Maintaining infrastructure configuration in the optimal state is a complex task. The heterogeneity in software and hardware configurations makes the task difficult. Puppet enables the seamless automation of infrastructure management, thus reducing the burden on the systems administrator . This article introduces you to the features of Puppet.
With the prolific increase in the heterogeneity of components in IT infrastructure, managing this environment efficiently becomes an important task. Systems administrators go through this complex routine of configuring and deploying servers. These daily tasks, though repetitive, require expert skills owing to the changes and enhancements in the infrastructure. Moreover, the standalone scripts that are custom made to automate these tasks suffer from various disadvantages like a lack of proper documentation, improper updates, platform specific requirements, etc.
One of the crucial problems that many IT organisations face is the differences in the development, testing and production environments. The code that works perfectly in the development environment may induce some glitches in the QA or production environment. This becomes a big barrier when introducing new features in the production environment. Even the bug fixes become cumbersome. Ultimately, it takes longer to make the best features reach the end users. This becomes a big issue in the present scenario of cut-throat competition.
There are certain tools that can make the complex task of infrastructure configuration management effective and efficient, which are listed below:
- Puppet
- SaltStack
- Ansible
- Chef
- Cake
All of the tools mentioned come with certain advantages and disadvantages. This article explores the Puppet configuration management platform, which makes the management of code and infrastructure across different stages (development, QA and production) effective. This DevOps based approach ultimately benefits organisations and their customers in getting the best out of the IT infrastructure.
An introduction to Puppet
Puppet is a leading option in the configuration management arena. It is open source and supports major operating systems such as Linux, UNIX-like OSs and Microsoft Windows. The initial release of Puppet came out in 2005. Puppet’s code is written in Ruby, C++ and Clojure. The current stable release of Puppet is 6.0.4. Luke Kanies is the founder of Puppet.
Puppet consists of two major components:
- Puppet Language
- Puppet Platform
Puppet provides a modelling language, which enables the description of the resources and the end-state more simply. The Puppet language supports various platforms. The abstraction that Puppet brings in is its major advantage. To put it in simple terms, the Puppet language does not mandate expertise in programming. The configuration syntax is simple.
Declaring of resources is the major task of Puppet. The resources can be grouped into classes. For example, a resource can describe a unique file or package. Other examples of resources are as illustrated in Figure 2.
A sample is shown below:
user { ‘ksks’:
home => ‘/home/ksks’,
uid => ‘144’,
ensure => ‘present’,
comment => ‘OSFY’,
shell => ‘/bin/bash’,
groups => [‘sysadmin’,’LFY’, ‘audio’,’video’,’puppet’]
}
Puppet programs are termed manifests. The file name extension they are associated with is .pp.
Class describes an entire service or application. Puppet classes enable you to reuse the Puppet code.
# A class with no parameters
class base::linux {
file { ‘/etc/passwd’:
owner => ‘root’,
group => ‘root’,
mode => ‘0644’,
}
file { ‘/etc/shadow’:
owner => ‘root’,
group => ‘root’,
mode => ‘0440’,
}
}
The class definition incorporates the following:
- The keyword ‘class’
- The class name
- Parameters list [optional]
- An optional ‘inherits’ keyword. In this class, another class name follows.
- Opening and closing parenthesis. Inside this block, the Puppet code with at least one resource declaration.
The class definition can include parameters as well:
# A class with parameters
class apache (String $version = 'latest') {
package {'httpd':
ensure => $version, # Using the class parameter from above
before => File['/etc/httpd.conf'],
}
file {'/etc/httpd.conf':
ensure => file,
owner => 'httpd',
content => template('apache/httpd.conf.erb'), # Template from a module
}
service {'httpd':
ensure => running,
enable => true,
subscribe => File['/etc/httpd.conf'],
}
}
An example for class inheritance is shown below:
class apache {
service {'apache':
require => Package['httpd'],
}
}
class apache::ssl inherits apache {
# host certificate is required for SSL to function
Service['apache'] {
require +> [ File['apache.pem'], File['httpd.conf'] ],
# Since `require` will retain its previous values, this is equivalent to:
# require => [ Package['httpd'], File['apache.pem'], File['httpd.conf'] ],
}
}
From the following code snippet, it can be observed that the code looks more readable than the alternative options.
# /etc/puppetlabs/code/modules/webserver/manifests/params.pp
class webserver::params {
$packages = $operatingsystem ? {
/(?i-mx:ubuntu|debian)/ => 'apache2',
/(?i-mx:centos|fedora|redhat)/ => 'httpd',
}
$vhost_dir = $operatingsystem ? {
/(?i-mx:ubuntu|debian)/ => '/etc/apache2/sites-enabled',
/(?i-mx:centos|fedora|redhat)/ => '/etc/httpd/conf.d',
}
}
# /etc/puppetlabs/code/modules/webserver/manifests/init.pp
class webserver(
String $packages = $webserver::params::packages,
String $vhost_dir = $webserver::params::vhost_dir
) inherits webserver::params {
package { $packages: ensure => present }
file { 'vhost_dir':
path => $vhost_dir,
ensure => directory,
mode => '0750',
owner => 'www-data',
group => 'root',
}
}
Another important component of Puppet is the platform. The configuration management requires a master-agent type of structure, which enables the deployment of Puppet code to maintain the required configuration. The workflow of the master-agent setup is listed below.
- The agent node communicates the facts to the master. It asks for a catalogue.
- The master node accordingly compiles and sends the node’s catalogue using the available sources of information.
- The agent manages the node by checking each resource. If the resources are not in the desired optimal state, it makes the necessary changes to bring the nodes to the required state. In certain modes, it simply assesses the changes that need to be brought in.
- Finally, the agent communicates back the report to the master.
The communication between the masters and agents happens through HTTPS using SSL certificates. The following command can be used to inspect requests and sign new certificates.
puppetserver ca
The basic ideology of Puppet is to model the infrastructure through code. By managing and configuring this code, the infrastructure management can be made effective. This process certainly enhances the quality of deployments. By representing configuration as code, the developers can enable test environments in their own system. In this way, Puppet can bring about better control over infrastructure management, ensuring end users receive the benefits at the earliest.
This article has just explored Puppet at a surface level. The Puppet official documentation has a lot more information on getting the best out of it.
