eclipse con 2012 - frictionless operations with puppet - luke kanies

Luke KaniesFounder of Puppet

Founder and CEO, Puppet Labs

Frictionless Operationswith Puppet

Tuesday, April 10, 12

The IT Situation


Absolutely critical


Gatekeepers


Bad tools


Calcification


DevOps


2001: Agile Manifesto


Individuals and interactions over

processes and tools


Working software over comprehensive documentation


Customer collaboration over contract negotiation


Responding to change over following a plan


Dev: On time, under budget, wrong product

http://diykenya.files.wordpress.com/2010/08/tire_swing.gif




Ops: Secure, stable, 18 months to deploy


Process exists for a reason

http://t0.gstatic.com/images?q=tbn:ANd9GcQHJKV3omm4ov_CU7CJovofE_QGi9xsg_vPz1QHZlKXmlYtt2bB-Q




Confidence through Tooling

http://www.mdpretech.com/images/Products/Precision%20Tooling%20for%20IC%20mold%20and%20Plastic%20mold.jpg




Cloud Computing

http://t2.gstatic.com/images?q=tbn:ANd9GcRSjOE5BJr_A2IvmjZk1tCj7LU_qENIb58MuGqQWxU2DGqETHz-




Scale


Agility


Big Data


Self-service


Puppet


Puppet Users

Scaled from 0 to over 10,000 serversin 2 months without training

287 servers per SysAdminvs. 19 for BMC BladeLogic

Over 50,000 systemsmanaged by Puppet

Deploy 1,800 machines in 2 hoursvs. 25 machines per day with HP Opsware

Financial Entertainment Technology Defense Web

InvestorsMobile PhoneCompany


Plenty of others


Built for the user


Great Design

http://www.encorbio.com/Album/pages/ChkNFH-neuron1.htm




ConfigurationPlatform


Fear

Embarrassment

SSH


More great sysadmins

Programmers Sysadmins

5000 Assembly Scripts

Millions Ruby, Java, PHP, C ?


Fully Automated Infrastructure

Asynchronous Management

Centralized Management

Good tools

Flatten the climb

Investment

Awes

omen

ess


Why use Puppet?


96% of outages are human error

Stability


1000 nodes x 10s command = no pub

Agility


Air-gapLeast Privilege

Untrusted clients

Security


Auditability


Golden image?

Image from http://www.flickr.com/photos/fungep/2516767121/sizes/l_


http://flickr.com/photos/silvaazniv/291994432/


Puppet: A brief introduction


A language for configuration specification


http://luke.kanies.com/presentations/lca08_puppet/output/service.html


Resource Abstraction Layercomputercronfilegrouphostinterfacek5loginmailaliasmaillistmcxmount

packageportresourcesrouterservicesshkeystageuservcsrepovlanyumrepo


Cross Platform

Fedora

Debian

Ubuntu

CentOS

SuSE

Red HatOS X

AIX

HP-UX

OpenBSD

FreeBSD

Solaris

Windows

Cisco

F5


Workflow Define: With Puppet's declarative language you design a graph of relationships between resources within reusable modules. These modules define your infrastructure in its desired state.

1

Simulate: With this resource graph, Puppet is unique in its ability to simulate deployments, enabling you to test changes without disruption to your infrastructure.

2

Enforce: Puppet compares your system to the desired state as you define it, and automatically enforces it to the desired state ensuring your system is in compliance.

3

Report: Puppet Dashboard reports track relationships between components and all changes, allowing you to keep up with security and compliance mandates. And with the open API you can integrate Puppet with third party monitoring tools.

4

DESIREDSTATE

CURRENTSTATE

ITER

ATE

AN

D IN

CREA

SE C

OVERAGE


Change Propagation

FactsThe node sends normalized data about itself to the Puppet Master.

1

CatalogPuppet uses the Facts tocompile a Catalog thatspecifies how the nodeshould be configured.

2

Report3XSSHW·V�RSHQ�$3,�can also send data to third party tools.

4

ReportThe node reports back to Puppet indicating the configuration is complete, which is visible in the Puppet Dashboard.

3

Report Collector(Puppet or 3rd party tool)

Node

PuppetMaster

SSL secure encryption on all data transport


domain => localfacterversion => 1.5.8fqdn => sliver.localhardwaremodel => i386hostname => sliverinterfaces => lo0,gif0,stf0,en0,en1,fw0,vmnet1,vboxnet0ipaddress => 192.168.174.1ipaddress_lo0 => 127.0.0.1ipaddress_vmnet1 => 192.168.174.1kernel => Darwinkernelmajversion => 10.6kernelrelease => 10.6.0macosx_productname => Mac OS Xmacosx_productversion => 10.6.6netmask => 255.255.255.0netmask_lo0 => 255.0.0.0netmask_vmnet1 => 255.255.255.0network_lo0 => 127.0.0.0network_vmnet1 => 192.168.174.0operatingsystem => Darwinoperatingsystemrelease => 10.6.0path => /opt/local/bin:/opt/local/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/binps => ps auxwwwpuppetversion => 2.6.4rubysitedir => /opt/local/lib/ruby/site_ruby/1.8timezone => PSTuptime => 1 dayrubyversion => 1.8.7sp_bus_speed => 1.07 GHz

Automatic Inventory


Centralized, Serverless, or Hybrid

MCollectivehandlesorchestration

Puppet Master

Puppet Dashboard 3rd Party SystemsPuppet Module Forge

Modules

Puppet AgentFacter

NODE

Puppet AgentFacter

NODE

Puppet AgentFacter

NODE

Data


Scales like HTTPS

2 known 50k node sites

Multiple 30k node sites

Tens of 3k node sites


Built as a platform


Model-based hackability

•Hosts•Inventory data• IP, hostname, platform, etc.

•Resource lists•Resource dependencies•Change events


Puppet Faces

cacatalogcertificatecertificate_requestcertificate_revocation_listconfigfactsfilehelp

keymannodeparserpluginreportresourceresource_typestatus


MCollective: Infrastructure message

bus


Puppet Forge301 modules


How to use Puppet


Seek the pain

Image from http://www.flickr.com/photos/pagedooley/2147718252/sizes/l/Tuesday, April 10, 12



Solve the simple problems


Add the infrastructure features you always

wanted


Think like Puppet thinks

•Resources, not text snippets or lines added to files•What resources are you managing?•How are they related to each other?


Replace Shell Scripts with Resources

Becomes:

This:


Relationships matter but are often implicit

Package

Service

Service should restart whenconfiguration changes

Configuration

Configuration should get modifed after package installation


Explicit Relationships











































































Relationships provide ordering and notification

"Exec[createrepo-PM-RHEL5-noarch]"

"Yumrepo[PM-RHEL5-x86_64]"

"Yumrepo[PM-RHEL5-noarch]"

"Package[postgresql-server]"

"Package[thttpd]"

"File[/var/www/thttpd/html/yum-PM-RHEL5-noarch]""File[/var/www/thttpd/html/yum-PM-RHEL5-x86_64]"

"Exec[rsync-rpmdir-PM-RHEL5-x86_64]"

"Exec[createrepo-PM-RHEL5-x86_64]"

"Postgres::Role[puppet]"

"Exec[rsync-rpmdir-PM-RHEL5-noarch]"


Classes document Intent


Organize files into modules


Provide platform abstraction

Debian

Red Hat


Portability and Naming


http://luke.kanies.com/presentations/oscon_2007/output/file.html



















































































































































Roles


Puppet Enterprise


Detail of node status to pinpoint specific issues

High-‐level status of nodes for instant

visibility

Time-‐based display for insight into rate of

change

Reporting


Cloud Provisioning

VMware

Amazon AWS

OpenStack


Choose nodes to clone to ensure consistency

Preview the impact before you clone

nodes

Browse for managed nodes in your infrastructure

Resource Browsing


Accept or reject changes to update

your baseline

See specific differences between node configurations

Compliance


Find out the status of each node group and its last Puppet run

Orchestration


Resources currently under Puppet management

Current set of managed nodes

Orchestration


2.5 Released today

•Windows support•Puppet Forge integration•Puppet Data Library


Summary


IT is critical but needs to improve


DevOps is bringing change


The Cloud is Coming





Puppet gets you there


Questions?


Give Feedback on the Sessions

1 Sign In: www.eclipsecon.org

2 Select Session Evaluate

3 Vote


eclipse con 2012 - frictionless operations with puppet - luke kanies

Technology

puppet labstuesday

use puppet

puppet usersmobile phonedeploy

party tools

desired state

party toolreportcan

graph of relationships

resourcetrack relationships