Puppet – configuration management tool

Скачать презентацию на тему: "Puppet – configuration management tool" с количеством слайдов в размере 43 страниц. У нас вы найдете презентацию на любую тему и для каждого класса школьной программы. Мы уверены, что наши слайды помогут найти вам свою аудиторию. Весь материал предоставлен бесплатно, в знак благодарности мы просим Вас поделиться ссылками в социальных сетях и по возможности добавьте наш сайт MirPpt.ru в закладки.

Нажмите для просмотра
Puppet – configuration management tool

1: PUPPET – configuration management tool

2: CONTENT

3: PART I GETTING STARTED

4: Typical Sysadmin Job

5: WHO HELPS US

6: What is PUPPET ? configuration management tool open source Ruby-based system relying upon client-server model used to manage throughout lifecycle IT systems:

7: PUPPETS BENEFITS Large developer base Optimized and easier configuration language Better documentation Abstracted from underlying OS (more platform support) Easily scalable and customizable Large installed base (Google, Siemens, Red Hat, Cisco)

8: PART II PUPPET INSIDE

9: Puppet MODEL

10: PUPPET DEPLOYMENT MODEL Master - store & compile configs Agent - pull configuration from master

11: PUPPET DEPLOYMENT MODEL (comparison) better security advanced management authorization centralized execution - huge load on server - single point of failure

12: Architecture of Puppet compile on server

13: Main components of Puppet system Server daemon: puppet master ( uses WEBrick web server) run as puppet user can force client to pull new configs – puppet kick Client daemon: puppet agent run as root (pulling server every 30min defaults or from cron) Both have configuration file puppet. conf

14: Main components of Puppet system (continued) Puppets Certificate Authority: puppet ca, cert SSL certificates Provider apply packages management on hosts Facter gathers basic information about nodes hardware and operation system

15: Elements of Puppet system Manifests (code on puppet/ruby language) on server . pp use some programming methods: variables, conditional statements, functions Resources (types) is a particular element that Puppet knows how to configure Classes and defines basic named collection of resources Providers specific implementation of a given resource type Templates apply code and variable substitution Modules collection of manifests, files, plugins, classes, templates and so on Nodes – machines being configured, identified generally by its hostname Files, facters, libs, functions and so on

16: Elements of Puppet system

17: Puppet Infrastructure

18: PART III DEPLOYMENT OF PUPPET

19: Procedure of deployment Setup (master and clients) Set up configuration files Deploy certificates Write and deploy manifest and describe nodes

20: Installation of Puppet Most platforms will use the default package manager to install Puppet or from source Prerequisites: ruby, ruby-libs, facter

21: Sample Puppet config file Can be configured via CLI or configuration file main vardir /var/lib/puppet logdir /var/log/puppet ssldir $vardir/ssl moduledir /var/lib/modules agent server localconfig $vardir/localconfig report true master reports http autosign /etc/puppet/autosign. conf

22: Setup Certificate Multiple ways to resolve this Setup puppetmaster to automatically sign certificates Setup puppetmaster to pre-sign certificates Perform manual certificate signing each time

23: Auto Certificate signing Setup automatic certificate signing you must specify so in the /etc/puppet/autosign. conf file: . sample. domain. com server1. sample. domain. com will automatically sign certs – security risk, not good to automate the certificate signing mechanism

24: Pre-signing certificates Generate a pre-signed certificate for clients: puppet cert --generate client1. example. com Transfer the private key, the client certificate, the CA certificate to the new client: /etc/puppet/ssl/privatekeys/client. pem /etc/puppet/ssl/certs/client. pem /etc/puppet/ssl/certs/ca. pem better controlled security – have to provide transferring

25: Manual certificate signing Doesnt require the autosign. conf file List of the waiting requests on the puppetmaster by using: puppet cert --list server1. sample. domain. com server2. sample. domain. com to sign a specific request run the following: puppet cert --sign server1. sample. domain. com most secure way to sign certificates – can get cumbersome when scaling your puppet installation

26: Create manifest and Describe Node Create main manifest in /etc/puppet/manifests/site. pp Node definitions can be defined: configuration block matching a client in manifest outside of puppet - LDAP, external script node default include …. node www. domain. com … node /www. w. com/ … can use regular expression

27: Create manifest and Describe Node (continue) node default user "testpup": ensure present, shell "/sbin/nologin", home "/nonexistent", password "test",

28: PART IV SCENARIO OF DEPLOYMENT WITH HELP OF PUPPET

29: WORKSHOP (LIVE EXAMPLE) TASK WHAT WE HAVE WHAT FEATURES WE USE modules, classes, class-definitions, templates RESULT ??????

30: How to organize manifests

31: Root manifest - SITE. PP Global master manifest is site. pp which typically defines the node types puppet can configure node server1 include pkg-mgmt use module include apache node server2 include apache include mysql

32: Building module Storing modules separately in /…/…/modules/modulename assists in management We can store module specific files within the module instead of all together Inside each module, we have several directories: manifests, files, templates, plugins The manifest is where the modules definition lives and starts - init. pp

33: Module structure module/ files/ serve files from modules lib/ executable Ruby code manifests/ can hold any number of other classes and even folders of classes init. pp class. pp defined type. pp namespace/ class. pp class. pp templates/ templates written in the ERB language

34: Module start file - init. pp class apache main class require apache::params class dependencies case $operatingsystem variable FreeBSD: include apache::install Centos: include apache::instyum include apache::service Can use variables, conditional statements; Call new subclasses Convenient way – organize special class(subclass) for variables

35: Subclass for Install class apache::install file $apache::params::installoption: resource - type of file ensure directory, recurse true, recurselimit 1, owner "root", group "wheel", mode 0644, source "puppet:///modules/apache/install", package $apache::params::apachepkgname: resource - type of package provider portupgrade, ensure installed, require File$apache::params::installoption, Each resource has its own parameters & properties More about resources: http://docs. puppetlabs. com/references/stable/type. html

36: Subclass for SERVICE class apache::service service $apache::params::apachesername: ensure running, hasstatus true, hasrestart true, enable true, require Class"apache::install", File"$apache::params::apachemainconf" file $apache::params::apachemainconf: ensure present, owner root, group wheel, mode 644, source "puppet:///modules/apache/config/httpd. conffree", require Class"apache::install", notify Service"$apache::params::apachesername",

37: Module Dependency Handy when an application needs to have certain files in place before installing the rest The more complex your Puppet environment becomes the greater the need for inter-module dependencies are. inter-, intra-module dependencies require, before - guarantees that the specified object is applied later or before than the specifying object notify, subscribe - causes the dependent object to be refreshed when this object is changed Classx - Classy – another form of dependencies Stages - creates a dependency on or from the named milestone

38: Definitions Definitions are similar to classes, but they can be instantiated multiple times with different arguments on the same node (looks like functions for resources) define apache::vhost ( $port, $docroot, $templateapache/vhosts. erb) file "/etc/apache2/sites-available/$name": content template($template), owner root, group wheel, mode 644, ------------------------------------------------------------------------------------------ Example of usage node www include apache apache::vhost www-second: port 80, docroot /var/www/www-second, template apache/wwwvhosts,

39: Templates Templates are flat files containing Embedded Ruby (ERB) variables Allows you to create template configuration files NameVirtualHost : ServerName DocumentRoot AllowOverride None ErrorLog /var/log/apache2/error. log CustomLog /var/log/apache2/access. log combined - variable field

40: Custom facter System inventory tool on client Can be used as variables in manifests You can add custom facts as needed Steps to create custom facts: - create file in module directory . . /modulename/lib/facter/. rb - write code on Ruby - enable on client and server – pluginsynctrue

41: Reports, monitoring Puppet has a few reporting options: YAML files RRD files EMAIL with changes HTTP - web interface (Dashboard, Foreman)

42: CONCLUSIONS What is the profit ? Quick and flexible deployment of our complicated system in production Quick re-deployment of existing system in case of failure (previously generating data backups) Easy deployment of huge numbers of servers Easy generation and modification of configuration files

43: Additional resources for PUPPET http://docs. puppetlabs. com/guides/ http://rubular. com/ http://github. com/puppetlabs/ http://forge. puppetlabs. com/ Book Pro Puppet by James Turnbull, Jeffrey McCune Book Puppet 2. 7 Cookbook by John Arundel

Скачать презентацию


MirPpt.ru