Category Archives: Puppet

Standard

Posted by

Posted on

May 19, 2014

Posted under

DevOps, git, Linux, Puppet

Comments

4 Comments

Puppet and Git, 201: r10k Setup – Installation

I know you’re probably anxious to get started with managing your infrastructure, but we’re going to stay distracted by Git for a little longer. In the 100 series, we saw some examples of how to migrate your manifests and modules into Git and how to make changes to your manifests through branches. The setup is a little primitive, but acceptable for a lab – everything is is either done by root or involves pushing changes as a user and pulling them as root, and changes are tested in production. I’d like to introduce you to a tool called r10k that will help us create dynamic branches for testing and decouple our workflow from direct access to the puppet master. In this 201 class, we’ll work on the first half by migrating our existing repo structure into r10k.

Review and Setup

If we review the puppet-tutorial repo’s master branch, we have a standard directory layout that you should be somewhat familiar with now:

Continue reading

Standard

Posted by

Posted on

May 12, 2014

Posted under

DevOps, git, Linux, Puppet

Comments

Leave a comment

Puppet and Git, 102: Feature Branches

In Puppet and Git 101, we looked at how to add our existing puppet code to our repo. We’re going to take a quick look at how to create a branch, add some code, commit it, and push it to our repo.

Create a Branch

For lack of something significant to do right now, we’ll add a notify command to the node definition for puppet.nelson.va. To do so, we will checkout a new branch called, appropriately, notify. You can call your branches whatever you want, I suggest you simply be consistent in your naming scheme. At work, I use a combination of a ticket number and a one or two word description of the feature, separated by hyphens. Normally our branch is going to be short lived and only exist locally (we’re going to make an exception to that for demo purposes), so it would be a moot, but it’s still a good habit to be in.

[root@puppet puppet]# git branch
* master
[root@puppet puppet]# git checkout -b notify
Switched to a new branch 'notify'
[root@puppet puppet]# git branch
  master
* notify

Continue reading

Standard

Posted by

Posted on

May 5, 2014

Posted under

DevOps, git, Linux, Puppet

Comments

1 Comment

Puppet and Git, 101: Git Basics

Now that we’ve set up a puppet master and puppetized template, created a sample manifest, and started creating our own module, it’s time to take a few moments to talk about using Puppet with a version control systems (VCS). This article is mainly for those new to VCS at all or new to Git; those very familiar will want to skim or skip this article entirely.

What we have done so far is adding and removing a few lines in a couple files, and we’ve treated it as such. But it’s so much more. Writing code that represents an infrastructure state and using software to implement it is the root of two important IT movements: DevOps and the Software Defined Data Center (SDDC). You write code, puppet creates the infrastructure according to your instructions. Need something changed? Update your code, puppet takes care of the rest. What if you mess up? That’s where version control comes into play.

Version control, among other benefits, gives us the option to look at our code at points in time and to track changes over time, usually with some level of audit detail. If I make a change today and everything runs fine for a few days before blowing up, I can use version control to track the changes made to see if someone else made a change in the interval or perhaps go back to the version prior to my change. Without version control, you have no functional ability to audit your changes and revert the state of your code to a particular point in time.

There are a number of different version control systems that you can use. Subversion has been a popular VCS, though it has some long standing limitations and has been losing favor for a while. Git is a newer distributed version control system (DVCS) that has gained massive popularity by addressing some of the limitations of non-distributed VCSes and encouraging public development via Github.com and other cloud DVCS providers. We’re going to focus on Git due to its popularity, the plethora of examples of Puppet + Git available on the internet, and the ability to leverage Github.

Continue reading

Standard

Posted by

Posted on

April 28, 2014

Posted under

DevOps, Puppet

Comments

3 Comments

Manifest and Module Organization, Take One

In the last article, we learned how to import modules from the puppet forge. We created a very simple, but disorganized, site manifest. We need to create some organization, which will give us the ability to apply different settings to different nodes. Here’s the manifest we ended up with:

class { '::ntp':
  servers => [ '0.pool.ntp.org', '2.centos.pool.ntp.org', '1.rhel.pool.ntp.org'],
}

user { 'dave':
  ensure     => present,
  uid        => '507',
  gid        => '507',
  shell      => '/bin/bash',
  home       => '/home/dave',
  managehome => true,
}

group { 'dave':
  ensure => 'present',
  gid    => '507',
}

include ::ssh
::ssh::server::configline { 'PermitRootLogin': value => 'yes' }

The manifest includes two modules from the puppet forge and two resources managed by puppet, one user and one group. These resources, however, are going to applied to every agent that connects. As we grow the manifests, we’re going to meet some resources that are only needed on certain agents – web servers, web apps, etc. Let’s take what we have and organize it better.

Continue reading

Standard

Posted by

Posted on

April 21, 2014

Posted under

DevOps, Puppet

Comments

3 Comments

Adding modules to your Puppet master

In the last post, we built a Puppet master. The master is ready for agents to connect, but currently it doesn’t actually do very much when they do. Our site.pp manifest is very boring:

[root@puppet ~]# cat /etc/puppet/manifests/site.pp
notify {"Agent connection is successful": }

All agents get the same manifest, and it’s just a notify statement. We want to do more than that, we want to actually manage some important configuration. Before we get into that, I want to mention a few basics that you may want to review on your own. We’ll touch on these items throughout this and future Puppet blogs, with the expectation that you’ll have read up on them already or will reference as needed.

Continue reading

Standard

Posted by

Posted on

April 18, 2014

Posted under

Linux, Puppet

Comments

2 Comments

Kickstart your CentOS Template, EL6 Edition

Note: This article uses Enterprise Linux 6. If you are looking for Enterprise Linux 7, check out the new edition!

A few days ago, I started my Puppet series. I described how to manually build a brand new golden image or how to add puppet to an existing image. I also said that I hoped everyone had that process automated, for example with kickstart. If you don’t have an automated process in place, I’ll show you how to get started with kickstart.

Kickstart is a tool for creating repeatable, but customized, installations. There is lots of documentation available (Fedora and RHEL sites, for example). There are a few methods to make a kickstart file available, but we’re going to focus on using the network. Here’s what you’ll need to get started:

  • vCenter
  • A DHCP server in the network where the VM will be deployed.
  • Firewall rules and routing allowing the provisioned VM to communicate with the web server.
  • A web server to host the kickstart file.
  • A CentOS netinstall ISO in your vSphere infrastructure, download from a mirror.
  • Ability to create VMs in your vSphere infrastructure.

Continue reading

Standard

Posted by

Posted on

April 14, 2014

Posted under

DevOps, Linux, Puppet

Comments

1 Comment

Creating a Puppet Master

Puppet for vSphere Admins

Over the last four weeks, we looked at Auto Deploy, which is automation for our VMhost provisioning process. Next up, we’re going to look at Puppet, a tool to automate our VM and Guest OS provisioning.

Recently, I have been working on deploying Puppet by Puppet Labs in our work environment. Puppet is a provisioning and configuration management system. It has been made famous by its ability to simplify cloud management for those running at scale, such as the Obama for America campaign that leveraged AWS and Puppet. Manually provisioning and configuring nodes scales linearly, or worse – 5,000 nodes requires at least 1,000 times the resources as 5 nodes. Automation with a tool like Puppet scales much more gracefully. Managing 5,000 nodes is only incrementally more difficult than managing 5, and growing to 50,000 or shrinking to 500 is just as easy. There are a number of other similar products you might be interested in – Chef, Ansible, and Salt to name a few.

I am interested in Puppet for two primary reasons. First, it has a lot of mindshare and a friendly community. You can easily find numerous blogs addressing common problems, there’s an active irc channel for problems you can’t solve with the help of a search engine, there’s a gigantic public module repository (called Puppet Forge), and you’ll find many candidates who already know Puppet as you grow your team. Second, VMware has invested $30M in Puppet Labs. The increased interaction and development has already resulted in Puppet adding some VMware cloud provisioning features and should ensure those features mature. This should help round out their Software Defined DataCenter (SDDC) efforts.

Continue reading

Standard

Posted by

Posted on

April 9, 2014

Posted under

DevOps, git, Negative Success, Puppet

Comments

2 Comments

Puppet Git Sync via REST: A learning experience

In an upcoming series, I’ll be writing about Puppet and Git. As part of the research, I spent a number of hours looking at existing tools for post-receive hooks that were compatible with Github and r10k. In the end, my research went a completely different way and my first effort didn’t pan out, but I did learn from the experience and thought that sharing it might help others.

I was attempting to take an integrated puppet/r10k installation supporting dynamic environments and add a post-receive hook. The current workflow finished up with having to log into the puppet master, su to root/sudo and run r10k to deploy. The primary goal of the hook was to eliminate this step. This would not only simplify the workflow, but also increase security (less people have to have root access) and eliminate mistakes (Why isn’t my change visible? Oops I forgot to run r10k). The concept of hooks is fairly simple – when certain git activities occur, programs are called – but I needed to put things together. I’m on this box, I do my git work and push it to origin, then I need origin to do … something … and tell the puppet master to do … something else.

My initial research was focused on identifying the somethings. A common solution is to install gitolite on a node and make that the origin. It can then call an external program that SSH’s to the master and runs r10k. I eliminated this option because it’s either another node to manage or another service on an existing node, plus I have to perform backups of the git repo. I’d rather use Github at home or Stash at work to foist some of those responsibilities off on others.

Continue reading