Puppet, an open source alternative to commercial IT configuration management tools, can greatly increase production by automating tedious tasks. In this Q&A with author and Vice President of Technology Operations at Puppet Labs, James Turnbull, he talks about his new book Pro Puppet, and what makes the tool unique, and how system administrators can use it to better manage their data centers. He also addresses some common questions users have about Puppet, and identifies overlooked features of the software. Chapter 2 of Pro Puppet is available to download and read. Chapter 2 offers an overview of some of Puppet's basic features, including how to structure modules and how to use language constructs.
Who would find Puppet useful?
We’re always finding new groups of people who find Puppet useful, but Puppet’s primary audience is system administrators and developers. Puppet is also used by people managing desktops, embedded devices, networking equipment, security and compliance. We even have a Linux kernel developer who uses it to manage her laptop.
Is Puppet just for large environments or can it be useful for smaller sites? How will its use differ in large vs. small sites?
Puppet is useful both at scale and in small deployments. It’s useful in both because of what it delivers: automated management and recovery, and because it provides economies of scale for people managing systems. Puppet multiplies your ability to manage through automation and every site, small and large, benefits from that multiplier. Everybody who manages systems wants to make the boring tasks, such as creating users and installing and configuring packages, go away. You can then focus on the components that are more interesting or that deliver value to your organization. You don’t only get automation though – you get built-in disaster recovery. If you’ve configured your systems using Puppet, then all you need to rebuild them is the Puppet manifests you’ve written and systems to rebuild them on. This is really useful, especially in small environments where production systems are often the core of an organization.
What is the status of Puppet's functionality on Windows?
Puppet on Windows is in its infancy. We’ve just started working on extending this support and aim to have the client running on Windows with support for things like users, groups, job scheduling, services and some package management. That functionality is set for release later in the year.
What are the key differences between Puppet and other configuration management tools available today?
It’s quite hard to compare configuration management tools. They come in all shapes and sizes, commercial and open source, and designed for managing servers, desktops and networking. Puppet’s strengths are:
- It is a model-driven structure: All of the resources being managed can have their relationships clearly and simply articulated and you can model and simulate your infrastructure
- It is declarative: You specify the state you want your resource to be in rather than the imperative procedural steps.
- It has both a simple language for defining configuration and the full power of a Ruby-based domain specific language
- It is open source.
What areas do users, who are new to Puppet, often have questions about?
I think the most common question is, “Where do I start?” When you first start thinking about configuration management it sometimes takes a little while to work out what the initial problem to tackle should be and identify the commonalities in your environment. I always recommend people start small and choose something as universal as possible to manage (SSH keys or Sudo configuration, for example), then move onto more complex components. I find addressing the basic infrastructure services: DNS, NTP, DHCP, Users and Groups, Mail, etc., is an excellent way to get started and has the benefit of automating some tedious tasks.
What advanced capabilities of Puppet do some users overlook, or not take full advantage of?
I have these moments every now and again where people ask, “Can I do this with Puppet?” and I am about to answer, “No” when I realize that the feature does exist! Puppet has a lot of features and many people, especially those who are using older versions, are often unaware of some of the newer ones. I find people are surprised to hear that Puppet runs stand-alone on hosts (i.e. you don’t need to run it in client-server mode), that it has an audit capability in which you don’t manage configuration items, you just report on their state (much like Tripwire does) and that it has a Ruby DSL in addition to Puppet’s own language.
What advantages can a user realize by integrating Puppet with other tools, such as Cucumber and Nagios?
Puppet alone is not a total solution for all your infrastructure needs. To fill out an infrastructure toolbox you still need other pieces for monitoring and testing, as you do with tools like Cucumber and Nagios. Puppet integrates well with both tools and it’s pretty easy to get started with using them in conjunction with Puppet.
Cucumber is a Ruby-based Test Driven Development tool that allows you to use simple language to articulate tests of your environment. It’s traditionally been used by developers but has become increasingly also used by system administrators to conduct testing of infrastructure. It allows system administrators to conduct systematic and organized testing of infrastructure prior to rolling it into production. Puppet Labs hosts a project, Cucumber-Puppet, that provides integration between Puppet and Cucumber allowing you to write tests for your infrastructure. This allows you to write and ship Cucumber tests with your Puppet modules. Running the tests then allows you to validate the actions contained in your modules have actually been performed.
Whilst venerable, Nagios is still the de facto monitoring choice for IT environments and, as a result, you can easily integrate it with Puppet to automate the creation of your monitoring checks and configuration. Puppet comes with built-in resources that allow you to manage Nagios configuration. For example, when you manage a daemon or service with Puppet, you can have Puppet automatically create a corresponding check for that service. This provides you with a really fast and automatic way to build monitoring around your configuration.
Lastly, regarding integration, one of the strengths of Puppet is the API. From 2.7.0 onwards, you can do almost everything you can do via the command line or the Puppet Dashboard that you can do via the API. That means it has become very easy to integrate Puppet into other tools.
This Q&A is based on James Turnbull's book, Pro Puppet, ISBN13: 978-1-4302-3057-1, published May 2011 by Apress Media LLC, Copyright 2011 James Turnbull and Jeffrey McCune. For additional content, please visit the publisher's page.