How to open source your Puppet configuration 23 September 2014 Elizabeth K. Joseph Automation & Tools Engineer @ HP lyz@princessleia.com @pleia2
Elizabeth K. Joseph Linux hobbyist since 2002 Professional systems administrator since 2006 Contributor to Ubuntu, Debian and OpenStack projects But perhaps most importantly... Elizabeth K. Joseph @pleia2
OpenStack Infrastructure We have open sourced our infrastructure! Lots of projects, including ones for configuration available via: https://git.openstack.org/cgit/openstack-infra Elizabeth K. Joseph @pleia2
How this came about Puppet show, featuring: Monty Taylor (stick puppet) James E. Blair (stick puppet) How this came about Elizabeth K. Joseph @pleia2
Why? Examples are awesome (I don't want to spend all week figuring out how to use your puppet module) Elizabeth K. Joseph @pleia2
Why? Encourages better practices (our upgrade to Puppet 3 was not so painful) Elizabeth K. Joseph @pleia2
Allows others in your organization to suggest changes Why? Allows others in your organization to suggest changes Elizabeth K. Joseph @pleia2
Why? Sharing is nice Elizabeth K. Joseph @pleia2
OK, so how? Prepare policies Segregate code Document Share! Elizabeth K. Joseph @pleia2
Have an open source policy All software used in your infrastructure is Open Source ...if not, segregate out proprietary Elizabeth K. Joseph @pleia2
Licenses! Add a license to your configuration files :) Seriously. This is important. Don't make me email you to ask the license of your config. I run into unlicensed Puppet configurations far too often, unlicensed means I need to email the author, who usually says it's fine for me to use it. Save us both an email. For OpenStack we license everything as Apache license because they are used by a lot of companies, so permissive licenses were a community decision Elizabeth K. Joseph @pleia2
Puppet: Step 1 Leverage existing modules or write your own with the intent of sharing Apache MySQL Reviewday Keep these outside your generic configuration tree (You're already doing this, right?) It's pretty common practice to share basic modules, so you should probably be doing this anyway. Examples again. Sometimes there is a variable that says “ssh key” and then I have to figure out whether that's the contents of the key or the file, and public or private, client or server... my brain likes examples Reviewday is a Python script we use for generating review statistics for projects tracked in OpenStack. Maybe someone else will want to use it! Elizabeth K. Joseph @pleia2
Puppet: Step 2 Split out: system configuration project configuration This makes it easier to consume by others Elizabeth K. Joseph @pleia2
Puppet: Step 3 Split out non-sensitive custom configurations into your own module (Parameterized classes and variables are your friends!) In our configuration we have a separate openstack_project module in our modules directory that has our files (custom CSS, logos) and server manifests Don't put sensitive stuff here. Elizabeth K. Joseph @pleia2
Puppet: Step 4 Use Hiera for sensitive data (Hiera is my favorite thing ever (except for when it's not)) YAML key/value lookup for configuration data Put email addresses in here too (they may not seem sensitive until someone downloads your configuration and runs it without reading it) Elizabeth K. Joseph @pleia2
Puppet: Step 5 Set up PuppetBoard Allows people in your org/community to see status without bugging folks with shell access YAML key/value lookup for configuration data Put email addresses in here too (they may not seem sensitive until someone downloads your configuration and runs it without reading it) Elizabeth K. Joseph @pleia2
Document Links to source Work flow for using the configuration Contribution instructions Direct commits/reviews Bug reports Bootstrapping and glue Elizabeth K. Joseph @pleia2
(Oh, and make sure you have a license) Share! (Oh, and make sure you have a license) Elizabeth K. Joseph @pleia2
Who else has open source Puppet? Debian: https://dsa.debian.org/ Mozilla: https://wiki.mozilla.org/ReleaseEngineering/PuppetAgain Jenkins: http://jenkins-ci.org/content/come-join-infra-team Elizabeth K. Joseph @pleia2
Resources OpenStack Project Infrastructure docs: http://ci.openstack.org/ OpenStack Infrastructure repository: https://git.openstack.org/cgit/openstack-infra/ OpenStack specs for when we split out some of our configs: http://specs.openstack.org/openstack-infra/infra- specs/specs/config-repo-split.html http://specs.openstack.org/openstack-infra/infra- specs/specs/puppet-modules.html Elizabeth K. Joseph @pleia2