1. @ Bucharest DevOps Hacker Meetup
You can never understand configuration management, until you know how to orchestrate it
@ Bucharest DevOps Hacker Meetup

2. About us – Maria Niță Site Reliability Engineer @ Adobe DevOps @ Kalon
Software Openshift via Red Hat
uberVU
Faculty of Mathematics & Computer Science, University of Bucharest
ROSEdu Romanian Open Source for Education
Coffee & ice cream

3. About us – Alexandru Stancu
Puppet User ~6 years.
Site Reliability Adobe Systems
Organizer of the Puppet User Group in Bucharest
@salecss

4. Hypothesis Short introduction to Ansible & Puppet
Present the (a common) use case and how we manage it
What’s that use case? We want:
Dynamic Infrastructure, spread geographically on multiple zones (maybe multi-platform)
Application configuration
Application deployment
Reporting
Transition from want to have with Ansible & Puppet

5. Our use case We have a web app on http://demo.mydevops.ro
Create an AWS infrastructure: VPC, EC2 instances, ELBs using CNS (Terraform)
Configure the fleet – EC2 instances using Puppet
Orchestrate the deployment of our web app with 0 downtime with Ansible

6. Content Ansible Puppet Demo Q&A What’s what? Ecosystem Use case
Examples
Puppet
Language Basics
Puppet server and agent setup on AWS
Roles and Profiles
Demo
Q&A

7. Ansible - ”[…] until you know how to orchestrate it”
Maria Niță – Site Reliability Adobe

8. What’s, what? Ansible - Simple IT Automation1 Open Source SSH
ansible-vault
SSH keys
User & password
Multi platform
Roles
Community
Galaxy
push
ansible-pull
shell commands
Python, YAML, Jinja
Easy to understand
Easy to write
Easy to debug
Open Source
SSH
Security
Extensible

9. Ecosystem ansible ansible-playbook ansible-vault ansible-galaxy
ansible-pull
playbook
hosts
variables
roles
tasks

10. Common use case
Other
Ansible
simple
push
small
pull
complex

11. Example

12. Alexandru Stancu – Site Reliability Engineer @ Adobe
Puppet - ” You can never understand configuration management, until you know how to orchestrate it[…]”
Alexandru Stancu – Site Reliability Adobe

13. Puppet Ecosystem Puppet Server Puppet Agent
PuppetDB – Used to store reports and
Hiera – This is the place where data is stored. Data auto binding is awesome!
Foreman – ENC, Reporting and many more.
Puppetboard – Web frontend for PuppetDB.
Mcollective – a very cool tool

14. Puppet Language, Modules and more …
A module is a collection of classes
Written in Ruby
Can work in a client-server setup but also in master-less configuration
file { ‘/etc/ssh/sshd_config’:
ensure => present,
source => “puppet:///modules/${module_name}/sshd_config” }
A class is a collection of resources
service { ‘sshd’:
ensure => running,
enable => true }

15. Puppet Agent Setup On AWS
Bootstrap
Terraform
Provision
facts puppet module
AWS User Data
my_module_facts/lib/facter
my_ec2_tags.rb
iam_account_alias.rb
nagios_host.rb
aws_region_name.rb
my_other_facts.rb
vpc_name.rb
AWS Instance
hostname =
my_role =
group =
other_facts = fact1=val1,fact2=val2
Puppet Agent
TAGS
IAM instance profile
IAM Role
IAM Policy:
ec2:Describe*
AWS SDK
INSTANCE METADATA

16. Puppet Server site.pp : Puppet DB Puppet Server
node default {
include ::role::${::my_role} }
Node Classification
Catalog Compilation
AWS Instance
Reporting
Puppet DB
Foreman (deactivate ENC function)
Puppet Server
Hiera config
:hierarchy:
- “node/%{::certclient}”
- “vpc_name/%{::vpc_name}/role/%{::my_role}
- “vpc_name/%{::vpc_name}/common”
- “role/%{::my_role}”
- common

17. Puppet Roles and Profiles
file { ‘/path/to/custom/file’:
ensure => present,
source => ‘puppet:///modules/${module_name}/my_file’ }
Use
contain
Class
Ordering
Hiera
Resource Types M2 M1
AWS Instance
Role M3
Profiles M4 M6 M5
Business Logic
Technical Logic

18. Puppet Roles and Profiles
Resource Types M1 M2 M3
Community Modules
AWS Instance
Role
Profiles M4 M7
Site Modules M6 M5
file { ‘/path/to/custom/file’:
ensure => present,
source => ‘puppet:///modules/${module_name}/my_file’ }
Business Logic
Technical Logic

19. Demo

20. Q&A – Questions and hopefully Answers