Razor is next generation provisioning software that handles bare metal hardware and virtual server provisioning with inventory discovery and tagging, rule-based policy management, and extensible broker plugin integration. The usage of Razor for provisioning is discussed briefly in this blog, and additional information is available on a separate post by Nick Weaver, one of authors of the Razor project. Broker handoffs will be discussed in a follow up article.

Razor is currently released as a beta for preview, so there are no installation packages yet. The Razor module is intended to simplify the process for installing Razor, since it handles all application dependencies, and clones the Razor repo from GitHub.

The module is limited to Ubuntu Precise due to the availability of nodejs packages. In Debian, these packages are available in sid, so install this module only if you are comfortable adding the unstable repo. Razor puppet module support for other platforms will be evaluated as we continue to develop Razor (this is not the same as node provisioning platforms which includes Debian, Ubuntu, RedHat, OpenSuSE, and VMware ESX).

Installing the module

On puppet 2.7.14 an PE 2.5, puppet module tool will automatically download and install all dependencies from forge.

$ puppet module install puppetlabs-razor
Preparing to install into /etc/puppet/modules ...
Downloading from http://forge.puppetlabs.com ...
Installing -- do not interrupt ...
/etc/puppet/modules
└─┬ puppetlabs-razor (v0.1.0)
├─┬ puppetlabs-mongodb (v0.0.1)
│ └── puppetlabs-apt (v0.0.3)
├── puppetlabs-nodejs (v0.2.0)
├── puppetlabs-stdlib (v2.3.2)
├── puppetlabs-tftp (v0.1.0)
├── puppetlabs-vcsrepo (v0.0.4)
└── saz-sudo (v2.0.0)

Once all the modules have been installed, the appropriate permission should be applied to the files under the modules folder:

$ chown -R puppet:puppet /etc/puppet/modules

Configuring the module

The puppetlabs/razor module does not deploy DHCP service. The DHCP server needs to specify the initial boot file as pxelinux.0 and next-server option should direct traffic to the tftp server.If you currently don’t have DHCP service in your environment, and have control over your network environment, the puppetlabs/dhcp module will deploy dhcp services.

class { 'dhcp':
  dnsdomain   => [
                   'puppetlabs.lan,
                   '1.0.10.in-addr.arpa',
                 ],
  nameservers => ['10.0.1.20'],
  ntpservers  => ['us.pool.ntp.org'],
  interfaces  => ['eth0'],
  pxeserver   => '10.0.1.50',
  pxefilename => 'pxelinux.0',
}

If you want to test Razor on your local system in a virtual environment such as VMware Fusion 4, simply add the following lines into /Library/Preferences/VMware Fusion/vmnet8/dhcpd.conf the appropriate DHCP subnet and substitute $tftp_server_address with the Razor VM node ipaddress:

filename "pxelinux.0";
next-server ${tftp_server_ipaddress};

At the moment, the tftp service and razor service will be deployed to the same system. On the puppet master assign the razor class to the appropriate node, and trigger a puppet agent run afterwards:

node razor_host {
  class { 'razor':
    username  => 'razor',
    directory => '/opt/razor',
  }
}

Razor can also be deployed directly to the system with the modules installed via:

puppet apply /etc/puppet/modules/razor/tests/init.pp --verbose

At this point, login to the Razor installation directory and execute Razor to confirm the application is installed successfully:

$ razor
ProjectRazor - v0.1.6.0
 
	Usage:
	project_razor [slice name] [command argument] [command argument]...
	 Switches:
		 --debug        : Enables printing proper Ruby stacktrace
		 --verbose      : Enables verbose object printing
		 --no-color-out : Disables console color. Useful for script wrapping.
 
Loaded slices:
	[bmc] [broker] [image] [log] [model] [node]
	[policy] [tag]

Example usage

The example below will show the minimal steps from the end of Razor installation to provisioning an Ubuntu Precise system. We will focus on the process of getting a new system provisioned with Ubuntu.

Razor needs a micro kernel (MK) image upon initial pxeboot to detect hardware information and register systems to the inventory of nodes. The MK image is available on GitHub, and it should be loaded into razor image service first:

$ wget https://github.com/downloads/puppetlabs/Razor/rz_mk_dev-image.0.8.8.0.iso
$ razor image add mk ./rz_mk_dev-image.0.8.8.0.iso
Attempting to add, please wait...
New image added successfully
Images:
	UUID: 1nnkuB5BiH1C93HOO0PTFi
	Type: MicroKernel Image
	ISO Filename: rz_mk_dev-image.0.8.8.0.iso
	Path: /mnt/nfs/Razor/image/mk/1nnkuB5BiH1C93HOO0PTFi
	Status: Valid
	Version: 0.8.9.0
	Build Time: 2012-05-09 13:11:01 -0700

Once the razor MK images is loaded into Razor, new system connected to the network performing network boot will obtain a dhcp address, boot the microkernel and register with Razor. We can get a list of systems discovered via this process via the Razor node:

$ razor node
Discovered Nodes
         UUID           Last Checkin                  Tags
5PfILygjPv4WTayOnTOYMk  32 seconds     [cpus_1,memsize_4GiB,nics_1,vmware_vm]
26k3If4FI7HpsZIn7N7BXu  45 seconds     [cpus_2,memsize_16GiB,nics_2,vmware_vm]
66XZwZUJOpRXosg5SHHdbW  7 seconds      [cpus_4,memsize_96GiB,nics_4,physical]

Attributes regarding specific nodes can be drilled down into further details by specifying its UUID:

$ razor node attrib 5PfILygjPv4WTayOnTOYMk
Node Attributes:
          	Name                        Value
	architecture              i386
	domain                    localdomain
	fqdn                      mk000C294F881F.localdomain
	hardwareisa               unknown
	hardwaremodel             i686
	hostname                  mk000C294F881F
...

To provision a node, an Ubuntu Precise ISO should also be loaded along with a model which associates an instance of model template configuration with a specific ISO image:

$ razor image add os ../ubuntu-12.04-server-amd64.iso ubuntu_precise 12.04
Attempting to add, please wait...
New image added successfully
Images:
	UUID: 274HnNlQF5jvbo0y6U0aok
	Type: OS Install
	ISO Filename: ubuntu-12.04-server-amd64.iso
	Path: /mnt/nfs/Razor/image/os/274HnNlQF5jvbo0y6U0aok
	Status: Valid
	OS Name: ubuntu_precise
	OS Version: 12.04

Once the MK and operating system images are loaded into razor, we can create a deployment model using that image. First, list the available model templates:

$ razor model get template
Model Templates:
Template Name         Description         
centos_6        CentOS 6 Model            
debian_wheezy   Debian Wheezy Model       
opensuse_12     OpenSuSE Suse 12 Model    
ubuntu_oneiric  Ubuntu Oneiric Model      
ubuntu_precise  Ubuntu Precise Model      
vmware_esxi_5   VMware ESXi 5 Deployment

Next, select the ubuntu_precise template along with the iso_uuid generated when the ISO was loaded into Razor. This will trigger a series of configuration questions applicable for the Precise model template:

$ razor model add template=ubuntu_precise label=install_precise image_uuid=274HnNlQF5jvbo0y6U0aok
--- Building Model (ubuntu_precise):
Please enter node hostname prefix (will append node number) (example: node)
default: node
(QUIT to cancel)
> ubuntu
Please enter root password (> 8 characters) (example: P@ssword!)
default: test1234
(QUIT to cancel)
> testEnvPass!
Model created
Label =>  install_precise
Template =>  linux_deploy
Description =>  Ubuntu Precise Model
UUID =>  3LCN86Cpx0Te3Of5WbORkQ
Image UUID =>  274HnNlQF5jvbo0y6U0aok

The newly created model contains the hostname (which will be appended with node number), root password, and the ISO for deployment. We can certainly perform more customization within the preseed file, but in most cases this process is deferred to Puppet via broker plugin which will configure the target puppet master to handoff the node for management. At this point we can deploy this operating system, and based on our initial hardware inventory we will target nodes with 4GB of memory that are VMware virtual systems.

$ razor policy add template=linux_deploy label=precise model_uuid=3LCN86Cpx0Te3Of5WbORkQ broker_uuid=none tags=memsize_4GiB,vmware_vm enabled=true
Policy created
UUID =>  41o1z77j2R4ZsgjD9KTpPe
Line Number =>  2
Label =>  precise
Enabled =>  true
Template =>  linux_deploy
Description =>  Policy for deploying a Linux-based operating system.
Tags =>  [vmware_vm]
Model Label =>  install_precise
Broker Target =>  none
Bound Count =>  0

At this point we review our policy rules and based on razor node output we expect one system that matches the tag requirements to deploy Precise.

$ razor policy
Policies
#  Enabled     Label         Tags              Label          Count           UUID
0  true     precise  [memsize_4GiB,vmware_vm]  install_precise  0      41o1z77j2R4ZsgjD9KTpPe

In the future, other systems that match this policy rule will also deploy Precise. Once the appropriate nodes install Precise, we can either remove this policy completely via ‘policy remove <uuid>’ or temporarily disable it via ‘policy disable <uuid>’.

Conclusion

The Razor puppet module provides a quick and easy way to install Razor for testing. The module could benefit from additional puppet class parameters for razor::nodejs and razor::tftp that separates those components especially when tftp can be installed on a separate system. There are also manual processes in Razor such as loading ISO’s that could benefit from a Puppet type/provider. We certainly welcome recommendations for additional Razor service deployment platform, and contributions from our community for enhancements to this module and its dependencies.

Learn More:

• Introducing Razor, a Next-Generation Provisioning Solution
• Lex Parsimoniae : Cloud Provisioning with a Razor
• puppetlabs/razor
• Join the Razor webinar
• Participate in the Razor Twitter chat at #puppetize – 2012-05-28 18:00 UTC

Puppet Labs is really excited to introduce Razor, a next-generation hardware provisioning solution developed collaboratively with our friends at EMC. I’ll be diving into details about specific Razor features in a series of blog posts, which includes installation via a Puppet module, but in this post I’ll focus on a high level overview of Razor’s features and the problem it’s solving.

Problems With Current Solutions

EMC actually initiated Razor in response to challenges they were having internally with existing hardware provisioning technologies. In building-up test and burn-in environments for their own software solutions, EMC found themselves bottlenecked by provisioning tools that were vendor-specific, monolithic, and closed. Moreover, public and private clouds gave their Development & QA teams infrastructure that responded nimbly and on-demand; why couldn’t their hardware infrastructure give them the same responsiveness and efficiencies?

To remedy, EMC first surveyed the landscape of provisioning technologies. Given the importance of provisioning as the first, critical step in building compute infrastructure, surely someone had innovated a solution to these problems? But nothing seemed to really address the needs of the system administrators responsible for infrastructure, so EMC set out to solve the problem themselves.

Enter Puppet

EMC was already very familiar with Puppet Labs and our products, and these served as an inspiration and foundation for Razor. Specifically, the EMC team sought to bring Puppet’s declarative, model-based approach of configuring software to the provisioning of server hardware with an operating system. In addition, Puppet Labs’ metadata-driven enterprise message bus and node inventory technologies, MCollective and Facter respectively, were critical enabling components for Razor.

Further considerations in selecting to partner with Puppet Labs were the pervasiveness of its open source technologies as well as its active and engaged community. EMC’s Razor team recognized that existing provisioning technologies were handicapped by their tight association with a single vendor, and open sourcing Razor to an active community was the surest way to avoid a similar fate.

Razor: Cloud Agility and Efficiency for Hardware Infrastructure

OK, enough already … what’s different about Razor?

First, during boot the Razor client auto-discovers the inventory of the server hardware – CPUs, disk, memory, everything – and feeds this to the Razor server in real-time. This means you always have the latest, most up-to-date information about every server in your data center, eliminating the need for manual inventory processes and tools.

Second, Razor knows the latest state of every server, and this state is updated with the auto-discovered inventory data. Razor also maintains a set of rules to match the appropriate operating system images with server capabilities as expressed in metadata. This match is made dynamically, so any change in the underlying hardware is automatically detected, reflected in the model, and can potentially result in the selection of a different operating system image – all automatically.

Third, Razor is integrated with Puppet for a seamless hand-off. After Razor selects the operating system image it then automatically installs the Puppet agent and classifies the node. Puppet picks up the ball and begins configuring the operating system, and so on up the stack.

Fourth, in contrast to other provisioning technologies Razor is open, pluggable, and programmable. Hardware has a unique boot sequence? No problem, create a new model. Want to change how operating system images are selected? Just update the rules via the Razor CLI. Need to support a new OS? Easy. Razor is all about giving choice, agility, and automation to the system administrator so they can eliminate the repetitive and menial from their day.

What this all means is that now Razor and Puppet enable the system administrator to automate the entire infrastructure stack, from bare metal to fully deployed applications on the cloud.

Check It Out

Nigel Kersten, Puppet Labs’ CTO, will be on stage during Chad’s World at EMC World today at 5:30pm PDT to demo Razor, and we’re also in the EMC Innovation Center on the show floor. Also, our friends from the EMC CTO’s Office – Dan Hushon, Chuck Hollis, Nick Weaver – have blog posts out today (here, here, and here, respectively) sharing the details of EMC’s work and perspective on Razor.

Razor is available for download now from the Puppet Forge. Check it out – we’re looking forward to your feedback. And stay tuned for more Razor blog posts soon!

- Nan

Learn More

• Participate in the Razor Twitter chat at #puppetize – Mon May 28 11am PDT
• Join the webinar with EMC – Tue May 29 11am PDT
• Download Razor from the Puppet Forge
• Read the docs on Github
• Check-out the official press release

Design is an integral part of the way we build software at Puppet Labs. More specifically, we strive to answer a very simple question: what does the user need? This isn’t always an easy question to answer, but we’ve been happy with our success in doing so. User empathy is our conduit for user satisfaction.

In real-life terms, what does design at Puppet look like? Let me show you a project that just finished its initial design phase: Puppet Sites.

What do users need?

Puppet admins want to spend their time managing nodes that are under Puppet control. They don’t want to spend their time adding nodes to their deployments. On the contrary, their goal is to start managing new nodes as quickly as possible. We formalize this need in the following way:

As a Puppet admin I want to easily add new nodes to my deployment so that I can start managing them as quickly as possible.

How do we we satisfy user needs?

The current workflow for adding nodes to a deployment is as follows:

1. Configure puppet.conf with the location of the master/CA
2. Perform an agent run on the node
3. Login to the CA
4. Sign the node’s certificate
5. Perform another agent run on the node

The problem with the existing workflow is that it appears to have nothing to do with adding new nodes to a deployment and everything to do with signing certificates. There’s a disconnect between the workflow and the user need.

To fix this, we did three things:

1. We introduced the concept of a site. A site is a service that owns the list of nodes in your deployment, the authentication mechanism for adding new nodes to your deployment, and the configuration of Puppet services in your deployment.
2. We changed the semantics of the workflow, so that it directly addresses the user need.
3. We eliminated the overhead of signing into the CA and manually signing node certificates. There are secure ways to do this that don’t involve user interaction over SSH.

The workflow now resembles the following:

1. Login to the site host
2. Generate a pre-shared key
3. Join a node to the site using the pre-shared key
4. Repeat step 3 for every node you want to add to the site

We now have a workflow to fulfill the user’s goal. But notice that we’re still not talking about sites in technical terms. This workflow could apply equally well to a Puppet Face, a REST API, or a Dashboard plugin.

How do users interact with our workflows?

It’s all well and good to produce a general workflow for addressing a user need, but eventually you have to tie it to a real user interface. For the initial release of Puppet Sites, we decided to focus on two user interfaces: a Puppet Face and a REST API.

A designer is nothing without regular interaction with customers. While designing user interaction, we stayed engaged with our internal operations and professional services teams. After several rounds of feedback, the design of the Puppet Face for the workflow given above resembles the following:

node02$ ssh admin@site02.domain.com
Last login: Mon May  7 18:15:43 2012
site02$ mount /media/usbdisk
site02$ puppet site generate key > /media/usbdisk/site.key
site02$ umount /media/usbdisk
site02$ exit
node02$ mount /media/usbdisk
node02$ puppet node join site02.domain.com < /media/usbdisk/site.key
Trying to add node02.domain.com to the site at site02.domain.com...
 Use `puppet site status node02.domain.com` to confirm success
 To stop waiting for the command to complete, press Ctrl-C.
   The command will still complete in the background.
Added node02.domain.com to the site at site02.domain.com

What do users think?

We strive to make our design process as agile as our engineering process. We specifically avoid a waterfall model, where the design is completed in an ivory tower, then handed over the wall for implementation. Instead, our designers sanity check their design with internal and external users, talk to architects and engineers to make sure they aren’t violating the laws of physics, and stay involved in the project until it ships, making course corrections as necessary.

The Puppet Sites project is still underway, but we’ve already discovered mistakes made early in the process, and corrected them. Each group of users has been vital to this iterative process.

Our internal users made us aware that omitting a pre-shared key system was a poor idea. By themselves, the two other fixes—changing semantics and introducing sites—weren’t sufficient to solve the user goal of “quickly” adding nodes to their deployments.

Our architects made us aware of a “law of physics” deal-breaker in the design, where users could have passed their pre-shared key as a flag to puppet node join. This would have exposed the key to sniffer processes on the host machine, and represented an unacceptable security risk.

Our external users helped us realize that the concept of a “site” is foggy at best and they didn’t really understand the problem it was designed to solve. Also, they were concerned that we were deprecating existing functionality without providing a drop-in replacement. We’ve been working to ameliorate these concerns by formulating clearer stories around the problems that sites solve.

Design at Puppet Labs

Of course, Puppet Sites does far more than just provide admins with an easy way to add new nodes to their deployments. For the sake of brevity, I’ve only highlighted this one user story. However, having a site also helps Puppet admins who want to…

• …get a list of all the nodes in their deployment with a single command, so they don’t have to trawl multiple services to get this information.
• …centrally manage the configuration of all nodes in their deployments, so they don’t have to manually manage puppet.conf on each node.
• …access information about Puppet services from their manifests, so they don’t have to hardcode the location of their services into their manifests.

You can expect Puppet Sites to be available soon, as a point release for Puppet 3.0.

In summary, the UX team at Puppet produces three main artifacts: user stories, workflows, and wireframes.

• User stories allow us to talk about the needs of our users in a non-technical, goal-oriented way.
• Workflows describe the tasks users go through to achieve their goals.
• Wireframes are mockups of the actual systems that users use to complete these tasks.

Not all of our projects follow this process exactly, but, in general, the above holds true. User story to workflow to wireframe. Rinse and repeat as necessary. That’s how we do design at Puppet Labs.

Learn More

• What is User Experience in Puppet?
• Looking Forward to 2012: Design, Big Data in the Infrastructure, and DevOps

We’ve had a lot of open source goodness this month, and we want to talk about it and get your feedback. We’re hosting an hour-long Twitter chat on May 28 at 11 am PDT to answer your questions and converse about new releases like PuppetDB, MCollective 2.0, Puppet 3.0 (currently in RC), and more.

We’ll have Michael Stahnke, our community manager; Deepak Giridharagopal, major developer of PuppetDB; R.I. Pienaar, author of MCollective; and Nan Liu, integration specialist, ready to respond and converse on Twitter.

Just tag your tweets and questions with #puppetize to join the conversation, and we’ll tag our responses. If you want to follow what’s going on, just track #puppetize for the full stream. To get an idea of what this is like, check out a snippet of the last Twitter chat we had:

We look forward to talking with you on 2012-05-28 18:00 UTC!

Learn More:

• Introducing PuppetDB
• Announcing the Marionette Collective 2.0
• Puppet Labs on Twitter

The following is a guest post by Reid Vandewiele, a system administrator at the Portland State University Computer Action Team (PDX CAT). Reid, William Van Hevelingen, Spencer Krum and other CATs are big contributors to various modules on the Puppet Forge and also host a few of their own. They are active members of the Puppet community and can usually be found on IRC under the monikers marut, blkperl and nibalizer, respectively. Thanks guys for the awesome guest post!

The Advanced Maryland Automatic Network Disk Archiver, or Amanda for short, is a network backup solution in the same class as Bacula. Proponents tout its smart automatic planner, use of native tools to perform data dumps, ability to recover data from tape in the absence of the tool itself, and the available commercial support through Zmanda. A venerable bastion of free and open source software, Amanda has been around since 1991 and is still actively maintained with the most recent stable version having been released on February 12, 2012.

Let’s Puppetize that!

Read more on “Module of the Week: pdxcat/amanda – Advanced Network Backup” »