Embed Size (px)
Citation preview
Getting to the Latest Puppet
1
Elizabeth Wittig PlumbSenior Technical Account Manager
Nate McCurdySenior Professional Services Engineer
2
The Breakdown
Why should I upgrade?
What do I need?
Anything else I should know?Walk me through this
– what do I do?
3
Why Should I upgrade?
4
Language● Iteration!
● Type system○ Class parameter validation○ Future proof for additional
awesomeness
● Cleaner Puppet code○ No more reliance on stdlib
functions
Other
● All-in-one agent packaging
● New features in Puppet Enterprise
● Stability and scalability
… because Puppet 4 is AWESOME
Puppet Enterprise 3.8 is end-of-life
December 31
5
6
Ch-Ch-Ch-Ch-Changes
Code Changes
We’ve got a new compiler & new
language features
Directory Changes
The all-in-one agent means we’ve moved some things around
Classification Changes
Do you use theimport( ) function?
Console Changes
Whoa! Look at all those node groups!
https://docs.puppet.com/puppet/latest/reference/lang_updating_manifests.html
7
in place upgrade < migration
8
What do I need?
Preview Box, where you’ll make sure the code is ready for the future
Puppet Enterprise latest, your agents will aspire to be here
9
So here’s what you’ve gotta do:
Preview Box:• Puppet Enterprise 3.8 Master• Catalog Preview module installed• r10k (or a copy of your code)• parser = future
Puppet Enterprise2016.4 Master
Puppet Agents
Fast Feedback Loop Doesn’t impact work the agent is doing
Compare your catalogs in Puppet 3 vs 4
Why guess?
A 3.8 master with the catalog preview modulehttps://forge.puppet.com/puppetlabs/catalog_preview
10
What’s a preview box?
11
Catalog Preview identifies 2 types of issues
~$ puppet preview \
--baseline-environment production \
--preview-environment future_production \
--migrate 3.8/4.0 \
--nodes nodes.txt \
--view overview
Migration Issues
Differences(conflicts)
12
[root@pe-386-master ~]# /opt/puppet/bin/puppet preview --baseline-environment production --preview-environment future_production --migrate 3.8/4.0 --nodes /vagrant/nodes.txt --view overview Stats Total number of nodes: 10, 100.0% Conflicting..........: 7, 70.0% Compliant............: 0, 0.0% Equal................: 0, 0.0%
Baseline Errors (by manifest) Nodes..: agiledbtest2.example.com, monprod1.example.com Issues.:'Duplicate declaration: File[u01] is already declared in file /etc/puppetlabs/puppet/environments/production/site/example/manifests/oracle.pp:351; cannot redeclare (…snip…)Preview Errors (by manifest)
/etc/puppetlabs/puppet/environments/future_production/site/example/manifests/service-account.pp Nodes..: pocdbtest1.example.com Issues.: ILLEGAL_DEFINTION_NAME: 'Unacceptable name. The name 'example::service-account' is unacceptable as the name of a Host Class Definition' at line 1, column 1Preview Errors (by issue) ILLEGAL_DEFINTION_NAME (1)
/etc/puppetlabs/puppet/environments/future_production/site/example/manifests/service-account.pp:1:1Preview Warnings (by issue) MIGRATE4_AMBIGUOUS_INTEGER (77) /etc/puppetlabs/puppet/environments/future_production/manifests/compliance.pp:90:15 MIGRATE4_EMPTY_STRING_TRUE (21) /etc/puppetlabs/puppet/environments/future_production/site/example/manifests/init.pp:[16:6,21:6,26:6]
Top ten nodes with most issues node name errors warnings diffs --------------------------- -------- -------- -------- agiledbtest2.example.com 1 0 0 monprod1.example.com 1 0 0 pocdbtest1.example.com 1 0 0 obiaappstage2.example.com 0 1 71 obiaapptest1.example.com 0 1 71
Summary
Diff
Overview
https://github.com/puppetlabs/prosvc-preview_report 13
Common Migration Warnings
14
MIGRATE4_UC_BAREWORD_IS_TYPE
$pkg_name = $::osfamily ? { Redhat => ‘httpd’, Debian => ‘apache2’, }
MIGRATE4_EQUALITY_TYPE_MISMATCH
'1' == 1 # 4x. false, 3x. true'1' <= 1 # 4x. error, 3x. true
MIGRATE4_REVIEW_IN_EXPRESSION
$foo = undef if $foo in [ ‘one’, ‘two’, ‘blue’ ]
MIGRATE4_EMPTY_STRING_TRUE
15
Differences: This could get messy
--excludes</path/to/excludes.json>
--[no-]diff-array-value
Here are some handy flags to filter out info you don’t care about
16
--[no-]diff-string-numeric
Alright, walk me through this...
17
Directory Environments
18
Workflow Steps: Step 1Get preview box and future infra stood up
19
Workflow Steps: Step 2● Create future_production branch● Enable the future parser
20
Manually
Control Repository
Workflow Steps: Step 3Run “r10k deploy” on preview box
21
[root@pe-386-master]# r10k deploy environment -pv
[INFO] Deploying environment “production”[INFO] Deploying environment “future_production”
Workflow Steps: Step 4Generate first report.
● Run Puppet Preview● Convert JSON to HTML
22
[root@pe-386-master]# puppet preview \
--baseline-environment production \
--preview-environment future_production \
--migrate 3.8/4.0 \
--nodes nodes.txt \
--view overview-json | tee ~/overview.json
[root@pe-386-master]# preview_report.rb \
-f ~/overview.json \
-w ~/preview_report.html
Workflow Steps: Step 5 Find an issue to fix.
Start with any catalog compilation errors, then move to migration warnings / differences
23
Baseline Errors (by manifest) Nodes..: agiledbtest2.example.com Issues.:'Duplicate declaration: File[u01] is already declared in file /etc/puppetlabs/puppet/environments/production/site/example/manifests/oracle.pp:351; cannot redeclare
Workflow Steps: Step 6 Fix the issue.
For simple changes, modify code in future_production
For more complex issues, create a branch off of future_production for that issue
24
Workflow Steps: Step 7 Deploy change to preview box, and run the preview tool again.
Ensure that your issue has been fixed.
25
[root@pe-386-master]# r10k deploy environment -pv
[INFO] Deploying environment “production”[INFO] Deploying environment “future_production”
[root@pe-386-master]# puppet preview \
--baseline-environment production \
--preview-environment future_production \
--migrate 3.8/4.0 \
--nodes nodes.txt \
--view overview-json | tee ~/fix_file_mode.json
[root@pe-386-master]# preview_report.rb \
-f ~/fix_file_mode.json \
-w ~/fix_file_mode.html
Workflow Steps: Step 8 Rinse and repeat
26
27
NOISE
LEGIT
What?! I can’t hear you!
But… catalog_preview only solves part of the problem
We’re only testing catalog compilation, not catalog application
28
29
30
We need to test Catalog Application!
● On the new infrastructure!
● Migrate CA certs to new infrastructure
● puppet agent -t --noop--server=new_infra --environment=future_production
● Merge into production when everything’s
fixed31
Anything else I should know?
32
All this is happening on your diff box, not on your prod systems
33
Don’t worry. Be happy.Catalogs are being compiled using only facts and your code
There’s 2 ways to get facts on the preview box
Query PuppetDB directly Yaml facts cache
34
puppet master --configprint route_file
YAML Facts
If you have thousands of nodes, start with a
representative cross section.
35
[root@pe-386-master ~]# puppet master --configprint yamldir/var/opt/lib/pe-puppet/yaml[root@pe-386-master ~]# tree -C /var/opt/lib/pe-puppet/yaml/var/opt/lib/pe-puppet/yaml├── facts│ ├── agileappprod1.example.com.yaml│ ├── agileappprod2.example.com.yaml│ ├── agileappstage1.example.com.yaml│ ├── agileappstage2.example.com.yaml(...)
puppet preview \ --nodes roles.txt
https://github.com/natemccurdy/puppet-upgrade-workplace
Upgrade your agents with the puppet_agent module and you’re done!
https://forge.puppet.com/puppetlabs/puppet_agent
36
