1. Integrating the
Cloud with
Puppet
Tuesday, February 26, 13

2. About me:
Dan Bode
Some Dude at PuppetLabs
@bodepd
bodepd <on> freenode
Tuesday, February 26, 13

3. Who is this talk for?
Cloud Users
Puppet beginners
Tuesday, February 26, 13

4. It will cover
why integrate?
explanation of Puppet’s architecture as it applies to
integration
using Puppet to model VM instances
Tuesday, February 26, 13

5. Why Integrate?
Tuesday, February 26, 13

6. Cloud
Provisions virtual machines
deployVirtualMachine
Self Service API
VM1
Tuesday, February 26, 13

7. Puppet
VMs -> Applications
deployApacheServer
Self Service API
VM1
Make me an
apache server Here are your
instructions
Puppet
Master
Tuesday, February 26, 13

8. Together
PaaS
deployAppStack
Self Service API
DB1 Apache1 Apache2 LB
Tuesday, February 26, 13

9. Puppet
Tuesday, February 26, 13

10. 2 run modes
puppet apply
client/server
Tuesday, February 26, 13

11. Puppet Client/Server
Classifier Modules
Master
Facts Catalog
VM1
Tuesday, February 26, 13

12. Facter
Classifier Modules
Master
Facts Catalog
VM1
Tuesday, February 26, 13

13. Facter
$ facter
architecture => x86_64
domain => local
fqdn => DansLapTop.local
id => danbode
ec2_instance_id => abc123abc123abc123
operatingsystem => ‘Ubunbtu’
osfamily => ‘Debian’
.....
Tuesday, February 26, 13

14. Facter
Available as top scope variables from manifests
ie : $::fact_name
Creating custom facts is easy.
Tuesday, February 26, 13

15. Modules
Modules
Classifier
Master
Facts Catalog
VM1
Tuesday, February 26, 13

16. Modules
Sharable Puppet content
Tuesday, February 26, 13

17. Module Forge
http://forge.puppetlabs.com/puppetlabs/apache
I get all of
my content
from the
forge!
Tuesday, February 26, 13

18. Classes/defines compose resources
Tuesday, February 26, 13

19. Resources
Describe the configuration state of individual
system elements.
Tuesday, February 26, 13

20. user { ‘dan’: # a user named dan
...
Tuesday, February 26, 13

21. user { ‘dan’: # a user named dan
ensure => present, # should exist
...
Tuesday, February 26, 13

22. user { ‘dan’: # a user named dan
ensure => present, # should exist
shell => ‘/bin/bash’, # with this shell
}
Tuesday, February 26, 13

23. Puppet DSL and resources
Tuesday, February 26, 13

24. Puppet DSL
Composes collections of resources.
Tuesday, February 26, 13

25. Package/File/Service
class webserver {
package { ‘apache2’: ... }
file { ‘/etc/apache2/apache2.conf’:
...
require => Package[‘apache2’],
}
service { ‘apache2’:
...
subscribe => File[‘/etc/apache2/apache2.conf’]
}
}
Tuesday, February 26, 13

26. configure a node
include webserver
Tuesday, February 26, 13

27. Classification (maps roles as classes)
Classifier
Modules
Master
Facts Catalog
VM1
Tuesday, February 26, 13

28. Site manifest
(/etc/puppet/manifests/site.pp)
Map a host’s certname to content from a module
node /^my_node/ {
include apache
}
Tuesday, February 26, 13

29. ENC
ENC
Master
The master can call out to arbitrary executables to
figure out how a node should be classified.
Tuesday, February 26, 13

30. Puppet Client/Server
Classifier Modules
Master
Facts
Catalog
VM1
Tuesday, February 26, 13

31. Catalog
Resources
Package
Package File
File
Dependencies User User
Service
Service
Tuesday, February 26, 13

32. Integration
is all about
Classification
Tuesday, February 26, 13

33. Using metadata/userdata
deployApacheServer (with metadata=’puppet_class=apache’)
Self Service API
VM1
Puppet
Master
Tuesday, February 26, 13

34. Using metadata/userdata
deployApacheServer (with metadata=’puppet_class=apache’)
Self Service API
I was provisioned
with metadata VM1
puppet_class=apache
Puppet
Master
Tuesday, February 26, 13

35. Using metadata/userdata
deployApacheServer (with metadata=’puppet_class=apache’)
Self Service API
I was provisioned
with metadata VM1
puppet_class=apache
Oh cool!
You must be an
Puppet apache server
Master
Tuesday, February 26, 13

36. Determine role based on facts
deployVirtualMachine (with metadata)
Tuesday, February 26, 13

37. Determine role based on facts
deployVirtualMachine (with metadata)
populate facter metadata service
Tuesday, February 26, 13

38. Determine role based on facts
deployVirtualMachine (with metadata)
populate facter metadata service
use fact for classification
node default {
include $::meta_data_role
}
Tuesday, February 26, 13

39. Pros
- simple
- classification information set during provisioning process
Tuesday, February 26, 13

40. Cons
- hosts become authoritative over their role
- a single rooted host can pretend to be anyone else
- metadata/userdata is not always read/write
Tuesday, February 26, 13

41. Using instance annotation data
deployApacheServer (with group=‘apache’)
Self Service API
here is my id
VM1
Let me consult
the cloud system
Puppet
Master You were provisioned
as an apache server
Tuesday, February 26, 13

42. Using instance annotation data
deployApacheServer (with group=‘apache’)
Self Service API
VM1
Tuesday, February 26, 13

43. Using instance annotation data
deployApacheServer (with group=‘apache’)
Self Service API
here is my id
VM1
Puppet
Master
Tuesday, February 26, 13

44. Using instance annotation data
deployApacheServer (with group=‘apache’)
Self Service API
here is my id
VM1
Let me lookup your
role based on your id
Puppet
Master
Tuesday, February 26, 13

45. Using instance annotation data
deployApacheServer (with group=‘apache’)
Self Service API
here is my id
VM1
Let me lookup your
role based on your id
Puppet
Master You were provisioned
as an apache server
Tuesday, February 26, 13

46. Pros
- provisioning credentials are used to determine role
- annotation field likely updatable
Tuesday, February 26, 13

47. Cons
- puppetmaster must have API credentials
- may require a custom ENC
Tuesday, February 26, 13

48. Decouple role assignment from
provisioning
After provisioning is completed, ssh into a machine,
set a custom fact (using facts.d), and trigger a
puppet run.
pros - you can easily execute a script to install and
bootstrap puppet
cons - extra step
Tuesday, February 26, 13

49. facts.d
facts.d comes with stdlib
(http://forge.puppetlabs.com/puppetlabs/stdlib)
it converts any ‘key=value’ pairs listed in /etc/
facts.d/*.txt into facts
Tuesday, February 26, 13

50. VM provisioning with Puppet
(experimental! use cases
appreciated)
Tuesday, February 26, 13

51. Share Application Stacks as text
class my_app_stack {
cloudstack_instance { 'foo4':
ensure => present,
group => 'role=db',
}
cloudstack_instance { 'foo3':
ensure => present,
group => 'role=apache',
}
}
Tuesday, February 26, 13

52. Use resource defaults for
common settings
Cloudstack_instance {
image => 'CentOS 5.6 key+pass',
flavor => 'Small Instance',
zone => 'ACS-FMT-001',
network => 'puppetlabs-network',
keypair => 'dans_keypair4',
}
cloudstack_instance { 'foo4':
ensure => $::ensure,
group => 'role=db',
}
cloudstack_instance { 'foo3':
ensure => $::ensure,
group => 'role=apache',
}
Tuesday, February 26, 13

53. More issues of trust
Tuesday, February 26, 13