際際滷

際際滷Share a Scribd company logo

Puppet atbazaarvoice

Download as PPTX, PDF
Dave Barcelo
Dave Barcelo

Dave gives a presentation about Puppet at Bazaarvoice. He discusses how Puppet is used in different teams at the company: 1) In legacy infrastructure, Puppet used a traditional client/server model with complex inheritance and DNS-based node definitions, which became difficult to manage over time. 2) In the data infrastructure teams, Puppet uses a "Mothership" model with role-based definitions and Hiera to parameterize classes for reuse. Puppet environments are used for change control. 3) In data services teams, a "masterless" approach is used where each application team maintains their own Puppet code without impacting others. Data is passed in via tags, Hiera,

1 of 38
Download to read offline
Puppet at Bazaarvoice
Hi, my name is Dave. DevOps Engineer at Bazaarvoice. Started working with puppet in 2008 while working at Bioware. First version was 0.24. At Bioware, puppet configured over 14k nodes that comprised of web servers, databases and game servers. All 5 datacenters (in California, Virginia, Ireland, Australia and Texas) housed puppet managed nodes that all reported back to a centralized puppet dashboard. My contact info: http://www.linkedin.com/in/jamesbarcelo
Bazaarvoice Plug We do embedded DevOps! Application teams are responsible for their applications operation success. 2.0 stack is 100% in Amazon! Conferences! Work on awesome projects with spiffy tech like Cassandra or ElasticSearch. Send me your resume! Dave.barcelo@bazzarvoice.com
Preview presentation Puppet in the legacy stack. Puppet in the Data Infrastructure Team. Focus on client/server. Puppet in the Data Services Team. Focus on masterless puppet.
Puppet in the Legacy Infrastructure Traditional puppet use with client/server. Multiple levels of inheritance. Puppet managed instances were configured according to DNS naming convention. node /my-hostname/ { }
Some issues encountered: Very hard to work with. Very complex. Large codebase. Adds to complexity. No confidence in making changes. Side effects feared after code change. A jinga tower of puppet code. Too many pivot points. Many places to configure. Adds to complexity. Lots of code rot. Had not been refactored.
Puppet master/client in Data Infrastructure teams
Architecture Each server type we care about will be referenced by its role. We only care about roles, not hostnames. Centered around an uber IT tools server that runs everything ops (including puppet) to do work in an environment. The Mothership. Hiera and parameterized classes will be used to create generic puppet modules that can be reused for different roles. Development will be centered on using puppet environments on the Mothership to protect devs from stepping on each other.
Mothership Contains a cocktail of different application tools for doing work in the environment. Tools included: Mcollective/ActiveMQ Puppet server Puppet managed operation scripts. Motherships configured to be highly available in regular AWS fashion(Autoscaling, cluster multiple activeMQ, etc). Advertises multiple puppet environments that clients can switch between via environments.
What is a Universe?
Anatomy of a Mothership
Methods of passing in data Getting environment data into puppet configuration. Hiera datastore. Puppet stdlib/tags.txt Cloud formation parameters Universe, VPC
Puppet Stdlib/facts.d Bootstrap process (EC2 user data) populates /etc/facter/facts.d/tags.txt with mappings. These mappings become facters. Example of data in tags.txt: Universe value. Ec2 metadata. /etc/facter/facts.d/tags.txt: universe=dev Tag_region=us-east-1
Hiera datastore Hiera is used extensively where different data needs to be passed into puppet according to context. Different contexts would include: Amazon region. Instance role. Universe. Example usage: $app_version = hiera(app_version, nil)
/etc/hiera.yaml -- :logger: console :hierarchy: - %{fqdn} - 10-team/%{team}/10-region/%{tag_region}/10-universe/%{universe}/10-roles/%{role} - 10-team/%{team}/10-region/%{tag_region}/10-universe/%{universe}/20-common - 10-team/%{team}/10-region/%{tag_region}/20-roles/%{role} - 10-team/%{team}/10-region/%{tag_region}/30-common - 10-team/%{team}/20-universe/%{universe}/10-roles/%{role} - 10-team/%{team}/20-universe/%{universe}/20-common - 10-team/%{team}/30-roles/%{role} - 10-team/%{team}/40-common - 40-common - environments :backends: - yaml - json :yaml: :datadir: /etc/puppet_env/%{environment}/manifests/hieradata :json: :datadir: /etc/puppet/env/global_hieradata
Puppet Environments/Universe
Mothership Execution Flow
Puppet code on the Mothership The files that do the things: /etc/puppet/puppet.conf /etc/puppet/env/global_hieradata/environments.j son /etc/puppet/puppetmaster.conf /etc/puppet_env/{puppet_env}/ manifests/ modules/
/etc/puppet/puppet.conf # File managed by Puppet. ssldir = $vardir/ssl [main] [agent] vardir = /var/lib/puppet runinterval = 1800 logdir = /var/log/puppet ca_server = <%= ca_srv %> rundir = /var/run/puppet server = <%= logical_srv %> ssldir = $vardir/ssl certificate_revocation = False environment = <%= environment %> usecacheonfailure = true report = true pluginsync = true factpath = $vardir/lib/facter preferred_serialization_format = yaml [user] vardir = /var/lib/puppet logdir = /var/log/puppet rundir = /var/run/puppet
/etc/puppet/env/global_hieradata/env ironments.json { "environments": [ { "cert": [ { "modulepath": "/etc/puppet_env/cert/modules" }, { "manifestdir": "/etc/puppet_env/cert/manifests" }, { "manifest": "/etc/puppet_env/cert/manifests/site.pp" } ] } }
/etc/puppet/puppetmaster.conf [main] # Puppetdb. vardir = /var/lib/puppet storeconfigs = true logdir = /var/log/puppet storeconfigs_backend = puppetdb rundir = /var/run/puppet <% end %> ssldir = $vardir/ssl [user] usecacheonfailure = true vardir = /var/lib/puppet pluginsync = true logdir = /var/log/puppet factpath = $vardir/lib/facter rundir = /var/run/puppet preferred_serialization_format = yaml ssldir = $vardir/ssl syslogfacility = local1 # Environments [master] <% environments.each do |env_val| -%> certname=<%= certname %> <% env_val.keys.each do |env_key| -%> ca = True [<%= env_key -%>] certificate_revocation=False <% env_val[env_key].each do |env_data| -%> dns_alt_names=<%= logical_srv %> <% env_data.each_pair do |k, v| -%> ssl_client_header = SSL_CLIENT_S_DN <%= k %> = <%= v -%> ssl_client_verify_header = SSL_CLIENT_VERIFY <% end %> autosign = true <% end %> <% end %> # For puppet dashboard reporting. <% end %> reports = store, datadog_reports <% if store_configs == true %>
/etc/puppet_env/{env}/manifests/site. pp import 'roles/*.pp' node default { class { 'basenode_role': } class { "$tag_role": } }
/etc/puppet_env/{env}/manifests/role /00_basenode.pp class basenode_role { class { security: } class { monitoring: } .. }
/etc/puppet_env/{env}/manifests/role /mothership_role.pp class mothership_role { class { 'puppet': master => true, ca_srv => $tag_caserver, logical_srv => $tag_puppet_server, } }
Mothership Dev Workflow
Masterless Puppet in Data Services Teams
Architecture Still keeping bits of the Mothership project: Applications/Services scoped in zookeeper by Universe. Emphasis is put on making things simpler. Puppet code will not be monolithic. Individual application teams will only need to maintain there own modules/manifests. Changes to modules/manifests will not impact other teams.
Methods of passing in data The usual suspects: Puppet stdlib/tags.txt. Hiera. Cloud formation parameters Universe, VPC Some new ones: EC2 data/metadata -> facter. Zookeeper. Cloud formation parameters - DeployTag
getEC2data_cache.rb Script runs out of /etc/facts.d that converts EC2 data/metadata into facts.
Zookeeper/Ostrich Custom functions to pull data from zookeeper the same way applications do discovery.
Masterless Execution Flow
Puppet code in Masterless No more Mothership. All work is done via puppet apply. /etc/hiera.yaml /etc/puppet/manifests/{role}.pp /etc/puppet/manifests/00_common.pp /etc/puppet/manifests/01_users.pp /etc/puppet/modules/
/etc/hiera.yaml -- :logger: console :hierarchy: - %{fqdn} - 10-universe/%{universe}/10-roles/%{role} - 10-universe/%{universe}/20-common - 20-roles/%{role} - 30-common :backends: - yaml :yaml: :datadir: /etc/puppet/manifests/hieradata
/etc/puppet/manifests/{role}.pp import '00_common' node default { # This class contains common modules that should be used by all roles. class { 'common': } class { 'activemq: } -> class { 'mcollective': server => true, client => true, } }
/etc/puppet/manifests/00_common.p p import '01_users' ##################################### # Common ##################################### class common { class { 'stdlib': } file { '/opt/bazaarvoice': ensure => directory, } # Authorized keys for project developers. class { 'user_setup': stage => setup, } host { 'internal_ip': ensure => 'present', name => $fqdn, ip => $ipaddress, } class { 'prompt': } }
/etc/puppet/manifests/01_users.pp class user_setup { include users users::user { 'dbarcelo': groups => 'wheel', sshKey => 'ssh-dss AAAAB3NzaC1kc3MAAACBANL1zoZdYJp/6vQ4G5iNQXjdJ7NGmK0J2eqHbztvuD0CBPyqMuEtuYKRg14tFd4iwp5EpnT4UWpv8kXF/dkEN3b5xgN/R+1hYq7/3m nRLchMFTl0tyryLuARC9zTI003mQrXd/W9jzXaNlCTpxh8Ihj2Ov3lvAAX65tN9nijxhCTAAAAFQCgMU0obmTLo5CRYtRwDCkj1mb2hQAAAIAiZF9axkCvMa9vwigD iAf3rNMbut1gtqtwdzux8c9T1inApKV5sccjg5POKm+4WmWTBOtQfYR8cNot2Mn/mO+MRiKH8sYapYnU2es+KRBmhdARE+N7EqdD0WqoP7NrsNVbObHwDQB NkODuc3ZPyTQuqv/w4poTXaS5u5M1XZbgZwAAAIEAjt4r7SN1I/m0V/TvedTVxJvKln4wZkFxyI5CAgpsAr435kwSLM08R9Hd0/5Vy9LfhYpH1aZTBaoTqmTCtnv3 mp1coXoscEp5nE0llfm+4DX3YvWnR80S/OeMUe71Ucm1ORwFpST/K4WKQoZ30TAVVsc8nYy2hyD7hyozjzsS09o= dave.barcelo@dbarcelo-mbpro' } users::user { 'lwadhwani': groups => 'wheel', sshKey => 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAysFCPpffw9LIOqAEFZxOOb52m2FbHhumBFc07o8sm3c4cmdLq/bBtr5TyuQp89zVNEaTGRbw1nMpQCDno4i5ipTvCLoKk OE1PRdtyJw6PGu6VV/0U1ghK+1xmveM2jDX/otj5hjnQiRm1+Fx/orYwNBkywDlDHZQCGxalWaFgXVyReCRUqq0jBwj3EKJfsQgoxuSrh7F6GjsQ6DUOsA3wBfew S25hPmhulEqvga4/P58BMHemL9d4Ugu98Vg7fgaur/b1adX+LzbmE6C2T4Gn1kzAOEct6bFgLPRj3n5/EaspdOsZ/Nnik0LUvIwZNHgDCLgkS0D8aMIsiUrB4OqSw == luveen@Pantalaimon' } }
/etc/puppet/modules/ Do stuff! Code is still generic but it does not have to be.
Masterless Dev Workflow

Recommended

Puppet at Bazaarvoice
Puppet at BazaarvoicePuppet at Bazaarvoice
Puppet at Bazaarvoice
Puppet
Refactor Dance - Puppet Labs 'Best Practices'
Refactor Dance - Puppet Labs 'Best Practices'Refactor Dance - Puppet Labs 'Best Practices'
Refactor Dance - Puppet Labs 'Best Practices'
Gary Larizza
Puppet Camp DC 2015: Stop Writing Puppet Modules: A Guide to Best Practices i...
Puppet Camp DC 2015: Stop Writing Puppet Modules: A Guide to Best Practices i...Puppet Camp DC 2015: Stop Writing Puppet Modules: A Guide to Best Practices i...
Puppet Camp DC 2015: Stop Writing Puppet Modules: A Guide to Best Practices i...
Puppet
Anatomy of a reusable module
Anatomy of a reusable moduleAnatomy of a reusable module
Anatomy of a reusable module
Alessandro Franceschi
Doing the Refactor Dance - Making Your Puppet Modules More Modular - PuppetCo...
Doing the Refactor Dance - Making Your Puppet Modules More Modular - PuppetCo...Doing the Refactor Dance - Making Your Puppet Modules More Modular - PuppetCo...
Doing the Refactor Dance - Making Your Puppet Modules More Modular - PuppetCo...
Puppet
ReUse Your (Puppet) Modules!
ReUse Your (Puppet) Modules!ReUse Your (Puppet) Modules!
ReUse Your (Puppet) Modules!
Alessandro Franceschi
Burn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websitesBurn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websites
Lindsay Holmwood
Ansible leveraging 2.0
Ansible leveraging 2.0Ansible leveraging 2.0
Ansible leveraging 2.0
bcoca
Puppet Camp Boston 2014: Greenfield Puppet: Getting it right from the start (...
Puppet Camp Boston 2014: Greenfield Puppet: Getting it right from the start (...Puppet Camp Boston 2014: Greenfield Puppet: Getting it right from the start (...
Puppet Camp Boston 2014: Greenfield Puppet: Getting it right from the start (...
Puppet
Introducing Assetic: Asset Management for PHP 5.3
Introducing Assetic: Asset Management for PHP 5.3Introducing Assetic: Asset Management for PHP 5.3
Introducing Assetic: Asset Management for PHP 5.3
Kris Wallsmith
Alessandro sf 2010
Alessandro sf 2010Alessandro sf 2010
Alessandro sf 2010
Puppet
Render API - Pavel Makhrinsky
Render API - Pavel MakhrinskyRender API - Pavel Makhrinsky
Render API - Pavel Makhrinsky
DrupalCampDN
10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)
10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)
10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)
arcware
WordPress plugin #3
WordPress plugin #3WordPress plugin #3
WordPress plugin #3
giwoolee
WordPress for developers - phpday 2011
WordPress for developers - phpday 2011WordPress for developers - phpday 2011
WordPress for developers - phpday 2011
Maurizio Pelizzone
Puppet for Sys Admins
Puppet for Sys AdminsPuppet for Sys Admins
Puppet for Sys Admins
Puppet
Puppi. Puppet strings to the shell
Puppi. Puppet strings to the shellPuppi. Puppet strings to the shell
Puppi. Puppet strings to the shell
Alessandro Franceschi
Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011
Puppet
With a Mighty Hammer
With a Mighty HammerWith a Mighty Hammer
With a Mighty Hammer
Ben Scofield
A Little Backbone For Your App
A Little Backbone For Your AppA Little Backbone For Your App
A Little Backbone For Your App
Luca Mearelli
Puppet modules for Fun and Profit
Puppet modules for Fun and ProfitPuppet modules for Fun and Profit
Puppet modules for Fun and Profit
Alessandro Franceschi
Drupal 8: Fields reborn
Drupal 8: Fields rebornDrupal 8: Fields reborn
Drupal 8: Fields reborn
Pablo L坦pez Escob辿s
Pi
PiPi
Pi
Hiro Asari
Hooks and Events in Drupal 8
Hooks and Events in Drupal 8Hooks and Events in Drupal 8
Hooks and Events in Drupal 8
Nida Ismail Shah
The state of hooking into Drupal - DrupalCon Dublin
The state of hooking into Drupal - DrupalCon DublinThe state of hooking into Drupal - DrupalCon Dublin
The state of hooking into Drupal - DrupalCon Dublin
Nida Ismail Shah
Puppet Camp Berlin 2014: Manageable puppet infrastructure
Puppet Camp Berlin 2014: Manageable puppet infrastructurePuppet Camp Berlin 2014: Manageable puppet infrastructure
Puppet Camp Berlin 2014: Manageable puppet infrastructure
Puppet
Symfony tips and tricks
Symfony tips and tricksSymfony tips and tricks
Symfony tips and tricks
Mariusz Kozowski
Intro to-puppet
Intro to-puppetIntro to-puppet
Intro to-puppet
F.L. Jonathan Ara単a Cruz
Comparatives2
Comparatives2Comparatives2
Comparatives2
Tuba Yalt脹r
从仂亟 亟亳仆亞亠舒
从仂亟 亟亳仆亞亠舒从仂亟 亟亳仆亞亠舒
从仂亟 亟亳仆亞亠舒
Ruslan Safin

More Related Content

What's hot (20)

Puppet Camp Boston 2014: Greenfield Puppet: Getting it right from the start (...
Puppet Camp Boston 2014: Greenfield Puppet: Getting it right from the start (...Puppet Camp Boston 2014: Greenfield Puppet: Getting it right from the start (...
Puppet Camp Boston 2014: Greenfield Puppet: Getting it right from the start (...
Puppet
Introducing Assetic: Asset Management for PHP 5.3
Introducing Assetic: Asset Management for PHP 5.3Introducing Assetic: Asset Management for PHP 5.3
Introducing Assetic: Asset Management for PHP 5.3
Kris Wallsmith
Alessandro sf 2010
Alessandro sf 2010Alessandro sf 2010
Alessandro sf 2010
Puppet
Render API - Pavel Makhrinsky
Render API - Pavel MakhrinskyRender API - Pavel Makhrinsky
Render API - Pavel Makhrinsky
DrupalCampDN
10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)
10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)
10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)
arcware
WordPress plugin #3
WordPress plugin #3WordPress plugin #3
WordPress plugin #3
giwoolee
WordPress for developers - phpday 2011
WordPress for developers - phpday 2011WordPress for developers - phpday 2011
WordPress for developers - phpday 2011
Maurizio Pelizzone
Puppet for Sys Admins
Puppet for Sys AdminsPuppet for Sys Admins
Puppet for Sys Admins
Puppet
Puppi. Puppet strings to the shell
Puppi. Puppet strings to the shellPuppi. Puppet strings to the shell
Puppi. Puppet strings to the shell
Alessandro Franceschi
Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011
Puppet
With a Mighty Hammer
With a Mighty HammerWith a Mighty Hammer
With a Mighty Hammer
Ben Scofield
A Little Backbone For Your App
A Little Backbone For Your AppA Little Backbone For Your App
A Little Backbone For Your App
Luca Mearelli
Puppet modules for Fun and Profit
Puppet modules for Fun and ProfitPuppet modules for Fun and Profit
Puppet modules for Fun and Profit
Alessandro Franceschi
Drupal 8: Fields reborn
Drupal 8: Fields rebornDrupal 8: Fields reborn
Drupal 8: Fields reborn
Pablo L坦pez Escob辿s
Pi
PiPi
Pi
Hiro Asari
Hooks and Events in Drupal 8
Hooks and Events in Drupal 8Hooks and Events in Drupal 8
Hooks and Events in Drupal 8
Nida Ismail Shah
The state of hooking into Drupal - DrupalCon Dublin
The state of hooking into Drupal - DrupalCon DublinThe state of hooking into Drupal - DrupalCon Dublin
The state of hooking into Drupal - DrupalCon Dublin
Nida Ismail Shah
Puppet Camp Berlin 2014: Manageable puppet infrastructure
Puppet Camp Berlin 2014: Manageable puppet infrastructurePuppet Camp Berlin 2014: Manageable puppet infrastructure
Puppet Camp Berlin 2014: Manageable puppet infrastructure
Puppet
Symfony tips and tricks
Symfony tips and tricksSymfony tips and tricks
Symfony tips and tricks
Mariusz Kozowski
Intro to-puppet
Intro to-puppetIntro to-puppet
Intro to-puppet
F.L. Jonathan Ara単a Cruz
Puppet Camp Boston 2014: Greenfield Puppet: Getting it right from the start (...
Puppet Camp Boston 2014: Greenfield Puppet: Getting it right from the start (...Puppet Camp Boston 2014: Greenfield Puppet: Getting it right from the start (...
Puppet Camp Boston 2014: Greenfield Puppet: Getting it right from the start (...
Puppet
Introducing Assetic: Asset Management for PHP 5.3
Introducing Assetic: Asset Management for PHP 5.3Introducing Assetic: Asset Management for PHP 5.3
Introducing Assetic: Asset Management for PHP 5.3
Kris Wallsmith
Alessandro sf 2010
Alessandro sf 2010Alessandro sf 2010
Alessandro sf 2010
Puppet
Render API - Pavel Makhrinsky
Render API - Pavel MakhrinskyRender API - Pavel Makhrinsky
Render API - Pavel Makhrinsky
DrupalCampDN
10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)
10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)
10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)
arcware
WordPress plugin #3
WordPress plugin #3WordPress plugin #3
WordPress plugin #3
giwoolee
WordPress for developers - phpday 2011
WordPress for developers - phpday 2011WordPress for developers - phpday 2011
WordPress for developers - phpday 2011
Maurizio Pelizzone
Puppet for Sys Admins
Puppet for Sys AdminsPuppet for Sys Admins
Puppet for Sys Admins
Puppet
Puppi. Puppet strings to the shell
Puppi. Puppet strings to the shellPuppi. Puppet strings to the shell
Puppi. Puppet strings to the shell
Alessandro Franceschi
Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011
Puppet
With a Mighty Hammer
With a Mighty HammerWith a Mighty Hammer
With a Mighty Hammer
Ben Scofield
A Little Backbone For Your App
A Little Backbone For Your AppA Little Backbone For Your App
A Little Backbone For Your App
Luca Mearelli
Puppet modules for Fun and Profit
Puppet modules for Fun and ProfitPuppet modules for Fun and Profit
Puppet modules for Fun and Profit
Alessandro Franceschi
Drupal 8: Fields reborn
Drupal 8: Fields rebornDrupal 8: Fields reborn
Drupal 8: Fields reborn
Pablo L坦pez Escob辿s
Pi
PiPi
Pi
Hiro Asari
Hooks and Events in Drupal 8
Hooks and Events in Drupal 8Hooks and Events in Drupal 8
Hooks and Events in Drupal 8
Nida Ismail Shah
The state of hooking into Drupal - DrupalCon Dublin
The state of hooking into Drupal - DrupalCon DublinThe state of hooking into Drupal - DrupalCon Dublin
The state of hooking into Drupal - DrupalCon Dublin
Nida Ismail Shah
Puppet Camp Berlin 2014: Manageable puppet infrastructure
Puppet Camp Berlin 2014: Manageable puppet infrastructurePuppet Camp Berlin 2014: Manageable puppet infrastructure
Puppet Camp Berlin 2014: Manageable puppet infrastructure
Puppet
Symfony tips and tricks
Symfony tips and tricksSymfony tips and tricks
Symfony tips and tricks
Mariusz Kozowski
Intro to-puppet
Intro to-puppetIntro to-puppet
Intro to-puppet
F.L. Jonathan Ara単a Cruz

Viewers also liked (11)

Comparatives2
Comparatives2Comparatives2
Comparatives2
Tuba Yalt脹r
从仂亟 亟亳仆亞亠舒
从仂亟 亟亳仆亞亠舒从仂亟 亟亳仆亞亠舒
从仂亟 亟亳仆亞亠舒
Ruslan Safin
Lawyers to avoid by Alan Weiss
Lawyers to avoid by Alan WeissLawyers to avoid by Alan Weiss
Lawyers to avoid by Alan Weiss
aussiedivorce.com.au
Job specification
Job specificationJob specification
Job specification
Ponta Nath
RabbitMQ - 仂弍仄亠仆 仂仂弍亠仆亳礆亳, 从仂仂亶 仗仂仂 舒弍仂舒亠
RabbitMQ - 仂弍仄亠仆 仂仂弍亠仆亳礆亳, 从仂仂亶 仗仂仂 舒弍仂舒亠RabbitMQ - 仂弍仄亠仆 仂仂弍亠仆亳礆亳, 从仂仂亶 仗仂仂 舒弍仂舒亠
RabbitMQ - 仂弍仄亠仆 仂仂弍亠仆亳礆亳, 从仂仂亶 仗仂仂 舒弍仂舒亠
Ruslan Safin
ByndyuSoft 1 亞仂亟 亞仍舒亰舒仄亳 仗仂亞舒仄仄亳舒
ByndyuSoft 1 亞仂亟 亞仍舒亰舒仄亳 仗仂亞舒仄仄亳舒ByndyuSoft 1 亞仂亟 亞仍舒亰舒仄亳 仗仂亞舒仄仄亳舒
ByndyuSoft 1 亞仂亟 亞仍舒亰舒仄亳 仗仂亞舒仄仄亳舒
Ruslan Safin
Tugas dan tanggung jawab guru
Tugas dan tanggung jawab guruTugas dan tanggung jawab guru
Tugas dan tanggung jawab guru
Deni Hernita Lubis
Divorce in australia by Aussie Divorce
Divorce in australia by Aussie DivorceDivorce in australia by Aussie Divorce
Divorce in australia by Aussie Divorce
aussiedivorce.com.au
Makalah voltmeter
Makalah voltmeterMakalah voltmeter
Makalah voltmeter
Deni Hernita Lubis
Belen bus tolbor tootsoo
Belen bus tolbor tootsooBelen bus tolbor tootsoo
Belen bus tolbor tootsoo
丶仂亞仂仂 舒唏
Internet des ObjetsInternet des Objets
Internet des Objets
Dhiaeddine Loghmari
Comparatives2
Comparatives2Comparatives2
Comparatives2
Tuba Yalt脹r
从仂亟 亟亳仆亞亠舒
从仂亟 亟亳仆亞亠舒从仂亟 亟亳仆亞亠舒
从仂亟 亟亳仆亞亠舒
Ruslan Safin
Lawyers to avoid by Alan Weiss
Lawyers to avoid by Alan WeissLawyers to avoid by Alan Weiss
Lawyers to avoid by Alan Weiss
aussiedivorce.com.au
Job specification
Job specificationJob specification
Job specification
Ponta Nath
RabbitMQ - 仂弍仄亠仆 仂仂弍亠仆亳礆亳, 从仂仂亶 仗仂仂 舒弍仂舒亠
RabbitMQ - 仂弍仄亠仆 仂仂弍亠仆亳礆亳, 从仂仂亶 仗仂仂 舒弍仂舒亠RabbitMQ - 仂弍仄亠仆 仂仂弍亠仆亳礆亳, 从仂仂亶 仗仂仂 舒弍仂舒亠
RabbitMQ - 仂弍仄亠仆 仂仂弍亠仆亳礆亳, 从仂仂亶 仗仂仂 舒弍仂舒亠
Ruslan Safin
ByndyuSoft 1 亞仂亟 亞仍舒亰舒仄亳 仗仂亞舒仄仄亳舒
ByndyuSoft 1 亞仂亟 亞仍舒亰舒仄亳 仗仂亞舒仄仄亳舒ByndyuSoft 1 亞仂亟 亞仍舒亰舒仄亳 仗仂亞舒仄仄亳舒
ByndyuSoft 1 亞仂亟 亞仍舒亰舒仄亳 仗仂亞舒仄仄亳舒
Ruslan Safin
Tugas dan tanggung jawab guru
Tugas dan tanggung jawab guruTugas dan tanggung jawab guru
Tugas dan tanggung jawab guru
Deni Hernita Lubis
Divorce in australia by Aussie Divorce
Divorce in australia by Aussie DivorceDivorce in australia by Aussie Divorce
Divorce in australia by Aussie Divorce
aussiedivorce.com.au
Makalah voltmeter
Makalah voltmeterMakalah voltmeter
Makalah voltmeter
Deni Hernita Lubis
Belen bus tolbor tootsoo
Belen bus tolbor tootsooBelen bus tolbor tootsoo
Belen bus tolbor tootsoo
丶仂亞仂仂 舒唏
Internet des ObjetsInternet des Objets
Internet des Objets
Dhiaeddine Loghmari

Similar to Puppet atbazaarvoice (20)

Harmonious Development: Via Vagrant and Puppet
Harmonious Development: Via Vagrant and PuppetHarmonious Development: Via Vagrant and Puppet
Harmonious Development: Via Vagrant and Puppet
Achieve Internet
infra-as-code
infra-as-codeinfra-as-code
infra-as-code
Itamar Hassin
Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013
grim_radical
Fixing Growing Pains With Puppet Data Patterns
Fixing Growing Pains With Puppet Data PatternsFixing Growing Pains With Puppet Data Patterns
Fixing Growing Pains With Puppet Data Patterns
Martin Jackson
Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)
DECK36
Ansible, voyage au centre de l'automatisation
Ansible, voyage au centre de l'automatisationAnsible, voyage au centre de l'automatisation
Ansible, voyage au centre de l'automatisation
Mickael Hubert
Webinar - Managing Files with Puppet
Webinar - Managing Files with PuppetWebinar - Managing Files with Puppet
Webinar - Managing Files with Puppet
OlinData
PuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into OperationsPuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into Operations
grim_radical
Puppet at janrain
Puppet at janrainPuppet at janrain
Puppet at janrain
Puppet
Building Cloud Castles
Building Cloud CastlesBuilding Cloud Castles
Building Cloud Castles
Ben Scofield
Strategies for Puppet code upgrade and refactoring
Strategies for Puppet code upgrade and refactoringStrategies for Puppet code upgrade and refactoring
Strategies for Puppet code upgrade and refactoring
Alessandro Franceschi
Puppet getting started by Dirk G旦tz
Puppet getting started by Dirk G旦tzPuppet getting started by Dirk G旦tz
Puppet getting started by Dirk G旦tz
NETWAYS
Puppet evolutions
Puppet evolutionsPuppet evolutions
Puppet evolutions
Alessandro Franceschi
Improving Operations Efficiency with Puppet
Improving Operations Efficiency with PuppetImproving Operations Efficiency with Puppet
Improving Operations Efficiency with Puppet
Nicolas Brousse
Greenfield Puppet: Getting it right from the start
Greenfield Puppet: Getting it right from the startGreenfield Puppet: Getting it right from the start
Greenfield Puppet: Getting it right from the start
David Danzilio
Puppet quick start guide
Puppet quick start guidePuppet quick start guide
Puppet quick start guide
Suhan Dharmasuriya
Developing IT infrastructures with Puppet
Developing IT infrastructures with PuppetDeveloping IT infrastructures with Puppet
Developing IT infrastructures with Puppet
Alessandro Franceschi
Short lived immutable servers with masterless puppet
Short lived immutable servers with masterless puppetShort lived immutable servers with masterless puppet
Short lived immutable servers with masterless puppet
Neil Millard
From SaltStack to Puppet and beyond...
From SaltStack to Puppet and beyond...From SaltStack to Puppet and beyond...
From SaltStack to Puppet and beyond...
Yury Bushmelev
Puppet Troubleshooting
Puppet TroubleshootingPuppet Troubleshooting
Puppet Troubleshooting
Puppet
Harmonious Development: Via Vagrant and Puppet
Harmonious Development: Via Vagrant and PuppetHarmonious Development: Via Vagrant and Puppet
Harmonious Development: Via Vagrant and Puppet
Achieve Internet
infra-as-code
infra-as-codeinfra-as-code
infra-as-code
Itamar Hassin
Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013
grim_radical
Fixing Growing Pains With Puppet Data Patterns
Fixing Growing Pains With Puppet Data PatternsFixing Growing Pains With Puppet Data Patterns
Fixing Growing Pains With Puppet Data Patterns
Martin Jackson
Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)
DECK36
Ansible, voyage au centre de l'automatisation
Ansible, voyage au centre de l'automatisationAnsible, voyage au centre de l'automatisation
Ansible, voyage au centre de l'automatisation
Mickael Hubert
Webinar - Managing Files with Puppet
Webinar - Managing Files with PuppetWebinar - Managing Files with Puppet
Webinar - Managing Files with Puppet
OlinData
PuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into OperationsPuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into Operations
grim_radical
Puppet at janrain
Puppet at janrainPuppet at janrain
Puppet at janrain
Puppet
Building Cloud Castles
Building Cloud CastlesBuilding Cloud Castles
Building Cloud Castles
Ben Scofield
Strategies for Puppet code upgrade and refactoring
Strategies for Puppet code upgrade and refactoringStrategies for Puppet code upgrade and refactoring
Strategies for Puppet code upgrade and refactoring
Alessandro Franceschi
Puppet getting started by Dirk G旦tz
Puppet getting started by Dirk G旦tzPuppet getting started by Dirk G旦tz
Puppet getting started by Dirk G旦tz
NETWAYS
Puppet evolutions
Puppet evolutionsPuppet evolutions
Puppet evolutions
Alessandro Franceschi
Improving Operations Efficiency with Puppet
Improving Operations Efficiency with PuppetImproving Operations Efficiency with Puppet
Improving Operations Efficiency with Puppet
Nicolas Brousse
Greenfield Puppet: Getting it right from the start
Greenfield Puppet: Getting it right from the startGreenfield Puppet: Getting it right from the start
Greenfield Puppet: Getting it right from the start
David Danzilio
Puppet quick start guide
Puppet quick start guidePuppet quick start guide
Puppet quick start guide
Suhan Dharmasuriya
Developing IT infrastructures with Puppet
Developing IT infrastructures with PuppetDeveloping IT infrastructures with Puppet
Developing IT infrastructures with Puppet
Alessandro Franceschi
Short lived immutable servers with masterless puppet
Short lived immutable servers with masterless puppetShort lived immutable servers with masterless puppet
Short lived immutable servers with masterless puppet
Neil Millard
From SaltStack to Puppet and beyond...
From SaltStack to Puppet and beyond...From SaltStack to Puppet and beyond...
From SaltStack to Puppet and beyond...
Yury Bushmelev
Puppet Troubleshooting
Puppet TroubleshootingPuppet Troubleshooting
Puppet Troubleshooting
Puppet

Puppet atbazaarvoice

  • 2. Hi, my name is Dave. DevOps Engineer at Bazaarvoice. Started working with puppet in 2008 while working at Bioware. First version was 0.24. At Bioware, puppet configured over 14k nodes that comprised of web servers, databases and game servers. All 5 datacenters (in California, Virginia, Ireland, Australia and Texas) housed puppet managed nodes that all reported back to a centralized puppet dashboard. My contact info: http://www.linkedin.com/in/jamesbarcelo
  • 3. Bazaarvoice Plug We do embedded DevOps! Application teams are responsible for their applications operation success. 2.0 stack is 100% in Amazon! Conferences! Work on awesome projects with spiffy tech like Cassandra or ElasticSearch. Send me your resume! Dave.barcelo@bazzarvoice.com
  • 4. Preview presentation Puppet in the legacy stack. Puppet in the Data Infrastructure Team. Focus on client/server. Puppet in the Data Services Team. Focus on masterless puppet.
  • 5. Puppet in the Legacy Infrastructure Traditional puppet use with client/server. Multiple levels of inheritance. Puppet managed instances were configured according to DNS naming convention. node /my-hostname/ { }
  • 6. Some issues encountered: Very hard to work with. Very complex. Large codebase. Adds to complexity. No confidence in making changes. Side effects feared after code change. A jinga tower of puppet code. Too many pivot points. Many places to configure. Adds to complexity. Lots of code rot. Had not been refactored.
  • 7. Puppet master/client in Data Infrastructure teams
  • 8. Architecture Each server type we care about will be referenced by its role. We only care about roles, not hostnames. Centered around an uber IT tools server that runs everything ops (including puppet) to do work in an environment. The Mothership. Hiera and parameterized classes will be used to create generic puppet modules that can be reused for different roles. Development will be centered on using puppet environments on the Mothership to protect devs from stepping on each other.
  • 9. Mothership Contains a cocktail of different application tools for doing work in the environment. Tools included: Mcollective/ActiveMQ Puppet server Puppet managed operation scripts. Motherships configured to be highly available in regular AWS fashion(Autoscaling, cluster multiple activeMQ, etc). Advertises multiple puppet environments that clients can switch between via environments.
  • 10. What is a Universe?
  • 11. Anatomy of a Mothership
  • 12. Methods of passing in data Getting environment data into puppet configuration. Hiera datastore. Puppet stdlib/tags.txt Cloud formation parameters Universe, VPC
  • 13. Puppet Stdlib/facts.d Bootstrap process (EC2 user data) populates /etc/facter/facts.d/tags.txt with mappings. These mappings become facters. Example of data in tags.txt: Universe value. Ec2 metadata. /etc/facter/facts.d/tags.txt: universe=dev Tag_region=us-east-1
  • 14. Hiera datastore Hiera is used extensively where different data needs to be passed into puppet according to context. Different contexts would include: Amazon region. Instance role. Universe. Example usage: $app_version = hiera(app_version, nil)
  • 15. /etc/hiera.yaml -- :logger: console :hierarchy: - %{fqdn} - 10-team/%{team}/10-region/%{tag_region}/10-universe/%{universe}/10-roles/%{role} - 10-team/%{team}/10-region/%{tag_region}/10-universe/%{universe}/20-common - 10-team/%{team}/10-region/%{tag_region}/20-roles/%{role} - 10-team/%{team}/10-region/%{tag_region}/30-common - 10-team/%{team}/20-universe/%{universe}/10-roles/%{role} - 10-team/%{team}/20-universe/%{universe}/20-common - 10-team/%{team}/30-roles/%{role} - 10-team/%{team}/40-common - 40-common - environments :backends: - yaml - json :yaml: :datadir: /etc/puppet_env/%{environment}/manifests/hieradata :json: :datadir: /etc/puppet/env/global_hieradata
  • 18. Puppet code on the Mothership The files that do the things: /etc/puppet/puppet.conf /etc/puppet/env/global_hieradata/environments.j son /etc/puppet/puppetmaster.conf /etc/puppet_env/{puppet_env}/ manifests/ modules/
  • 19. /etc/puppet/puppet.conf # File managed by Puppet. ssldir = $vardir/ssl [main] [agent] vardir = /var/lib/puppet runinterval = 1800 logdir = /var/log/puppet ca_server = <%= ca_srv %> rundir = /var/run/puppet server = <%= logical_srv %> ssldir = $vardir/ssl certificate_revocation = False environment = <%= environment %> usecacheonfailure = true report = true pluginsync = true factpath = $vardir/lib/facter preferred_serialization_format = yaml [user] vardir = /var/lib/puppet logdir = /var/log/puppet rundir = /var/run/puppet
  • 20. /etc/puppet/env/global_hieradata/env ironments.json { "environments": [ { "cert": [ { "modulepath": "/etc/puppet_env/cert/modules" }, { "manifestdir": "/etc/puppet_env/cert/manifests" }, { "manifest": "/etc/puppet_env/cert/manifests/site.pp" } ] } }
  • 21. /etc/puppet/puppetmaster.conf [main] # Puppetdb. vardir = /var/lib/puppet storeconfigs = true logdir = /var/log/puppet storeconfigs_backend = puppetdb rundir = /var/run/puppet <% end %> ssldir = $vardir/ssl [user] usecacheonfailure = true vardir = /var/lib/puppet pluginsync = true logdir = /var/log/puppet factpath = $vardir/lib/facter rundir = /var/run/puppet preferred_serialization_format = yaml ssldir = $vardir/ssl syslogfacility = local1 # Environments [master] <% environments.each do |env_val| -%> certname=<%= certname %> <% env_val.keys.each do |env_key| -%> ca = True [<%= env_key -%>] certificate_revocation=False <% env_val[env_key].each do |env_data| -%> dns_alt_names=<%= logical_srv %> <% env_data.each_pair do |k, v| -%> ssl_client_header = SSL_CLIENT_S_DN <%= k %> = <%= v -%> ssl_client_verify_header = SSL_CLIENT_VERIFY <% end %> autosign = true <% end %> <% end %> # For puppet dashboard reporting. <% end %> reports = store, datadog_reports <% if store_configs == true %>
  • 22. /etc/puppet_env/{env}/manifests/site. pp import 'roles/*.pp' node default { class { 'basenode_role': } class { "$tag_role": } }
  • 23. /etc/puppet_env/{env}/manifests/role /00_basenode.pp class basenode_role { class { security: } class { monitoring: } .. }
  • 24. /etc/puppet_env/{env}/manifests/role /mothership_role.pp class mothership_role { class { 'puppet': master => true, ca_srv => $tag_caserver, logical_srv => $tag_puppet_server, } }
  • 26. Masterless Puppet in Data Services Teams
  • 27. Architecture Still keeping bits of the Mothership project: Applications/Services scoped in zookeeper by Universe. Emphasis is put on making things simpler. Puppet code will not be monolithic. Individual application teams will only need to maintain there own modules/manifests. Changes to modules/manifests will not impact other teams.
  • 28. Methods of passing in data The usual suspects: Puppet stdlib/tags.txt. Hiera. Cloud formation parameters Universe, VPC Some new ones: EC2 data/metadata -> facter. Zookeeper. Cloud formation parameters - DeployTag
  • 29. getEC2data_cache.rb Script runs out of /etc/facts.d that converts EC2 data/metadata into facts.
  • 30. Zookeeper/Ostrich Custom functions to pull data from zookeeper the same way applications do discovery.
  • 32. Puppet code in Masterless No more Mothership. All work is done via puppet apply. /etc/hiera.yaml /etc/puppet/manifests/{role}.pp /etc/puppet/manifests/00_common.pp /etc/puppet/manifests/01_users.pp /etc/puppet/modules/
  • 33. /etc/hiera.yaml -- :logger: console :hierarchy: - %{fqdn} - 10-universe/%{universe}/10-roles/%{role} - 10-universe/%{universe}/20-common - 20-roles/%{role} - 30-common :backends: - yaml :yaml: :datadir: /etc/puppet/manifests/hieradata
  • 34. /etc/puppet/manifests/{role}.pp import '00_common' node default { # This class contains common modules that should be used by all roles. class { 'common': } class { 'activemq: } -> class { 'mcollective': server => true, client => true, } }
  • 35. /etc/puppet/manifests/00_common.p p import '01_users' ##################################### # Common ##################################### class common { class { 'stdlib': } file { '/opt/bazaarvoice': ensure => directory, } # Authorized keys for project developers. class { 'user_setup': stage => setup, } host { 'internal_ip': ensure => 'present', name => $fqdn, ip => $ipaddress, } class { 'prompt': } }
  • 36. /etc/puppet/manifests/01_users.pp class user_setup { include users users::user { 'dbarcelo': groups => 'wheel', sshKey => 'ssh-dss AAAAB3NzaC1kc3MAAACBANL1zoZdYJp/6vQ4G5iNQXjdJ7NGmK0J2eqHbztvuD0CBPyqMuEtuYKRg14tFd4iwp5EpnT4UWpv8kXF/dkEN3b5xgN/R+1hYq7/3m nRLchMFTl0tyryLuARC9zTI003mQrXd/W9jzXaNlCTpxh8Ihj2Ov3lvAAX65tN9nijxhCTAAAAFQCgMU0obmTLo5CRYtRwDCkj1mb2hQAAAIAiZF9axkCvMa9vwigD iAf3rNMbut1gtqtwdzux8c9T1inApKV5sccjg5POKm+4WmWTBOtQfYR8cNot2Mn/mO+MRiKH8sYapYnU2es+KRBmhdARE+N7EqdD0WqoP7NrsNVbObHwDQB NkODuc3ZPyTQuqv/w4poTXaS5u5M1XZbgZwAAAIEAjt4r7SN1I/m0V/TvedTVxJvKln4wZkFxyI5CAgpsAr435kwSLM08R9Hd0/5Vy9LfhYpH1aZTBaoTqmTCtnv3 mp1coXoscEp5nE0llfm+4DX3YvWnR80S/OeMUe71Ucm1ORwFpST/K4WKQoZ30TAVVsc8nYy2hyD7hyozjzsS09o= dave.barcelo@dbarcelo-mbpro' } users::user { 'lwadhwani': groups => 'wheel', sshKey => 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAysFCPpffw9LIOqAEFZxOOb52m2FbHhumBFc07o8sm3c4cmdLq/bBtr5TyuQp89zVNEaTGRbw1nMpQCDno4i5ipTvCLoKk OE1PRdtyJw6PGu6VV/0U1ghK+1xmveM2jDX/otj5hjnQiRm1+Fx/orYwNBkywDlDHZQCGxalWaFgXVyReCRUqq0jBwj3EKJfsQgoxuSrh7F6GjsQ6DUOsA3wBfew S25hPmhulEqvga4/P58BMHemL9d4Ugu98Vg7fgaur/b1adX+LzbmE6C2T4Gn1kzAOEct6bFgLPRj3n5/EaspdOsZ/Nnik0LUvIwZNHgDCLgkS0D8aMIsiUrB4OqSw == luveen@Pantalaimon' } }
  • 37. /etc/puppet/modules/ Do stuff! Code is still generic but it does not have to be.

Editor's Notes

  • #5: Talk will be based in AWS.Explain facter/mcollectiveGoing to make these talks from perspective of:Architecture (High light)Puppet Execution flowDev workflowDisclamer about the word we
  • #6: We do devops
  • #8: ----- Meeting Notes (4/8/13 14:33) -----Learn from legacy stack
  • #9: First point is significant
  • #13: ----- Meeting Notes (4/8/13 15:00) -----ExplainChange runtime data into environemnt
  • #16: ----- Meeting Notes (4/8/13 15:00) ---ExplainFacter
  • #19: Puppet master is a puppet client like anyother
  • #22: ----- Meeting Notes (4/8/13 15:00) -----Explain DTP
  • #33: Give props to Jona and Shawn
AboutCopyright
息 2025 際際滷