This document summarizes the University of Saskatchewan's experience implementing Puppet for infrastructure automation. It outlines how they established an architecture team and ramped up Puppet use over time. They moved to using Git for code management and established workflows for development, testing, and production. The document also discusses lessons learned around custom facts, long-lived branches, and working with different teams. It concludes by noting areas still needing improvement and potential future uses of Puppet for things like dynamic environments and compliance.

1. The Long, Twisty
Road to
Automation:
Implementing Puppet at the University
of Saskatchewan

2. environment
how
lessons
future
2

3. environment
3

4. service catalog
Alumni and
Advancement
Consumer
Information
Facilities
Mangement
Library Systems
Application
Development
Content and
Collaboration
Finance and
Procurement
Printing Services
Assesment
Services
Device Management Human Resources Relationship
Management
BroadCast and
Streaming
Email and
Calendering
Identity and Access Reporting, Data
and Analytics
Classroom
Technology
Emergency
Notification
Learning
Management
Research
Computing
Communications E-Portfolio Lecture Capture Storage
4

5. application catalog
5

6. before
• templates
• automation
• group policy
• scripts
• manual documentation
6

7. challenges
● change control
● culture change
● development/test/production
● ill defined standards
● silos
7

8. why bother
8

9. we have problems
• speed up deployment.
• configuration drift
• standardize
• troubleshooting
9

10. how
10

11. getting started
• weekly architecture team meetings
• puppet ramp up project
• on site training
11

12. puppet architecture
# production branch control-repo/PuppetFile
forge http://forge.puppetlabs.com
# Modules from the Puppet Forge
mod "puppetlabs/inifile", '1.4.2‘
# systems written modules
moduledir 'site-modules/systems'
mod 'profiles',
:git => 'git@git.usask.ca:puppet/profiles.git',
:ref => 'production'
mod 'roles',
:git => 'git@git.usask.ca:puppet/roles.git',
:ref => 'production'
12

13. initial git code workflow
13
production
test
development
merge
merge

14. better git code workflow
1414
production
test
development
merge
merge
feature
merge

15. 15

16. class roles::analytics {
include profiles::base_rhel
include profiles::apache
include profiles::mod_auth_cas
include profiles::mysql
::apache::mod { 'auth_basic': }
::apache::mod { 'authn_file': }
class { 'profiles::php':
display_errors => 'Off',
display_startup_errors => 'On',
track_errors => 'On',
}
class profiles::mod_auth_cas {
package { 'sds-mod_auth_cas': ensure =>
'installed',}
file { '/etc/httpd/conf.d/
z50_mod_auth_cas.conf':
ensure => present,
require => Package['httpd'],
content => '# CAS setup
LoadModule auth_cas_module modules/
mod_auth_cas.so
CASCookiePath /var/mod_auth_cas/
CASLoginURL https://<redacted>/cas/login
CASValidateURL https://<redacted>/cas/
serviceValidate
CASTimeout 36000
CASIdleTimeout 3600
<Location /> CASScope / </Location>',}
16

17. class roles::cs_bookware_as {
case $::hostname {
/^books(dev|test)?$/: {
accounts::user {'SASK':
comment => 'Bookware application account',
home => '/home/SASK/USERS',
home_mode => '750',
}
/^booksdb(dev|test)?$/: {
postgresql::server::config_entry { 'max_connections' :
ensure => present,
value => '200',
}
17

18. 18

19. 19

20. useful mco commands
mco find –W profiles::apache
mco puppet disable "Investigating a problem with the apache module. -NF" -
C /profiles::apache/
mco package mariadb status
20

21. lessons
21

22. lessons learned
• confine custom facts by kernel
• confine :kernel => %w(Linux SunOS FreeBSD Darwin)
• https://puppet.com/blog/wsus-client-module-beginners-guide
• long lived branches make more work
• base_os generic role
22

23. more lessons
Windows
I can do that with a
gpo
Linux
I have to do a lot of
typing just to change
one file?
Dba’s
Thou shalt not play in
development
Service owners
How are you slower at
this.
23

24. Are we getting better?
24
• PCI DSS
• increase speed of deployment
• centrally managed system administrators
desktop

25. future
25

26. Room for improvement
• code review
• pull requests
• dynamic environments
• large number of role classes
• vRealize
26

27. Questions?
@linuxgurl
jennifer.hadley@usask.ca
27