Puppet: Now What?!?!? – A guide for getting from install to production with puppet – Where's my stuff?
Puppet: Now What?!?!? – A guide for getting from install to production with puppet – Where's my stuff?
0 0
puppet101
A guide for getting from install to production with puppetOn Github rekibnikufesin / puppet101
Puppet: Now What?!?!?
A guide for getting from install to production with puppet
Created by Will Button / @wfbutton
Where's my stuff?
/etc/puppet
Home to all good things puppet related
confdir:
/etc/puppet
Main Manifest
with puppetmaster: /etc/puppet/manifests
with puppet apply: Anywhere!
Module Path
/etc/puppet/modules:/usr/share/puppet/modules
Multiple directories separated by colon
VARdir
Follows distro convention, usually /var/lib/puppet
SSLDir
VARdir or CONFdir, depending on distro
puppet config print ssldir
Standalone vs. puppetmaster
Standalone
- No puppetmaster
- Nodes configured with 'puppet apply'
- cron or scheduled task
- Why would you do such a thing?
Puppetmaster
- Central config location
- Reporting
- Flexibility
Sidebar: Webrick is not for production
- Lack production-quality features
- pre-forking, life cycle management, asynchronous handling
- Production: Passenger (a.k.a mod_rails or mod_rack)
- https://docs.puppetlabs.com/guides/passenger.html
Connecting Agents & Signing Certificates
Cert not found and wait for cert disabled
- communication between agent and puppetmaster must be signed
- sudo puppet cert list
- sudo puppet cert sign [certid]
- yes, but don't
- OK, fine: http://docs.puppetlabs.com/puppet/latest/reference/ssl_autosign.html
To Service or to Cron
...that is the question
- Runs every 30 minutes by default
- Module to ensure puppet is running
- but what if...
- batch processing server that runs nightly
- server with other controls that would be duplicated
- state changes intervals are measured in days
- puppet runs take over 30 minutes
Anatomy of a Manifest
Manifests vs. Modules
Manifest: self-contained
Module: "package" approach, portable, scalable
The PuppetForge
Repository of modules written by the community
ALWAYS check the `Forge
Logging, Troubleshooting and Getting HELP!
- puppetmaster logs
- system logs
- puppet apply -t
- notify { $my_variable: }
- irc #puppet
- @wfbutton :)
Organizing Your Environment Using Hiera
- A key/value lookup tool for configuration data
- Included in puppet v3.0+ (yeah!)
- Keep site-specific data out of your manifests
- (think: prod passwords vs. dev passwords
- Hierarchical, meaning defaults can be overridden
hiera.yaml
- confdir/hiera.yaml
- specifies hiera config
- assigns classes to nodes based on config
- best explained by looking at the file
/etc/puppet/manifests/site.pp
include ('hiera_classes')
Using Hiera To Store Config Data
- proxies
- DNS servers
- passwords
- test vs. production settings
- :datadir: -- where is your node config?
hiera resolvconf::nameserver
Using git For Your Modules
- git-stuff: version control, view changes, multiple authors
- DR: backup copy of environment config
- ease of deployment
Autodeploy With git
Combine with your CI server for automated deployments
Use post-commit hooks
ssh -i /home/jenkins/.ssh/id_rsa deploy@mypuppetserver 'cd /etc/puppet; sudo git pull origin master'
Use The Foreman, Luke!
- vs. puppetdb & dashboard
- Open Source
- Provisioning
- Configuration & ENC
- Monitoring
- Web, CLI, RESTful API
- irc: #foreman