View
559
Download
3
Category
Preview:
DESCRIPTION
Multiple Approaches to Managing Puppet Modules @ Puppet Camp Chicago
Citation preview
Multiple approaches tomanaging your Puppet
modulesPuppet Camp Chicago
2014-08-19
Chicago, IL
LearnPuppet.comGarrett Honeycutt
gh@learnpuppet.com@learnpuppet
# whoami
© 2014 GH Solutions, LLC
LearnPuppet.comAudits
Consulting
TrainingAdvanced Topics with Test Driven Development
© 2014 GH Solutions, LLC
© 2014 GH Solutions, LLC
© 2014 GH Solutions, LLC
What is a Module?© 2014 GH Solutions, LLC
ModulesA module is a self contained directory structure for encapsulating
puppet code.© 2014 GH Solutions, LLC
Metadata# Modulefile
name 'ghoneycutt-nscd'version '1.0.2'source 'git://github.com/ghoneycutt/puppet-module-nscd.git'author 'ghoneycutt'license 'Apache License, Version 2.0'summary 'manage NSCD - name service cache daemon'description 'Manage every aspect of NSCD - name service cache daemon'project_page 'https://github.com/ghoneycutt/puppet-module-nscd'dependency 'puppetlabs/stdlib', '>= 3.2.0'
© 2014 GH Solutions, LLC
Metadata# metadata.json{ "name": "ghoneycutt-nscd", "version": "1.0.2", "author": "ghoneycutt", "summary": "manage NSCD - name service cache daemon", "license": "Apache License, Version 2.0", "source": "git://github.com/ghoneycutt/puppet-module-nscd.git", "project_page": "https://github.com/ghoneycutt/puppet-module-nscd", "issues_url": "https://github.com/ghoneycutt/puppet-module-nscd/issues", "description": "Manage every aspect of NSCD - name service cache daemon", "dependencies": [ {"name":"puppetlabs/stdlib","version_requirement":">= 3.2.0"} ]}
© 2014 GH Solutions, LLC
SkeletonProvides a template for generating new modules
https://github.com/ghoneycutt/puppet-module-skeleton
$ git clone https://github.com/ghoneycutt/puppet-module-skeleton$ VARDIR=`puppet config print vardir`$ mkdir -p $VARDIR/puppet-module/skeleton/$ rsync -avp --exclude .git puppet-module-skeleton/ \ $VARDIR/puppet-module/skeleton/
© 2014 GH Solutions, LLC
Generate a module$ cd /etc/puppet/modules$ puppet module generate <forgename>-<modulename>$ mv <forgename-modulename> <modulename>
© 2014 GH Solutions, LLC
Componentsghoneycutt-motdghoneycutt-motd/.fixtures.ymlghoneycutt-motd/.gitignoreghoneycutt-motd/.travis.ymlghoneycutt-motd/Gemfileghoneycutt-motd/LICENSEghoneycutt-motd/Modulefileghoneycutt-motd/README.mdghoneycutt-motd/Rakefileghoneycutt-motd/manifestsghoneycutt-motd/manifests/init.ppghoneycutt-motd/specghoneycutt-motd/spec/classesghoneycutt-motd/spec/classes/init_spec.rbghoneycutt-motd/spec/fixturesghoneycutt-motd/spec/fixtures/manifestsghoneycutt-motd/spec/fixtures/manifests/site.ppghoneycutt-motd/spec/fixtures/modulesghoneycutt-motd/spec/spec_helper.rbghoneycutt-motd/testsghoneycutt-motd/tests/init.pp
In the beginning© 2014 GH Solutions, LLC
In the beginning...Things were simple. We stuck all of our modules into one repo.
Luke Kanies told me it was a good idea and we spent timepuppetizing the setup.
© 2014 GH Solutions, LLC
In the beginning...That was 2008.
© 2014 GH Solutions, LLC
There are better ways!© 2014 GH Solutions, LLC
Looking backEveryone has to be on the same release cycle or you get
dependency issues.© 2014 GH Solutions, LLC
ScaleThis scales to one organization with one release cycle who are
not concerned with others using their code.© 2014 GH Solutions, LLC
Pro'sEasy to get started
© 2014 GH Solutions, LLC
Con'sEverything is released at the same time
Promotes forking
Merge hell© 2014 GH Solutions, LLC
AnalysisAvoid at all costs.
Separate repo for each module© 2014 GH Solutions, LLC
Puppetfile© 2014 GH Solutions, LLC
PuppetfileSimple file that lists your modules, where to get them, and at what
version.
# git repomod 'nscd', :git => 'git://github.com/ghoneycutt/puppet-module-nscd.git' :ref => 'v1.0.0'
© 2014 GH Solutions, LLC
PuppetfileAlso supports the Puppet Forge
# puppet forgeforge 'https://forgeapi.puppetlabs.com'mod 'puppetlabs/stdlib', '4.2.1'
© 2014 GH Solutions, LLC
PuppetfileCan be validated and kept under revision control.
ruby -c Puppetfile© 2014 GH Solutions, LLC
ghoneycutt's puppet-moduleshttps://github.com/ghoneycutt/puppet-modules
All of the modules and their dependencies that I write, use, and support.
apache inittab pam rubyapt localization passenger selinuxcommon make pe_gem sshconcat motd portage stdlibdnsclient mysql postgresql sysklogdfacter network puppet timezonefirewall nfs puppetdb typesgcc nisclient r10k utilsgit nrpe rancid vcsrepohosts nscd redhat vimhtpasswd nsswitch rpcbind wgetinifile ntp rsyslog xinetd
© 2014 GH Solutions, LLC
modulepath© 2014 GH Solutions, LLC
Puppet < 3.6Search path for modules
modulepath = /etc/puppet/environments/$environment/modules:/etc/puppet/modules
© 2014 GH Solutions, LLC
Puppet >= 3.6modulepath is deprecated
Warning: Setting modulepath is deprecated in puppet.conf. Seehttp://links.puppetlabs.com/env-settings-deprecations (at/usr/lib/ruby/site_ruby/1.8/puppet/settings.rb:1095:in`issue_deprecations')
© 2014 GH Solutions, LLC
Puppet >= 3.6environmentpath = /etc/puppet/environmentsbasemodulepath = /etc/puppet/modules
© 2014 GH Solutions, LLC
environmentpathA search path for directory environments. Under $environmentpath are directories for each
$environment and under those are modules and manifests.
/etc/puppet/environments├── dev│ ├── manifests│ │ └── site.pp│ └── modules│ ├── apache│ ├── ...│ └── zookeeper├── fix_it│ ├── manifests│ │ └── site.pp│ └── modules│ ├── apache│ ├── ...│ └── zookeeper└── production ├── manifests │ └── site.pp └── modules ├── apache ├── ... └── zookeeper
© 2014 GH Solutions, LLC
basemodulepathSearch path for global modules. This is essentially appended to the modulepath.
basemodulepath = /var/local/ghoneycutt-modules© 2014 GH Solutions, LLC
Puppet Forge© 2014 GH Solutions, LLC
Puppet ForgeRepo of puppet modules with dependency tracking.
© 2014 GH Solutions, LLC
Puppet Forge -- Demo Time
search
# puppet module search openstackinstall
This is buggy!
# puppet module install puppetlabs-openstack -i /tmp© 2014 GH Solutions, LLC
Search by metadata
© 2014 GH Solutions, LLC
Pro'sGreat way to find new modules
Can filter by OS and Puppet version
Can install from command line
Resolves dependencies© 2014 GH Solutions, LLC
Con'sInstalling from the command line leavesyou without something to track inversion control
Resolving dependencies is buggy (fixeshave been coming in, Thanks!)
© 2014 GH Solutions, LLC
AnalysisUse the forge to find modules
Install from the command line whendeveloping to make note of yourdependencies
Potentially use forge in your Puppetfile© 2014 GH Solutions, LLC
librarian-puppet© 2014 GH Solutions, LLC
librarian-puppetIterates through Puppetfile and recursively solves dependencies
for you.© 2014 GH Solutions, LLC
Installation# sudo gem install -V librarian-puppet
Usage# cd /path/to/dir_with_Puppetfile# librarian-puppet install -v
© 2014 GH Solutions, LLC
Pro'sUses a Puppetfile, so you havesomething in version control
Handles dependencies© 2014 GH Solutions, LLC
Con'sHandles dependencies - this is anightmare with a large set of diversemodules
© 2014 GH Solutions, LLC
AnalysisAfter experiencing a lot of frustration with the dependency
management, I gave up on this and moved to librarian-puppet-simple. Big props to Tim for writing this and Puppetfile which has
became a standard.© 2014 GH Solutions, LLC
librarian-puppet-simple© 2014 GH Solutions, LLC
librarian-puppet-simpleIterates through Puppetfile without any dependency management.
© 2014 GH Solutions, LLC
Installation# sudo gem install -V librarian-puppet-simple
UsageSimilar to librarian-puppet
# cd /path/to/dir_with_Puppetfile# librarian-puppet install -v
© 2014 GH Solutions, LLC
Pro'sNo dependency management
Uses a Puppetfile, so you havesomething in version control
© 2014 GH Solutions, LLC
Con's..nope..
© 2014 GH Solutions, LLC
AnalysisDan is my hero. After becoming frustrated with librarian-puppet'sdependency management, this tool simply iterates over a list of
modules, which is awesomely simple.© 2014 GH Solutions, LLC
r10k© 2014 GH Solutions, LLC
r10kCreates an environment for every branch in your puppet-modules
git repo.© 2014 GH Solutions, LLC
InstallationThere's a module for that https://github.com/acidprime/r10k
© 2014 GH Solutions, LLC
Work flow[foo@laptop]# git checkout -b fixit \ vi Puppetfile \ ruby -c Puppetfile \ git commit -a \ git push origin fixit[root@puppet]# r10k deploy environment -vp \ service httpd graceful
© 2014 GH Solutions, LLC
Automate deploy step with ssh keys# Hiera entry using ghoneycutt/sshssh::keys: r10k: ensure: 'present' user: 'root' type: 'rsa' key: 'AAAAB3Nz....' options: 'command="/usr/bin/r10k deploy environment -vp \ && /sbin/service httpd graceful"'# ~/.ssh/config on your workstationHost r10k User root Hostname puppet.example.com IdentityFile /Users/gh/.ssh/r10k
[foo@laptop]# ssh r10k© 2014 GH Solutions, LLC
Add a rake task
# Rakefiletask :deploy do sh 'ssh r10k'end[foo@laptop]# rake deploy
© 2014 GH Solutions, LLC
Pro'sMake's it really easy to do development
Do not need access to the puppetmaster
Uses a Puppetfile, so you havesomething in version control
© 2014 GH Solutions, LLC
Con's..nope..
You need a centralized git repo, which hopefully you already have:)
© 2014 GH Solutions, LLC
AnalysisThebo is my hero, r10k provides an easy work flow for developersto make changes in their environment all without shell access on
the puppet master.© 2014 GH Solutions, LLC
Continued Learning© 2014 GH Solutions, LLC
Continued LearningPuppet modules
Use my modules https://github.com/ghoneycutt/puppet-modulesand send me pull requests.
© 2014 GH Solutions, LLC
Continued LearningRuby
Follow facter and submit pull requests.© 2014 GH Solutions, LLC
Continued LearningAsk and Solve Puppet questions
https://ask.puppetlabs.com - Recommend the weekly digest.© 2014 GH Solutions, LLC
Continued LearningPuppet modules
Use my modules https://github.com/ghoneycutt/puppet-modulesand send me pull requests.
Ruby
Follow facter and submit pull requests.
Ask and Solve Puppet questions
https://ask.puppetlabs.com - Recommend the weekly digest.© 2014 GH Solutions, LLC
Multiple approaches tomanaging your Puppet
modulesPuppet Camp Chicago
2014-08-19
Chicago, IL
LearnPuppet.comGarrett Honeycutt
gh@learnpuppet.com@learnpuppet
Recommended