Managing Systems with Puppet
Eric Eisenhart <freiheit@socosa.org> SoCoSA August 7, 2007
�Overview
Overview Who's Eric? What Is Puppet? Comparisons Client, Server, and Protocol Language
More Language... Some more Language...
Real Examples Q&A
�Who's Eric? Why does he want to automate?
Unix user for 15 years Unix sysadmin for 12 years Currently: Lead Unix sysadmin at SSU
~80 *nix servers
~half highly customer visible (announce outages, etc.) Mostly RHEL; a little RHL (gone soon), a few Solaris
1.5 admins (other unix admin is also storage admin) Recent purchases: about a dozen more servers
Expected this FY: another 9 for sure plus another dozen or so likely? plus more test systems?
Eric's August SoCoSA puppet talk 3
08/16/07
�What Is Puppet?
A declarative language for expressing system conguration a client & server for distributing it a library for realizing the conguration an open development community
With a 2-person company behind it
08/16/07
Eric's August SoCoSA puppet talk
�Huh? What's that mean?
A way to manage many computers without touching them Make the computers do the boring work and concentrate on interesting things
08/16/07
Eric's August SoCoSA puppet talk
�Comparable Solutions
cfengine Bcfg2 lcfg radmind Opsware BladeLogic Microsoft SMS Netdirector IBM Tivoli
08/16/07
Eric's August SoCoSA puppet talk
�Incomparable Solutions
shell script loops
for host in `cat rhel4boxes`; do ssh root@$host \ perl -pie 's/foo/bar/' /etc/baz done
Installation-time scripting (kickstart) Crazy RPM tricks
%post perl -pie 's/foo/bar/' /etc/baz
Disk imaging (dd, ghost, etc.)
08/16/07
Eric's August SoCoSA puppet talk
�Client, Server, and Protocol
Protocol: SSL; CA builtin Server: listens on one master Client: daemon runs on many nodes and wakes up every 30 minutes factsync, pluginsync, reports
08/16/07
Eric's August SoCoSA puppet talk
�Client <-> Server
Client wakes up Client connects to server Client sends facts to server Server compiles conguration Server sends conguration Client loads conguration Client runs needed transactions (Optional) Client fetches more stuff from server Client sends report to server
Eric's August SoCoSA puppet talk 9
08/16/07
�Client
Transactional Idempotent Modular
Resource Types <-> Resource Providers Reusable
08/16/07
Eric's August SoCoSA puppet talk
10
�Library
Ruby Reusable Swappable Extensible
new types can be just one ruby le plugins!
08/16/07
Eric's August SoCoSA puppet talk
11
�Language: structure
nodes inheritance classes types denitions Lions, Tigers and Bears!
08/16/07
Eric's August SoCoSA puppet talk
12
�Language: Types
Any Unix:
cron, exec, le, group, host, mount, package, service, sshkey, tidy, user yumrepo, zone schedule, lebucket
Exclusive:
Special:
08/16/07
Eric's August SoCoSA puppet talk
13
�Metaparameters
name alias before & require notify & subscribe schedule tag
08/16/07
Eric's August SoCoSA puppet talk
14
�Type examples
cron { logrotate: command => /usr/sbin/logrotate, user => root, hour => 2, minute => 0, } package { kernel: ensure => latest } host { foo.org: ip => 10.2.5.2 } user { eric: ensure => present }
08/16/07
Eric's August SoCoSA puppet talk
15
�Type examples: exec
exec { make cwd => creates => require => }
stuff: /nfs/example/foo, /nfs/example/foo/stuff, Mount[/nfs/example/foo],
command, creates, cwd, env, group, logoutput, onlyif, path, refresh, refreshonly, returns, timeout, unless, user
08/16/07
Eric's August SoCoSA puppet talk
16
�Conditionals
file { "/some/file": owner => $os ? { sunos => "adm", redhat => "bin", }, mode => 0755, owner => root, } case $operatingsystem { sunos: { include solaris } redhat: { include redhat } default: { include generic } }
Eric's August SoCoSA puppet talk 17
08/16/07
�Denitions
define apache::virtual_host($docroot, $ip, $order = 500, $ensure = "enabled") { $file = "/etc/sites-available/$name.conf" # The template fills in the docroot, ip, and name. file { $file: content => template("virtual_host.erb"), notify => Service[apache] } file { "/etc/sites-enabled/$order-$name.conf": ensure => $ensure ? { enabled => $file, disabled => absent } } }
Eric's August SoCoSA puppet talk 18
08/16/07
�Language: classes
class ntp { file { "/etc/ntp.conf": source => [ "puppet://$puppetserver/ntp/ntp.conf.$hostname", "puppet://$puppetserver/ntp/ntp.conf" ], notify => Service[ntpd], } service { "ntpd": ensure => running, enable => true, } } package { ntp-server: ensure => installed }
08/16/07
Eric's August SoCoSA puppet talk
19
�Templates (ERB)
$backupserver = [ foo, bar ] $backupclient = baz; file { "/opt/openv/.../bp.conf": content => template("nbp/bp_conf.erb") } # HEADER: Do not edit on live system. # HEADER: Look in puppet instead. <% backupservers.each do |server| -%> SERVER = <%= server %> <% end -%> CLIENT_NAME = <%= backupclient %> See also: generate()
Eric's August SoCoSA puppet talk 20
08/16/07
�Modules
# cd /etc/puppet/modules/netbackup_client # find . | grep -v CVS . ./templates ./templates/bp_conf.erb ./README ./manifests ./manifests/init.pp ./files ./files/NET_BUFFER_SZ
08/16/07
Eric's August SoCoSA puppet talk
21
�Bringing it all together
node obsidian inherits typicalserver { include apache virtualhost { www.example.org: ip => 10.2.5.7, docroot => /var/www/example.org/htdocs, } } node default inherits typicalserver {} node typicalserver { include $operatingsystem include security include ntp include ssh }
08/16/07
Eric's August SoCoSA puppet talk
22
�Show and Tell
08/16/07
Eric's August SoCoSA puppet talk
23
�Q&A
08/16/07
Eric's August SoCoSA puppet talk
24
