 I work as a system admin in there, so my talk will be on running puppet in standard mode or in masterless mode basically, without the general, so we will talk about that in this talk further. So let's just have an overview of what we will be taking in the talk. First thing is like general about configuration management or infrastructure as a code which has become very popular now and the general architecture of puppet and how puppet works in each stage. Then second thing is like general deployment architectures versus the standalone masterless mode and why the benefits of it, then let's have a question and answer session and discussion after the day. So there is anything in the middle you can do. So now like it has become like a password to use infrastructure as a code, so it's like this is a common thing that everybody says, system admins are developers to, only thing is we will write program in an ugly language like htdvd.confer, slamdvd.confer. So we can't use the same principle that developers use for collaboration, coordination and system adminization, that's what the basic principle behind infrastructure as a code. So another thing is like how infrastructure, like infrastructure as a code can help you in scaling your infrastructure and like it makes your system structure and it's simple and it's easier to be understood by everybody, it's like it's better than an ad hoc system adminization like you have a, if some new guy comes into the team or any shuffling or anything happens it's easier to get used to it, like before we used to look for a blog for any setting up any systems or something like that, now I look for a module in modules, puppet modules, so it becomes more of a documentation, another thing is like now it has become very popular in recent years, like it has started with CF engine and it has become very popular in recent years thanks to puppet and chep, even some people use cdst also, it's basically it's your choice puppet or chep or cdst, but what is more important is using configuration management as infrastructure as a code. So this is how, this is a simple principle, like simple flow chart which explains the flow of the puppet basically, you have different manifest, it's compiled and it becomes a catalog and it all starts with a particular system set and the goal of applying your manifest is to take your system to another defined state, so if there is anything like, basically the thing is it shouldn't get stuck anywhere in the middle, like A or B that is the basic principle of how a puppet applies, so these are like the different stages which happen in the puppet, so it can be simplified into four things actually, one is compilation, another one is transportation, another one is instantiation and another one is configuration, so compilation is very simple, it's like basically it just does the passing of your manifest and then it applies some logic and then it just converts into objects which are to be transported, mostly they are normal objects and they are transported into different channels in like, if you have a network setup this comes into the picture actually, compilation and it's transported into there, instantiation is basically conversion of this normal transported catalogs into some puppet objects which will be applied actually, configuration is a step in which your system is taken to a particular step, okay so in a normal network setup what happens is compilation takes place in your puppet master actually, okay and then it does the passing and then it takes the variables and then from the factors or anything else and then it makes into a workable catalog basically and then it's transported, transportation phase is like what network is in the network system and then this happens in the client side, it's entirely in the client side because instantiation depends on many details of the such as like the MAC address maybe IP address or like whatever, there are so many facts you may have disk space in some things and like whatever it is like instantiation happens over there, configuration also happens in the client side only, so it's like it's configuration is nothing but using of the instantiated puppet objects to force the system to go to a defined stage, so these are all the, this is the general working of the system, so here you can see the general setup of the network setup, this is a general deployment architecture, it works mostly, so it's like agent, transcend, puppet, demon basically and then like you can run it in the cron or any kind of like any way that you wish and then it queries for the catalog, request for the catalog, so initially what happens is when it request for a catalog, you will get the SSL certificates are signed and like this assumes that certificates are signed and everything happens, so to start from the basics it's like this, like this sends a certificate, master sends a certificate, once it's accepted it request for the catalog, this is the catalog, here the compilation phase happens and then like the YAML objects are transported and it comes to the catalog and from that the instantiation phase happens and then like everything is ready to object to apply, puppet objects actually and then like what happens is like the configuration phase runs, so it just takes the queries and then like it, and then it enforces the desired state on the client side, so this is the basic network setup in which puppet works, so what is the problem in this like, the basic thing that I found difficult initially when I started learning was using SSL certificates, like if you go into any IAC channel or puppet or something, everyday you will find at least 10-20 new guys asking about my certificate is not the same, so it's not, like my catalog is not, you will have very weird problems with the certificates or sometimes your host name may change, like there are many things, it's like it's not very comfortable for somebody to start off with, like sometimes it happens like in many, I have not faced it but I have heard it from like people on IAC actually what problem they face is like some people who host it on certain cloud info actually like they don't have a defined host name in the beginning actually, they don't define a host name in the beginning, so it's like SSL cert depends on host name, so that becomes a huge headache, again you have to go there and it's not, another one major problem I faced personally was WipRick, WipRick is a default RAC server that comes with puppet, so like intuitively I started using WipRick in the beginning when I started, so what problem was like it was fine and good initially when there was not much of a load, so what happens later is like, what happens later when you have a big manifest or some, like you may have some 100 alias IPs in a system or you may have some 50-60 clients or hundreds of clients requesting at the same time to the masters, in that cases WipRick does not scale, like it's a development app server, so it's supposed to be used for development and I don't find a point in using it for the production use basically, so WipRick is ruled out, another one is as a popular way of scaling puppet generally that people are using passenger, mongrel or unicorn or any like enterprise level stats or so, so the problem with this is like it works, it works very well, but the problem is like there are many problems with the passenger, the version of the mongrel, there are like many tricky problems with passenger, unicorn I don't find it simple personally, it's like it's not complex but it's not trivial, it's like when somebody comes in and then like the point that is just in the beginning for like using INSPA as a code is if somebody new comes into my team, you should be able to get into the role quickly, like I should not basically have much time in like using all those things, like explaining my setup itself like a lot of time, it will take a lot of time to get into actual, it's like it's not everybody's choice, landing passenger, mongrel or unicorn, so again this is another, the major problem that we face personally in our deployment is using remote data center, third party firewall and third party networks, like what happens is like some of our servers are hosted in like data centers won't buy like not, so they have a firewall, they own firewall so and it's like it's difficult to open port 8140 like the perpetrator, like to open there and like port switch we don't need, but it's like using SSH was simpler for us, like it fits into the pictures and like otherwise there's a firewall and this thing is a huge problem having it in a remote place and using different ports, so what we have to do is it was using Puppet Terminus standalone mode, like what happens is Puppet comes with a default compiler basically, that compiler is the one which does the basic task of like as I explained in the beginning in the previous slides, compiling and then like making into instantiation, like and then running, so what we can do is like basic thing is we interpret the things with the Puppet compiler and then you run the things on your client server itself, like eliminate client server architecture, use it just like using your code or something, so it's like you can use Puppet applied and there's one thing like module path is there, so if you specify the module path you can basically use everything that you do in the normal network setup, so when the basic thing is all the three phases of the thing that I explained happens in the client side, so there is no server in the picture, there is no master source and like the thing is like custom facts and functions also work the same way as the network setup, there is no like there is no big difference, there are only very small differences that you replace, another one thing is like you may miss certain things in the running in a master mode, like you can manage whatever you miss, like by the ability to push the configuration of like something using your version control server, like we use Git for it basically, we preferred it because it was simpler to install and ready to go, so it's like we share a Puppet code among the people using and we use access control methods like we use Gitolate for access controlling, like we have connected it to our directory server and then we manage access control like that, so it's like what is the benefit of having version control in the infrastructure, I mean in the opening like having version control system is a very good thing for the port, so what, how does it benefit for the system admins, so basically as I said as I told you before like there is no big difference between system administration and development, so it's like we can use whatever we need from their side, like whatever is a good thing from their side, this is a very good thing in version control system using that like one thing is we have like easier ways to document changes is to use the commit messages, so you use proper commit messages, so you can get and go of what all changes has been done, like again as I said it's easier for the new guy coming in to grab a picture by seeing the Git logs you can see what all changes have happened and why it's done, it's a simpler way of doing it, and another one is you can collaborate and develop your info among your colleagues in an easier way actually, instead of like going at, instead of getting into a campaign session or doing anything like that it's easier to share your proper code via version control system, so and then like under the thing is like you can use your hooks to manage a lot of things basically, so like you have post receive hooks basically for your, you have your post receive hooks in it, so what we do is and we use our post receive hooks to, like we have a central Git server and we can use your post receive hook to push that to the client machine and post receive hooks can be also used for, post receive hooks can be used for control, running your puppet also, applying your puppet manifest, like I said like to compile it you can just say puppet apply module path in your, you can do it in your, so how do we start off with it, to bootstrap, bootstrap machine like, use Git plus SSH, the simplest way to deploy Git and Git code, another one bootstrap puppet via a simple like script where you can just install puppet and like you can do it, then like you can write a simple recipe to install Git and SSH keys via puppet, should be, it's a fairly simple, simple way of doing it basically, installing SSH keys and so on. So the use is like you can even define and repository, you can bootstrap and repository and then you can like, you can define your access control everything into the client via puppet, like via applying it for the first time, so that is the first time when you do it, so next time you can use like and then you can define your custom post receive hoops, hoops are like hoops play a major role in our infrastructure management, like so it's like you can have hoops to have like hoops can see the refs actually, the reference of the Git commit, so what it can do is you can see if it talks to a particular particular band so you can have a testing band and then if it's a testing band you can push it to a particular test machine or anything like that and then you can write your custom post receive hoops to handle the, I mean handle your workflow basically, so you get what we basically do is you can define a workflow and then you can use Git to do that workflow and puppet can just be and what do you call it, it just works like compiling the code, like you run normal scripts you can become like that, so what are all the other, I mean what are all the advantages basically in running in stand alone, basically then we will come to that disadvantage, first advantage is master, puppet master has a, what do you call it, it's a little bit difficult to set up, it's difficult to start off actually, even if you see a beginner's tutorial they teach you with starting with running it in a stand alone mode only, like but it's very basic again, like with the help of Git and other version control system you can pretty much do whatever you can do with your normal network setup basically, so it's like it's faster and it's better to use using Git. Disadvantages, it's like you don't get stored configurations, it does not work properly, stored configs does not work properly, master and master as of now, puppet DB does not work as of now, so it's like they have file and ticket getting puppet DB to work with stand alone mode, so hopefully in the future version we will get something and another thing is collecting facts from the nodes, like you may run something like a dashboard or something like that, so getting facts from the client and nodes to use it in your dashboard or something, it can be a bit hacky actually you will need to use your post-receive hooks, custom script or something like that to get your, or any, basically you can use your own you can use your own manifest, you can have one of the class puppet classes which works on taking the facts from the client and then passing it to the server which has the dashboard another one is collecting reports from the nodes, these are like what it does is when you run in a stand alone mode, it logs it to a directory basically I mean report directory, whatever you specify, you can't send it to a report server, so you need to figure out your own means of using it like using your reports, reports are pretty much useful, you may want to see a dashboard or may use whole man, everything like that, so for other things it can be a bit like tricky, one thing to think about it another one thing is catalog transportation, this is a major disadvantage that everybody comes up actually, what happens is like in this stand alone mode you put your entire code on the client actually, so it's like if you have different systems in which you don't want one system to know about what the other system does, then it becomes a bit of a problem because we have the same thing, same code in all the system so it's like your client basically has too much of information so in that cases it becomes a huge problem, so that is one of the but if you have similar systems or if you have similar servers or if you run what I said basically what I wanted to stress on is using configuration management for stand alone system I mean for single system, zero plus system, basically one or two systems in that cases you may not be having the entire code in the other system so it's like sometimes you may have only one system basically and you may ask what is the advantage of using Puppet for a single system like we manage a lot of single servers as a service provider basically so it's like one thing is you have your configurations or like version control, so and other thing is what Puppet basically promises is to you define states, like state transformation is defined actually it's like you go from A to B or like B to C, there is nothing in the middle so you can have a complete record of the states so that is what you may want in your system you may want some time to go back from B to A like those things can be easier when you have configuration management system not necessarily Puppet basically in any configuration management system and the other thing is like if you want to like you do a lot of migrations like sometimes you may want to upgrade your hardware like those things that you have with the single servers that you message them so for that cases it's very useful to have this kind of thing because like you just clone the repository you will have your own copy of it you just like start bootstrap initial step and you push it and like everything gets configured so it becomes simpler basically so migrations get easier and you have different systems this is the main use of having it for single system and other oneness when scaling like you may have one system and then you may want to expand it like you may want to have a backup machine like for those things it's easier but like further plans is like whatever what else can you do with it like how far are you planning to go with it is to use like different post-processing tools basically like to use the branching intelligently you can use you can have some branch called test branch and then like if the ref is like if you can check the refs and if it's committed to that particular ref then you can basically run an aspect or like you can automate so much things actually other one that we have been looking for like we have been testing so far is using Jenkins Jenkins like makes the job very easy actually instead of having like instead of having a central server just for having your repository or something you can have a CIA engine like Jenkins so it can do so much things it can like even bootstrap and VM and then like it can run your tests in and VM like and you can do how much like then integrate with HuWat or like you can basically do pretty much a lot of things with Jenkins so it again becomes like deployment like whatever configuring something into the server also should be like deploying your code so Jenkins also will be helpful in that case I mean then like with Jenkins you can run checks like using Puppet aspect Puppet Lint is basically to see if the syntax and like the style proper styling is maintained so the bottom line of using standalone mode is like it's the simplest way of using Puppet like the motto of using configuration management should be to get going like it's like you don't have to worry so much about setting up your Puppet and managing your Puppet it's already when you are managing so much stuff with your with your Puppet like you should not spend more time on managing your Puppet server basically it does not make many other one is it's suited for service business models where you handle like clients where you use where you manage your client servers where your machines are not yours and where your machines may be in some remote locations it may be in some private network protected by this other one is like since it's simple way and easier to start easier to start off with the thing it gives you more time to concentrate on modules develop your own modules or edit your modules and like use modules in a better way like it gives more time to do the actual work than setting up so this is my idea so if you have anything you can contact me you can find me in this Puppet or InfraTag IAC channels with Nipthi's circle underscore underscore so you can find me over there like any questions like or anything that you found that it can be like anything that I missed out or anything that you want to hear from the masterless setup anybody's experience which you have like when you add some trouble in using a network setup I'll be happy to hear from you yeah you can have dashboard there is a dashboard like so you mean so you basically want to know the tools which you use to monitor your Puppet runs correct so like you can monitor it using four man four man is one tool another one is Puppet dashboard Puppet dashboard is supported by like it's done by the Puppet Labs company itself so other one is if you want to play well with your existing infrastructure you may think of using your reports in a more like in the way it suits you it's basically an YAML file so pausing an YAML file writing a script to pass an YAML file is not very difficult so what you can do is you can pass your report like I'll tell you what we do actually so like we do not want to use a dashboard dashboard was like it dashboard itself is another resource basically like what I felt personally so what do what we do is like we have a script to running in each of the client actually what it does is it passes my YAML report and then like it pushes into a like it converts it into a JSON format I take the things that I want and then I push it into a JSON format and then like I push it into a storm server basically like and then the message queue server like it can take the thing and then you can like you can basically use something like graphite basically so graphite is like any input that you give you can make a graph out of it so you can count the number of runs and failures you can push it to a message queue and then like you can basically run like you can run your graph according to that you can use that script like you can use that script to get into a message queue like so you can use design the message queue such that it pushes to some of your existing you may have Xabix already running you may have Catay already running so you may push into Xabix or you may push it into like use so like you may have some workflow tools such as request tracker or anything running on it so whatever information you need you can frame from the report and push it into that so it's basically dashboard or your own tool like or foreman if you want to you want an advanced anything else so sync the server sync the server correct yeah correct this is the basic thing I said to have in the like you want to know a way to basically run your clients in case the master server has any problem correct with the gyms or anything like that so basically the way is to run it using transport it using SSH Git server can do the transportation for you basically from your like you can use and post receive loop so that like you can say that if you push it into a particular branch then like you can check the web and then you can use it you can say a git push to a particular server so there you may have the normal puppet or like there you may have one repository running like client side repository so the client side repository receives the code puppet code and then there you can just do a normal puppet apply like in your post receive loop so it's automated like that it's not dependent on a single master is actually not a master it's just a repository like this and so you won't have a problem of crashing gyms like with the master side like it's only a single thing which happens for the most of the time one thing is like but puppet is basically dependent on many Ruby gyms actually so puppet itself is available as a gem so you can't avoid using Ruby so if you want to avoid Ruby and you can go for some simple configuration management tools like seedist or something like that it's like but they have their own limitations seedist is basically too much dependent on SSH like here you have an option to go for a SSH based standalone module as you to go for and network setup but that seedist is more dependent on SSH and also seed is like it has very limited functions and limited and not relatively a smaller community which uses seedist so it's like it's better to use like a tool which is used by the majority of people you will get so much modules in your module force so it simplifies the task you will get so much help and like it's better to go for that if you want to avoid Ruby gyms you can't use puppet basically just like puppet itself is written in Ruby only just now there is an DSL which has come for writing in Ruby also so you can if you are comfortable with that you can use that anything any other problem that you faced with a network setup why you would not like to see in the future so you know the actual facts yeah facts you want to know how to collect facts from the clients okay so you yeah the facts so you want to talk about facts yeah I will tell you how to use facts in a standalone basically custom functions basically how to build a module like basically I will start off with factor okay so basically what is a factor factor is something which gives facts about the systems there may be so many facts about the systems like your IP address your MAC address uptime distribution name operating system version like so many facts can be about the system so facts is like factor is basically a tool to get you that facts it's very simple to write a custom fact basically so what you do in like simplest way to write a fact is you can write and you can write your own shell script or shell wrapper and then you can export an environmental variable saying factor underscore so then if you say facts that you will get that tool so if you want to get the facts in the standalone mode also facts work in the similar way like I said facts are useful in the instantiation phase so instantiation phase what happens is like basically in the instantiation phase like the facts are got like facts are basically variables so that facts are used to build the perfect objects correct so like since the instantiation phase happens in the client itself and facts are more tight to the client so it's like you will use facts basically in the same way you use in the master setup like there is not much of a difference basically between using it in the network setup and using it in the client and next one is custom functions so like it's like the custom functions are same basically it's like you build a module and it's just a part of the module those things become facts actually if you want to fetch some information basically you can use exec so you want to use it because I was talking about the network setup correct then like basically what you can do is if this cannot be handled in the standalone mode by your custom functions basically what you can do is you can use facts you can use your own facts to check if it's there in the custom location ok and then you can use something called mc you should be using mc marionette collective basically so there is one plugin called mc facts mc facts so what mc facts does is you can get facts from your remote machines like you can get the facts from the remote machine so what you can do is you can get the fact from your remote machine and then it again becomes a variable rate in your manifest so you can use it in your manifest make it as a condition and then you can use it in the normal class itself like what I am saying is for your need there is no need to go for the custom function custom function is needed when you go for something completely new like there is no proper module for running a git repository as after all so let's say we make one thing for running git or something like that so custom function will be some function which handles your push and like add so those things like which gives that things keywords will be there will be the custom function like what is your need is like you need to use facts fix the fact into your master check for the facts in your class like if feels like what you call it it's basically have a conditional and according to the conditional go for the apply it on so what I am doing is I will get the fact of the custom of the client and then get the interpining it will touch outside that's what you are doing it's the same it should bind to me and it should fix the continuity in files some of the content so by default there won't be what I am doing is I am putting the client in the file and the client boots up contact the client whether in the client side so if it is there it won't be there if it is not there so for that I need to check because I have a great technology okay you want to see if that was not CSG fact okay anything else okay okay okay you want to design your infrastructure basically so first thing that you can go for is looking for your the first thing that you can go is looking for your modules like you just decide what all the things should be there then you look for the modules can find it in module 4 or anything like that so the second thing is you may want to write there are different style grids it was a pretty detailed question so there are several style grids how to design your modules basically you have to keep your modules like that you have most many modules as you want like one for the web server one for the mail server one for the mail server and then you may want to write classes which uses them and then you make something called node start it is something which defines about your nodes so you can use your node config in that like you can you will have many node clients in your data center you can have them in that basically it's a pretty detailed thing you can have them and talk to people and just you know but I have a channel like can contact me so you need some time to do this so you can you can you can do it you can do it like first like decide how your configuration is going to work then like you can go for the you can do it you can do it you can't you can you can have so me you can have yeah you can you can So, we will have a, yes, so we will, we will, we will, we will, we will, we will, we will discuss it out there. Okay, thanks a lot.