@ Bucharest DevOps Hacker Meetup You can never understand configuration management, until you know how to orchestrate it @ Bucharest DevOps Hacker Meetup

About us – Maria Niță Site Reliability Engineer @ Adobe DevOps @ Kalon Software Engineer @ Openshift via Red Hat Developer @ uberVU Faculty of Mathematics & Computer Science, University of Bucharest Member @ ROSEdu Romanian Open Source for Education Coffee & ice cream

About us – Alexandru Stancu Puppet User ~6 years. Site Reliability Engineer @ Adobe Systems Organizer of the Puppet User Group in Bucharest http://www.meetup.com/Bucharest-Puppet-User-Group/ @salecss https://www.linkedin.com/in/alexstancu

Hypothesis Short introduction to Ansible & Puppet Present the (a common) use case and how we manage it What’s that use case? We want: Dynamic Infrastructure, spread geographically on multiple zones (maybe multi-platform) Application configuration Application deployment Reporting Transition from want to have with Ansible & Puppet

Our use case We have a web app on http://demo.mydevops.ro Create an AWS infrastructure: VPC, EC2 instances, ELBs using CNS (Terraform) Configure the fleet – EC2 instances using Puppet Orchestrate the deployment of our web app with 0 downtime with Ansible

Content Ansible Puppet Demo Q&A What’s what? Ecosystem Use case Examples Puppet Language Basics Puppet server and agent setup on AWS Roles and Profiles Demo Q&A

Ansible - ”[…] until you know how to orchestrate it” Maria Niță – Site Reliability Engineer @ Adobe

What’s, what? Ansible - Simple IT Automation1 Open Source SSH ansible-vault SSH keys User & password Multi platform Roles Community Galaxy push ansible-pull shell commands Python, YAML, Jinja Easy to understand Easy to write Easy to debug Open Source SSH Security Extensible

Ecosystem ansible ansible-playbook ansible-vault ansible-galaxy ansible-pull playbook hosts variables roles tasks

Common use case Other Ansible simple push small pull complex

Example

Alexandru Stancu – Site Reliability Engineer @ Adobe Puppet - ” You can never understand configuration management, until you know how to orchestrate it[…]” Alexandru Stancu – Site Reliability Engineer @ Adobe

Puppet Ecosystem Puppet Server Puppet Agent PuppetDB – Used to store reports and Hiera – This is the place where data is stored. Data auto binding is awesome! Foreman – ENC, Reporting and many more. Puppetboard – Web frontend for PuppetDB. Mcollective – a very cool tool

Puppet Language, Modules and more … A module is a collection of classes Written in Ruby Can work in a client-server setup but also in master-less configuration file { ‘/etc/ssh/sshd_config’: ensure => present, source => “puppet:///modules/${module_name}/sshd_config” } A class is a collection of resources service { ‘sshd’: ensure => running, enable => true }

Puppet Agent Setup On AWS Bootstrap Terraform Provision facts puppet module AWS User Data my_module_facts/lib/facter my_ec2_tags.rb iam_account_alias.rb nagios_host.rb aws_region_name.rb my_other_facts.rb vpc_name.rb AWS Instance hostname = my_role = group = other_facts = fact1=val1,fact2=val2 Puppet Agent TAGS IAM instance profile IAM Role IAM Policy: ec2:Describe* AWS SDK INSTANCE METADATA

Puppet Server site.pp : Puppet DB Puppet Server node default { include ::role::${::my_role} } Node Classification Catalog Compilation AWS Instance Reporting Puppet DB Foreman (deactivate ENC function) Puppet Server Hiera config :hierarchy: - “node/%{::certclient}” - “vpc_name/%{::vpc_name}/role/%{::my_role} - “vpc_name/%{::vpc_name}/common” - “role/%{::my_role}” - common

Puppet Roles and Profiles file { ‘/path/to/custom/file’: ensure => present, source => ‘puppet:///modules/${module_name}/my_file’ } Use contain Class Ordering Hiera Resource Types M2 M1 AWS Instance Role M3 Profiles M4 M6 M5 Business Logic Technical Logic

Puppet Roles and Profiles Resource Types M1 M2 M3 Community Modules AWS Instance Role Profiles M4 M7 Site Modules M6 M5 file { ‘/path/to/custom/file’: ensure => present, source => ‘puppet:///modules/${module_name}/my_file’ } Business Logic Technical Logic

Demo

Q&A – Questions and hopefully Answers