Upload File

continuous delivery of puppet manifests

Download Continuous Delivery of Puppet Manifests

If you can't read please download the document

Upload: kris-buytaert

Post on 16-Apr-2017

4.023 views

Category:

Technology


4 download

Report

TRANSCRIPT

Continuous Delivery of Puppet Code, Lessons Learned

Kris Buytaert@krisbuytaert

Kris Buytaert

I used to be a Dev,

Then Became an Op

Chief Trolling Officer and Open Source Consultant @inuits.eu

Everything is an effing DNS Problem

Building Clouds since before the bookstore

Some books, some papers, some blogs

Evangelizing devops

Todays Goals

A reproducable way to deploy and upgrade /etc/puppet

Automatically

Fast

Consistent

Continuously

What's this devops thing anyhow ?

devops

Culture

(Lean)

Automation

Measurement

SharingDamon Edwards and John Willis

Gene Kim

devops ( continuous delilvery

Nirvana

An ecosystem that supports continuous delivery, from infrastructure, data and configuration management to business.Through automation of the build, deployment, and testing process, and improved collaboration between developers, testers, and operations, delivery teams can get changes released in a matter of hours sometimes even minutesno matter what the size of a project or the complexity of its code base.Continuous Delivery , Jez Humble

How many times a day ?

10 @ Flickr

Deployments used to be pain

Nobody dared to deploy a site

Practice makes perfect

Knowing you can vs constantly doing it

" Our job as engineers (and ops, dev-ops, QA, support, everyone in the company actually) is to enable the business goals. We strongly feel that in order to do that you must have the ability to deploy code quickly and safely. Even if the business goals are to deploy strongly QAd code once a month at 3am (its not for us, we push all the time), having a reliable and easy deployment should be non-negotiable." Etsy Blog upon releasing Deployinatorhttp://codeascraft.etsy.com/2010/05/20/quantum-of-deployment/

For years we've tolerated humans to make structural manual changes to the infrastructure our critical applications are running on.Whilst at the same time demanding those critical applications to go through rigid test scenarios.Who let this happen ?

I hate maturity model

So, what did we try already ?

Level -1:Hacking in production

Cd /etc/puppet/manifests

Vi site.pp

Level -1: more production hacking

cd /etc/puppet/manifests

vi site.pp

rsync -av * /etc/puppet

WFM Syndrome

Does not work in teams

Level 0: I use git

ssh puppetmaster

cd /etc/puppet

git init

git add *.pp

git commit -m Initial commit of puppet tree

Level 0.1: I almost understand git

Ssh puppetmaster

Cd /etc/puppet

Git init

Git add *.pp

Git commit Initial commit of puppet tree

Git remote add

Git push

Level 0.2: But

Ssh puppetmaster

Cd /etc/puppet

Git init

Git add *.pp

Git commit Initial commit of puppet tree

Git remote add

Git push

Vi nodes/default.pp

Level 0.2:But

I don't always commit or push my changes

When I do commit I do it as root

Level 0.3:

Development happens locallyPuppetmaster runs git pull in a cronjob=> code modified on puppet master, not pushed=> changes never make it to the platform

Level 0.3: Euh modules

vi modules/apache/manifest/init.pp

Wait, I need to track upstream , How do I isolate my code ?

Git subtrees

Looks nice

Till you want to track upstream

Librarian Puppet

Hides complexity of submodules

Easy if you use Forge ModulesDoes anyone ?

Do you trust the internet to be around

Librarian = Old English for can't use submodules

And hmm... which customer uses which patched version again ?

Librarian Puppet

Insert ugly shell script

Even with this in place .. people can still hack on the PuppetMaster

We all love branches

When they are short lived feature branches

Environment per branch ? How many hosts do you connect per branch ?

Limited number of branches ?

Is R10K faster ?

R10K

But what about Testing ?

You can't do CD without CI

Git Submodules

Basic git,

No extra tools required

Integrates with other (non puppet) projects too

Package all the things

Release artifacts:

A module

A set of manifests

A set of manifests that work with a strict set of modules

Software Release management is not a solved problem

Git Submodules

Release management = main git projectcd modules/blahvi manifest/init.ppgit add manifests/init.ppgit commit -m Fixed bug #313cd ../../git add modules/blahgit commit -m Fixed bug #313git push

Infrastructure as Code

Treat configuration automation as code

Development best practicesModel your infrastructure

Version your cookbooks / manifests

Test your cookbooks/ manifests

Dev/ test /uat / prod for your infra

Model your infrastructure

A working service = automated ( Application Code + Infrastructure Code + Security + Monitoring )

Continuous Integration

Builds

Nightly Builds

Builds with tests

Nightly Builds with tests

Frequent integration

Continuous Integration

Jenkins

Open Source Continuous Integration Server

A zillion plugins (400)

Have developers build stable and deployable code

Test Infra code

Jenkins Pipeline

What's in your Pipeline ?

A pipeline

Checkout code

Syntax

Style

Code Coverage

Tests

Build

More Tests

Package

Syntax and Style

Initially , all code, all the time

Now, only the changed code

Why not in post Commit Hooks ?

Why ops like to package

Packages give you features

Consistency, security, dependencies

Uniquely identify where files come from

Package or cfg-mgmt

Source repo not always available

Firewall / Cloud etc ..

Weird deployment locations , no easy access

Little overhead when you automate

Jordan Sissel is a Hero !

#packaginlove

It's not really packaging

It's an immutable branch

It's a tracable release artefact

https://github.com/vStone/jenkins-puppet-scripts

Tests

Packages full tree in /etc/puppet/environments/$environment/

A pipeline

Checkout code

Syntax

Style

Code Coverage

Tests

Build

More Tests

Package

Upload to Repo

Repository Management

PulpPro : MirroringLove

Con : Mongo, Stability, .deb

PRM ?

https://github.com/ImmobilienScout24/yum-repo-server ?

Repository Management

A pipeline

Checkout code

Syntax

Style

Code Coverage

Tests

Build

More Tests

Package

Upload to Repo

Deploy on Test

mc-package

Repos are SLOW

Createrepo is slow.

Pulp is slow

Bypass repos , upload straight to appropriate PuppetMaster

Upload to repo for rebootstrapping

A pipeline

Checkout code

Syntax

Style

Code Coverage

Tests

Build

More Tests

Package

Upload to Repo

Deploy on Test

Check Puppetruns

Check Icinga

Promote to UAT

Jenkins Promotion

Done ?

Close the feedback loop,

Send metric on deployment

echo "deployed.$package_name 1 `date +%s`" > /dev/tcp//2003

Contact

Kris Buytaert [email protected]

Further Reading@krisbuytaert http://www.krisbuytaert.be/blog/http://www.inuits.be/

Inuits

Duboistraat 502060 AntwerpenBelgium891.514.231

+32 475 961221


Dead Puppet Society Argus Presenter pack - arTour | Home Puppet Society... · by the Dead Puppet Society ... This is not puppet-theatre. It’s a Dead Puppet Society. We create puppet-based,

24 Manifests of Gayatri

Continuous Opportunity: DevOps & Securityblogs.sans.org/appsecstreetfighter/files/2017/08/... · @mr_secure Continuous Opportunity: DevOps & Security 14 Puppet / DORA 2017 State of

Puppet Camp DC: Puppet for Everybody

Puppet Dashboard Manual - Agrarixpub.agrarix.net/OpenSource/Puppet/dashboardmanual.pdf · Puppet Dashboard 1.2 Manual This is the manual for Puppet Dashboard 1.2. Overview Puppet

Puppet Camp Paris 2015: Continuous Integration of Puppet Code (Intermediate)

Write Puppet manifests and modules faster with VIM

Puppet Camp Dallas 2014: Puppet Keynote

Puppet Camp London 2015: Puppet Contained

Puppet Camp DC 2014: Continuous Deployment of Dynamic Environments Using Hiera ENC

Building a deployment pipeline - CloudBees...ruby Developer QA - Jenkins Puppet Servers Puppet Puppet Integration tests Production - Jenkins Puppet Servers Puppet Puppet Trigger MCollective

Continuous security audit automation with Spacewalk ... · PDF fileComputing Department –Vasileios Baousis -2016 Slide 1 Continuous security audit automation with Spacewalk, Puppet,

Building a continuous delivery platform for the biggest spike in e-commerce - Puppet Camp Dublin '12

Contemporary Brazilian Manifests

Puppet Camp Berlin 2014: Advanced Puppet Design

Puppet Keynote: Puppet Camp London

Puppet At Twitter - Puppet Camp Silicon Valley

Puppet Camp Boston 2014: Continuous Integration for Hyper-V with Puppet (Beginner)

Puppet Camp Berlin 2014: Manageable puppet infrastructure

Printable-Puppet-Dinosaurs - Paging Supermom · Triceratops Puppet Stegosaurus Puppet

Closing Keynote: Continuous delivery of Puppet-based infrastructure (Intermediate) - Sam Kottler, Digital Ocean

1 PUPPET AND DSC. INTRODUCTION AND USAGE IN CONTINUOUS DELIVERY PROCESS. VIKTAR VEDMICH PAVEL PESETSKIY AUGUST 1, 2015

DevOps Continuous Deployment - Docker & Puppet

Puppet Camp Paris 2014: Achieving Continuous Delivery and DevOps with Puppet

Boundary for puppet @ puppet conf2012

Puppet Camp Tokyo 2014: Fireballs, ice bats and 1,000,000 plugins: a story of continuous delivery

Clean Manifests with Puppet::Tidy

Epstein Flight Manifests

Puppet Camp Atlanta 2014: Continuous Deployment of Puppet Modules

Configuration Management with PuppetConfiguration Management with Puppet client/server. Puppet client/server Secure communication ... Tool to store manifests data. Different Backends

Puppet Camp Berlin 2015: Puppet Demo (Beginner)

Downloads.puppetlabs.com Puppet Puppet

DDMS®/DDMSPLUS™: Setting Up & Using Delivery Manifests · Up Using Delivery Manifests Setting General Parameters 1. From the Delivery Manifests menu, click General Parameters

Building On Puppet and Puppet Forge

Continuous Delivery of Continuous Delivery · 08/07/2016 · 7/8/2016 Continuous Delivery of Continuous Delivery ... JENKINS PUPPET ... Puppet Docker-Module erzeugt OS-Service