Speeding up Beaker on a Mac using SquidMan

Update: Thanks to Steven Bambling for pointing out that SquidMan is also available as a Homebrew Cask.

If you have used Beaker extensively for system testing your Puppet roles and profiles, you will have no doubt had some coffees while waiting for RPMs to download that you may well have downloaded before.

I was pleasantly surprised to find that setting up a Squid Cache using SquidMan on my Mac OS X Yosemite laptop and then having Beaker point at it was fairly straightforward. Still, there are a few gotchas to justify a blog post on the subject.

Thanks go to Alexander Rumyantsev for his post on Using squid to cache RedHat/CentOS yum repositories, and also to My Private Network for their post on Setting up Squid Man.

Installing and configuring SquidMan

I downloaded SquidMan 3.6 from here, and installed as with any other DMG file (although, to be sure, I had to manually drag and drop the app into my /Applications folder).

Having started I went to its Preferences and entered the following config:

Screen Shot 2016-04-27 at 12.13.11 am

 

That is, I set the port to 3128, increased the maximum object size to 256MB in case I need to deal with large RPMs, and set the cache size to 4GB, and then I went to the Clients tab:

Screen Shot 2016-04-25 at 8.28.37 pm

And here I allowed Beaker to connect from whatever network it happens to be on, i.e. all. (Limit that as your needs for security dictate.)  (If you forget this step, Beaker will error out during a Yum install with a 403 Forbidden error.)

After starting Squid, you can find its config file using:

$ ps -ef |grep squid 501 2955 1 0 8:17pm ?? 0:03.64 /Applications/SquidMan.app/Contents/Ma cOS/SquidMan 501 7283 1 0 8:28pm ?? 0:00.00 /usr/local/squid/sbin/squid -f /Users/ alexharvey/Library/Preferences/squid.conf 501 7285 7283 0 8:28pm ?? 0:00.08 (squid-1) -f /Users/alexharvey/Library /Preferences/squid.conf 501 13310 96095 0 8:43pm ttys003 0:00.00 grep squid read more

Rspec testing a simple Ruby script

While writing a simple Ruby script recently, I discovered that it is difficult to find any internet documentation that discusses the simplest use-case for Rspec, namely to test a short, simple Ruby script. By that I mean a script that has methods, but no classes.  This post intends to fill that gap.

Following along

If you’d like to follow along with the code, you can clone this repo. Note that I have added tags so that you can checkout the code in stages that will closely follow the examples in the text. Where I say, “checkout 0.0.1” in the text, I mean run a

$ git checkout 0.0.1

and you’ll have the code matching where you’re up to in the text.

Project structure

To begin (checkout 0.0.1) we create a new project that illustrates expected file locations.

$ mkdir example $ cd example $ mkdir bin spec read more

Building a highly available ELK solution with Puppet, Part III: Elasticsearch backend

NOTE: this series is a work-in-progress that will be finished in due course.  I leave it up here because the code and approach is likely to be nonetheless useful to people engaged in building a similar ELK / Puppet solution.

Introduction

Elasticsearch is a Java-based open-source search engine built on top of Apache Lucene, and released under the terms of the Apache license. It provides a distributed, multitenant-capable search engine behind a convenient RESTful JSON API. Today, it is the most popular enterprise search engine in the world.

In this third part of our series, ‘Building a highly available ELK solution with Puppet’, we look at how to build an Elasticsearch 2.2 cluster using the latest Elasticsearch, the latest Puppet 4, and the latest Elastic.co Elasticsearch Puppet module.

Here we look at the profiles profile::jdk, profile::elasticsearch, and profile::elasticsearch::data_node. We will discuss Hiera data for a single-node and clustered configuration. This will involve configuring Yum; installing the JDK; managing the elasticsearch user and group; configuring an LVM volume for Elasticsearch data; installing and configuring the Elasticsearch application; and configuring the firewall. We will discuss in passing some of our views on Puppet programming best practices, and justify some of the choices we have made.

Puppetfile configuration

We add the following modules to our Puppetfile for the Elasticsearch cluster:

forge 'https://forgeapi.puppetlabs.com' mod 'thias/sysctl', :git => 'https://github.com/thias/puppet-sysctl.git' mod 'elasticsearch/elasticsearch', :git => 'https://github.com/elastic/puppet-elasticsearch.git' ... read more

Building a highly available ELK solution with Puppet, Part II: The base profile

NOTE: this series is a work-in-progress that will be finished in due course.  I leave it up here because the code and approach is likely to be nonetheless useful to people engaged in building a similar ELK / Puppet solution.

Introduction

In this second part of our series, ‘Building a highly available ELK solution with Puppet’, we look at our example base profile.

The example is artificially simple, and provides an illustration of the concepts for readers who are new to the roles and profiles pattern, and allows me to make some general points about writing roles and profiles that inform my decisions in subsequent ELK-related posts. Most readers will already have their own base profile, and if not, will probably have requirements that go beyond this contrived example.

If you are already familiar with the roles and profiles pattern, you may want to read the section about the yum configuration, and you may be interested in the firewall_multi module.

As mentioned in part I, the source code is available at Github. It is licensed under the MIT license.

Configuring the Puppetfile

Before we can write the base profile we need to install the Puppet Forge modules that it will depend upon, and to do that, we must set up our Puppetfile. If you have not used a Puppetfile before, have a look at the documentation here.

Why Librarian-puppet

It should be noted that I am using Tim Sharpe’s Librarian-puppet, the original Puppetfile processor and, in my opinion, still the best. Many users will be using r10k both to install modules as specified in Puppetfile, and also to deploy their code into target environments. Meanwhile, Puppet Enterprise users may be using Code Manager, which uses r10k under the hood.

The advantage of Librarian-puppet is that it is simpler, and it resolves dependencies. And if you, like me, intend to deploy your code onto Puppet Masters using the deployment capabilities of your CI/CD system, you may find that Librarian-puppet is still the right choice.

Puppetfile config for base profile

Our base profile requires the following modules:

We therefore add the following lines to our Puppetfile (source code):

forge 'https://forgeapi.puppetlabs.com' mod 'puppetlabs/stdlib' mod 'puppetlabs/ntp' mod 'alexharvey/firewall_multi' read more

Dumping the catalog in rspec-puppet

I always knew there was a better way.

In a previous post I documented a procedure for compiling a catalog without logging onto a Puppet Master.  The procedure is useful but also complicated.

Some would ask, why can’t Rspec-puppet just dump the catalogs it compiles during unit testing?

It can; I just found a bit of the answer here, and the rest of it inside a debugger.

How to dump the catalog in Rspec-puppet

I assume we have Rspec-puppet set up already.  If not, try the Rspec-puppet tutorial.

Imagine we have a simple test as follows:

require 'spec_helper' describe 'myclass' do it { is_expected.to compile.with_all_deps } end read more

Parallelising rspec-puppet

I recently migrated a client away from Andrew Cunningham’s puppet-validator – an open source project that simply compiles catalogs based on configurable fact values – to rspec-puppet.

The advantages of rspec-puppet are many and, obviously, being able to do more than just compile catalogs is one advantage.  However, Andrew’s project also had some advantages; in particular it used threads to parallelise catalog compilation.  This meant that some 100 catalogs could be compiled and tested on my 8 CPU-core laptop in less than 3 minutes.  After setting up rspec-puppet, however, I found that the same tests were now taking over 20 minutes.

It seems to me that the Puppet community has thus far tolerated rspec-puppet’s slowness.  To illustrate, I’ll focus in this post on the very mature Puppet Labs Apache module and show how parallelising its rspec-puppet tests by setting up Michael Grosser’s parallel_tests would get the current execution time of about 30 minutes (on my laptop) down to under three.

Running the rspec tests in puppetlabs/apache

To get started, let’s clone the puppetlabs/apache module:

$ cd /tmp $ git clone https://github.com/puppetlabs/puppetlabs-apache.git read more

Using catalog-diff while refactoring Puppet code

In yesterday’s post I showed how you can compile a Puppet catalog from a bundle on a laptop.  Today I’m going to show how you can use Zack Smith’s catalog diff tool to assist with complex refactoring changes.

Code examples

For the purpose of describing how to use the catalog diff tool, it will be better to use an artificially simple code example.  Imagine we have all of our code in site.pp as follows:

node 'myhost.example.com' { file { '/tmp/myfile': ensure => file, content => "My hostname is ${::hostname}\n", } } read more

Compiling a puppet catalog – on a laptop

From time to time I have wished that I could easily compile a Puppet catalog from my laptop. Use cases that spring to mind include, "hey, wouldn't it be great if I could see what this super-complicated Puppet Forge module is actually doing without having to spin up a VM and 'puppet apply' it". Othertimes it has just been curiosity.