SlideShare una empresa de Scribd logo

Doing It Wrong with Puppet: Anti-patterns, Pitfalls and Bad Practices

Puppet
Puppet

This document discusses common anti-patterns, pitfalls, and bad practices when using Puppet, including: using boolean facts ambiguously, expecting C-like values for parameters, excessively using "if defined()" checks, relying on large numbers of exec resources, and depending on dynamic scoping. The author recommends avoiding these practices in favor of more deterministic approaches like using Hiera for shared values and parameters, creating wrapper classes for shared dependencies, using single robust scripts instead of many exec resources, and avoiding dynamic scoping which can cause unpredictable behavior.

Tecnología
1 de 36
Descargar para leer sin conexión
1 / 33 Doing It Wrong with Puppet A small collection of anti-patterns, pitfalls and bad practices Felix Frank PuppetCamp Berlin 2014 April 11, 2014
2 / 33 Bio Felix Frank 2004 – 2009 sysadmin and FOSS dev at DESY 2009 CS diploma at Tech Uni since 2009 Puppeteer at – we are a company that manages complex IT systems and services for business customers hosts a sizable server fleet relies on Puppet and git consequently
3 / 33 Agenda Use boolean facts Expect C-like values for parameters Make excessive use of “if defined()” Use large numbers of execs Rely on dynamic scoping
4 / 33 Use boolean values for facts On wanton ambiguity in your tool chain
5 / 33 False is relative Consider this fact is virtual: true or false Broken manifest I if ! $::is virtual { include hardware monitoring } Broken manifest II if $::is virtual != false { include hardware monitoring } Stupid manifest if $::is virtual != "false" { include hardware monitoring }
6 / 33 Some background True values in the puppet DSL true or any non-empty string Limitation in facter 1.x master agent fact value fact code ruby as String Correct way to implement such facts return the empty string for false
7 / 33 It’s gonna be the future soon Facter 2 will allow boolean and other values widespread adoption quite far off still
8 / 33 Up next Use boolean facts Expect C-like values for parameters Make excessive use of “if defined()” Use large numbers of execs Rely on dynamic scoping
9 / 33 Expect C-like values for parameters Or: treating Puppet like a scripting language pt. 1
10 / 33 The Perl trap The puppet user base . . . comprises lots of admins with *NIX backgrounds . . . also writes plenty of Shell and Perl scripts (also C) . . . and these languages have no pure boolean values True values e.g. in Puppet “foo”, any array, typically true in Perl “foo”, non-empty array, typically 1 False values e.g. in Puppet empty string, undef, false in Perl empty string/array/hash, typically 0
11 / 33 Building confusing modules define server module($enabled=0) { $dir = "/etc/..." file { "$dir/$title.conf": ...} if $enabled == 1 { ...# take some action } } inevitable WTF moment server module { "foo": enabled => true } handled by documentation at best, and likely not until after the fact
12 / 33 Up next Use boolean facts Expect C-like values for parameters Make excessive use of “if defined()” Use large numbers of execs Rely on dynamic scoping
13 / 33 Make excessive use of “if defined()” A tale of borderline non-determinism
14 / 33 A common problem Several modules will sometimes have to manage a common set or resources a subtree of /etc of mutual interest a package for required functionality etc. The naive implementation won’t work because Puppet doesn’t allow multiple declaration of the same resource class php { ... package { "imagemagick": ensure => present } } class tomcat { ... package { "imagemagick": ensure => present } }
15 / 33 A common workaround Protect declarations with a function call class php { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present } } } class tomcat { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present } } }
16 / 33 A possible issue with that There is no protection against contradiction class php { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present } } } class graphicsmagick { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => absent } } }
17 / 33 A more likely scenario It’s easy to lose metaparameters class php { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present, require => File[...] } } } class tomcat { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present, notify => Exec[...] } } }
18 / 33 By the way. . . The latter issue can be worked around class php { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present, require => File[...] } } else { Package<| title == "imagemagick" |> { require +> File[...] } } }
19 / 33 A word about stdlib puppetlabs-stdlib, a collection of helpful parser functions In theory, ensure resource() solves this more cleanly class php { ensure resource( ‘package’, ‘imagemagick’, { ensure => present } ) } avoids conflicts for basic properties more expressive power It cannot solve the whole problem though issue with metaparameters remains pertains to possible additional properties as well only slightly superior to if defined()
20 / 33 The ideal(ized) solution Wrapper classes for shared dependencies class php { include imagemagick } class tomcat { include imagemagick } still won’t allow the easy handling of metaparameters etc. but you won’t even be tempted to try just require/subscribe/notify/. . . the class contradictions are not addressed but there is no sensible way to do that How is this better then? the manifest has clear, nonambiguous semantics parse order dependencies avoided, see final slides (virtual resources work too, but less flexibly)
21 / 33 Up next Use boolean facts Expect C-like values for parameters Make excessive use of “if defined()” Use large numbers of execs Rely on dynamic scoping
22 / 33 Use large numbers of execs Or: treating Puppet like a scripting language pt. 2
23 / 33 Implementing a HOWTO in a manifest Setting up software often comprises editing files running scripts and programs . . . and often both of them in a set and mingled order it can be tempting to translate this verbatim exec { "curl http://... >/tmp/...": creates => "..." } -> exec { "unzip /tmp/...": creates => "/usr/local/..." } -> file { "/usr/local/.../etc/...": content => template(...) } -> exec { "/usr/local/...": ... } -> ...
24 / 33 So what? Problems with this approach (likely among others) contradicts Puppet’s idea of resources the catalog becomes complex with items and relationships leads to plentiful error output in case of problems A more maintainable pattern consists of a monolithic, robust script to perform all setup either templated or with a managed config file a single exec resource to invoke it with precise condition(s) for when to run or better yet: create a deb or rpm package Also – a quick word on refreshonly nice antipattern: use it to run script after retrieving it prone for false positives and lost events
25 / 33 So remember A small mnemonic
26 / 33 Up next Use boolean facts Expect C-like values for parameters Make excessive use of “if defined()” Use large numbers of execs Rely on dynamic scoping
27 / 33 Rely on dynamic scoping Or: how to jumble up your own manifest’s opinions . . . which is another bout with nondeterminism
28 / 33 Brief review Dynamic scoping in Puppet 2.x mainly for variable values class foo { $limited = true include bar } class bar { if $limited { ... } } in Puppet 3.x only for resource defaults class foo { File { ensure => present } include bar }
29 / 33 The jumble role::webserver apache tcpserver sysctl apache tcpserver sysctlsysctl include include include File { mode => 644 } thread optimization include include File { mode => 640 } thread optimization which default is in effect for sysctl? either, depending on parse order
30 / 33 Mitigation? Idea: just take care that the parse order is correct only possible in very confined class structures scopes are generally too complex scopes of classes late in the chain change through unexpected factors
31 / 33 Mixing things up scopes of classes late in the chain change through inclusion of more classes removal of one or more classes refactoring of manifests
32 / 33 Conclusion Avoid! parameters and Hiera will get you there much safer You may want to move away from dynamic scopes anyway they will likely get deprecated and removed
33 / 33 Thanks for your attention Image sources https://www.pinterest.com/pin/418553359088246576/ http://www.kulfoto.com/funny-pictures/17395/its-called- wireless-tech-and-its-the-future http://www.cacbasketball.com/b2-5v5-unification-finals- uhhh-ditka/ http://www.someecards.com/usercards/ viewcard/MjAxMy00MzdlNjAzZjE2MWRkMjk0 http://www.marketingpilgrim.com/2013/08/google-glass- update-like-having-an-admin-assistant-on-your- shoulder.html http://www.aboutbradsugars.com/tag/executive-coaching/ http://themetapicture.com/schrodingers-cat/ http://www.mrlovenstein.com/comic/50 http://funny-pics.co/photo/funny-cat-cheering-up-dog/
34 / 33 We are hiring Always looking for techs who know their way around Puppet (or would like to) further the development of our homegrown infrastructure and tools will implement more technologies in our management ecosystem Visit us http://mpexnetworks.de/ueber-uns/jobs.html jobs@mpexnetworks.de
35 / 33 Bonus content!
36 / 33 Preferring new style class declaration the good thing about classes: they are singletons a class can be declared an arbitrary number of times Class parameterization a class with parameters must be one of a kind multiple declarations with different parameters just as contradictory as with resources (or more so) Additional fun declaration using include implies all parameters use their respective default value does not mix with new style class { } declaration mixing is allowed but only with all include statements before the class { } more parse order dependencies (yay!)

Recomendados

Replacing "exec" with a type and provider: Return manifests to a declarative ...
Replacing "exec" with a type and provider: Return manifests to a declarative ...Replacing "exec" with a type and provider: Return manifests to a declarative ...
Replacing "exec" with a type and provider: Return manifests to a declarative ...Puppet
 
Can you upgrade to Puppet 4.x? (Beginner) Can you upgrade to Puppet 4.x? (Beg...
Can you upgrade to Puppet 4.x? (Beginner) Can you upgrade to Puppet 4.x? (Beg...Can you upgrade to Puppet 4.x? (Beginner) Can you upgrade to Puppet 4.x? (Beg...
Can you upgrade to Puppet 4.x? (Beginner) Can you upgrade to Puppet 4.x? (Beg...Puppet
 
Power of Puppet 4
Power of Puppet 4Power of Puppet 4
Power of Puppet 4Martin Alfke
 
Can you upgrade to Puppet 4.x?
Can you upgrade to Puppet 4.x?Can you upgrade to Puppet 4.x?
Can you upgrade to Puppet 4.x?Martin Alfke
 
Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...
Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...
Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...Puppet
 
Anatomy of a reusable module
Anatomy of a reusable moduleAnatomy of a reusable module
Anatomy of a reusable moduleAlessandro Franceschi
 
Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)
Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)
Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)Robert Nelson
 
Puppet @ Seat
Puppet @ SeatPuppet @ Seat
Puppet @ SeatAlessandro Franceschi
 

Recomendados

Replacing "exec" with a type and provider: Return manifests to a declarative ...
Replacing "exec" with a type and provider: Return manifests to a declarative ...Replacing "exec" with a type and provider: Return manifests to a declarative ...
Replacing "exec" with a type and provider: Return manifests to a declarative ...Puppet
 
Can you upgrade to Puppet 4.x? (Beginner) Can you upgrade to Puppet 4.x? (Beg...
Can you upgrade to Puppet 4.x? (Beginner) Can you upgrade to Puppet 4.x? (Beg...Can you upgrade to Puppet 4.x? (Beginner) Can you upgrade to Puppet 4.x? (Beg...
Can you upgrade to Puppet 4.x? (Beginner) Can you upgrade to Puppet 4.x? (Beg...Puppet
 
Power of Puppet 4
Power of Puppet 4Power of Puppet 4
Power of Puppet 4Martin Alfke
 
Can you upgrade to Puppet 4.x?
Can you upgrade to Puppet 4.x?Can you upgrade to Puppet 4.x?
Can you upgrade to Puppet 4.x?Martin Alfke
 
Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...
Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...
Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...Puppet
 
Anatomy of a reusable module
Anatomy of a reusable moduleAnatomy of a reusable module
Anatomy of a reusable moduleAlessandro Franceschi
 
Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)
Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)
Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)Robert Nelson
 
Puppet @ Seat
Puppet @ SeatPuppet @ Seat
Puppet @ SeatAlessandro Franceschi
 
Puppet modules for Fun and Profit
Puppet modules for Fun and ProfitPuppet modules for Fun and Profit
Puppet modules for Fun and ProfitAlessandro Franceschi
 
Memory Manglement in Raku
Memory Manglement in RakuMemory Manglement in Raku
Memory Manglement in RakuWorkhorse Computing
 
Puppi. Puppet strings to the shell
Puppi. Puppet strings to the shellPuppi. Puppet strings to the shell
Puppi. Puppet strings to the shellAlessandro Franceschi
 
BSDM with BASH: Command Interpolation
BSDM with BASH: Command InterpolationBSDM with BASH: Command Interpolation
BSDM with BASH: Command InterpolationWorkhorse Computing
 
Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011Puppet
 
ReUse Your (Puppet) Modules!
ReUse Your (Puppet) Modules!ReUse Your (Puppet) Modules!
ReUse Your (Puppet) Modules!Alessandro Franceschi
 
Spl in the wild
Spl in the wildSpl in the wild
Spl in the wildElizabeth Smith
 
BASH Variables Part 1: Basic Interpolation
BASH Variables Part 1: Basic InterpolationBASH Variables Part 1: Basic Interpolation
BASH Variables Part 1: Basic InterpolationWorkhorse Computing
 
PL/Perl - New Features in PostgreSQL 9.0 201012
PL/Perl - New Features in PostgreSQL 9.0 201012PL/Perl - New Features in PostgreSQL 9.0 201012
PL/Perl - New Features in PostgreSQL 9.0 201012Tim Bunce
 
Puppet modules: An Holistic Approach
Puppet modules: An Holistic ApproachPuppet modules: An Holistic Approach
Puppet modules: An Holistic ApproachAlessandro Franceschi
 
PL/Perl - New Features in PostgreSQL 9.0
PL/Perl - New Features in PostgreSQL 9.0PL/Perl - New Features in PostgreSQL 9.0
PL/Perl - New Features in PostgreSQL 9.0Tim Bunce
 
Keeping objects healthy with Object::Exercise.
Keeping objects healthy with Object::Exercise.Keeping objects healthy with Object::Exercise.
Keeping objects healthy with Object::Exercise.Workhorse Computing
 
SPL to the Rescue - Tek 09
SPL to the Rescue - Tek 09SPL to the Rescue - Tek 09
SPL to the Rescue - Tek 09Elizabeth Smith
 
Working with databases in Perl
Working with databases in PerlWorking with databases in Perl
Working with databases in PerlLaurent Dami
 
PECL Picks - Extensions to make your life better
PECL Picks - Extensions to make your life betterPECL Picks - Extensions to make your life better
PECL Picks - Extensions to make your life betterZendCon
 
Puppet for Sys Admins
Puppet for Sys AdminsPuppet for Sys Admins
Puppet for Sys AdminsPuppet
 
Metadata-driven Testing
Metadata-driven TestingMetadata-driven Testing
Metadata-driven TestingWorkhorse Computing
 
Perl Dist::Surveyor 2011
Perl Dist::Surveyor 2011Perl Dist::Surveyor 2011
Perl Dist::Surveyor 2011Tim Bunce
 
Puppet camp chicago-automated_testing2
Puppet camp chicago-automated_testing2Puppet camp chicago-automated_testing2
Puppet camp chicago-automated_testing2nottings
 
Spl to the Rescue - Zendcon 09
Spl to the Rescue - Zendcon 09Spl to the Rescue - Zendcon 09
Spl to the Rescue - Zendcon 09Elizabeth Smith
 
[C++] The Curiously Recurring Template Pattern: Static Polymorphsim and Expre...
[C++] The Curiously Recurring Template Pattern: Static Polymorphsim and Expre...[C++] The Curiously Recurring Template Pattern: Static Polymorphsim and Expre...
[C++] The Curiously Recurring Template Pattern: Static Polymorphsim and Expre...Francesco Casalegno
 
Symfony finally swiped right on envvars
Symfony finally swiped right on envvarsSymfony finally swiped right on envvars
Symfony finally swiped right on envvarsSam Marley-Jarrett
 

Más contenido relacionado

La actualidad más candente

BSDM with BASH: Command Interpolation
BSDM with BASH: Command InterpolationBSDM with BASH: Command Interpolation
BSDM with BASH: Command InterpolationWorkhorse Computing
 
Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011Puppet
 
BASH Variables Part 1: Basic Interpolation
BASH Variables Part 1: Basic InterpolationBASH Variables Part 1: Basic Interpolation
BASH Variables Part 1: Basic InterpolationWorkhorse Computing
 
PL/Perl - New Features in PostgreSQL 9.0 201012
PL/Perl - New Features in PostgreSQL 9.0 201012PL/Perl - New Features in PostgreSQL 9.0 201012
PL/Perl - New Features in PostgreSQL 9.0 201012Tim Bunce
 
Puppet modules: An Holistic Approach
Puppet modules: An Holistic ApproachPuppet modules: An Holistic Approach
Puppet modules: An Holistic ApproachAlessandro Franceschi
 
PL/Perl - New Features in PostgreSQL 9.0
PL/Perl - New Features in PostgreSQL 9.0PL/Perl - New Features in PostgreSQL 9.0
PL/Perl - New Features in PostgreSQL 9.0Tim Bunce
 
Keeping objects healthy with Object::Exercise.
Keeping objects healthy with Object::Exercise.Keeping objects healthy with Object::Exercise.
Keeping objects healthy with Object::Exercise.Workhorse Computing
 
SPL to the Rescue - Tek 09
SPL to the Rescue - Tek 09SPL to the Rescue - Tek 09
SPL to the Rescue - Tek 09Elizabeth Smith
 
Working with databases in Perl
Working with databases in PerlWorking with databases in Perl
Working with databases in PerlLaurent Dami
 
PECL Picks - Extensions to make your life better
PECL Picks - Extensions to make your life betterPECL Picks - Extensions to make your life better
PECL Picks - Extensions to make your life betterZendCon
 
Puppet for Sys Admins
Puppet for Sys AdminsPuppet for Sys Admins
Puppet for Sys AdminsPuppet
 
Perl Dist::Surveyor 2011
Perl Dist::Surveyor 2011Perl Dist::Surveyor 2011
Perl Dist::Surveyor 2011Tim Bunce
 
Puppet camp chicago-automated_testing2
Puppet camp chicago-automated_testing2Puppet camp chicago-automated_testing2
Puppet camp chicago-automated_testing2nottings
 
Spl to the Rescue - Zendcon 09
Spl to the Rescue - Zendcon 09Spl to the Rescue - Zendcon 09
Spl to the Rescue - Zendcon 09Elizabeth Smith
 

La actualidad más candente (20)

Puppet modules for Fun and Profit
Puppet modules for Fun and ProfitPuppet modules for Fun and Profit
Puppet modules for Fun and Profit
 
Memory Manglement in Raku
Memory Manglement in RakuMemory Manglement in Raku
Memory Manglement in Raku
 
Puppi. Puppet strings to the shell
Puppi. Puppet strings to the shellPuppi. Puppet strings to the shell
Puppi. Puppet strings to the shell
 
BSDM with BASH: Command Interpolation
BSDM with BASH: Command InterpolationBSDM with BASH: Command Interpolation
BSDM with BASH: Command Interpolation
 
Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011
 
ReUse Your (Puppet) Modules!
ReUse Your (Puppet) Modules!ReUse Your (Puppet) Modules!
ReUse Your (Puppet) Modules!
 
Spl in the wild
Spl in the wildSpl in the wild
Spl in the wild
 
BASH Variables Part 1: Basic Interpolation
BASH Variables Part 1: Basic InterpolationBASH Variables Part 1: Basic Interpolation
BASH Variables Part 1: Basic Interpolation
 
PL/Perl - New Features in PostgreSQL 9.0 201012
PL/Perl - New Features in PostgreSQL 9.0 201012PL/Perl - New Features in PostgreSQL 9.0 201012
PL/Perl - New Features in PostgreSQL 9.0 201012
 
Puppet modules: An Holistic Approach
Puppet modules: An Holistic ApproachPuppet modules: An Holistic Approach
Puppet modules: An Holistic Approach
 
PL/Perl - New Features in PostgreSQL 9.0
PL/Perl - New Features in PostgreSQL 9.0PL/Perl - New Features in PostgreSQL 9.0
PL/Perl - New Features in PostgreSQL 9.0
 
Keeping objects healthy with Object::Exercise.
Keeping objects healthy with Object::Exercise.Keeping objects healthy with Object::Exercise.
Keeping objects healthy with Object::Exercise.
 
SPL to the Rescue - Tek 09
SPL to the Rescue - Tek 09SPL to the Rescue - Tek 09
SPL to the Rescue - Tek 09
 
Working with databases in Perl
Working with databases in PerlWorking with databases in Perl
Working with databases in Perl
 
PECL Picks - Extensions to make your life better
PECL Picks - Extensions to make your life betterPECL Picks - Extensions to make your life better
PECL Picks - Extensions to make your life better
 
Puppet for Sys Admins
Puppet for Sys AdminsPuppet for Sys Admins
Puppet for Sys Admins
 
Metadata-driven Testing
Metadata-driven TestingMetadata-driven Testing
Metadata-driven Testing
 
Perl Dist::Surveyor 2011
Perl Dist::Surveyor 2011Perl Dist::Surveyor 2011
Perl Dist::Surveyor 2011
 
Puppet camp chicago-automated_testing2
Puppet camp chicago-automated_testing2Puppet camp chicago-automated_testing2
Puppet camp chicago-automated_testing2
 
Spl to the Rescue - Zendcon 09
Spl to the Rescue - Zendcon 09Spl to the Rescue - Zendcon 09
Spl to the Rescue - Zendcon 09
 

Similar a Doing It Wrong with Puppet: Anti-patterns, Pitfalls and Bad Practices

[C++] The Curiously Recurring Template Pattern: Static Polymorphsim and Expre...
[C++] The Curiously Recurring Template Pattern: Static Polymorphsim and Expre...[C++] The Curiously Recurring Template Pattern: Static Polymorphsim and Expre...
[C++] The Curiously Recurring Template Pattern: Static Polymorphsim and Expre...Francesco Casalegno
 
Symfony finally swiped right on envvars
Symfony finally swiped right on envvarsSymfony finally swiped right on envvars
Symfony finally swiped right on envvarsSam Marley-Jarrett
 
FAIR Projector Builder
FAIR Projector BuilderFAIR Projector Builder
FAIR Projector BuilderMark Wilkinson
 
The Naked Bundle - Symfony Usergroup Belgium
The Naked Bundle - Symfony Usergroup BelgiumThe Naked Bundle - Symfony Usergroup Belgium
The Naked Bundle - Symfony Usergroup BelgiumMatthias Noback
 
Developing IT infrastructures with Puppet
Developing IT infrastructures with PuppetDeveloping IT infrastructures with Puppet
Developing IT infrastructures with PuppetAlessandro Franceschi
 
02 c++g3 d
02 c++g3 d02 c++g3 d
02 c++g3 dmahago
 
The Naked Bundle - Symfony Barcelona
The Naked Bundle - Symfony BarcelonaThe Naked Bundle - Symfony Barcelona
The Naked Bundle - Symfony BarcelonaMatthias Noback
 
PuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into OperationsPuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into Operationsgrim_radical
 
Terraform modules restructured
Terraform modules restructuredTerraform modules restructured
Terraform modules restructuredAmi Mahloof
 
Terraform Modules Restructured
Terraform Modules RestructuredTerraform Modules Restructured
Terraform Modules RestructuredDoiT International
 
Java Hates Linux. Deal With It.
Java Hates Linux. Deal With It.Java Hates Linux. Deal With It.
Java Hates Linux. Deal With It.Greg Banks
 
The Naked Bundle - Symfony Live London 2014
The Naked Bundle - Symfony Live London 2014The Naked Bundle - Symfony Live London 2014
The Naked Bundle - Symfony Live London 2014Matthias Noback
 
These questions will be a bit advanced level 2
These questions will be a bit advanced level 2These questions will be a bit advanced level 2
These questions will be a bit advanced level 2sadhana312471
 
Everything You Always Wanted to Know About Memory in Python - But Were Afraid...
Everything You Always Wanted to Know About Memory in Python - But Were Afraid...Everything You Always Wanted to Know About Memory in Python - But Were Afraid...
Everything You Always Wanted to Know About Memory in Python - But Were Afraid...Piotr Przymus
 
FLOW3 Tutorial - T3CON11 Frankfurt
FLOW3 Tutorial - T3CON11 FrankfurtFLOW3 Tutorial - T3CON11 Frankfurt
FLOW3 Tutorial - T3CON11 FrankfurtRobert Lemke
 

Similar a Doing It Wrong with Puppet: Anti-patterns, Pitfalls and Bad Practices (20)

[C++] The Curiously Recurring Template Pattern: Static Polymorphsim and Expre...
[C++] The Curiously Recurring Template Pattern: Static Polymorphsim and Expre...[C++] The Curiously Recurring Template Pattern: Static Polymorphsim and Expre...
[C++] The Curiously Recurring Template Pattern: Static Polymorphsim and Expre...
 
Symfony finally swiped right on envvars
Symfony finally swiped right on envvarsSymfony finally swiped right on envvars
Symfony finally swiped right on envvars
 
FAIR Projector Builder
FAIR Projector BuilderFAIR Projector Builder
FAIR Projector Builder
 
The Naked Bundle - Symfony Usergroup Belgium
The Naked Bundle - Symfony Usergroup BelgiumThe Naked Bundle - Symfony Usergroup Belgium
The Naked Bundle - Symfony Usergroup Belgium
 
Developing IT infrastructures with Puppet
Developing IT infrastructures with PuppetDeveloping IT infrastructures with Puppet
Developing IT infrastructures with Puppet
 
02 c++g3 d
02 c++g3 d02 c++g3 d
02 c++g3 d
 
The Naked Bundle - Symfony Barcelona
The Naked Bundle - Symfony BarcelonaThe Naked Bundle - Symfony Barcelona
The Naked Bundle - Symfony Barcelona
 
PuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into OperationsPuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into Operations
 
Terraform modules restructured
Terraform modules restructuredTerraform modules restructured
Terraform modules restructured
 
Terraform Modules Restructured
Terraform Modules RestructuredTerraform Modules Restructured
Terraform Modules Restructured
 
Java Hates Linux. Deal With It.
Java Hates Linux. Deal With It.Java Hates Linux. Deal With It.
Java Hates Linux. Deal With It.
 
Andy On Closures
Andy On ClosuresAndy On Closures
Andy On Closures
 
The Naked Bundle - Symfony Live London 2014
The Naked Bundle - Symfony Live London 2014The Naked Bundle - Symfony Live London 2014
The Naked Bundle - Symfony Live London 2014
 
Perl 20tips
Perl 20tipsPerl 20tips
Perl 20tips
 
These questions will be a bit advanced level 2
These questions will be a bit advanced level 2These questions will be a bit advanced level 2
These questions will be a bit advanced level 2
 
backend
backendbackend
backend
 
backend
backendbackend
backend
 
Gdd pydp
Gdd pydpGdd pydp
Gdd pydp
 
Everything You Always Wanted to Know About Memory in Python - But Were Afraid...
Everything You Always Wanted to Know About Memory in Python - But Were Afraid...Everything You Always Wanted to Know About Memory in Python - But Were Afraid...
Everything You Always Wanted to Know About Memory in Python - But Were Afraid...
 
FLOW3 Tutorial - T3CON11 Frankfurt
FLOW3 Tutorial - T3CON11 FrankfurtFLOW3 Tutorial - T3CON11 Frankfurt
FLOW3 Tutorial - T3CON11 Frankfurt
 

Más de Puppet

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyamlPuppet
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)Puppet
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscodePuppet
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twentiesPuppet
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codePuppet
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approachPuppet
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationPuppet
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliancePuppet
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowPuppet
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Puppet
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppetPuppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkPuppet
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping groundPuppet
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy SoftwarePuppet
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User GroupPuppet
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsPuppet
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyPuppet
 

Más de Puppet (20)

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyaml
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscode
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance code
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden Windows
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael Pinson
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping ground
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User Group
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOps
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
 

Último

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 

Último (20)

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 

Doing It Wrong with Puppet: Anti-patterns, Pitfalls and Bad Practices

  • 1. 1 / 33 Doing It Wrong with Puppet A small collection of anti-patterns, pitfalls and bad practices Felix Frank PuppetCamp Berlin 2014 April 11, 2014
  • 2. 2 / 33 Bio Felix Frank 2004 – 2009 sysadmin and FOSS dev at DESY 2009 CS diploma at Tech Uni since 2009 Puppeteer at – we are a company that manages complex IT systems and services for business customers hosts a sizable server fleet relies on Puppet and git consequently
  • 3. 3 / 33 Agenda Use boolean facts Expect C-like values for parameters Make excessive use of “if defined()” Use large numbers of execs Rely on dynamic scoping
  • 4. 4 / 33 Use boolean values for facts On wanton ambiguity in your tool chain
  • 5. 5 / 33 False is relative Consider this fact is virtual: true or false Broken manifest I if ! $::is virtual { include hardware monitoring } Broken manifest II if $::is virtual != false { include hardware monitoring } Stupid manifest if $::is virtual != "false" { include hardware monitoring }
  • 6. 6 / 33 Some background True values in the puppet DSL true or any non-empty string Limitation in facter 1.x master agent fact value fact code ruby as String Correct way to implement such facts return the empty string for false
  • 7. 7 / 33 It’s gonna be the future soon Facter 2 will allow boolean and other values widespread adoption quite far off still
  • 8. 8 / 33 Up next Use boolean facts Expect C-like values for parameters Make excessive use of “if defined()” Use large numbers of execs Rely on dynamic scoping
  • 9. 9 / 33 Expect C-like values for parameters Or: treating Puppet like a scripting language pt. 1
  • 10. 10 / 33 The Perl trap The puppet user base . . . comprises lots of admins with *NIX backgrounds . . . also writes plenty of Shell and Perl scripts (also C) . . . and these languages have no pure boolean values True values e.g. in Puppet “foo”, any array, typically true in Perl “foo”, non-empty array, typically 1 False values e.g. in Puppet empty string, undef, false in Perl empty string/array/hash, typically 0
  • 11. 11 / 33 Building confusing modules define server module($enabled=0) { $dir = "/etc/..." file { "$dir/$title.conf": ...} if $enabled == 1 { ...# take some action } } inevitable WTF moment server module { "foo": enabled => true } handled by documentation at best, and likely not until after the fact
  • 12. 12 / 33 Up next Use boolean facts Expect C-like values for parameters Make excessive use of “if defined()” Use large numbers of execs Rely on dynamic scoping
  • 13. 13 / 33 Make excessive use of “if defined()” A tale of borderline non-determinism
  • 14. 14 / 33 A common problem Several modules will sometimes have to manage a common set or resources a subtree of /etc of mutual interest a package for required functionality etc. The naive implementation won’t work because Puppet doesn’t allow multiple declaration of the same resource class php { ... package { "imagemagick": ensure => present } } class tomcat { ... package { "imagemagick": ensure => present } }
  • 15. 15 / 33 A common workaround Protect declarations with a function call class php { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present } } } class tomcat { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present } } }
  • 16. 16 / 33 A possible issue with that There is no protection against contradiction class php { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present } } } class graphicsmagick { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => absent } } }
  • 17. 17 / 33 A more likely scenario It’s easy to lose metaparameters class php { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present, require => File[...] } } } class tomcat { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present, notify => Exec[...] } } }
  • 18. 18 / 33 By the way. . . The latter issue can be worked around class php { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present, require => File[...] } } else { Package<| title == "imagemagick" |> { require +> File[...] } } }
  • 19. 19 / 33 A word about stdlib puppetlabs-stdlib, a collection of helpful parser functions In theory, ensure resource() solves this more cleanly class php { ensure resource( ‘package’, ‘imagemagick’, { ensure => present } ) } avoids conflicts for basic properties more expressive power It cannot solve the whole problem though issue with metaparameters remains pertains to possible additional properties as well only slightly superior to if defined()
  • 20. 20 / 33 The ideal(ized) solution Wrapper classes for shared dependencies class php { include imagemagick } class tomcat { include imagemagick } still won’t allow the easy handling of metaparameters etc. but you won’t even be tempted to try just require/subscribe/notify/. . . the class contradictions are not addressed but there is no sensible way to do that How is this better then? the manifest has clear, nonambiguous semantics parse order dependencies avoided, see final slides (virtual resources work too, but less flexibly)
  • 21. 21 / 33 Up next Use boolean facts Expect C-like values for parameters Make excessive use of “if defined()” Use large numbers of execs Rely on dynamic scoping
  • 22. 22 / 33 Use large numbers of execs Or: treating Puppet like a scripting language pt. 2
  • 23. 23 / 33 Implementing a HOWTO in a manifest Setting up software often comprises editing files running scripts and programs . . . and often both of them in a set and mingled order it can be tempting to translate this verbatim exec { "curl http://... >/tmp/...": creates => "..." } -> exec { "unzip /tmp/...": creates => "/usr/local/..." } -> file { "/usr/local/.../etc/...": content => template(...) } -> exec { "/usr/local/...": ... } -> ...
  • 24. 24 / 33 So what? Problems with this approach (likely among others) contradicts Puppet’s idea of resources the catalog becomes complex with items and relationships leads to plentiful error output in case of problems A more maintainable pattern consists of a monolithic, robust script to perform all setup either templated or with a managed config file a single exec resource to invoke it with precise condition(s) for when to run or better yet: create a deb or rpm package Also – a quick word on refreshonly nice antipattern: use it to run script after retrieving it prone for false positives and lost events
  • 25. 25 / 33 So remember A small mnemonic
  • 26. 26 / 33 Up next Use boolean facts Expect C-like values for parameters Make excessive use of “if defined()” Use large numbers of execs Rely on dynamic scoping
  • 27. 27 / 33 Rely on dynamic scoping Or: how to jumble up your own manifest’s opinions . . . which is another bout with nondeterminism
  • 28. 28 / 33 Brief review Dynamic scoping in Puppet 2.x mainly for variable values class foo { $limited = true include bar } class bar { if $limited { ... } } in Puppet 3.x only for resource defaults class foo { File { ensure => present } include bar }
  • 29. 29 / 33 The jumble role::webserver apache tcpserver sysctl apache tcpserver sysctlsysctl include include include File { mode => 644 } thread optimization include include File { mode => 640 } thread optimization which default is in effect for sysctl? either, depending on parse order
  • 30. 30 / 33 Mitigation? Idea: just take care that the parse order is correct only possible in very confined class structures scopes are generally too complex scopes of classes late in the chain change through unexpected factors
  • 31. 31 / 33 Mixing things up scopes of classes late in the chain change through inclusion of more classes removal of one or more classes refactoring of manifests
  • 32. 32 / 33 Conclusion Avoid! parameters and Hiera will get you there much safer You may want to move away from dynamic scopes anyway they will likely get deprecated and removed
  • 33. 33 / 33 Thanks for your attention Image sources https://www.pinterest.com/pin/418553359088246576/ http://www.kulfoto.com/funny-pictures/17395/its-called- wireless-tech-and-its-the-future http://www.cacbasketball.com/b2-5v5-unification-finals- uhhh-ditka/ http://www.someecards.com/usercards/ viewcard/MjAxMy00MzdlNjAzZjE2MWRkMjk0 http://www.marketingpilgrim.com/2013/08/google-glass- update-like-having-an-admin-assistant-on-your- shoulder.html http://www.aboutbradsugars.com/tag/executive-coaching/ http://themetapicture.com/schrodingers-cat/ http://www.mrlovenstein.com/comic/50 http://funny-pics.co/photo/funny-cat-cheering-up-dog/
  • 34. 34 / 33 We are hiring Always looking for techs who know their way around Puppet (or would like to) further the development of our homegrown infrastructure and tools will implement more technologies in our management ecosystem Visit us http://mpexnetworks.de/ueber-uns/jobs.html jobs@mpexnetworks.de
  • 35. 35 / 33 Bonus content!
  • 36. 36 / 33 Preferring new style class declaration the good thing about classes: they are singletons a class can be declared an arbitrary number of times Class parameterization a class with parameters must be one of a kind multiple declarations with different parameters just as contradictory as with resources (or more so) Additional fun declaration using include implies all parameters use their respective default value does not mix with new style class { } declaration mixing is allowed but only with all include statements before the class { } more parse order dependencies (yay!)