Highly skilled Linux/FreeBSD DevOps/SRE/Infrastructure Automation Engineer with over 20 years of experience. Can manage and orchestrate 1000+ baremetal/virtual servers with Puppet & Choria.View the profile
About the talk
This is story of our journey from SaltStack to Puppet and beyond. This talk will answer following questions:
- why we moved from SaltStack
- why Puppet was chosen
- how to use Puppet OpenSource in painless way
- which orchestration tool to use with Puppet
- what is next
Soul stock price. Actually, it's hard to tell Chris audience when you cannot see. Well, I guess I'm doing the first time. It's like when I was inside is done, I was outside so I'm from SP digital. This is part of a group. We doing some, digitalisation things for is Big roof and I will speak today about our transition or migration from Salt stick to why we did this. What we learned. Why? Well, what to do, what do not do, and things like that. And then I will say a bit about what's next step after we will finish this migration.
So infosource migration is not finished yet. It's in progress. So we are still like maybe in 40% down. But anyway, so what's the scale of our organization? we have about 200 developers and we have a lot of products in the product teams and We are in for the same. Actually do it. Kind of platform for our developments for product teams. So this is a really persistent databases all the stuff for which is common for everyone. And yeah, we had just six persons and
we are running right now about to convert to AMC. Never go out. We have on praying part as well but I don't know. Talk about this box here in this house because it's it's complicated. so, Yeah, it was a question when you see the topic or what's wrong with salt, I guess someone using solskjaer. Someone using buckets here. Taiwan money touring YouTube channel for Cummins. Okay, so let me know if that bill any question in the floor. Okay. So, what's wrong
this whole thing? When I joined the company stuff at 3 to sole source time I had some background in civil and pipe it up and post meeting result. So, it was a bit hard for me, like, I should have walked into this when I will explain what's wrong results or why. Why I prefer carpet. I will explain it from point of view of team. So this is Timmy Wyatt's meaning. So why is good for team or why is bad for team? Because if you are just the lonely and doing things will just use what you like. But if we are working in a team, you need to take care of all the team.
So yeah. Don't think is I feel it inconsistent in doesn't mean it's inconsistent in terms of managing their future machines? So if it's applied state or something, so Neosho machine, it will be flies there. So it's consistent. What I'm talking about different inconsistency, when you know, Doing similar things in different modules, in different states, and they behaved if in different way and they have different names. So, enzymes day to see, like Names like install it or present another mother like you're going to say it seemed real things name it differently.
and this is like, you're so you need to keep a lot of names of context in your head when you writing something and when I leave the bag in it, So damn. It's actually. Error-prone. So for example, you can do miss type bike. I put in and write require instead of requires and it will never know about that. The only way to know that is Supply and see that the actual steps sold it to a different one from what you expected. And there is no way to see. Actually.
Diagnostic messages about nothing like there is summer. I can open file dataset. For example, I saw it on your right. The lot just before. And then you trying to apply at first time and you see that there is a room somewhere. Then it's llamo Boot and the better the same time. It's good because it's easy to write and more less easy to read. That actually smallest ways to write as well because we can fit in things like know which is false and you're never know about that. Until we
shouldn't do that. About 20 reaching llamo everyday. Like 500 few hundred lines of yamo everyday and the biking is so even using it as a language. Like programming language, I feel it's wrong. It's not programming language, it's is declarative configuration language is. So I guess I am Elizabeth over Heifetz and people already started to mention that So next. This is actually most critical part I'd say. Because I'm okay with ginger in ansible because they did it in more or less, okay, wait, but sold
you didn't really wrong way. They played Ginger on top of yams so they generating llamo by Ginger actually. And so, if you need something for Luke, for something to do something, or you need some conditions, you need to write Ginger and ginger ale like between those Ginger block Chevelle, right? Llamo? It's okay, if you're racing just I don't know a single stage, four hundred lines, but if your fav thousand planes and Converse logic there, a good luck with the back in. Because it's it's hella hot. Salt and
next which is actually because of previous one so you can delete it because to lend it, you need to do parsing of Ginger. Do you need to write core of salt to do the lint witches, gain is insane. Tell Lee I wrote this because this was my impression. So I spend a few days trying to find some unit testing for salt, Adam found recently, I just mentioned the result check adopting such as density is always somewhere and then I realize that it was 3 years ago or is it but nobody know about that. It seems I
didn't find it in Google at least. I checked get your store yesterday. And yeah, it's from 2017 there. I don't know why, why? It's was so How to find it. Okay, so this is my impression from Salt, why? I don't like it from TeamViewer perspective. So why puppet again from your perspective? The first of these is actually saying with salt, right? Salt and pepper type agent so it's more of the same. I don't know if you're more time. So then it's juice, the main certificate language. This language actually specially-designed app
for task area, so it's not llamo. So you can write a meaningful constructions, meaningful things in meaningful language and is declarative. and actually, I did mention, she rates I can say is functional language so it's immutable. You cannot change things as a dental e which is ready to go. So yeah, you need to take care about that. You need to write to maybe a bit more about you can all just accidentally change some parameter somewhere and it will affect everything. So then
there is built-in support for Centex check there is support for lynching. There is support for style checking so you can keep your repository. And well and in good form in good condition which is really good when you're working in a team because team usually have different everything tastes different vision of style, and whatever else. So you need to somehow they care about. You can just put linking with correction right in your house HD Pipeline and drills, have no issues with that.
then you can use a respect, their usual tool for Ruby Ruby world, And people usually know athletes, at least about that, and it's really powerful. And then you can you say respect which is very similar to aspect to do a certain tests. So this world is really really good tied together. then there is fire, which is so if you're not familiar with Bible, I can say this is kind of an insult or this is kind of worried bulls. Actually, I have almost forgotten suppose, but the area said it was very able still So singled out the base of
the things which you will apply to your actual Court actual statements. And this is how I spend some time later on this and good to think there is sperm to South work out, but I will explain that a bit later as well, and then it's written in Ruby. So you can use anything, which is down in real world. It's a follower vehicle system, which is Rachel Irina great. I enter that World 3, the late just maybe a year or two ago, and I still think it's raining ice because it's, it's right it, right? Or
well, design it. Next question is why we decided to go gas up and saw a spotted while we didn't get price? That's good question. And the answer is actually simple because we can I see no real reason. Well, I'm okay to pay money for good thing. It's you said it's okay but I don't like to pay money for things. We shall limiting you So and I don't like having a graphical user interface because this is actually making you. Well, usually not you but someone might decide, okay, I save graphical interface so I can just do it. Anything there and nobody know what
actually happens after like they change the time for renters, and there is no called behind that. So, I prefer to put everything into a git repo, and then I shave my V LG it's because I can see transactions there. I have everything there. I have visibility. So, for me, as soon as possible, if her before old school, it's still better. I don't like changing things directly. So that's why we did that. Maybe we'll change our me, things like that. Or what is compliance? So it's still kind of change.
You're talkin about five people will say, hey, it's 5 to use. His have to learn. It's complicated. So, I don't like it, I'll just run into belie right on the plane. So yeah, yeah, if your manager, I don't know if the machines and you just doing it once like after deployment. Yeah, it's okay. Just a few sensible. Just bought the bowl today, the swing of things, but if you're managing funds or three times or more or thousand settlers, like we did in Lazada in Prairie babazadeh, you're going to see the appliance days are retiring from set of
Sarah's like that pushing model actually, do not work well in that kind of situation because every time you will see that the server cannot be connected. Why I say it because of network drop or something else. So you change your States and apply it to subset of service, which you actually for Rich, those changes was intended. And then you forgot about the rest and then they were changed something else. And then you're going to the new server, reply to that and see if it doesn't work
anymore. So I prefer if you just push it to get and then magic happens on your changes, have flat across the fleet so you don't need to care about every single Sarah. And yes, I bought second case. I'm actually pretty agree with that development is getting smaller because you're starting to write unit tests, this is the main reason of death. I'm spending maybe fifty 50% of X by creating manifest return. I'm not doing the test drive and development, I'm usually in
court before then right into them during the recent Esther July's up. Well I do something wrong and you're changing the updates in test so they'll just take time but after that it's saying 90% your court will work more or less. Okay? So you don't want to get into big issues. At least, you take him to the logic before it Heats production so you'll know the bag and it's in production of like it doing doing it with salt or ansible maybe. I'm up here. You can write unit tests for ansible as well and now I can say that
you can write it for sold. So please do if you are using it. So I don't know, maybe I was in safe different. I felt something else about Papa twice after use or why don't they don't like it. So I'll I'd like to know about that. So I can maybe mention something about that dream. I told so, Oh. Oh, praise God or some something, if people don't mention So, have you taken from the speaker for experiences with white? They don't like wipe with me baby cuz I'm a bit biased, but I really like it because I
saw a really nice installation of Palpatine was out there so I understand how it works and why I pray to God for big to be distributed, same island. So, well, maybe something happens. Let me know. Okay, I will come to you again. So now, I will stop talking about puppets and the main slice of this. I'd say it is about the state. This this is oil, you should know before starting to use pop it actually, so, When you write your quotes. And some money face. So cold with manifest. So then you need to deploy to puppet master and bath
with Master will compile it. So yeah it's compilation. It's not like the Enterprise in his step by step so it will compile it into catalog which is entity holding all the states. So this is the definition of Desire state to reach. You want to bring your system. And then when agent come from now, isn't asking for catalog for this note and then apply the changes according to the catalog for this. So, isn't actually executing some providers passing them and those Ruby providers changed their system to be in this state,
so you don't need to Yeah, so it's not sequence of steps how to bring system to this step, so it took to this state. It's actually it is the state so you don't need to care about steps how to bring like an ansible or soldiers. Usually, you can see that people are writing steps like, download this file, then excuse him, and then those days to that install this package. So this You can consider this estate as well as long as you are caring about immutability. So when you
so if you apply it again, it will be in the same state. I need to care about that more or less, but you can't take it, but you really don't need So you define in the state from the beginning. Okay. So what do you sexually? Give you some that are some drawbacks this so you can order name or move file. If you are not managing you play, if you want to change their names and file on some virtual machine, you cannot do that from your pocket court because there is no state for this is not state is chain this transition. Then you cannot read file from
agent from North, and then make a decision on your in your court, on pop at Sarah because your Papa's, Eric have no idea. Well, it's half a day, but I will speak about it later, but you can all just read file form. Then you can all just execute some binary and do something. Depending on the result of this duct Bank, binary call when it happens over the edge. And because a gay, and your master, your puppet master, have no idea about what happens to an agent. It is different way. Bladder cancer stops here,
which actually means that there are some ways to do think and the easiest ways to respect. So, if you want to read file, we can create fake reach. Containing contents of this file but it may hit you. So be careful. Then. I didn't just mean that we need to care about things, like when you're changing stay there, when you do in transition of State, like you cannot just remove the name file. So, if you had some filed before and then decided to rename it, you need to remove
old one and then you need to create new one. So it's going to be just next line in your manifest. But anyway, you need to take care about previous file. Nobody will remove it for you. Yeah, and you hurt after you remove it something and you think okay it's always your flight, right? I can remove. It doesn't mean that is already applied because some rich old machine may be down in that. During that video. Maybe something's work drop-in, so some got to look, maybe not that Fierce yet on some subset of your service.
So in Lazada be decided to keep it for one month. And Ice. Just thought I'd say, well, we could have a small Fleet so far as I guess one day or 7 days, should be okay because we are running pocket every 30 minutes. I guess. Nothing should stay down for more than one one day or 7 days. At least. Then. Yeah, this is another thing, which is good to know before you stop and do things. So, if you need to do changes on different notes specific order, you cannot do it easily with profit because usually popits is palpitation test run in
Warrensburg. Like once per hour, how do you set it? And there is no synchronization between different agents between different notes. So you need to take care about that. If you need this or maybe you prefer to use orchestration forties I will say about that a bit later, so we can return to this. Okay, so then I will explain how we are going to use it and how we are using it. Yeah. So this actually again this another means light of this dog. So if you are going to use it, use it in this way. So you please use gift. Please use your and he says the software you like
we are using Jenkins sandwich shop Enterprise but before in other way using the clip and get laughs actually quite say I am music now because it was real easy to use and you share get your story and chasity in the same box. So just Just out of the box. So, Then I short, I saw actually people just freezing manifest, write on pop etcetera, right? In environment directory without any version control without any. I think it works. But it works for some short time after central time, we will hit into some issues because it's hard to manage any of this have to check. I prefer say, please stop
is Going Home Depot from from the beginning, make it. This is actually a pository when everything you're right through sites, all your manifest and the receipt, Ohio data and there is so your test and maybe something else by musical scrapes or whatever else. So, This is definition of. When you stop saying it's very nice to give some example and railing store is Bojangles. First one is Papa flops, only example but there are no tests so it just Pure Reef always puppets skeleton and that's all. So there is no real spec configuration, nothing so friend of
mine actually makes garlic from Lazada. Another Skillet on which is based on what we had in Lazada, it's more or less same as the last one, but they expect health authority break on to your work. So you can just stop reading, test there and turtles have something. I am Darius. B, a s. I c k. I n o. I know how to pronounce it, right? Because I don't know those people. so they provide some kind of building blocks for your evil ways you can use, but it's very
specific. So they have their own Vision, which would be and that reason actually reflected by the sweeper, but you may find it suitable for your needs. Please read it. Then I'd like to speak a bit about Rose and profiles. So this is how I organize a team control repo, and your role is actually different Define in some consideration for layers. Please, we can, we can have some rolls. They're like else, ever can be possible, Sarah Jenkins, muscle Jenkins slave or I don't know. Something like, Grandpa
an hour for me to Sarah this sexually roll. Roll of this particular Sarah. No. You really have only one role. So this role doing this thing, like this roll is for me to Sarah. But this role is actually going buying it from different blokes. Like, if this promesa Sarah for example, and it's raining in Boca You need actually something something to set up for me to use container there. Something to set up doctor there, something. You're Soul Machine actually. So this don't think so,
I call it profiles. And yet different again one, think about trolls. I mean is that troll have no configuration, it just didn't even. So when you splitting your card shop in your car between roles and profiles, usually you don't need to control. You need to come to your profiles. It stopped maybe to understand. When did zero get its origin. Yeah, if a little since today, this is, for example, examples of profiles. We have a role to prefer. I mean, how to attach a roll and set up profiles to your
Sarah. We can use those names like my name, but please do not do that. Do nothing called you or metadata into his name. Is this wrong way, then you can throw some facts when your generation certificate and you can put some dating site and you cannot change it as a only way to change it to regenerate certificate. So we are using this way now. And then, most flexible where is write something which will assign this for you, which is called its external knuckle. See Fire. I actually didn't solve any examples around,
but I'm pretty sure there's something going to get up. And then fire can be used as a CNC as well. Then I guess I will skip most part of higher because I'm short of time already. And yeah, so this is just so this is the after series, which reflected so you can do the final layers of your hierarchy and is going from top to down. So and last one wins. So if your case something specific for your knowledge, you can write it and not specific. Then, another nice thing about Kiara is doing parameter workouts for you. So if you define class, you can specify the values of these parameters
of class in high school. So let me then you're already two minutes of it, okay. When you go to the time, they can take a few minutes steps. You really need to know. Chasity will be about watch software to use to to do that steps. And now it's a pecan tree pose as well. So this bundle of software, everything you actually needs in your rapid development. Please check it out and use it. Then, there is Liam, send text to speak once. I work during depression test, then piped, like most do an acceptance test. So, does lepers actually doing a lot of things so you don't need to care about just
please using and that's all then. This is what you need to deploy. So you didn't like, you don't need to deploy a taste for example, on your part to Sarah. You will see us ask is just to bring this coat to this particular place on your syrup. And then there is war for like you was doing. Check out you changing things for him to Sarah's. I should be doing branch and blowing it to bypass Master castlebranch. SNL SNL Wireman. Then you're going to sell real kind of light on. Sarah this particular environment
and then if it's actually okay you just ruined usual things like mad when they are and marinating to master. Excellent introduction for muscle Bryan. Chevrolet Gulfport, Action Impact. Dan Ferro fun after. So I will keep both about Secrets because I have no time, but you can read about that. Then orchestration, there is no organizational on the open-source pocket but you can use those tools and we actually decided to go with scoria, latest, one, which is a framework actually, it's not solution. 22,
rifle out. There. Sure are some examples of what you can achieve, its successor of Fame Collective, that's why the binary code at MCO but it's changing so you can see it and this is really nice. I think you can ride Play Books. Orchestration Play books and fire pit DSL Which means you can still sign language for configuration things and for orchestrating, the use those things, for example, Furious my playbook during the Open Sea, has to be questioned. And you can refer to it later on because I cannot say is well-documented. You can at least have some examples.
Then yeah, this is what I did during migration already and what I'm doing right now. You can't see that. Well it's not yet published but I'm working on open source in it. So one day, I hope I will be able to share it for free and And this is where we are going after. This is immutable infrastructure in short words, that mean that you are not managing wheelchair. Aviation machine, ramanujan image of Rachel machine, like you doing it with images for daughter. And then you're just recreating your original machine based on
that image. It sounds really great because you're shaping beautiful things but I have a follow-up question. I cannot find an owl so this is set of questions which are open for me so maybe you can suggest me something here and thank you, sorry for like compression too much information small-time. And if you have any questions, you can reach me in Twitter or LinkedIn or in telegram chat here, thank you so much. I will be doing a setup and while he's doing that, I've invited questions from the YouTube channel, a question in the room will commence
Feel free to ask. so, you are looking for you, I for provisioning, or for your eye for monitoring Okay, so we are using telephone call provisioning because we are running to go out and what we have on Prime, and when we were thinking about going home for a while, it seems to be set up on that as well because it's been bad, but there is a razor software made by Papa to swell, and be an open-source word. There is a four month, old has the same and what is mostly white and set the
things around, actually, everything is settled things around to JCP and dr. Smood. Protocols battery, can refer to a four-month and razor and then for monitoring, well, it depends on what your values. We are using Prometheus and grafana. And it's actually it configured by pop it, so just don't Figure 8 by Bethel Music. I think we should move out and given the time. Thank you very much. Thank you.
Buy this talk
Access to all the recordings of the event
Buy this video
With ConferenceCast.tv, you get access to our library of the world's best conference talks.