The Long, Twisty Road to Automation: Implementing Puppet at the University of Saskatchewan

environment

how

lessons

future

2

environment

3

service catalog

Alumni and Advancement

Consumer Information

Facilities Mangement

Library Systems

Application Development

Content and Collaboration

Finance and Procurement

Printing Services

Assesment Services

Device Management Human Resources Relationship Management

BroadCast and Streaming

Email and Calendering

Identity and Access Reporting, Data and Analytics

Classroom Technology

Emergency Notification

Learning Management

Research Computing

Communications E-Portfolio Lecture Capture Storage

4

application catalog

5

before

•  templates

•  automation

•  group policy

•  scripts

•  manual documentation

6

challenges

●  change control

●  culture change

●  development/test/production

●  ill defined standards

●  silos

7

why bother

8

we have problems

•  speed up deployment.

•  configuration drift

•  standardize

•  troubleshooting

9

how

10

getting started

•  weekly architecture team meetings

•  puppet ramp up project

•  on site training

11

puppet architecture # production branch control-repo/PuppetFile

forge http://forge.puppetlabs.com

# Modules from the Puppet Forge

mod "puppetlabs/inifile", '1.4.2‘

# systems written modules

moduledir 'site-modules/systems'

mod 'profiles',

:git => 'git@git.usask.ca:puppet/profiles.git',

:ref => 'production'

mod 'roles',

:git => 'git@git.usask.ca:puppet/roles.git',

:ref => 'production'

12

initial git code workflow

13

production

test

development

merge

merge

better git code workflow

14 14

production

test

development merge

merge

feature

merge

15

class roles::analytics {

include profiles::base_rhel

include profiles::apache

include profiles::mod_auth_cas

include profiles::mysql

::apache::mod { 'auth_basic': }

::apache::mod { 'authn_file': }

class { 'profiles::php':

display_errors => 'Off',

display_startup_errors => 'On',

track_errors => 'On',

}

class profiles::mod_auth_cas {

package { 'sds-mod_auth_cas': ensure => 'installed',}

file { '/etc/httpd/conf.d/z50_mod_auth_cas.conf':

ensure => present,

require => Package['httpd'],

content => '# CAS setup

LoadModule auth_cas_module modules/mod_auth_cas.so

CASCookiePath /var/mod_auth_cas/

CASLoginURL https://<redacted>/cas/login

CASValidateURL https://<redacted>/cas/serviceValidate

CASTimeout 36000

CASIdleTimeout 3600

<Location /> CASScope / </Location>',}

16

class roles::cs_bookware_as {

case $::hostname {

/^books(dev|test)?$/: {

accounts::user {'SASK':

comment => 'Bookware application account',

home => '/home/SASK/USERS',

home_mode => '750',

}

/^booksdb(dev|test)?$/: {

postgresql::server::config_entry { 'max_connections' :

ensure => present,

value => '200',

}

17

18

19

useful mco commands

mco find –W profiles::apache

mco puppet disable "Investigating a problem with the apache module. -NF" -

C /profiles::apache/

mco package mariadb status

20

lessons

21

lessons learned

•  confine custom facts by kernel

•  confine :kernel => %w(Linux SunOS FreeBSD Darwin)

•  https://puppet.com/blog/wsus-client-module-beginners-guide

•  long lived branches make more work

•  base_os generic role

22

more lessons

Windows I can do that with a

gpo

Linux I have to do a lot of

typing just to change one file?

Dba’s Thou shalt not play in

development

Service owners How are you slower at

this.

23

Are we getting better?

24

•  PCI DSS

•  increase speed of deployment

•  centrally managed system administrators desktop

future

25

Room for improvement

•  code review

•  pull requests

•  dynamic environments

•  large number of role classes

•  vRealize

26

Questions?

@linuxgurl

jennifer.hadley@usask.ca

27