SlideShare a Scribd company logo

Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code

Download as PPTX, PDF
Puppet, profile picture
Puppet

This document discusses using Puppet and infrastructure as code to manage cloud infrastructure on Google Cloud Platform. It provides examples of defining compute resources like networks, firewalls, disks and virtual machines as Puppet resources. This allows infrastructure to be treated as code and managed using version control. It also discusses setting up a Puppet master instance on GCP and autosigning certificates based on instance metadata to securely manage agent nodes.

Software
1 of 59
Downloaded 13 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
Cloud Infrastructure as Code Andrew Parker Puppet Labs @aparker42
In 1889
Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code
Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code
Tickets please
Eureka !
Herman's Invention
Herman, grows a Mustache
The Tabulating Machine
Automation makes IT better!
Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code
Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code
Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code
Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code
Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code
Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code
Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code
Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code
Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code
Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code
Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code
Puppet A language and infrastructure
Puppet Resources • Describes the desired configuration state of individual elements of the system being managed user { 'henrik': # A user named 'henrik' ensure => present, # should exist shell => '/bin/bash' # with this shell }
Puppet Resources package{ 'apache2': # A packaged named 'apache2' ensure => present # should be installed }
Puppet Language • The Puppet Language has constructs to – compose sets of resources into classes – define order of operations on resources – define custom resources
Common Pattern; Package, File, Service class webserver { package{ 'apache2': ensure => present } file { '/etc/apache2/apache2.conf': content => template('apache2/apache2.erb'), require => Package['apache2'] } service { 'apache2': ensure => running, subscribe => File['/etc/apache2/apache2.conf'] } }
Presto – a Web Server • Now we can build a webserver with this: node kermit.example.com { include webserver }
Infra == Code == Text
Infra == Code == Text
Infra == Code == Text
Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code
Cloud Infrastructure (as Code)
Turtles All The Way Down
Turtles All The Way Down Cloud
Google Compute Engine • Express infrastructure as – VM Instances – Networks – Firewalls – Disks
Build your own? puppet module install puppetlabs-gce_compute
A Disk gce_disk { 'mydisk': ensure => present, size_gb => '2' }
A Network gce_network { 'mynetwork': ensure => present, gateway => '10.0.1.1', range => '10.0.1.0/24' }
An Instance gce_instance { 'myinstance': ensure => present, zone => 'us-central1-a', machine => 'n1-standard-1', image => "${images}/ubuntu-12-04-v20120621" }
New Pattern; Network, Firewall, (Disk), Instance class app_stack { gce_network { 'appnet': ensure => present, range => '10.0.1.0/24' } -> gce_firewall { 'webhttp': ensure => present, allow => 'tcp:80', network => 'appnet' } -> gce_instance { 'server1': ensure => present, network => 'appnet' } }
Turtles All The Way Down Application Cloud
Modules & Classes gce_instance { 'myinstance': ensure => present, . . . modules => [ 'puppetlabs-mysql', 'martasd/mediawiki', . . . ], enc_classes => { mediawiki => {server_name => "$gce_external_ip"} } }
Turtles All The Way Down Puppet Cloud
Setting up a master gce_instance { 'pe-master': ensure => present, . . . startupscript => ‘puppet-enterprise.sh’, metadata => { ‘pe_role’ => ‘master’, ‘pe_version’ => ‘3.6.1’ } } gce_instance { ‘agent-1’: ensure => present, . . . startupscript => ‘puppet-enterprise.sh’, metadata => { ‘pe_role’ => ‘agent’, ‘pe_version’ => ‘3.6.1’, ‘pe_master’ => ‘pe-master’ } }
Turtles All The Way Down Application Puppet Cloud
Security 90s Style Master Agent Agent
Autosign # Whether (and how) to autosign certificate requests. # This setting # is only relevant on a puppet master acting as a # certificate authority (CA). # # Valid values are true (autosigns all certificate # requests; not recommended), # false (disables autosigning certificates), or the # absolute path to a file. [master] autosign = true
Autosign # Whether (and how) to autosign certificate requests. # This setting # is only relevant on a puppet master acting as a # certificate authority (CA). # # Valid values are true (autosigns all certificate # requests; not recommended), # false (disables autosigning certificates), or the # absolute path to a file. [master] autosign = $confdir/autosign.conf
Autosign # Whether (and how) to autosign certificate requests. # This setting # is only relevant on a puppet master acting as a # certificate authority (CA). # # Valid values are true (autosigns all certificate # requests; not recommended), # false (disables autosigning certificates), or the # absolute path to a file. [master] autosign = $confdir/my_autosign trusted_node_data = true [agent] csr_attributes = $confdir/csr_attributes.yaml
Autosign # Produce attributes for the csr based on instance metadata MD="http://metadata/computeMetadata/v1/instance" INSTANCE=$(curl -fs -H "Metadata-Flavor: Google" $MD/zone) NAME=$(curl -fs -H "Metadata-Flavor: Google" $MD/attributes/puppet_instancename) UUID=$(curl -fs -H "Metadata-Flavor: Google" $MD/id) cat > $PUPPET_DIR/csr_attributes.yaml <<END
Autosign # Produce attributes for the csr based on instance metadata MD="http://metadata/computeMetadata/v1/instance" INSTANCE=$(curl -fs -H "Metadata-Flavor: Google" $MD/zone) NAME=$(curl -fs -H "Metadata-Flavor: Google" $MD/attributes/puppet_instancename) UUID=$(curl -fs -H "Metadata-Flavor: Google" $MD/id) cat > $PUPPET_DIR/csr_attributes.yaml <<END
Trust your data Master Agent CSR Certificate Facts/Certificate Catalog
Why do this? • How fast can you change? • How frequent? • At what cost? • What is your level of automation?
So what became of Herman Hollerith?
Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code
So what became of Herman Hollerith?
So what became of Herman Hollerith?
Questions ?
Puppetize!

More Related Content

PDF
Integrating icinga2 and the HashiCorp suite
Bram Vogelaar
 
PPTX
Ansible fest Presentation slides
Aaron Carey
 
KEY
fog or: How I Learned to Stop Worrying and Love the Cloud (OpenStack Edition)
Wesley Beary
 
PDF
Puppet and the HashiStack
Bram Vogelaar
 
ODP
Integrating icinga2 and the HashiCorp suite
Bram Vogelaar
 
PDF
Puppet at janrain
Puppet
 
PDF
Hacking ansible
bcoca
 
PPT
Google compute presentation puppet conf
bodepd
 
Integrating icinga2 and the HashiCorp suite
Bram Vogelaar
 
Ansible fest Presentation slides
Aaron Carey
 
fog or: How I Learned to Stop Worrying and Love the Cloud (OpenStack Edition)
Wesley Beary
 
Puppet and the HashiStack
Bram Vogelaar
 
Integrating icinga2 and the HashiCorp suite
Bram Vogelaar
 
Puppet at janrain
Puppet
 
Hacking ansible
bcoca
 
Google compute presentation puppet conf
bodepd
 

What's hot (20)

PDF
More tips n tricks
bcoca
 
PDF
Ansible leveraging 2.0
bcoca
 
PDF
Puppet modules for Fun and Profit
Alessandro Franceschi
 
PDF
Autoscaling with hashi_corp_nomad
Bram Vogelaar
 
PDF
Testing your infrastructure with litmus
Bram Vogelaar
 
PDF
Observability with Consul Connect
Bram Vogelaar
 
ODP
Europython 2011 - Playing tasks with Django & Celery
Mauro Rocco
 
PDF
Rhebok, High Performance Rack Handler / Rubykaigi 2015
Masahiro Nagano
 
PDF
An Introduction to Celery
Idan Gazit
 
KEY
Django Celery
Mat Clayton
 
PDF
Celery - A Distributed Task Queue
Duy Do
 
PDF
Ansible Meetup Hamburg / Quickstart
Henry Stamerjohann
 
PDF
Introduction to Celery
Chathuranga Bandara
 
PPTX
Puppet camp chicago-automated_testing2
nottings
 
PPTX
Stack kicker devopsdays-london-2013
Simon McCartney
 
PDF
Django Celery - A distributed task queue
Alex Eftimie
 
PDF
Why Task Queues - ComoRichWeb
Bryan Helmig
 
PDF
AnsibleFest 2014 - Role Tips and Tricks
jimi-c
 
PDF
Introduction to Nodejs
Gabriele Lana
 
PDF
DevOps(4) : Ansible(2) - (MOSG)
Soshi Nemoto
 
More tips n tricks
bcoca
 
Ansible leveraging 2.0
bcoca
 
Puppet modules for Fun and Profit
Alessandro Franceschi
 
Autoscaling with hashi_corp_nomad
Bram Vogelaar
 
Testing your infrastructure with litmus
Bram Vogelaar
 
Observability with Consul Connect
Bram Vogelaar
 
Europython 2011 - Playing tasks with Django & Celery
Mauro Rocco
 
Rhebok, High Performance Rack Handler / Rubykaigi 2015
Masahiro Nagano
 
An Introduction to Celery
Idan Gazit
 
Django Celery
Mat Clayton
 
Celery - A Distributed Task Queue
Duy Do
 
Ansible Meetup Hamburg / Quickstart
Henry Stamerjohann
 
Introduction to Celery
Chathuranga Bandara
 
Puppet camp chicago-automated_testing2
nottings
 
Stack kicker devopsdays-london-2013
Simon McCartney
 
Django Celery - A distributed task queue
Alex Eftimie
 
Why Task Queues - ComoRichWeb
Bryan Helmig
 
AnsibleFest 2014 - Role Tips and Tricks
jimi-c
 
Introduction to Nodejs
Gabriele Lana
 
DevOps(4) : Ansible(2) - (MOSG)
Soshi Nemoto
 
Ad

Similar to Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code (20)

PPT
Rapid scaling in_the_cloud_with_puppet
Carl Caum
 
PPT
PowerPoint Presentation
lalitjangra9
 
PDF
One-Man Ops
Jos Boumans
 
ODP
Puppet slides for intelligrape
Sharad Aggarwal
 
PPT
vBACD - Introduction to Puppet, Configuration Management and IT Automation So...
CloudStack - Open Source Cloud Computing Project
 
PDF
PuppetConf 2017: Puppet & Google Cloud: From Nothing to Production in 10 minu...
Puppet
 
PDF
Developing IT infrastructures with Puppet
Alessandro Franceschi
 
ODP
Puppet and Apache CloudStack
Puppet
 
ODP
Infrastructure as code with Puppet and Apache CloudStack
ke4qqq
 
ODP
Puppet and CloudStack
ke4qqq
 
PDF
SCM Puppet: from an intro to the scaling
Stanislav Osipov
 
PPTX
Puppet atbazaarvoice
Dave Barcelo
 
ODP
Puppetpreso
ke4qqq
 
PDF
Systems Automation with Puppet
elliando dias
 
KEY
Puppet for dummies - PHPBenelux UG edition
Joshua Thijssen
 
PPTX
Configuration Management in the Cloud - Cloud Phoenix Meetup Feb 2014
Miguel Zuniga
 
PDF
Infrastructure as code with Puppet and Apache CloudStack
ke4qqq
 
PDF
ApacheCloudStack
Puppet
 
PDF
Puppet Camp Berlin 2015: Nigel Kersten | Puppet Keynote
NETWAYS
 
PDF
Puppet Camp Berlin 2015: Puppet Keynote
Puppet
 
Rapid scaling in_the_cloud_with_puppet
Carl Caum
 
PowerPoint Presentation
lalitjangra9
 
One-Man Ops
Jos Boumans
 
Puppet slides for intelligrape
Sharad Aggarwal
 
vBACD - Introduction to Puppet, Configuration Management and IT Automation So...
CloudStack - Open Source Cloud Computing Project
 
PuppetConf 2017: Puppet & Google Cloud: From Nothing to Production in 10 minu...
Puppet
 
Developing IT infrastructures with Puppet
Alessandro Franceschi
 
Puppet and Apache CloudStack
Puppet
 
Infrastructure as code with Puppet and Apache CloudStack
ke4qqq
 
Puppet and CloudStack
ke4qqq
 
SCM Puppet: from an intro to the scaling
Stanislav Osipov
 
Puppet atbazaarvoice
Dave Barcelo
 
Puppetpreso
ke4qqq
 
Systems Automation with Puppet
elliando dias
 
Puppet for dummies - PHPBenelux UG edition
Joshua Thijssen
 
Configuration Management in the Cloud - Cloud Phoenix Meetup Feb 2014
Miguel Zuniga
 
Infrastructure as code with Puppet and Apache CloudStack
ke4qqq
 
ApacheCloudStack
Puppet
 
Puppet Camp Berlin 2015: Nigel Kersten | Puppet Keynote
NETWAYS
 
Puppet Camp Berlin 2015: Puppet Keynote
Puppet
 
Ad

More from Puppet (20)

PPTX
Puppet Community Day: Planning the Future Together
Puppet
 
PPTX
The Evolution of Puppet: Key Changes and Modernization Tips
Puppet
 
PPTX
Can You Help Me Upgrade to Puppet 8? Tips, Tools & Best Practices for Your Up...
Puppet
 
PPTX
Bolt Dynamic Inventory: Making Puppet Easier
Puppet
 
PPTX
Customizing Reporting with the Puppet Report Processor
Puppet
 
PPTX
Puppet at ConfigMgmtCamp 2025 Sponsor Deck
Puppet
 
PPTX
The State of Puppet in 2025: A Presentation from Developer Relations Lead Dav...
Puppet
 
PPTX
Let Red be Red and Green be Green: The Automated Workflow Restarter in GitHub...
Puppet
 
PDF
Puppet camp2021 testing modules and controlrepo
Puppet
 
PPTX
Puppetcamp r10kyaml
Puppet
 
PDF
2021 04-15 operational verification (with notes)
Puppet
 
PPTX
Puppet camp vscode
Puppet
 
PDF
Modules of the twenties
Puppet
 
PDF
Applying Roles and Profiles method to compliance code
Puppet
 
PPTX
KGI compliance as-code approach
Puppet
 
PDF
Enforce compliance policy with model-driven automation
Puppet
 
PDF
Keynote: Puppet camp compliance
Puppet
 
PPTX
Automating it management with Puppet + ServiceNow
Puppet
 
PPTX
Puppet: The best way to harden Windows
Puppet
 
PPTX
Simplified Patch Management with Puppet - Oct. 2020
Puppet
 
Puppet Community Day: Planning the Future Together
Puppet
 
The Evolution of Puppet: Key Changes and Modernization Tips
Puppet
 
Can You Help Me Upgrade to Puppet 8? Tips, Tools & Best Practices for Your Up...
Puppet
 
Bolt Dynamic Inventory: Making Puppet Easier
Puppet
 
Customizing Reporting with the Puppet Report Processor
Puppet
 
Puppet at ConfigMgmtCamp 2025 Sponsor Deck
Puppet
 
The State of Puppet in 2025: A Presentation from Developer Relations Lead Dav...
Puppet
 
Let Red be Red and Green be Green: The Automated Workflow Restarter in GitHub...
Puppet
 
Puppet camp2021 testing modules and controlrepo
Puppet
 
Puppetcamp r10kyaml
Puppet
 
2021 04-15 operational verification (with notes)
Puppet
 
Puppet camp vscode
Puppet
 
Modules of the twenties
Puppet
 
Applying Roles and Profiles method to compliance code
Puppet
 
KGI compliance as-code approach
Puppet
 
Enforce compliance policy with model-driven automation
Puppet
 
Keynote: Puppet camp compliance
Puppet
 
Automating it management with Puppet + ServiceNow
Puppet
 
Puppet: The best way to harden Windows
Puppet
 
Simplified Patch Management with Puppet - Oct. 2020
Puppet
 

Recently uploaded (20)

PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PDF
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
PDF
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PPTX
history of c programming in notes for students .pptx
Vijayakumari829030
 
PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PPTX
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
PDF
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PDF
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
PPTX
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PDF
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
PPTX
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
PDF
AI in Product Development-omnex systems
omnex systems
 
PPTX
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PPTX
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
history of c programming in notes for students .pptx
Vijayakumari829030
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
Transform Your Business with a Software ERP System
Canada Software Company
 
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
AI in Product Development-omnex systems
omnex systems
 
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 

Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code

  • 1. Cloud Infrastructure as Code Andrew Parker Puppet Labs @aparker42
  • 8. Herman, grows a Mustache
  • 22. Puppet A language and infrastructure
  • 23. Puppet Resources • Describes the desired configuration state of individual elements of the system being managed user { 'henrik': # A user named 'henrik' ensure => present, # should exist shell => '/bin/bash' # with this shell }
  • 24. Puppet Resources package{ 'apache2': # A packaged named 'apache2' ensure => present # should be installed }
  • 25. Puppet Language • The Puppet Language has constructs to – compose sets of resources into classes – define order of operations on resources – define custom resources
  • 26. Common Pattern; Package, File, Service class webserver { package{ 'apache2': ensure => present } file { '/etc/apache2/apache2.conf': content => template('apache2/apache2.erb'), require => Package['apache2'] } service { 'apache2': ensure => running, subscribe => File['/etc/apache2/apache2.conf'] } }
  • 27. Presto – a Web Server • Now we can build a webserver with this: node kermit.example.com { include webserver }
  • 28. Infra == Code == Text
  • 29. Infra == Code == Text
  • 30. Infra == Code == Text
  • 33. Turtles All The Way Down
  • 34. Turtles All The Way Down Cloud
  • 35. Google Compute Engine • Express infrastructure as – VM Instances – Networks – Firewalls – Disks
  • 36. Build your own? puppet module install puppetlabs-gce_compute
  • 37. A Disk gce_disk { 'mydisk': ensure => present, size_gb => '2' }
  • 38. A Network gce_network { 'mynetwork': ensure => present, gateway => '10.0.1.1', range => '10.0.1.0/24' }
  • 39. An Instance gce_instance { 'myinstance': ensure => present, zone => 'us-central1-a', machine => 'n1-standard-1', image => "${images}/ubuntu-12-04-v20120621" }
  • 40. New Pattern; Network, Firewall, (Disk), Instance class app_stack { gce_network { 'appnet': ensure => present, range => '10.0.1.0/24' } -> gce_firewall { 'webhttp': ensure => present, allow => 'tcp:80', network => 'appnet' } -> gce_instance { 'server1': ensure => present, network => 'appnet' } }
  • 41. Turtles All The Way Down Application Cloud
  • 42. Modules & Classes gce_instance { 'myinstance': ensure => present, . . . modules => [ 'puppetlabs-mysql', 'martasd/mediawiki', . . . ], enc_classes => { mediawiki => {server_name => "$gce_external_ip"} } }
  • 43. Turtles All The Way Down Puppet Cloud
  • 44. Setting up a master gce_instance { 'pe-master': ensure => present, . . . startupscript => ‘puppet-enterprise.sh’, metadata => { ‘pe_role’ => ‘master’, ‘pe_version’ => ‘3.6.1’ } } gce_instance { ‘agent-1’: ensure => present, . . . startupscript => ‘puppet-enterprise.sh’, metadata => { ‘pe_role’ => ‘agent’, ‘pe_version’ => ‘3.6.1’, ‘pe_master’ => ‘pe-master’ } }
  • 45. Turtles All The Way Down Application Puppet Cloud
  • 46. Security 90s Style Master Agent Agent
  • 47. Autosign # Whether (and how) to autosign certificate requests. # This setting # is only relevant on a puppet master acting as a # certificate authority (CA). # # Valid values are true (autosigns all certificate # requests; not recommended), # false (disables autosigning certificates), or the # absolute path to a file. [master] autosign = true
  • 48. Autosign # Whether (and how) to autosign certificate requests. # This setting # is only relevant on a puppet master acting as a # certificate authority (CA). # # Valid values are true (autosigns all certificate # requests; not recommended), # false (disables autosigning certificates), or the # absolute path to a file. [master] autosign = $confdir/autosign.conf
  • 49. Autosign # Whether (and how) to autosign certificate requests. # This setting # is only relevant on a puppet master acting as a # certificate authority (CA). # # Valid values are true (autosigns all certificate # requests; not recommended), # false (disables autosigning certificates), or the # absolute path to a file. [master] autosign = $confdir/my_autosign trusted_node_data = true [agent] csr_attributes = $confdir/csr_attributes.yaml
  • 50. Autosign # Produce attributes for the csr based on instance metadata MD="http://metadata/computeMetadata/v1/instance" INSTANCE=$(curl -fs -H "Metadata-Flavor: Google" $MD/zone) NAME=$(curl -fs -H "Metadata-Flavor: Google" $MD/attributes/puppet_instancename) UUID=$(curl -fs -H "Metadata-Flavor: Google" $MD/id) cat > $PUPPET_DIR/csr_attributes.yaml <<END
  • 51. Autosign # Produce attributes for the csr based on instance metadata MD="http://metadata/computeMetadata/v1/instance" INSTANCE=$(curl -fs -H "Metadata-Flavor: Google" $MD/zone) NAME=$(curl -fs -H "Metadata-Flavor: Google" $MD/attributes/puppet_instancename) UUID=$(curl -fs -H "Metadata-Flavor: Google" $MD/id) cat > $PUPPET_DIR/csr_attributes.yaml <<END
  • 52. Trust your data Master Agent CSR Certificate Facts/Certificate Catalog
  • 53. Why do this? • How fast can you change? • How frequent? • At what cost? • What is your level of automation?
  • 54. So what became of Herman Hollerith?
  • 56. So what became of Herman Hollerith?
  • 57. So what became of Herman Hollerith?

Editor's Notes

  • #2: Like to take you back – before Cloud, and to a time when Infrastructure meant Railroads. More precisely, I like to take you back to 1889.
  • #3: The first number of Wall Street Journal was published, and all business news thereafter was printed on pink paper. In April, only a few days apart, Charlie Chaplin, and Adolf Hitler were born. The Eiffel Tower was inaugurated and served as the entrance to the 1889 Paris World's Fair. Seattle Burned Down in the great fire and was rebuilt...on floor lower than the current street level. The Nintendo Company is formed, publishing HANA FUDA Playing Cards. Harry Nyquist is born 26 juni - I Norge införs 7-årig skolplikt. Det fastslås även att den norska folkskolan skall benämnas "folkeskole" och inte "allmueskole" 12 oktober - Gillis Bildt avgår som svensk statsminister och efterträds av Gustaf Åkerhielm.[3] Dette året utvandrer omkring 29 000 nordmenn til USA. Dette er det største antall utvandringer registrert i ett enkelt år
  • #4: But more specifically, lets start with Herman, on one specific morning in 1889. That morning when Herman woke up… he had not slept well as he was mulling on a problem. Every 10 years the United States performs a census enumerating the population. Herman's problem this morning was that United States Census office where Herman worked as a stati stic ian needed to do more with less. The census of 1880 had so many questions that it took about 8 years to count and publish the results from the 50 million population. And for the upcoming census there were going to be even more questions and the population had grown to 63 million (as they were about to find out). Estimates were that it would take 13 years to tabulate the data. ----- drop the rest 1889 – An Electric Tabulating System 1890 The United States decennial census (enumerating the population every 10 years) – the next is 2020
  • #5: This morning, Herman had a train to catch. It was incredibly busy. And Herman found it hard to concentrate.
  • #6: This man changed everything
  • #7: Herman was intrigued by the cuts made in his ticket – and he had an idea !
  • #8: And this is what Herman Invented – a card on which the answers to the census questions could be recorded by punching holes. Herman wasn’t the first to have the idea of punching holes into a card. It had been used for a long time to control looms and music players, but Herman had the novel idea of putting it to use for data. At this point we could go off on a long tangent of data as code and code as data....but let’s try to keep our eye on the prize. Herman realized that In order to punch the holes and then be able to read the answers – someone had to invent the machinery to do so, and then build and supply these machines. So what did Herman do?
  • #9: Considers a neck beard, but decides on a stylish mustache – now that he is about to start his own business building hardware…
  • #10: He named his invention "The tabulating machine". It was a huge success – the 1890 census was finished in under 1 year with far fewer staff – more than a 10x performance boost. So what has this got to do with Clouds-Infrastructure as Code ?
  • #11: The simple moral of the story is THAT WITH THE RIGHT TOOLS YOU CAN DO THINGS FASTER AND MORE ACCURATELY. Not only should you be automating IT, but also automating the making of the automation  LETS FAST FORWARD
  • #12: Do you really build something like this manually ? You would be surprised to amount of companies that maintain infrastructure at this scale with technology where a Tabulating Machine would be high tech! (I am told this picture is from Google)
  • #13: This is also google – we can only guess at the level of automation
  • #14: Or how long it takes to get anything deployed – or improved in this infrastructure.
  • #15: Maybe your manually hacked system infrastructure isn't as bad as this? Imagine what it looks like on the inside – is this a secure system? So what are you going to do?
  • #16: LETS MOVE TO THE CLOUD ! Now you have a new set of problems. Just because you can't see the wiring and the boxes does not mean that the complexities went away. ALL THOSE CABLES ARE NOW INSTRUCTIONS TO A COMPUTER – OUR INFRASTRUCTURE HAS BECOME CODE ! Now your infrastructure only exists because you provided instructions to a computer.
  • #17: Code is naturally something we write down so we don't forget – so we can follow the instructions later… On velum of course
  • #18: Everyone in IT is known for their penmanship and writing skills.
  • #19: And sometimes people collaborate and integrate all their favorite scripts.
  • #20: nhaggggghhhhhhhh uuuuhhhhhhhh As everyone can see, this cat is suffering from a complexity overdose.
  • #21: COMPLEXITY OVERDOSE….
  • #22: Let’s start over How would (or should) you do this now?
  • #29: THE BEST PRACTICES FROM SOFTWARE DEVELOPMENT version control review of changes
  • #30: THE BEST PRACTICES FROM SOFTWARE DEVELOPMENT testing
  • #31: THE BEST PRACTICES FROM SOFTWARE DEVELOPMENT build tools artifacts
  • #32: Wait a second...back up! I started out with the promise of getting away from all of those cables and other hardware into the promised land of the cloud. What does that have to do with files and packages and web servers? Let’s think about it a little. What is the cloud?
  • #34: Let’s think about it a little. What is the cloud? Ok, that question may be unanswerable. Let’s stick to something more concrete. What is EC2 or GCE? They are APIs to create resources. And we have resources that hold other resources!
  • #35: So let’s start at the bottom of this stack. At the layer we’ll call “Cloud”...because well, that is what we are talking about.
  • #37: The GCE module is really well documented, so I won’t rehash everything here.
  • #42: The next level up is what we are going to do on those instances. There are two ways we can approach this. Mastered or masterless. Let’s take a look at masterless first.
  • #43: This will make sure that we have an instance, it will install puppet, those modules, and then apply those classes. If that is all that we wanted to do, then we would be done. However life isn’t often that simple and we need some more central control, or there is information that we can’t put on every instance (for security purposes).
  • #44: Lets take a different path this time. Instead of going straight for software on the instance, let’s setup a management infrastructure. The GCE module makes this pretty easy since it has some scripts built into it to install puppet agents and puppet master (open source as well as PE).
  • #45: The GCE module makes this pretty easy since it has some scripts built into it to install puppet agents and puppet master (open source as well as PE).
  • #46: Once you have your puppet master infrastructure all set up, you can now start controlling those GCE instances by deploying manifests to your master and using the PE classifier to classify your nodes (instances).
  • #47: 1890s that is. Look, this software is written in portland. They really are living the dream of the 90s. What’s the situation? Well, say you are like a lot of organizations and you have part of your infrastructure out in the cloud and part of it in datacenters you control. So how do you handle this?
  • #48: This will make sure that we have an instance, it will install puppet, those modules, and then apply those classes. If that is all that we wanted to do, then we would be done. However life isn’t often that simple and we need some more central control, or there is information that we can’t put on every instance (for security purposes).
  • #49: This will make sure that we have an instance, it will install puppet, those modules, and then apply those classes. If that is all that we wanted to do, then we would be done. However life isn’t often that simple and we need some more central control, or there is information that we can’t put on every instance (for security purposes).
  • #50: This will make sure that we have an instance, it will install puppet, those modules, and then apply those classes. If that is all that we wanted to do, then we would be done. However life isn’t often that simple and we need some more central control, or there is information that we can’t put on every instance (for security purposes).
  • #51: This is cribbed from the gce_compute module. It has this built in, but you can built out your own based on how this works. The basic idea is that there is a source of truth that you can trust. By passing through some known information the master can now know that it is communicating with one of your real instances and can automatically let it into the system!
  • #52: This is cribbed from the gce_compute module. It has this built in, but you can built out your own based on how this works. The basic idea is that there is a source of truth that you can trust. By passing through some known information the master can now know that it is communicating with one of your real instances and can automatically let it into the system! Custom attributes are only part of the certificate request. Extension requests will be preserved as part of the signed certificate.
  • #53: This is cribbed from the gce_compute module. It has this built in, but you can built out your own based on how this works. The basic idea is that there is a source of truth that you can trust. By passing through some known information the master can now know that it is communicating with one of your real instances and can automatically let it into the system!
  • #54: Why did Herman start making his machines? Because he needed to keep up with the change in his country. Automation got him there.
  • #55: People didn’t like that there were only 63 million people. They wanted it to be 65 million. The New York Herald: SLIPSHOD WORK HAS SPOILED THE CENSUS MISMANAGEMENT THE RULE The number was right. And his machines were used for the next 2 censuses and in various other countries around the world.
  • #56: Eventually his company started to merge with competitors.
  • #57: That company eventually became known as “Business International Machines”....no....”International Business Machines”
  • #58: … AND BECAME A HIPSTER!