Puppetizing Your Organization

Rob Nelson
Systems Administrator
@rnelson0
http://rnelson0.com
https://github.com/puppetinabox
Puppetizing your Organization

Code Reviews
Testing
Best Practices/Patterns
Continuous Integration
and Deployment
Reporting/
Monitoring
Code/Data Separation
Bare Metal
Packaging
Puppet Ecosystem

Be a change agent
• Rome wasn’t built in a day
• Lots of learning and failure
• Communication is key
• Pace yourself, avoid culture shock
Culture

“Expert Beginners”
“I know that I’m doing it right because, as an
expert, I’m pretty much doing everything right
by definition.” - Erik Dietrich
Don’t let yourself believe you’re a rock star.
Avoid working in isolation, without feedback
loops.

Sharing is Caring
Find feedback loops
• Puppet User Group (or LUG/VMUG/etc)
• Meetup.com (DevOps, Puppet, Conf. Management)
• Puppet Labs Test Pilots
• Websites: ask.puppetlabs.com, stackoverflow
• IRC: #puppet, #puppet-community
• Podcasts, Slideshares, Blog Posts, Video Tutorials
• Industry Peers (Friends, Co-Workers, Social Media)
• Jumpstart Engagement (PL Professional Services)
Get buy-in from your family and your employer. Get permission for the time and
don’t share proprietary data!

It’s a cultural issue, not a technological issue
• Git - Distributed VCS
• Mandatory code reviews via Pull Requests (PRs)
• Small, discrete, self-contained changes
• Enable approvals
• ESPECIALLY in emergencies!
• Git hooks save time and embarrassment
• Be positive!
Code Review

What’s the minimum customization you require to be productive?
● Shell prompt shows git branch
● Dot files
● Git hooks
● Puppet module skeleton
● Install tools like GitHub / SourceTree / Gepetto, plus minimal tweaks
● Integration: Kanban, Ticketing, etc.
Help your co-workers out:
• Document a decent baseline setup
• Provide vagrant boxes/VMs with everything installed and configured
• Use Puppet to maintain these standards
Minimum Viable Customization (MVC)

Create a culture that works for your team

Best Practices and Patterns
Declarative State Model - ‘What’ not ‘How’
• Code: Describe desired state through resources in a manifest
• Master: Catalog is a graph of all resources to apply to a node
• Agent: Applies the catalog, converges state
• Avoid exec resources; they are unpredictable and break noop mode

Shareable modules to install and/or manage a specific component
● Apache, TomCat, YourWebApp, Puppet Agent, etc.
● Check the forge before writing your own
● Puppet Labs has plenty of best practices guides for component modules
Component modules

Don’t repeat yourself
● Params shared between module subclasses
● Put all conditionals together
● No one size fits all, only use the subclasses you need
● Writing better Puppet modules
● Reference module: puppetlabs/ntp
params/config/install/service pattern

NTP Config and Install Subclasses

One node, one role - nothing more
● Role: Business Logic
○ Aggregate of profiles. role::webapp includes profiles base, apache,
tomcat, webapp
○ Includes only profile classes and resource ordering
● Profile: Technology stack
○ mysql, puppetdb, base
○ Contains any type of resource
Roles and Profiles

Testing: TDD or BDD
rspec-puppet, puppet-spec, beaker, beaker-rspec
Catch errors early, before production
• Unit and Acceptance tests
• Write tests before code
• Unit tests are a requirement for refactoring
• Encourage planning during growth
• Missing tests? Add them with puppet-retrospec
• Improve tests over time

Testing Summary
“What am I testing and is it valuable?”
• Test your code
• Let component modules have their own tests
• Don’t test Puppet

Culture High Points
• Pace yourself, avoid culture shock
• Create a culture of code review and testing
• Use best practices and patterns intelligently

Travis CI, Jenkins CI, Bamboo
Verify ability to integrate code on every change
● Submit a PR, receive red or green feedback. Don’t merge red results!
● Continuous, shouldn't be a manual event!
Continuous Integration

r10k
Never log into your master again!
● Controlrepo defines modules via a Puppetfile
● Can include site-specific modules and hiera in the controlrepo
● Push code upstream, deploy it on the master automatically
● Each repo branch becomes a puppet environment
● Work with lots of individual repos? Reaktor
Continuous Deployment

Puppetfile: Pin Versions for Stability
Craft your own Puppetfiles with generate-puppetfile

Hiera
You can share code - on the forge, with colleagues or support - without
sharing your data
● Data is particular to your implementation and private, may include
passwords
● Hierarchal key/value pair lookup tool
● Automatic Parameter Lookups performs hiera lookups for every param
○ ntp::package_manage corresponds to $package_manage in class ntp
● Limits with deep merge (HI-118)
Separate your Code and Data

Razor
Make “rack and stack” the last provisioning step
● Discover new hardware, install OS or Hypervisors, add to Puppet and
configure
● Fully supported with Puppet Enterprise as of version 3.8
● You can still use Razor without PE - more assembly required
There are other tools, many of which rely on PXE: opencrowbar, cobbler, xcat
Bare Metal Provisioning

PuppetDB
Collect reports and exported resources
● Agents send reports to PuppetDB
○ Can be sent from masterless nodes as well
● Console or Puppetboard lets you see node status, nodes with fact X, status
of all events received for all agents
● API is available, craft your own queries
Reporting

Nagios / Icinga / Sensu / Zabbix
Dynamically populate your monitoring system(s) with exported resources
● Export hosts and checks
○ Infrastructure as Code
○ Must be able to define checks as a Puppet resource
● Export hosts, define checks in the monitoring system
○ Checks are not defined in the same version control system
○ May be more flexible when monitoring system includes nodes not
managed by Puppet
Monitoring

rpm, deb, pkg, etc.
Maintain and distribute software like a boss
● Distribute apps as packages, not tarballs or repos
● Definitely NOT with execs!
○ No .git/.svn directories
● Packaging systems capture metadata and work with the OS
● Use system packages first, application packages second
● Distribute your packages (yumrepo type built-in)
Packaging

Packaging isn’t complicated anymore
Thanks Jordan Sissel!
Specify input and output formats
Define dependencies and other metadata (author, contact, etc.)
fpm -s rpm -t deb -d java example.rpm
Install a gem, use fpm to deploy that gem elsewhere
Has a puppet target type, creates a module!
fpm

Make Puppet a part of everything
● Provisioning systems: Satellite, Foreman, VMware vRealize Suite
● Backups
● CMDB and IPAM
● Anything that makes your company tick
External Integrations

Deploy now, perfect later
Okay => Good => Better => New Tech => Okay => Good => Better => Repeat
● Choose something. Make it work “okay”. Deploy.
● Choose something else. Make it work “okay”. Deploy.
● Repeat on all processes and tasks.
● Repeat it again 6, 12, 18 months later.
Iterate

Recap
• Culture of change and feedback
• Many tools available in the ecosystem
• Iterate to success

Reference Links
● puppetboard
● puppetexplorer
● rspec-puppet
● puppet-spec
● beaker
● beaker-rspec
● Rise of the Expert Beginner
● Recommended pre-commit hook
● Beginner’s Guide to Modules
● Writing Better Puppet Modules
● The problem with params.pp
● puppet-retrospec
● puppet-module-skeleton
● Sh*t Gary Says
● r10k project
● r10k module
● reaktor
● Hiera deep merge issue
● razor
● fpm
● Git branch tutorial
● https://learn.puppetlabs.com/
● http://ask.puppetlabs.com
● Puppet Community CI and config

• My awesome wife, Michelle!
• Puppet Labs
• Puppet Community
• Reviewers
• Jason Breitwieser
• Ryan McKern (@the_mckern)
• Richard Pijnenburg (electrical / @richardp82)
• Walid Shaari
• Tim Meusel (bastelfreak)
Thank You!

Puppetizing Your Organization

More Related Content

What's hot (20)

Similar to Puppetizing Your Organization (20)

Recently uploaded (20)

Puppetizing Your Organization