Puppet – configuration management tool презентация

Содержание

Слайд 2

CONTENT PART I – GETTING STARTED PART II – PUPPET

CONTENT

PART I – GETTING STARTED
PART II – PUPPET INSIDE
PART III –

DEPLOYMENT OF PUPPET
PART IV - SCENARIO OF DEPLOYMENT
WITH HELP OF PUPPET
Слайд 3

PART I GETTING STARTED

PART I

GETTING STARTED

Слайд 4

TYPICAL SYSADMIN JOB Repetitive Manual Tedious

TYPICAL SYSADMIN JOB

Repetitive
Manual
Tedious

Слайд 5

WHO HELPS US Automation Unification Accuracy Reproducibility Centralized auditing Reduce time Save money

WHO HELPS US

Automation
Unification
Accuracy
Reproducibility
Centralized auditing
Reduce time
Save money

Слайд 6

What is PUPPET ? configuration management tool open source Ruby-based

What is PUPPET ?

configuration management tool
open source
Ruby-based system
relying upon

client-server model
used to manage throughout lifecycle IT systems:
Слайд 7

PUPPET’S BENEFITS Large developer base Optimized and easier configuration language

PUPPET’S BENEFITS

Large developer base
Optimized and easier configuration language
Better documentation
Abstracted from underlying OS (more platform

support)
Easily scalable and customizable
Large installed base (Google, Siemens, Red Hat,
Cisco)
Слайд 8

PART II PUPPET INSIDE

PART II

PUPPET INSIDE

Слайд 9

PUPPET MODEL Deployment Configuration Language Resource Abstraction Layer Transactional Layer

PUPPET MODEL

Deployment

Configuration Language

Resource Abstraction Layer

Transactional Layer

Usually Client-Server

Describe

How to apply

Compile
Communicate
Apply
Report

Слайд 10

Master - store & compile configs Agent - pull configuration


Master - store & compile configs
Agent - pull configuration from master

PUPPET

DEPLOYMENT MODEL

Client-server
Client - apply & compile configs locally
CVS - just as repo for configs

Single (no master)

Master/
server

client

CVS/SVN

CVS/SVN

Request;
reports

Слайд 11

+ better security + advanced management + authorization + centralized

+ better security
+ advanced management
+ authorization
+ centralized execution
- huge load

on server
- single point of failure

PUPPET DEPLOYMENT MODEL (comparison)

Client-server
+ no bottleneck of master
+ no single point of failure
+ no PKI
- no advanced features
- loss in security
- loss ease of management

Single (no master)

Слайд 12

ARCHITECTURE OF PUPPET compile on server Puppet master Puppet agent

ARCHITECTURE OF PUPPET
compile on server

Puppet master

Puppet agent

HTTPS/SSL connection

CA/SSL cert

Facter

Manifest (code of

scenario)

catalog

apply

Server

Client

TCP port 8140

Provider

Слайд 13

MAIN COMPONENTS OF PUPPET SYSTEM Server daemon: puppet master (

MAIN COMPONENTS OF PUPPET SYSTEM

Server daemon:
puppet master ( uses WEBrick web

server)
run as puppet user
can force client to pull new configs – puppet kick
Client daemon:
puppet agent
run as root (pulling server every 30min defaults or from cron)
Both have configuration file => puppet.conf
Слайд 14

MAIN COMPONENTS OF PUPPET SYSTEM (continued) Puppet’s Certificate Authority: puppet

MAIN COMPONENTS OF PUPPET SYSTEM (continued)

Puppet’s Certificate Authority:
puppet ca, cert
SSL certificates
Provider
apply

packages management on hosts
Facter
gathers basic information about node’s hardware and operation system
Слайд 15

ELEMENTS OF PUPPET SYSTEM Manifests (code on puppet/ruby language) on

ELEMENTS OF PUPPET SYSTEM

Manifests (code on puppet/ruby language) on server =>

*.pp
use some programming methods: variables, conditional
statements, functions
Resources (types) is a particular element that Puppet knows how to configure
Classes and defines basic named collection of resources
Providers specific implementation of a given resource type
Templates apply code and variable substitution
Modules collection of manifests, files, plugins, classes, templates and so on
Nodes – machines being configured, identified generally by its hostname
Files, facters, libs, functions and so on
Слайд 16

ELEMENTS OF PUPPET SYSTEM RESOURCE (file) RESOURCE (user) CLASS FILES

ELEMENTS OF PUPPET SYSTEM

RESOURCE
(file)

RESOURCE
(user)

CLASS

FILES

TEMPLATES

NODE

manifest

apply

LIBS (facter, provider, function …)

are used in manifests

MODULE

Слайд 17

PUPPET INFRASTRUCTURE /etc/puppet files/ manifests/ modules/ auth.conf autosign.conf fileserver.conf puppet.conf

PUPPET INFRASTRUCTURE

/etc/puppet

files/

manifests/

modules/

auth.conf

autosign.conf

fileserver.conf

puppet.conf

tagmail.conf

byhost/

classes/

nodes.pp

site.pp

host1/

host2/

host3/

class1.pp

class2.pp

mod1/

manifests/

files/

templates/

init.pp

Files

Folders

Слайд 18

PART III DEPLOYMENT OF PUPPET

PART III

DEPLOYMENT OF PUPPET

Слайд 19

PROCEDURE OF DEPLOYMENT Setup (master and clients) Set up configuration

PROCEDURE OF DEPLOYMENT

Setup (master and clients)
Set up configuration files
Deploy certificates
Write and

deploy manifest and describe nodes
Слайд 20

INSTALLATION OF PUPPET Most platforms will use the default package

INSTALLATION OF PUPPET
Most platforms will use the default package manager to

install Puppet or from source
Prerequisites: ruby, ruby-libs, facter
Слайд 21

SAMPLE PUPPET CONFIG FILE Can be configured via CLI or

SAMPLE PUPPET CONFIG FILE

Can be configured via CLI or configuration file
[main]

vardir = /var/lib/puppet
logdir = /var/log/puppet
ssldir = $vardir/ssl
moduledir = /var/lib/modules
[agent]
server =
localconfig = $vardir/localconfig
report = true
[master]
reports = http
autosign = /etc/puppet/autosign.conf
Слайд 22

SETUP CERTIFICATE Multiple ways to resolve this Setup puppetmaster to

SETUP CERTIFICATE
Multiple ways to resolve this
Setup puppetmaster to automatically sign

certificates
Setup puppetmaster to pre-sign certificates
Perform manual certificate signing each time
Слайд 23

AUTO CERTIFICATE SIGNING Setup automatic certificate signing you must specify

AUTO CERTIFICATE SIGNING
Setup automatic certificate signing you must specify so in

the /etc/puppet/autosign.conf file:
*.sample.domain.com
server1.sample.domain.com
+ will automatically sign certs
– security risk, not good to automate the certificate signing mechanism
Слайд 24

PRE-SIGNING CERTIFICATES Generate a pre-signed certificate for clients: puppet cert

PRE-SIGNING CERTIFICATES
Generate a pre-signed certificate for clients:
puppet cert --generate client1.example.com
Transfer

the private key, the client certificate, the CA certificate to the new client:
/etc/puppet/ssl/private_keys/client.pem
/etc/puppet/ssl/certs/client.pem
/etc/puppet/ssl/certs/ca.pem
+ better controlled security
– have to provide transferring
Слайд 25

MANUAL CERTIFICATE SIGNING Doesn’t require the autosign.conf file List of

MANUAL CERTIFICATE SIGNING
Doesn’t require the autosign.conf file
List of the waiting requests

on the puppetmaster by using:
# puppet cert --list
server1.sample.domain.com
server2.sample.domain.com
to sign a specific request run the following:
# puppet cert --sign server1.sample.domain.com
+ most secure way to sign certificates
– can get cumbersome when scaling your puppet installation
Слайд 26

CREATE MANIFEST AND DESCRIBE NODE Create main manifest in /etc/puppet/manifests/site.pp

CREATE MANIFEST AND DESCRIBE NODE
Create main manifest in /etc/puppet/manifests/site.pp
Node definitions can be

defined:
configuration block matching a client in manifest
outside of puppet - LDAP, external script
node default { include ….}
node “www.domain.com” { …}
node /^www\.\w+\.com/ { … } # can use regular expression
Слайд 27

CREATE MANIFEST AND DESCRIBE NODE (CONTINUE) node default { user

CREATE MANIFEST AND DESCRIBE NODE (CONTINUE)
node default {
user {"testpup":
ensure =>

present,
shell => "/sbin/nologin",
home => "/nonexistent",
password => "test",
}
}
Слайд 28

PART IV SCENARIO OF DEPLOYMENT WITH HELP OF PUPPET

PART IV

SCENARIO OF DEPLOYMENT
WITH HELP OF PUPPET

Слайд 29

TASK WHAT WE HAVE WHAT FEATURES WE USE => modules,

TASK
WHAT WE HAVE
WHAT FEATURES WE USE => modules, classes,

class-definitions, templates
RESULT ??????

WORKSHOP (LIVE EXAMPLE)

ER

APACHE SERVER
(main address - 192.168.30.20:80 only)

APACHE VIRTUAL HOSTS
( 192.168.166.84:3080)
(192.168.166.84:4080)
……..

with PUPPET agent installed
(freesvv)

PUPPET MASTER
(puppetbig2)

Слайд 30

HOW TO ORGANIZE MANIFESTS modules/mysql/init.pp modules/apache/init.pp install dbinit … vhost … install

HOW TO ORGANIZE MANIFESTS

modules/mysql/init.pp

modules/apache/init.pp

install

dbinit


vhost


install

Слайд 31

ROOT MANIFEST - SITE.PP Global master manifest is site.pp which

ROOT MANIFEST - SITE.PP

Global master manifest is site.pp which typically defines

the node types puppet can configure
node ‘server1’ {
include pkg-mgmt # use module
include apache
}
node ‘server2' {
include apache
include mysql
}
Слайд 32

BUILDING MODULE Storing modules separately in /…/…/modules/module_name assists in management

BUILDING MODULE
Storing modules separately in /…/…/modules/module_name assists in management
We can store

module specific files within the module instead of all together
Inside each module, we have several directories: manifests, files, templates, plugins
The manifest is where the module’s definition lives and starts - “init.pp”
Слайд 33

MODULE STRUCTURE {module}/ files/ # serve files from modules lib/

MODULE STRUCTURE

{module}/
files/ # serve files from modules
lib/ # executable Ruby code


manifests/ # can hold any number of other classes and even folders of classes
init.pp
{class}.pp
{defined type}.pp
{namespace}/
{class}.pp
{class}.pp
templates/ # templates written in the ERB language
Слайд 34

MODULE START FILE - INIT.PP class apache { # main

MODULE START FILE - INIT.PP

class apache { # main class
require apache::params

# class dependencies
case $operatingsystem { # variable
FreeBSD: { include apache::install }
Centos: { include apache::instyum }
}
include apache::service
}
Can use variables, conditional statements;
Call new subclasses
Convenient way – organize special class(subclass) for variables
Слайд 35

SUBCLASS FOR INSTALL class apache::install { file { $apache::params::install_option: #

SUBCLASS FOR INSTALL

class apache::install {
file { $apache::params::install_option: # resource -

type of file
ensure => directory,
recurse => true,
recurselimit => 1,
owner => "root",
group => "wheel",
mode => 0644,
source => "puppet:///modules/apache/install",
}
package { $apache::params::apache_pkg_name: # resource - type of package
provider => portupgrade,
ensure => installed,
require => File[$apache::params::install_option],
}
}
Each resource has its own parameters & properties
More about resources:
http://docs.puppetlabs.com/references/stable/type.html
Слайд 36

SUBCLASS FOR SERVICE class apache::service { service { $apache::params::apache_ser_name: ensure

SUBCLASS FOR SERVICE

class apache::service {
service { $apache::params::apache_ser_name:
ensure => running,

hasstatus => true,
hasrestart => true,
enable => true,
require => [Class["apache::install"], File["$apache::params::apache_main_conf"]]
}
file { $apache::params::apache_main_conf:
ensure => present,
owner => 'root',
group => 'wheel',
mode => '644',
source => "puppet:///modules/apache/config/httpd.conf_free",
require => Class["apache::install"],
notify => Service["$apache::params::apache_ser_name"],
}
}
Слайд 37

MODULE DEPENDENCY Handy when an application needs to have certain

MODULE DEPENDENCY

Handy when an application needs to have certain files in

place before installing the rest
The more complex your Puppet environment becomes the greater the need for inter-module dependencies are.
inter-, intra-module dependencies
require, before - guarantees that the specified object is applied later or before than the specifying object
notify, subscribe - causes the dependent object to be refreshed when this object is changed
Class[x] -> Class[y] – another form of dependencies
Stages - creates a dependency on or from the named milestone
Слайд 38

DEFINITIONS Definitions are similar to classes, but they can be

DEFINITIONS

Definitions are similar to classes, but they can be instantiated multiple

times with different arguments on the same node (looks like functions for resources)
define apache::vhost ( $port, $docroot, $template='apache/vhosts.erb’) {
file { "/etc/apache2/sites-available/$name":
content => template($template),
owner => 'root',
group => 'wheel',
mode => “644’, }
}
------------------------------------------------------------------------------------------
Example of usage
node ‘www’ {
include apache
apache::vhost { ‘www-second':
port => 80,
docroot => '/var/www/www-second',
template => ‘apache/www_vhosts’,
}
}
Слайд 39

TEMPLATES Templates are flat files containing Embedded Ruby (ERB) variables

TEMPLATES

Templates are flat files containing Embedded Ruby (ERB) variables
Allows you to

create template configuration files
NameVirtualHost *:<%= port %>
>
ServerName <%= name %>
DocumentRoot <%= docroot %>
>
AllowOverride None

ErrorLog /var/log/apache2/<%= name %>_error.log
CustomLog /var/log/apache2/<%= name %>_access.log combined

<%= … %> - variable field
Слайд 40

System inventory tool on client Can be used as variables

System inventory tool on client
Can be used as variables in manifests
You

can add custom facts as needed
Steps to create custom facts:
- create file in module directory ../module_name/lib/facter/.rb
- write code on Ruby
- enable on client and server – “pluginsync=true”

CUSTOM FACTER
Examples of facters:
domain => soft.com
fqdn => puppetclient.soft.com
hostname => puppetclinet
ipaddress => 172.20.88.132

Слайд 41

REPORTS, MONITORING Puppet has a few reporting options: YAML files

REPORTS, MONITORING

Puppet has a few reporting options:
YAML files
RRD files
EMAIL with changes
HTTP

- web interface (Dashboard, Foreman)
Слайд 42

CONCLUSIONS What is the profit ? Quick and flexible deployment

CONCLUSIONS

What is the profit ?
Quick and flexible deployment of our complicated

system in production
Quick re-deployment of existing system in case of failure (previously generating data backups)
Easy deployment of huge numbers of servers
Easy generation and modification of configuration files
Имя файла: Puppet-–-configuration-management-tool.pptx
Количество просмотров: 94
Количество скачиваний: 0
- Предыдущая
Самоконтроль при занятиях физической культурой и спортом
Следующая -
Соціологія праці та управління

Похожие презентации

Программное обеспечение. Основы построения баз данных. (Лекция 8)
Безопасный интернет
Ютуберы. Винди31
Кодирование звуковой информации
Селиверстова М.А., Информтика, основные понятия - ч.1
Алгоритмы и способы их описания. Лекция 1.7
Bitcoin- electronic money
Керування оперативною пам'яттю у процесорах архітектури х86. (Лекція 8)
Информация и знания
презентация о первой женщине-программисте Аде Лавлейс
История создания Powerpoint
Управление памятью. (Тема 12)
Protocols. TCP/IP
Happy New Year! By Slidesgo. Here is where your presentation begins
Каналы утечки информации. Шифрование. Контроль целостности
Электронные таблицы. Диаграммы
Технологии и методы программирования
Электронное государство на региональном уровне. (Раздел 2)
Разработка современных мобильных приложений под Android
ПДД проект
Основные устройства компьютера
Физические основы информационных технологий. Глава 3. Физические основы записи, считывания и хранения информации
Проект Социальные страницы ВКонтакте великих людей
Інформаційна система готелю
Альтернативный интернет
История создания интернета
Viber для бизнеса
Платформа синтеза индивидуальных и системы распределённых ситуационных центров
Обратная связь
Email: Нажмите что бы посмотреть