Velocity 2009 – Introduction to Managed Infrastructure with Puppet
Introduction to Managed Infrastructure with Puppet
by Luke Kanies, Reductive Labs
You can get the work files from git://github.com/reductivelabs/velocity_puppet_workshop_2009.git, and the presentation’s available here.
I saw Luke’s Puppet talk last year at Velocity 2008, but am more ready to start uptaking some conf management back home. Our UNIX admins use cfengine, and puppet is supposed to be a better-newer cfengine. Now there’s also an (allegedly) better-newer one called chef I read about lately. So this should be interesting in helping to orient me to the space. At lunch, we sat with Luke and found out that Reductive just got their second round funding and were quite happy, though got nervous and prickly when there was too much discussion of whether they were all buying Teslas now. Congrats Reductive!
Now, to work along, you git the bundle and use it with puppet. Luke assumes we all have laptops, all have git installed on our laptops, and know how to sync his bundle of goodness down. And have puppet or can quickly install it. Bah. I reckon I’ll just follow along.
You can get puppet support via IRC, or the puppet-users google group.
First we exercise “ralsh”, the resource abstraction layer shell, which can interact with resources like packages, hosts, and users. Check em, add em, modify em.
You define abstraction packages. Like “ssh means ssh on debian, openssh on solaris…” It requires less redundancy of config than cfengine.
“puppet” consists of several executables – puppet, ralsh, puppetd, puppetmasterd, and puppetca.
As an aside, cft is a neat config file snapshot thing in red hat.
Anyway, you should use puppet not ralsh directly. Anyway the syntax is similar. Here’s an example invocation:
puppet -e 'file { "/tmp/eh": ensure => present }'
There’s a file backup, or “bucket”, functionality when you change/delete files.
You make a repository and can either distribute it or run it all from a server.
There is reporting.
There’s a gepetto addon that helps you build a central repo.
A repo has (or should have) modules, which are basically functional groupings. Modules have “code.” The code can be a class definition. init.pp is the top/special one. There’s a modulepath setting for puppet. Load the file, include the class, it runs all the stuff in the class.
It has “nodes” but he scoffs at them. Put them in manifests/site.pp. default, or hostname specific (can inherit default). But you should use a different application, not puppet, to do this.
You have to be able to completely and correctly describe a task for puppet to do it. This is a feature not a bug.
Puppet uses a client-server pull architecure. You start a puppetmasterd on a server. Use the SSH defaults because that’s complicated and will hose you eventually. Then start a puppetd on a client and it’ll pull changes from the server.
This is disjointed. Sorry about that. The session is really just reading the slide equivalent of man pages while flipping back and forth to a command prompt to run basic examples. I don’t feel like this session gave enough of an intro to puppet, it was just “launch into the man pages and then run individual commands, many of which he tells you to never do.” I don’t feel like I’m a lot more informed on puppet than when I started, which makes me sad. I’m not sure what the target audience for this is. If it’s people totally new to puppet, like me, it starts in the weeds too much. If it’s for someone whohas used puppet, it didn’t seem to have many pro tips or design considerations, it was basic command execution. Anyway, he ran out of time and flipped through the last ten slides in as many seconds. I’m out!
Leave a Reply