28
MANAGING MIDDLEWARE WITH PUPPET Nate Loomis

Puppet Camp Charlotte 2015: Managing middleware with Puppet

  • Upload
    puppet

  • View
    453

  • Download
    1

Embed Size (px)

Citation preview

Page 1: Puppet Camp Charlotte 2015: Managing middleware with Puppet

MANAGING

MIDDLEWARE WITH

PUPPET Nate Loomis

Page 2: Puppet Camp Charlotte 2015: Managing middleware with Puppet

key topics

Page 3: Puppet Camp Charlotte 2015: Managing middleware with Puppet

WHAT IS MIDDLEWARE?

Page 4: Puppet Camp Charlotte 2015: Managing middleware with Puppet

middleware is…

Page 5: Puppet Camp Charlotte 2015: Managing middleware with Puppet

middleware is…

Page 6: Puppet Camp Charlotte 2015: Managing middleware with Puppet

middleware is…

Page 7: Puppet Camp Charlotte 2015: Managing middleware with Puppet

New Node Needed

App Deployed Provisioned

Middleware Installed

The step after the provisioned state where the middleware

is installed is the key step in determining a server’s role.

Platform Ready

middleware is…

Page 8: Puppet Camp Charlotte 2015: Managing middleware with Puppet

• Other names for middleware • Application Infrastructure

• Peer-to-Peer Software

• Application Software

• Types of middleware • Web Server software (like Apache HTTPD)

• Application Server software (like JBoss Application Server or KONY Mobile Application Server)

• Content Management systems (like Atlassian Confluence)

• Messaging servers, MOMs, ESBs (like Apache ActiveMQ)

• Orchestration (like Cisco Process Orchestrator)

• API Management (like IBM API Management)

• Tools that support application development and delivery (like Jenkins CI)

middleware is…

Page 9: Puppet Camp Charlotte 2015: Managing middleware with Puppet

Middleware is the software layer that lies between the

operating system and the applications on each side of a

distributed computer network. Typically, it supports

complex, distributed business software applications.

Source: Wikipedia

middleware is…

xkcd.com comic strip

Page 10: Puppet Camp Charlotte 2015: Managing middleware with Puppet

WHY IS ACTIVE STATE

MANAGEMENT OF

MIDDLEWARE IMPORTANT?

Page 11: Puppet Camp Charlotte 2015: Managing middleware with Puppet

why active management is important

Source: Popper, N (Aug 2, 2012) Knight Capital Says Trading Glitch Cost It $440 Million. The New York Times Company (online)

Page 12: Puppet Camp Charlotte 2015: Managing middleware with Puppet

why active management is important

Source: Securities and Exchange Commission,

sec.gov/litigation

Page 13: Puppet Camp Charlotte 2015: Managing middleware with Puppet

why active management is important

• Misconfiguration of middleware can be costly.

• Middleware is also an ideal target.

CNET: DDoS attacks intensified in first half of 2014

The volume and intensity of DDoS attacks in the first half of

the year reached new heights…

CNET: Heartbleed bug: What you need to know

The security vulnerability has implications for users across the

Web…

CNET: New DoS attack uses Web servers as zombies

Imperva says Web server-based botnet offers more attack

power…

Page 14: Puppet Camp Charlotte 2015: Managing middleware with Puppet

why active management is important

Therefore, patching

middleware is

critical

• Finding the stable

version

• Patching rapidly

without stepping on

the app-specific

configuration

Active management

is something to

consider

Source: Top 50 Vulnerable products,

CVEdetails.com – data from MITRE’s CVE

website

Page 15: Puppet Camp Charlotte 2015: Managing middleware with Puppet

WHAT ARE SOME SPECIFIC

CHALLENGES TO MANAGING

MIDDLEWARE?

Page 16: Puppet Camp Charlotte 2015: Managing middleware with Puppet

specific challenges

• More than one software development lifecycle (SDLC)

• Ownership of directories with an automated approach

• Maintaining idempotency

• Managing customizations

• Naming conflicts

Page 17: Puppet Camp Charlotte 2015: Managing middleware with Puppet

• Middleware configuration can be changed in three key events

1. Patching or update to standards

2. Prod fix made directly to server

3. Release of application with specific config needs

more than one software development lifecycle

Patching Support App Release

Page 18: Puppet Camp Charlotte 2015: Managing middleware with Puppet

ownership of directories

• Segmenting ownership

Page 19: Puppet Camp Charlotte 2015: Managing middleware with Puppet

ownership of directories

• Backing module code

Page 20: Puppet Camp Charlotte 2015: Managing middleware with Puppet

maintaining idempotency

Idempotence is a property where certain operations can

be applied multiple times without changing the result.

• Example of idempotency = absolute value

abs(abs(abs(-1))) = 1

Page 21: Puppet Camp Charlotte 2015: Managing middleware with Puppet

managing customizations

• How do we adopt a strategy that allows us to accommodate specific corporate requirements and still stay close to the community or forge module?

• Examples of typical customizations necessary for middleware:

1. Different package (often products must be hardened according to security baselines)

2. Asset tagging

3. Test automation hooks

4. Addition of the SSL Certificate and related files

5. Addition of plugins (like apache modules)

6. Support for multiple product versions

7. Modified directory permissions

8. Redirection of the logs to $logroot

9. Defaults for specific file resources

10. Custom functions or classes

Page 22: Puppet Camp Charlotte 2015: Managing middleware with Puppet

naming conflicts

• Multiple middleware teams

• Multiple module authors

• Every class or defined type name maps directly to the

filepath within Puppet’s modulepath.

• So how do we avoid duplicate resource declarations or

path conflicts?

Page 23: Puppet Camp Charlotte 2015: Managing middleware with Puppet

WHAT HAVE WE LEARNED

THAT MAY BE USEFUL TO

YOU?

Page 24: Puppet Camp Charlotte 2015: Managing middleware with Puppet

lessons learned

1. You must bring the team members supporting the

product along with you.

2. Only one system and team should be accountable for

the configuration of the product.

3. Spend the time on the module to ensure it is

idempotent.

4. Isolate company customizations in a wrapper module..

5. Give the rest back to the community.

Page 25: Puppet Camp Charlotte 2015: Managing middleware with Puppet

isolate customizations in a wrapper

List of typical customizations from before: 1. Different package (often products must be hardened according to

security baselines)

2. Asset tagging

3. Test automation hooks

4. Addition of the SSL Certificate and related files

5. Addition of plugins (like apache modules)

6. Support for multiple product versions

7. Modified directory permissions

8. Redirection of the logs to $logroot

9. Defaults for specific file resources

10. Custom functions or classes

Page 26: Puppet Camp Charlotte 2015: Managing middleware with Puppet

Wrapper module approach

• puppet-apache

• puppet-wf_apache

isolate customizations in a wrapper

Page 27: Puppet Camp Charlotte 2015: Managing middleware with Puppet

give the rest back to the community

• Give back

• Your custom code becomes standard, community-supported code

• Growth opportunity for your team members

Wells Fargo IT and Legal have worked to determine a path

for this to happen. Submission with corporate emails is a

requirement.

Page 28: Puppet Camp Charlotte 2015: Managing middleware with Puppet

QUESTIONS?