Puppet Camp 2012
Post on 21-Jan-2015
537 Views
Preview:
DESCRIPTION
Transcript
From zero to Puppet
http://www.rankpop.com/you-need-to-start-structuring-your-blog-posts-asap/
+15TB / mth
+1bn docs /mth
2-5k inserts/s @ 3ms
10K RPM @ 140ms
Servers
HTTP Load Balancer – 5x
Apache - 14x
Build - 2x
MongoDB - 19x data, 13x routing, 6x configuration, 6x arbiter,
HTTP Load Balancer
$globalIPs_array = split($globalIPs, ',')
<% globalIPs_array.each do |globalIP| %>ListenHTTP # primary public IP address Address <%= globalIP %> Port 80
Apache
file{ 'vhost': path => "/etc/apache2/sitesenabled/${::siteDomain}", ensure => file, content => template('apachephp/vhost.erb'), notify => Service['apache2'],}
Apache
<VirtualHost *:80>ServerName <%= siteDomain %>DocumentRoot <%= documentRoot %>... ErrorLog /var/log/apache2/error<%= siteDomain %>.log<% if @requestLogging and requestLogging == "yes" %> CustomLog /var/log/apache2/access<%= siteDomain %>.log vhost_combined<% end %>
<% if enableSSL == "yes" %><VirtualHost *:443> SSLEngine OnSSLCertificateFile /var/www/ssl/<%= siteDomain %>.crtSSLCertificateKeyFile /var/www/ssl/<%= siteDomain %>.key...
Apache
$excess_bagage = [ "ppp", "bind9host", "laptopdetect", "openiscsi", "libnss3:i386" ]package{ $excess_bagage: ensure => purged,}
exec{ 'ufw allow is1': command => '/usr/sbin/ufw allow from 184.173.178.67', unless => '/usr/sbin/ufw status verbose | grep "184.173.178.67"',}exec{ 'ufw enable': command => '/usr/sbin/ufw enable', unless => '/usr/sbin/ufw status | grep "Status: active"', Require => [Exec['ufw allow is1']], notify => Exec['ufw reload'],}exec{ 'ufw reload': command => '/usr/sbin/ufw reload', require => Exec['ufw enable'], refreshonly => true,}
SSH
file{ 'sshd_config': path => '/etc/ssh/sshd_config', ensure => file, content => template('sshd/sshd_config.erb'),}
Port 22Protocol 2AllowUsers david pessoa chris rob wesCompression yes...<% if @duoSecKey and @duoIntKey and @duoHost %> ForceCommand /usr/sbin/login_duo PermitTunnel no AllowTcpForwarding no<% end %>
System updatesCANARIES=" \
awsprodapacsingaporeexma1 \a2.wdc.sl \exm1.wdc.sl \mtxweb1.wdc.sl \sdappweb1.wdc.sl \sdapiweb1.wdc.sl \"
function canaries {echo "REMOVE *web1.wdc.sl FROM ROTATION!"echo "press ENTER"readecho "have you REALLY removed *web1.wdc.sl from rotation?"echo "press ENTER"read
for i in $CANARIESdo
echo $imco rpc puppetral I $i create type=exec \
title="/bin/bash c 'aptget distupgrade y'"done
}
System updates
function reboot_canaries {echo "REMOVE *web1.wdc.sl FROM ROTATION!"echo "press ENTER"readecho "have you REALLY removed *web1.wdc.sl from rotation?"echo "press ENTER"readfor i in $CANARIESdo
echo $imco rpc puppetral I $i create type=exec \
title="/bin/bash c 'reboot'"echo ""
done}
What to Reboot
mco rpc puppetral create type=exec \ title="/bin/bash c 'ls /var/run/rebootrequired'" \ | grep B 1 "Resource was created" \ | grep ".sl"
exmmd1a.wdc.sl Status: Resource was created Resource: {"tags"=>["exec"], "title"=>"/bin/bash c 'ls /var/run/rebootrequired'", "type"=>"Exec", "parameters"=>{:returns=>:notrun}, "exported"=>false}
exm1.wdc.sl Status: change from notrun to 0 failed: /bin/bash c 'ls /var/run/rebootrequired' returned 2 instead of one of [0]
Live Management- Emergency
# Metrics<%= metricsIP %> metricssvc
# Infrastructure services184.173.178.66 puppet
...
Live Management- Emergency
Live Management- Emergency
Live Management- Emergency
Live Management- Emergency
Pedro Pessoa
pessoa@serverdensity.com
www.serverdensity.com
top related