with ...
SaltConf14 - Eric johnson, Google - Orchestrating Google Compute Engine with ...
 
Puppet & Perforce: Versioning Everything for Deployments
Puppet & Perforce: Versioning Everything for DeploymentsPuppet & Perforce: Versioning Everything for Deployments
Puppet & Perforce: Versioning Everything for Deployments
 
Integrate Openshift with Cloudforms
Integrate Openshift with CloudformsIntegrate Openshift with Cloudforms
Integrate Openshift with Cloudforms
 
Apache Kafka
Apache KafkaApache Kafka
Apache Kafka
 
Best Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker ContainersBest Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker Containers
 
PuppetCamp SEA 1 - Using Vagrant, Puppet, Testing & Hadoop
PuppetCamp SEA 1 - Using Vagrant, Puppet, Testing & HadoopPuppetCamp SEA 1 - Using Vagrant, Puppet, Testing & Hadoop
PuppetCamp SEA 1 - Using Vagrant, Puppet, Testing & Hadoop
 
Running Cloudbreak on Kubernetes
Running Cloudbreak on KubernetesRunning Cloudbreak on Kubernetes
Running Cloudbreak on Kubernetes
 
Discover Kafka on OpenShift: Processing Real-Time Financial Events at Scale (...
Discover Kafka on OpenShift: Processing Real-Time Financial Events at Scale (...Discover Kafka on OpenShift: Processing Real-Time Financial Events at Scale (...
Discover Kafka on OpenShift: Processing Real-Time Financial Events at Scale (...
 
Virtual CD4PE Workshop
Virtual CD4PE WorkshopVirtual CD4PE Workshop
Virtual CD4PE Workshop
 
Configuration Management Evolution at CERN
Configuration Management Evolution at CERNConfiguration Management Evolution at CERN
Configuration Management Evolution at CERN
 
SaltConf14 - Ryan Lane, Wikimedia - Immediate consistency with Trebuchet Depl...
SaltConf14 - Ryan Lane, Wikimedia - Immediate consistency with Trebuchet Depl...SaltConf14 - Ryan Lane, Wikimedia - Immediate consistency with Trebuchet Depl...
SaltConf14 - Ryan Lane, Wikimedia - Immediate consistency with Trebuchet Depl...
 

Similar to Puppet camp london nov 2014 slides (1)

Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018Mandi Walls
 
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...OpenShift Origin
 
Fluo CICD OpenStack Summit
Fluo CICD OpenStack SummitFluo CICD OpenStack Summit
Fluo CICD OpenStack SummitMiguel Zuniga
 
Packaging perl (LPW2010)
Packaging perl (LPW2010)Packaging perl (LPW2010)
Packaging perl (LPW2010)p3castro
 
Bootstrapping Puppet and Application Deployment - PuppetConf 2013
Bootstrapping Puppet and Application Deployment - PuppetConf 2013Bootstrapping Puppet and Application Deployment - PuppetConf 2013
Bootstrapping Puppet and Application Deployment - PuppetConf 2013Puppet
 
From SaltStack to Puppet and beyond...
From SaltStack to Puppet and beyond...From SaltStack to Puppet and beyond...
From SaltStack to Puppet and beyond...Yury Bushmelev
 
Real time Analytics with Apache Kafka and Apache Spark
Real time Analytics with Apache Kafka and Apache SparkReal time Analytics with Apache Kafka and Apache Spark
Real time Analytics with Apache Kafka and Apache SparkRahul Jain
 
Continuing Evolution of Perl: Highlights of ActivePerl 5.14
Continuing Evolution of Perl: Highlights of ActivePerl 5.14Continuing Evolution of Perl: Highlights of ActivePerl 5.14
Continuing Evolution of Perl: Highlights of ActivePerl 5.14ActiveState
 
KubeCon 2017: Kubernetes from Dev to Prod
KubeCon 2017: Kubernetes from Dev to ProdKubeCon 2017: Kubernetes from Dev to Prod
KubeCon 2017: Kubernetes from Dev to ProdSubhas Dandapani
 
IBM InterConnect 2015 - IIB in the Cloud
IBM InterConnect 2015 - IIB in the CloudIBM InterConnect 2015 - IIB in the Cloud
IBM InterConnect 2015 - IIB in the CloudAndrew Coleman
 
Spring Roo Add-On Development & Distribution
Spring Roo Add-On Development & DistributionSpring Roo Add-On Development & Distribution
Spring Roo Add-On Development & DistributionStefan Schmidt
 
SCM Puppet: from an intro to the scaling
SCM Puppet: from an intro to the scalingSCM Puppet: from an intro to the scaling
SCM Puppet: from an intro to the scalingStanislav Osipov
 
Deployer - Deployment tool for PHP
Deployer - Deployment tool for PHPDeployer - Deployment tool for PHP
Deployer - Deployment tool for PHPhernanibf
 
Deploying Symfony2 app with Ansible
Deploying Symfony2 app with AnsibleDeploying Symfony2 app with Ansible
Deploying Symfony2 app with AnsibleRoman Rodomansky
 
Docker based Architecture by Denys Serdiuk
Docker based Architecture by Denys SerdiukDocker based Architecture by Denys Serdiuk
Docker based Architecture by Denys SerdiukLohika_Odessa_TechTalks
 
OpenStack Summit 2013 Hong Kong - OpenStack and Windows
OpenStack Summit 2013 Hong Kong - OpenStack and WindowsOpenStack Summit 2013 Hong Kong - OpenStack and Windows
OpenStack Summit 2013 Hong Kong - OpenStack and WindowsAlessandro Pilotti
 
Puppet control-repo 
to the next level
Puppet control-repo 
to the next levelPuppet control-repo 
to the next level
Puppet control-repo 
to the next levelAlessandro Franceschi
 
Our Puppet Story (Linuxtag 2014)
Our Puppet Story (Linuxtag 2014)Our Puppet Story (Linuxtag 2014)
Our Puppet Story (Linuxtag 2014)DECK36
 
Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)DECK36
 

Similar to Puppet camp london nov 2014 slides (1) (20)

Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
 
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
 
Fluo CICD OpenStack Summit
Fluo CICD OpenStack SummitFluo CICD OpenStack Summit
Fluo CICD OpenStack Summit
 
Packaging perl (LPW2010)
Packaging perl (LPW2010)Packaging perl (LPW2010)
Packaging perl (LPW2010)
 
Bootstrapping Puppet and Application Deployment - PuppetConf 2013
Bootstrapping Puppet and Application Deployment - PuppetConf 2013Bootstrapping Puppet and Application Deployment - PuppetConf 2013
Bootstrapping Puppet and Application Deployment - PuppetConf 2013
 
From SaltStack to Puppet and beyond...
From SaltStack to Puppet and beyond...From SaltStack to Puppet and beyond...
From SaltStack to Puppet and beyond...
 
Real time Analytics with Apache Kafka and Apache Spark
Real time Analytics with Apache Kafka and Apache SparkReal time Analytics with Apache Kafka and Apache Spark
Real time Analytics with Apache Kafka and Apache Spark
 
Continuing Evolution of Perl: Highlights of ActivePerl 5.14
Continuing Evolution of Perl: Highlights of ActivePerl 5.14Continuing Evolution of Perl: Highlights of ActivePerl 5.14
Continuing Evolution of Perl: Highlights of ActivePerl 5.14
 
KubeCon 2017: Kubernetes from Dev to Prod
KubeCon 2017: Kubernetes from Dev to ProdKubeCon 2017: Kubernetes from Dev to Prod
KubeCon 2017: Kubernetes from Dev to Prod
 
IBM InterConnect 2015 - IIB in the Cloud
IBM InterConnect 2015 - IIB in the CloudIBM InterConnect 2015 - IIB in the Cloud
IBM InterConnect 2015 - IIB in the Cloud
 
Spring Roo Add-On Development & Distribution
Spring Roo Add-On Development & DistributionSpring Roo Add-On Development & Distribution
Spring Roo Add-On Development & Distribution
 
SCM Puppet: from an intro to the scaling
SCM Puppet: from an intro to the scalingSCM Puppet: from an intro to the scaling
SCM Puppet: from an intro to the scaling
 
Deployer - Deployment tool for PHP
Deployer - Deployment tool for PHPDeployer - Deployment tool for PHP
Deployer - Deployment tool for PHP
 
Deploying Symfony2 app with Ansible
Deploying Symfony2 app with AnsibleDeploying Symfony2 app with Ansible
Deploying Symfony2 app with Ansible
 
Docker based Architecture by Denys Serdiuk
Docker based Architecture by Denys SerdiukDocker based Architecture by Denys Serdiuk
Docker based Architecture by Denys Serdiuk
 
OpenStack Summit 2013 Hong Kong - OpenStack and Windows
OpenStack Summit 2013 Hong Kong - OpenStack and WindowsOpenStack Summit 2013 Hong Kong - OpenStack and Windows
OpenStack Summit 2013 Hong Kong - OpenStack and Windows
 
Puppet: From 0 to 100 in 30 minutes
Puppet: From 0 to 100 in 30 minutesPuppet: From 0 to 100 in 30 minutes
Puppet: From 0 to 100 in 30 minutes
 
Puppet control-repo 
to the next level
Puppet control-repo 
to the next levelPuppet control-repo 
to the next level
Puppet control-repo 
to the next level
 
Our Puppet Story (Linuxtag 2014)
Our Puppet Story (Linuxtag 2014)Our Puppet Story (Linuxtag 2014)
Our Puppet Story (Linuxtag 2014)
 
Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)
 

More from Puppet

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyamlPuppet
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)Puppet
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscodePuppet
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twentiesPuppet
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codePuppet
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approachPuppet
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationPuppet
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliancePuppet
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowPuppet
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Puppet
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppetPuppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkPuppet
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping groundPuppet
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy SoftwarePuppet
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User GroupPuppet
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsPuppet
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyPuppet
 

More from Puppet (20)

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyaml
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscode
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance code
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden Windows
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael Pinson
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping ground
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User Group
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOps
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
 

Puppet camp london nov 2014 slides (1)

  • 1. FROM ZERO TO DELIVERY IN A LARGE ENTERPRISE PUPPET CAMP LONDON ALAN SCHWARZENBERGER (Head of Engineering – Tools & Automation) CHRIS SPENCE (All round nice guy) 17th NOVEMBER 2014
  • 2. Outline - Background •Scale –many applications –each application has multiple contributing groups –many data centres around globe –many servers (>10k) •Complexity –many OS image variants –competing solutions from different teams –most products are 24x7 •Organisational tension •Previous failed attempts (not puppet) 2
  • 3. Outline – Why & Aims •Why? –Simplify delivery to decrease cost, effort and time –Improve quality & transparency of change implementation –Standardise the way that change is performed –Introduce common workflows •Aims –Automated deployments & configuration management –Standard open source tools –Replace non-scalable legacy tools –Provide consistency from dev through to production –Modular and loosely coupled –Self service –Single scaled platform 3
  • 4. Outline – Starting point •Previous toolsets –didn't scale, hard to workflow, hard to use •Small pockets of Puppet, Chef, Rundeck etc •Greenfield site for Puppet •Other initiatives informed solution –data aggregator –release management UI •External integrations with other tools using REST api •Workflow implied by overall data model and business structures •Multi-tenant problems 4
  • 5. Design & Architecture •Puppet master solution, with Hiera and External Node Classifier •Resilient, horizontally scaled (mix of DNS, F5, Apache) •MoM, Compilers, Puppet DB, Puppet Dashboard •Directory Environments •Separate artifact distribution with caches around the globe –This could be a talk all on its own! –It turns out distributing things is hard. •Servers modelled in hiera, templated configuration 5 puppetmaster::servers: puppetmaster: upg-dev-moma.amers1.ciscloud servers: compiler1: group: compilers compiler2: group: compilers mom1: group: mom primary: true mom2: group: mom
  • 6. Filling in the missing bits •Hiera at scale •Resilient CA •Handling server-side Ruby •Resilient & scaled PuppetDB •Merging Hiera from multiple contributors into a directory environment •Aggregating puppet code from multiple contributors for one stack •How do you release? –Components and Component Versions –Component Stacks, Component Stack Versions –Deployment Groups 6
  • 7. Filling in the missing bits – Hiera at scale •Don’t put every value into Hiera –consider performance implications –keep values tightly coupled to code in the code •Use for what changes in different builds •Our chosen hierarchy: 7 --- :hierarchy: - "host/%{::fqdn}" - "server_type/%{server_type}/server_environment_class/%{server_environment_class}/deployment_location_code/%{deployment_location_code}" - "server_type/%{server_type}/server_environment_class/%{server_environment_class}" - "server_environment_class/%{server_environment_class}/deployment_location_code/%{deployment_location_code}" - "server_environment_class/%{server_environment_class}/server_environment_class_instance/%{server_environment_class_instance}" - "server_type/%{server_type}" - "deployment_location_code/%{deployment_location_code}" - "server_environment_class/%{server_environment_class}/region/%{region}" - "server_environment_class/%{server_environment_class}" - default :backends: - yaml :yaml: :datadir: "/platform/puppet/hieradata/%{::environment}" :merge_behavior: deeper
  • 8. Filling in the missing bits – Resilient CA •Building a resilient pair of CA servers –Uses the Puppet CA –You can’t just rsync! –CAsync! •Copies certificates •Merges the inventory files •Works out latest CRL –Don’t forget the serial number offset! 8
  • 9. Filling in the missing bits – Server-side Ruby •Server-side ruby is immutable – only one version! –functions, types, providers, core Puppet modules (inc forge modules) –Directory Environments – use basemodulepath for the server-side ruby –Multiple teams must contribute server side ruby to a single place 9
  • 10. Filling in the missing bits – Scaling PuppetDB •PuppetDB with read slaves •Puppetlabs modules with a wrapper class •Set up PostgreSQL write ahead log (WAL) archiving 10
  • 11. Filling in the missing bits – Merge & Aggregate •Merging Hiera from multiple contributors into a directory environment –Hieramerge - deep merge hashes –right to left priority wins •Aggregating puppet code from multiple contributors for one stack –Components, component stacks and deployment groups 11 foo = HieraMerge.new foo.dirs = [ "/base/module/path/hieradata", "/thing/otherthing/1.6.6.6/hieradata", "/thing/penguinthing/1.2.3/hieradata” ] foo.target = "/out/put/hieradata" foo.merge
  • 12. How do you release? •How do you release software? –Components – what we release, e.g. MyWebApp –Component Versions – a point version MyWebApp-1.3.37 •That’s probably pretty normal •But we’re releasing multiple apps at a time from different groups –Component Stacks – MyWebApp + Monitoring –Component Stack Versions – MyWebApp 1.3.37 + Monitoring version 9 12
  • 13. Components •Components –discrete sets of functionality –informed by organisation structures & application responsiblities •Component Versions –a release, published version of a discrete set of functionality –expected to be self contained without external dependencies other than on the base module –consumed into an rpm and become immutable ( Jordan Sissel for FPM) –never deployed on their own unless they are put in a component stack 13 { component: "winning", versionvalidated: "true", componentreleaseversion: "1.3.37", packageurl: "http://gitserver.mcgitserver/project/winning.git" }, { component: "losing", versionvalidated: "false", componentreleaseversion: "6.6.6", packageurl: "http://gitserver.mcgitserver/otherproject/losing.git", versionvalidationerror: "failed to download modules" },
  • 14. Component Stacks & Deployment Groups •Component Stacks –one or more components which together describe the desired overall state of node •Component Stack Version –A release, published version of code, RPM packaged –rpm contains: •the hieradata, merged with hieramerge •an environment.conf •RPM dependencies to component versions –at install time use yum for dependency resolution –reuse of different component versions across stacks –component stack version becomes a Puppet Directory Environment •Deployment Group –nodes that need same component stack version –nodes that will be upgraded together (eg A/B side) –ENC integration – deploymentgroup controls which component stack version a node gets 14 { version: "9.1.1", versionvalidated: "true", componentstackname: "nigel", componentversion: [ { component: { component: "allyourbase", versionvalidated: "true", componentreleaseversion: "22.7”, }, { component: { component: "arebelongtous", versionvalidated: "true", componentreleaseversion: "3.141", }, ], }
  • 15. Build workflow •Jenkins build server in full control –Remove deploy-time dependency on version control system & build server –Enforces immutability at point in time –BYO version control system (gitlab/github/svn) •driven from data in the data layer •we support reading from git directly (r10k) •we support people doing their own thing and giving us an artifact (tar/zip) 15
  • 16. What’s the process? •Workflow –Component version built into rpm –Component versions built into a stack rpm with merged hieradata –Component stacks installed on puppetmasters using puppet –Stateful description of all versions of all apps/states through data layer –Validated/deprecated releases are marked –Data available to puppet master, so we can install and purge stacks using puppet and yum •We are treating Puppet releases as Software releases 16
  • 17. Other interesting things •Standard internal Travis-CI like per repo testing •Self-service development for groups –managed dev master pinned to production release –has own CA, so downstream is independent –no ENC –iterate on published componentstackversions –quick iteration/self-service/pre-publish •Custom reporting events into the data layer 17 begin config = YAML::load_file '.config.yaml' rescue Errno::ENOENT config = {} end command = config['command'] ? config['command'] : 'rake lint && rake syntax' [command].flatten.each do |check| system(check) returnvalue = $? unless returnvalue.exitstatus == 0 exit(1) end end
  • 18. Future and next steps •Adoption – going from 200 to >10000 nodes •Reporting into data layer from PuppetDB for a custom dashboard •Component dependencies because currently hidden/not explicit •User experience of building stacks needs improving •Fully automated acceptance testing –rspec-puppet gives some guarantees •Open sourcing interesting, novel & useful things –casync –hieramerge •Resolving split responsibility between OS and app 18
  • 19. Contact us 19 Alan Schwarzenberger alan.schwarzenberger@thomsonreuters.com Or via LinkedIn Chris Spence github.com/fiddyspence chris.spence@thomsonreuters.com Or via LinkedIn