9. Fabric
command-line tool for streamlining the use of SSH for
application deployment or systems administration tasks
Make executing shell commands over SSH easy and Pythonic
Stop administrating your environment and start developing it...
Re-usable code for managing your software & configurations
31. Drawbacks
Not easy to implement by pure operators
Leak high-level function support
User, file, package, service management
Built-in environment variables
Leak smart error handling
Would do all things every time (depends on the implementation)
No log, no history
To many SSH communications (keepalive argument would help)
32. Puppet
Provides a Domain Specific Language (DSL) to script with
Classes, conditionals, selectors, variables, basic math, etc.
Supports Linux, Solaris, BSD, OS X, Windows
Stop administrating your environment and start developing it...
Re-usable code for managing your software & configurations
33. Classification 2013/10/333
apt-get install nginx
vi /etc/nginx/conf.d/test.conf
service nginx start
Debian
yum install nginx
vi /etc/nginx/conf.d/test.conf
service nginx start
Redhat
35. A Partial List of Puppet
typesPackages • Supports 30 different package providers
• Abstracted for your OS automatically
• Specify „installed‟, „absent‟, or „latest‟ for desired state
• Change from „installed‟ to „latest‟ and deploy for quick
Upgrade
Services • Supports 10 different „init‟ frameworks
• Control whether a service starts on boot or is required to
be running always
• A service can be notified to restart if a configuration file
has been changed
Files/Directories • Specify ownership & permissions
• Load content from „files/‟, „templates/‟ or custom strings
• Create symlinks
• Supports 5 types to verify a file checksum
• Purge a directory of files not „maintained‟
37. apt-get install nginx
vi /etc/nginx/conf.d/test.conf
service nginx start
Package
Configuration
Service
Configuration should
get modified after
package installation
Service should restart
when configuration changes
39. Template
Puppet templates are flat files containing Embedded Ruby
(ERB) variables
server {
listen <%= @http_port %>;
}
server {
listen <%= @https_port %>;
}
40. Node
Node definitions look just like classes, including supporting
inheritance, but they are special in that when a node (a managed
computer running the Puppet client) connects to the Puppet master
daemon.
node „www1' {
include nginx:server
}
41. Modules
A module is just a directory with stuff in it, and the
magic comes from putting that stuff where Puppet
expects to find it.
43. Network Overview
Configuration allows for manual synchronizations or a set increment
Client or server initiated synchronizations
Client/Server configuration leverages a Certificate Authority (CA) on the Puppet Master to
sign client certificates to verify authenticity
Transmissions of all data between a master & client are encrypted
44. Every Client
Retrieve resource catalog from central server
Determine resource order
Check each resource in turn, fixing if necessary
Rinse and repeat, every 30 minutes
45. Every Resource
Retrieve current state (e.g., by querying dpkg db or doing a stat)
Compare to desired state
Fix, if necessary (or just log)
46.
47. Drawbacks
Hard to prepare the environment
Install Ruby, puppet packages
Set up host name, domain name
Put ssh public key to every client
Configure certificate
Hard to control deployment time (in daemon mode)
Hard to support rolling upgrade
No global view, no service dependency control across hosts
48. Combine Fabric and Puppet
Fabric
When
Operators trigger puppet to deploy packages one by one or parallelly
Rolling upgrade
Where
Use fab -R or fab -H
Initial functions
Global setup and teardown functions
Puppet
What
Define puppet nodes
How
Define puppet classes and templates
Reporting
Update the status to puppet dashboard
49. Initial functions
Create EC2 instances (optional)
Setup SSH keys to all remote hosts
Configure yum repositories
Install puppet and ruby packages
Configure puppet and update new hosts to cert list
50. Global setup functions
Mandatory
Backup
Clean yum cache
Sync fabric configurations to puppet pp files
Restart puppet master service
Optional
Clean the environment if necessary
Put ssh public key
Put yum repo files
Install system development tools
Install ruby and puppet packages
Update puppet patches
Configure puppet environment
51. Global teardown functions
Start/stop services across hosts
Send email/SMS notifications to members
Do health/sanity check