Puppet

Our experience

Ryan Brooks / @spikeheap

Our problem

• Virtualising services = many instances
• Many workstations (Ubuntu & Windows)
• Starting to care about BCP

What is Puppet?

• Configuration manager
• State-based
• Agent-master or masterless

How we use it

Backups

node 'thor' {
  
  $backup_dirs = [ '/usr/local', '/var/local' ]
  
  duplicity { $backup_dirs:
    bucket => 'test-backup',
    dest_id => 'someid',
    dest_key => 'somekey'
  }
}

How we use it

SSH key management

node /^server/ {
  include ssh::server
}

node /^client/ {
  include ssh::client
}

node 'abitofboth' {
  include ssh
}

How we use it

Workstation package management

node /^workstation/ {
  include workstation
  include workstation::developer
}

class workstation( $apt_packages = [ 'thunderbird', 'enigmail' ] ){
  apt::source { 'canonical_partner':
    location    => 'http://archive.canonical.com/ubuntu',
    repos       => 'partner',
    include_src => true
  }
  
  -> package{ $apt_packages:
    ensure => present,
  }
  
  include workstation::packages::oraclejava
  ...

How we use it

Installing/managing Oracle Java

class workstation::packages::oraclejava( $ensure = 'present' ) {

  if $operatingsystem == 'Ubuntu'{
    apt::ppa { 'ppa:webupd8team/java': }

    exec { 'accept_java7_license':
      command => "echo debconf shared/accepted-oracle-license-v1-1 select true | sudo debconf-set-selections && echo debconf shared/accepted-oracle-license-v1-1 seen true | sudo debconf-set-selections",
      path => "/usr/bin/:/bin/",
    }

    package {'oracle-java7-installer':
      ensure => $ensure,
    }
		
    Apt::Ppa['ppa:webupd8team/java'] -> Exec['accept_java7_license'] -> Package['oracle-java7-installer'] -> Package['oracle-java7-set-default']
  }
}

Caveats

• Manage Puppet with Puppet only if you like playing with fire, naked
• Use librarian-puppet to manage module versions
• Use Hiera
• Use Rspec-puppet for tests
• Don't trust the node name

Fin