opennebulaconf 2014 - puppet and opennebula - david lutterkort
Post on 14-Jul-2015
168 Views
Preview:
TRANSCRIPT
Presented by
OpenNebula and PuppetDavid Lutterkort Puppet Labs @lutterkort lutter@puppetlabs.com
Presented by
A basic manifestclass webserver {
package { 'httpd': ensure => latest } -> file { '/etc/httpd/conf.d/local.conf': ensure => file, mode => 644, source => 'puppet:///modules/httpd/local.conf', } -> service { 'httpd': ensure => running, enable => true, subscribe => File['/etc/httpd/conf.d/local.conf'], }
}
Presented by
Override via inheritanceclass webserver2 inherits webserver { File['/etc/httpd/conf.d/local.conf'] { source => 'puppet:///modules/httpd/other-local.conf', } }
Presented by
The site-wide manifestnode host1.example.com { class { 'webserver': } } node host2.example.com { class { 'webserver2': } } node host3.example.com { class {'mongodb::server': port => 27018 } }
Presented by
http://www.partialhospitalization.com/2010/08/363/
Presented by
Instance managementec2_instance { 'name-of-instance': ensure => present, region => 'us-east-1', availability_zone => 'us-east-1a', image_id => ‘ami-ttylinux', instance_type => 't1.micro', monitoring => true, key_name => 'name-of-existing-key', security_groups => ['group1', 'group2'], user_data => template('module/user-data.erb') }
Presented by
Certsigner setupMaster • Write autosigning script • Configure autosigning script
Nodes • Put secrets into /etc/puppet/csr_attributes.yaml
ONE Client • Pass secret through Userdata
Presented by
CSR Extension RequestsUUID pp_uuid
Instance ID pp_instance_id
Image Name pp_image_name
Preshared Key pp_preshared_key
Role pp_role (still to come)
Private Private, site-specific attributes
Presented by
Building images• invent ‘fake’ hostnames
<image-name>.images.example.com
• use Puppet at instance launch to ‘personalize’ image
Presented by
Masterless: puppet apply# yum -y install puppet
# git clone https://git.example.org/manifests
# export FACTER_hostname=img1.images.example.com
# puppet apply --modulepath manifests/modules/ \ manifests/site.pp
# rm -rf manifests/
Presented by
Masterless: puppet apply• easy to set up
• leaves no trace on the Puppet master
• no PuppetDB
• no Node Classifier
Presented by
With master: puppet agent• those pesky SSL certificates again
• pregenerate and copy into builder
• certsigner + allow_duplicate_certs on master
• uses full master infrastructure
Presented by
ONE Puppet Moduleone Install ONE Master/Sunstone
onehost Create ONE Host
oneimage Create ONE Image
onetemplate Create ONE template
onevnet Create ONE net
Presented by
Moving pieces
Repo What to install ISO contents
Task How to install Installer scripts
Broker How to manage PE agent install
Tag Where to install Named match rule
Policy Combine it all Ordered table
Presented by
Summary• Puppet forge for module sharing
• puppetlabs-aws module
• mrzarquon’s certsigner
• epost-dev’s opennebula-puppet-module
• Razor for flexible provisioning of hardware
Presented by
Links• http://forge.puppetlabs.com
• puppetlabs/puppetlabs-aws module
• https://github.com/ahpook/mrzarquon-certsigner/tree/eric0_wip
• http://watzmann.net/blog/2014/06/puppet-autosign-policy.html
Presented by
Links (cont’d)• https://github.com/epost-dev/opennebula-puppet-module
• https://github.com/puppetlabs/razor-server
• Puppet Enterprise: http://puppetlabs.com/puppet/puppet-enterprise
top related