SlideShare a Scribd company logo

Doing It Wrong with Puppet -

Puppet, profile picture
Puppet

This document discusses common anti-patterns, pitfalls, and bad practices when using Puppet, including: using boolean facts ambiguously, expecting C-like values for parameters, excessively using "if defined()" checks, relying on large numbers of exec resources, and depending on dynamic scoping. The author recommends avoiding these practices in favor of more deterministic approaches like using Hiera for shared values and parameters, creating wrapper classes for shared dependencies, using single robust scripts instead of many exec resources, and avoiding dynamic scoping which can cause unpredictable behavior.

Technology
1 of 36
Downloaded 38 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
1 / 33 Doing It Wrong with Puppet A small collection of anti-patterns, pitfalls and bad practices Felix Frank PuppetCamp Berlin 2014 April 11, 2014
2 / 33 Bio Felix Frank 2004 – 2009 sysadmin and FOSS dev at DESY 2009 CS diploma at Tech Uni since 2009 Puppeteer at – we are a company that manages complex IT systems and services for business customers hosts a sizable server fleet relies on Puppet and git consequently
3 / 33 Agenda Use boolean facts Expect C-like values for parameters Make excessive use of “if defined()” Use large numbers of execs Rely on dynamic scoping
4 / 33 Use boolean values for facts On wanton ambiguity in your tool chain
5 / 33 False is relative Consider this fact is virtual: true or false Broken manifest I if ! $::is virtual { include hardware monitoring } Broken manifest II if $::is virtual != false { include hardware monitoring } Stupid manifest if $::is virtual != "false" { include hardware monitoring }
6 / 33 Some background True values in the puppet DSL true or any non-empty string Limitation in facter 1.x master agent fact value fact code ruby as String Correct way to implement such facts return the empty string for false
7 / 33 It’s gonna be the future soon Facter 2 will allow boolean and other values widespread adoption quite far off still
8 / 33 Up next Use boolean facts Expect C-like values for parameters Make excessive use of “if defined()” Use large numbers of execs Rely on dynamic scoping
9 / 33 Expect C-like values for parameters Or: treating Puppet like a scripting language pt. 1
10 / 33 The Perl trap The puppet user base . . . comprises lots of admins with *NIX backgrounds . . . also writes plenty of Shell and Perl scripts (also C) . . . and these languages have no pure boolean values True values e.g. in Puppet “foo”, any array, typically true in Perl “foo”, non-empty array, typically 1 False values e.g. in Puppet empty string, undef, false in Perl empty string/array/hash, typically 0
11 / 33 Building confusing modules define server module($enabled=0) { $dir = "/etc/..." file { "$dir/$title.conf": ...} if $enabled == 1 { ...# take some action } } inevitable WTF moment server module { "foo": enabled => true } handled by documentation at best, and likely not until after the fact
12 / 33 Up next Use boolean facts Expect C-like values for parameters Make excessive use of “if defined()” Use large numbers of execs Rely on dynamic scoping
13 / 33 Make excessive use of “if defined()” A tale of borderline non-determinism
14 / 33 A common problem Several modules will sometimes have to manage a common set or resources a subtree of /etc of mutual interest a package for required functionality etc. The naive implementation won’t work because Puppet doesn’t allow multiple declaration of the same resource class php { ... package { "imagemagick": ensure => present } } class tomcat { ... package { "imagemagick": ensure => present } }
15 / 33 A common workaround Protect declarations with a function call class php { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present } } } class tomcat { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present } } }
16 / 33 A possible issue with that There is no protection against contradiction class php { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present } } } class graphicsmagick { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => absent } } }
17 / 33 A more likely scenario It’s easy to lose metaparameters class php { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present, require => File[...] } } } class tomcat { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present, notify => Exec[...] } } }
18 / 33 By the way. . . The latter issue can be worked around class php { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present, require => File[...] } } else { Package<| title == "imagemagick" |> { require +> File[...] } } }
19 / 33 A word about stdlib puppetlabs-stdlib, a collection of helpful parser functions In theory, ensure resource() solves this more cleanly class php { ensure resource( ‘package’, ‘imagemagick’, { ensure => present } ) } avoids conflicts for basic properties more expressive power It cannot solve the whole problem though issue with metaparameters remains pertains to possible additional properties as well only slightly superior to if defined()
20 / 33 The ideal(ized) solution Wrapper classes for shared dependencies class php { include imagemagick } class tomcat { include imagemagick } still won’t allow the easy handling of metaparameters etc. but you won’t even be tempted to try just require/subscribe/notify/. . . the class contradictions are not addressed but there is no sensible way to do that How is this better then? the manifest has clear, nonambiguous semantics parse order dependencies avoided, see final slides (virtual resources work too, but less flexibly)
21 / 33 Up next Use boolean facts Expect C-like values for parameters Make excessive use of “if defined()” Use large numbers of execs Rely on dynamic scoping
22 / 33 Use large numbers of execs Or: treating Puppet like a scripting language pt. 2
23 / 33 Implementing a HOWTO in a manifest Setting up software often comprises editing files running scripts and programs . . . and often both of them in a set and mingled order it can be tempting to translate this verbatim exec { "curl http://... >/tmp/...": creates => "..." } -> exec { "unzip /tmp/...": creates => "/usr/local/..." } -> file { "/usr/local/.../etc/...": content => template(...) } -> exec { "/usr/local/...": ... } -> ...
24 / 33 So what? Problems with this approach (likely among others) contradicts Puppet’s idea of resources the catalog becomes complex with items and relationships leads to plentiful error output in case of problems A more maintainable pattern consists of a monolithic, robust script to perform all setup either templated or with a managed config file a single exec resource to invoke it with precise condition(s) for when to run or better yet: create a deb or rpm package Also – a quick word on refreshonly nice antipattern: use it to run script after retrieving it prone for false positives and lost events
25 / 33 So remember A small mnemonic
26 / 33 Up next Use boolean facts Expect C-like values for parameters Make excessive use of “if defined()” Use large numbers of execs Rely on dynamic scoping
27 / 33 Rely on dynamic scoping Or: how to jumble up your own manifest’s opinions . . . which is another bout with nondeterminism
28 / 33 Brief review Dynamic scoping in Puppet 2.x mainly for variable values class foo { $limited = true include bar } class bar { if $limited { ... } } in Puppet 3.x only for resource defaults class foo { File { ensure => present } include bar }
29 / 33 The jumble role::webserver apache tcpserver sysctl apache tcpserver sysctlsysctl include include include File { mode => 644 } thread optimization include include File { mode => 640 } thread optimization which default is in effect for sysctl? either, depending on parse order
30 / 33 Mitigation? Idea: just take care that the parse order is correct only possible in very confined class structures scopes are generally too complex scopes of classes late in the chain change through unexpected factors
31 / 33 Mixing things up scopes of classes late in the chain change through inclusion of more classes removal of one or more classes refactoring of manifests
32 / 33 Conclusion Avoid! parameters and Hiera will get you there much safer You may want to move away from dynamic scopes anyway they will likely get deprecated and removed
33 / 33 Thanks for your attention Image sources https://www.pinterest.com/pin/418553359088246576/ http://www.kulfoto.com/funny-pictures/17395/its-called- wireless-tech-and-its-the-future http://www.cacbasketball.com/b2-5v5-unification-finals- uhhh-ditka/ http://www.someecards.com/usercards/ viewcard/MjAxMy00MzdlNjAzZjE2MWRkMjk0 http://www.marketingpilgrim.com/2013/08/google-glass- update-like-having-an-admin-assistant-on-your- shoulder.html http://www.aboutbradsugars.com/tag/executive-coaching/ http://themetapicture.com/schrodingers-cat/ http://www.mrlovenstein.com/comic/50 http://funny-pics.co/photo/funny-cat-cheering-up-dog/
34 / 33 We are hiring Always looking for techs who know their way around Puppet (or would like to) further the development of our homegrown infrastructure and tools will implement more technologies in our management ecosystem Visit us http://mpexnetworks.de/ueber-uns/jobs.html jobs@mpexnetworks.de
35 / 33 Bonus content!
36 / 33 Preferring new style class declaration the good thing about classes: they are singletons a class can be declared an arbitrary number of times Class parameterization a class with parameters must be one of a kind multiple declarations with different parameters just as contradictory as with resources (or more so) Additional fun declaration using include implies all parameters use their respective default value does not mix with new style class { } declaration mixing is allowed but only with all include statements before the class { } more parse order dependencies (yay!)

More Related Content

PDF
Replacing "exec" with a type and provider: Return manifests to a declarative ...
Puppet
 
PDF
Can you upgrade to Puppet 4.x? (Beginner) Can you upgrade to Puppet 4.x? (Beg...
Puppet
 
PDF
Power of Puppet 4
Martin Alfke
 
PDF
Can you upgrade to Puppet 4.x?
Martin Alfke
 
PDF
Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...
Puppet
 
PDF
Anatomy of a reusable module
Alessandro Franceschi
 
PPTX
Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)
Robert Nelson
 
PDF
Puppet @ Seat
Alessandro Franceschi
 
Replacing "exec" with a type and provider: Return manifests to a declarative ...
Puppet
 
Can you upgrade to Puppet 4.x? (Beginner) Can you upgrade to Puppet 4.x? (Beg...
Puppet
 
Power of Puppet 4
Martin Alfke
 
Can you upgrade to Puppet 4.x?
Martin Alfke
 
Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...
Puppet
 
Anatomy of a reusable module
Alessandro Franceschi
 
Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)
Robert Nelson
 
Puppet @ Seat
Alessandro Franceschi
 

What's hot (20)

PDF
Puppet modules for Fun and Profit
Alessandro Franceschi
 
PDF
Memory Manglement in Raku
Workhorse Computing
 
PDF
Puppi. Puppet strings to the shell
Alessandro Franceschi
 
PDF
BSDM with BASH: Command Interpolation
Workhorse Computing
 
PDF
Oliver hookins puppetcamp2011
Puppet
 
PDF
ReUse Your (Puppet) Modules!
Alessandro Franceschi
 
PDF
Spl in the wild
Elizabeth Smith
 
PDF
BASH Variables Part 1: Basic Interpolation
Workhorse Computing
 
PDF
PL/Perl - New Features in PostgreSQL 9.0 201012
Tim Bunce
 
PDF
Puppet modules: An Holistic Approach
Alessandro Franceschi
 
PDF
PL/Perl - New Features in PostgreSQL 9.0
Tim Bunce
 
PDF
Keeping objects healthy with Object::Exercise.
Workhorse Computing
 
PDF
SPL to the Rescue - Tek 09
Elizabeth Smith
 
PPT
Working with databases in Perl
Laurent Dami
 
PDF
PECL Picks - Extensions to make your life better
ZendCon
 
PDF
Puppet for Sys Admins
Puppet
 
PDF
Metadata-driven Testing
Workhorse Computing
 
PDF
Perl Dist::Surveyor 2011
Tim Bunce
 
PPTX
Puppet camp chicago-automated_testing2
nottings
 
PPTX
Spl to the Rescue - Zendcon 09
Elizabeth Smith
 
Puppet modules for Fun and Profit
Alessandro Franceschi
 
Memory Manglement in Raku
Workhorse Computing
 
Puppi. Puppet strings to the shell
Alessandro Franceschi
 
BSDM with BASH: Command Interpolation
Workhorse Computing
 
Oliver hookins puppetcamp2011
Puppet
 
ReUse Your (Puppet) Modules!
Alessandro Franceschi
 
Spl in the wild
Elizabeth Smith
 
BASH Variables Part 1: Basic Interpolation
Workhorse Computing
 
PL/Perl - New Features in PostgreSQL 9.0 201012
Tim Bunce
 
Puppet modules: An Holistic Approach
Alessandro Franceschi
 
PL/Perl - New Features in PostgreSQL 9.0
Tim Bunce
 
Keeping objects healthy with Object::Exercise.
Workhorse Computing
 
SPL to the Rescue - Tek 09
Elizabeth Smith
 
Working with databases in Perl
Laurent Dami
 
PECL Picks - Extensions to make your life better
ZendCon
 
Puppet for Sys Admins
Puppet
 
Metadata-driven Testing
Workhorse Computing
 
Perl Dist::Surveyor 2011
Tim Bunce
 
Puppet camp chicago-automated_testing2
nottings
 
Spl to the Rescue - Zendcon 09
Elizabeth Smith
 
Ad

Similar to Doing It Wrong with Puppet - (20)

PDF
Learning puppet chapter 2
Vishal Biyani
 
PDF
Puppet fundamentals
Murali Boyapati
 
PDF
Puppet Camp Berlin 2014: Advanced Puppet Design
Puppet
 
PDF
Puppet: What _not_ to do
Puppet
 
PDF
PuppetCamp Ghent - What Not to Do with Puppet
Walter Heck
 
PDF
PuppetCamp Ghent - What Not to Do with Puppet
OlinData
 
PDF
Puppet for SysAdmins
Puppet
 
KEY
Puppet101
Puppet
 
PDF
200,000 Lines Later: Our Journey to Manageable Puppet Code
David Danzilio
 
PDF
Server Independent Programming
ZendCon
 
PDF
Modules of the twenties
Puppet
 
PPTX
Migrating to Puppet 4.0
Puppet
 
PDF
Systems Automation with Puppet
elliando dias
 
KEY
Portable infrastructure with puppet
lkanies
 
PDF
Strategies for Puppet code upgrade and refactoring
Alessandro Franceschi
 
PDF
Puppet Camp Sydney 2015: The (Im)perfect Puppet Module
Puppet
 
PDF
Using Puppet on Linux, Windows, and Mac OSX
Puppet
 
KEY
modern module development - Ken Barber 2012 Edinburgh Puppet Camp
Puppet
 
KEY
Puppet for dummies - PHPBenelux UG edition
Joshua Thijssen
 
KEY
From Dev to DevOps - Apache Barcamp Spain 2011
Carlos Sanchez
 
Learning puppet chapter 2
Vishal Biyani
 
Puppet fundamentals
Murali Boyapati
 
Puppet Camp Berlin 2014: Advanced Puppet Design
Puppet
 
Puppet: What _not_ to do
Puppet
 
PuppetCamp Ghent - What Not to Do with Puppet
Walter Heck
 
PuppetCamp Ghent - What Not to Do with Puppet
OlinData
 
Puppet for SysAdmins
Puppet
 
Puppet101
Puppet
 
200,000 Lines Later: Our Journey to Manageable Puppet Code
David Danzilio
 
Server Independent Programming
ZendCon
 
Modules of the twenties
Puppet
 
Migrating to Puppet 4.0
Puppet
 
Systems Automation with Puppet
elliando dias
 
Portable infrastructure with puppet
lkanies
 
Strategies for Puppet code upgrade and refactoring
Alessandro Franceschi
 
Puppet Camp Sydney 2015: The (Im)perfect Puppet Module
Puppet
 
Using Puppet on Linux, Windows, and Mac OSX
Puppet
 
modern module development - Ken Barber 2012 Edinburgh Puppet Camp
Puppet
 
Puppet for dummies - PHPBenelux UG edition
Joshua Thijssen
 
From Dev to DevOps - Apache Barcamp Spain 2011
Carlos Sanchez
 
Ad

More from Puppet (20)

PPTX
Puppet Community Day: Planning the Future Together
Puppet
 
PPTX
The Evolution of Puppet: Key Changes and Modernization Tips
Puppet
 
PPTX
Can You Help Me Upgrade to Puppet 8? Tips, Tools & Best Practices for Your Up...
Puppet
 
PPTX
Bolt Dynamic Inventory: Making Puppet Easier
Puppet
 
PPTX
Customizing Reporting with the Puppet Report Processor
Puppet
 
PPTX
Puppet at ConfigMgmtCamp 2025 Sponsor Deck
Puppet
 
PPTX
The State of Puppet in 2025: A Presentation from Developer Relations Lead Dav...
Puppet
 
PPTX
Let Red be Red and Green be Green: The Automated Workflow Restarter in GitHub...
Puppet
 
PDF
Puppet camp2021 testing modules and controlrepo
Puppet
 
PPTX
Puppetcamp r10kyaml
Puppet
 
PDF
2021 04-15 operational verification (with notes)
Puppet
 
PPTX
Puppet camp vscode
Puppet
 
PDF
Applying Roles and Profiles method to compliance code
Puppet
 
PPTX
KGI compliance as-code approach
Puppet
 
PDF
Enforce compliance policy with model-driven automation
Puppet
 
PDF
Keynote: Puppet camp compliance
Puppet
 
PPTX
Automating it management with Puppet + ServiceNow
Puppet
 
PPTX
Puppet: The best way to harden Windows
Puppet
 
PPTX
Simplified Patch Management with Puppet - Oct. 2020
Puppet
 
PPTX
Accelerating azure adoption with puppet
Puppet
 
Puppet Community Day: Planning the Future Together
Puppet
 
The Evolution of Puppet: Key Changes and Modernization Tips
Puppet
 
Can You Help Me Upgrade to Puppet 8? Tips, Tools & Best Practices for Your Up...
Puppet
 
Bolt Dynamic Inventory: Making Puppet Easier
Puppet
 
Customizing Reporting with the Puppet Report Processor
Puppet
 
Puppet at ConfigMgmtCamp 2025 Sponsor Deck
Puppet
 
The State of Puppet in 2025: A Presentation from Developer Relations Lead Dav...
Puppet
 
Let Red be Red and Green be Green: The Automated Workflow Restarter in GitHub...
Puppet
 
Puppet camp2021 testing modules and controlrepo
Puppet
 
Puppetcamp r10kyaml
Puppet
 
2021 04-15 operational verification (with notes)
Puppet
 
Puppet camp vscode
Puppet
 
Applying Roles and Profiles method to compliance code
Puppet
 
KGI compliance as-code approach
Puppet
 
Enforce compliance policy with model-driven automation
Puppet
 
Keynote: Puppet camp compliance
Puppet
 
Automating it management with Puppet + ServiceNow
Puppet
 
Puppet: The best way to harden Windows
Puppet
 
Simplified Patch Management with Puppet - Oct. 2020
Puppet
 
Accelerating azure adoption with puppet
Puppet
 

Recently uploaded (20)

PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Approach and Philosophy of On baking technology
30anthuong17
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 

Doing It Wrong with Puppet -

  • 1. 1 / 33 Doing It Wrong with Puppet A small collection of anti-patterns, pitfalls and bad practices Felix Frank PuppetCamp Berlin 2014 April 11, 2014
  • 2. 2 / 33 Bio Felix Frank 2004 – 2009 sysadmin and FOSS dev at DESY 2009 CS diploma at Tech Uni since 2009 Puppeteer at – we are a company that manages complex IT systems and services for business customers hosts a sizable server fleet relies on Puppet and git consequently
  • 3. 3 / 33 Agenda Use boolean facts Expect C-like values for parameters Make excessive use of “if defined()” Use large numbers of execs Rely on dynamic scoping
  • 4. 4 / 33 Use boolean values for facts On wanton ambiguity in your tool chain
  • 5. 5 / 33 False is relative Consider this fact is virtual: true or false Broken manifest I if ! $::is virtual { include hardware monitoring } Broken manifest II if $::is virtual != false { include hardware monitoring } Stupid manifest if $::is virtual != "false" { include hardware monitoring }
  • 6. 6 / 33 Some background True values in the puppet DSL true or any non-empty string Limitation in facter 1.x master agent fact value fact code ruby as String Correct way to implement such facts return the empty string for false
  • 7. 7 / 33 It’s gonna be the future soon Facter 2 will allow boolean and other values widespread adoption quite far off still
  • 8. 8 / 33 Up next Use boolean facts Expect C-like values for parameters Make excessive use of “if defined()” Use large numbers of execs Rely on dynamic scoping
  • 9. 9 / 33 Expect C-like values for parameters Or: treating Puppet like a scripting language pt. 1
  • 10. 10 / 33 The Perl trap The puppet user base . . . comprises lots of admins with *NIX backgrounds . . . also writes plenty of Shell and Perl scripts (also C) . . . and these languages have no pure boolean values True values e.g. in Puppet “foo”, any array, typically true in Perl “foo”, non-empty array, typically 1 False values e.g. in Puppet empty string, undef, false in Perl empty string/array/hash, typically 0
  • 11. 11 / 33 Building confusing modules define server module($enabled=0) { $dir = "/etc/..." file { "$dir/$title.conf": ...} if $enabled == 1 { ...# take some action } } inevitable WTF moment server module { "foo": enabled => true } handled by documentation at best, and likely not until after the fact
  • 12. 12 / 33 Up next Use boolean facts Expect C-like values for parameters Make excessive use of “if defined()” Use large numbers of execs Rely on dynamic scoping
  • 13. 13 / 33 Make excessive use of “if defined()” A tale of borderline non-determinism
  • 14. 14 / 33 A common problem Several modules will sometimes have to manage a common set or resources a subtree of /etc of mutual interest a package for required functionality etc. The naive implementation won’t work because Puppet doesn’t allow multiple declaration of the same resource class php { ... package { "imagemagick": ensure => present } } class tomcat { ... package { "imagemagick": ensure => present } }
  • 15. 15 / 33 A common workaround Protect declarations with a function call class php { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present } } } class tomcat { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present } } }
  • 16. 16 / 33 A possible issue with that There is no protection against contradiction class php { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present } } } class graphicsmagick { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => absent } } }
  • 17. 17 / 33 A more likely scenario It’s easy to lose metaparameters class php { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present, require => File[...] } } } class tomcat { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present, notify => Exec[...] } } }
  • 18. 18 / 33 By the way. . . The latter issue can be worked around class php { ... if !defined(Package[imagemagick]) { package { "imagemagick": ensure => present, require => File[...] } } else { Package<| title == "imagemagick" |> { require +> File[...] } } }
  • 19. 19 / 33 A word about stdlib puppetlabs-stdlib, a collection of helpful parser functions In theory, ensure resource() solves this more cleanly class php { ensure resource( ‘package’, ‘imagemagick’, { ensure => present } ) } avoids conflicts for basic properties more expressive power It cannot solve the whole problem though issue with metaparameters remains pertains to possible additional properties as well only slightly superior to if defined()
  • 20. 20 / 33 The ideal(ized) solution Wrapper classes for shared dependencies class php { include imagemagick } class tomcat { include imagemagick } still won’t allow the easy handling of metaparameters etc. but you won’t even be tempted to try just require/subscribe/notify/. . . the class contradictions are not addressed but there is no sensible way to do that How is this better then? the manifest has clear, nonambiguous semantics parse order dependencies avoided, see final slides (virtual resources work too, but less flexibly)
  • 21. 21 / 33 Up next Use boolean facts Expect C-like values for parameters Make excessive use of “if defined()” Use large numbers of execs Rely on dynamic scoping
  • 22. 22 / 33 Use large numbers of execs Or: treating Puppet like a scripting language pt. 2
  • 23. 23 / 33 Implementing a HOWTO in a manifest Setting up software often comprises editing files running scripts and programs . . . and often both of them in a set and mingled order it can be tempting to translate this verbatim exec { "curl http://... >/tmp/...": creates => "..." } -> exec { "unzip /tmp/...": creates => "/usr/local/..." } -> file { "/usr/local/.../etc/...": content => template(...) } -> exec { "/usr/local/...": ... } -> ...
  • 24. 24 / 33 So what? Problems with this approach (likely among others) contradicts Puppet’s idea of resources the catalog becomes complex with items and relationships leads to plentiful error output in case of problems A more maintainable pattern consists of a monolithic, robust script to perform all setup either templated or with a managed config file a single exec resource to invoke it with precise condition(s) for when to run or better yet: create a deb or rpm package Also – a quick word on refreshonly nice antipattern: use it to run script after retrieving it prone for false positives and lost events
  • 25. 25 / 33 So remember A small mnemonic
  • 26. 26 / 33 Up next Use boolean facts Expect C-like values for parameters Make excessive use of “if defined()” Use large numbers of execs Rely on dynamic scoping
  • 27. 27 / 33 Rely on dynamic scoping Or: how to jumble up your own manifest’s opinions . . . which is another bout with nondeterminism
  • 28. 28 / 33 Brief review Dynamic scoping in Puppet 2.x mainly for variable values class foo { $limited = true include bar } class bar { if $limited { ... } } in Puppet 3.x only for resource defaults class foo { File { ensure => present } include bar }
  • 29. 29 / 33 The jumble role::webserver apache tcpserver sysctl apache tcpserver sysctlsysctl include include include File { mode => 644 } thread optimization include include File { mode => 640 } thread optimization which default is in effect for sysctl? either, depending on parse order
  • 30. 30 / 33 Mitigation? Idea: just take care that the parse order is correct only possible in very confined class structures scopes are generally too complex scopes of classes late in the chain change through unexpected factors
  • 31. 31 / 33 Mixing things up scopes of classes late in the chain change through inclusion of more classes removal of one or more classes refactoring of manifests
  • 32. 32 / 33 Conclusion Avoid! parameters and Hiera will get you there much safer You may want to move away from dynamic scopes anyway they will likely get deprecated and removed
  • 33. 33 / 33 Thanks for your attention Image sources https://www.pinterest.com/pin/418553359088246576/ http://www.kulfoto.com/funny-pictures/17395/its-called- wireless-tech-and-its-the-future http://www.cacbasketball.com/b2-5v5-unification-finals- uhhh-ditka/ http://www.someecards.com/usercards/ viewcard/MjAxMy00MzdlNjAzZjE2MWRkMjk0 http://www.marketingpilgrim.com/2013/08/google-glass- update-like-having-an-admin-assistant-on-your- shoulder.html http://www.aboutbradsugars.com/tag/executive-coaching/ http://themetapicture.com/schrodingers-cat/ http://www.mrlovenstein.com/comic/50 http://funny-pics.co/photo/funny-cat-cheering-up-dog/
  • 34. 34 / 33 We are hiring Always looking for techs who know their way around Puppet (or would like to) further the development of our homegrown infrastructure and tools will implement more technologies in our management ecosystem Visit us http://mpexnetworks.de/ueber-uns/jobs.html [email protected]
  • 35. 35 / 33 Bonus content!
  • 36. 36 / 33 Preferring new style class declaration the good thing about classes: they are singletons a class can be declared an arbitrary number of times Class parameterization a class with parameters must be one of a kind multiple declarations with different parameters just as contradictory as with resources (or more so) Additional fun declaration using include implies all parameters use their respective default value does not mix with new style class { } declaration mixing is allowed but only with all include statements before the class { } more parse order dependencies (yay!)