SlideShare a Scribd company logo

Automating complex infrastructures with Puppet

Kris Buytaert
Kris Buytaert

The document discusses the use of Puppet for managing the configuration and deployment of SIPxECS, an open-source VoIP telephony server. It details the Puppet modules, configuration processes, and challenges encountered while automating the management of SIPxECS components. The author emphasizes the need for further developments in API capabilities and addresses issues with existing management tools.

Technology
1 of 43
Downloaded 87 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
Puppetizing Complex Applications with sipXecs as an example Kris Buytaert
Kris Buytaert ● I used to be a Dev, Then Became an Op ● Senior Linux and Open Source Consultant @inuits.be ● „Infrastructure Architect“ ● Building Clouds since before the Cloud ● Surviving the 10th floor test ● Co-Author of some books ● Guest Editor at some sites
Today ● About SIPX ● About Puppet ● Deploying SipX ● ...
Introduction 2 Puppet
Not quite a Muppet... ● Puppet is... ● OSS ● A DSL language ● Written in Ruby ● Client/server oriented ● Contains abstraction layers ● Repeatable processes
Master of Puppets ● Puppet master • CA authority • Modules • Node descriptions • Compare, compile, apply ● Master is not a requirement !
Puppet Clients ● Puppet client nodes • Daemon • Cron jobs • External orchestration: • for i in $hosts; do ssh $i “puppetd --test”; done • mCollective, Func, …
Facts ● Facts # facter memoryfree => 387.21 MB memorysize => 492.75 MB swapfree => 481.00 MB swapsize => 481.00 MB domain => dev.inuits.be fqdn => node3.dev.inuits.be hostname => node3 interfaces => eth0 ipaddress => 172.16.142.141 macaddress => 00:0c:29:42:0b:8a netmask => 255.255.255.0
Modules ● Dedicated per service ● Reusable ● Called from the manifests ● Live in /etc/puppet/modules/
Module Structure ● Files ● Templates • Dynamic content • Variables <IfModule mpm_worker_module> StartServers <%= StartServers %> MaxClients <%= MaxClients %> MinSpareThreads <%= MinSpare %> MaxSpareThreads <%= MaxSpare %> ThreadsPerChild <%= ThreadsChild %> MaxRequestsPerChild <%= RequestsChild %> </IfModule> ● Manifests
Modules ● Files ● Templates ● Manifests • DSL • Classes • Elements
Node definitions ● Nodes.pp class defaults { $search = "inuits.be" $nameservers = ['208.67.220.220', '208.67.222.222'] include dns::resolv include ssh::keys include ssh::server } node "ns1.dev.inuits.be" { include defaults include dns::powerdns::server include dns::powerdns::resolver } node “web1.dev.inuits.be” { include defaults include apache2 include mysql }
Ralsh ● Simplifies writing manifests ● Will generate parts of the manifest for you ● Based on your running config ● Limited functionality master1.dev.inuits.be:~# ralsh user root user { 'root': uid => '0', gid => '0', comment => 'root', ensure => 'present', password => 'f34wi94$PmlI0CxQLb9HD', shell => '/bin/bash', home => '/root' } master1.dev.inuits.be:~# ralsh service apache2 service { 'apache2': ensure => 'running', enable => 'true' }
Puppetizing your Infra ● Define common parts ● Define unique parts ● Write your manifests ● Use modules • Puppet Forge • GitHub • Your own modules
SipXecs
What is sipXecs ? ● sipX ECS (Enterprise Communications Server) ● Open Source voice over IP telephony server ● Implementation of the Session Initiation Protocol (SIP) ● IP based communications system (IP PBX) ● Not unlike Asterisk ● Development started in 1999 ● GNU Lesser General Public License (LGPL) ● Commercial offering from eZuce Inc. ● Designed around FreeSWITCH ● Modular and highly scalable system
We don't know VOIP ● External VOIP consultancy • Hardware selection • Codecs etc • Scale out ● Irc.freenode.org #sipx ● s/don/didn/t ● Don't buy the book
Installing sipxecs ● Prebuilt ISO ● Kickstart ● Install scripts placed in .bashrc ● Ncurses based ● Lots of python scripts ● Heavy GUI usage
Why not Just ? ● Backup and Restore ? • CDR Integration etc ● Image ? ● Productization • Think 20-100 setups • For different customers • Different networks, different domains
So, that Python Script ? ● Configures your network ● Configures your dhcpd ● Configures your dns ● Configures your ntpd ● Configures your tftp ● Generates SSL stuff for you There's puppet modules for that !
SipXconfig ● Is enabled by writing “enabled” to /var/sipxdata/process-state/ConfigServer ● The configuration and management server (sipXconfig) provides Web administration and user portals, Web services APIs, as well as all the abstraction logic to make using sipXecs as simple as it is. It provides centralized management of all the aspects of sipXecs, including installation, configuration, backup & restore, upgrade, troubleshooting and cluster management. ● “Pushes” configs to other nodes ● Should be rewritten in Puppet or a like.
Configuring sipXecs ● A couple of files ● Some of them even obsoleted ● Putting the SSL stuff in the right location
Everything is a funky SSL problem ● Sipx generates keys at install time • Ca + keypairs per node ● 2nd node needs those keys ● Copy to puppetmaster and transfer back to other nodes ? ● Or generate on puppetmaster and redistribute ? => Generated on Puppetmaster
Adding a second node ● <> clustering ● <> high availability ( please don't start crying) ● Create an entry in the management interface ● Then repeat manual installation using ncurses ● Or just do a wget to register it with the primary
class voip::sipx { sipx::netconfig { "sipx": ipaddress => $ip_address, netmask => $netmask; } if $nodename == 'sipx-a' { sipx::configserver{ "sipx": } sipx::staticcertdbca{ "$hostname": } sipx::staticcertdbnodes{ "SIPX-A.${platformdomainextension}": clientname => "SIPX-A"; } sipx::staticcertdbnodes{ "SIPX-B.${platformdomainextension}": clientname => "SIPX-B"; } include sipx::runmaster } else { include sipx::runslave sipx::register{ "$nodename": clientname =>"${nodename}.${platformdomainextension}", password =>"yourpw",} } sipx::supervisor { "$hostname": sipx_supervisor => "sipx-a.$platformdomainextension"; } sipx::staticssl{ "$hostname": } }
More complexity Or regular puppet ordering ● Sipx requires PgSQL ● You want PgSQL on an isolated LV ● PgSQL configuration has to be done after it initialized a DB ● SipX insist on starting PgSQL for you
class voip::storage { file { "/var/lib/pgsql": ensure => directory; lvm::volume { "pgsql": vg => "systemvg", pv => "/dev/cciss/c0d0p2", fstype => "ext3", size => "20G", ensure => present, } mount { "/var/lib/pgsql": atboot => true, device => "/dev/systemvg/pgsql", ensure => mounted, fstype => "ext3", options => "defaults", require => [Logical_volume['pgsql'],File['/var/lib/pgsql']], } } class voip::pgsql { include postgres postgres::initdb { "sipx": } postgres::config{ "sipx": listen => "*", postgres::hba { "sipx": allowedrules => [ "host SIPXCDR all ${clientip}/32 trust", ], } }
include voip::storage include voip::pgsql include voip::sipx Class["voip::storage"] -> Class["voip::pgsql"] -> Class["voip::sipx"]
More complexity Or manipulating content of files ● Bug in SIPX writes wrong listen adress for Freeswitch ● XML Gibberish ● Sipxconfig generates parts of the config files from unknown sources
Augeas With Augtool augtool > set /augeas/load/Xml/incl[3] /tmp/blah.xml augtool > set /augeas/load/Xml/lens Xml.lns augtool > load augtool >print /files/tmp/blah.xml/profile/settings/param[17]/ /files/tmp/blah.xml/profile/settings/param[17] = "#empty" /files/tmp/blah.xml/profile/settings/param[17]/#attribute /files/tmp/blah.xml/profile/settings/param[17]/#attribute/name = "sip-ip" /files/tmp/blah.xml/profile/settings/param[17]/#attribute/value = "10.255.202.90" augtool> print /files/tmp/blah.xml/profile/settings/param[18]/ /files/tmp/blah.xml/profile/settings/param[18] = "#empty" /files/tmp/blah.xml/profile/settings/param[18]/#attribute /files/tmp/blah.xml/profile/settings/param[18]/#attribute/name = "ext-rtp-ip" /files/tmp/blah.xml/profile/settings/param[18]/#attribute/value = "auto-nat" augtool> print /files/tmp/blah.xml/profile/settings/param[16]/ /files/tmp/blah.xml/profile/settings/param[16] = "#empty" /files/tmp/blah.xml/profile/settings/param[16]/#attribute /files/tmp/blah.xml/profile/settings/param[16]/#attribute/name = "rtp-ip" /files/tmp/blah.xml/profile/settings/param[16]/#attribute/value = "10.255.202.90"
Augeas augtool> get /files/etc/sipxpbx/freeswitch/conf/sip_profiles/sipX_profile.xml/profile/settings/param[17]/#attribut e/value / files/etc/sipxpbx/freeswitch/conf/sip_profiles/sipX_profile.xml/profile/settings/param[17]/#attribute /value = 10.255.202.90 augtool> set /files/etc/sipxpbx/freeswitch/conf/sip_profiles/sipX_profile.xml/profile/settings/param[16]/#attribut e/value 10.0.0.2
Augeas & Puppet augeas{"sipxprofile" : changes => [ "set /augeas/load/Xml/incl[last()+1]/etc/sipxpbx/freeswitch/conf/sip_profiles/sipX_profile.xml", "set /files/etc/sipxpbx/freeswitch/conf/sip_profiles/sipX_profile.xml/profile/settings/param[16]/#attribute/value 10.0.0.2", "set /files/etc/sipxpbx/freeswitch/conf/sip_profiles/sipX_profile.xml/profile/settings/param[17]/#attribute/value 10.0.0.2", ], } augeas{"sipxprofile" : lens => "Xml.lns", incl => "/etc/sipxpbx/freeswitch/conf/sip_profiles/sipX_profile.xml", context => "/files/etc/sipxpbx/freeswitch/conf/sip_profiles/sipX_profile.xml", changes => [ "set profile/settings/param[16]/#attribute/value $ipaddress", "set profile/settings/param[17]/#attribute/value $ipaddress", ], onlyif => "get profile/settings/param[16]/#attribute/value != $ipaddress", }
Manual config of the services via the gui is still required :(
I want to ● Automatically create my admin pw ● Automatically add that second node ● Automatically disable/ enable functions in the sipX server • e.g conferencing, openfire ● Add users/phones ● There's an API ! ● Which only implements limited functionality , and no configuration
Screen scraping ? (03:28:30 PM) lazyboy: y, you just need a form processing library, one that can read a form values and allow you to post back your changes (03:30:04 PM) lazyboy: the problem w/this method as you know is that it is constantly breaking (03:30:41 PM) sdog: yep .. whan you change the gui .. it will break .... (03:30:45 PM) lazyboy: maybe we need a serverside abstraction layer, that does the screenscraping and exports out a clean REST API (03:31:13 PM) lazyboy: overtime, APIs go straight thru (03:36:18 PM) lazyboy: so it's possible some of what you want to do is available w/not a lot of screen scraping.
Abusing Test Frameworks to configure services on a webgui
Cucumber ● Looks extremely easy • “Hey our manager could write these test” ● Isn't • Heavily under documented • Best docs are in the RSpec book • Online examples are mostly broken ● Requires to write a lot of code
Apache Jmeter ● Test tool ● Load generation tool ● Lets you record session by using a proxy ● Only recent versions support SSL
Selenium ● Firefox plugin ● Replays your actions • No need to write code ● Can export to perl, php, ruby .. • Which requires the a Selenium Remote Control Server • Which launches Firefox ● SSL Fun ahead
Alternatives ● Sahi • Similar to selenium • Requires proxy ● www::mechanize ● Mechanize rubygem ● Webtest ● Your idea ?
I want an API
Conclusions ● No good solution yet :( ● Talk to your upstream supplier • Vendor / project ● Be patient ● Show the good example ● All bugs produced during this experience are on https://github.com/KrisBuytaert
Contact Kris Buytaert Kris.Buytaert@inuits.be Further Reading @krisbuytaert http://www.krisbuytaert.be/blog/ http://www.inuits.be/ Inuits Esquimaux 't Hemeltje Kheops Business Gemeentepark 2 Center 2930 Brasschaat Avenque Georges 891.514.231 Lemaître 54 6041 Gosselies +32 473 441 636 889.780.406

More Related Content

What's hot (20)

PPT
Learn basic ansible using docker
Larry Cai
 
PDF
Varnish http accelerator
no no
 
PDF
Automation with Ansible and Containers
Rodolfo Carvalho
 
KEY
Making Your Capistrano Recipe Book
Tim Riley
 
PPTX
Kubernetes #4 volume &amp; stateful set
Terry Cho
 
PPTX
Getting Started with Docker
Geeta Vinnakota
 
PPT
Running High Performance and Fault Tolerant Elasticsearch Clusters on Docker
Sematext Group, Inc.
 
PDF
MySQL NDB 8.0 clusters in your laptop with dbdeployer
Giuseppe Maxia
 
PDF
Ansible - Introduction
Stephane Manciot
 
PDF
Nginx Internals
Joshua Zhu
 
PDF
Ansible not only for Dummies
Łukasz Proszek
 
PDF
Red hat lvm cheatsheet
Prakash Ghosh
 
PDF
Content Caching with NGINX and NGINX Plus
Kevin Jones
 
PPTX
Ansible for beginners
Kuo-Le Mei
 
ODP
nginx: writing your first module
redivy
 
PDF
Docker up and running
Victor S. Recio
 
PDF
Node.js in production
Felix Geisendörfer
 
PDF
Hadoop meet Rex(How to construct hadoop cluster with rex)
Jun Hong Kim
 
PDF
Apache Traffic Server & Lua
Kit Chan
 
PDF
Infrastructure Deployment with Docker & Ansible
Robert Reiz
 
Learn basic ansible using docker
Larry Cai
 
Varnish http accelerator
no no
 
Automation with Ansible and Containers
Rodolfo Carvalho
 
Making Your Capistrano Recipe Book
Tim Riley
 
Kubernetes #4 volume &amp; stateful set
Terry Cho
 
Getting Started with Docker
Geeta Vinnakota
 
Running High Performance and Fault Tolerant Elasticsearch Clusters on Docker
Sematext Group, Inc.
 
MySQL NDB 8.0 clusters in your laptop with dbdeployer
Giuseppe Maxia
 
Ansible - Introduction
Stephane Manciot
 
Nginx Internals
Joshua Zhu
 
Ansible not only for Dummies
Łukasz Proszek
 
Red hat lvm cheatsheet
Prakash Ghosh
 
Content Caching with NGINX and NGINX Plus
Kevin Jones
 
Ansible for beginners
Kuo-Le Mei
 
nginx: writing your first module
redivy
 
Docker up and running
Victor S. Recio
 
Node.js in production
Felix Geisendörfer
 
Hadoop meet Rex(How to construct hadoop cluster with rex)
Jun Hong Kim
 
Apache Traffic Server & Lua
Kit Chan
 
Infrastructure Deployment with Docker & Ansible
Robert Reiz
 

Similar to Automating complex infrastructures with Puppet (20)

PDF
Beyond Puppet
Kris Buytaert
 
PDF
20090514 Introducing Puppet To Sasag
garrett honeycutt
 
ODP
Monitoring your VM's at Scale
Kris Buytaert
 
KEY
20100425 Configuration Management With Puppet Lfnw
garrett honeycutt
 
PDF
Cobbler, Func and Puppet: Tools for Large Scale Environments
ViSenze - Artificial Intelligence for the Visual Web
 
PDF
Cobbler, Func and Puppet: Tools for Large Scale Environments
Michael Zhang
 
PDF
Distributed monitoring at Hyves- Puppet
Puppet
 
PDF
Puppet Deployment at OnApp
Puppet
 
PDF
PuppetCamp SEA 1 - Puppet Deployment at OnApp
OlinData
 
PDF
PuppetCamp SEA 1 - Puppet Deployment at OnApp
Walter Heck
 
PDF
Puppet modules: An Holistic Approach
Alessandro Franceschi
 
PDF
Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...
Puppet
 
PDF
DevOps Braga #6
DevOps Braga
 
PPTX
Virtualization and automation of library software/machines + Puppet
Omar Reygaert
 
KEY
Stanford Hackathon - Puppet Modules
Puppet
 
PDF
Writing and Publishing Puppet Modules - PuppetConf 2014
Puppet
 
PDF
Systems Automation with Puppet
elliando dias
 
PDF
Provisioning with Puppet
Joe Ray
 
PDF
Getting Started with PoolParty and EC2
Nate Murray
 
KEY
Puppet talk at OSCON 2010.
teyotyree
 
Beyond Puppet
Kris Buytaert
 
20090514 Introducing Puppet To Sasag
garrett honeycutt
 
Monitoring your VM's at Scale
Kris Buytaert
 
20100425 Configuration Management With Puppet Lfnw
garrett honeycutt
 
Cobbler, Func and Puppet: Tools for Large Scale Environments
ViSenze - Artificial Intelligence for the Visual Web
 
Cobbler, Func and Puppet: Tools for Large Scale Environments
Michael Zhang
 
Distributed monitoring at Hyves- Puppet
Puppet
 
Puppet Deployment at OnApp
Puppet
 
PuppetCamp SEA 1 - Puppet Deployment at OnApp
OlinData
 
PuppetCamp SEA 1 - Puppet Deployment at OnApp
Walter Heck
 
Puppet modules: An Holistic Approach
Alessandro Franceschi
 
Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...
Puppet
 
DevOps Braga #6
DevOps Braga
 
Virtualization and automation of library software/machines + Puppet
Omar Reygaert
 
Stanford Hackathon - Puppet Modules
Puppet
 
Writing and Publishing Puppet Modules - PuppetConf 2014
Puppet
 
Systems Automation with Puppet
elliando dias
 
Provisioning with Puppet
Joe Ray
 
Getting Started with PoolParty and EC2
Nate Murray
 
Puppet talk at OSCON 2010.
teyotyree
 
Ad

More from Kris Buytaert (20)

PDF
Years of (not) learning , from devops to devoops
Kris Buytaert
 
PDF
Observability will not fix your Broken Monitoring ,Ignite
Kris Buytaert
 
PDF
Infrastructure as Code Patterns
Kris Buytaert
 
PDF
From devoops to devops 13 years of (not) learning
Kris Buytaert
 
PDF
Pipeline all the Dashboards as Code
Kris Buytaert
 
PDF
Help , My Datacenter is on fire
Kris Buytaert
 
PDF
GitOps , done Right
Kris Buytaert
 
PDF
Devops is Dead, Long live Devops
Kris Buytaert
 
PDF
10 years of #devopsdays, but what have we really learned ?
Kris Buytaert
 
PDF
Continuous Infrastructure First
Kris Buytaert
 
PDF
Is there a Future for devops ?
Kris Buytaert
 
PDF
10 Years of #devopsdays weirdness
Kris Buytaert
 
PDF
ADDO 2019: Looking back at over 10 years of Devops
Kris Buytaert
 
PDF
Can we fix dev-oops ?
Kris Buytaert
 
PDF
Continuous Infrastructure First Ignite Edition
Kris Buytaert
 
PDF
Continuous Infrastructure First
Kris Buytaert
 
PDF
Open Source Monitoring in 2019
Kris Buytaert
 
PDF
Migrating to Puppet 5
Kris Buytaert
 
ODP
Repositories as Code
Kris Buytaert
 
PDF
Devops is a Security Requirement
Kris Buytaert
 
Years of (not) learning , from devops to devoops
Kris Buytaert
 
Observability will not fix your Broken Monitoring ,Ignite
Kris Buytaert
 
Infrastructure as Code Patterns
Kris Buytaert
 
From devoops to devops 13 years of (not) learning
Kris Buytaert
 
Pipeline all the Dashboards as Code
Kris Buytaert
 
Help , My Datacenter is on fire
Kris Buytaert
 
GitOps , done Right
Kris Buytaert
 
Devops is Dead, Long live Devops
Kris Buytaert
 
10 years of #devopsdays, but what have we really learned ?
Kris Buytaert
 
Continuous Infrastructure First
Kris Buytaert
 
Is there a Future for devops ?
Kris Buytaert
 
10 Years of #devopsdays weirdness
Kris Buytaert
 
ADDO 2019: Looking back at over 10 years of Devops
Kris Buytaert
 
Can we fix dev-oops ?
Kris Buytaert
 
Continuous Infrastructure First Ignite Edition
Kris Buytaert
 
Continuous Infrastructure First
Kris Buytaert
 
Open Source Monitoring in 2019
Kris Buytaert
 
Migrating to Puppet 5
Kris Buytaert
 
Repositories as Code
Kris Buytaert
 
Devops is a Security Requirement
Kris Buytaert
 
Ad

Recently uploaded (20)

PDF
Biography of Daniel Podor.pdf
Daniel Podor
 
PDF
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
PDF
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
PDF
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
PDF
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 
PDF
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
PDF
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
PDF
POV_ Why Enterprises Need to Find Value in ZERO.pdf
darshakparmar
 
PDF
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
PDF
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
PDF
Presentation - Vibe Coding The Future of Tech
yanuarsinggih1
 
PDF
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
PDF
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
PDF
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
PDF
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
PPTX
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
PPTX
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
PPTX
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
PPTX
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
PPTX
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
Biography of Daniel Podor.pdf
Daniel Podor
 
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
POV_ Why Enterprises Need to Find Value in ZERO.pdf
darshakparmar
 
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
Presentation - Vibe Coding The Future of Tech
yanuarsinggih1
 
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 

Automating complex infrastructures with Puppet

  • 1. Puppetizing Complex Applications with sipXecs as an example Kris Buytaert
  • 2. Kris Buytaert ● I used to be a Dev, Then Became an Op ● Senior Linux and Open Source Consultant @inuits.be ● „Infrastructure Architect“ ● Building Clouds since before the Cloud ● Surviving the 10th floor test ● Co-Author of some books ● Guest Editor at some sites
  • 3. Today ● About SIPX ● About Puppet ● Deploying SipX ● ...
  • 5. Not quite a Muppet... ● Puppet is... ● OSS ● A DSL language ● Written in Ruby ● Client/server oriented ● Contains abstraction layers ● Repeatable processes
  • 6. Master of Puppets ● Puppet master • CA authority • Modules • Node descriptions • Compare, compile, apply ● Master is not a requirement !
  • 7. Puppet Clients ● Puppet client nodes • Daemon • Cron jobs • External orchestration: • for i in $hosts; do ssh $i “puppetd --test”; done • mCollective, Func, …
  • 8. Facts ● Facts # facter memoryfree => 387.21 MB memorysize => 492.75 MB swapfree => 481.00 MB swapsize => 481.00 MB domain => dev.inuits.be fqdn => node3.dev.inuits.be hostname => node3 interfaces => eth0 ipaddress => 172.16.142.141 macaddress => 00:0c:29:42:0b:8a netmask => 255.255.255.0
  • 9. Modules ● Dedicated per service ● Reusable ● Called from the manifests ● Live in /etc/puppet/modules/
  • 10. Module Structure ● Files ● Templates • Dynamic content • Variables <IfModule mpm_worker_module> StartServers <%= StartServers %> MaxClients <%= MaxClients %> MinSpareThreads <%= MinSpare %> MaxSpareThreads <%= MaxSpare %> ThreadsPerChild <%= ThreadsChild %> MaxRequestsPerChild <%= RequestsChild %> </IfModule> ● Manifests
  • 11. Modules ● Files ● Templates ● Manifests • DSL • Classes • Elements
  • 12. Node definitions ● Nodes.pp class defaults { $search = "inuits.be" $nameservers = ['208.67.220.220', '208.67.222.222'] include dns::resolv include ssh::keys include ssh::server } node "ns1.dev.inuits.be" { include defaults include dns::powerdns::server include dns::powerdns::resolver } node “web1.dev.inuits.be” { include defaults include apache2 include mysql }
  • 13. Ralsh ● Simplifies writing manifests ● Will generate parts of the manifest for you ● Based on your running config ● Limited functionality master1.dev.inuits.be:~# ralsh user root user { 'root': uid => '0', gid => '0', comment => 'root', ensure => 'present', password => 'f34wi94$PmlI0CxQLb9HD', shell => '/bin/bash', home => '/root' } master1.dev.inuits.be:~# ralsh service apache2 service { 'apache2': ensure => 'running', enable => 'true' }
  • 14. Puppetizing your Infra ● Define common parts ● Define unique parts ● Write your manifests ● Use modules • Puppet Forge • GitHub • Your own modules
  • 16. What is sipXecs ? ● sipX ECS (Enterprise Communications Server) ● Open Source voice over IP telephony server ● Implementation of the Session Initiation Protocol (SIP) ● IP based communications system (IP PBX) ● Not unlike Asterisk ● Development started in 1999 ● GNU Lesser General Public License (LGPL) ● Commercial offering from eZuce Inc. ● Designed around FreeSWITCH ● Modular and highly scalable system
  • 17. We don't know VOIP ● External VOIP consultancy • Hardware selection • Codecs etc • Scale out ● Irc.freenode.org #sipx ● s/don/didn/t ● Don't buy the book
  • 18. Installing sipxecs ● Prebuilt ISO ● Kickstart ● Install scripts placed in .bashrc ● Ncurses based ● Lots of python scripts ● Heavy GUI usage
  • 19. Why not Just ? ● Backup and Restore ? • CDR Integration etc ● Image ? ● Productization • Think 20-100 setups • For different customers • Different networks, different domains
  • 20. So, that Python Script ? ● Configures your network ● Configures your dhcpd ● Configures your dns ● Configures your ntpd ● Configures your tftp ● Generates SSL stuff for you There's puppet modules for that !
  • 21. SipXconfig ● Is enabled by writing “enabled” to /var/sipxdata/process-state/ConfigServer ● The configuration and management server (sipXconfig) provides Web administration and user portals, Web services APIs, as well as all the abstraction logic to make using sipXecs as simple as it is. It provides centralized management of all the aspects of sipXecs, including installation, configuration, backup & restore, upgrade, troubleshooting and cluster management. ● “Pushes” configs to other nodes ● Should be rewritten in Puppet or a like.
  • 22. Configuring sipXecs ● A couple of files ● Some of them even obsoleted ● Putting the SSL stuff in the right location
  • 23. Everything is a funky SSL problem ● Sipx generates keys at install time • Ca + keypairs per node ● 2nd node needs those keys ● Copy to puppetmaster and transfer back to other nodes ? ● Or generate on puppetmaster and redistribute ? => Generated on Puppetmaster
  • 24. Adding a second node ● <> clustering ● <> high availability ( please don't start crying) ● Create an entry in the management interface ● Then repeat manual installation using ncurses ● Or just do a wget to register it with the primary
  • 25. class voip::sipx { sipx::netconfig { "sipx": ipaddress => $ip_address, netmask => $netmask; } if $nodename == 'sipx-a' { sipx::configserver{ "sipx": } sipx::staticcertdbca{ "$hostname": } sipx::staticcertdbnodes{ "SIPX-A.${platformdomainextension}": clientname => "SIPX-A"; } sipx::staticcertdbnodes{ "SIPX-B.${platformdomainextension}": clientname => "SIPX-B"; } include sipx::runmaster } else { include sipx::runslave sipx::register{ "$nodename": clientname =>"${nodename}.${platformdomainextension}", password =>"yourpw",} } sipx::supervisor { "$hostname": sipx_supervisor => "sipx-a.$platformdomainextension"; } sipx::staticssl{ "$hostname": } }
  • 26. More complexity Or regular puppet ordering ● Sipx requires PgSQL ● You want PgSQL on an isolated LV ● PgSQL configuration has to be done after it initialized a DB ● SipX insist on starting PgSQL for you
  • 27. class voip::storage { file { "/var/lib/pgsql": ensure => directory; lvm::volume { "pgsql": vg => "systemvg", pv => "/dev/cciss/c0d0p2", fstype => "ext3", size => "20G", ensure => present, } mount { "/var/lib/pgsql": atboot => true, device => "/dev/systemvg/pgsql", ensure => mounted, fstype => "ext3", options => "defaults", require => [Logical_volume['pgsql'],File['/var/lib/pgsql']], } } class voip::pgsql { include postgres postgres::initdb { "sipx": } postgres::config{ "sipx": listen => "*", postgres::hba { "sipx": allowedrules => [ "host SIPXCDR all ${clientip}/32 trust", ], } }
  • 28. include voip::storage include voip::pgsql include voip::sipx Class["voip::storage"] -> Class["voip::pgsql"] -> Class["voip::sipx"]
  • 29. More complexity Or manipulating content of files ● Bug in SIPX writes wrong listen adress for Freeswitch ● XML Gibberish ● Sipxconfig generates parts of the config files from unknown sources
  • 30. Augeas With Augtool augtool > set /augeas/load/Xml/incl[3] /tmp/blah.xml augtool > set /augeas/load/Xml/lens Xml.lns augtool > load augtool >print /files/tmp/blah.xml/profile/settings/param[17]/ /files/tmp/blah.xml/profile/settings/param[17] = "#empty" /files/tmp/blah.xml/profile/settings/param[17]/#attribute /files/tmp/blah.xml/profile/settings/param[17]/#attribute/name = "sip-ip" /files/tmp/blah.xml/profile/settings/param[17]/#attribute/value = "10.255.202.90" augtool> print /files/tmp/blah.xml/profile/settings/param[18]/ /files/tmp/blah.xml/profile/settings/param[18] = "#empty" /files/tmp/blah.xml/profile/settings/param[18]/#attribute /files/tmp/blah.xml/profile/settings/param[18]/#attribute/name = "ext-rtp-ip" /files/tmp/blah.xml/profile/settings/param[18]/#attribute/value = "auto-nat" augtool> print /files/tmp/blah.xml/profile/settings/param[16]/ /files/tmp/blah.xml/profile/settings/param[16] = "#empty" /files/tmp/blah.xml/profile/settings/param[16]/#attribute /files/tmp/blah.xml/profile/settings/param[16]/#attribute/name = "rtp-ip" /files/tmp/blah.xml/profile/settings/param[16]/#attribute/value = "10.255.202.90"
  • 32. Augeas & Puppet augeas{"sipxprofile" : changes => [ "set /augeas/load/Xml/incl[last()+1]/etc/sipxpbx/freeswitch/conf/sip_profiles/sipX_profile.xml", "set /files/etc/sipxpbx/freeswitch/conf/sip_profiles/sipX_profile.xml/profile/settings/param[16]/#attribute/value 10.0.0.2", "set /files/etc/sipxpbx/freeswitch/conf/sip_profiles/sipX_profile.xml/profile/settings/param[17]/#attribute/value 10.0.0.2", ], } augeas{"sipxprofile" : lens => "Xml.lns", incl => "/etc/sipxpbx/freeswitch/conf/sip_profiles/sipX_profile.xml", context => "/files/etc/sipxpbx/freeswitch/conf/sip_profiles/sipX_profile.xml", changes => [ "set profile/settings/param[16]/#attribute/value $ipaddress", "set profile/settings/param[17]/#attribute/value $ipaddress", ], onlyif => "get profile/settings/param[16]/#attribute/value != $ipaddress", }
  • 33. Manual config of the services via the gui is still required :(
  • 34. I want to ● Automatically create my admin pw ● Automatically add that second node ● Automatically disable/ enable functions in the sipX server • e.g conferencing, openfire ● Add users/phones ● There's an API ! ● Which only implements limited functionality , and no configuration
  • 35. Screen scraping ? (03:28:30 PM) lazyboy: y, you just need a form processing library, one that can read a form values and allow you to post back your changes (03:30:04 PM) lazyboy: the problem w/this method as you know is that it is constantly breaking (03:30:41 PM) sdog: yep .. whan you change the gui .. it will break .... (03:30:45 PM) lazyboy: maybe we need a serverside abstraction layer, that does the screenscraping and exports out a clean REST API (03:31:13 PM) lazyboy: overtime, APIs go straight thru (03:36:18 PM) lazyboy: so it's possible some of what you want to do is available w/not a lot of screen scraping.
  • 36. Abusing Test Frameworks to configure services on a webgui
  • 37. Cucumber ● Looks extremely easy • “Hey our manager could write these test” ● Isn't • Heavily under documented • Best docs are in the RSpec book • Online examples are mostly broken ● Requires to write a lot of code
  • 38. Apache Jmeter ● Test tool ● Load generation tool ● Lets you record session by using a proxy ● Only recent versions support SSL
  • 39. Selenium ● Firefox plugin ● Replays your actions • No need to write code ● Can export to perl, php, ruby .. • Which requires the a Selenium Remote Control Server • Which launches Firefox ● SSL Fun ahead
  • 40. Alternatives ● Sahi • Similar to selenium • Requires proxy ● www::mechanize ● Mechanize rubygem ● Webtest ● Your idea ?
  • 41. I want an API
  • 42. Conclusions ● No good solution yet :( ● Talk to your upstream supplier • Vendor / project ● Be patient ● Show the good example ● All bugs produced during this experience are on https://github.com/KrisBuytaert
  • 43. Contact Kris Buytaert [email protected] Further Reading @krisbuytaert http://www.krisbuytaert.be/blog/ http://www.inuits.be/ Inuits Esquimaux 't Hemeltje Kheops Business Gemeentepark 2 Center 2930 Brasschaat Avenque Georges 891.514.231 Lemaître 54 6041 Gosselies +32 473 441 636 889.780.406