Puppet @ Seat

Embed Size (px)

DESCRIPTION

Presentation on how Puppet has been introduced in Seat Pagine Gialle to automate system administration tasks and easy the cooperation between Ops and Others.

Text of Puppet @ Seat

  • 1. Seat Internet Factory Tech Talk 5
  • 2. Tempus fugitSetup. Congure. Deploy. Troubleshoot. Fix.
  • 3. Panta reiEmails. Tickets. Calls. Meetings.
  • 4. Malatemporacurruntcat /etc/issueDebian 4
  • 5. Errarehumanum est...rm /var/log/messages
  • 6. perseverareautemdiabolicumchmod -R 777 ; su nobody ; rm -rf .
  • 7. Alea iacta estHope driven release management.
  • 8. Devs Versus OpsD: Can you copy /ldap/dritchie/spes.war to prod? O: Open a Ticket.
  • 9. O temporao mores!Big efforts for small outputs
  • 10. Spes ultima dea Have you heard about this Puppet thing?
  • 11. Repetitia iuvantMachines automate better
  • 12. GratisOpenSource from www.puppetlabs.com
  • 13. Cui prodest? Source: www.puppetlabs.com
  • 14. Divide et imperaMany Puppet nodes One Puppet Master
  • 15. package { openssh-server:Status Quo } ensure => present, before => File[/etc/ssh/sshd_config],A declarative language to describe file { /etc/ssh/sshd_config:system status ensure => file, mode => 600, source => /root/learning-manifests/sshd_config, } service { sshd: ensure => running, enable => true, subscribe => File[/etc/ssh/sshd_config], }
  • 16. Veni vidi vici puppet apply
  • 17. DeusExMachina# This File is Managed by Puppet
  • 18. Mater semper certa est, pater nunquam O: Who changed that le?!info: Filebucket[/var/lib/puppet/clientbucket]: Adding /etc/resolv.conf(d7fbc1695489ce896d30b7b04d72887c)info: //test/File[/etc/resolv.conf]: Filebucketed /etc/resolv.conf to main with sumd7fbc1695489ce896d30b7b04d72887cnotice: //test/File[/etc/resolv.conf]/content: content changed {md5}d7fbc1695489ce896d30b7b04d72887c to {md5}958836dd057fdbb33597d688cc6d28a2
  • 19. Ex novoProvision from scratch.
  • 20. DoctumdocesInfrastructure as code
  • 21. Scripta manent,verba volantsvn ci -m Ticket #777
  • 22. FactotumP: I manage. Almost everything.
  • 23. Ignorantia legisnon excusatOnce you Puppettize, you Puppettize
  • 24. Sperimentazione iniziata nel 2010Implementazione sistematica su nuovi server da Ottobre 2010Conversione / Upgrade sistemi esistenti in corso.Produzione a Rozzano - Sistemi gestiti: 167 (growing):- Pagine Bianche- Banners- E-Commerce, Scioppy- Tools PL, Iglu, Spysite, Routing, Fotocontest, Iglu ...- Sistemi infrastrutturali (Dns, Syslog, Deploy, Ldap (soon) )- Sistemi di monitoring (Nagios, Munin)Disaster Recovery - Sistemi gestiti: 34:- Pagine Gialle (Intera liera)- Sistemi infrastrutturali (Dns, Syslog, Deploy, Ldap)- Sistemi di monitoring (Nagios, Munin)
  • 25. # Base nodenode basenode { $dns_servers = ["192.168.39.42","192.168.39.43"] $syslog_server = "syslog-1.pgol.com" $type = "prod" # We assume that most of nodes are of prod(ution) type. $users_auth = "ldap" # By default we want ldap auth[...]}# Rozzano Production sitenode rozzano inherits basenode { $site = "rozzano" $ntp_server = ["ntp1.pgol.com","ntp2.pgol.com"]}node rozzano-dmz inherits rozzano { $zone = "dmz" $users_auth = "local" # No ldap auth for users in DMZ servers}node rozzano-erog inherits rozzano { $zone = "erog"}# Disaster recovery Sitenode dr inherits basenode { $site = "dr" $dns_servers = ["192.168.50.10","192.168.50.11"][...]
  • 26. # FRONTEND BIANCO # CLUSTER CASSANDRA DEVnode fep-pbit-1 inherits rozzano-erog { node dev-cassandra-1b inherits rozzano- include role_fep-pbit erog {} ! $type = "dev" ! include role_cassandranode fep-pbit-2 inherits rozzano-erog { } include role_fep-pbit [...]} # CLUSTER CASSANDRA TEST[...] node test-cassandra-1 inherits rozzano- erog {node test-pbit-1 inherits rozzano-erog { ! $type = "test" $type = "test" ! include role_cassandra include role_fep-pbit }} [...][...] # CLUSTER CASSANDRA PROD node cassandra-1 inherits rozzano-erog { ! include role_cassandra } [...] node cassandra-5 inherits rozzano-erog { ! $has_batch = "true" ! include role_cassandra }
  • 27. class general { include distro include profile include puppet include motd include users include openssh include hosts include resolver include monit include sudo include snmpd include nrpe include munin include rsync include basedirs case $operatingsystem { ubuntu,debian: { # Moduli attualmente funzionanti solo su Ubuntu/Debian include exim include openntpd include apt include rsyslog include unattended-upgrades include hardware } centos,redhat: { include yum } default: { } }}
  • 28. class role_fep-pbit { $role="fep-pbit" include general include nfs::client::fep-pbit include apache include apache::seat::fep-