Config Management

Ja (Thanakul) Wattanawong (jaw)

Who am I?

• OCF Site Manager
• EECS
• Firefighter
• I set up your student VMs
• Catch me in the server room OCF social discord

What problems does config management solve (1/3)?

• Suppose you have a bunch of computers

​

​

​

​

• You suddenly decide that everybody computer in the lab needs Minecraft installed
• Without config management: SSH into all the desktops and install it
• Even with a script this sucks
• Problem: How do you deploy updates to a fleet of existing computers?

What problems does config management solve (2/3)?

​

• Suppose this computer lab buys a new computer

​

​

​

​

​

• Remembering to install Minecraft and configure it correctly is pretty difficult
• Eg: Have it use more than 1Gb RAM by default
• Problem: How do you provision new machines?

What problem does config management solve (3/3)?

• Suppose you are running a Minecraft Server.

​

​

​

• You realize some change you made long ago broke some minor thing
• How do you figure out what settings you had changed around that time?
• Problem: How do you communicate what changes in software configuration to future you (and others)?

Config Management

Config management

• Solves problem 1 (updating computers) by having an unified update mechanism
• Solves problem 2 (bootstrapping new computers) by having all the changes necessary in some centralized repository
• Solves problem 3 (communicating new changes) by allowing you to use standard development practices (mainly git) to record your changes, and communicate with others

Configuration Management - Software that makes it as easy as possible to bootstrap new machines, configure running software, and allows configuration to be stored as code “configuration as code” philosophy

Configuration Management Philosophies

• Imperative:
• Treats configuration as a “set of tasks”, order to be specified by you.
• Say “How you want to do it”
• “Install minecraft”, then “add a line to the config file”, then “run minecraft”
• Examples: Chef, Ansible
• Updates handled differently than Bootstrapping
• What if config file is already edited?
• Declarative
• Specify the final state, the system works to get itself into the state
• Say “What you want, software figures out how to do it”
• “Ensure minecraft is installed, the config file has line <X> in it, and ensure that minecraft is running”
• Examples: Puppet
• Updates are handled the same as Bootstrapping

Of course, this is not an either-or, any software will have aspects of both philosophies

​

​

Puppet

• Popular Configuration Management software
• Used for configuring individual machines
• Declarative philosophy, with some Imperative components when necessary
• Originally built on Ruby, now its own configuration language
• Used at places like
• OCF (https://github.com/ocf/puppet)
• CS 162 (https://github.com/Berkeley-CS162/vagrant/tree/master/modules/cs162)
• Wikimedia (https://github.com/wikimedia/puppet)
• Github
• Lyft
• “Pull model” - Configured machines ask for an update
• So Puppet is usually scheduled to be run every now and then (OCF has 30 minutes)

What happens when

Puppet is run?

• Client asks server for an update
• “I want to be configured as a Minecraft Server”
• Server asks client for a list of Facts
• “Ok, send me your hostname, and RAM”
• Client responds with the facts
• “My hostname is zombies.ocf.berkeley.edu and I have 4GB RAM”
• Server responds with configuration
• “Ensure the Minecraft server is running, with hostname zombies.ocf.berkeley.edu, 4GB RAM, with this configuration file
• Client makes the necessary changes to ensure its current configuration matches the configuration given by the server
• “The minecraft server is currently running, but the configuration file has been updated, I will fetch the updated version

Puppet Code

• Most of the code is here
• Files - contains static files
• Templates - contain templates (Ruby style)
• Manifests - the heart of the configuration, specifies the desired states
• Other sections that are occasionally used
• Facts - Ways to extract data needed for configuration
• Functions - if you need extra something fancy data structure manipulating
• Dependencies need to be explicitly described
• Puppet is allowed to run code in any order that it sees fit
• If you have code installing Minecraft, and running Minecraft, you need to tell puppet to install Minecraft before running it

Example Puppet Code - Adding a user and a home directory

Example Puppet Code - Running a web server

Puppet at the OCF (1/2)

https://github.com/ocf/puppet

​

• Originally started in 2012, from the “Configuration is edited directly on the server, and desktops manually” model
• We only had 10 desktops so this was kinda okay
• 7 years later, all of the OCF’s machines runs off the puppet repository
• Desktops
• Thing behind the TV
• Hypervisors (things running the VMs)
• VMs (Running all the Networked Services you learned about)
• Including the puppet server itself

Puppet at the OCF (2/2)

​

• All the code is split into modules
• Ocf_tv
• Ocf_desktop
• Ocf_www
• Ocf_printhost
• Common OCF modules for shared configuration
• Ocf::ssl for (I need a web certificate)
• Ocf::auth for LDAP and Kerberos and sudoers configuration

Bonus Slide: Terraform

• Has integrated APIs to provision machines declaratively on cloud platforms
• This is part of the code used to generate your decal VMs. Notice that the provisioning script is mostly imperative.
• The alternative (which we seriously considered) was clicking “New droplet” 80 times.

Thank you for your time!

The lab is up!

If you have any issues, or the lab is unclear, please don’t hesitate to ask me questions! Also ask in #decal-general