2. What is a system admin?
Trend Micro Copyright 2009 Trend Micro Inc.
Confidential
3. Don‟t look at me...
I wasn‟t the last one to touch it...
Trend Micro Copyright 2009 Trend Micro Inc.
Confidential
4. One Goal:
Revolutionize
System
Administration
Trend Micro Copyright 2009 Trend Micro Inc.
Confidential
5. An Analogy
Programming SysAdmin
Low-level, Assembly commands
non-portable and files
Abstract, Java / Python / Ruby Resources
portable
Trend Micro Copyright 2009 Trend Micro Inc.
Confidential
6. This
apt-get install openssh-server
vi /etc/ssh/sshd_config
/etc/init.d/ssh start
Becomes
package { ssh: ensure => installed }
file { sshd_config:
name => “/etc/ssh/sshd_config”,
source => “puppet://server/apps/ssh/sshd
}
service { sshd: ensure => running, }
Trend Micro Copyright 2009 Trend Micro Inc.
Confidential
7. Puppet Quick Overview
• Stop administrating your environment and start developing it...
• Re-usable code for managing your software & configurations
• Provides a Domain Specific Language (DSL) to script with
– Classes, conditionals, selectors, variables, basic math, etc.
• Supports Linux, Solaris, BSD, OS X; Windows in process!
Trend Micro Copyright 2009 Trend Micro Inc.
Confidential
8. Trend Micro Copyright 2009 Trend Micro Inc.
Confidential
9. Trend Micro Copyright 2009 Trend Micro Inc.
Confidential
11. A Partial List of Puppet types
Packages • Supports 30 different package providers
• Abstracted for your OS automatically
• Specify „installed‟, „absent‟, or „latest‟ for desired state
• Change from „installed‟ to „latest‟ and deploy for quick
Upgrade
Services • Supports 10 different „init‟ frameworks
• Control whether a service starts on boot or is required to
be running always
• A service can be notified to restart if a configuration file
has been changed
Files/Directories • Specify ownership & permissions
• Load content from „files/‟, „templates/‟ or custom strings
• Create symlinks
• Supports 5 types to verify a file checksum
• Purge a directory of files not „maintained‟
Trend Micro Copyright 2009 Trend Micro Inc.
Confidential
12. Nagios ‘Type’ Support
Nagios Service @@nagios_service {
"load_check_${hostname}":
service_description => "Load Averages",
check_command => "load_check!3!5",
host_name => "$fqdn",
use => "generic-service";
}
Nagios Service @@nagios_servicegroup {
Group "apache_servers":
alias => "Apache Servers";
}
Nagios Host @@nagios_host { $fqdn:
ensure => present,
hostgroups => "ldap",
use => "generic-host";
}
Nagios Host @@nagios_hostgroup {
Group "load_balancers":
alias => "Load Balancers";
}
Trend Micro Copyright 2009 Trend Micro Inc.
Confidential
13. Trend Micro Copyright 2009 Trend Micro Inc.
Confidential
14. Trend Micro Copyright 2009 Trend Micro Inc.
Confidential
16. Classes vs. Modules
• Why use the classes directory and the modules
directory?
• Classes are more global and usually contain many
different modules
• Modules are the smallest unit of measure that Puppet
builds from
Trend Micro Copyright 2009 Trend Micro Inc.
Confidential
17. Sample hadoop master class
class hadoop-master {
include kerberoskdc
include authclient
include ldapserver
include hadoop
include hbase
include pig
}
class pig {
# install packages
$packagelist = ["hadoop-pig"]
# install packages
package { 'base_pig_rpms':
ensure => installed,
name => $packagelist,
}
}
Trend Micro Copyright 2009 Trend Micro Inc.
Confidential
19. apt-get install openssh-server
vi /etc/ssh/sshd_config
/etc/init.d/ssh start
Configuration should
get modified after
Package package installation
Service should restart
when configuration changes
Configuration
Service
Trend Micro Copyright 2009 Trend Micro Inc.
Confidential
20. package { ssh: ensure => installed }
file { sshd_config:
name => “/etc/ssh/sshd_config”,
source => “puppet://server/apps/ssh/sshd,
after => Package[ssh]
}
service { sshd:
ensure => running,
subscribe => [Package[ssh], File[sshd_config]]
}
Trend Micro Copyright 2009 Trend Micro Inc.
Confidential
21. What is a template?
• Puppet templates are flat files containing Embedded Ruby
(ERB) variables
• hadoop/conf/hadoop-metrics.properties.erb
<% if ganglia_hosts.length > 0 %>
dfs.class=org.apache.hadoop.metrics.ganglia.GangliaContext31
dfs.period=10
dfs.servers=<% ganglia_hosts.each do |host| -%><%= host %> <% end -%>
<% end %>
• resolv/conf/hosts.erb
<% ip_host_map.each do |ip,hosts| -%>
<%= ip %> <%= hosts %>
<% end -%>
Trend Micro Copyright 2009 Trend Micro Inc.
Confidential
22. What is a node?
• Node definitions look just like classes, including supporting inheritance,
but they are special in that when a node (a managed computer
running the Puppet client) connects to the Puppet master daemon.
• nodes.pp
node 'tm5-master.client.tw.trendnet.org' inherits hadoop_master {}
or
node 'tm5-master.client.tw.trendnet.org' {
include kerberoskdc
include authclient
include ldapserver
include hadoop
include hbase
include pig
}
Trend Micro Copyright 2009 Trend Micro Inc.
Confidential
23. Puppet Network Overview
• Configuration allows for manual synchronizations or a set increment
• Client or server initiated synchronizations
• Client/Server configuration leverages a Certificate Authority (CA) on the
• Puppet Master to sign client certificates to verify authenticity
• Transmissions of all data between a master & client are encrypted
Trend Micro Copyright 2009 Trend Micro Inc.
Confidential
24. Every Client:
• Retrieve resource catalog from central server
• Determine resource order
• Check each resource in turn, fixing if necessary
• Rinse and repeat, every 30 minutes
Trend Micro Copyright 2009 Trend Micro Inc.
Confidential
25. Every Resource:
• Retrieve current state (e.g., by querying dpkg db or
doing a stat)
• Compare to desired state
• Fix, if necessary (or just log)
Trend Micro Copyright 2009 Trend Micro Inc.
Confidential
