�ݺ�ߣ

The story of rebuilding
Puppet
October 2015
1
Artem Zhurbila
artemzhurbilo@gmail.com

2
2013 ... Old Puppet infra
New Puppet infra
June 2015
May 2015
Joins Adform

Old Puppet infra New Puppet infra
One giant repository with all modules One core repository (puppet-control) + independant modules
Public modules are downloaded once and never updated Modules and theirs versions are controled in Puppetfile
Code duplication Profiles / Roles pattern encourage to reuse modules
No consistent style Lint, style checking is enforced
No possibility to test puppet manifests locally Vagrant box can be used to run and provision VMs easily on
a local machine
No unit tests Unit tests are supported (rake spec)
No acceptance tests Acceptance tests are supported (rake acceptance)
No clear branching model All new development starts by feature-branching which is
merged only after code review
No visibility Puppet Explorer dashboard show status of all nodes
4

Puppet 4 bonuses
❏ Puppet Server -> clojure (JVM)
❏ Environments approach by default
❏ More clear naming rules
❏ New language features
❏ Functions (each, map, filter, map, reduce)
❏ Types (Integer, Boolean, Enum, Collection, etc)
5

CI pipeline
.gitlab-ci.yml
localtest:
script:
- rake localtest
check-Puppetfile:
script:
- ruby -c Puppetfile
9
task :localtest => [
:syntax,
:lint,
:yamllint,
:jsonlint,
:metadata,
]

Puppetfile
12
#!/usr/bin/env ruby
#^syntax detection
forge "https://forgeapi.puppetlabs.com"
# A module from the Puppet Forge
mod 'puppetlabs/stdlib', '4.6.0'
mod 'puppetlabs/java', '1.4.1'
mod 'cyberious/windows_java', '1.0.2'
mod 'puppetlabs/concat', '1.2.3'
mod 'stahnma/epel', '1.0.2'
mod 'puppetlabs/firewall', '1.6.0'
mod 'puppetlabs/ntp', '4.1.0'
...
...

Modules deploy
13
Advantage:
Optimized caching
Disadvantage:
No dependency resolution

env VS tier
branch == environment
tier == [dev | preprod | prod | infra]
main branch is the master (trunk) branch which should always be in a stable state!
production branch is a default Puppet environment and it’s used only for initial Puppet agent
bootstrap.
15

Profiles / Roles pattern
1 node includes 1 role
1 role includes >= 1 profiles
18

hiera.yaml
20
...
:hierarchy:
- "nodes/%{::fqdn}"
- "tiers/%{::tier}/host_group/%{hostname_group}"
- "tiers/%{::tier}/%{calling_class_path}"
- "tiers/%{::tier}/common"
- "default/host_group/%{hostname_group}"
- "default/%{calling_class_path}"
- "default/common"
...

Hiera data
• Separate data from logic: move data to Hiera as much as
possible
• Attribute names should match your puppet class name.
E.g for 'profiles::elk::server' class, all attributes in hiera
should start with 'profiles::elk::server::
[ATTRIBUTE_NAME]'
21

Puppet-module-skeleton
repo
22

Puppet agent maintenance
mode
23

Maintenance mode
#puppet agent --disable 'FOOBAR maintenance for 6hrs;
contact @it.solution for any reason'
Puppet Explorer dashboard has a cell which shows node
count, which haven’t reported in last 24 hours
24

NOOP
NOOP is enabled only in PROD env by default
$ puppet agent -t --no-noop.
This will run Puppet agent with disabled noop mode and
actually do the changes
26

Recap:
- Focus on testing code changes early and often
- Reusing as much as we can
29

�ݺ�ߣ

Artem zhurbila the story of rebuilding puppet (devops meetup 29.10.2015)

More Related Content

Artem zhurbila the story of rebuilding puppet (devops meetup 29.10.2015)