So I Wrote a Manifest

SO I WROTE A MANIFEST…

What next?

Ryan Armstrong@cavaliercoder

cavaliercodercavaliercoder.com

WHAT TO AUTOMATE FIRST?

We shouldn’t be looking at each local area and trying to trim it. We should be trying to optimize the whole system

- Eliyahu M. Goldratt



Project Start

Server build request Change Mgmt Server build QA

Firewall request Change Mgmt

Database request

Storage assessment

Security assessment

Firewall implementation

Server build

Presentation layer request

App install QA

Cap/Av assessment Change Mgmt Storage

provisioningStorage request

Change mgmt Database provisioning

Load Balancer request Change mgmt LB Config

provisioning

Config mgmtRev. Proxy

config provisioing



Man Machine

Method MeasureRyan Armstrong

@cavaliercodercavaliercoder

cavaliercoder.com

# install IIS corepackage { ‘IIS-CommonHttpFeatures’ : ensure => present,}

THE METHOD

Install the IIS Web server feature by navigating to Control Panel, Programs, Turn Windows Features on or off. Drill down to Internet Information Services, World Wide Web Services and tick Common HTTP Features. Click OK, OK.Validate the install by navigating to Administrative Tools, Services and ensure the World Wide Web service is started. Secondly open a web browser and navigate to http://localhost and ensure the IIS Welcome page is displayed.



THE MEASURE

THE MACHINE



THE MAN?OR WOMAN #WWCODE



Any improvements made anywhere besides the bottleneck are an illusion.

- Gene Kim



Project Start

Server build request Change Mgmt Server build QA

Firewall request Change Mgmt

Database request

Storage assessment

Security assessment

Firewall implementation

Server build

Presentation layer request

App install QA

Cap/Av assessment Change Mgmt Storage

provisioningStorage request

Change mgmt Database provisioning

Load Balancer request Change mgmt LB Config

provisioning

Config mgmtRev. Proxy

config provisioing



SOURCE CONTROL





Bug:Doc shot

Branch: Fix Doc shooting

Tag: Doc alive

Bug:McFly Jr

Jailed

Tag: I’m OUT Griff

Branch: Where we’re

going…

Branch: Almanac

Bug: Biff rich!

Branch:Took that guys

wallet Tag: Almanac burned

Release v1.0.0

HTTPS://WWW.ATLASSIAN.COM/GIT/

HTTP://ROGERDUDLER.GITHUB.IO/GIT-GUIDE/



TYING MODULES TOGETHER



IIS 8.5

MVC.Net

Choco

Backup

agentAVAgent

SQL Server

Logstash

Zabbixagent

WSUS

httpd

MySQL

Bambooagent

Vmwaretools

ActiveMQ

IIS 8.5

Java RE

HA Proxy

Tomcat

ElasticSearch

PHP

Redis

ROLES AND PROFILES



- org/ # ‘org’ module - .git/ # git database (hidden)- manifests/

- roles/- my_app.pp # class org::role::my_app

- profiles/- iis85.pp # class org::profile::iis85- mvc_net.pp # class org::profile::mvcnet- my_app.pp # class org::profile::my_app

- resources/- service_account.pp # define org::resources::service_account

- ...

ROLES(BUSINESS LAYER)

• Apply directly to a host (one per host)• Assigned in site.pp or ENC• May only contain profiles• Accepts no parameters # standard configuration for custom

# MVC.Net applicationclass org::roles::my_app { include ::org::profiles::iis85 include ::org::profiles::dotnet45 include ::org::profiles::mvc_net include ::org::profiles::my_app}

PROFILES(IMPLEMENTATION LAYER)

• Only applied via Roles• Contains resources• May accept parameters from hiera• Parameters are defined with site

specific defaults# standard IIS 8.5 configurationclass org::profiles::iis85 ( $log_mount = ‘\\\\log_server\\logs’,) { package { ‘IIS-CommonHttpFeatures’ : ensure => present, }

...

RESOURCES(COMPONENT LAYER)

• Declared with define for repeating an implementation on a nodeE.g. User accounts

• Only applied via Profiles• Complex resources should become

their own module• Rarely used



# standard local service accountdefine org::resources::svc_account ( $username = undef, $password = undef,) { user { $username : ensure => present, password => $password, } ...

DATA

• Applied via hiera• Only used when default parameter values are invalid• Target parameters in Profiles and external modules

org::profiles::iis85::log_path: \\logs01\logs

org::profiles::my_app::database_server: myapp-db01org::profiles::my_app::database_username: myapporg::profiles::my_app::database_password: P@ssw0Rd321

ROLES AND PROFILES

• https://puppetlabs.com/presentations/designing-puppet-rolesprofiles-pattern• http://www.craigdunn.org/2012/05/239/• http://garylarizza.com/blog/2014/02/17/puppet-workflow-part-2/• http://sysadvent.blogspot.co.uk/2012/12/day-13-configuration-management-

as-legos.html

MOVING FROM DEV TO PROD

Needs:• Isolate landscapes using Puppet “Environments”• Definitive state for each environment

• Module versions• Hiera data• Node classification (site.pp)

• Import modules from multiple sources• Automation + audit trail please

R10K DYNAMIC ENVIRONMENTS

• Puppet Environments reduced to one Git repo: r10k-control

r10k-control

GitLab


• Puppet Environments reduced to one Git repo: r10k-control• Each Environment becomes one git branch

Dev Test Prod

r10k-control

GitLab



• Definitive list of module versions capturedin a Puppetfile

Dev Test Prod

r10k-control

Puppetfile Puppetfile Puppetfile

GitLab



• Definitive list of module versions captured in a Puppetfile

• Run r10k deploy environment -p tosync environments

Dev Test Prod

r10k-control


GitLab

Dev Master

Dev Test Prod

r10kGitLab

Prod Master

Dev Test Prod

r10k

Dev Test Prod

r10k-control


Modules

Prod Servers

Test ServersDev Servers

QUE?



Technology

So I Wrote a Manifest