OpenNebulaConf 2014 - Puppet and OpenNebula - David Lutterkort
0 likes567 views
This document discusses using Puppet and related tools to manage infrastructure as code. It describes how Puppet can be used to configure and manage cloud resources like AWS instances, build customized machine images, and integrate with tools like OpenNebula and Razor for provisioning and lifecycle management of infrastructure.
![Presented by
A basic manifest
class webserver {
package { 'httpd':
ensure => latest
} ->
file { '/etc/httpd/conf.d/local.conf':
ensure => file,
mode => 644,
source => 'puppet:///modules/httpd/local.conf',
} ->
service { 'httpd':
ensure => running,
enable => true,
subscribe => File['/etc/httpd/conf.d/local.conf'],
}
}](https://image.slidesharecdn.com/puppetandopennebula-davidlutterkort-141210051550-conversion-gate02/85/OpenNebulaConf-2014-Puppet-and-OpenNebula-David-Lutterkort-9-320.jpg)
![Presented by
Override via inheritance
class webserver2 inherits webserver {
File['/etc/httpd/conf.d/local.conf'] {
source => 'puppet:///modules/httpd/other-local.conf',
}
}](https://image.slidesharecdn.com/puppetandopennebula-davidlutterkort-141210051550-conversion-gate02/85/OpenNebulaConf-2014-Puppet-and-OpenNebula-David-Lutterkort-10-320.jpg)
![Presented by
Instance management
ec2_instance { 'name-of-instance':
ensure => present,
region => 'us-east-1',
availability_zone => 'us-east-1a',
image_id => ‘ami-ttylinux',
instance_type => 't1.micro',
monitoring => true,
key_name => 'name-of-existing-key',
security_groups => ['group1', 'group2'],
user_data => template('module/user-data.erb')
}](https://image.slidesharecdn.com/puppetandopennebula-davidlutterkort-141210051550-conversion-gate02/85/OpenNebulaConf-2014-Puppet-and-OpenNebula-David-Lutterkort-17-320.jpg)
OpenNebulaConf 2014 - Puppet and OpenNebula - David Lutterkort
- 1. Presented by OpenNebula and Puppet David Lutterkort Puppet Labs @lutterkort lutter@puppetlabs.com
- 4. Any input to infrastructure is Presented by configura)on
- 5. Configura3on management: managing those inputs Presented by over )me at scale
- 6. Configura3on management: managing those inputs Presented by over )me at scale
- 7. Configura3on management: managing those inputs Presented by over 3me at scale
- 8. Presented by Puppet’s circle of change
- 9. Presented by A basic manifest class webserver { package { 'httpd': ensure => latest } -> file { '/etc/httpd/conf.d/local.conf': ensure => file, mode => 644, source => 'puppet:///modules/httpd/local.conf', } -> service { 'httpd': ensure => running, enable => true, subscribe => File['/etc/httpd/conf.d/local.conf'], } }
- 10. Presented by Override via inheritance class webserver2 inherits webserver { File['/etc/httpd/conf.d/local.conf'] { source => 'puppet:///modules/httpd/other-local.conf', } }
- 11. Presented by The site-wide manifest node host1.example.com { class { 'webserver': } } node host2.example.com { class { 'webserver2': } } node host3.example.com { class {'mongodb::server': port => 27018 } }
- 12. Presented by Infrastructure as Code
- 14. Presented by
- 15. Presented by Managing cloud resources
- 17. Presented by Instance management ec2_instance { 'name-of-instance': ensure => present, region => 'us-east-1', availability_zone => 'us-east-1a', image_id => ‘ami-ttylinux', instance_type => 't1.micro', monitoring => true, key_name => 'name-of-existing-key', security_groups => ['group1', 'group2'], user_data => template('module/user-data.erb') }
- 18. Presented by Managing instance content
- 19. Presented by Dataflow in Puppet
- 20. Presented by Certificate signing
- 21. Presented by Certificate signing
- 22. Presented by Certificate signing
- 23. Presented by Certificate signing
- 24. Presented by Certificate signing Who checks ?
- 25. Presented by Node creation
- 26. Presented by Node creation
- 27. Presented by
- 28. Presented by
- 29. Presented by
- 30. Presented by
- 31. Presented by Autosign script
- 32. Certsigner setup Master • Write autosigning script • Configure autosigning script Nodes • Put secrets into /etc/puppet/csr_attributes.yaml ONE Client • Pass secret through Userdata Presented by
- 33. Presented by CSR Extension Requests UUID pp_uuid Instance ID pp_instance_id Image Name pp_image_name Preshared Key pp_preshared_key Role pp_role (still to come) Private Private, site-specific attributes
- 34. Presented by Building images
- 35. Presented by Building images • invent ‘fake’ hostnames <image-name>.images.example.com • use Puppet at instance launch to ‘personalize’ image
- 36. Presented by Masterless: puppet apply # yum -y install puppet # git clone https://git.example.org/manifests # export FACTER_hostname=img1.images.example.com # puppet apply --modulepath manifests/modules/ manifests/site.pp # rm -rf manifests/
- 37. Presented by Masterless: puppet apply • easy to set up • leaves no trace on the Puppet master • no PuppetDB • no Node Classifier
- 38. With master: puppet agent • those pesky SSL certificates again Presented by • pregenerate and copy into builder • certsigner + allow_duplicate_certs on master • uses full master infrastructure
- 39. Managing ONE infrastructure Presented by
- 41. Presented by ONE Puppet Module one Install ONE Master/Sunstone onehost Create ONE Host oneimage Create ONE Image onetemplate Create ONE template onevnet Create ONE net
- 42. Provisioning hosts with Razor Presented by
- 43. Presented by Razor in a nutshell • iPXE • Node Discovery • Stay focussed
- 44. Presented by How it works Microkernel sends facts
- 45. Presented by How it works Match Tags
- 46. Presented by How it works Find Policy
- 47. Presented by How it works Basic OS installed Managed by Puppet
- 48. Presented by Moving pieces Repo What to install ISO contents Task How to install Installer scripts Broker How to manage PE agent install Tag Where to install Named match rule Policy Combine it all Ordered table
- 49. Presented by Summary • Puppet forge for module sharing • puppetlabs-aws module • mrzarquon’s certsigner • epost-dev’s opennebula-puppet-module • Razor for flexible provisioning of hardware
- 50. Presented by Questions ?
- 51. Presented by Links • http://forge.puppetlabs.com • puppetlabs/puppetlabs-aws module • https://github.com/ahpook/mrzarquon-certsigner/tree/ eric0_wip • http://watzmann.net/blog/2014/06/puppet-autosign-policy. html
- 52. Links (cont’d) • https://github.com/epost-dev/opennebula-puppet-module Presented by • https://github.com/puppetlabs/razor-server • Puppet Enterprise: http://puppetlabs.com/puppet/puppet-enterprise