Слайд 1 
Слайд 2 
Слайд 3 
Слайд 4 
Слайд 5 
Слайд 6 
Слайд 7 
Слайд 8 
Слайд 9 
Слайд 10 
Слайд 11 
Слайд 12 
Слайд 13 
Слайд 14 
Слайд 15 
Слайд 16 
Слайд 17 
Слайд 18 
Слайд 19 
Слайд 20 
Слайд 21 
Слайд 22 
Слайд 23 
Слайд 24 
Слайд 25 
Слайд 26 
Слайд 27 
Слайд 28 
Слайд 29 
Слайд 30 
Слайд 31 
Слайд 32 
Слайд 33 
Слайд 34 
Слайд 35 
Слайд 36 
Слайд 37 
Слайд 38 
Слайд 39 
Слайд 40 
Слайд 41 
Слайд 42 
Слайд 43
1: PUPPET – configuration management tool
2: CONTENT
3: PART I GETTING STARTED
4: Typical Sysadmin Job
5: WHO HELPS US
6: What is PUPPET ? configuration management tool open source Ruby-based system relying upon client-server model used to manage throughout lifecycle IT systems:
7: PUPPETS BENEFITS Large developer base Optimized and easier configuration language Better documentation Abstracted from underlying OS (more platform support) Easily scalable and customizable Large installed base (Google, Siemens, Red Hat, Cisco)
8: PART II PUPPET INSIDE
9: Puppet MODEL
10: PUPPET DEPLOYMENT MODEL Master - store & compile configs Agent - pull configuration from master
11: PUPPET DEPLOYMENT MODEL (comparison) better security advanced management authorization centralized execution - huge load on server - single point of failure
12: Architecture of Puppet compile on server
13: Main components of Puppet system Server daemon: puppet master ( uses WEBrick web server) run as puppet user can force client to pull new configs – puppet kick Client daemon: puppet agent run as root (pulling server every 30min defaults or from cron) Both have configuration file puppet. conf
14: Main components of Puppet system (continued) Puppets Certificate Authority: puppet ca, cert SSL certificates Provider apply packages management on hosts Facter gathers basic information about nodes hardware and operation system
15: Elements of Puppet system Manifests (code on puppet/ruby language) on server . pp use some programming methods: variables, conditional statements, functions Resources (types) is a particular element that Puppet knows how to configure Classes and defines basic named collection of resources Providers specific implementation of a given resource type Templates apply code and variable substitution Modules collection of manifests, files, plugins, classes, templates and so on Nodes – machines being configured, identified generally by its hostname Files, facters, libs, functions and so on
16: Elements of Puppet system
17: Puppet Infrastructure
18: PART III DEPLOYMENT OF PUPPET
19: Procedure of deployment Setup (master and clients) Set up configuration files Deploy certificates Write and deploy manifest and describe nodes
20: Installation of Puppet Most platforms will use the default package manager to install Puppet or from source Prerequisites: ruby, ruby-libs, facter
21: Sample Puppet config file Can be configured via CLI or configuration file main vardir /var/lib/puppet logdir /var/log/puppet ssldir $vardir/ssl moduledir /var/lib/modules agent server localconfig $vardir/localconfig report true master reports http autosign /etc/puppet/autosign. conf
22: Setup Certificate Multiple ways to resolve this Setup puppetmaster to automatically sign certificates Setup puppetmaster to pre-sign certificates Perform manual certificate signing each time
23: Auto Certificate signing Setup automatic certificate signing you must specify so in the /etc/puppet/autosign. conf file: . sample. domain. com server1. sample. domain. com will automatically sign certs – security risk, not good to automate the certificate signing mechanism
24: Pre-signing certificates Generate a pre-signed certificate for clients: puppet cert --generate client1. example. com Transfer the private key, the client certificate, the CA certificate to the new client: /etc/puppet/ssl/privatekeys/client. pem /etc/puppet/ssl/certs/client. pem /etc/puppet/ssl/certs/ca. pem better controlled security – have to provide transferring
25: Manual certificate signing Doesnt require the autosign. conf file List of the waiting requests on the puppetmaster by using: puppet cert --list server1. sample. domain. com server2. sample. domain. com to sign a specific request run the following: puppet cert --sign server1. sample. domain. com most secure way to sign certificates – can get cumbersome when scaling your puppet installation
26: Create manifest and Describe Node Create main manifest in /etc/puppet/manifests/site. pp Node definitions can be defined: configuration block matching a client in manifest outside of puppet - LDAP, external script node default include …. node www. domain. com … node /www. w. com/ … can use regular expression
27: Create manifest and Describe Node (continue) node default user "testpup": ensure present, shell "/sbin/nologin", home "/nonexistent", password "test",
28: PART IV SCENARIO OF DEPLOYMENT WITH HELP OF PUPPET
29: WORKSHOP (LIVE EXAMPLE) TASK WHAT WE HAVE WHAT FEATURES WE USE modules, classes, class-definitions, templates RESULT ??????
30: How to organize manifests
31: Root manifest - SITE. PP Global master manifest is site. pp which typically defines the node types puppet can configure node server1 include pkg-mgmt use module include apache node server2 include apache include mysql
32: Building module Storing modules separately in /…/…/modules/modulename assists in management We can store module specific files within the module instead of all together Inside each module, we have several directories: manifests, files, templates, plugins The manifest is where the modules definition lives and starts - init. pp
33: Module structure module/ files/ serve files from modules lib/ executable Ruby code manifests/ can hold any number of other classes and even folders of classes init. pp class. pp defined type. pp namespace/ class. pp class. pp templates/ templates written in the ERB language
34: Module start file - init. pp class apache main class require apache::params class dependencies case $operatingsystem variable FreeBSD: include apache::install Centos: include apache::instyum include apache::service Can use variables, conditional statements; Call new subclasses Convenient way – organize special class(subclass) for variables
35: Subclass for Install class apache::install file $apache::params::installoption: resource - type of file ensure directory, recurse true, recurselimit 1, owner "root", group "wheel", mode 0644, source "puppet:///modules/apache/install", package $apache::params::apachepkgname: resource - type of package provider portupgrade, ensure installed, require File$apache::params::installoption, Each resource has its own parameters & properties More about resources: http://docs. puppetlabs. com/references/stable/type. html
36: Subclass for SERVICE class apache::service service $apache::params::apachesername: ensure running, hasstatus true, hasrestart true, enable true, require Class"apache::install", File"$apache::params::apachemainconf" file $apache::params::apachemainconf: ensure present, owner root, group wheel, mode 644, source "puppet:///modules/apache/config/httpd. conffree", require Class"apache::install", notify Service"$apache::params::apachesername",
37: Module Dependency Handy when an application needs to have certain files in place before installing the rest The more complex your Puppet environment becomes the greater the need for inter-module dependencies are. inter-, intra-module dependencies require, before - guarantees that the specified object is applied later or before than the specifying object notify, subscribe - causes the dependent object to be refreshed when this object is changed Classx - Classy – another form of dependencies Stages - creates a dependency on or from the named milestone
38: Definitions Definitions are similar to classes, but they can be instantiated multiple times with different arguments on the same node (looks like functions for resources) define apache::vhost ( $port, $docroot, $templateapache/vhosts. erb) file "/etc/apache2/sites-available/$name": content template($template), owner root, group wheel, mode 644, ------------------------------------------------------------------------------------------ Example of usage node www include apache apache::vhost www-second: port 80, docroot /var/www/www-second, template apache/wwwvhosts,
39: Templates Templates are flat files containing Embedded Ruby (ERB) variables Allows you to create template configuration files NameVirtualHost : ServerName DocumentRoot AllowOverride None ErrorLog /var/log/apache2/error. log CustomLog /var/log/apache2/access. log combined - variable field
40: Custom facter System inventory tool on client Can be used as variables in manifests You can add custom facts as needed Steps to create custom facts: - create file in module directory . . /modulename/lib/facter/. rb - write code on Ruby - enable on client and server – pluginsynctrue
41: Reports, monitoring Puppet has a few reporting options: YAML files RRD files EMAIL with changes HTTP - web interface (Dashboard, Foreman)
42: CONCLUSIONS What is the profit ? Quick and flexible deployment of our complicated system in production Quick re-deployment of existing system in case of failure (previously generating data backups) Easy deployment of huge numbers of servers Easy generation and modification of configuration files
43: Additional resources for PUPPET http://docs. puppetlabs. com/guides/ http://rubular. com/ http://github. com/puppetlabs/ http://forge. puppetlabs. com/ Book Pro Puppet by James Turnbull, Jeffrey McCune Book Puppet 2. 7 Cookbook by John Arundel
