puppetizing multitier architecture - puppetconf 2014
DESCRIPTION
Puppetizing Multitier Architecture - Reid Vandewiele, Puppet LabsTRANSCRIPT
2014
presented by
Puppetizing Multi-Tier Architecture Reid Vandewiele Solutions Engineer | Puppet Labs
Monolithic Install Split Install
Monolithic Install Split Install
• Introduction
Multi-Tier Challenges • How to Define • How to Classify • How to Deploy
Agenda
Multi-Tier Challenges • How to Define • How to Classify • How to Deploy
Profiles
class puppet_enterprise ( $interface, ... ) { ## REPRESENT THIS # # # # # # # # # # }
Application Classes class pe ( $puppetdb_port = 8081, ... ) { } class pe::puppet_master ( $puppetdb_port = $pe::puppetdb_host, ... ) inherits pe { ... }
class pe::puppetdb ( $puppetdb_port = $pe::puppetdb_host, ... ) inherits pe { ... }
Application Class class pe ( $puppet_master_host = undef, $puppet_master_port = undef, $puppet_console_host = undef, $puppet_console_port = undef, $puppetdb_database_host = undef, $puppetdb_database_port = undef, $puppetdb_database_name = undef, $puppetdb_database_username = undef, $puppetdb_database_password = undef, ... ) { ...
Application Component Profile class pe::puppet_master ( $certificate_authority_host = $pe::certificate_authority_host, $certificate_authority_port = $pe::certificate_authority_port, $certificate_authority_proxy = true, $puppetdb_host = $pe::puppetdb_host, $puppetdb_port = $pe::puppetdb_port, $console_host = $pe::puppet_console_host, $console_port = $pe::puppet_console_port $reports = undef, $node_terminus = undef, ) inherits pe { ...
• Model the Application
• Dynamism / Elasticity
Accomplished
Not Yet Accomplished
?
Pool_member <<| filter |>> pool_member { 'master_1': } pool_member { 'master_2': }
@@pool_member { 'master_1': }
@@pool_member{ 'master_2': }
storeconfigs
storeconfigs
class pe::load_balancer ( ... ) inherits pe { Pool_member <<| filter |>> ... }
class pe::puppet_master ( ... ) inherits pe { @@pool_member { $::ipaddress: } ... }
clientcert=www1
app_pubkey=
ensure keypair!
clientcert=www1
app_pubkey=abc12
3
ensure keypair!
Multi-Tier Challenges • How to Define • How to Classify • How to Deploy
A collec+on of "things" (objects or numbers, etc). Each member is called an element of the set. There should be only one of each member (all members are unique).
Set
Evaluation Order Matters
class { 'pe': instance_id => 'central'; } class { 'pe::puppet_master': }
class { 'pe::puppet_master': } class { 'pe': instance_id => 'central'; }
• Works
• Breaks
Hiera -‐-‐-‐ :hierarchy: -‐ "clientcert/%{clientcert}" -‐ "app_instance/%{app_instance}" -‐ "env_tier/%{env_tier}" -‐ global :backends: -‐ yaml :yaml: :datadir: "/etc/puppetlabs/puppet/environments/%{environment}/data"
Hiera All Managed Nodes
env_tier=development env_tier=production
appid=prod1 appid=prod2 appid=dev1 appid=dev2
Application Class class pe ( $puppet_master_host = undef, $puppet_master_port = undef, $puppet_console_host = undef, $puppet_console_port = undef, $puppetdb_database_host = undef, $puppetdb_database_port = undef, $puppetdb_database_name = undef, $puppetdb_database_username = undef, $puppetdb_database_password = undef, ... ) { ...
Application Class class pe ( $puppet_master_host = $::puppet_master_host , $puppet_master_port = $::puppet_master_port , $puppet_console_host = $::puppet_console_host, $puppet_console_port = $::puppet_console_port , $puppetdb_database_host = $::puppetdb_database_host, $puppetdb_database_port = $::puppetdb_database_port, $puppetdb_database_name = $::puppetdb_database_name, $puppetdb_database_username = $::puppetdb_database_username, $puppetdb_database_password = $::puppetdb_database_password, ... ) { ...
Multi-Tier Challenges • How to Define • How to Classify • How to Deploy
2 1
Run Puppet!
Run Puppet!
Run Puppet!
Run Puppet!
Run Puppet!
Run Puppet!
1 2 3 4
Multi-Tier Challenges • How to Define • How to Classify • How to Deploy
Puppetizing Multi-Tier Architecture
Anchors class pe ( ... ) { # ANCHORS # When building a complex multi-‐tier model, it is not known up front which # profiles will be deployed to a given node. However, some profiles when # deployed together have dependencies which must be expressed. For example, # the CA must be set up and configured before certificates can be requested. # Therefore the CA must be configured before any certificate-‐requiring # service. Since the profiles cannot express those dependencies directly # against each other, since they may or may not exist in a given node's # catalog, we instead have them express dependencies against common anchors. anchor { 'barrier: pe certificate_authority': } -‐> anchor { 'barrier: pe puppetdb_database': } -‐> anchor { 'barrier: pe puppetdb': } -‐> ...
• Model the app as a class – Most important consideration is the interface
• Assign parameters to app, not just nodes – Complementary to the assignment of classes to nodes
• Take central control of Puppet run schedule – Or else account for eventual consistency
Puppetizing Multi-Tier Architecture
Questions?