SlideShare una empresa de Scribd logo

Puppet: What _not_ to do

Puppet
Puppet

Walter Heck's presentation on "Puppet: what _not_ to do: An interactive journey through the ugly side of Puppet" at Puppet Camp Ghent 2013.

Tecnología
1 de 29
Descargar para leer sin conexión
Puppet: What _not_ to do? An interactive journey through the ugly side of Puppet
•Walter Heck, Founder of OlinData •2,5 years experience with Puppet in 5+ different environments •Experienced Puppet Fundamentals trainer •Had my eyes bleed many times with ugly Puppet code
• Design mistakes might not be glaringly obvious or even wrong at first, but will cause trouble later • Language mistakes Puppet provides functionality that shouldn't be used, but is there for edge- cases or historical purposes
Quiz time! Wake up...
== File: modules/ssh/manifests/ssh.pp class ssh_install { package { 'ssh': ensure => present } } class ssh_configure { file { '/etc/ssh/sshd_config': ensure => present } }
== File: modules/ssh/manifests/ssh.pp class ssh($state = ‘present’ { package { 'ssh': ensure => $state } file { '/etc/ssh/sshd_config': ensure => $state } } # problem: classnames won't be autoloaded, classnames shouldn't have verbs in them, classes should be combined, don't put multiple classes in a file
== schedule { 'maint': range => '2 - 4', period => daily, repeat => 1, } exec { '/usr/bin/apt-get update': schedule => 'maint', }
== schedule { 'maint': range => '2 - 4', period => daily, repeat => 1, } exec { '/usr/bin/apt-get update': schedule => 'maint', } # problem: schedule doesn't mean something will execute, a common pitfall. If there is no puppet run between these hours, the apt-get exec will not be run
== $myvar = ‘false’ if ($myvar) { notice(‘this is true’) } else { notice(‘This is false’) }
== $myvar = ‘false’ if ($myvar) { notice(‘this is true’) } else { notice(‘This is false’) } #problem: 'false' evaluates to true
== exec { '/etc/init.d/apache start': onlyif => ‘ps aux | grep apache | grep -v grep | wc -l’ }
== exec { '/etc/init.d/apache start': onlyif => ‘ps aux | grep apache | grep -v grep | wc -l’ } # problem: this shouldn't be an exec, but a service
== package { 'ssh': ensure => present, name => $::operatingsystem ? { 'Ubuntu' => 'openssh-server', default => 'ssh', }, }
== $sshpkgname = $::operatingsystem ? { 'Ubuntu' => 'openssh-server', default => undef, } if ($sshpkgname == undef) { fail(‘unsupported OS’) } else { package { 'ssh': ensure => present, name => $sshpkgname, } } #problem: they encourage behaviour that is not scalable, using default options to assume things, etc.
== case $::operatingsystem { 'RedHat', 'CentOS': { file { ‘/etc/httpd/http.conf’: ensure => ‘present’, } } default: { file { ‘/etc/apache2/apache2.conf’: ensure => ‘present’, } } }
== case $::operatingsystem { 'RedHat', 'CentOS': { file { ‘/etc/httpd/http.conf’: ensure => ‘present’, } } default: { file { ‘/etc/apache2/apache2.conf’: ensure => ‘present’, } } } #problem: case without default that fails, instead it assumes
== class wordpress { $wordpress_archive = 'wordpress-3.4.1.zip' $apache = $::operatingsystem ? { Ubuntu => apache2, CentOS => httpd, Debian => apache2, default => httpd } $phpmysql = $::operatingsystem ? { Ubuntu => php5-mysql, CentOS => php-mysql, Debian => php5-mysql, default => php-mysql } $php = $::operatingsystem ? { Ubuntu => libapache2-mod-php5, CentOS => php, Debian => libapache2-mod-php5, default => php } package { ['unzip',$apache,$php,$phpmysql]: ensure => latest } }
== class wordpress { $wordpress_archive = 'wordpress-3.4.1.zip' $apache = $::operatingsystem ? { Ubuntu => apache2, CentOS => httpd, Debian => apache2, default => httpd } $phpmysql = $::operatingsystem ? { Ubuntu => php5-mysql, CentOS => php-mysql, Debian => php5-mysql, default => php-mysql } $php = $::operatingsystem ? { Ubuntu => libapache2-mod-php5, CentOS => php, Debian => libapache2-mod-php5, default => php } package { ['unzip',$apache,$php,$phpmysql]: ensure => latest } } #wordpress class shouldn't touch apache, should be a different module
== $files = [ '/etc/mysql', '/var/log/mysql', '/var/run/mysql' ] file { $files: ensure => present, user => mysql, group => mysql, mode => 0755, }
== #arrays of resources are not wrong, but dangerous. file { '/etc/mysql': ensure => present, user => mysql, group => mysql, mode => 0700, <=== careful with this! } file { '/var/log/mysql': ensure => present, user => mysql, group => mysql, mode => 0755, } file { '/var/run/mysql': ensure => present, user => mysql, group => mysql, mode => 0755, }
== if defined(File['/tmp/foo']) { notify('This configuration includes the /tmp/foo file.') } else { file {'/tmp/foo': ensure => present, } }
== class test { if defined(File['/tmp/foo']) { notice('This configuration includes the /tmp/foo file.') } else { file {'/tmp/foo': ensure => present, group => root } } if defined(File['/tmp/foo']) { notice('This configuration includes the /tmp/foo file.') } else { file {'/tmp/foo': ensure => present, group => puppet } } } include test defined() is (usually) the wrong solution to a resource defined in two locations. It is dangerous, because it only checks if the resource has been defined elsewhere, not with what attributes.
== class apache2 { file { '/etc/apache2': ensure => directory, require => Service['apache2'] } file { '/etc/apache2/apache2.conf': ensure => present, require => File['/etc/apache2'], notify => Service['apache2'], } package { 'apache2': ensure => present, allowcdrom => true, before => File['/etc/apache2/apache2.conf'] } service { 'apache2': ensure => running, subscribe => File['/etc/apache2/apache2.conf'] } } include apache2
== # dependency loop class apache2 { file { '/etc/apache2': ensure => directory, require => Service['apache2'] } file { '/etc/apache2/apache2.conf': ensure => present, require => File['/etc/apache2'], notify => Service['apache2'], # <=== The notify metaparameter implies before. } package { 'apache2': ensure => present, allowcdrom => true, before => File['/etc/apache2/apache2.conf'] } service { 'apache2': ensure => running, subscribe => File['/etc/apache2/apache2.conf'] # <=== The subscribe metaparameter implies require.
class test { file { '/tmp/somefile.txt': ensure => 'file', mode => 0600, owner => 'root', group => 'root', source => '/etc/puppet/modules/test/somefile.txt' } } include test
== # use puppet:///modules/ instead of the full path on the puppet master class test { file { '/tmp/somefile.txt': ensure => 'file', mode => 0600, owner => 'root', group => 'root', source => 'puppet:///modules/test/somefile.txt' } } include test
== class test { file {‘/tmp/large/dir/with/many/subdirs/and/many/files’: ensure => present, owner => root, group => root, recurse => true } } include test
== # do not use recurse => true on a dir with over 100+ files class test { file {‘/tmp/large/dir/with/many/files’: ensure => present, owner => root, group => root, recurse => true } } include test # alternative :’( class test { exec {'/bin/chown -R root:root /tmp/large/dir/with/many/files': } }
Walter Heck - OlinData Email: walterheck@olindata.com Twitter: @walterheck / @olindata Web: http://olindata.com Questions? Feel free to get in touch!

Recomendados

PuppetCamp Ghent - What Not to Do with Puppet
PuppetCamp Ghent - What Not to Do with PuppetPuppetCamp Ghent - What Not to Do with Puppet
PuppetCamp Ghent - What Not to Do with Puppet
Walter Heck
 
Puppet camp chicago-automated_testing2
Puppet camp chicago-automated_testing2Puppet camp chicago-automated_testing2
Puppet camp chicago-automated_testing2
nottings
 
Unit Testing Lots of Perl
Unit Testing Lots of PerlUnit Testing Lots of Perl
Unit Testing Lots of Perl
Workhorse Computing
 
Replacing "exec" with a type and provider: Return manifests to a declarative ...
Replacing "exec" with a type and provider: Return manifests to a declarative ...Replacing "exec" with a type and provider: Return manifests to a declarative ...
Replacing "exec" with a type and provider: Return manifests to a declarative ...
Puppet
 
Memory Manglement in Raku
Memory Manglement in RakuMemory Manglement in Raku
Memory Manglement in Raku
Workhorse Computing
 
More tips n tricks
More tips n tricksMore tips n tricks
More tips n tricks
bcoca
 
Getting testy with Perl
Getting testy with PerlGetting testy with Perl
Getting testy with Perl
Workhorse Computing
 
Anatomy of a reusable module
Anatomy of a reusable moduleAnatomy of a reusable module
Anatomy of a reusable module
Alessandro Franceschi
 

Recomendados

PuppetCamp Ghent - What Not to Do with Puppet
PuppetCamp Ghent - What Not to Do with PuppetPuppetCamp Ghent - What Not to Do with Puppet
PuppetCamp Ghent - What Not to Do with Puppet
Walter Heck
 
Puppet camp chicago-automated_testing2
Puppet camp chicago-automated_testing2Puppet camp chicago-automated_testing2
Puppet camp chicago-automated_testing2
nottings
 
Unit Testing Lots of Perl
Unit Testing Lots of PerlUnit Testing Lots of Perl
Unit Testing Lots of Perl
Workhorse Computing
 
Replacing "exec" with a type and provider: Return manifests to a declarative ...
Replacing "exec" with a type and provider: Return manifests to a declarative ...Replacing "exec" with a type and provider: Return manifests to a declarative ...
Replacing "exec" with a type and provider: Return manifests to a declarative ...
Puppet
 
Memory Manglement in Raku
Memory Manglement in RakuMemory Manglement in Raku
Memory Manglement in Raku
Workhorse Computing
 
More tips n tricks
More tips n tricksMore tips n tricks
More tips n tricks
bcoca
 
Getting testy with Perl
Getting testy with PerlGetting testy with Perl
Getting testy with Perl
Workhorse Computing
 
Anatomy of a reusable module
Anatomy of a reusable moduleAnatomy of a reusable module
Anatomy of a reusable module
Alessandro Franceschi
 
BSDM with BASH: Command Interpolation
BSDM with BASH: Command InterpolationBSDM with BASH: Command Interpolation
BSDM with BASH: Command Interpolation
Workhorse Computing
 
Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...
Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...
Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...
Puppet
 
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Puppet
 
BASH Variables Part 1: Basic Interpolation
BASH Variables Part 1: Basic InterpolationBASH Variables Part 1: Basic Interpolation
BASH Variables Part 1: Basic Interpolation
Workhorse Computing
 
Workshop quality assurance for php projects - phpbelfast
Workshop quality assurance for php projects - phpbelfastWorkshop quality assurance for php projects - phpbelfast
Workshop quality assurance for php projects - phpbelfast
Michelangelo van Dam
 
Getting Testy With Perl6
Getting Testy With Perl6Getting Testy With Perl6
Getting Testy With Perl6
Workhorse Computing
 
Test-Driven Puppet Development - PuppetConf 2014
Test-Driven Puppet Development - PuppetConf 2014Test-Driven Puppet Development - PuppetConf 2014
Test-Driven Puppet Development - PuppetConf 2014
Puppet
 
Puppet @ Seat
Puppet @ SeatPuppet @ Seat
Puppet @ Seat
Alessandro Franceschi
 
Puppet modules for Fun and Profit
Puppet modules for Fun and ProfitPuppet modules for Fun and Profit
Puppet modules for Fun and Profit
Alessandro Franceschi
 
Keeping objects healthy with Object::Exercise.
Keeping objects healthy with Object::Exercise.Keeping objects healthy with Object::Exercise.
Keeping objects healthy with Object::Exercise.
Workhorse Computing
 
Selenium sandwich-3: Being where you aren't.
Selenium sandwich-3: Being where you aren't.Selenium sandwich-3: Being where you aren't.
Selenium sandwich-3: Being where you aren't.
Workhorse Computing
 
Writing your own augeasproviders
Writing your own augeasprovidersWriting your own augeasproviders
Writing your own augeasproviders
Dominic Cleal
 
Effective Benchmarks
Effective BenchmarksEffective Benchmarks
Effective Benchmarks
Workhorse Computing
 
Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011
Puppet
 
Ansible leveraging 2.0
Ansible leveraging 2.0Ansible leveraging 2.0
Ansible leveraging 2.0
bcoca
 
Puppet loves RSpec, why you should, too
Puppet loves RSpec, why you should, tooPuppet loves RSpec, why you should, too
Puppet loves RSpec, why you should, too
Dennis Rowe
 
RSpec 3.0: Under the Covers
RSpec 3.0: Under the CoversRSpec 3.0: Under the Covers
RSpec 3.0: Under the Covers
Brian Gesiak
 
Hacking ansible
Hacking ansibleHacking ansible
Hacking ansible
bcoca
 
Puppet for Sys Admins
Puppet for Sys AdminsPuppet for Sys Admins
Puppet for Sys Admins
Puppet
 
Ops Meta-Metrics: The Currency You Pay For Change
Ops Meta-Metrics: The Currency You Pay For ChangeOps Meta-Metrics: The Currency You Pay For Change
Ops Meta-Metrics: The Currency You Pay For Change
John Allspaw
 
Puppet Camp Sydney Feb 2014 - A Build Engineering Team’s Journey of Infrastru...
Puppet Camp Sydney Feb 2014 - A Build Engineering Team’s Journey of Infrastru...Puppet Camp Sydney Feb 2014 - A Build Engineering Team’s Journey of Infrastru...
Puppet Camp Sydney Feb 2014 - A Build Engineering Team’s Journey of Infrastru...
Peter Leschev
 
Automated Puppet Testing - PuppetCamp Chicago '12 - Scott Nottingham
Automated Puppet Testing - PuppetCamp Chicago '12 - Scott NottinghamAutomated Puppet Testing - PuppetCamp Chicago '12 - Scott Nottingham
Automated Puppet Testing - PuppetCamp Chicago '12 - Scott Nottingham
Puppet
 

Más contenido relacionado

La actualidad más candente

Workshop quality assurance for php projects - phpbelfast
Workshop quality assurance for php projects - phpbelfastWorkshop quality assurance for php projects - phpbelfast
Workshop quality assurance for php projects - phpbelfast
Michelangelo van Dam
 

La actualidad más candente (19)

BSDM with BASH: Command Interpolation
BSDM with BASH: Command InterpolationBSDM with BASH: Command Interpolation
BSDM with BASH: Command Interpolation
 
Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...
Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...
Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...
 
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
 
BASH Variables Part 1: Basic Interpolation
BASH Variables Part 1: Basic InterpolationBASH Variables Part 1: Basic Interpolation
BASH Variables Part 1: Basic Interpolation
 
Workshop quality assurance for php projects - phpbelfast
Workshop quality assurance for php projects - phpbelfastWorkshop quality assurance for php projects - phpbelfast
Workshop quality assurance for php projects - phpbelfast
 
Getting Testy With Perl6
Getting Testy With Perl6Getting Testy With Perl6
Getting Testy With Perl6
 
Test-Driven Puppet Development - PuppetConf 2014
Test-Driven Puppet Development - PuppetConf 2014Test-Driven Puppet Development - PuppetConf 2014
Test-Driven Puppet Development - PuppetConf 2014
 
Puppet @ Seat
Puppet @ SeatPuppet @ Seat
Puppet @ Seat
 
Puppet modules for Fun and Profit
Puppet modules for Fun and ProfitPuppet modules for Fun and Profit
Puppet modules for Fun and Profit
 
Keeping objects healthy with Object::Exercise.
Keeping objects healthy with Object::Exercise.Keeping objects healthy with Object::Exercise.
Keeping objects healthy with Object::Exercise.
 
Selenium sandwich-3: Being where you aren't.
Selenium sandwich-3: Being where you aren't.Selenium sandwich-3: Being where you aren't.
Selenium sandwich-3: Being where you aren't.
 
Writing your own augeasproviders
Writing your own augeasprovidersWriting your own augeasproviders
Writing your own augeasproviders
 
Effective Benchmarks
Effective BenchmarksEffective Benchmarks
Effective Benchmarks
 
Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011
 
Ansible leveraging 2.0
Ansible leveraging 2.0Ansible leveraging 2.0
Ansible leveraging 2.0
 
Puppet loves RSpec, why you should, too
Puppet loves RSpec, why you should, tooPuppet loves RSpec, why you should, too
Puppet loves RSpec, why you should, too
 
RSpec 3.0: Under the Covers
RSpec 3.0: Under the CoversRSpec 3.0: Under the Covers
RSpec 3.0: Under the Covers
 
Hacking ansible
Hacking ansibleHacking ansible
Hacking ansible
 
Puppet for Sys Admins
Puppet for Sys AdminsPuppet for Sys Admins
Puppet for Sys Admins
 

Destacado

Ops Meta-Metrics: The Currency You Pay For Change
Ops Meta-Metrics: The Currency You Pay For ChangeOps Meta-Metrics: The Currency You Pay For Change
Ops Meta-Metrics: The Currency You Pay For Change
John Allspaw
 
Final startup grind
Final startup grindFinal startup grind
Final startup grind
Mark Suster
 

Destacado (10)

Ops Meta-Metrics: The Currency You Pay For Change
Ops Meta-Metrics: The Currency You Pay For ChangeOps Meta-Metrics: The Currency You Pay For Change
Ops Meta-Metrics: The Currency You Pay For Change
 
Puppet Camp Sydney Feb 2014 - A Build Engineering Team’s Journey of Infrastru...
Puppet Camp Sydney Feb 2014 - A Build Engineering Team’s Journey of Infrastru...Puppet Camp Sydney Feb 2014 - A Build Engineering Team’s Journey of Infrastru...
Puppet Camp Sydney Feb 2014 - A Build Engineering Team’s Journey of Infrastru...
 
Automated Puppet Testing - PuppetCamp Chicago '12 - Scott Nottingham
Automated Puppet Testing - PuppetCamp Chicago '12 - Scott NottinghamAutomated Puppet Testing - PuppetCamp Chicago '12 - Scott Nottingham
Automated Puppet Testing - PuppetCamp Chicago '12 - Scott Nottingham
 
Innovating faster with SBT, Continuous Delivery, and LXC
Innovating faster with SBT, Continuous Delivery, and LXCInnovating faster with SBT, Continuous Delivery, and LXC
Innovating faster with SBT, Continuous Delivery, and LXC
 
Why docker | OSCON 2013
Why docker | OSCON 2013Why docker | OSCON 2013
Why docker | OSCON 2013
 
Considerations for Alert Design
Considerations for Alert DesignConsiderations for Alert Design
Considerations for Alert Design
 
Final startup grind
Final startup grindFinal startup grind
Final startup grind
 
Docker and Go: why did we decide to write Docker in Go?
Docker and Go: why did we decide to write Docker in Go?Docker and Go: why did we decide to write Docker in Go?
Docker and Go: why did we decide to write Docker in Go?
 
Scalability, Availability & Stability Patterns
Scalability, Availability & Stability PatternsScalability, Availability & Stability Patterns
Scalability, Availability & Stability Patterns
 
Adopting Kubernetes with Puppet
Adopting Kubernetes with PuppetAdopting Kubernetes with Puppet
Adopting Kubernetes with Puppet
 

Similar a Puppet: What _not_ to do

Puppet for Java developers - JavaZone NO 2012
Puppet for Java developers - JavaZone NO 2012Puppet for Java developers - JavaZone NO 2012
Puppet for Java developers - JavaZone NO 2012
Carlos Sanchez
 
Dance for the puppet master: G6 Tech Talk
Dance for the puppet master: G6 Tech TalkDance for the puppet master: G6 Tech Talk
Dance for the puppet master: G6 Tech Talk
Michael Peacock
 
From Dev to DevOps - Codemotion ES 2012
From Dev to DevOps - Codemotion ES 2012From Dev to DevOps - Codemotion ES 2012
From Dev to DevOps - Codemotion ES 2012
Carlos Sanchez
 
From Dev to DevOps - ApacheCON NA 2011
From Dev to DevOps - ApacheCON NA 2011From Dev to DevOps - ApacheCON NA 2011
From Dev to DevOps - ApacheCON NA 2011
Carlos Sanchez
 
20090514 Introducing Puppet To Sasag
20090514 Introducing Puppet To Sasag20090514 Introducing Puppet To Sasag
20090514 Introducing Puppet To Sasag
garrett honeycutt
 
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Carlos Sanchez
 
From Dev to DevOps - FOSDEM 2012
From Dev to DevOps - FOSDEM 2012From Dev to DevOps - FOSDEM 2012
From Dev to DevOps - FOSDEM 2012
Carlos Sanchez
 
From Dev to DevOps - Apache Barcamp Spain 2011
From Dev to DevOps - Apache Barcamp Spain 2011From Dev to DevOps - Apache Barcamp Spain 2011
From Dev to DevOps - Apache Barcamp Spain 2011
Carlos Sanchez
 

Similar a Puppet: What _not_ to do (20)

Puppet for Java developers - JavaZone NO 2012
Puppet for Java developers - JavaZone NO 2012Puppet for Java developers - JavaZone NO 2012
Puppet for Java developers - JavaZone NO 2012
 
Puppet fundamentals
Puppet fundamentalsPuppet fundamentals
Puppet fundamentals
 
Tutorial Puppet
Tutorial PuppetTutorial Puppet
Tutorial Puppet
 
Dance for the puppet master: G6 Tech Talk
Dance for the puppet master: G6 Tech TalkDance for the puppet master: G6 Tech Talk
Dance for the puppet master: G6 Tech Talk
 
Puppet
PuppetPuppet
Puppet
 
From Dev to DevOps - Codemotion ES 2012
From Dev to DevOps - Codemotion ES 2012From Dev to DevOps - Codemotion ES 2012
From Dev to DevOps - Codemotion ES 2012
 
Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013
 
From Dev to DevOps - ApacheCON NA 2011
From Dev to DevOps - ApacheCON NA 2011From Dev to DevOps - ApacheCON NA 2011
From Dev to DevOps - ApacheCON NA 2011
 
DevOps: Falando um pouco sobre desenvolvimento orientado a testes com Puppet
DevOps: Falando um pouco sobre desenvolvimento orientado a testes com PuppetDevOps: Falando um pouco sobre desenvolvimento orientado a testes com Puppet
DevOps: Falando um pouco sobre desenvolvimento orientado a testes com Puppet
 
From Dev to DevOps
From Dev to DevOpsFrom Dev to DevOps
From Dev to DevOps
 
20090514 Introducing Puppet To Sasag
20090514 Introducing Puppet To Sasag20090514 Introducing Puppet To Sasag
20090514 Introducing Puppet To Sasag
 
Does your configuration code smell?
Does your configuration code smell?Does your configuration code smell?
Does your configuration code smell?
 
Puppet
PuppetPuppet
Puppet
 
Creating beautiful puppet modules with puppet-lint
Creating beautiful puppet modules with puppet-lintCreating beautiful puppet modules with puppet-lint
Creating beautiful puppet modules with puppet-lint
 
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
 
From Dev to DevOps - FOSDEM 2012
From Dev to DevOps - FOSDEM 2012From Dev to DevOps - FOSDEM 2012
From Dev to DevOps - FOSDEM 2012
 
Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014
 
From Dev to DevOps - Apache Barcamp Spain 2011
From Dev to DevOps - Apache Barcamp Spain 2011From Dev to DevOps - Apache Barcamp Spain 2011
From Dev to DevOps - Apache Barcamp Spain 2011
 
Using Puppet on Linux, Windows, and Mac OSX
Using Puppet on Linux, Windows, and Mac OSXUsing Puppet on Linux, Windows, and Mac OSX
Using Puppet on Linux, Windows, and Mac OSX
 
Developing IT infrastructures with Puppet
Developing IT infrastructures with PuppetDeveloping IT infrastructures with Puppet
Developing IT infrastructures with Puppet
 

Más de Puppet

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
Puppet
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)
Puppet
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
Puppet
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
Puppet
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
Puppet
 

Más de Puppet (20)

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyaml
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscode
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance code
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden Windows
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael Pinson
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping ground
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User Group
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOps
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Último (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

Puppet: What _not_ to do

  • 1. Puppet: What _not_ to do? An interactive journey through the ugly side of Puppet
  • 2. •Walter Heck, Founder of OlinData •2,5 years experience with Puppet in 5+ different environments •Experienced Puppet Fundamentals trainer •Had my eyes bleed many times with ugly Puppet code
  • 3. Design mistakes might not be glaringly obvious or even wrong at first, but will cause trouble later • Language mistakes Puppet provides functionality that shouldn't be used, but is there for edge- cases or historical purposes
  • 4. Quiz time! Wake up...
  • 5. == File: modules/ssh/manifests/ssh.pp class ssh_install { package { 'ssh': ensure => present } } class ssh_configure { file { '/etc/ssh/sshd_config': ensure => present } }
  • 6. == File: modules/ssh/manifests/ssh.pp class ssh($state = ‘present’ { package { 'ssh': ensure => $state } file { '/etc/ssh/sshd_config': ensure => $state } } # problem: classnames won't be autoloaded, classnames shouldn't have verbs in them, classes should be combined, don't put multiple classes in a file
  • 7. == schedule { 'maint': range => '2 - 4', period => daily, repeat => 1, } exec { '/usr/bin/apt-get update': schedule => 'maint', }
  • 8. == schedule { 'maint': range => '2 - 4', period => daily, repeat => 1, } exec { '/usr/bin/apt-get update': schedule => 'maint', } # problem: schedule doesn't mean something will execute, a common pitfall. If there is no puppet run between these hours, the apt-get exec will not be run
  • 9. == $myvar = ‘false’ if ($myvar) { notice(‘this is true’) } else { notice(‘This is false’) }
  • 10. == $myvar = ‘false’ if ($myvar) { notice(‘this is true’) } else { notice(‘This is false’) } #problem: 'false' evaluates to true
  • 11. == exec { '/etc/init.d/apache start': onlyif => ‘ps aux | grep apache | grep -v grep | wc -l’ }
  • 12. == exec { '/etc/init.d/apache start': onlyif => ‘ps aux | grep apache | grep -v grep | wc -l’ } # problem: this shouldn't be an exec, but a service
  • 13. == package { 'ssh': ensure => present, name => $::operatingsystem ? { 'Ubuntu' => 'openssh-server', default => 'ssh', }, }
  • 14. == $sshpkgname = $::operatingsystem ? { 'Ubuntu' => 'openssh-server', default => undef, } if ($sshpkgname == undef) { fail(‘unsupported OS’) } else { package { 'ssh': ensure => present, name => $sshpkgname, } } #problem: they encourage behaviour that is not scalable, using default options to assume things, etc.
  • 15. == case $::operatingsystem { 'RedHat', 'CentOS': { file { ‘/etc/httpd/http.conf’: ensure => ‘present’, } } default: { file { ‘/etc/apache2/apache2.conf’: ensure => ‘present’, } } }
  • 16. == case $::operatingsystem { 'RedHat', 'CentOS': { file { ‘/etc/httpd/http.conf’: ensure => ‘present’, } } default: { file { ‘/etc/apache2/apache2.conf’: ensure => ‘present’, } } } #problem: case without default that fails, instead it assumes
  • 17. == class wordpress { $wordpress_archive = 'wordpress-3.4.1.zip' $apache = $::operatingsystem ? { Ubuntu => apache2, CentOS => httpd, Debian => apache2, default => httpd } $phpmysql = $::operatingsystem ? { Ubuntu => php5-mysql, CentOS => php-mysql, Debian => php5-mysql, default => php-mysql } $php = $::operatingsystem ? { Ubuntu => libapache2-mod-php5, CentOS => php, Debian => libapache2-mod-php5, default => php } package { ['unzip',$apache,$php,$phpmysql]: ensure => latest } }
  • 18. == class wordpress { $wordpress_archive = 'wordpress-3.4.1.zip' $apache = $::operatingsystem ? { Ubuntu => apache2, CentOS => httpd, Debian => apache2, default => httpd } $phpmysql = $::operatingsystem ? { Ubuntu => php5-mysql, CentOS => php-mysql, Debian => php5-mysql, default => php-mysql } $php = $::operatingsystem ? { Ubuntu => libapache2-mod-php5, CentOS => php, Debian => libapache2-mod-php5, default => php } package { ['unzip',$apache,$php,$phpmysql]: ensure => latest } } #wordpress class shouldn't touch apache, should be a different module
  • 19. == $files = [ '/etc/mysql', '/var/log/mysql', '/var/run/mysql' ] file { $files: ensure => present, user => mysql, group => mysql, mode => 0755, }
  • 20. == #arrays of resources are not wrong, but dangerous. file { '/etc/mysql': ensure => present, user => mysql, group => mysql, mode => 0700, <=== careful with this! } file { '/var/log/mysql': ensure => present, user => mysql, group => mysql, mode => 0755, } file { '/var/run/mysql': ensure => present, user => mysql, group => mysql, mode => 0755, }
  • 21. == if defined(File['/tmp/foo']) { notify('This configuration includes the /tmp/foo file.') } else { file {'/tmp/foo': ensure => present, } }
  • 22. == class test { if defined(File['/tmp/foo']) { notice('This configuration includes the /tmp/foo file.') } else { file {'/tmp/foo': ensure => present, group => root } } if defined(File['/tmp/foo']) { notice('This configuration includes the /tmp/foo file.') } else { file {'/tmp/foo': ensure => present, group => puppet } } } include test defined() is (usually) the wrong solution to a resource defined in two locations. It is dangerous, because it only checks if the resource has been defined elsewhere, not with what attributes.
  • 23. == class apache2 { file { '/etc/apache2': ensure => directory, require => Service['apache2'] } file { '/etc/apache2/apache2.conf': ensure => present, require => File['/etc/apache2'], notify => Service['apache2'], } package { 'apache2': ensure => present, allowcdrom => true, before => File['/etc/apache2/apache2.conf'] } service { 'apache2': ensure => running, subscribe => File['/etc/apache2/apache2.conf'] } } include apache2
  • 24. == # dependency loop class apache2 { file { '/etc/apache2': ensure => directory, require => Service['apache2'] } file { '/etc/apache2/apache2.conf': ensure => present, require => File['/etc/apache2'], notify => Service['apache2'], # <=== The notify metaparameter implies before. } package { 'apache2': ensure => present, allowcdrom => true, before => File['/etc/apache2/apache2.conf'] } service { 'apache2': ensure => running, subscribe => File['/etc/apache2/apache2.conf'] # <=== The subscribe metaparameter implies require.
  • 25. class test { file { '/tmp/somefile.txt': ensure => 'file', mode => 0600, owner => 'root', group => 'root', source => '/etc/puppet/modules/test/somefile.txt' } } include test
  • 26. == # use puppet:///modules/ instead of the full path on the puppet master class test { file { '/tmp/somefile.txt': ensure => 'file', mode => 0600, owner => 'root', group => 'root', source => 'puppet:///modules/test/somefile.txt' } } include test
  • 27. == class test { file {‘/tmp/large/dir/with/many/subdirs/and/many/files’: ensure => present, owner => root, group => root, recurse => true } } include test
  • 28. == # do not use recurse => true on a dir with over 100+ files class test { file {‘/tmp/large/dir/with/many/files’: ensure => present, owner => root, group => root, recurse => true } } include test # alternative :’( class test { exec {'/bin/chown -R root:root /tmp/large/dir/with/many/files': } }
  • 29. Walter Heck - OlinData Email: walterheck@olindata.com Twitter: @walterheck / @olindata Web: http://olindata.com Questions? Feel free to get in touch!