As I mentioned a few weeks ago, I'm using Puppet for some smaller projects here at work. They're pilot projects to see how puppet behaves and scales for us before taking it into bigger challenges.
One of the problems so far is that we're using fabric as the "last-mile" deployment tool, and that doesn't yet have any way to run jobs in parallel. That's the reason why I'm starting to look elsewhere, like mcollective for example.
However, today I had to prepare a new varnish box for files.myopera.com. This new machine is in a different data center than our current one, so we don't have any puppetmaster deployed there yet. This stopped me from using puppet in also another project. But lately I've been reading on the puppet-users mailing list that several people have tried to deploy a master-less puppet configuration, where you have no puppetmasterd running. You just deploy the puppet files, via rsync, source control or pigeons, and then let the standalone puppet executable run.
Puppet master-less setup
To do this, you have to at least have a good set of reusable puppet modules, which I tried to build small pieces at a time during the last few months. So I decided to give it a shot, and got everything up and running quickly. Deployed my set of modules in /etc/puppet/modules
, and built a single manifest file that looks like the following:
#
# Puppet standalone no-master deployment
# for files.myopera.com varnish nodes
#
node varnish_box {
# Basic debian stuff
$disableservices = [ "exim4", "nfs-common", "portmap" ]
service { $disableservices:
enable => "false",
ensure => "stopped",
}
# Can cause overload on the filesystem through cronjobs
package { "locate": ensure => "absent", }
package { "man-db": ensure => "absent", }
# Basic configuration, depends on data center too
include opera
include opera::sudoers
include opera::admins::core_services
include opera::datacenters::dc2
# Basic packages now. These are all in-house modules
include base_packages
include locales
include bash
include munin
include cron
include puppet
include varnish
varnish::config { "files-varnish-config":
vcl_conf => "files.vcl",
storage_type => "malloc",
storage_size => "20G",
listen_port => 80,
ttl => 864000,
thread_pools => 8,
thread_min => 800,
thread_max => 10000,
}
#
# Nginx (SSL certs required)
#
include nginx
nginx::config { "/etc/nginx/nginx.conf":
worker_processes => 16,
worker_connections => 16384,
keepalive_timeout => 5,
}
nginx::vhost { "https.files.myopera.com":
ensure => "present",
source => "/usr/local/src/myopera/config/nginx/sites-available/https.files.myopera.com",
}
bash:: prompt { "/root/.bashrc":
description => "Files::Varnish",
color => "red",
}
munin:: plugin::custom { "cpuopera": }
munin:: plugin { "if_eth0":
plugin_name => "if_"
}
munin:: plugin {
[ "mem_", "load", "df", "df_inode", "netstat", "vmstat",
"iostat", "uptime", "threads", "open_files", "memory", "diskstats" ]:
}
}
node default inherits varnish_box {
}
node 'my.hostname.opera.com' inherits varnish_box {
}
This manifest installs varnish, nginx, a bunch of basic packages I always want on every machines (vim, tcpdump, etc…), munin and appropriate plugins already configured, and also a nice red bash prompt to warn me that this is production stuff.
This file is everything the puppet client needs to run and produce the desired effect, without needing a puppet master. Save it as varnish-node.pp
and then you run it with:
puppet varnish-node.pp
One problem that usually arises is how to serve the static files. In this case, I assumed I'm going to check out the source code and config files from my own repository into /usr/local/src/...
so I don't need to point puppet to a server with the classic:
source => "puppet:///module/filename"
but you can just use:
source => "/usr/local/whatever/in/my/local/filesystem"
That's great and it works just fine.
Custom facts
Puppet uses a utility called facter to extract "facts" from the underlying system, sysinfo-style. A typical facter run produces the following output:
$ facter
architecture => x86_64
domain => internal.opera.com
facterversion => 1.5.6
fqdn => cd01.internal.opera.com
...
hardwaremodel => x86_64
hostname => cd01
id => cosimo
ipaddress => 10.20.30.40
ipaddress_eth0 => 10.20.30.40
is_virtual => false
...
kernel => Linux
kernelmajversion => 2.6
...
operatingsystem => Ubuntu
operatingsystemrelease => 10.04
physicalprocessorcount => 1
processor0 => Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
processor1 => Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
processorcount => 2
...
and so on. Within puppet manifests, you can use any of these facts to influence the configuration of your system. For example, if memorysize > 4.0 Gb
then run varnish with 2000 threads instead of 1000. This is all very cool, but sometimes you need something that facter doesn't give you by default.
That's why facter can be extended.
I tried creating a datacenter.rb
facter plugin that would look at the box IP address and figure out in which data center we're located. That in turn can be used to setup the nameservers and other stuff.
Here's the code. My Ruby-fu is less than awesome:
#
# Provide an additional 'datacenter' fact
# to use in generic modules to provide datacenter
# specific settings, such as resolv.conf
#
# Cosimo, 03/Aug/2010
#
Facter.add("datacenter") do
setcode do
datacenter = "unknown"
# Get current ip address from Facter's own database
ipaddr = Facter.value(:ipaddress)
# Data center on Mars
if ipaddr.match("^88.88.88.")
datacenter = "mars"
# This one on Mercury
elsif ipaddr.match("^99.99.99.")
datacenter = "mercury"
# And on Jupiter
elsif ipaddr.match("^77.77.77.")
datacenter = "jupiter"
end
datacenter
end
end
However, there's one problem. When puppet runs, it doesn't get the new fact, even though facter from the command line can see it and execute it just fine (when the plugin is in the current directory).
Now I need to know how to inform puppet (and/or facter) that it has to look into one of my puppet modules' plugin
(or lib
from 0.25.x) directory to load my additional datacenter.rb
fact.
Any idea ??