Foreman and Puppet @ University of Bonn

Foreman and Puppet @ University of Bonn

FOREMAN AND PUPPET @ UNIVERSITY OF BONN OLIVER FREYERMUTH, PETER WIENEMANN PHYSICS INSTITUTE @ U BONN ● The Physics Institute at the University of Bonn has – ~240 members – ~1500 registered devices in IPAM – Biggest particle accelerator run by a German university (164.4 m circumference) with two „large“ experiments (O(50) collaborators) ● IT group of Physics Institute – 2 „full time“ persons with teaching duties – 1 technician – 5 part-time persons (~0.2 FTE each) – Plan to merge with IT group of Nuclear/Hadron Physics Institute (HISKP) O. Freyermuth and P. Wienemann: Foreman and Puppet @ University of Bonn 2 MORE NUMBERS ● Run approximately 400 centrally managed Linux nodes at Physics Institute – Desktops (Ubuntu 18.04) → ~150 nodes – HPC/HTC cluster nodes (SL6/CentOS 7) → ~150 nodes – Servers → ~100 nodes with ~40 different services ● O(1000) self-managed (sometimes ~unmanaged) devices (laptops, lab PCs, printers, cameras, oscilloscopes, H.323 devices, TVs, tablets, PDUs, ...) ● Use central university computing centre offerings for standard services like mail system, web content management system, IPAM, ticket system, network services, OwnCloud with Onlyoffice, etc. O. Freyermuth and P. Wienemann: Foreman and Puppet @ University of Bonn 3 HISTORY ● Using Puppet since ~2009 – Completely self-written manifests, no modules, poor maintainability – Only used for desktops and HPC/HTC cluster nodes ● Refactored everything in ~2014: Switch to „roles and profiles“ paradigm – Started using publicly available third-party modules – Still self-written PXE/kickstart/preseed machinery ● Started Foreman tests in 2015 Migration of production systems to Foreman started in 2017 – Full puppetization of all nodes/services – Discarded self-written deployment machinery → replaced by Foreman tools O. Freyermuth and P. Wienemann: Foreman and Puppet @ University of Bonn 4 LAYOUT Network A Network B Foreman Proxy Foreman Proxy (Puppet Master, TFTP) (Puppet Master, TFTP) Network C Network D Foreman Server (Puppet-Master, CA) Foreman Proxy Foreman Proxy (Puppet Master, TFTP) (Puppet Master, TFTP) Git Repository O. Freyermuth and P. Wienemann: Foreman and Puppet @ University of Bonn 5 PRESENT WORKFLOW ● Most of the presently used 86 Puppet modules are third-party code. Forked on Github and collected on https://github.com/unibonn. Patches always sent upstream. ● Discarded „roles“ → Foreman hostgroups/config groups ● „profiles“ kept on private, on premise git hosting platform – Contains site/host specific configuration, augmented by parameters (see below) ● Module management done with r10k, synced to all Puppet masters ● Foreman Puppet class filter: Only „profiles“ visible (to avoid clutter) ● No hiera → Foreman global and smart class parameters ● No mcollective O. Freyermuth and P. Wienemann: Foreman and Puppet @ University of Bonn 6 QUESTIONS ● What is your Puppet module design „philosophy“? ● How do you manage Puppet code? ● How do you handle parameters? ● Which Foreman plugins do you use/do you consider useful? O. Freyermuth and P. Wienemann: Foreman and Puppet @ University of Bonn 7 Thanks for your attention! Oliver Freyermuth: [email protected] Peter Wienemann: [email protected].

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    8 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us