Bootstrapping Puppet and Application Deployment - PuppetConf 2013
-
Upload
puppet-labs -
Category
Technology
-
view
8.831 -
download
3
description
Transcript of Bootstrapping Puppet and Application Deployment - PuppetConf 2013
![Page 1: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/1.jpg)
Bootstrapping Puppet & Applica3on Deployment
PuppetConf ‘13 August 22, 2013
Presented by: Robert de Macedo Soares Application Security Engineer Business Wire [email protected] @argher
#puppetconf
![Page 2: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/2.jpg)
Purpose of Puppet
• What problems are we trying to solve? • RemediaBon or improvement? • Are our exisBng servers a mess? • What are our plaDorms?
![Page 3: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/3.jpg)
Scenario – Best Case
• Servers are new • Servers are uniform • No fixes needed • Everyone on the same page • One operaBng system
Idealis)c
![Page 4: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/4.jpg)
Scenario -‐ Reality
• No baseline configuraBon • Inconsistent management pracBces • Many fixes required • Teams have differing requirements • MulBple operaBng systems
Realis)c
![Page 5: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/5.jpg)
Divergent Needs
Developers • Need deployment soluBon • Idempotence
System Administrators • System ConfiguraBon • Password & User Management
![Page 6: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/6.jpg)
Divergent Needs (cont.)
Security & Management • Host-‐based firewall management • Auditability • Compliance • ReporBng
![Page 7: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/7.jpg)
Divergent Opera3ng Systems
• Linux – Different DistribuBons (RedHat, Debian, etc.)
• Windows – Different GeneraBons
• UNIX – Solaris? HP-‐UX?
![Page 8: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/8.jpg)
Decision Time
• Right tool for the job – Puppet Enterprise vs. Open Source
• Test before commi\ng • Older or uncommon operaBng systems?
– Puppet Enterprise simplifies deployment
• <=10 servers? – Puppet Enterprise is free for 10 servers
![Page 9: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/9.jpg)
Open Source – Why?
• Free • Valuable user community • Foreman
– Complex but powerful
• Free
![Page 10: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/10.jpg)
Puppet Enterprise – Why?
• Integrated Dashboard – Auditability / ReporBng – Server status at a glance – MCollecBve integraBon (Live Management)
• Prebuilt Solaris and Linux packages • Support!
– DownBme more expensive than licenses
![Page 11: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/11.jpg)
Bootstrapping Puppet
![Page 12: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/12.jpg)
Infrastructure Deployment
• What’s our architecture? – How many Bers? – How many Puppet masters? – ReplicaBon?
• AutomaBon tool
![Page 13: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/13.jpg)
Suggested Architecture
• Master per Ber • ReplicaBon in producBon
– Nice to have • Lab master and clients for experimentaBon
– Cover your OS types • Source control for manifests
![Page 14: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/14.jpg)
Tiered Infrastructure
• Two Bers minimum – Dev – ProducBon
• More Bers beneficial – Test / QA Ber exposes problems before prod
![Page 15: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/15.jpg)
Introduc3on to Automa3on
• What is an automaBon tool? • Why use one? • Which tool is best?
– Fabric, Capistrano, etc.
![Page 16: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/16.jpg)
Example: Fabric
• __init__.py import fab_puppet_deploy
• Fab_puppet_deploy.py – Remember to set env.hosts from fabric.api import * @task(default=True) def deploy_puppet(Ber=“dev”,uninstall=False):
![Page 17: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/17.jpg)
Automa3ng the Install
• Proper tools invaluable – Fabric, Capistrano, etc.
• Use answers files • Expect unexpected problems
– No sudo?
![Page 18: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/18.jpg)
Automa3ng the Install (cont.)
• Example answers file q_fail_on_unsuccessful_master_lookup=y q_install=y q_puppet_cloud_install=n q_puppet_enterpriseconsole_install=n q_puppet_symlinks_install=y q_puppetagent_install=y q_puppetagent_server=puppet.dev.example.com q_puppetca_install=n q_puppetmaster_install=n q_vendor_packages_install=n
![Page 19: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/19.jpg)
v
Applica3on Deployment
![Page 20: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/20.jpg)
Overview
• Source control integraBon • BASH scripts – easy and powerful • Leverage rake API
![Page 21: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/21.jpg)
Early Approach
• Deploy task file – Text, lists packages to deploy and tagged version
• Update Puppet groups – BASH, rake commands to alter classes / groups
• Update nodes in (Ber) – BASH, rake commands to alter node membership
![Page 22: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/22.jpg)
Source Control Workflow
• Update module -‐> new tag – Don’t deploy from trunk!
• Update deploy task file • Check out deploy task file
– svn co hop://repo.example.com/puppet/deployfile
• Helper script – Deploys new modules over old
![Page 23: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/23.jpg)
Introduc3on to Rake
• Build tool – Similar to make and Ant
• Rakefiles are Makefiles – Standard Ruby syntax
• Can create mulB-‐or-‐single-‐use tasks – Namespace:task
![Page 24: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/24.jpg)
Rake Tips
• Read API documentaBon – hop://docs.puppetlabs.com/pe/latest/console_rake_api.html
• Rake command prefix – rake -‐f /opt/puppet/share/puppet-‐dashboard/Rakefile
• Set RAILS_ENV to producBon – ~/.bashrc or in script
![Page 25: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/25.jpg)
Update Puppet Groups # Env to run Ruby in export RAILS_ENV=producBon # Create Classes rake -‐f /opt/puppet/share/puppet-‐dashboard/Rakefile nodeclass:add name=users::permissions rake -‐f /opt/puppet/share/puppet-‐dashboard/Rakefile nodeclass:add name=packages::provisioner
![Page 26: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/26.jpg)
Update Puppet Groups (cont.) # Create Groups rake -‐f /opt/puppet/share/puppet-‐dashboard/Rakefile nodegroup:add name=provisioner # Assign Classes to Groups rake -‐f /opt/puppet/share/puppet-‐dashboard/Rakefile nodegroup:addclass name=provisioner class=users::permissions rake -‐f /opt/puppet/share/puppet-‐dashboard/Rakefile nodegroup:addclass name=provisioner class=packages::provisioner
![Page 27: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/27.jpg)
Update Nodes # Env to run Ruby in export RAILS_ENV=producBon # Assign nodes to groups rake -‐f /opt/puppet/share/puppet-‐dashboard/Rakefile node:groups name=pro1.example.com groups=default,provisioner rake -‐f /opt/puppet/share/puppet-‐dashboard/Rakefile node:groups name=pro2.example.com groups=default,provisioner,extragroup
![Page 28: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/28.jpg)
Rough Spots
• Group list must be *complete* – Rake will recreate the group list for a node – No incremental addiBon possible
• Directory ownership – peadmin / puppet-‐dashboard or custom user
• Rake API can be improved – Nested groups only Puppet Enterprise 3.0+
![Page 29: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/29.jpg)
Rough Spots (cont.)
• Access Control – No way to limit individual commands
• TargeBng – Custom facts and hiera recommended
![Page 30: Bootstrapping Puppet and Application Deployment - PuppetConf 2013](https://reader034.fdocuments.net/reader034/viewer/2022042714/55502cabb4c905de2d8b4c2c/html5/thumbnails/30.jpg)
Next Steps
• Easy tasks first • Etc_facts plugin • Hiera is useful • Package repository
Thanks for joining!