Upload
puppet
View
94
Download
1
Embed Size (px)
Citation preview
The Long, Twisty Road to Automation: Implementing Puppet at the University of Saskatchewan
environment
how
lessons
future
2
environment
3
service catalog
Alumni and Advancement
Consumer Information
Facilities Mangement
Library Systems
Application Development
Content and Collaboration
Finance and Procurement
Printing Services
Assesment Services
Device Management Human Resources Relationship Management
BroadCast and Streaming
Email and Calendering
Identity and Access Reporting, Data and Analytics
Classroom Technology
Emergency Notification
Learning Management
Research Computing
Communications E-Portfolio Lecture Capture Storage
4
application catalog
5
before
• templates
• automation
• group policy
• scripts
• manual documentation
6
challenges
● change control
● culture change
● development/test/production
● ill defined standards
● silos
7
why bother
8
we have problems
• speed up deployment.
• configuration drift
• standardize
• troubleshooting
9
how
10
getting started
• weekly architecture team meetings
• puppet ramp up project
• on site training
11
puppet architecture # production branch control-repo/PuppetFile
forge http://forge.puppetlabs.com
# Modules from the Puppet Forge
mod "puppetlabs/inifile", '1.4.2‘
# systems written modules
moduledir 'site-modules/systems'
mod 'profiles',
:git => '[email protected]:puppet/profiles.git',
:ref => 'production'
mod 'roles',
:git => '[email protected]:puppet/roles.git',
:ref => 'production'
12
initial git code workflow
13
production
test
development
merge
merge
better git code workflow
14 14
production
test
development merge
merge
feature
merge
15
class roles::analytics {
include profiles::base_rhel
include profiles::apache
include profiles::mod_auth_cas
include profiles::mysql
::apache::mod { 'auth_basic': }
::apache::mod { 'authn_file': }
class { 'profiles::php':
display_errors => 'Off',
display_startup_errors => 'On',
track_errors => 'On',
}
class profiles::mod_auth_cas {
package { 'sds-mod_auth_cas': ensure => 'installed',}
file { '/etc/httpd/conf.d/z50_mod_auth_cas.conf':
ensure => present,
require => Package['httpd'],
content => '# CAS setup
LoadModule auth_cas_module modules/mod_auth_cas.so
CASCookiePath /var/mod_auth_cas/
CASLoginURL https://<redacted>/cas/login
CASValidateURL https://<redacted>/cas/serviceValidate
CASTimeout 36000
CASIdleTimeout 3600
<Location /> CASScope / </Location>',}
16
class roles::cs_bookware_as {
case $::hostname {
/^books(dev|test)?$/: {
accounts::user {'SASK':
comment => 'Bookware application account',
home => '/home/SASK/USERS',
home_mode => '750',
}
/^booksdb(dev|test)?$/: {
postgresql::server::config_entry { 'max_connections' :
ensure => present,
value => '200',
}
17
18
19
useful mco commands
mco find –W profiles::apache
mco puppet disable "Investigating a problem with the apache module. -NF" -
C /profiles::apache/
mco package mariadb status
20
lessons
21
lessons learned
• confine custom facts by kernel
• confine :kernel => %w(Linux SunOS FreeBSD Darwin)
• https://puppet.com/blog/wsus-client-module-beginners-guide
• long lived branches make more work
• base_os generic role
22
more lessons
Windows I can do that with a
gpo
Linux I have to do a lot of
typing just to change one file?
Dba’s Thou shalt not play in
development
Service owners How are you slower at
this.
23
Are we getting better?
24
• PCI DSS
• increase speed of deployment
• centrally managed system administrators desktop
future
25
Room for improvement
• code review
• pull requests
• dynamic environments
• large number of role classes
• vRealize
26