puppet how and why
play

Puppet: How and Why Luke Kanies luke@reductivelabs.com Founder, - PowerPoint PPT Presentation

Puppet: How and Why Luke Kanies luke@reductivelabs.com Founder, Reductive Labs Nashville, Tennessee USA Why it exists, how it works, and why it works this way Automation tools in general Not exactly modern Image from


  1. Puppet: How and Why Luke Kanies luke@reductivelabs.com Founder, Reductive Labs Nashville, Tennessee USA Why it exists, how it works, and why it works this way

  2. Automation tools in general

  3. Not exactly modern Image from http://flickr.com/photos/silverwood/593965547/

  4. In fact, they kinda suck Image from http://flickr.com/photos/jefframone/1426716646/ Why?

  5. O SSH

  6. Developer Sysadmin * How many of you have written software to manage computers? * How many have published this software?

  7. Three people Developer Sysadmin * How many of you have written software to manage computers? * How many have published this software?

  8. Somebody has to do something, and it's just incredibly pathetic that it has to be us. -- Jerry Garcia

  9. SSH Cfengine ? We needed something better

  10. SSH Cfengine ? A tool you can’t a � ord not to adopt

  11. Image from http://flickr.com/photos/13035641@N00/270353459/ I want Puppet to be the equivalent of bringing a gun to a knife fight. This analogy works with agriculture, metalworking, or nearly any tech., but it’s easiest with war

  12. But that’s still not enough

  13. What is a sysadmin? Image from http://flickr.com/photos/shirleytwofeathers/2068713495/ Firefighter? Architect? Developer? Tape-changer? All of the above?

  14. Image from http://flickr.com/photos/kenskritters/2128853769/ I want to cause sysadmin speciation. These are house finches, reminding one of the finches Darwin observed in the Galapagos

  15. People are finally figuring out puppet and how it gets you to the pub by 4pm. Note that I've been at this pub since 2pm. -- Jorge Castro

  16. Either you can manage many machines with little effort

  17. Either you can manage many machines with little effort Or you can’t

  18. How do we create that tool?

  19. An Analogy Programming SysAdmin Low-level, non- commands and Assembly portable files Abstract, portable C* Resources * For small values of abstract * The assembly programmers fought the adoption of C * Fear for your career if you’re a bit too fond of assembly * It’s not about few people, it’s about higher quality and productivity * Are there more or fewer programmers today than in the days of assembly?

  20. Infrastructure 2.0 This is a joke, kind of. Talk about going to Web 2.0. We’re stealing their ideas and using them to make our infrastructure better. In general, we need to steal more ideas.

  21. Abstraction

  22. Portable Resources This:

  23. Portable Resources This: Becomes:

  24. Portable Resources This: Becomes:

  25. Portable Resources This: Becomes:

  26. Portable Resources This: Becomes:

  27. Portable Resources This: Becomes:

  28. Resource Providers 23 package types Users in NetInfo, useradd, pw Support for Debian, Ubuntu, Red Hat, Solaris, OS X, Gentoo, SuSE, FreeBSD, and more

  29. Your infrastructure can use µf, too Hang out on this slide, make the point

  30. Reuse

  31. “...we’ve just switched from CVS to SVN, and it’s awesome”

  32. Your Infrastructure is a program

  33. Same concept, different code Debian We’re doing the same thing with different commands on different platforms

  34. Same concept, different code Debian Red Hat We’re doing the same thing with different commands on different platforms

  35. Same concept, different code Debian Red Hat We’re doing the same thing with different commands on different platforms

  36. Portability and Naming

  37. One solution per problem

  38. Network Effects

  39. Completeness

  40. Relationships matter but are often implicit

  41. Relationships matter but are often implicit Package

  42. Relationships matter but are often implicit Configuration should get Package modifed after package installation Configuration

  43. Relationships matter but are often implicit Configuration should get Package modifed after package installation Service should restart when Configuration configuration changes Service

  44. Relationships matter We’ll come back to abstraction

  45. Classes provide Intent This is shareable, releasable code. Classes are analogous with tags

  46. Puppet as a tool

  47. Centralized Management Code Puppetmasterd puppetd puppetd in the OS X puppetd cloud Linux

  48. Each host gets a Resource Catalog

  49. Node Classification

  50. Node Classification

  51. Node Classification

  52. SSH Resources We’ll come back to abstraction

  53. So You’ve Got a Resource Catalog

  54. The Configuration Process * You can change the runinterval * You can trigger runs through puppetrun, SIGUSR1, or puppetd --test

  55. The Configuration Process 1. Retrieve resource catalog from central server * You can change the runinterval * You can trigger runs through puppetrun, SIGUSR1, or puppetd --test

  56. The Configuration Process 1. Retrieve resource catalog from central server 2. Determine resource order * You can change the runinterval * You can trigger runs through puppetrun, SIGUSR1, or puppetd --test

  57. The Configuration Process 1. Retrieve resource catalog from central server 2. Determine resource order 3. Check each resource in turn, fixing if necessary * You can change the runinterval * You can trigger runs through puppetrun, SIGUSR1, or puppetd --test

  58. The Configuration Process 1. Retrieve resource catalog from central server 2. Determine resource order 3. Check each resource in turn, fixing if necessary 4. Rinse and repeat, every 30 minutes * You can change the runinterval * You can trigger runs through puppetrun, SIGUSR1, or puppetd --test

  59. Transactions (for each resource)

  60. Transactions (for each resource) 1. Retrieve current state (e.g., by querying dpkg db or doing a stat)

  61. Transactions (for each resource) 1. Retrieve current state (e.g., by querying dpkg db or doing a stat) 2. Compare to desired state

  62. Transactions (for each resource) 1. Retrieve current state (e.g., by querying dpkg db or doing a stat) 2. Compare to desired state 3. Fix, if necessary (or just log)

  63. Configurations are idempotent Idempotency is what allows us to manage a machine through its whole lifecycle

  64. Configurations are idempotent Idempotency is what allows us to manage a machine through its whole lifecycle

  65. Idempotency allows management through the lifecycle

  66. Resource sorting is done via dependencies In this context, I sometimes call the Resource Catalog the ‘Resource Graph’

  67. A Simple Transaction

  68. A Simple Transaction

  69. A Simple Transaction

  70. Client Reporting

  71. Who’s using Puppet? “...at Google we're currently using Puppet to manage close to 6,000 Macs, and it's likely our deployment will expand dramatically beyond that....” Testimonials . . .at Google we're currently using it to manage close to 6,000 Macs, and it's likely our deployment will expand dramatically beyond that. . . Nigel Kersten MacOps

  72. Puppet vs. Capistrano

  73. Puppet vs. Cfengine

  74. It scales like HTTPS And you don’t even need to centralize it.

  75. All communication is via XMLRPC over HTTPS And moving to REST over HTTPS

  76. Uses SSL , and provides a Certificate Authority * Every connection is encrypted, and the only connection that isn’t authenticated is the one that asks for a signed cert * Client certs * Autosign, manual sign, manual certificate generation * You don’t even have to use it

  77. Logs go to syslog (by default)

  78. Written in Ruby • 1 to 1 test code to real code (and pretty good coverage) • Plugins are nearly always drop-in (resource types, providers, reports, etc.)

  79. Language and Library C was a language and a library, Puppet is a framework and a tool

  80. An api * Discovery * Replace webmin in 20 mins * etc.

  81. ralsh - a thin API wrapper This uses the same model as the rest of puppet -- it chooses the appropriate provider for the local system. You can edit resources, and it even works over the network.

  82. Image from http://flickr.com/photos/pingnews/132543603/ Virtualization

  83. This is all I do

  84. Bad product, hungry Luke

  85. Full time since March 2005

  86. Support, Consulting, Training, and more

  87. Other Software

  88. An Irony Puppet exposes Your Next Big Problem

  89. Puppet is plumbing We’re producing software to take more advantage of it. We’re beginning to build a Puppet ecosystem.

  90. In the Future • Discovery • Node Classification • Probably much more :)

  91. Questions?

Recommend


More recommend