Designing Puppet Catalogs

they I mean high I think it's 5 seconds students so if anyone else on the misses might also

introduction to keep it short I want stress

of besides organizing Strauss-Kahn online bedevils engineer but as a freelance consultant so I do plot migrations of many things in terms of agile that I basically teach trailer and brief puppet Our through this for organisations from owning 2 data

centers to renting 102 service I have some so basically all sizes of the we all of modern media but most companies always has a problem with and lessons that Stratus we

don't find them with no idea where to hire them I so we need to find another way on how to actually manage our infrastructure of some companies have the idealist a puppet others what to do and the ball or of other components but I think of it as a great idea and musical idea to but has other advantages and so I always tell them beyond its support is a good idea on the yes so the problem is when most companies started the same for when I started with public key with an open source project on it's a pretty much looking into the

documentation and the leg of we can do that this to install something I the and then we continue with our

code so there we just keeps adding stuff to all or 1 file and then we do this again

on the and so we have huge files single-figure structured nothing is organized good thing about that but that lets you do this or that works on the problem is you colleagues

probably want to kill him you who after some days or some weeks into this we said

things that really we are so for example we change 1 little thing and a totally different applications started to break are just because of we didn't even know that was linked to something like that of the and again but that is very flexible it lets you do all kinds of pretty shit of the it just doesn't tell you that it's mostly but so feel free to mess around with it it can totally break a computer it can totally make it also of the but the idea if you just start to do

this the probably even you will not understand what you try to develop a few months back that so a good really we

had to be honest so our especially when you do this in the car and a cloud environment where machines would up when another 1 fails so in a matter of

public private cloud formation sales this reduced set up a new 1 you don't know where things are coming from the so much loss with what you actually develop and you hope that things get stable but the the it's not a good idea I don't know anyone of you already did puppets the do you understand the problem at all did you have the problem to this the the and looks like the the yes to me OK I and then some great people had the idea OK we can use higher and to actually at least get the data all of what we developed 2 of them so we started to create Yuichi of all structures so edit beyond added yet another kms integration time as an AWS or something like that and again a good Eugen no 1 had any idea where things are coming from like complicated layers that actually did totally same thing for example and all merged strategies that would not understood the the so actually we began had no idea where the data was coming from just because of too many people were involved in too many people actually tried to messing around and doing stuff on the old without really understanding the quality of the structure was built so we have no part of been really work at all and then we had the idea and the operations chief of OK actually redefine what puppet actually is so all in all but but enough is nothing else think codes are and distributed like used to actually deploy not not build application but to deploy a service and so the what did we do with code started to do use patterns the this actually should frameworks in the 2nd slide arms adjustments that up

and so we started to invent frameworks on how we actually goods bills or application no to actually make it easier for an and to make it understandable for everyone else so some people say I you could add comments but of yeah 1st of all you need to read the comments you have that developed for whatever 2nd you actually need still need to understand how it's all linked by so comments will very what's going on in this specific line of code but not to how it's working altogether on the other this order of patterns frameworks I and what I'm going to tell you how about is actually the most common framework obviously look into the public to that spot argumentation and there's a very cool presentation about this as well I mean it's a highly recommend watching it I'm user going to tell you models profile spend all their models basically and so actually how things tried to but choose split up the art administrators from the team leads all development managers and the actual managers of the application so basically the business view on the but if compared with the business you we have what the application actually is that with the Administrator actually cares what happens so for example the CEO of a company doesn't really care at all what's what's on the server as long as the

applications running on what he wants to do is working on the team lead actually cares that the application really is deployed as it is for example that used to be the database was applications of like this and the Administrator really constantly the databases installed expected that hardened and whatsoever uh whatever people just don't study even want to know the the I mean

yes speaking of probability everything is pretty much a model pardon you can write your money says but as soon as you start to separate

code of everything is model on the again puppet is once again it it's really really easy you just at a structured and pretty much the only way to structure coach until now is what you've of yeah so how do we do this on when this spheres

on the most basic concept as explained is this of for every application you have cycle of XYZ because of the I decreed your model 1 model could be postfix 1 model could be Apache could be added X could be at a proxy all kinds of software you actually have figured it isn't as important as soon as you for example Tomcat and give your applications please but try to build a generic module for Tomcat application of something like this and because of this again you don't know where codes coming from the so but trade 1 module for and then 1 model per application if it's just installing a war file that's fine I but you actually know what's going on if you look into it we of and just as you look it so it's very straightforward and you really know where to find a then you have we're profiles which much strike this so profile primarch tells the sum of all is intended to tell you about a

for my application of but firewall whatever I need to search engine expanded into a proxy and needs of that I've got on this machine so the profile you to really include all the modules you actually need to build the applications I was speaking also them think you would eventually include and annex include at a proxy but everything else the provides don't really coach stages include code the so everything that's really to the resources you haven't puppet the it in those real real modules as soon as you realize that the are but this just a hot fixed trade the new module police so people will understand what you try to do I and it's easily you can easily figure it up of the yes you can also use the point is you can use multiple profiles so you 1 run but then you have rules which prevents describing the server which is one-to-one whatsoever so you can the role and 5 service but a role should only be like 1 so emotionally only install 1 role as soon as you realize you need a 2nd rule you have by definition actually invented in neural I'm in the original talked was something like something could be kangaroo and line at the same time with a very nice picture of a line and the kangaroo photoshopped of a yes something couldn't be be line indicating the at the same time don't use 2 roles on 1 machine because of that definition not possible but the role the can include multiple profiles so in every role you have include profile EH-profile the prophesy but nothing like include Apache again in so you have this very nice they created let me see if I can

find this picture actually of a agreed very nice chart about this of which actually displays the of hierarchy that receive think of as a prefix FIL and this 1 Ch so OK here it's still on the where is out there it's the

and you the yeah so

ch

the while the yeah of the what is a linear but I of so on top of his starts to actually deploy something you 1 of your service which needs to get deployed that means the server should actually think you would want roll was the exactly what role as you can see here 1 role can be useful in 2 different service but you don't have 1 server which actually implements 2 rules of by doing this you really the have very strict separation of what's actually going to be on this sheet and for example you're top-level manager can actually go and say OK this is role of the application 1 and I need application once we consider OK deploy this application 1 role and he x knows exactly what is on this machine the questions to no the yeah that you that we the the the product so you selling that and profiles of the the exit divisions of the fuzzy of the and yet I will come back to this poem elections right I wasn't so the free to ask questions I was a bit higher it in the last days of image actually Newton's the stock yes so a role is really the business definition of what's going to be deployed so it's totally business logic it's nothing like real code it's nothing like what's going to be on the server it's seen nothing related application is pure business logic so when you go to your all execute he should understand what this rule is actually deployed on the server the it's nothing technical so if he knows about Apache well gradient great boss but I the still shouldn't be in role the then on the next level you have the profile so for example if you have what applications microphones such would be deployed you the profiles of for example this application the 2 databases application it's an Apache and it's the it's the actual application code so those 3 things database could be 1 profile of the actual application server middle ware could be 1 profile and the actual applications 1 profile the soul and the role you say OK this is pure business logic and then we actually include the application logic so we say OK we need a database for this so the trophic apical database that we need the actual web application server and we need to install the actual application and this is profile so the project manager In this terms should understand what actual profiles so still this is no code implementation of it but the product manager should know what parts of the application needed so you abstract from the C O 2 project manager and then on the modules way actually really implement what's going to be installed this is some people call it devolves on do this in the operations teams some say OK or developers do this operations just employs it the Soviets you but to this stage by from Ralston profiles and service no actual implementation coach appearance this is purely can include logic contained in the new versions of puppet nothing else yeah the yes so for the roles of for the of the actual mapping from roles to the server what is it that a cloud environment we actually created our own it's script where we said that we actually said the which is that the actual name of the role so that the actually graph what well although definitions 3 lines of code for there's a default node installed psych name I was a and then in the summer figures on everything else by the our on the other hand you could use Indian see for example this Parliament when you but in the interface is a watch what classes should be included on the service and you just say role double findable . name of my several that should be pretty way he do you go to actually apply if you messes up and you start to add multiple roles it's it starts to get messed again because you don't know what's coming from where and that the still end especially because the puppet is a state machine as soon as you start to declare resources multiple times but you'll get and you don't really know where they're coming from as soon as you start to include multiple things of which could affect the same server of the same service the we at that it it the the the the have moons so

so you are asking what if the role of has several meanings of the business I it the ROC asking if the definition of the potential applications is rather old but a profile but yeah the so basically of in this but please always use this hierarchy so if you have 1 rule which only includes 1 profile feel free to do it most people have 1 profile which is called days where you just do something like NTP at hardening of some like this so in most cases you always install the base profile and here application profile so have at least 2 profiles but as if you start to just get the role of people cannot really understand what's going on because of they can't really follow those lines and see what's actually happening with a good 0 some of it and then in the modules of the profiles really just include modules again so other models and they actually do things with the resources the and very important as soon as you start to create modules for applications water resource should only be used in 1 module so as soon as you have a resource which is managed by 2 different modules you should start thinking about how to reflect this that that this is not possible 1 module should really focus or care about 1 application and all of its resources so it might need to be a bit more generic with this model but it really helps you to not have errors while deploying is service and this could be productive effective like it could really kill production deployments because if you have an hour production because of this resources or manage but it's not on staging or somewhere else really carrier production deployment which is not so good I you to the the but there is good it years of would it so you're telling about the anchor pattern of property of and that he should be really cautious on what way you include things with resources I see especially starting with property for I really encourage you to use contains the because of and thereby but it's important to know that the order of things getting executed is very random so if you have to install them and then install Apache it's in no way guarantee that didn't Saltzman 1st and then Apache so people started to find ways around ordering 1 is the anchor pattern way said OK I create a block and then I say OK when this book starts the next thing is this mixing this like thing there's then and include like and this anchor it was a good heart takes puppet encouraged to use it um amended version for that actually added to the tentative which which is contains and reviews containing power but the really capsulate all the code you have been to the class so as soon as the classes actually done all the code inside this class is also executed of so D-classes three-D the angle they have yeah and set of included that use that contains Apache and then that you can reuse the class of ordering so you say class 1 before plus 2 and everything in class 1 is executed before plus 2 if use include that's not the case is yes it's very it's very good of the only problem we had was around with free everyone and didn't give a shit about um of integers and strings and Starting with puppet for it all got very tight sensitive the the so of so this was quite a mess because of some things to stopped working because of the tight sensitivity but especially that was a good reason to start also writing off by tests and everything got way better on so I encourage you to actually go from public 3 to 4 because of and you get to know why you realize testing is a good idea and you actually start doing it yes the know the and the you by 2 applications both leading Apache and and it onto the list so basically Apache is about the in this matter it is a module under look canary really going to see this

it's the the 2 of you have probably heard of so that she is really a model and 2 profiles could be included that adopted but as soon as a class is included it's included so it's in so even if you have a role which includes both profiles Apache is only installed wants the on here as the data so every data you need to put it in higher because if you can plug in any data is back and he 1 everyone can actually at the host name of views name or something like that on the other end up but it's really just grabbing the data and executing so what you would do in the pool follows a z of 3 profiles for those of you they're probably to pro fights and both include the Apache and both really and grab the data about the actual implementation of the house and stuff like that from higher the of some people to even go that far that they have a higher hash when they really put it all configurations they need and have a very generic install Apache vehicles of profile where they just pull the higher Hashim and create all the resources that are in this if I would encourage you to do so but it's possible what in chapter that about generic Apache modules and went on to configure it by the I don't know you had a bunch of puppet state a binding but there and so and puppets starting with version 3 of them all class parameters but pulled from higher the so for example pampered goes like if it runs it takes OK it's in the actual include all when we create the class on any parametres if would use the default once people from higher if there are no values and higher than it goes to actually use the ones

coded so higher is always a higher prioritized and the detailed implementation of the model so Fourier put Apache application what you would do as just override the Apache needlepoint of 0 . parents don't model points names whatever of and that he when the Apache module is included all those default values you can see it in higher would be it's the so the he has some people use to separate our people profiles but 2 I would rather I always encourage people to use it with roles because of the on 1 so you of 1 of the 2 configurations but you could have several profiles so if you start structuring by profile of yeah however I wouldn't really know what a way to go but with role it's just 1 to 1 so you can really say OK this is 1 configuration use this um and then some people really go with the eyes you can really do as like but it to try to keep it simple because of I also is really looking up every well you know all files all the time so you I don't know how you can think about that but if you say OK right every 20 minutes what then you have a hierarchy with about 10 this is the latest you're really going in your drives because of that so what I 0 at to actually just open the files note additive could be to put it in attendance or to put it into the RAM this also a lot of performance issues with puppet but still it but it always opens up all the hierarchy fast until it finds the values looking for especially if you using default values from the classes so yeah it's a lot of lookups so really try to keep the hierarchy is very small to be ones readable 2nd easily and like and performance possible but and the questions then that would actually it's to be honest yes but it yes yes who on the device of drawing sublime where is where are my editors this is weird up the so since we have some time I can deceive about an editor and we can just to it like with who OK I don't find any real editor right now so we just in the words of and I mean he but I think Hey target for so the hierarchy you would

have some roles slash of Poland the the front you would most people do something like note was 7 to really get specific but some people also add a layer of all of the network segment the I would encourage you to use profile there because of what you could use you could have several profiles and and this is the way puppet couldn't figure out what the actual way to go the you viewed it from 1 that is the higher look up it's just 1 file in this layer of so by

the way to go so roles is really a border 1 matching the people always use all often used to but wanted for clarity's network segments because of their their own dedicated UCB service or NTP service in the actual segments really depends on the architecture of and that really of role role in at some people really add something like applications dove but really this should really be of this really a good start for a hierarchy to actually use and for the border the some people have lost always use have something like commentary of some people configurations but the but the fall 4 layers is really quite performance of should really cover all you need to the important thing to know is if you have several back yummo you the young mode maybe another database that will use the the order off the actual beckons and then look up all these these segments in all databases assume until it finds something so really try to keep it small don't carry a puppet masters on the other way that the alternative would really be if you needed you need to really scale up a puppet masters some people also escaped the network segment increíbles puppet master for the for the segment and deploy a different code it's another way to do it the early in yes so the content logic is really essential for creating topic having you what is that the that I yeah so implementing this pattern is really on about actual structuring a code and structuring higher because of the but the point is to going to be honest you don't need this you don't even need not that if you just want a that of a computer use and the quicker but if you really want to manage the infrastructure so keep a driving 1 systems running his puppet because it's a state machine for example I don't have any 1 of you dealt with PCI requirements all of the band of system Germany a lovely of institution about controlling banks and they have requirements like they need to every change to be monitored and locked in a machine so you could use proper to actually just implement all the files on the machine and pop it will give you a notice and to actually change configuration back to its desired state so this way you can really use your application use of the monitoring because a puppet will take care that it looks as the as expected as certified and it will also keep track of what changed so you have a really good OK that you can use that systems that if something changed you can really look into the cell the up so you really want to keep your application video systems monitor or to set up you also want to deploy changes may be deploy applications using of the publications that is a great way because of its really constantly arriving but just changing what needs to be changed so provides of checking in the ribosomes of RPM sister checking the installed versions of for that I could use the same so you can't really just maybe if you want to update application you can just tell puppet to install the new version of the actual application package and puppet will do so as soon as this as it's right and some people also use a combination of rapid advance ability to actually trigger puppet on the node so they as about remote execution script but then use proper to actually employed the code because of its more generic and for example edible I think they just implemented a package of abstraction but To date they had just if you wanted follow up immunity and the RPM specification if you wanted so that can depth if you have a chance if you have a very different network idea of several types of

machines it's very hot with possible it at least used to be with that but it's very it's obstructed on a very high level just tell I did this file updates package and public takes care of it a half whatever whatever is needed to actually do it um with other frameworks you really need to hold what's going to happen that but on the because of properties so generic really consider all take some time to really figure out how it's actually coded and really try at least you can invent your framework it's just 1 way to do it it proved to be really good so if you want to do the puppet certification this is going to be as well as they have quite a lot of questions about this roles prefers pattern actually in the certification program I but the spend some time actually thinking about what is going to be to do be doing otherwise you will start to redo your entire that stuff every other year it if but that thank you if you have any other questions I will be cake boarding or something else all around the loss of uh so you probably will run into