Because I work with a lot a of Windows guys, I tend to describe Puppet as Group Policy for Linux. The basic idea is to centralize your host and service configurations, so that you don’t have to waste time configuring the same things over and over again. Once you have a set of standard templates, you can simply apply them to the desired hosts and let Puppet do all the configuring for you. This article is not meant to be an in-depth Puppet tutorial (you can find that elsewhere), but more of a high-level overview of how to design a flexible Puppet infrastructure.

Zones and Roles

The first thing we did was organize our hosts and services into “zones” and “roles” (similar to the Example (42) Infrastructure Design Guidelines). A “zone” says something about where a particular host lives (e.g., which network it’s on or which customer it belongs to), while a “role” says something about what the host does (e.g., serves web pages, routes email messages, etc.). Note that Puppet has no built-in concept of zones and roles. This is just a method of organization that worked well for us.

Modules

Once our zones and roles were defined, we needed to create the “modules” that make up our various roles. A “module” is simply a way to group related configuration options together. For example, we have modules with names like “apache,” “bind,” “mysql,” and “postfix.” Each module contains the scripts and files needed to apply the appropriate configuration for a given service.

Module Example

Here is an example of a module that we use to manage the SSH service on some of our servers:

class openssh::server {
    package { "openssh":
        name   => "openssh-server",
        ensure => installed,
    }
    file { "sshd_config":
        path    => "/etc/ssh/sshd_config",
        owner   => "root",
        group   => "root",
        mode    => "600",
        source  => "puppet:///openssh/sshd_config",
        require => Package["openssh"],
    }
    service { "openssh":
        name      => "sshd",
        enable    => true,
        ensure    => running,
        hasstatus => true,
        require   => Package["openssh"],
        subscribe => File["sshd_config"],
    }
}

I don’t want to go into a lot of detail here, but you should notice three distinct sections in this module—”package,” “file,” and “service.” In Puppet lingo, these are called “resources,” and are the basic building blocks of every Puppet configuration. Puppet resources allow you to focus on what you want to do, and let Puppet handle the platform-specific details of how it gets done. In this example, we tell Puppet to do the following:

1. Use the package resource to ensure that the “openssh-server” package is installed.
2. Use the file resource to overwrite the sshd_config file with our modified version (making sure to set the proper permissions on the file).
3. Use the service resource to ensure that the “sshd” service is running.
   • If any changes are made to the sshd_config file, then restart the sshd service so that the new configuration takes effect.

Role Example

Now that you know what a module looks like, let’s look at how roles are built up from modules:

class role_default {
    include openssh::server
}
class role_lamp {
    include role_default
    include apache::ssl
    include apache::php
    include mysql::server
}

There are two roles here; role_default (the role we apply to all hosts) and role_lamp (for Linux/Apache/MySQL/PHP servers). Notice that our example openssh::server module is assigned to role_default, and role_lamp includes role_default, as well as three other modules. This demonstrates how complex roles can be built up from smaller roles.

Zone Example

At Fandotech, we typically use zones to set variables that override the default behavior of certain modules. In other words, a given module may configure things differently depending on what zone the target host is in. In this example, we set a variable to allow the “LinuxAdmins” group to log on to hosts that live in the zone_fandotech zone:

node zone_fandotech {
    $accessconf_rules = ["+ : LinuxAdmins : ALL"]
}

Node Example – Tying it all Together

Nodes are the individual hosts managed by Puppet, and are what tie everything together. Let’s look at one final example:

node default {
    include role_default
}
node 'example.fandotech.com' inherits zone_fandotech {
    include role_lamp
}

In this example, we have a special “default” node, which refers to any puppet-managed host that does not have explicit node configuration. We also have a node called “example.fandotech.com” which lives in the zone_fandotech zone and gets all the configuration options from the role_lamp role.

Conclusion

Puppet promotes efficiency by making it possible for a single administrator to configure hundreds (or possibly even thousands) of Linux machines without having to log on to a single one. It also helps ensure standards compliance, and if your Puppet configuration is stored in a source code repository (which it should be), then you have a built-in audit history of every change made to your systems.

The bottom line is that if you’re still trying to manage Linux machines without a configuration management system (like Puppet), then you’re doing it wrong.

Michael Conigliaro

How is your IT staff spending their time? Why not ask them how we can help!

What is an IT Managed Service (MSP)? Simply put, it is any IT need that is out-tasked to a service provider. They range from some of the basic services including remote backup, antivirus, and patch update services to the more complex involving Security and Infrastructure management services to outsourcing all IT services. So first ask yourself, what are my IT needs? Then look at those needs and determine if those needs were fulfilled through a managed service would it increase productivity and/or profitability?

The popular misconception for most clients is that if they have IT staff, they do not need a Managed Services Provider. For some companies that may be true. But for many, there are often areas that could be covered by additional outside support. By listening to your internal IT team you will quickly understand where the needs for your organization fall. Some of the most common we hear from IT teams:

1. We need to get our data off-site?
2. I spend too much of my time maintaining and patching PC’s.
3. I am not sure if my backups are running successfully?
4. I lose a lot of my time staring out the windshield supporting our locations.
5. I am too busy with desktop support issues to get to the projects on my list.
6. I am concerned about regulatory compliance reporting (or) general security of our data.
7. I don’t know about potential problems until after the fact.

All of the above concerns can be supported by a Managed Services Provider (MSP), while ultimately remaining in the control of your existing IT staff. Our flagship 180IT services can help assist your team in meeting the demands of day to day operations while freeing up their time to work on the projects that are going to support your company’s key business initiatives.

Our Boomerang Recovery Solutions take the guess work out of data backup giving you the peace of mind of knowing your data is safe and recoverable, saving your IT staff valuable time otherwise spent on monitoring. In the event of a failure, your team will have the full support of our highly skilled engineers to recover the data and get you back online.

While we do act as the complete IT department for many of our clients, the majority of our managed services are collaborative efforts between our team and yours. Contact an Account Representative today for an assessment of your IT needs.

Brian Doyle

“It’s the ECONOMY stupid!”

James Carville wrote the above message on the whiteboard where the then candidate, Bill Clinton, would see it every day before he went out on the stump to campaign for office. The point of this exercise? Bill would get wrapped up in talking about whatever came to his mind each day and lose focus on the real issues. This daily reminder was meant to help reel him in.

It’s even more important today for each business to stay focused on the real issue—It’s the Economy!

We at Fandotech are no different than any other small business and we have to stay focused on the fundamentals: cash flow. Cash flow is the equivalent to a loan for us. If we deliver a service to a customer this week and pay our people this week, but our customer doesn’t pay for 90 days, we have to borrow money to cover the difference in time. If everyone delayed payments for 90 days we’re missing a quarter of annual revenues.

MSP businesses cannot assume the liability of being the bank for the clients. Therefore we need to put both incentives and penalties into contracts to insure timely collections for our valuable services.

When clients pay ahead, we can entice them with a point or two of discount.

When they delay, we must be business-like and disciplined; ready to enforce the late fees and collection fees. Every time we compromise on these when a client is excessively late in paying us, we are losing money and devaluing our services in the client’s eyes.

Even in tough times, good clients value our service enough to want us to be their MSP next year. BUT if we don’t manage cash flow this year, your MSP may be the one to provide the service next year.

John Boyd

Since we are an MSP (Managed Service Provider), we use one of the most recommended and widely-used software solutions: ConnectWisePSA. I’ve gathered a few tips for making a user’s day-to-day tasks easier and more efficient.

• Customize ConnectWise Today to make it something worth looking at every day. For example, I have rearranged the blocks and changed the color scheme to make it easier on my eyes. Ask ConnectWise admins to add useful company links to it. You can also add your own links under Customize > My Links.

• Add the tools you use the most to My Favorites. Don’t keep going up and down the left-hand side bar looking for them. It’s a frustrating waste of time. Right click on the link (like Service Board or Agreements) and left click on “Add to Favorites”. If you change your mind about a link, go to your Favorites, right click it and left click on “Remove from Favorites”.

• Use more than one tab to have more than one company or task open at a time. Again, right click on the link, then left click on “Open in tab”. If you have a scroll wheel on your mouse, you can click that instead to open a tab. Once done, you can flip back and forth between items more quickly than before.

• Add shared knowledge under Company > Configuration. Ask your ConnectWise admin to add different configuration templates to suit your needs. For example, we track everything from domain and registrar info to anti-virus vendor information in Configurations.

• Use the Knowledgebase to find similar tickets or issues that arise. Be sure to check both Service Tickets and Time Entries, as it will take you to the answer more quickly than having to read through entire strings of tickets.

Does your organization use ConnectWisePSA? If so, share tips in the comments.

Terri

Harry Beckwith’s Selling the Invisible reminds us of an old New England saying, “don’t speak unless you can improve the silence.”

Sage advice. Yet, even though we agree with the sentiment, we still go to prospects unprepared. A familiar scene plays out…we arrive without a top five list of reasons typical clients find value in our services, thus unable to summarize these points at the proper time (near the beginning of the conversation) we wing it. We make small talk, talk about the general business climate and then after 30 minutes (if we’re even interested in selling at all) we start asking pain questions and posture our company as the solution.

The question is…did we just inflict pain by wasting their time?

With colocation and MSP, it’s a trust sell. So step one? Earn their trust by delivering a valuable meeting!

1. Colocation saves the client from investing in the landlord’s building…why spend hundreds of thousands of dollars to build a data center in Class A office space, only to move 3 years later?
2. Facilities management is not the client’s job.
3. Who is calculating the incremental loads on electrical and air conditioning each time you buy a new server?
4. How many times have you had all your employees without access to your servers due to power or network outages beyond your control? What was that worth?
5. Do your employees go on vacation? If so, how many people do you have that can back them up?

These are the business issues that can begin a conversation about value that goes well beyond the bottom line, “what will you charge me to reboot a server?” Start with the business definition questions and be immediately ready with a solid value statement for each of these questions to underscore that you know what you’re doing and you have actually done it before.

Remember, get to the point. Otherwise, you may not have time in the meeting to get your value statement on the table. If you don’t improve the silence from the start, you probably won’t get another chance.

John Boyd