Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Puppet Modules: Apps for Ops

Avatar for Justin Bronn Justin Bronn
April 11, 2014
Programming
1
310

Puppet Modules: Apps for Ops

Avatar for Justin Bronn

Justin Bronn

April 11, 2014
Tweet

Other Decks in Programming

See All in Programming
単体テストの始め方/作り方
Avatar for toms toms74209200
0
430
GoのWebAssembly活用パターン紹介
Avatar for syumai syumai
3
10k
ktr0731/go-mcpでMCPサーバー作ってみた
Avatar for kashiwa takak2166
0
160
アンドパッドの Go 勉強会「 gopher 会」とその内容の紹介
Avatar for ANDPAD inc andpad
0
120
Enterprise Web App. Development (2): Version Control Tool Training Ver. 5.1
Avatar for Koichi NAKAGAWA knakagawa
1
110
社内での開発コミュニティ活動とモジュラーモノリス標準化事例のご紹介/xPalette and Introduction of Modular monolith standardization
Avatar for Mitsuharu Maruyama m4maruyama
0
120
機械学習って何? 5分で解説頑張ってみる
Avatar for Kazuki Ishikawa kuroneko2828
0
200
技術懸念に立ち向かい 法改正を穏便に乗り切った話
Avatar for popCashew pop_cashew
0
1.3k
ドメインモデリングにおける抽象の役割、tagless-finalによるDSL構築、そして型安全な最適化
Avatar for Kenichi SUZUKI knih
10
1.8k
Use Perl as Better Shell Script
Avatar for karupanerura karupanerura
0
690
コード書くの好きな人向けAIコーディング活用tips #orestudy
Avatar for Hiromi Hishida 77web
3
300
Cursor Meetup Tokyo ゲノミクスとCursor: 進化と制約のあいだ
Avatar for Masaru Koido koido
2
980

Featured

See All Featured
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.3k
Keith and Marios Guide to Fast Websites
Avatar for Keith Pitt keithpitt
411
22k
The Language of Interfaces
Avatar for Des Traynor destraynor
158
25k
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
48
50k
Visualization
Avatar for Eitan Lees eitanlees
146
16k
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
54
13k
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
94
14k
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
233
17k
The Psychology of Web Performance [Beyond Tellerrand 2023]
Avatar for Tammy Everts tammyeverts
47
2.8k
It's Worth the Effort
Avatar for 3n 3n
184
28k
Automating Front-end Workflow
Avatar for Addy Osmani addyosmani
1370
200k
Sharpening the Axe: The Primacy of Toolmaking
Avatar for Bryan Cantrill bcantrill
43
2.4k

Transcript

  1. Puppet Modules Apps for Ops! ! Justin Bronn, Esq. @jbronn

  2. Slides / Notes https://github.com/jbronn

  3. Configuration Management?

  4. Complexity

  5. <HTML>! <IMG> /cgi-bin/perl.cgi

  6. None
  7. None

  8. mod_wsgi

  9. Don’t Repeat Yourself • Even a “simple” web application has

    a large number of components • You don’t want to configure them manually

  10. Why Puppet?

  11. None

  12. crypt.py

  13. None

  14. Why Puppet? • Mature (in Licensing & Security) • “Explicit

    is better than Implicit” • Wide OS support: • Linux (of course), Windows, Mac • OpenBSD, Solaris, AIX,HP-UX

  15. Installing Puppet

  16. Ubuntu 12.04 $ sudo gem install \! --bindir /usr/local/bin! puppet

    $ sudo apt-get -y install \! libruby libshadow-ruby1.8 rubygems Packages also available: apt.puppetlabs.com

  17. OS X $ sudo gem install \! --bindir /usr/local/bin! puppet

    Package also available: https://downloads.puppetlabs.com/mac/

  18. Windows C:\> msiexec /qn /i puppet-3.4.3.msi ^! PUPPET_AGENT_STARTUP_MODE=Disabled! MSI from:

    https://downloads.puppetlabs.com/windows/

  19. Puppet Language

  20. Overview • Puppet, the language, is a Ruby DSL •

    Puppet code lives in files called “manifests”; files end with “.pp” suffix

  21. Overview • Catalog: compiled Puppet code, describes relationships between “resources”

    • Catalog is a an directed acyclic graph • Puppet applies catalog, bringing system into state declared in manifests

  22. Resources

  23. package {'openssh-server':! ensure => installed,! }


  24. package {'openssh-server':! ensure => installed,! }


  25. package {'openssh-server':! ensure => installed,! }


  26. package {'openssh-server':! ensure => installed,! }


  27. package {'openssh-server':! ensure => absent,! }


  28. package {'Django':! ensure => '1.6.2',! provider => 'pip',! }


  29. Basics

  30. Declarative

  31. $ssh_dir = '/etc/ssh'! file { $ssh_dir:! ensure => directory,! owner

    => 'root',! group => 'root',! mode => '0755',! }! $ssh_dir = '/foo/ssh'!

  32. $ssh_dir = '/etc/ssh'! file { $ssh_dir:! ensure => directory,! owner

    => 'root',! group => 'root',! mode => '0644',! }!

  33. $array = ['foo', 'bar']! ! $hash = {'key' => 'value'}!

    $value = $hash['key']! ! $py_versions = split('2.7,3.4', ',')! Data Structures / Function Call

  34. $noun = 'Lumberjack'! $sentence = "I'm a ${noun}"! String Interpolation

  35. if $python_version == '3.4' {! notice('You have asyncio!')! } !

    ! case $python_version {! /^(2.6|2.7)$/: {! }! '3.4': {! }! default: {! fail('Unsupported version!')! }! }! Flow Control

  36. Facts

  37. $ facter | less! ! $ facter fqdn ipaddress osfamily!

    fqdn => puppet.local! ipaddress => 10.0.2.15! osfamily => Debian!

  38. if $::osfamily == 'RedHat' {! $py_dev_pkg = 'python-devel'! } elsif

    $::osfamily == 'Debian'{! $py_dev_pkg = 'python-dev'! }! ! ! $:: gives you facts in Puppet

  39. if $::osfamily == 'RedHat' {! $py_dev_pkg = 'python-devel'! } elsif

    $::osfamily == 'Debian'{! $py_dev_pkg = 'python-dev'! }! ! ! $:: gives you facts in Puppet

  40. Resource Ordering

  41. Resource References Package['openssh-server'] Resource type is capitalized Resource name is

    in brackets

  42. $sshd_config = "${ssh_dir}/sshd_config"! ! file {$sshd_config:! ensure => file,! owner

    => 'root',! group => 'root',! mode => '0644',! content => template('sshd_config.erb'),! require => Package['openssh-server'],! }
 Require Metaparameter

  43. $sshd_config = "${ssh_dir}/sshd_config"! ! file {$sshd_config:! ensure => file,! owner

    => 'root',! group => 'root',! mode => '0644',! content => template('sshd_config.erb'),! require => Package['openssh-server'],! }
 Require Metaparameter

  44. Package[openssh-server] File[/etc/ssh/sshd_config]

  45. service {'ssh':! ensure => running,! enable => true,! subscribe =>

    File[$sshd_config],! }
 Subscribe Metaparameter

  46. service {'ssh':! ensure => running,! enable => true,! subscribe =>

    File[$sshd_config],! }
 Subscribe Metaparameter

  47. file { $sshd_config:! ...! notify => Service['ssh'],! ...! }
 service

    {'ssh':! ensure => running,! enable => true,! } Notify Metaparameter

  48. file { $sshd_config:! ...! notify => Service['ssh'],! ...! }
 service

    {'ssh':! ensure => running,! enable => true,! } Notify Metaparameter

  49. Package['openssh-server'] ->! File[$sshd_config] ~>! Service['ssh'] Chaining Arrows

  50. Package['openssh-server'] ->! File[$sshd_config] ~>! Service['ssh'] Chaining Arrows

  51. Package['openssh-server'] ->! File[$sshd_config] ~>! Service['ssh'] Chaining Arrows

  52. Puppet Modules

  53. Modules • Containers for Puppet code • Analogous to Python

    Packages • May be installed from a Puppet “Forge”

  54. Installing Modules

  55. puppet module install <vendor>-<name>

  56. $ puppet module install counsyl-python Notice: Preparing to install into

    /Users/justin/.puppet/modules ...! Notice: Downloading from https://forge.puppetlabs.com ...! Notice: Installing -- do not interrupt ...! /Users/justin/.puppet/modules! !"# counsyl-python (v0.9.3)! !"# counsyl-sys (v0.9.13)! !"" puppetlabs-stdlib (v4.1.0)! !

  57. https://forge.puppetlabs.com https://github.com/jbronn/django-forge

  58. Module Structure

  59. counsyl-pyapp/
 Modulefile
 manifests/init.pp
 templates/
 files/
 lib/ $ puppet module generate

    \! counsyl-pyapp

  60. counsyl-pyapp/
 Modulefile
 manifests/init.pp
 templates/
 files/
 lib/

  61. counsyl-pyapp/
 Modulefile
 manifests/init.pp
 templates/
 files/
 lib/

  62. manifests/init.pp class pyapp {! ...! }
 “class” name must match

    name of module

  63. manifests/install.pp class pyapp::install {! ...! }
 Can have other namespaces,

    but file name must match name of file.

  64. counsyl-pyapp/
 Modulefile
 manifests/init.pp
 templates/
 files/
 lib/

  65. file { ‘/path/to/settings.py':! ensure => file,! owner => 'root',! group

    => 'root',! mode => '0644',! content => template('pyapp/settings.py.erb'),! } Puppet Templates

  66. file { ‘/path/to/settings.py':! ensure => file,! owner => 'root',! group

    => 'root',! mode => '0644',! content => template('pyapp/settings.py.erb'),! } Puppet Templates pyapp/templates/settings.py.erb

  67. counsyl-pyapp/
 Modulefile
 manifests/init.pp
 templates/
 files/
 lib/

  68. file { '/path/to/foo.js':! ensure => file,! owner => 'root',! group

    => 'root',! mode => '0644',! source => 'puppet:///modules/pyapp/foo.js'! } Puppet Files

  69. file { '/path/to/foo.js':! ensure => file,! owner => 'root',! group

    => 'root',! mode => '0644',! source => 'puppet:///modules/pyapp/foo.js'! } Puppet Files pyapp/files/foo.js

  70. counsyl-pyapp/
 Modulefile
 manifests/init.pp
 templates/
 files/
 lib/

  71. Writing Modules for Python

  72. Roadmap • “Simple” Django application • Needs Celery (and Redis)

    • Nginx reverse-proxy to Gunicorn

  73. class pyapp {! include python! }
 Python / Pip

  74. class pyapp {! include python! include python::virtualenv! }
 Virtualenv counsyl-python

  75. class pyapp {! include python! include python::virtualenv! include redis! }


    Redis counsyl-redis

  76. class pyapp {! include python! include python::virtualenv! include redis! include

    nginx! }
 Nginx counsyl-nginx

  77. Mix & Match

  78. Python Types

  79. package {'pyapp':! ensure => '0.1.0',! source => 'git+https://github.com …’, provider

    => 'pip',! }
 pip provider

  80. package {'pyapp':! ensure => '0.1.0',! source => 'git+https://github.com …’, provider

    => 'pip',! }
 pip provider

  81. package {'Django':! ensure => '1.6.2',! provider => 'pipx',! install_options =>

    [! {'--index-url' => ! 'https://pypi.mycorp.com'}! ]! }
 pipx provider

  82. package {'Django':! ensure => '1.6.2',! provider => 'pipx',! install_options =>

    [! {'--index-url' => ! 'https://pypi.mycorp.com'}! ]! }
 pipx provider

  83. package {'Django':! ensure => '1.6.2',! provider => 'pipx',! install_options =>

    [! {'--index-url' => ! 'https://pypi.mycorp.com'}! ]! }
 pipx provider

  84. venv {'/srv/pyapp': } ! ! ! ! venv type

  85. venv {'/srv/pyapp': ! owner => $user,! group => $group,! system_site_packages

    => true,! }! venv type

  86. venv_package {'celery@/srv/pyapp': ! ensure => installed,! }! venv_package type

  87. $venv = '/srv/pyapp'! venv_package {"celery@${venv}": ! ensure => installed,! }!

    venv_package type

  88. $venv = '/srv/pyapp'! venv_package {"redis@${venv}": ! ensure => '2.9.1',! require

    => Class['redis'],! }! venv_package type

  89. Class Parameters

  90. class pyapp(! $venv = '/srv/pyapp',! $package = 'pyapp',! $source =

    'git+https://...',! $version = '0.1.0',! ){! ...! venv { $venv: }! venv_package { "${package}@${venv}":! ensure => $version,! source => $source,! }! ...! }

  91. class pyapp(! $venv = '/srv/pyapp'! $package = 'pyapp',! $source =

    'git+https://...' ! $version = '0.1.0',! ){! ...! venv { $venv: }! venv_package { "${package}@${venv}":! ensure => $version,! source => $source,! }! ...! }

  92. class {'pyapp':! version => '0.8',! } Using Class Parameters

  93. class {'pyapp':! version => '0.8',! } Using Class Parameters

  94. class {'pyapp':! version => '0.8',! } Using Class Parameters

  95. ERB

  96. ERB: Ruby Templates • This time, it’s Ruby • Great

    for when you need dynamic content in a configuration file (e.g., ServerName)

  97. DATABASES = {! 'NAME': '<%= @db %>',! }! ! NGINX_CONFIG

    = '<%= scope['nginx::config_file'] %>'! SERVER_NAME = '<%= scope['::fqdn'] %>'! ! <% ! db_folder = File.dirname(@db_name)! -%>! DB_FOLDER = '<%= db_folder %>'! ERB

  98. DATABASES = {! 'NAME': '<%= @db %>',! }! ! NGINX_CONFIG

    = '<%= scope['nginx::config_file'] %>'! SERVER_NAME = '<%= scope['::fqdn'] %>'! ! <% ! db_folder = File.dirname(@db_name)! -%>! DB_FOLDER = '<%= db_folder %>'! ERB

  99. DATABASES = {! 'NAME': '<%= @db %>',! }! ! NGINX_CONFIG

    = '<%= scope['nginx::config_file'] %>'! SERVER_NAME = '<%= scope['::fqdn'] %>'! ! <% ! db_folder = File.dirname(@db_name)! -%>! DB_FOLDER = '<%= db_folder %>'! ERB

  100. DATABASES = {! 'NAME': '<%= @db %>',! }! ! NGINX_CONFIG

    = '<%= scope['nginx::config_file'] %>'! SERVER_NAME = '<%= scope['::fqdn'] %>'! ! <% ! db_folder = File.dirname(@db_name)! -%>! DB_FOLDER = '<%= db_folder %>'! ERB

  101. Running Puppet

  102. Stand-Alone

  103. puppet apply manifest.pp

  104. puppet apply site.pp \! --modulepath /modules Customize Module Path

  105. puppet apply -e \! "include pyapp" “Evaluate”

  106. puppet agent

  107. The Puppetmaster • Centralized server for housing modules and configurations

    for nodes (servers) • Secured with HTTPS Client Certificates • Nodes must have certificate signed to receive configuration

  108. Node Master

  109. Node Master node$ sudo puppet agent —test! Info: Creating a

    new SSL key for node.local! Exiting; no certificate found

  110. Node Master master$ sudo puppet cert sign node.local! Info: Signed

    certificate request for node.local

  111. Node Master node$ sudo puppet agent —test! info: Caching certificate

    for node.local! info: Retrieving plugin! info: Caching catalog for node.local! info: Applying configuration version '1326210629'! notice: Finished catalog run in 0.11 seconds /etc/puppet/modules /etc/puppet/manifests
  112. None

  113. Module Development

  114. Use Vagrant!

  115. Vagrant • A must-have for DevOps development in general, not

    just Puppet • Also supports Ansible, Salt, Chef • You may think you can do better…

  116. Vagrantfile • Tells Vagrant what to do • An API

    for provisioning a VM (actually Ruby + magic) • Forward ports, change memory, multiple provisioners, multiple VMs, multiple NICs…

  117. Vagrantfile Vagrant.configure('2') do |config|! config.vm.box = "precise64"! config.vm.box_url = "http://..."!

    ...! end

  118. Puppet Provisioner Vagrant.configure('2') do |config|! ...! config.vm.provision "puppet" do |puppet|!

    puppet.facter = { "vagrant" => "1" }! puppet.module_path = "modules"! end! ...! end

  119. Puppet Provisioner Vagrant.configure('2') do |config|! ...! config.vm.provision "puppet" do |puppet|!

    puppet.facter = { "vagrant" => "1" }! puppet.module_path = "modules"! end! ...! end Looks for manifests/default.pp

  120. Another Ruby DSL? • Yeah… • Tremendous workflow benefits •

    Much easier to share your snowflake environments

  121. vagrant up • All end user has to do is

    type this command • No waiting for a server/sysadmin • Can get to work

  122. Base Boxes?

  123. Use Packer!

  124. Packer • Virtual Machine image creation tool • Written in

    Go, uses JSON templates • See my sample for creating a base box: • https://github.com/jbronn/packer-vagrant
  125. None

  126. Questions?