Puppet is a tool used to manage and automate IT-Infrastructure. It uses its own declarative language to describe system configurations. It's written in python and distributed under the Apache License 2.0 (since version 2.8). Configurations can be written in puppet's declarative language or a ruby DSL (domain-specific language). Puppet exists in two versions: Open Source Puppet or Puppet Enterprise.
Open Source Puppet is the basic for Puppet Enterprise as described in "What is Puppet?"
Puppet Enterprise extends the basic Open Source Puppet by apps to make management and distribution of enterprise infrastructure easier. Some apps are i.e. used to monitor, track, distribute and manage nodes.
You can find the installation instructions in the Open Source Puppet Documentation. To use Puppet for development you need a tool like Vagrant to manage your virtual machines.
To install Puppet you can use the following command: sudo gem install puppet
Install librarian-puppet
To install the CLI tool librarian-puppet you can use the following command: sudo gem install librarian-puppet
- Run
librarian-puppet init
to create a Puppetfile - Add metadata.json
- Add your dependencies into the file named Puppetfile
- Run
librarian-puppet install
to install the dependencies
- Install git
- Add a submodule with the command
git submodule add <repository-url> puppet/modules/<module-name>
You can also manually download any module, i.e. from Puppet forge.
Puppet typically runs in a master/slave architecture, where the master server holds the configurations, which can requested by the slaves (nodes). The nodes require the Puppet Agent application to be installed, which typically runs in the background. The servers need the Puppet Server application, typically managed by a web-server as a rack application. After a given time every node syncs with the Puppet master server by sending facts, and expects a compiled catalog as response.
Puppet can also run in a standalone version, which is called Puppet Apply. Puppet Apply periodically compiles the catalog (via i.e. a cron-job) and checks the current system for changes, and if needed applies them.
- In puppet apply every node has access to the full knowledge
- Agent / master handles all reports centrally
- In puppet apply every node needs to be synced if a change on the manifests was made, in agent/master only the master server needs to be updated
- Puppet apply needs more resources (since all nodes have to compile their own catalog)
- Master/Slave need a big master server (lots of RAM and CPU) with a fast disk
- Agents need good network to reach master servers
The following steps are performed when a catalog is being compiled:
- Retrieve the node object
- Set Variables from the Node Object, from Facts, and from the Certificate
- Evaluate the Main Manifest 3a. Load and Evaluate Classes from Modules
- Evaluate Classes from the Node Object
A catalog describes a system state for a single node. It is compiled by the master server and requested by a node by sending the facts to the master. It lists all resources and dependencies which need to be managed in a certain order.
Puppet files are called manifests and always end on .pp. They:
- Must be UTF-8 encoded
- May use Unix (LF) or Windows (CRLF) line breaks
Puppet always starts compiling with the main manifest file.
A resource describes some aspect of a system, i.e. a service that needs to be managed or a package that needs to be installed. A resource declaration is a block of Puppet code, which describes the resource.
Sample:
# A resource declaration:
file { '/etc/passwd':
ensure => file,
owner => 'root',
group => 'root',
mode => '0600',
}
The syntax contains a type, a title and a set of attributes, where the type identifies what kind of resource it is, the title is unique string for the compiler and the attributes describe the actual state of the resource.
type {'title':
attribute => value,
}
Classes are bigger named blocks of Puppet code which are only executed when they're called. They are stored in modules and can be added by declaring them.
# A class with parameters
class apache (String $version = 'latest') {
package {'httpd':
ensure => $version, # Using the class parameter from above
before => File['/etc/httpd.conf'],
}
file {'/etc/httpd.conf':
ensure => file,
owner => 'httpd',
content => template('apache/httpd.conf.erb'), # Template from a module
}
service {'httpd':
ensure => running,
enable => true,
subscribe => File['/etc/httpd.conf'],
}
}
A class consists of the class
keyword, the name of the class, an optional parameter list and a block of Puppet code.
A class can be used by declaring it, which is possible in two ways:
- By using
include
,require
,contain
orhiera_include
, which is called 'include-like behaviour' - By declaring them like a resource, which is called 'resource-like behaviour'
Node definitions contain code, which is only executed on one specific node.
# puppet/manifests/site.pp
node 'www1.example.com' {
include common
include apache
include squid
}
node 'db1.example.com' {
include common
include mysql
}
Modules are bundles of code and data. Every manifest file should be placed in a module, except the main manifest
.
A module has the following directory structure:
my_module
manifests
init.pp
This file contains a class definition, which must be named after the module name.other_class.pp
Contains a class which is namedmy_module::other_class
some_folder
foo.pp
Contains a class namedmy_module::some_folder::foo
files
This folder contains static files needed by the nodesservice.conf
This file'ssource =>
would bepuppet:///modules/my_module/service.conf
, its content can be accessed by thefile
function (content => file('my_module/service.conf')
)
templates
This folder contains templates which can be used by the manifestscomponent.erb
A template file which can be used by callingtemplate('my_module/component.erb')
component.epp
A template file which can be used by callingepp('my_module/component.epp')
lib
This folder contains additional pluginsfacts.d
This folder contains external factsexamples
This folder contains examples on how the module should be usedinit.pp
spec
Contains spec tests for any plugins in the lib directory
Modules can be found on multiple sources, the official repository from Puppetlabs is Puppet Forge. Another source is GitHub, where different authors offer open soruce modules. A popular repository on GitHub is Example42.
Modules can either be downloaded manually (see Option 3, or automatically by either using a dependency manager like librarian-puppet
(see Option 2), or cloning
from a GitHub repository (see Option 2)
For the usage of librarian-puppet you have to install Ruby on your Windows machine. The librarian-puppet package needs also a puppet installation on the machine. This is also required, when you just want to download the puppet modules and install them on a guest system like a vagrant machine. It is possible that you will get SSL Authentication Errors when you start "librarian-puppet install". This is caused by non existent certificates. One fast workaround is to start your computer management and add a new envirment variable called "SSL_CERT_FILE" with the value of CHEFDK-HOME\embedded\ssl\certs\cacert.pem or download the file http://curl.haxx.se/ca/cacert.pem and point your path variable to this file.