Planning to attend AWS Summit in New York City on April 18? We’d love to have you drop by our booth – #512 – and chat with James Turnbull, Ben Reich and Alanna Brown. They’ll all be hanging out, and happy to gift you with a shirt or sticker.

We’re looking forward to some interesting sessions at AWS NYC, not least:

• Continuous deployment practices for companies running production, test and development environments on AWS, led by three AWS folks: Chris Munns, solutions architect; Chris Barclay, senior product manager; and Mike Limcaco, enterprise solutions architect.

• Building web scale applications with AWS using architectural patterns that support scalable, highly available services – applications that are low cost, low latency and friendly to Agile development. This session will be led by Don Cuddeford, AWS enterprise solutions architect, and Matt Trescot, solutions architect.

• What to consider when creating a hybrid IT model that includes AWS. Brian Adler, senior services architect at RightScale, will cover the concepts around cloud-enabling of your existing infrastructure, review the reference architecture for hybrid cloud, and review technological considerations by use case and technologies available to manage your hybrid IT infrastructure.

• Using Amazon CloudFront to architect your entire site for delivering both static and dynamic content. Alex Dunlap, senior manager at CloudFront, will talk about how to configure multiple origin servers, and more.

While you’re cruising around the expo space at Javits Center, make sure you visit our partners and friends:

Boundary at Booth #314
Citrix at #501
Cloudability at #412. This company is also a Portland neighbor, with offices just a short bike ride from ours.
Enstratius at #313
Eucalyptus at #312
Momentum SI at #507
RightScale at #201
 
Not able to attend AWS NYC this time? You can register for the livestream of the keynote by Amazon CTO Dr. William Vogels.

Watch for #awssummit tweets – you might pick up a few things from sessions you don’t get a chance to attend. And you can always catch our attention by including #puppetize  in your conversations ;-)

Learn more about how Puppet helps you provision, configure, and manage your public cloud infrastructure:

Provisioning with Amazon Web Services
Automating and Managing EC2 services with Puppet

On the heels of our VMware partnership announcement, we’ve received a lot of questions about our existing technical integrations with VMware. One of the most widely applicable ways our software works together is the Puppet Cloud Provisioner—a simple tool that allows you to easily spin up, classify, and take down VMware nodes with Puppet Enterprise, enabling you to easily scale and manage your infrastructure.

Puppet Cloud Provisioner ships with Puppet Enterprise; it deploys nodes in virtualized environments and handles the often tedious process of getting a golden image deployed and configured, serving production services. The tool is simple and easy to use, as it adopts the Unix philosophy of doing one thing and doing it really well. By taking advantage of the robust VMware API, it provides a detailed view into your VMware infrastructure and the running virtual machine and templates, as well as takes action on them.

One of the actions that you can perform on a template is deployment. At the command line, all you need to do is tell Cloud Provisioner the path of the template that you wish to deploy, and the name of the resulting virtual machine, and that’s it — in a few minutes you’ll have a virtual machine running in your environment. For example, the following command will deploy a new virtual machine in your environment based on the Debian squeeze template:

puppet node_vmware create –name=newpuppetmaster –template=”/Datacenters/DC1/vm/debian-squeeze”

You can also perform power options (e.g. stop and start on a virtual machine) if you need to perform maintenance. With the following commands you can start or stop the VM that you have just deployed above:

puppet node_vmware start /Datacenters/DC1/vm/debian-squeeze
puppet node_vmware stop /Datacenters/DC1/vm/debian-squeeze

Once the machine is up and running, Puppet Enterprise users will want to “classify” the machine, which is the process by which we instruct the virtual machine what its function should be, and which Puppet code should be applied to the machine. Puppet Cloud provisioner is perfect for this so that the administrator isn’t required to shell into each new VM and go through the manual process of telling it what Puppet master to talk to.

For more information on using Puppet Cloud Provisioner to deploy, manage, and classify VMware virtual machines in your environment, visit the following docs:

• Cloud Provisioner Overview
• Classifying and Installing Cloud Provisioner
• VMware Provisioning

You can also learn more here:

• Provisioning in the Cloud with Puppet Enterprise
• VMware Invests $30M in Puppet Labs
• Watch a recording of our VMware & Puppet Labs webinar
• Get notified about future VMware/Puppet Labs product integrations

Razor Podcast

In this episode of the Puppet Labs Podcast, Mike Stahnke and Dawn Foster talked to Daniel Pittman about Razor. For those of you who aren’t familiar with Razor, it is provisioning software that handles bare metal hardware and virtual server provisioning, and Daniel is the head of Puppet Razor development.

We talked about several topics, including:

• an overview of the project
• community response and contributions to Razor
• bare metal and virtual machine provisioning with Razor
• plans for the future of Razor and upcoming features

See the rest of the podcasts

Get Involved with the Razor Project

• Razor IRC channel #puppet-razor
• Razor mailing list
• Get the Razor code or read the documentation

Learn More

• Next Generation Provisioning with Razor
• Razor, Now 100% Open Source
• Video of Nick Weaver at PuppetConf: Razor: DevOps + Bare-metal Provisioning
• Introducing Razor, a Next Generation Provisioning Solution

• DR assumptions I’ve learned aren’t true (Reddit). Lots of good ones here, including “Day old backups are recent enough” and “Only one datacenter in the region will be affected.”
• Teaching Programming To A Highly Motivated Beginner (CACM). Philip Guo shares how a non-programmer named Brian reached out and ask Guo to teach him programming, and their journey together. Guo’s take: “motivation is everything.”
• DevOps + Bare-metal Provisioning (YouTube). VMware’s Nick Weaver wants server hardware to behave as flexibly as the cloud. Razor is his solution.
• Developing Automation with Lean Methodology (Newtonian Nuggets). Ben Newton talks about the ‘IT Automation Curator’s’ job, and what he sees as the best part: developing new automation. He uses the principles of lean methodology as his guide in selecting *what* to automate, focusing on ‘eliminate waste.’

Learn More

• Previous day’s digest
• Sign-up for our monthly newsletter.

Managing Google Compute Engine Instances with Puppet

Puppet is an IT automation language that has traditionally been used to configure individual nodes. Puppet’s declarative language and dependency model is also suitable for describing entire application stacks on top of public cloud offerings.

This post will explain how Puppet can be used to model resources through Google Compute Engine’s API in order to describe application stacks as reusable and composable configuration files.

Google Compute Engine (GCE) is a service offering from Google that allows users to provision virtual machine instances that run on Google’s infrastructure. The one thing that really stands out about this service compared to similar offerings is how fast it is. Machine instances generally take seconds, not minutes, to spin up.

The GCE API allows users to create all of the resources needed to dynamically model application stacks, including: virtual machine instances, networks, firewalls, and persistent disks. It also allows you to specify a lot of the characteristics of a virtual machine instance like the image that should be used, and how much memory and CPU to allocate to that instance.

What this API can’t do is tell a machine how it should be configured. There is no way to say: “Use this image as a starting place, and then configure yourself to be a mysql database.” This is where Puppet comes in. It can be used with GCE in order to configure the roles that should be assigned to created instances. Puppet can also be used to perform ongoing management of those instances.

This blog will take the concept one step further, explaining not only how Puppet can be used to assign roles to compute instances, but also how Puppet can be used to model the management of all of the compute objects in GCE that are used to create an application stack.

Read the rest of this entry »

In May, we announced the Razor project with EMC. Even though the product is still in beta, we’ve seen an exciting amount of testing and adoption of the next generation provisioning system. In our initial release, we open sourced Razor and provided Puppet modules to install Razor on Ubuntu Precise. One of interesting aspect of Razor is the ability to discover hardware via in memory instance of Razor MicroKernel (Razor MK). Since Razor MK is based on Tiny Core Linux, we are releasing the source code today under GPL v2 license.

We hope this encourages users to build their own custom Razor MK images, which have the option to specify user accounts, the ability to enable remote SSH access for debugging, and for users to build and include custom Tiny Core Linux extensions to support unique hardware for their environment:

When the Razor image boots, it loads a web service which allows it load additional extensions, and it contacts the razor server api service to determine what’s the next action. The github repo contains the source code, as well as the tools and instructions for building your own custom ISO and extensions:

• Building Razor MK ISO
• Building TCL extensions

Also, in conjunction with the Razor MK open source release, we have updated the Razor Puppet module to support RHEL/CentOS installation. We hope this update allows more user to try out and provide feedback for the Razor project as we work towards to our official 1.0 release. We’ve seen several blog posts and GitHub projects detailing the process for installing Razor, and we used them as feedback to improve this module. This update contains a large number of changes and I just want to highlight a few that are important:

• RHEL/CentOS support
• Razor Ruby 1.8.7 support
• Razor service daemon script support
• Razor image download support

Due to these changes, we incremented the module version to 0.2.0. There are several excellent blog posts about installing puppet-razor 0.1.x modules. However, since blog posts are point-in-time snapshots, we are now maintaining an installation wiki page that will always include the latest changes to the Razor project as well as the Puppet module. This wiki allows us to keep you up to date on the progress of the project as we continuously improve Razor.

Learn More:

• The Razor installation wiki
• Razor OSS 2: Public Release of MK
• Razor Microkernel source code
• Razor solutions page
• puppetlabs/razor on the Puppet Forge

Google Compute Engine (GCE) was announced at Google I/O 2012. Google Compute offers high performance Ubuntu and CentOS systems backed by KVM at Google scale. As part of the announcement we extended Puppet Cloud Provisioner to provide support for deploying compute resource into GCE. This module delivers those Puppet Face extensions as a plugin to Cloud Provisioner.

Installing the module

On a machine where you have Puppet and Puppet Cloud Provisioner installed use the Puppet module tool to install the node_gce module from the Puppet Forge. The Learning Puppet VM is a great environment start using the node_gce module. You will also need to sign up for a Preview account to for Google Compute Engine.

From the command line issue the following command to install the module:

puppet module install puppetlabs-node_gce

This will download and install the module and the dependencies from the Puppet Forge to the appropriate module path.

Preparing to install into /etc/puppet/modules ...
Downloading from http://forge.puppetlabs.com ...
Installing -- do not interrupt ...
/etc/puppet/modules
└─┬ puppetlabs-node_gce (v0.0.1)
  ├── puppetlabs-lib_puppet (v0.0.1)
  └── puppetlabs-pe_gem (v0.0.1)

The Google Compute Engine module includes a Puppet manifest that install the Puppet Face in the proper place, and generates a script for building a credentials file. We will use Puppet to apply to the manifest locally.

puppet apply /etc/puppet/modules/node_gce/tests/init.pp

By default, init.pp manifests only install the minimal components. The optional manifest below resolves the following warning messages, but it has additional build dependencies to compile JSON.

Faraday: you may want to install system_timer for reliable timeouts
[WARNING] MultiJson is using the default adapter (ok_json). We recommend loading a different JSON library to improve performance.
 
puppet apply /etc/puppet/modules/node_gce/tests/optional.pp

Next we need to setup our GCE credentials. Once you have received confirmation of your GCE preview account you will need to enable Google Compute Engine under Google API Services. Once you have enabled GCE and created a project, go to API access menu and create a new Client ID for installed applications:

Next, execute the generated credentials script:

/tmp/build_gce_credentials

Copy the generated link into your browser and use the authorization code to complete the credentials file. The script will ask for a file to store your credentials. The node_gce Face expects to find those credentials in ~/.fog.

Enter file for storing OAuth2 credentials [/tmp/oauth2_credentials.yml]: ~/.fog
Storing credentials information in [~/.fog]...

Example ~/.fog:

:gce:
  :client_id: "52313212-idasf921.apps.googleusercontent.com"
  :client_secret: "ida8214kdasfsd93"
  :authorization_code: "sfas1/daf9123123kjfasfojdjsfk213213"
  :refresh_token: "dsfas9123kdsfaj892sadkfa"

Using the node_gce Face

Before creating any Google Compute Nodes, we need to upload SSH keys in order to have access to any new systems created by cloud provisioner. SSH keys can be added to the project via add_metadata action, along with the project id, username, and path to the SSH public key file.

$ puppet node_gce add_metadata --project=puppetlabs.com:gce --user='paul' --sshkey=~/.ssh/paul.rsa.pub

This process can be repeated for multiple users to grant them SSH access to systems under multiple projects. New keys will also distribute to existing systems in the same project, but the process will take time to propagate through the environment (about 60 seconds). In Google Compute, SSH keys are associated with a non-root user account with sudo access, and they are stored in per project metadata ‘sshKeys’ value. The SSH key for each user is separated by newlines, and can be listed by executing metadata action and providing the appropriate project:

$ puppet node_gce metadata --project=puppetlabs.com:gce
{
 "kind": "compute#project",
…
 "commonInstanceMetadata": {
  "kind": "compute#metadata",
  "items": [
   {
    "key": "sshKeys",
    "value": "paul:ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAg...",
   }
  ]
 },

At this point, we can create new compute instances via the create action. Google compute allows users to specify unique hostnames as long they are unique per project. The machine-type indicates the size of system which defaults to n1-standard-1. (For the public preview, Google only made *-d type system available, so specify n1-standard-1d). Zone indicates the preference for the region where the system should be created, which defaults to us-central1-a. See the Google Compute documentation for more information about machine-type and zone.

$ puppet node_gce create --name=demo1 --project=puppetlabs.com:gce --machine-type=n1-standard-2 --zone=us-east1-a
{
 "kind": "compute#instance",
 "id": "12920446812432197392",
 "selfLink": "https://www.googleapis.com/compute/v1beta12/projects/puppetlabs.com:gce/instances/demo1",
 "image": "https://www.googleapis.com/compute/v1beta12/projects/google/images/ubuntu-12-04-v20120621",
 "machineType": "https://www.googleapis.com/compute/v1beta12/projects/puppetlabs.com:gce/machine-types/n1-standard-2",
 "status": "PROVISIONING",
 "zone": "https://www.googleapis.com/compute/v1beta12/projects/puppetlabs.com:gce/zones/us-east1-a",
 "networkInterfaces": [
  {
   "kind": "compute#networkInterface",
   "name": "nic0",
   "network": "https://www.googleapis.com/compute/v1beta12/projects/puppetlabs.com:gce/networks/default",
   "networkIP": "10.240.20.171",
   "accessConfigs": [
    {
     "kind": "compute#accessConfig",
     "name": "External NAT",
     "type": "ONE_TO_ONE_NAT",
     "natIP": "173.255.112.192"
    }
   ]
…

The new node status will be “provisioning” initially, and we can use the list action to check when the system transitions to “running”:

$ puppet node_gce list --project=puppetlabs.com:gce

Once the new node is in the running state, we can connect to the system via ssh to its external NAT IP.

$ ssh -i ~/.ssh/private.rsa paul@173.255.112.192

When we are done with the instance simply destroy it via the terminate action:

$ puppet node_gce terminate --project=puppetlabs.com:raiden --name=demo1   
{
 "kind": "compute#operation",
 "id": "12920446812432197392",
 "selfLink": "https://www.googleapis.com/compute/v1beta12/projects/puppetlabs.com:gce/operations/operation-1341328670190-4c3ee6ae99b90-444a5700",
 "name": "operation-1341328670190-4c3ee6ae99b90-444a5700",
 "targetLink": "https://www.googleapis.com/compute/v1beta12/projects/puppetlabs.com:gce/instances/demo1",
 "targetId": "12920446812432197392",
 "status": "DONE",
 "user": "paul@puppetlabs.com",
 "progress": 100,
 "insertTime": "2012-07-03T15:17:50.190",
 "startTime": "2012-07-03T15:17:50.356",
 "endTime": "2012-07-03T15:17:58.248",
 "operationType": "delete"
}

Conclusion

Our initial Cloud Provisioner enables you to quickly get started deploying workloads into Google Compute Engine Environments. Next up, we’ll demonstrate bootstrapping a QA environment in Google Compute Engine using Puppet Enterprise.

Learn More

• puppetlabs/node_gce
• Attend the Puppet/GCE webinar – Tuesday at 11 am PT
• Google Compute Engine Solutions Page
• Previous Modules of the Week

Just now at the Google I/O conference in San Francisco we announced integration with Google Compute Engine (GCE), Google’s new Infrastructure-as-a-Service (IaaS) cloud offering. By providing Puppet integration for Google Compute Engine, we’re enabling sysadmins to puppetize GCE so they can quickly and efficiently provision, configure, and manage cloud infrastructure, in minutes going from zero to fully deployed cloud applications.

Can’t wait to get started? The GCE cloud provisioning Beta release is compatible with both Puppet open source and Puppet Enterprise, and is immediately available for free download from the Puppet Forge.

Google + Puppet Labs = Great Partnership

We’ve been working with Google since last year on this project, and we’re pretty excited about it. They’ve spent time thinking hard about how sysadmins and developers access cloud infrastructure, noting what’s worked and what hasn’t for other IaaS cloud providers. Moreover, in running operations platforms for search, Gmail, Google Apps, Google App Engine, and many other apps and services, Google has invaluable experience and insight about what it takes to operate infrastructure services reliably, securely, and at scale.

For Puppet Labs, working with Google on Google Compute Engine was a great opportunity to extend an already great partnership. In doing so, we’re giving our customers more flexibility and choice to select the cloud service that’s right for their requirements and economics. How? Because in addition to physical infrastructure, Puppet Labs also already supports many private and public cloud infrastructures, including VMware, OpenStack, Amazon Web Services, Xen, CloudStack, Eucalyptus, and more. And now the Puppet configurations our users built for their physical and cloud stacks are re-usable in Google Compute Engine as well.

Check It Out

You can download a Beta release of the Google Compute Engine cloud provisioning module for free from Puppet Forge right now. In addition, we’ll be demoing Puppet Enterprise + GCE at the Google IO conference for the rest of the week and at a special get-together tonight in SF (follow us on Twitter @puppetlabs for details).

We’re looking forward to your feedback!
- Teyo

Learn More

• Check out our GCE demo at our Google I/O Cloud Sandbox Thu 6/28-Fri 6/29
• Crash our launch party Thu 6/28 at 7pm in SF – follow @puppetlabs for details
• Read the documentation
• Watch a short video showing GCE and Puppet Enterprise in action
• Participate in our GCE technical webinar on Tuesday, July 10th, 11am PT

In April, we announced Puppet’s support for OpenStack, a popular open source project that can be used to build private clouds. At that time, we posted the first OpenStack configuration module on Puppet Forge, which enabled you to add Puppet Cloud Provisioner support for OpenStack.

Today, we’ll dive deeper and show you to get you up and running with a single or multi-node OpenStack deployment as quickly as possible. This week’s featured module provides a simple way of deploying OpenStack that is based on best practices shaped by the OpenStack community.

OpenStack is composed of several subprojects that need to be installed and configured together to deliver its full functionality:

• nova – compute service
• glance – image database
• swift – object store
• keystone – authentication/authorization service
• horizon – web front end

Getting OpenStack up and running can be a daunting process. Devstack was written to help developers build functional openstack environments but it is not flexible enough for production deployments and provides no capabilities for on-going management.

The OpenStack modules provide a simple, reliable, and flexible way to deploy fully functional OpenStack environments. They were written in collaboration with OpenStack users to capture deployment knowledge and best practices. These modules are suitable for spinning up a single node test environment for evaluation, or as a production deployment toolkit.

Installing the module

The latest version of this module can easily be installed from the Puppet Forge using the puppet module tool (which is included with Puppet 2.7.14+ or Puppet Enterprise 2.5+)

$ puppet module install puppetlabs/openstack

This command will install the openstack module from the Puppet Forge along with all of its dependencies.

Installing the module from source

Users that are interested in contributing should install the modules from GitHub. This requires that rake and the git are installed.

First, clone the openstack module into your module path using the git command:

$ git clone git://github.com/puppetlabs/puppetlabs-openstack <module_path>/openstack

Then cd into the newly created directory and run the modules:clone rake task to clone all of the dependent modules into your module path.

$ cd <module_path>/openstack; rake modules:clone;

NOTE: You should preview the modules that will be installed to ensure that they will not conflict with modules already installed in your environment.

$ cat <module_path>/other_repos.yaml

Configuration Interfaces

The OpenStack module allows users to install OpenStack using the following configuration interfaces:

openstack::all

This class can be used to install all of the openstack components onto a single node and is intended for users that are interested in trying out OpenStack.

openstack::controller and openstack::compute

These classes are used to configure multi-node deployments of openstack.

The openstack::controller class can be used to deploy a central OpenStack management node.

The openstack::compute class is used to deploy compute nodes (which are associated with the underlying hypervisors being managed).

In a multi-node deployment scenario, a user would typically deploy a single openstack::controller with multiple openstack::compute nodes.

Example Usage

An example manifest is provided with the OpenStack module and can be found at:

<modulepath>/openstack/examples/site.pp

To get up and going with an all-in-one installation, use the following node declaration:

node /openstack_all/ {
 
  class { 'openstack::all':
    public_address            => <your_public_address>,
    public_interface          => <your_public_interface>,
    private_interface         => <your_private_interface>,
    admin_email               => 'some_admin@some_company',
    admin_password            => 'admin_password',
    keystone_admin_token      => 'keystone_admin_token',
    nova_user_password        => 'nova_user_password',
    glance_user_password      => 'glance_user_password',
    rabbit_password           => 'rabbit_password',
    rabbit_user               => 'rabbit_user',
    libvirt_type              => 'kvm',
    fixed_range               => '10.0.0.0/24',
  }
}

You can use this node block to assign the all-in-one role to a node by simply running puppet apply:

    puppet apply /etc/puppet/modules/openstack/examples/site.pp --certname openstack_all

NOTE: puppet apply runs without a master and assumes that all puppet manifests are on the client that needs to be classified.

The same example manifest also contains an example that can be used to perform a multi-node installation.

NOTE: This configuration interface requires that both nodes have at least 2 interfaces and that one of those interfaces does not have an ip address assigned to it. Check out the OpenStack docs for more information on nova networking.

The configurations:

node /openstack_controller/ {
 
  class { 'openstack::controller':
    public_address           => '<your_public_address>,
    public_interface         => <your_public_interface>,
    private_interface        => <your_private_interface>,
    internal_address         => <your_internal_address>,
    floating_range           => '192.168.101.64/28',
    fixed_range              => '10.0.0.0/24', 
    multi_host               => false ,
    network_manager          => 'nova.network.manager.FlatDHCPManager',
    admin_email              => 'admin_email',
    admin_password           => 'admin_password',
    keystone_admin_token     => 'keystone_admin_token',
    glance_user_password     => 'glance_user_password',
    nova_user_password       => 'nova_user_password',
    rabbit_password          => 'rabbit_password',
    rabbit_user              => 'rabbit_user',
  }
 
}

and

node /openstack_compute/ {
 
  class { 'openstack::compute':
    private_interface    => 'eth1',
    internal_address     => <your_internal_address>,
    libvirt_type         => 'kvm',
    fixed_range          => '10.0.0.0/24',
    network_manager      => 'nova.network.manager.FlatDHCPManager',
    multi_host           => false,
    sql_connection       => 'mysql://nova:nova_db_passwd@<controller_node>/nova',
    rabbit_host          => <controller_node>,
    glance_api_servers   => '<controller_node>:9292',
    vncproxy_host        => <controller_node_public_address>,
    vnc_enabled          => true,
    manage_volumes       => true,
  }
 
}

can be used to configure agents as either controller or compute nodes.

These multi-node examples should be deployed using a Puppet Master and require these additional setup steps:

1. The openstack modules are installed on the Puppet Master. This includes the puppetlabs/openstack module along with all of its dependencies.
2. The master is using /openstack/exampes/site.pp as its manifest.

#puppet.conf manifest = <module_path>/openstack/examples/site.pp

3. The agents should contact the master and identify themselves as either a controller or a compute node.

             puppet agent --server <your_master> --pluginsync --certname <openstack_controler|openstack_compute> -t

Configuring the module

Although the Puppet modules for OpenStack provide constrained interfaces for the deployment of OpenStack, they still require some level of OpenStack experience to configure and customize properly.

common parameters:

verbose – Can be used to increase the level at which the services log.

parameters shared by openstack::all and openstack::controller

openstack::controller specific options

openstack::compute specific parameters:

Conclusion

With the OpenStack Puppet modules, it’s really easy to get an OpenStack environment up and going quickly.

These modules serve as a great starting place for the deployments of OpenStack production deployments, but there is still a lot more that needs to be done.

The community is actively engaged in a number of features:

• Puppet modules that represent best practices for monitoring OpenStack
• Puppet modules that represent best practices for providing highly available OpenStack deployments
• Better Integration with Razor for policy based provisioning
• Better integration with PuppetDB for service auto-discovery

Learn More:

• Attend a Puppet/OpenStack webinar on Tuesday, June 26 at 11 am PDT
• puppetlabs/openstack module dependencies
• puppetlabs/openstack README
• Join the Puppet Labs OpenStack email list
• OpenStack solutions
• Previous Modules of the Week

VMware vCenter is a software application that provides central management of vSphere environments. It’s an essential component for managing large numbers of VMware virtual machines and the fleet of ESX systems supporting those hosts. As a high level overview, the VMware infrastrastructure stack is essentially VMware VMs running in vSphere ESX hosts, which are managed by vCenter, which can in turn be managed by vCloud Director:

In this case, the vCenter Puppet module can install a full blown vCenter instance with no limitations on Windows 2008 R2 64bit. Puppet not only manages the database dependencies (by deploying Microsoft SQL 2008R2), it will also take care of the installation of VMware vCenter and optionally deploy the vSphere client. Since the vCenter installation process is fairly involved and requires a Windows license, VMware offers vCenter Server Appliance (vCSA) to simplify deployment in a Linux environment. In addition to deploying vCenter on Windows, this module also includes management of vCenter resources such as datacenter, folders, ESX clusters, and ESX hosts modeled as Puppet resources for both Puppet deployed vCenter installation and vCSA.

Installing the Module

On the Puppet master, execute the Puppet module tool to download the vCenter module and its dependencies:

$ puppet module install puppetlabs/vcenter
Preparing to install into /etc/puppetlabs/puppet/modules ...
Downloading from http://forge.puppetlabs.com ...
Installing -- do not interrupt ...
/etc/puppetlabs/puppet/modules
└─┬ puppetlabs-vcenter (v0.1.0)
  ├─┬ puppetlabs-mssql (v0.1.0)
  │ └── puppetlabs-dism (v0.1.0)
  └── puppetlabs-registry (v0.1.1)

Configuring the module

The vCenter module supports the following parameters:

• media: vCenter installation software media location.
• sql_media: Microsoft SQL installation software media location.
• username: vCenter service account username.
• password: vCenter service account password.
• jvm_memory_option: vcenter inventory size, support S, M, L.
• client: install vsphere client software (default: true).

To deploy vCenter, simply specify the options above for the target windows node on the Puppet master. If you have vCSA in your environment, this step can be omitted and you can skip ahead to the resource management section.

node vcenter.puppetlabs.lan {
  class { 'vcenter':
    media             => 'M:\\software\\vCenter\',
    sql_media         => 'M:\\software\\SQL2008\',
    jvm_memory_option => 'M',
    client            => false,
  }
}

After the Puppet agent applies the changes, you should be able to log into the system and access vCenter. This process can take upwards of 30 minutes, because Microsoft SQL and vCenter combined deploy over 6.5 GB of binary.

Resource Overview

The vCenter module introduces the following Puppet types and providers:

• vc_datacenter: Data Centers
• vc_folder: Folders
• vc_cluster: ESX Clusters
• vc_host: ESX Hosts

If you deployed vCenter using the Puppet module, the same node can be used to manage and attach ESX hosts as shown below:

All vCenter resources depends on the rbvmomi Ruby gem, which is installed on the Windows agent as part of the vcenter class, and any vCenter resources can be specified as part of the node.

node vcenter.puppetlabs.lan {
  class { 'vcenter':
    media             => 'M:\\software\\vCenter\',
    sql_media         => 'M:\\software\\SQL2008\',
    jvm_memory_option => 'M',
    client            => false,
  }
 
  vc_folder {  '/lab_env':                            
    ensure     => present,                                               
    connection => 'administrator:puppet@vcenter.puppetlabs.lan',
    require    => Class['vcenter'],              
  }
}

If you already have a vCSA server in your environment, we can still manage the vCSA server indirectly through a proxy system as illustrated here:

Simply install the rbvmomi gem on a proxy node, and make sure the connection info reflects the vCSA device info (the example below vcenter_proxy.puppetlabs.lan manages vcsa.puppetlabs.lan through the vSphere API). The proxy host can be any server that has network access to the vCSA system and it’s not required to use a dedicated host for this purpose.

node vcenter_proxy.puppetlabs.lan {
  package { 'rbvmomi':
    ensure   => present,
    provider => gem,
  }
 
  vc_folder {  '/lab_env':                            
    ensure     => present,                                               
    connection => 'administrator:vcsa_puppet@vcsa.puppetlabs.lan',
    require    => Package['rbvmomi'],              
  }
}

vCenter folders and datacenters are containers for managing inventory objects. The resource title is similar to filepath to indicate how these containers are organized. The example below datacenter1 would exist under the folder /lab_env.

vc_folder {  '/lab_env':                                           
   ensure     => present,                                               
   connection => 'administrator:puppet@vcenter.puppetlabs.lan',                
}
 
vc_datacenter {  '/lab_env/datacenter1':
   ensure     => present,
   connection => 'administrator:puppet@vcenter.puppetlabs.lan',
}

vCenter cluster is a group of hosts, and when a host is added to a cluster its resource becomes part of the cluster resource. Cluster resource titles are also specified like filepath to indicate where they exist in the vCenter hierarchy. The example below cluster1 is part of datacenter1 under the lab_env folder:

vc_cluster {  '/lab_env/datacenter1/cluster1':
   ensure     => present,
   connection => 'administrator:puppet@vcenter.puppetlabs.lan',
}

If we add the resources above to the node vcenter.puppetlabs.lan it will result in the following organization in vCenter:

vCenter host are vSphere ESX hosts which contains virtual machines. The resource title is either the ESX hostname or ipaddress, and the username/password is the login to the ESX host, where the path indicates where the ESX host resides in the vCenter inventory hierarchy:

vc_host { 'esx01.lab.puppetlabs.lan':
   ensure     => present,
   username   => 'root',
   password   => 'test1234',
   path       => '/lab_env/datacenter1/cluster1',
   connection => 'administrator:puppet@vcenter.puppetlabs.lan,
}

Note in this initial release, all resources have a connection attribute which specifies the vCenter connection information. This was intended to support managing resources on different vCenter servers in a single puppet manifests. However we are considering changing this information to be stored in a configuration file similar to puppet device.conf file so it does not need to be part of every vCenter resource.

Also because we are not able to identify resource uniqueness for folders and datacenters, we can not support migration of those resource to a new location. As an example if we change following resources:

vc_folder {  '/folder/lab_env1/':                                           
   ensure     => present,                                               
   connection => 'administrator:puppet@vcenter.puppetlabs.lan',                
}
to:
vc_folder {  '/folder/lab_env2/':                                           
   ensure     => present,                                               
   connection => 'administrator:puppet@vcenter.puppetlabs.lan',                
}

This will result in two folders named /folder/lab_env1 and /folder/lab_env2. This is not a surprise to longtime Puppet users since this is the same behavior as file resources, but I want to make sure new users are aware of this behavior.

The vCenter module also depends on the Puppet Labs DISM and registry modules that may be of interest to Windows’ Puppet users, so I will provide a brief overview.

Windows Deployment Image Servicing and Management or DISM is a utility that can enable/disable features on Windows 7/Windows 2008 through a command line tool. The DISM Puppet resource provides the ability to manage them on those platforms. For example, the following manifests will ensure .Net 3.5 is available on the system:

dism { 'NetFx3':
  ensure => present,
}

The Windows registry is a central repository of hierarchical configuration data. For most applications, it’s far more convenient to manipulate the configuration settings directly in the registry rather than adjust them through a graphical user interface. In the vCenter module, we use the registry type to create the database ODBC connectivity:

registry_key { 'HKLM\SOFTWARE\ODBC\ODBC.INI\VMware VirtualCenter':
  ensure => present,
}
 
registry_value { 'HKLM\SOFTWARE\ODBC\ODBC.INI\ODBC Data Sources\VMware VirtualCenter':
  data => 'SQL Server Native Client 10.0',
  type => string,
}
...

One of the challenges on 64 bit Windows platform is Microsoft’s implementation of registry reflection, which isolates 32bit and 64bit registry keys. Users typically have to be very conscientious about whether they are writing to 64 bit or 32 bit key, and the registry provider includes registry::value defined type which solves this problem by writing to the system native architecture:

registry::value { 'VMware VirtualCenter': 
  key   => 'HKLM\SOFTWARE\ODBC\ODBC.INI\ODBC Data Sources',
  value => 'VMware VirtualCenter',
  data  => 'SQL Server Native Client 10.0',
  type  => string,
}

Conclusion

The vCenter module allows rapid deployment of VMware vCenter on Windows 2008R2, and it provides resources for managing vCenter folder, datacenter, cluster, and ESX hosts for vCSA and vCenter systems. The module isn’t perfect at this point, and we ran into issues during testing due to pending reboot, when the system requires a restart to complete software installation (such as Windows patches installed in the background). Also in this initial release we are merely creating/destroying vCenter resources and not managing resources attributes such as permissions. However, we intend to identify and support some key resource functionalities, and also manage them in a way that would not interfere and conflict with adhoc management of vCenter after the initial deployment. If you have any suggestions or find any other issues, please file a feature/bug request and keep us posted.

Learn More

• puppetlabs/vcenter
• Get started with Razor Provisioning
• Feature requests and bug reports
• Previous Modules of the Week