Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fedora Infrastructure Puppet Training Mike McGrath Fedora Infrastructure 2008-09-15.

Published byCharlotte Malone Modified over 8 years ago

Similar presentations

Presentation on theme: "Fedora Infrastructure Puppet Training Mike McGrath Fedora Infrastructure 2008-09-15."— Presentation transcript:

1 Fedora Infrastructure Puppet Training Mike McGrath Fedora Infrastructure 2008-09-15

2 Puppet Configuration Management ● Controls what config files end up where ● Package installation, removal ● Service restarts, chkconfig, service X start ● Dep checking (file level, service level, etc)

3 Basic Theory ● Simple provisioning ● Reproducability ● Set once, deploy everywhere ● Auditing ● Automation

4 Key Terms ● Puppetmaster – The primary central configuration server ● Node – Individual hosts ● Manifest – Anything written in 'puppet language' including classes, nodes, etc.

5 Master/Node Model ● Puppetmaster uses key based auth and provides a manifest to the nodes. ● Nodes register with puppetmaster on their first run. These requests are signed with puppetca. ● Nodes check in every 30 minutes to pull any updates. ● The nodes do all the translation of the manifest into a localconfig.yaml ● bitbucket

6 Using Puppet - Language ● Manifest Language Example file { '/etc/ssh/sshd_config': source => 'puppet:///configs/system/sshd_config', mode => 0600, notify => Service['sshd'], require => Package['openssh-server'], }

7 Using Puppet - Packages ● Continuing with ssh example package { openssh-server: ensure => present, } package { telnet-server: ensure => absent, }

8 Using Puppet - Services ● Continuing with ssh example service { sshd: ensure => running, enable => true, require => Package['openssh-server'] }

9 Using Puppet - Classes ● Continuing with ssh example ● Classes tie everything together class ssh-server { file { '/etc/ssh/sshd_config': source => 'puppet:///configs/system/sshd_config', mode => 0600, notify => Service['sshd'], require => Package['openssh-server'], } package { openssh-server: ensure => present, } service { sshd: ensure => running, enable => true, require => Package['openssh-server'] }

10 Quick Review ● File – a resource for configuration and other types of files ● Service – a resource for actual running processes ● Package – a resource for actual package management ● Class – Ties file, service and package types together (as well as other types not yet discussed)

11 Nodes ● Each host is a node ● Nodes should generally not define resources in the actual definition. node { app1: include ssh-server }

12 Server Group Abstraction ● Technique used to group like classes together to create a server or node type ● Uses classes that include other classes ● The basic workflow is: – Node includes servergroup classes – Servergroup classes include worker classes ● Example: class proxyServer { include proxy include ssh-server }

13 Server Group Abstraction (contd) ● The node would include our proxyServer servergroup class ● Example node { proxy1: include proxyServer }

14 Modules ● Defined on a per package basis ● Self contained ● Sharable ● Contain config files, templates, manifests, etc.

15 Module Layout ● modules/modulename/ – files/ – manifests/ ● manifests/init.pp – plugins/ – templates/ – README

16 Module – SSH server ● Lets convert our ssh-server class from earlier into a module. ● Module names should be based on base package name. – openssh, not openssh-server ● Starting out we only need the README, manifests/init.pp and files/ directory

17 Modules - init.pp ● Located in openssh/manifests/init.pp ● Is auto included by puppet ● Slightly different class format: class openssh::sshd { file { '/etc/ssh/sshd_config': source => 'puppet:///openssh/sshd_config', mode => 0600, notify => Service['sshd'], require => Package['openssh-server'], }

18 Modules - Exceptions ● A few exceptions exist to the module naming scheme ● Custom scripts should now go in the 'scripts' module ● Legacy code not yet moved is still in the old manifests/ and configs/ format ● Private repo stuff (passwords and things) can be referenced in modules, but should still be stored in the private repo for security

19 Modules – What's changed ● Specific to Fedora Infrastructure ● We used to have configfile and apachefile – All requisites must be explicit ● All 'source =>' parameters must have puppet:///

20 Advanced Puppet Topics ● Puppet Variables ● Facter ● Basic logic syntax (if, case, arrays) ● Config File templating ● Custom defines

21 Puppet Variables ● Take on formatting similar to php ● $groups='sysadmin-main' ● $tcpPorts = [ 80, 443 ] ● $otherGroups = "$groups foo" ● $otherGroups2 = '$groups foo'

22 Facter ● Seperate application, yum install facter. ● Can be invoked by just running 'facter'. ● Any variable in facter can be referenced by puppet. ● Custom facter recepes can be written. ● Example: hostanme => proxy1

23 Custom Facter Recipes ● Written in Ruby ● Place.rb files on the local machine in /usr/lib/ruby/site_ruby/1.8/facter/your-recipe.rb ● Basic example: Facter.add('variableName') do setcode do "'Variable Value'" end

24 if Logic – Manifest ● Can be used in most parts of a manifest. ● Example: if $proxy_backup { include proxy_backup_data } else { include proxy_live_data }

25 case Logic - Manifest ● Similar to if can be used in most places in a manfiest ● Example: case $architecture { 'i386' : { include i386-host } 'x86_64': { package { electric-avenue: ensure => present }

26 Templating ● Use an ERB templating format ● Converted tags between ● ● Example:

27 Templating – if ● Similar to manifest logic. ● Variable names in ERB do not prepend $ ● Example: ThisIsAProxyHost=True ThisIsAnAppServer=True #This Host Isn't Proxy1 SpecialVar=

28 Using a template ● Place templates in the templates/ directory not files/. ● Append.erb to all filenames, for example httpd.conf.erb ● In the manifest don't use source => 'puppet:///modulename/template.conf' instead use content => template('modulename/templateName.conf.erb')

29 Custom Defines ● Mostly a manifest template used with substitution ● Example is selinux boolians ● allow_httpd_mod_auth_pam ● Normally set with setsebool -P allow_httpd_mod_auth_pam=on ● Normally checked with getsebool allow_httpd_mod_auth_pam

30 Custom Defines - selinux_bool ● We're going to define a selinux_bool type ● $name is passed automatically define selinux_bool($bool) { exec { "/usr/sbin/setsebool -P $name=$bool": unless => "/usr/sbin/getsebool $name | grep -qe $bool$", cwd => '/', } selinux_bool { 'allow_httpd_mod_auth_pam': bool => 'on', }

31 exec ● Should be avoided when possible ● Can be 'notify =>'ed exec { 'fix_sendmail': command => '/etc/init.d/sendmail stop; /bin/rpm -e sendmail; /etc/init.d/postfix restart', onlyif => '/usr/bin/pgrep sendmail', cwd => '/', }

32 Common tasks - Directory ● Create a directory ● Does not auto create parent directories ● Example: file { ['/srv/web', '/srv/web/cache']: ensure => directory } ● Could not require => File['/srv'] ● Also cannot require => File['/srv/web/'] ● Could require => File['/srv/web']

33 Common Tasks - restart ● Using httpd as an example ● Service httpd restart is the default ● Graceful is more graceful, includes configtest service { httpd: ensure => true, enable => true, restart => '/etc/init.d/httpd graceful' }

34 Git workflow ● Git manages modules, configs and manfiests ● Emails get sent on every git push ● Hook syncs git HEAD with what puppetmaster actually uses ● Test new configs with puppetd -t --noop

35 The End ● Questions? - mmcgrath@redhat.com ● See reductivelabs.com for more info ● Thank you

Download ppt "Fedora Infrastructure Puppet Training Mike McGrath Fedora Infrastructure 2008-09-15."

Similar presentations

How to Deploy a Cloud Based Webserver in 5 minutes.

How to Deploy a Cloud Based Webserver in 5 minutes.
About Me CTO, Individual Digital, Inc. (Startup) Author of ext/tidy, PHP 5 Unleashed, Zend Ent. PHP Patterns

About Me CTO, Individual Digital, Inc. (Startup) Author of ext/tidy, PHP 5 Unleashed, Zend Ent. PHP Patterns
MODULE 3: OS & APP LAYERS. Agenda Preparing and importing a gold image Creating and understanding Install Machines Creating basic Application layers Understanding.

MODULE 3: OS & APP LAYERS. Agenda Preparing and importing a gold image Creating and understanding Install Machines Creating basic Application layers Understanding.
Puppet for GENI Experiments

Puppet for GENI Experiments
Week 6: Chapter 6 Agenda Automation of SQL Server tasks using: SQL Server Agent Scheduling Scripting Technologies.

Week 6: Chapter 6 Agenda Automation of SQL Server tasks using: SQL Server Agent Scheduling Scripting Technologies.
Chapter Apache Installation in Linux- Mandrake. Acknowledgment The following information has been obtained directly from www.mandrake.com www.mandrake.com.

Chapter Apache Installation in Linux- Mandrake. Acknowledgment The following information has been obtained directly from
Installing Apache There are several ways to install the Apache web server – in CIT 370, you probably installed it from the CentOS CD-ROM although in fact,

Installing Apache There are several ways to install the Apache web server – in CIT 370, you probably installed it from the CentOS CD-ROM although in fact,
#RefreshCache CI - Daily Builds w/Jenkins – an Open Source Continuous Integration Server Nick Airdo Community Developer Advocate Central Christian Church.

#RefreshCache CI - Daily Builds w/Jenkins – an Open Source Continuous Integration Server Nick Airdo Community Developer Advocate Central Christian Church.
Getting Started with GIT. Basic Navigation cd means change directory cd.. moves you up a level cd dir_name moves you to the folder named dir_name A dot.

Getting Started with GIT. Basic Navigation cd means change directory cd.. moves you up a level cd dir_name moves you to the folder named dir_name A dot.
Web Server Configuration Alokes Chattopadhyay Computer & Informatics Centre IIT Kharagpur.

Web Server Configuration Alokes Chattopadhyay Computer & Informatics Centre IIT Kharagpur.
Getting to Push Button Deploys Moovweb January 19, 2012.

Getting to Push Button Deploys Moovweb January 19, 2012.
Chapter 2 Applying Practical Automation Speaker : Chuang-Hung Shih Date : 2010.3.09.

Chapter 2 Applying Practical Automation Speaker : Chuang-Hung Shih Date :
Puppetize It! An Introduction to Puppet Mike Seda CEO, Seda Systems, Inc.

Puppetize It! An Introduction to Puppet Mike Seda CEO, Seda Systems, Inc.
AI project components: Facter and Hiera

AI project components: Facter and Hiera
MSc. Miriel Martín Mesa, DIC, UCLV. The idea Installing a High Performance Cluster in the UCLV, using professional servers with open source operating.

MSc. Miriel Martín Mesa, DIC, UCLV. The idea Installing a High Performance Cluster in the UCLV, using professional servers with open source operating.
The Art and Zen of Managing Nagios with Puppet Michael Merideth - VictorOps

The Art and Zen of Managing Nagios with Puppet Michael Merideth - VictorOps
…using Git/Tortoise Git

…using Git/Tortoise Git
CERN IT Department CH-1211 Genève 23 Switzerland t Experiences running a production Puppet Ben Jones HEPiX Bologna Spring.

CERN IT Department CH-1211 Genève 23 Switzerland t Experiences running a production Puppet Ben Jones HEPiX Bologna Spring.
An Intro to Concurrent Versions System (CVS) ECE 417/617: Elements of Software Engineering Stan Birchfield Clemson University.

An Intro to Concurrent Versions System (CVS) ECE 417/617: Elements of Software Engineering Stan Birchfield Clemson University.
Topics Sending an email Multipart message Storing images Getting confirmation Session tracking using PHP Graphics Input Validators Cookies.

Topics Sending an Multipart message Storing images Getting confirmation Session tracking using PHP Graphics Input Validators Cookies.

Similar presentations

Ads by Google