How the social networking site Hyves benefits from puppet
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Alternative Title |
| |
| Title of Series | ||
| Number of Parts | 70 | |
| Author | ||
| License | CC Attribution 2.0 Belgium: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/39520 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
FOSDEM 200943 / 70
3
4
6
16
17
18
19
20
21
22
23
24
25
26
27
29
30
31
32
33
35
40
41
44
46
47
48
50
51
54
55
57
58
59
60
62
65
67
68
69
70
00:00
WebsiteComputer networkWeb pageView (database)Server (computing)Software frameworkConfiguration spacePhysical systemClient (computing)Public key certificateLocal GroupAsynchronous Transfer ModeLocal ringDefault (computer science)FingerprintTemplate (C++)Type theoryFunction (mathematics)SurgeryWebsiteMoment (mathematics)MereologyService (economics)RootType theoryFunctional (mathematics)View (database)Asynchronous Transfer ModeWeb pagePhysical systemDemonSet (mathematics)Integrated development environmentData centerServer (computing)PasswordComputer fileSystems engineeringClient (computing)Template (C++)AbstractionLatent heatOperating systemMemory managementConfiguration spaceInformationReduction of orderIP addressSoftware frameworkWeb 2.0Multiplication signComputer architectureGoodness of fitEndliche ModelltheorieFirewall (computing)Point (geometry)CodePublic key certificateUniqueness quantificationTheoryRight angleMyspaceInstance (computer science)InternetworkingUniform resource locatorInformation securityDifferent (Kate Ryan album)FacebookOcean currentVariable (mathematics)Direct numerical simulationOperator (mathematics)Declarative programmingResolvent formalismProgrammschleifeFront and back endsComputer programmingDirectory serviceContent (media)DivisorVirtual machineMathematicsLibrary (computing)Default (computer science)Error messageInterface (computing)Group action1 (number)CASE <Informatik>RoutingProper mapProcess (computing)SurfaceMetropolitan area networkSource codeBit rateAddress spacePressureRevision controlQuicksortCompass (drafting)Loop (music)Network topologyData structureData managementOptical disc driveXMLComputer animation
08:04
Computer fileLocal GroupRootAsynchronous Transfer ModeOperating systemDefault (computer science)FingerprintTemplate (C++)Function (mathematics)Type theoryScale (map)Loop (music)Group actionSocial classService (economics)Firewall (computing)Server (computing)Proxy serverClient (computing)Process (computing)Level (video gaming)Information privacyDebuggerConfiguration spaceStatisticsScaling (geometry)Multiplication signSocial classExpert systemServer (computing)CuboidService (economics)Systems engineeringMereologyBus (computing)Staff (military)Functional (mathematics)Semiconductor memoryRevision controlStapeldateiBootingType theoryInstance (computer science)Client (computing)Virtual machineDatabaseSoftwareDifferent (Kate Ryan album)Computer programmingPoint (geometry)Heat transferWeb 2.0FamilyEmailQuicksortConnected spaceData managementSurfaceScripting languageWebsitePhysical systemOperator (mathematics)Group actionImplementationMassTerm (mathematics)Loop (music)Category of beingInterface (computing)Latent heatFront and back endsFirewall (computing)Core dumpContext awarenessCentralizer and normalizerNumberDirect numerical simulationResolvent formalismProxy serverIntegrated development environmentContent (media)Installation artChainFile formatRight angleComputer fileCustomer relationship managementMoving averageInformation securityRippingStructural loadIP addressControl flowPlanningLastteilungKeyboard shortcutGraphical user interfaceComputer animation
16:01
Computer animation
Transcript: English(auto-generated)
00:08
Welcome everybody. My name is Milan de Boer. I'm working as a system engineer for the social web Social networking site Hives. I was wondering before I start how many people really know the website Hives
00:24
Okay quite a lot that's a good thing Okay, first I want to explain what Hives actually is from technical point of view So Hives is a social network much like Myspace or Facebook. Currently we
00:43
Use three data centers all around Amsterdam all connected through the MSX Internet exchange Department consists of 12 full-timers at the moment. It's just for the system engineers. So we have another
01:05
Departments as well. They do the front-end programming Currently we're doing about 25 terabytes daily External traffic so not just in just the external internally we do a lot more
01:26
About 200 million page views daily. It's quite a lot and at peak moments we do about 18 million page views To be able to serve at that much page views we have about
01:43
2500 servers at the moment we which all need managing and with 12 people that It's a problem if you don't have a thing like Puppet installed So what is Puppet? Puppet actually is a system configuration framework. You can describe
02:06
Parts or you describe What you would like to do in manifest in Puppet manifest actually, you could say I want to have Apache started or I
02:20
Want to manage my etc password file or my hosts file It's entirely written in Ruby So yeah for some people that could be a problem Yeah, you have to install Ruby to be able to use Puppet it's created by Luke Kenney's he was entirely fed up with Cvention and all the other tools because they lacked the ability to
02:46
Use the abstraction layer because you have to write everything for the Specific environment you're in you can't use it on BSD as well on Linux Easily the puppet that's much more easily to do because the text on which
03:05
Unix system you are and you can almost use the same code Much of the deeper info is available at reductive labs and don't have the time to go into depth. So Just want to show you
03:21
How puppet works it's a Client server model Sorry, you have a central server where all your puppet code lives with which you write and all the clients connect to it and the server compiles your manifest make sure it's unique for your host and
03:42
Then the the client receives this executes it and make sure it gets run properly to ensure you're Speaking to the right servers. Some people are concerned about security or perhaps when I even want to run puppet over the public internet It's using SSL certificates
04:02
So that's why you can make sure that you're connecting to the right house This is an example of the site PP file this actually in when puppet you declare all your hosts which you want to manage In this example, I've got some notes
04:22
Normally this will reflect your DNS host name You're allowed to use any kind of variables insights your Note declaration. So this in this example, I've used The operating servers operating system servers and I want to manage
04:41
SSH on this specific host, so I'm importing the Puppet manifest for SSH And the actual SSH manifest you can see we're managing the SSH D config file And here we you can see the benefit from being more abstract
05:02
You can actually check on which operating system you are So first so hours, you can have a different path as you have for the default environment which could be your Linux or BSD machine In this example, I want to file to always be owned by root the group root I should have the
05:25
mode 644 Actually when a user changes this on the system and Puppet runs again and you can set intervals at which time puppet runs It will correct your changes. So if somebody changed the file to nobody nobody
05:43
First time puppets will run it will change back to a root So it's also a tool to detect errors users made The last part is the the service you actually In this example, you're spraying the file from above to the service as is HD
06:04
So if anything chases in the SS HD file a Puppet will actually restarts your SSH team demon with the new settings so you don't have to do that manually okay, some of the
06:20
Puppet features there are more but for our environment. These are the most important ones Puppets is able to run on every Unix Architecture that can compile puppet. Oh Sorry Ruby. So in theory you could even run puppet on your jailbreak iPhone
06:41
It really is handy in our environment is that we can use templates This reduces the amount of files we have to control. So for example If you have different locations and you want to have different firewalls or different Resolve entries you can just put in the variables like you saw in this IPP and
07:04
the template can find out on which location you are and Yeah with Ruby you can even put in for loops or other things to automatically generate the content of that file without Having to have 20 files in a specific directory. I include the right one
07:24
Other thing puppet house is the factor library factor a Library that shows you for example the amount of course a machine has how much free memory how much Interfaces it has and can show you
07:41
Which IP addresses are on that interfaces? much more futures, but mainly we we use those to Yeah spawn the right amount of Apache instances or a generator firewall for specific IP addresses
08:02
Puppet also supports types and functions if I go back one sheet a type is In this example will be the file type and the service type There are a lot of more you can use to contact type for example or the exact type the contact manager
08:27
Chrome type entries on every Unix house that supports it and Functions for example, we use a couple of custom function. We wrote our own we can ask
08:43
in any given time which version sort of software is running or IP addresses we can bind on specific Interfaces and we wrote custom functions for that. The only problem with the functions are that they only get executed on the compile host. So
09:02
That's the the main the main server If you want to use it on clients, you have to do something with types because the types are executed on the the client side Other feature we use from properties the database backend support All the facts that are available
09:22
Can be written into a database backend. We use MySQL for that and that way we can run out support All kinds of statistics we can see our which servers are on which version of the kernel or Use how many cores how much memory is in it? So it's very quick to just
09:45
Get an overview if you have a large server pack Other thing puppet supports is the external node definitions if I go back to the site PP If you have a really large number of hosts and you already have another system
10:02
For your asset management from your service you can you write in your own script to generate some of this content without having to Take the rest of the server back
10:22
One way. Sorry. Okay. I won't go to the point where we use puppet at ice We started out with the SSH for loop. It's most of system engineers do We found out that doesn't scale. So we tried to figure out something for that and we came across puppet
10:44
Many what we do if we install service we wrap open the box Press on f12 to do a PXE install and then boots our quick start the first time such the host name and in puppets we
11:01
Put in the right node definition and puppets will do the rest So that way we can be operational within seven minutes for example for our main web servers or front-end servers For rip open the box put it into a rack Push the f12 button and wrap and running within seven minutes
11:20
So I think that yes pretty good time to get your server operational What do we actually manage with puppets in our environment? Like I said before some of the DNS entries or the resolve and The NTP servers firewalls are all location aware if we had to do that by hand
11:44
It would be a hell of a job to keep up We use gentle on our servers, that's And we don't want to compile the packages on their own house, so we have a centralized
12:00
Package system and puppet can fetch packages from there and install if we or update if needed But it also starts to require services So for example if we have the main web class to make sure Apache is started SSH is started and the monitoring services
12:24
Other group we use a lot is the database backend and Of course that would start MySQL Other thing we use it for us to push updates that can be packages or config files if we do have to have to
12:41
Roll out security update we can use puppet for that, but puppet will restart all our services to update the config And other problem we climb across when we use puppet is That it doesn't scale well behind over About 800 servers in the web break configuration, which I think most people still use
13:05
Probably what the web break is that's single-threaded, so even if you have more cores in your machine you can't use them So what we did we used the mongrel It will be implementation for HTTP and split off the SSL part to
13:24
SSL capable proxy in our environment we use nginx, but you can use pound or Apache as well This way you can load balance some spawned instances of your mongrel And that way you can use multiple cores in one machine
13:42
If you get to the point that that doesn't scale on one machine anymore you can use you can build your own trusted SSL chain so puppet clients can connect to multiple services instead of one Other thing we do we have passive clients normally The puppet clients run in a defined interval and just connect to the server
14:05
But if you have a lot of services you will create your own natural Thus attacking your own network So what we did we push all our clients are passive and we push all the updates serialized throughout our puppet master to keep the load low
14:24
How we do that you have a program. It's called puppet run you can just We have a script around that just in batches of 10 surface calls the Puppet run the puppet run on the master will
14:40
Connect to your client to say you can run now, so then it will connect to your server that way yeah, you can easily reduce the load and Don't have to think about the interval the puppet clients will start Okay, if there are any questions you can ask now
15:24
Okay, the question was if we use the DB back end to Feed them to Nagios or any monitoring tool No, we have our own other database Which we actually started with for assets management, and we use that database to
15:43
That create our Nagios configs, but we're planning to Merge them or do something else with it. Okay Sorry
16:01
You