14 mar 2013
Puppet Enterprise provides:
- GUI
- orchestration (m-collective): live management thru GUI
- cloud provisioning: vmware vsphere or AWS
- compliances
- packaging, recent features: cert signing from GUI, authentication with LDAP and Google Apps
- services, support & training
Books:
- Puppet Types and Providers (definite book for extending puppet)
Puppet 3 developments:
- performance improvement in 3 over 2.7
- removal of dynamic scoping
- data bindings, ie.
$server = hiera(ntp_server, 'time.apple.com') - fully ruby 1.9.3 support
- commitment to semver versioning
- API documentation
Continuous Release w/ MCO:
- MCO builds packages and distributes them to nodes (e.g. agents)
PuppetDB for storeconfigs:
- fast replacement for ActiveRecord storeconfigs
Razor happenings:
- rule-based provisioning for bare metal hardware and virtual servers
- not production ready yet
Ruby DSL has been cancelled at this moment.
Chuck Norris: «Real men develop in production!»
- Let's fix this: mco + ENC
- branch == environment
- github.com/youdevise/puppetupdate
- it's not refactoring if there's no tests
- automatic is dangerous
- cron --noop runs
- can you rebuild cleanly?
- does the code reflect the current state?
- developers are 10 years ahead of sysadmins
- we don't integration test and don't rebuild reliably
- infra is hard, end to end testing, complexity...
- sysadmin is not an art, is engineering
The solution:
- re-provision everything in tests
- proper software engineering:
- unit and integration tests
- build pipeline plus promotion (promote staging to prod)
Desires:
- no per colo environment code
- no IP anywhere
- DRY
- CI pipeline
- puppet run from provisioned to working
- repeatable and testable!
Tools:
- orc, continous zero downtime deployment: http://github.com/youdevise/orc
- puppetroll, rolls out a consistent sha1 from puppetmaster to an entire env; fails if any puppetrun fails.
- debootstrap custom gold images; mcollective 'computenode' agent for kvm; dynamic IP allocation in DDNS.
- stacks builds and sets up everything.
- reusing nrpe tests to see if services are working.
Links:
- http://www.slideshare.net/bobtfish/test-driven-infrastructure-development-17199317
- http://github.com/youdevise
- http://github.com/bobtfish
- http://devblog.timgroup.com
- the last mile is the worst time & place to introduce changes.
- release more often, continuous delivery (integration, deployment, etc.).
- do not do all at once, build a pipeline.
- editors: eclipse gepetto, puppet textmate, vim-puppet
- vagrant can provision using puppet, chef, bash
- jenkins provides CI services
- leave db scripts away from puppet, they're not infrastructure
- vagrant package permet empaquetar boxes per exportar
- continuous delivery is hard
- puppet is infrastructure as code, but testing too
- 7 different envs, each one has dev, staging and prod
- solution: puppet + gitlab
- gitlab is floss, easy, ldap, etc. like github but free
- git hooks:
- pre-receive: puppet style guide, puppet parser
- post-receive: updates puppetmaster
- separate data from code: hiera
- mcollective
mco puppet runall 10mco package ...mco find -S "resource().total_time > 10"
- separate code (behaviour) and config (data)
- key/value lookup tool for config data,
$dnsserver = hiera('dnsserver') - the hierarchy to perform the lookup can use facts
- hiera backends:
- default: json, yaml
- other: redis, mysql, gpg, puppet
- supports non scalar data with
hiera_hashandhiera_array hiera_includecan include classes defined in hiera- in puppet 3 include will lookup for parameters on external data sources
- failure is a normal part of all systems
- failure is the evolutionary, natural climax of all life
- IaaS evolves and becomes PaaS
- http://www.niallferguson.com/video/war-of-the-world
- everything fails some time and recovering from backup is painful
- but we still need backups
- old school wisdom: master / slave (hot-data LIVE slave)
- or simply use a cache
- if you have something you to have it somewhere else too
- using mco you can make ad-hoc configuration management
- package ensure latest can be used to upgrade packages, but mco can be used to orchestrate an upgrade in a more controlled way.
- using compliance you can set baselines