Tim Krupinski, a Solution Architect at SageLogix, Inc., offers his experience in using tools like Puppet to facilitate a hybrid cloud approach with Oracle Infrastructure as a Service
4. Copyright SageLogix, Inc, 2016. All Rights Reserved4
What is DevOps?
DevOps is a term combining Development and Operations
More importantly…
– Represents a paradigm shift for IT management
– Focuses on quicker deployments
– Reduces human interaction
– Relies on defining environments (or infrastructure) through code
5. Copyright SageLogix, Inc, 2016. All Rights Reserved5
But we’re not a coding shop
DevOps transforms the way you manage all aspects of your
environments
Impacts…
– Change Control
– Compliance
– Security
Don’t focus on the “D” Word
7. Copyright SageLogix, Inc, 2016. All Rights Reserved7
Puppet
Chef
Ansible
SaltStack
CFEngine
If only there were a tool…
How do we get there?
9. Copyright SageLogix, Inc, 2016. All Rights Reserved9
Puppet Overview
Cross Platform – works with Windows, Linux, Solaris, and more
Central idea is a “Manifest”
– Manifest describes the state of a system
– Using an abstraction layer, manifests are platform agnostic
Works in a master / slave configuration
Also works in “standalone” mode
Extremely flexible and extensible to meet specific needs
10. Copyright SageLogix, Inc, 2016. All Rights Reserved10
Puppet Overview (Cont’d)
Manage configuration files via Templates
Leverage “Puppet Forge” to download third party add-ons
Currently Puppet Forge has plugins for just about everything…
11. Copyright SageLogix, Inc, 2016. All Rights Reserved11
Puppet Forge Oracle Modules
A plethora of user-supported
modules are currently offered in the
Puppet Forge…
12. Copyright SageLogix, Inc, 2016. All Rights Reserved12
Use Case with IaaS
Leverage Puppet Templates
Combine with Oracle’s Orchestration API
Benefits
– Write once, run often
– Semantic
– Extensible
Managing Orchestrations to Deploy a Server
13. Copyright SageLogix, Inc, 2016. All Rights Reserved13
Example Puppet Template
Puppet Template
for a generic
TNSNAMES.ORA
file
14. Copyright SageLogix, Inc, 2016. All Rights Reserved14
Example Orchestration File
Oracle Orchestration File
that deploys an Oracle
Linux server with two
volumes
15. Copyright SageLogix, Inc, 2016. All Rights Reserved15
Puppet with Compliance,
Security, and Maintenance
16. Copyright SageLogix, Inc, 2016. All Rights Reserved16
Defining “Compliance”
Traditional definitions – PCI, HIPAA, SOX, etc…
Also extends to encompass any internal process, standards, etc
– E.G. how you define firewall settings, or RBAC policies
Otherwise known as “check the box” type approach
Not your dad’s SOX
17. Copyright SageLogix, Inc, 2016. All Rights Reserved17
How Compliant Are You?
Situation: Need to produce a compliance report to
determine whether you are following industry best-
practices following a security breach.
18. Copyright SageLogix, Inc, 2016. All Rights Reserved18
How Compliant Are You?
2001 Solution: Task an intern with running
through a list of possibly hundreds of metrics, on
each system, and compile the results in an ad-hoc
Excel file.
Time to complete: A week? Several weeks? A
month?
Risk: Humans are bad at repetitive things, high
chance of inaccurate data in the report
19. Copyright SageLogix, Inc, 2016. All Rights Reserved19
How Compliant Are You?
2010 Solution: Consult your bag-o-scripts that’s
been homegrown in-house over the past decade.
Time to complete: A few days? A week?
Risk: Scripts don’t work consistently, and aren’t
compatible with newer components of your IT
footprint
20. Copyright SageLogix, Inc, 2016. All Rights Reserved20
How Compliant Are You?
2016 Solution: Just run an OpenSCAP report
Time to Complete: A few minutes.
Risks: You might have to look up the command
again.
23. Copyright SageLogix, Inc, 2016. All Rights Reserved23
OpenSCAP Summary
Can use a tool like Puppet to manage reporting across infrastructure
Cross platform and open source
Ships with Oracle Linux
Oh, and it also does automatic remediation to fix violations
automatically
24. Copyright SageLogix, Inc, 2016. All Rights Reserved24
Summary
We can use our DevOps tool (Puppet) with our compliance tool
(OpenSCAP) to reliably report on the state of our infrastructure in a real-
time, human-readable way.
We can extend Puppet to even go so far as to automatically remediate
issues when it finds them in an OpenSCAP report.
25. Copyright SageLogix, Inc, 2016. All Rights Reserved25
Case Study
Using Puppet to deploy Weblogic 12c
26. Copyright SageLogix, Inc, 2016. All Rights Reserved26
The Problem
Client wanted to do a greenfield installation of Weblogic 12c
Between Development, Test, QA and Production, total deployment
consisted of 9 different servers
Each server had specific requirements depending on the environment
27. Copyright SageLogix, Inc, 2016. All Rights Reserved27
Step 1 – The Manifest and Templates
A. Defined a class within puppet called “Weblogic 12c” and defined a
manifest for it
B. Created a Template for the response files needed, which
dynamically generated the correct configuration based on the host
name and type (Dev, Test, Production)
C. Presented the mount point with software to relevant servers
Total Lead Time: 1 week
30. Copyright SageLogix, Inc, 2016. All Rights Reserved30
What about a patch?
Follow the same method:
– Write Once
– Test
– Deploy Often
Applies to Opatch (The patching utility for Oracle software)
Also applies to OS
Or Change Control In General
31. Copyright SageLogix, Inc, 2016. All Rights Reserved31
Change Control
Clear and concise definitions of your environment
Combine with a version control system like Git to have a full paper trail
of when changes were made, and who made them
Better understanding of which change potentially caused a defect in a
system
Some benefits of using Puppet with CC