puppetconf 2016: puppet and ucs: policy-based management all the way down – chris barker, puppet...

Puppet and UCSPolicy Based Management All The Way Down

2

David Soper

Technical Marketing Engineer, Cisco

3

Chris BarkerPrinciPAL Solutions Engineer, Puppet

@mrzarquon

Agenda• razor • ucs • cvds (tying it all together)

Razor Policies: how they workPE: Quick way to get razor

5

Define

6

Boot

7

Discover

8

Puppet

9

Puppet + UCS

Abstracting Workload Deployment

● A node’s role (classification) describes its intended use - the “what”

● E.g., OpenStack Ceph Storage node

● Has shared (security, compliance) and specific (DB) profiles

10

Puppet + UCS

Abstracting Workload Deployment

● So, what infrastructure is needed for my OpenStack Ceph node?

● Use profiles to define logical representations of workloads (filesystem, authentication, etc.)

● Write it once, deploy it anywhere

● Profiles describe resources and policies to apply to those resources - a provider applies policy

11

Puppet + UCS

Abstracting Workload Deployment

● Great, what about the OS and underlying infrastructure? Where do I define that?

● Just another set of profiles and policies: Razor for OS deployment and Cisco UCS for the infrastructure

12

Cisco UCS Profiles and PoliciesThis is how I role

Puppet + UCS

You call that a profile? Now this is a profile.

● Your UCS service profile is just like your other Puppet profiles, but for the underlying infrastructure

● Logical representation of resources (compute/network/storage/etc.)

● Collection of policies to apply

● Did I mention “logical”? Profiles and policies can be changed as needed:

● Need more storage - just update your profile

● Need to change Firmware - just update a policy

14

Puppet + UCS

Cisco UCS: Define it Once and Use it Anywhere

15

Creating workflow

Puppet + UCS

Why Don’t You Just Tell Me the Name of the OS You’d Like to See?

17

Puppet + UCS

Why Don’t You Just Tell Me the Name of the OS You’d Like to See?

18

What is a CVD?Hint: Cisco Validated Design

Puppet + UCS

Focus on the Fun Stuff (Automation)

● Automation is great, but you still have steps to follow

● Back on our Ceph node, what packages (versions), ports, etc. do I need?

● Ok Google, “OpenStack 7”

● Better: Ok Google, “OpenStack 7 CVD”

● Cisco Validated Design with comprehensive deployment instructions

● Cisco put the pieces together, made sure they work, then tells you how to deploy in detail

20

Puppet + UCS

This is Great - and only 351 Pages!

● Time to Automate

● Infrastructure profiles- define once and deploy as needed

● OS profiles - name that role and provision

● Puppet - define once and deploy as needed

21

Demos

Demos

Demos

Configure (hardware) UCS Software defined hardware policy

Configure (software) Razor -> PuppetRazor ID Policy, Hands over to Puppet post OS Deploy

Puppet (Drift Remediation)Ensures desired end state

Questions?

29