Download - Puppet Camp DC: Puppet for Everybody
Puppet for Everybody!Federated and Hierarchical
Puppet Enterprise
Chris Bowles, Senior Systems Administrator
University of Texas at Austin
Everybody? Absolutely!• Development• Operations• Management
source: http://goo.gl/Mjr0dy
Continuum of Expertise
Novice• Puppet Console• Variables
Medium• Hiera
Expert• Code
Puppet as a Service
UT Puppet API
(standards, culture)
Code/DataFederation
Puppet Enterprise
HierarchicalConfigs
Centrally Managed / Maintained
Puppet as as Service
DB groupWeb group
Foogroup
Standard Puppet API
Puppet Console Configured Server!
Class
ConsoleVariable(string)
Hiera Variable(complex)
Shared culture
Hierarchical Configurations
Node-level
Business Group(s)
Defaults Enterprise
Database
Node
Web
• Shared area = business logic
• All configs in groups
• Plug and play
Federation (of control)• United States of Puppet
mysql
oracle
Enforce Broad configs
at “Federal Level”
Set specific configs at
“State Level”
source: http://goo.gl/22neR7
Puppet as a Service (at UT)
• Code or contentApps
• i.e. ApacheServices• secure• standardized• configurableBASE
Roles / Profiles
Building Blocks
source: http://goo.gl/CHwab0
Puppet Console components• Classes
• Variables
• Group(s)
• Nodes
ssh
$::ssh_listenport
Database
dbserver-01
Puppet Console Group Nesting!
source: http://goo.gl/tUdl5U
Class Inheritance (immutable)
BASE group assigns: ssh
FOO group inherits: ssh assigns: syslog
nodeInherits: ssh, syslog
Variable Inheritance (child wins)
Base groupssh_listenport = 22
Foo groupssh_listenport = 72
node1ssh_listenport = 72
Foo2 groupssh_listenport = 99
node2ssh_listenport = 99
All together now!
source: http://goo.gl/K91CJA
BASE group
Classes: ssh
Variable:
ssh_listenport => 22
DB group
Classes: mysql
Variables: ssh_listenport => 99
db-server (node)
Classes: ssh , mysql
Variables:
ssh_port => 99 (from DB group)
Classes: additive
VariablesClosest to the node wins
ENC node: RSOP
Mysql class from DB group)
Ssh class from ALL group
Ssh_port override from DB group (2222)
List of all the groups that the node belongs to.
Hierarchy is implied via the Source attr. See ALL group.
Puppet Console:Building a federated hierarchy
Subgroup
Group
Top BASE
group_foo
sub_bar
group_db
sub_mysql sub_oracle
What’s in a name?
Puppet Console will display: (alphabetical)• BASE• group_db• group_foo• subgroup_bar• subgroup_mysql• subgroup_oracle
A Little more about Console Variables…
class
Console variable
Config
Console Variables =top level Variables ($::foo)• init.pp
• params.pp
One more level: Hiera
source: http://goo.gl/3tfaVi
Hiera: used for complex variables
key: value
key2: value2
• Arrays • Hashes
source: http://goo.gl/ge45I1
Hiera:Building a federated hierarchy
Subgroup
Group
Top BASE
group_foo
sub_bar
group_db
sub_mysql sub_oracle
Creating hiera directory-based hierarchieswith console variables
Subgroup(s)• ./$group/$sub
Group(s)• ./$group/
Top• ./
(no variable)
$group
$sub
Broadto
Specific
Hiera.yaml – rubber, meet road
Top• ./common.yaml
Group(s)• ./$group/
common.yaml
Subgroup(s)• ./$group/$sub/
common.yaml‘%{group}/%{sub}/common’
‘%{group}/common’
‘common’
SpecificTo
Broad
Console Groups map to HieraNested Console Groups
Variables(above the waterline)
Hiera(below the waterline)
BASE(no variable required)
Foogroup = foo
Barsub = bar
./
./foo/
./foo/bar/
Putting it together!
Nested Console GroupVariable
Hiera (files based on hiera.yaml)
DBgroup = db
MySQLsub = mysql
./db/
./db/mysql/
mysql nodedept=db, svc= mysql
BASE(no variables) ./
Hiera search path for mysql node:1. ./common.yaml2. ./db/common.yaml3. ./db/mysql/common.yaml
Advanced Hiera Usage• “This data is exactly what I need… almost”• firewall, sudoers• +1
• Check out: – hiera_hash – hiera_array
Code/Data Federation
Puppet Classes/Data
Subgroup source
Groupsource
BASEsource
Code Federation
puppet.conf
modulepath=
/opt/puppet/modules/base:
/opt/puppet/modules/group:
/opt/puppet/modules/sub:
BASE Repo
Group Repo
Subgroup Repo
VCSREPO
Data Federation (via VCSREPO)
• ./hieradata/ =
./common.yaml
./$group/common.yaml
./$group/$sub/common.yaml
BASERepo
groupRepo
subgroupRepo
VCSREPO
Puppet Class Namespaces• Namespaces prevent class collisions• ${group}_name• Examples:
– base_ssh– db_ssh– mysql_ssh
A peek into the future…
source: http://goo.gl/9GwKyQ
Git Workflow• Instead of this… • 1 git repo / module
Core SVN repo(modules)
Group SVN repo(modules)
Head (production) branch
Non-production branches (created as needed)
CI/CD• r10k push deployments (faster!)• Puppet Environments defined by code (Puppetfile)• Automated Testing
Git repos
r10k
Puppet
Takeaways!• “Puppet as a Service” – Can provide
hierarchical/federated configuration management as a service by building on top of Puppet Enterprise
• Hierarchical Configs: building blocks that match organizational structure, plug and play
• Federation: Empowering users at all levels of the enterprise
Thanks! Any Questions?• Note: slide deck available from PuppetLabs
• Contact information:– Chris Bowles
• Email: [email protected]