SlideShare a Scribd company logo

So I Wrote a Manifest

Download as PPTX, PDF
Puppet
Puppet

Puppet Camp Melbourne 2015 by Ryan Armstrong of Kinetic IT

Technology
1 of 29
SO I WROTE A MANIFEST… What next? Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
WHAT TO AUTOMATE FIRST?
We shouldn’t be looking at each local area and trying to trim it. We should be trying to optimize the whole system - Eliyahu M. Goldratt Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
Project Start Server build request Change Mgmt Server build QA Firewallrequest Change Mgmt Database request Storage assessment Security assessment Firewall implementation Server build Presentation layer request App install QA Cap/Av assessment Change Mgmt Storage provisioning Storage request Change mgmt Database provisioning Load Balancer request Change mgmt LB Config provisioning Config mgmt Rev. Proxy config provisioing Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
Man Machine Method Measure Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
# install IIS core package { ‘IIS-CommonHttpFeatures’ : ensure => present, } THE METHOD Install the IIS Web server feature by navigating to Control Panel, Programs, Turn Windows Features on or off. Drill down to Internet Information Services, World Wide Web Services and tick Common HTTP Features. Click OK, OK. Validate the install by navigating to Administrative Tools, Services and ensure the World Wide Web service is started. Secondly open a web browser and navigate to http://localhost and ensure the IIS Welcome page is displayed. Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
THE MEASURE
THE MACHINE Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
THE MAN? OR WOMAN #WWCODE Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
Any improvements made anywhere besides the bottleneck are an illusion. - Gene Kim Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
Project Start Server build request Change Mgmt Server build QA Firewallrequest Change Mgmt Database request Storage assessment Security assessment Firewall implementation Server build Presentation layer request App install QA Cap/Av assessment Change Mgmt Storage provisioning Storage request Change mgmt Database provisioning Load Balancer request Change mgmt LB Config provisioning Config mgmt Rev. Proxy config provisioing Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
SOURCE CONTROL Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com Bug: Doc shot Branch: Fix Doc shooting Tag: Doc alive Bug: McFly Jr Jailed Tag: I’m OUT Griff Branch: Where we’re going… Branch: Almanac Bug: Biff rich! Branch: Took that guys wallet Tag: Almanac burned Release v1.0.0
HTTPS://WWW.ATLASSIAN.COM/GIT/ HTTP://ROGERDUDLER.GITHUB.IO/GIT-GUIDE/ Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
TYING MODULES TOGETHER Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com IIS 8.5 MVC .Net Choco Backup agent AV Agent SQL Server Log stash Zabbix agent WSUS httpd MySQL Bamboo agent Vmware tools Active MQ IIS 8.5 Java RE HA Proxy Tomcat Elastic Search PHP Redis
ROLES AND PROFILES Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com - org/ # ‘org’ module - .git/ # git database (hidden) - manifests/ - roles/ - my_app.pp # class org::role::my_app - profiles/ - iis85.pp # class org::profile::iis85 - mvc_net.pp # class org::profile::mvcnet - my_app.pp # class org::profile::my_app - resources/ - service_account.pp # define org::resources::service_account - ...
ROLES (BUSINESS LAYER) • Apply directly to a host (one per host) • Assigned in site.pp or ENC • May only contain profiles • Accepts no parameters # standard configuration for custom # MVC.Net application class org::roles::my_app { include ::org::profiles::iis85 include ::org::profiles::dotnet45 include ::org::profiles::mvc_net include ::org::profiles::my_app }
PROFILES (IMPLEMENTATION LAYER) • Only applied via Roles • Contains resources • May accept parameters from hiera • Parameters are defined with site specific defaults # standard IIS 8.5 configuration class org::profiles::iis85 ( $log_mount = ‘log_serverlogs’, ) { package { ‘IIS-CommonHttpFeatures’ : ensure => present, } ...
RESOURCES (COMPONENT LAYER) • Declared with define for repeating an implementation on a node E.g. User accounts • Only applied via Profiles • Complex resources should become their own module • Rarely used Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com # standard local service account define org::resources::svc_account ( $username = undef, $password = undef, ) { user { $username : ensure => present, password => $password, } ...
DATA • Applied via hiera • Only used when default parameter values are invalid • Target parameters in Profiles and external modules org::profiles::iis85::log_path: logs01logs org::profiles::my_app::database_server: myapp-db01 org::profiles::my_app::database_username: myapp org::profiles::my_app::database_password: P@ssw0Rd321
ROLES AND PROFILES • https://puppetlabs.com/presentations/designing-puppet-rolesprofiles-pattern • http://www.craigdunn.org/2012/05/239/ • http://garylarizza.com/blog/2014/02/17/puppet-workflow-part-2/ • http://sysadvent.blogspot.co.uk/2012/12/day-13-configuration-management-as- legos.html
MOVING FROM DEV TO PROD Needs: • Isolate landscapes using Puppet “Environments” • Definitive state for each environment • Module versions • Hiera data • Node classification (site.pp) • Import modules from multiple sources • Automation + audit trail please
R10K DYNAMIC ENVIRONMENTS • Puppet Environments reduced to one Git repo: r10k-control r10k-control GitLab
R10K DYNAMIC ENVIRONMENTS • Puppet Environments reduced to one Git repo: r10k-control • Each Environment becomes one git branch Dev Test Prod r10k-control GitLab
R10K DYNAMIC ENVIRONMENTS • Puppet Environments reduced to one Git repo: r10k-control • Each Environment becomes one git branch • Definitive list of module versions captured in a Puppetfile Dev Test Prod r10k-control Puppetfile Puppetfile Puppetfile GitLab
R10K DYNAMIC ENVIRONMENTS • Puppet Environments reduced to one Git repo: r10k-control • Each Environment becomes one git branch • Definitive list of module versions captured in a Puppetfile • Run r10k deploy environment -p to sync environments Dev Test Prod r10k-control Puppetfile Puppetfile Puppetfile GitLab
Dev Maste r Dev Test Prod r10k GitLab Prod Maste r Dev Test Prod r10k Dev Test Prod r10k-control Puppetfile Puppetfile Puppetfile Module s Prod Se rvers Te st Serve rsDev Serve rs
QUE? Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com

Recommended

Automating the Network
Automating the NetworkAutomating the Network
Automating the Network
Puppet
 
Puppet Camp London Fall 2015 - Service Discovery and Puppet
Puppet Camp London Fall 2015 - Service Discovery and PuppetPuppet Camp London Fall 2015 - Service Discovery and Puppet
Puppet Camp London Fall 2015 - Service Discovery and Puppet
Marc Cluet
 
Puppet in the Pipeline
Puppet in the PipelinePuppet in the Pipeline
Puppet in the Pipeline
Puppet
 
Quick and Solid - Baremetal on OpenStack | Rico Lin
Quick and Solid - Baremetal on OpenStack | Rico LinQuick and Solid - Baremetal on OpenStack | Rico Lin
Quick and Solid - Baremetal on OpenStack | Rico Lin
Vietnam Open Infrastructure User Group
 
Host Health Monitoring with Docker Run
Host Health Monitoring with Docker RunHost Health Monitoring with Docker Run
Host Health Monitoring with Docker Run
Noah Zoschke
 
Managing Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with AnsibleManaging Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with Ansible
fmaccioni
 
The Good Parts / The Hard Parts
The Good Parts / The Hard PartsThe Good Parts / The Hard Parts
The Good Parts / The Hard Parts
Noah Zoschke
 
Ansible-for-openstack
Ansible-for-openstackAnsible-for-openstack
Ansible-for-openstack
Udayendu Kar
 

Recommended

Automating the Network
Automating the NetworkAutomating the Network
Automating the Network
Puppet
 
Puppet Camp London Fall 2015 - Service Discovery and Puppet
Puppet Camp London Fall 2015 - Service Discovery and PuppetPuppet Camp London Fall 2015 - Service Discovery and Puppet
Puppet Camp London Fall 2015 - Service Discovery and Puppet
Marc Cluet
 
Puppet in the Pipeline
Puppet in the PipelinePuppet in the Pipeline
Puppet in the Pipeline
Puppet
 
Quick and Solid - Baremetal on OpenStack | Rico Lin
Quick and Solid - Baremetal on OpenStack | Rico LinQuick and Solid - Baremetal on OpenStack | Rico Lin
Quick and Solid - Baremetal on OpenStack | Rico Lin
Vietnam Open Infrastructure User Group
 
Host Health Monitoring with Docker Run
Host Health Monitoring with Docker RunHost Health Monitoring with Docker Run
Host Health Monitoring with Docker Run
Noah Zoschke
 
Managing Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with AnsibleManaging Your Cisco Datacenter Network with Ansible
Managing Your Cisco Datacenter Network with Ansible
fmaccioni
 
The Good Parts / The Hard Parts
The Good Parts / The Hard PartsThe Good Parts / The Hard Parts
The Good Parts / The Hard Parts
Noah Zoschke
 
Ansible-for-openstack
Ansible-for-openstackAnsible-for-openstack
Ansible-for-openstack
Udayendu Kar
 
Network Automation with Ansible
Network Automation with AnsibleNetwork Automation with Ansible
Network Automation with Ansible
Anas
 
Service discovery and puppet
Service discovery and puppetService discovery and puppet
Service discovery and puppet
Marc Cluet
 
Ansible Case Studies
Ansible Case StudiesAnsible Case Studies
Ansible Case Studies
Greg DeKoenigsberg
 
Salt conf 2014 - Using SaltStack in high availability environments
Salt conf 2014 - Using SaltStack in high availability environmentsSalt conf 2014 - Using SaltStack in high availability environments
Salt conf 2014 - Using SaltStack in high availability environments
Benjamin Cane
 
Deep drive into Nova
Deep drive into NovaDeep drive into Nova
Deep drive into Nova
Udayendu Kar
 
Mitchell Hashimoto, HashiCorp
Mitchell Hashimoto, HashiCorpMitchell Hashimoto, HashiCorp
Mitchell Hashimoto, HashiCorp
Ontico
 
Altitude SF 2017: Advanced VCL: Shielding and Clustering
Altitude SF 2017: Advanced VCL: Shielding and ClusteringAltitude SF 2017: Advanced VCL: Shielding and Clustering
Altitude SF 2017: Advanced VCL: Shielding and Clustering
Fastly
 
SaltConf14 - Eric johnson, Google - Orchestrating Google Compute Engine with ...
SaltConf14 - Eric johnson, Google - Orchestrating Google Compute Engine with ...SaltConf14 - Eric johnson, Google - Orchestrating Google Compute Engine with ...
SaltConf14 - Eric johnson, Google - Orchestrating Google Compute Engine with ...
SaltStack
 
Chef Provisioning a Chef Server Cluster - ChefConf 2015
Chef Provisioning a Chef Server Cluster - ChefConf 2015Chef Provisioning a Chef Server Cluster - ChefConf 2015
Chef Provisioning a Chef Server Cluster - ChefConf 2015
Chef
 
Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)
Richard Donkin
 
Kubernetes Boston — Custom High Availability of Kubernetes
Kubernetes Boston — Custom High Availability of KubernetesKubernetes Boston — Custom High Availability of Kubernetes
Kubernetes Boston — Custom High Availability of Kubernetes
Mike Splain
 
Microservices blue-green-deployment-with-docker
Microservices blue-green-deployment-with-dockerMicroservices blue-green-deployment-with-docker
Microservices blue-green-deployment-with-docker
Kidong Lee
 
Handling 10k requests per second with Symfony and Varnish - SymfonyCon Berlin...
Handling 10k requests per second with Symfony and Varnish - SymfonyCon Berlin...Handling 10k requests per second with Symfony and Varnish - SymfonyCon Berlin...
Handling 10k requests per second with Symfony and Varnish - SymfonyCon Berlin...
Alexander Lisachenko
 
Network automation (NetDevOps) with Ansible
Network automation (NetDevOps) with AnsibleNetwork automation (NetDevOps) with Ansible
Network automation (NetDevOps) with Ansible
Bangladesh Network Operators Group
 
A complete guide to Node.js
A complete guide to Node.jsA complete guide to Node.js
A complete guide to Node.js
Prabin Silwal
 
Ansible
AnsibleAnsible
Ansible
Raul Leite
 
Python Deployment with Fabric
Python Deployment with FabricPython Deployment with Fabric
Python Deployment with Fabric
andymccurdy
 
NLIT 2011: Chef & Capistrano
NLIT 2011: Chef & CapistranoNLIT 2011: Chef & Capistrano
NLIT 2011: Chef & Capistrano
nickblah
 
About Node.js
About Node.jsAbout Node.js
About Node.js
Artemisa Yescas Engler
 
Learn you some Ansible for great good!
Learn you some Ansible for great good!Learn you some Ansible for great good!
Learn you some Ansible for great good!
David Lapsley
 
Integrating Jira Software Cloud With the AWS Code Suite
Integrating Jira Software Cloud With the AWS Code SuiteIntegrating Jira Software Cloud With the AWS Code Suite
Integrating Jira Software Cloud With the AWS Code Suite
Atlassian
 
Building microservices sample application
Building microservices sample applicationBuilding microservices sample application
Building microservices sample application
Anil Allewar
 

More Related Content

What's hot

Python Deployment with Fabric
Python Deployment with FabricPython Deployment with Fabric
Python Deployment with Fabric
andymccurdy
 
NLIT 2011: Chef & Capistrano
NLIT 2011: Chef & CapistranoNLIT 2011: Chef & Capistrano
NLIT 2011: Chef & Capistrano
nickblah
 

What's hot (20)

Network Automation with Ansible
Network Automation with AnsibleNetwork Automation with Ansible
Network Automation with Ansible
 
Service discovery and puppet
Service discovery and puppetService discovery and puppet
Service discovery and puppet
 
Ansible Case Studies
Ansible Case StudiesAnsible Case Studies
Ansible Case Studies
 
Salt conf 2014 - Using SaltStack in high availability environments
Salt conf 2014 - Using SaltStack in high availability environmentsSalt conf 2014 - Using SaltStack in high availability environments
Salt conf 2014 - Using SaltStack in high availability environments
 
Deep drive into Nova
Deep drive into NovaDeep drive into Nova
Deep drive into Nova
 
Mitchell Hashimoto, HashiCorp
Mitchell Hashimoto, HashiCorpMitchell Hashimoto, HashiCorp
Mitchell Hashimoto, HashiCorp
 
Altitude SF 2017: Advanced VCL: Shielding and Clustering
Altitude SF 2017: Advanced VCL: Shielding and ClusteringAltitude SF 2017: Advanced VCL: Shielding and Clustering
Altitude SF 2017: Advanced VCL: Shielding and Clustering
 
SaltConf14 - Eric johnson, Google - Orchestrating Google Compute Engine with ...
SaltConf14 - Eric johnson, Google - Orchestrating Google Compute Engine with ...SaltConf14 - Eric johnson, Google - Orchestrating Google Compute Engine with ...
SaltConf14 - Eric johnson, Google - Orchestrating Google Compute Engine with ...
 
Chef Provisioning a Chef Server Cluster - ChefConf 2015
Chef Provisioning a Chef Server Cluster - ChefConf 2015Chef Provisioning a Chef Server Cluster - ChefConf 2015
Chef Provisioning a Chef Server Cluster - ChefConf 2015
 
Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)
 
Kubernetes Boston — Custom High Availability of Kubernetes
Kubernetes Boston — Custom High Availability of KubernetesKubernetes Boston — Custom High Availability of Kubernetes
Kubernetes Boston — Custom High Availability of Kubernetes
 
Microservices blue-green-deployment-with-docker
Microservices blue-green-deployment-with-dockerMicroservices blue-green-deployment-with-docker
Microservices blue-green-deployment-with-docker
 
Handling 10k requests per second with Symfony and Varnish - SymfonyCon Berlin...
Handling 10k requests per second with Symfony and Varnish - SymfonyCon Berlin...Handling 10k requests per second with Symfony and Varnish - SymfonyCon Berlin...
Handling 10k requests per second with Symfony and Varnish - SymfonyCon Berlin...
 
Network automation (NetDevOps) with Ansible
Network automation (NetDevOps) with AnsibleNetwork automation (NetDevOps) with Ansible
Network automation (NetDevOps) with Ansible
 
A complete guide to Node.js
A complete guide to Node.jsA complete guide to Node.js
A complete guide to Node.js
 
Ansible
AnsibleAnsible
Ansible
 
Python Deployment with Fabric
Python Deployment with FabricPython Deployment with Fabric
Python Deployment with Fabric
 
NLIT 2011: Chef & Capistrano
NLIT 2011: Chef & CapistranoNLIT 2011: Chef & Capistrano
NLIT 2011: Chef & Capistrano
 
About Node.js
About Node.jsAbout Node.js
About Node.js
 
Learn you some Ansible for great good!
Learn you some Ansible for great good!Learn you some Ansible for great good!
Learn you some Ansible for great good!
 

Similar to So I Wrote a Manifest

Integrating Jira Software Cloud With the AWS Code Suite
Integrating Jira Software Cloud With the AWS Code SuiteIntegrating Jira Software Cloud With the AWS Code Suite
Integrating Jira Software Cloud With the AWS Code Suite
Atlassian
 
Spring Cloud: API gateway upgrade & configuration in the cloud
Spring Cloud: API gateway upgrade & configuration in the cloudSpring Cloud: API gateway upgrade & configuration in the cloud
Spring Cloud: API gateway upgrade & configuration in the cloud
Orkhan Gasimov
 
How to Contribute to Apache Usergrid
How to Contribute to Apache UsergridHow to Contribute to Apache Usergrid
How to Contribute to Apache Usergrid
David M. Johnson
 

Similar to So I Wrote a Manifest (20)

Integrating Jira Software Cloud With the AWS Code Suite
Integrating Jira Software Cloud With the AWS Code SuiteIntegrating Jira Software Cloud With the AWS Code Suite
Integrating Jira Software Cloud With the AWS Code Suite
 
Building microservices sample application
Building microservices sample applicationBuilding microservices sample application
Building microservices sample application
 
Iac d.damyanov 4.pptx
Iac d.damyanov 4.pptxIac d.damyanov 4.pptx
Iac d.damyanov 4.pptx
 
Software as a Service workshop / Unlocked: the Hybrid Cloud 12th May 2014
Software as a Service workshop / Unlocked: the Hybrid Cloud 12th May 2014Software as a Service workshop / Unlocked: the Hybrid Cloud 12th May 2014
Software as a Service workshop / Unlocked: the Hybrid Cloud 12th May 2014
 
Well-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionWell-Architected for Security: Advanced Session
Well-Architected for Security: Advanced Session
 
Pyramid Deployment and Maintenance
Pyramid Deployment and MaintenancePyramid Deployment and Maintenance
Pyramid Deployment and Maintenance
 
Externalized Distributed Configuration Management with Spring Cloud Config-Se...
Externalized Distributed Configuration Management with Spring Cloud Config-Se...Externalized Distributed Configuration Management with Spring Cloud Config-Se...
Externalized Distributed Configuration Management with Spring Cloud Config-Se...
 
AAI-3218 Production Deployment Best Practices for WebSphere Liberty Profile
AAI-3218 Production Deployment Best Practices for WebSphere Liberty ProfileAAI-3218 Production Deployment Best Practices for WebSphere Liberty Profile
AAI-3218 Production Deployment Best Practices for WebSphere Liberty Profile
 
Pyramid deployment
Pyramid deploymentPyramid deployment
Pyramid deployment
 
Serverless in production, an experience report (Going Serverless)
Serverless in production, an experience report (Going Serverless)Serverless in production, an experience report (Going Serverless)
Serverless in production, an experience report (Going Serverless)
 
Serverless in production, an experience report (JeffConf)
Serverless in production, an experience report (JeffConf)Serverless in production, an experience report (JeffConf)
Serverless in production, an experience report (JeffConf)
 
dokumen.tips_rediscovering-spring-with-spring-boot1 (1).pdf
dokumen.tips_rediscovering-spring-with-spring-boot1 (1).pdfdokumen.tips_rediscovering-spring-with-spring-boot1 (1).pdf
dokumen.tips_rediscovering-spring-with-spring-boot1 (1).pdf
 
dokumen.tips_rediscovering-spring-with-spring-boot1.pdf
dokumen.tips_rediscovering-spring-with-spring-boot1.pdfdokumen.tips_rediscovering-spring-with-spring-boot1.pdf
dokumen.tips_rediscovering-spring-with-spring-boot1.pdf
 
21 05-2018
21 05-201821 05-2018
21 05-2018
 
6 tips for improving ruby performance
6 tips for improving ruby performance6 tips for improving ruby performance
6 tips for improving ruby performance
 
Spring Cloud: API gateway upgrade & configuration in the cloud
Spring Cloud: API gateway upgrade & configuration in the cloudSpring Cloud: API gateway upgrade & configuration in the cloud
Spring Cloud: API gateway upgrade & configuration in the cloud
 
Continuous Delivery: How RightScale Releases Weekly
Continuous Delivery: How RightScale Releases WeeklyContinuous Delivery: How RightScale Releases Weekly
Continuous Delivery: How RightScale Releases Weekly
 
IBM Cloud University: Build, Deploy and Scale Node.js Microservices
IBM Cloud University: Build, Deploy and Scale Node.js MicroservicesIBM Cloud University: Build, Deploy and Scale Node.js Microservices
IBM Cloud University: Build, Deploy and Scale Node.js Microservices
 
How to Contribute to Apache Usergrid
How to Contribute to Apache UsergridHow to Contribute to Apache Usergrid
How to Contribute to Apache Usergrid
 
Moving a Windows environment to the cloud - DevOps Galway Meetup
Moving a Windows environment to the cloud - DevOps Galway MeetupMoving a Windows environment to the cloud - DevOps Galway Meetup
Moving a Windows environment to the cloud - DevOps Galway Meetup
 

More from Puppet

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
Puppet
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)
Puppet
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
Puppet
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
Puppet
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
Puppet
 

More from Puppet (20)

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyaml
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscode
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance code
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden Windows
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael Pinson
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping ground
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User Group
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOps
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
 

Recently uploaded

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Recently uploaded (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

So I Wrote a Manifest

  • 1. SO I WROTE A MANIFEST… What next? Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
  • 3. We shouldn’t be looking at each local area and trying to trim it. We should be trying to optimize the whole system - Eliyahu M. Goldratt Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
  • 4. Project Start Server build request Change Mgmt Server build QA Firewallrequest Change Mgmt Database request Storage assessment Security assessment Firewall implementation Server build Presentation layer request App install QA Cap/Av assessment Change Mgmt Storage provisioning Storage request Change mgmt Database provisioning Load Balancer request Change mgmt LB Config provisioning Config mgmt Rev. Proxy config provisioing Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
  • 5. Man Machine Method Measure Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
  • 6. # install IIS core package { ‘IIS-CommonHttpFeatures’ : ensure => present, } THE METHOD Install the IIS Web server feature by navigating to Control Panel, Programs, Turn Windows Features on or off. Drill down to Internet Information Services, World Wide Web Services and tick Common HTTP Features. Click OK, OK. Validate the install by navigating to Administrative Tools, Services and ensure the World Wide Web service is started. Secondly open a web browser and navigate to http://localhost and ensure the IIS Welcome page is displayed. Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
  • 9. THE MAN? OR WOMAN #WWCODE Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
  • 10. Any improvements made anywhere besides the bottleneck are an illusion. - Gene Kim Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
  • 11. Project Start Server build request Change Mgmt Server build QA Firewallrequest Change Mgmt Database request Storage assessment Security assessment Firewall implementation Server build Presentation layer request App install QA Cap/Av assessment Change Mgmt Storage provisioning Storage request Change mgmt Database provisioning Load Balancer request Change mgmt LB Config provisioning Config mgmt Rev. Proxy config provisioing Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
  • 13. Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com Bug: Doc shot Branch: Fix Doc shooting Tag: Doc alive Bug: McFly Jr Jailed Tag: I’m OUT Griff Branch: Where we’re going… Branch: Almanac Bug: Biff rich! Branch: Took that guys wallet Tag: Almanac burned Release v1.0.0
  • 14.
  • 16. TYING MODULES TOGETHER Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com IIS 8.5 MVC .Net Choco Backup agent AV Agent SQL Server Log stash Zabbix agent WSUS httpd MySQL Bamboo agent Vmware tools Active MQ IIS 8.5 Java RE HA Proxy Tomcat Elastic Search PHP Redis
  • 17. ROLES AND PROFILES Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com - org/ # ‘org’ module - .git/ # git database (hidden) - manifests/ - roles/ - my_app.pp # class org::role::my_app - profiles/ - iis85.pp # class org::profile::iis85 - mvc_net.pp # class org::profile::mvcnet - my_app.pp # class org::profile::my_app - resources/ - service_account.pp # define org::resources::service_account - ...
  • 18. ROLES (BUSINESS LAYER) • Apply directly to a host (one per host) • Assigned in site.pp or ENC • May only contain profiles • Accepts no parameters # standard configuration for custom # MVC.Net application class org::roles::my_app { include ::org::profiles::iis85 include ::org::profiles::dotnet45 include ::org::profiles::mvc_net include ::org::profiles::my_app }
  • 19. PROFILES (IMPLEMENTATION LAYER) • Only applied via Roles • Contains resources • May accept parameters from hiera • Parameters are defined with site specific defaults # standard IIS 8.5 configuration class org::profiles::iis85 ( $log_mount = ‘log_serverlogs’, ) { package { ‘IIS-CommonHttpFeatures’ : ensure => present, } ...
  • 20. RESOURCES (COMPONENT LAYER) • Declared with define for repeating an implementation on a node E.g. User accounts • Only applied via Profiles • Complex resources should become their own module • Rarely used Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com # standard local service account define org::resources::svc_account ( $username = undef, $password = undef, ) { user { $username : ensure => present, password => $password, } ...
  • 21. DATA • Applied via hiera • Only used when default parameter values are invalid • Target parameters in Profiles and external modules org::profiles::iis85::log_path: logs01logs org::profiles::my_app::database_server: myapp-db01 org::profiles::my_app::database_username: myapp org::profiles::my_app::database_password: P@ssw0Rd321
  • 22. ROLES AND PROFILES • https://puppetlabs.com/presentations/designing-puppet-rolesprofiles-pattern • http://www.craigdunn.org/2012/05/239/ • http://garylarizza.com/blog/2014/02/17/puppet-workflow-part-2/ • http://sysadvent.blogspot.co.uk/2012/12/day-13-configuration-management-as- legos.html
  • 23. MOVING FROM DEV TO PROD Needs: • Isolate landscapes using Puppet “Environments” • Definitive state for each environment • Module versions • Hiera data • Node classification (site.pp) • Import modules from multiple sources • Automation + audit trail please
  • 24. R10K DYNAMIC ENVIRONMENTS • Puppet Environments reduced to one Git repo: r10k-control r10k-control GitLab
  • 25. R10K DYNAMIC ENVIRONMENTS • Puppet Environments reduced to one Git repo: r10k-control • Each Environment becomes one git branch Dev Test Prod r10k-control GitLab
  • 26. R10K DYNAMIC ENVIRONMENTS • Puppet Environments reduced to one Git repo: r10k-control • Each Environment becomes one git branch • Definitive list of module versions captured in a Puppetfile Dev Test Prod r10k-control Puppetfile Puppetfile Puppetfile GitLab
  • 27. R10K DYNAMIC ENVIRONMENTS • Puppet Environments reduced to one Git repo: r10k-control • Each Environment becomes one git branch • Definitive list of module versions captured in a Puppetfile • Run r10k deploy environment -p to sync environments Dev Test Prod r10k-control Puppetfile Puppetfile Puppetfile GitLab
  • 28. Dev Maste r Dev Test Prod r10k GitLab Prod Maste r Dev Test Prod r10k Dev Test Prod r10k-control Puppetfile Puppetfile Puppetfile Module s Prod Se rvers Te st Serve rsDev Serve rs

Editor's Notes

  1. Ryan Armstrong Senior Engineer for Kinetic IT – An Australian owned IT outsourcing company Enterprise Management Systems team at the Department of Education Puppet Camp Melbourne 2014: I was excited but lost in a sea of options My questions: How do I choose what to automate? Should I use source control? How I make sense of all these modules and tie them together? How do I progress my modules from dev to production?
  2. How do we choose what to automate first?
  3. Get a view of the whole system… We need to zoom out from our immediate area of concern What are the businesses goals? Where do they rely on us to achieve their goals? Where are the bottlenecks in delivering? That’s where we should be looking
  4. A naïve example: delivering a new application Each step/workcentre is made up of… 
  5. The Four Ms of Lean manufacturing People say… “There’s no value in automation for us” - Don’t just think in terms of automation…
  6. Think about your methods…. Usual method: follow documentation:  Missing details Never updated Never followed correctly Puppet improves  Self documented Same method on multiple platforms Change Implementation planning simplified So ask yourself Where is documentation letting us down? Are our change implementation plans too difficult to follow? Where are we creating quality problems through failure to follow procedures?
  7. The problem: Testing is manual and expensive Testing is skipped, or rushed Defects are never caught early The answer  ALM = defects identified early Testing is enforced at every cycle Testing is cheap, automated and frequent Ask yourself: Where are defects being passed through the pipeline? Where is testing most critical and under performing? Where is configuration drift causing problems? Is compliance auditing expensive and slow?
  8. The problem:  We build things by hand – impacts time, consistency and quality  When we automate: Implement: automation, error checking, central reporting, idempotency (sometimes) Not cross platform Rarely reusable on the same platform The answer  Puppet code is: Reproducible from code – like a 3d printer for infrastructure Automation implementation - trialed by fire Error checking built in Central reporting built in Idempotency built in Ask yourself: Where are we wasting time, building things by hand? Where are we reimplementing automation from scratch? Where are we missing error checking, reporting, idempotency, etc.?
  9. The problem: Undocumented knowledge (hand crafted servers) Trust issues = bottlenecks Silo focus: Boost local, break system The answer: Knowledge is captured in code ALM enhances accountability and quality gates to build trust change logging and auditing Automated approvals via Pull Requests Continuous Integration Everyone gets skilled with the same Method, Machine and Measure Work more collaboratively and boost the whole system
  10. The problem: Our team improved internally with PE but… No body really cared The business never benefitted We were seen to be wasting time chasing “new shiny toys” The truth: They were right!
  11. The answer: Bolster the business bottlenecks first  Evaluate the four Ms Now we focus on: Windows server build automation in the DataCentre which helps with… Package deployment which fixes… Summary: Zoom out, Identify business priorities, Target the bottlenecks Now you’re doing DevOps
  12. Survey: Who uses source control for work, every day Should we use source control? You must! Infrastructure-as-code: It’s not “Infrastructure-as-Copy-and-Paste-Right-Click-Rename-.bak” When we use code, we unlock the benefits of ALM practices: Enable definitive state of infrastructure Ease deployment of code Ease collaboration Enable access control via pull requests Enable change auditing via commit logs Developers had to learn it too once upon a time. Guys on my team would never look back!
  13. If you’re new to VCS think of: Commits as ‘events’ committed to the timeline with unique IDs Checkouts as time travel Branches as new timelines Highlights: Perfect recall of any state from any branch Make use of multiple branches Lightweight: Only stores diffs
  14. Great central location for on-premise Support available
  15. See the slide deck for Git tutorials
  16. Lots of moving parts… How do we tie them all together? To: Keep it manageable Reduce complexity Reduce rework The answer: We borrowed from Craig Dunn’s Roles and Profiles idea Created a new module to sit over the top of these components
  17. Created a new module which looks like this. We create profile classes which group components together into reusable, site specific implementations We create role classes which group profiles together into business applications Break some rules: Contains site specific implementation (and data) Is not portable Stored in GitLab, protected by RBAC This is just what worked for us, not necessarily everybody
  18. Now we have a great module… how do we deploy it?
  19. E.g. Updating a module first in dev through to prod
  20. Thanks to PuppetLabs and my team Videos on my blog