Greenfield Puppet: Getting it right from the start

Greenﬁeld Puppet
David Danzilio
@djdanzilio

A collection of wisdom that I
wish I had available when I
ﬁrst started using Puppet

This could change in future
releases

Don’t just take my word for it

– Wikipedia
“a greenﬁeld is a project that lacks any constraints
imposed by prior work”

A (not so) hypothetical
scenario…

Department of
BasketweavingFUFoo University

class apache {!
package { [‘apache2’, ‘rails’, ‘libapache2-mod-passenger’]:!
ensure => present,!
}!
file { ‘/etc/apache2/sites-enabled/bw-app.conf’:!
ensure => file,!
source => ‘puppet:///apache/bw-app.conf',!
require => Package[‘apache2’],!
}!
file { ‘/var/www/bw-app’:!
ensure => directory,!
owner => www-data,!
group => www-data,!
source => ‘puppet:///apache/bw-app',!
recurse => true,!
require => File[‘/etc/apache2/sites-enabled/bw-app.conf’]!
}!
service { ‘apache2’:!
ensure => running,!
require => [!
File[‘/var/www/bw-app’],!
Package[’rails’, ‘libapache2-mod-passenger’],!
]!
}!
}

I want to use
Graphite
for all my!
basket data

–Doug McIlroy
“Write programs that do one thing and do it
well. Write programs to work together.”

Don’t write modules unless
you absolutely have to!

Don’t customize Forge
modules!

Use the Roles and Proﬁles
pattern

Craig Dunn’s blog post:
“Designing Puppet – Roles
and Proﬁles”

node db01.example.com {
include role::db::server
}
!
node db02.example.com {
include role::db::server::dev
}

A role includes one or more
proﬁles

class role::base {
include profile::base
}
!
class role::db::server inherits role::base {
include profile::mysql
include profile::application::database
}
!
class role::db::server::dev inherits role::base {
include profile::mysql
include profile::percona
}

class profile::mysql {
!
$mysql_version = hiera(‘mysql_version’)
!
class { ‘mysql::server’:
package_ensure => $mysql_version
}
!
class { ‘mysql::backup’: }
class { ‘nagios::mysql’: }
!
}

Look for modules with lots of
downloads and recent
updates

Lots of downloads
Recent update

Do some background
research on the author of the
module

Give priority to modules
written by Puppet Labs

Be weary of modules with
strange dependencies

Don’t use a module without
vetting it

Have a solid deployment
pipeline

Use librarian-puppet or r10k
to deploy your code to your
Puppet masters

Reliable metadata is key to a
successful Puppet deployment

$ cat /etc/facter/facts.d/metadata.json
{
"datacenter": "Boston",
"rack": "R23",
"role": "webserver",
"cluster": "C89"
}

Use environments to keep
your nodes safe

Understand the lifecycle of a
module

Don’t get too crazy with your
hierarchy

:hierarchy:
- “%{::app}/%{::environment}/%{::datacenter}/%{::fqdn}”
- “%{::app}/%{::environment}/%{::datacenter}”
- “%{::app}/%{::environment}”
- “%{::app}”
- “%{::cluster}/%{::environment}/%{::datacenter}/%{::fqdn}”
- “%{::cluster}/%{::environment}/%{::datacenter}”
- “%{::cluster}/%{::environment}”
- “%{::cluster}”
- “%{::environment}/%{::datacenter}/%{::fqdn}”
- “%{::environment}/%{::datacenter}”
- “%{::environment}”
- “%{::realm}/%{::region}/%{::datacenter}/%{::fqdn}”
- “%{::realm}/%{::region}/%{::datacenter}”
- “%{::realm}/%{::region}”
- “%{::realm}”
- “%{::region}”
- “%{::datacenter}/%{::rack}/%{::cluster}/%{::fqdn}”
- “%{::datacenter}/%{::rack}/%{::cluster}”
- “%{::datacenter}/%{::rack}”
- “%{::datacenter}”
- “%{::rack}”
- “%{::cluster}”

Puppet modules need a
design speciﬁcation

Design modules with other
people in mind

fail(“${::osfamily} is not
supported by this module.”)

Public classes should expose
a stable API

Semantic Versioning is your
friend

Share your custom modules
with the community!

Manage your dependencies
with care

Keep artifacts out of your
Puppet modules

Embedding data makes your
modules less modular

class foo (
$pkg_version = $foo::params::pkg_version,
$pkg_name = $foo::params::pkg_name,
) inherits foo::params {
!
...
!
}

Keep business logic out of
templates

<% if @app == ‘foo’ %>
...
<% else %>
...
<% end %>

$template = ? $app {
‘foo’ => ‘foo.conf.erb’,
default => ‘generic.conf.erb’,
}
!
file { ‘/path/to/app.conf’:
ensure => file,
content => template(“module/${template}”),
}

Use the standard library to
level-up your modules

Avoid duplicate resources with
ensure_packages and
ensure_resource

package { ‘apache2’:
ensure => present,
}

ensure_packages([‘apache2’])

Validate inputs with
validate_array,
validate_bool,
validate_hash,
validate_re, and
validate_string

Protect private classes with
private

Modules should be easy to
use and hard to abuse

source 'https://rubygems.org'
!
gem 'rake'
gem 'puppet'
gem 'puppet-lint'
gem 'puppet-syntax'

require 'puppet-lint/tasks/puppet-lint'
require 'puppet-syntax/tasks/puppet-syntax'
!
exclude_paths = [
"pkg/**/*",
"vendor/**/*",
"spec/**/*",
]
!
PuppetLint.configuration.ignore_paths = exclude_paths
PuppetSyntax.exclude_paths = exclude_paths

$ bundle install
Fetching gem metadata from https://rubygems.org/........
Resolving dependencies...
Installing rake 10.3.2
Installing CFPropertyList 2.2.8
Installing facter 2.1.0
Installing json_pure 1.8.1
Installing hiera 1.3.4
Installing rgen 0.6.6
Installing puppet 3.6.2
Installing puppet-lint 0.3.2
Installing puppet-syntax 1.3.0
Using bundler 1.6.2
Your bundle is complete!
Use `bundle show [gemname]` to see where a bundled gem
is installed.

$ bundle exec rake -T
rake lint # Run puppet-lint
rake syntax # Syntax check Puppet manifests and
rake syntax:hiera # Syntax check Hiera config files
rake syntax:manifests # Syntax check Puppet manifests
rake syntax:templates # Syntax check Puppet templates

We’re all Keynesians now.
developers

Puppet is evolving really fast

There is a fantastic
community out there

Pay attention to thought
leaders

Refactor your code as the
language evolves

Contribute to modules on the
Forge!

Image Credits
• http://ofﬁceimg.vo.msecnd.net/en-us/images/MP900430517.jpg
• http://imgur.com/gallery/YNI5wud
• http://www.reddit.com/r/funny/comments/1jgxtq/new_york_and_boston_the_difference/
• http://openclipart.org/detail/195046/ubuntu-geek-by-stephencuyos-195046
• http://design.ubuntu.com/downloads?metadata=element-logo+brand-ubuntu
• http://commons.wikimedia.org/wiki/File:Ruby_on_Rails-logo.png
• https://github.com/phusion/passenger
• http://kaleidos.net/weapons/apache-webserver/
• http://puppetlabs.com/company/news/media-kit
• http://copiousnotes.bloginky.com/2014/06/17/summer-classic-dr-strangelove-2/
• http://imgur.com/iWKad22
• http://cheezburger.com/6230961920
• http://www.craigdunn.org/stuff/puppet_big.png
• http://www.quickmeme.com/meme/362un7
• http://programmerryangosling.tumblr.com/image/22790837971
• http://www.quickmeme.com/meme/3sogf9
• http://wall.alphacoders.com/big.php?i=238266

Further Reading
• http://www.craigdunn.org/2012/05/239/
• https://www.youtube.com/user/PuppetLabsInc/playlists
• https://github.com/puppetlabs/puppetlabs-stdlib
• http://continuousdelivery.com
• http://www.slideshare.net/PuppetLabs/tddforpuppet
• http://www.slideshare.net/PuppetLabs/roles-roﬁles
• http://www.slideshare.net/PuppetLabs/steamlining-
puppetdevelopmentpuppetconfny2014
• http://garylarizza.com/blog/2013/12/08/when-to-hiera/
• http://www.devco.net/archives/2013/12/09/the-problem-with-params-pp.php
• http://www.devco.net/archives/2013/12/08/better-puppet-modules-using-hiera-data.php
• http://puppet-lint.com
• https://github.com/gds-operations/puppet-syntax

Greenfield Puppet: Getting it right from the start

More Related Content

What's hot (20)

Viewers also liked (7)

Similar to Greenfield Puppet: Getting it right from the start (20)

Recently uploaded (20)

Greenfield Puppet: Getting it right from the start