[PPT] - Puppet: How and Why Luke Kanies luke@reductivelabs.com Founder, PowerPoint Presentation

SLIDE 1

Luke Kanies luke@reductivelabs.com Founder, Reductive Labs Nashville, Tennessee USA

Puppet: How and Why

Why it exists, how it works, and why it works this way

SLIDE 2

SLIDE 3

Automation tools in general

SLIDE 4

Not exactly modern

Image from http://flickr.com/photos/silverwood/593965547/

SLIDE 5

In fact, they kinda suck

Image from http://flickr.com/photos/jefframone/1426716646/ Why?

SLIDE 6

SSH

O

SLIDE 7

Developer Sysadmin

* How many of you have written software to manage computers? * How many have published this software?

SLIDE 8

Developer Sysadmin Three people

* How many of you have written software to manage computers? * How many have published this software?

SLIDE 9

Somebody has to do something, and it's just incredibly pathetic that it has to be us.

- Jerry Garcia

SLIDE 10 SSH Cfengine ? We needed something better

SLIDE 11 SSH Cfengine ? A tool you can’t aord not to adopt

SLIDE 12 Image from http://flickr.com/photos/13035641@N00/270353459/ I want Puppet to be the equivalent of bringing a gun to a knife fight. This analogy works with agriculture, metalworking, or nearly any tech., but it’s easiest with war

SLIDE 13

But that’s still not enough

SLIDE 14

What is a sysadmin?

Image from http://flickr.com/photos/shirleytwofeathers/2068713495/ Firefighter? Architect? Developer? Tape-changer? All of the above?

SLIDE 15 Image from http://flickr.com/photos/kenskritters/2128853769/ I want to cause sysadmin speciation. These are house finches, reminding one of the finches Darwin observed in the Galapagos

SLIDE 16

People are finally figuring out puppet and how it gets you to the pub by 4pm. Note that I've been at this pub since 2pm.

- Jorge Castro

SLIDE 17

Either you can manage many machines with little effort

SLIDE 18

Either you can manage many machines with little effort Or you can’t

SLIDE 19

How do we create that tool?

SLIDE 20

Programming SysAdmin Low-level, non- portable Assembly commands and files Abstract, portable C* Resources

An Analogy

* For small values of abstract

* The assembly programmers fought the adoption of C * Fear for your career if you’re a bit too fond of assembly * It’s not about few people, it’s about higher quality and productivity * Are there more or fewer programmers today than in the days of assembly?

SLIDE 21

Infrastructure 2.0

This is a joke, kind of. Talk about going to Web 2.0. We’re stealing their ideas and using them to make our infrastructure better. In general, we need to steal more ideas.

SLIDE 22

Abstraction

SLIDE 23

Portable Resources

This:

SLIDE 24

Portable Resources

Becomes: This:

SLIDE 25

Portable Resources

Becomes: This:

SLIDE 26

Portable Resources

Becomes: This:

SLIDE 27

Portable Resources

Becomes: This:

SLIDE 28

Portable Resources

Becomes: This:

SLIDE 29

Resource Providers

23 package types Users in NetInfo, useradd, pw Support for Debian, Ubuntu, Red Hat, Solaris, OS X, Gentoo, SuSE, FreeBSD, and more

SLIDE 30

Your infrastructure can use µf, too

Hang out on this slide, make the point

SLIDE 31

Reuse

SLIDE 32

“...we’ve just switched from CVS to SVN, and it’s awesome”

SLIDE 33

Your Infrastructure is a program

SLIDE 34

Same concept, different code

Debian

We’re doing the same thing with different commands on different platforms

SLIDE 35

Same concept, different code

Debian Red Hat

We’re doing the same thing with different commands on different platforms

SLIDE 36

Same concept, different code

Debian Red Hat

We’re doing the same thing with different commands on different platforms

SLIDE 37

Portability and Naming

SLIDE 38

One solution per problem

SLIDE 39

Network Effects

SLIDE 40

Completeness

SLIDE 41

Relationships matter but are often implicit

SLIDE 42

Relationships matter but are often implicit

Package

SLIDE 43

Relationships matter but are often implicit

Package Configuration

Configuration should get modifed after package installation

SLIDE 44

Relationships matter but are often implicit

Package Service

Service should restart when configuration changes

Configuration

Configuration should get modifed after package installation

SLIDE 45

Relationships matter

We’ll come back to abstraction

SLIDE 46

Classes provide Intent

This is shareable, releasable code. Classes are analogous with tags

SLIDE 47

Puppet as a tool

SLIDE 48

Centralized Management

puppetd in the cloud Puppetmasterd puppetd OS X puppetd Linux Code

SLIDE 49

Each host gets a Resource Catalog

SLIDE 50

Node Classification

SLIDE 51

Node Classification

SLIDE 52

Node Classification

SLIDE 53

SSH Resources

We’ll come back to abstraction

SLIDE 54

So You’ve Got a Resource Catalog

SLIDE 55

The Configuration Process

* You can change the runinterval * You can trigger runs through puppetrun, SIGUSR1, or puppetd --test

SLIDE 56

The Configuration Process

1. Retrieve resource catalog from central

server

* You can change the runinterval * You can trigger runs through puppetrun, SIGUSR1, or puppetd --test

SLIDE 57

The Configuration Process

1. Retrieve resource catalog from central

server

2. Determine resource order

* You can change the runinterval * You can trigger runs through puppetrun, SIGUSR1, or puppetd --test

SLIDE 58

The Configuration Process

1. Retrieve resource catalog from central

server

2. Determine resource order
3. Check each resource in turn, fixing if

necessary

* You can change the runinterval * You can trigger runs through puppetrun, SIGUSR1, or puppetd --test

SLIDE 59

The Configuration Process

1. Retrieve resource catalog from central

server

2. Determine resource order
3. Check each resource in turn, fixing if

necessary

4. Rinse and repeat, every 30 minutes

* You can change the runinterval * You can trigger runs through puppetrun, SIGUSR1, or puppetd --test

SLIDE 60

Transactions (for each resource)

SLIDE 61

Transactions (for each resource)

1. Retrieve current state (e.g., by querying dpkg

db or doing a stat)

SLIDE 62

Transactions (for each resource)

1. Retrieve current state (e.g., by querying dpkg

db or doing a stat)

2. Compare to desired state

SLIDE 63

Transactions (for each resource)

1. Retrieve current state (e.g., by querying dpkg

db or doing a stat)

2. Compare to desired state
3. Fix, if necessary (or just log)

SLIDE 64

Configurations are idempotent

Idempotency is what allows us to manage a machine through its whole lifecycle

SLIDE 65

Configurations are idempotent

Idempotency is what allows us to manage a machine through its whole lifecycle

SLIDE 66

Idempotency allows management through the lifecycle

SLIDE 67

Resource sorting is done via dependencies

In this context, I sometimes call the Resource Catalog the ‘Resource Graph’

SLIDE 68

A Simple Transaction

SLIDE 69

A Simple Transaction

SLIDE 70

A Simple Transaction

SLIDE 71

Client Reporting

SLIDE 72

SLIDE 73

SLIDE 74

SLIDE 75

Who’s using Puppet?

“...at Google we're currently using Puppet to manage close to 6,000 Macs, and it's likely our deployment will expand dramatically beyond that....”

Testimonials . . .at Google we're currently using it to manage close to 6,000 Macs, and it's likely our deployment will expand dramatically beyond that. . . Nigel Kersten MacOps

SLIDE 76

Puppet vs. Capistrano

SLIDE 77

Puppet vs. Cfengine

SLIDE 78

It scales like HTTPS

And you don’t even need to centralize it.

SLIDE 79

All communication is via XMLRPC over HTTPS

And moving to REST

ver HTTPS

SLIDE 80

Uses SSL, and provides a Certificate Authority

* Every connection is encrypted, and the only connection that isn’t authenticated is the one that asks for a signed cert * Client certs * Autosign, manual sign, manual certificate generation * You don’t even have to use it

SLIDE 81

Logs go to syslog (by default)

SLIDE 82

SLIDE 83

SLIDE 84

SLIDE 85

Written in Ruby

1 to 1 test code to real code (and pretty good

coverage)

Plugins are nearly always drop-in (resource

types, providers, reports, etc.)

SLIDE 86

Language and Library

C was a language and a library, Puppet is a framework and a tool

SLIDE 87

An api

* Discovery * Replace webmin in 20 mins * etc.

SLIDE 88

ralsh - a thin API wrapper

This uses the same model as the rest of puppet -- it chooses the appropriate provider for the local system. You can edit resources, and it even works over the network.

SLIDE 89

Virtualization

Image from http://flickr.com/photos/pingnews/132543603/

SLIDE 90 This is all I do

SLIDE 91

Bad product, hungry Luke

SLIDE 92

Full time since March 2005

SLIDE 93

Support, Consulting, Training, and more

SLIDE 94

Other Software

SLIDE 95

An Irony

Puppet exposes Your Next Big Problem

SLIDE 96

Puppet is plumbing

We’re producing software to take more advantage of it. We’re beginning to build a Puppet ecosystem.

SLIDE 97

In the Future

Discovery
Node Classification
Probably much more :)

SLIDE 98

Puppet: How and Why Luke Kanies luke@reductivelabs.com Founder, - - PowerPoint PPT Presentation

SSH

O

Questions?