1 / 5

CERN Puppet User Group Meeting, 2012-10-24

Puppet in ATLAS DDM & Tier-0. Luis Rodrigues for CERN PH-ADP-CO ph-adp-ddm-lab@cern.ch. CERN Puppet User Group Meeting, 2012-10-24. About. Manage the installation and configuration of ATLAS DDM Software ATLAS Tier-0 Software Supporting software

jersey
Télécharger la présentation

CERN Puppet User Group Meeting, 2012-10-24

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Puppet in ATLAS DDM & Tier-0 Luis Rodrigues for CERN PH-ADP-CO ph-adp-ddm-lab@cern.ch CERN Puppet User Group Meeting, 2012-10-24

  2. About • Manage the installation and configuration of • ATLAS DDM Software • ATLAS Tier-0 Software • Supporting software • iptables, awstats, nagios, Hadoop, etc… • Team personal setups • development machines, analysis nodes, etc… • ~90 nodes managed by a single Puppet Master (2-core VM, 2GB) • Configuration backed up with git to AFS • All actions logged to Puppet Dashboard • Access controlled via single elevated UNIX user with shared password within the team  • If you break the configuration, it will show in the git log, and you will be punished by wearing a donkey hat

  3. Usage • 23 modules • Modules separated by software/task, not by node • Software/task mapping to node in manifests/nodes.pp • Password configuration via executable and ERBs • ERB • http://<%= pip_user %>:<%= pip_pwd %>@atlas-pip.cern.ch/simple • Manifest • $pip_user = generate('/etc/puppet/config/private/get_pwds', 'pip_user') • $pip_pwd = generate('/etc/puppet/config/private/get_pwds', 'pip_pwd') • “Race condition” with Quattor “solved” through minimalistic Quattor templates • Gradually migrated most of our Quattorconfigs to Puppet • All nodes run with Quattor user-software option enabled • Specific functionality for Python pip/virtualenv added

  4. Caveats • When we started, we had conflicts with the Ruby version on SLC5 and some Puppet dependencies • No obvious solution, and it was still problematic with SLC6 • Rolled our own Ruby/Agent/Master/Dashboard RPMs • Good: It works everywhere • Bad: Compile puppet on the node in the postinstall.sh • Ugly: Manual rm –rf /var/puppet/ssl/*; rpm --force -Uvh puppet-agent.rpm on node re-install due to certificate mismatch with the Puppet server • Has been working like that since almost 1.5 years • Reluctance to update postinstall.sh to use newer Puppet version, still stuck on Puppet-1.6.7 • (could solve the pip/virtualenvcustomisation)

  5. Wishlist • A centrally supported Puppet instance, so we don’t have to run our own  • Features that we would need: • Insert/Update/Delete modules • maybe via git? • Map modules to nodes • one node will likely have many modules • Allow file transfer from modules to node • e.g., dependent configuration templates • A way to query an ‘ATLAS secret service’ for password information to be inserted into templates • Or a secure central service  • Monitor node change • Puppet Dashboard? • Support Python pip/virtualenv • Puppet kick

More Related