Why use Puppet for automation and orchestration

Puppet the company bills Puppet the automation tool as the de facto standard for automating the delivery and ongoing operation of hybrid infrastructure. That was certainly true at one time: Puppet not only goes back to 2005, but also currently claims 40,000 organizations worldwide as users, including 75 percent of the Fortune 100. While Puppet is still a very strong product and has increased its speed and capabilities over the years, its competitors, in particular Chef, have narrowed the gap.

As you might expect from the doyenne of the IT automation space, Puppet has a very large collection of modules, and covers the gamut from CI/CD to cloud-native infrastructure, though much of that functionality is provided through additional products. While Puppet is primarily a model-based system with agents, it supports push operations with Puppet Tasks. Puppet Enterprise is even available as a service on Amazon.

Puppet products

Current Puppet offerings include open source Puppet, Puppet Enterprise, Puppet Pipelines, Puppet Discovery, Puppet Bolt, Puppet Container Registry, and Puppet Forge. Open source Puppet, an automated administration engine for your Linux, Unix, and Windows systems, performs administrative tasks (such as adding users, installing packages, and updating server configurations) based on a centralized specification.

Puppet Enterprise adds orchestration features, a web console, and professional support to open source Puppet. It helps you scale automation broadly and deeply across your infrastructure and keep it compliant. Puppet Discovery discovers traditional infrastructure, cloud-native resources, and containers, and lets you bring them under management.

Puppet devops

Puppet Pipelines is a continuous integration/continuous delivery platform, available as a hosted service and on-premises installation. There are two separate versions of Pipelines, for applications and for containers with Kubernetes.

The agent-less Puppet Tasks feature allows you to perform ad hoc tasks, as opposed to model-driven automation with agents. Tasks comes in two flavors: the open source Puppet Bolt, and Puppet Enterprise Task Management. Bolt is intended for smaller infrastructures, while Enterprise Task Management, a component of Puppet Enterprise, is for large-scale infrastructures that need role-based access control, audit trails, and team-oriented workflows.

Puppet Container Registry (formerly Distelli Europa), which comes in free, premium (or team), and enterprise versions, provides a unified view of local and remote registries for Docker containers. The premium version adds multiuser support and access control; the enterprise version adds single sign-on.

Puppet Forge

Puppet Forge is a repository of modules for open source Puppet and Puppet Enterprise. It currently contains over 5,500 prebuilt modules. Some modules have Puppet Tasks, but not all. Some modules are tested and supported by Puppet as part of Puppet Enterprise, and some are only approved by Puppet.

Each module has its own prerequisites and installation procedure. I won’t say “Here be dragons,” but I will say that installing modules is one area where Puppet doesn’t even try to camouflage its roots as a tool for Linux/Unix sysadmins, even though it does Windows pretty well these days (except as a Master).

Puppet Enterprise

Puppet Enterprise is a unified platform that combines a model-driven configuration approach with imperative task execution, so you can manage hybrid infrastructure. It supports devops practices such as version control, code review, automated testing, continuous integration, and automated deployment. You can also use Puppet to migrate workloads to cloud, containers, and hybrid cloud. Puppet allows you to enforce the desired state of your configurations, automatically remediate any unexpected changes, and automate ad hoc tasks.

Puppet Enterprise helps reduce the risks associated with security misconfigurations and failed audits by continually enforcing your security policies and proving compliance. Basically, the Puppet Master automatically sends out (pushes) catalogs to its clients every half hour, and the Puppet agents on the clients then compare that catalog with facts about its existing configuration and apply changes if necessary. Then the agents return a status report to the master, which can generate an overall compliance report. Security and compliance are handled as part of Puppet’s core configuration management, not in a separate component.

IDG

Puppet in the cloud

Puppet Enterprise is integrated with the leading cloud service providers: Amazon, Microsoft, VMware, and Google. It lets you streamline the management of compute, storage, and network resources and scale workloads across heterogeneous environments. The functionality is mostly found in cloud-specific modules, for example the puppetlabs/aws module, which provides an interface to the AWS API and allows you not only provision instances, but also to describe your entire AWS infrastructure and to model the relationships between different components.

Puppet Enterprise doesn’t currently support serverless functions. Puppet Pipelines, another part of the portfolio, is a tool for managing the release lifecycle of developer app code, which can include serverless functions.

Puppet Development Kit

Puppet enables deep custom development by letting you write your own modules. It now offers a development kit that makes generating new modules easier, and also makes converting old modules to be compatible with the Puppet Development Kit (PDK) possible. The PDK includes testing tools, a complete module template (as YAML, Ruby, and embedded Ruby files), and command line tools to help you create, validate, and run tests on Puppet modules.

Puppet installation and setup

There are two major ways of actually installing Puppet Enterprise: using AWS OpsWorks, or by downloading and installing it yourself either on-premises or in one or more cloud instances. (Management of up to 10 nodes is free.) Before you try either of those installations, you may want to learn Puppet with the Puppet Learning VM or the online Puppet emulator shown below.

Using AWS OpsWorks for Puppet Enterprise, a managed service, you can have a fully configured Puppet master up and running on AWS in less than 20 minutes. OpsWorks is a good choice for small teams and shops that can’t or don’t want to manage their own Puppet infrastructure.

IDG

The basic steps for creating an AWS OpsWorks for Puppet Enterprise instance start with downloading and installing the AWS CLI, Git, and the Puppet Enterprise client tools. Create an SSH key, set up a GitHub account using the SSH key, sign into the AWS console, go to the OpsWorks service, and click “Create Puppet Enterprise server.” Give your server a short name, pick a region, and select the c4.large instance type. On the next page, say you’re not using an SSH key (for AWS—this has nothing to do with the GitHub SSH key), and provide a link to your GitHub control repository. Accept the defaults on the advanced settings page, launch your server instance, and download both the credentials and the Starter Kit before the instance finishes initializing. The rest of what you need is in the Starter Kit, but at this point you’ll already have a working Master that is enforcing its own configuration.

Installing Puppet Enterprise yourself is a much longer and more complicated operation, and sets you up to do an upgrade whenever Puppet releases a new version. On the other hand, you can take advantage of the server resources you already own.

You can install Puppet Enterprise with a web-based or text-based installer on a RHEL, Ubuntu LTS, or Suse Linux system, after downloading the appropriate tarball and checking its fingerprint. You’ll have to supply your email to get the link. I’d suggest starting with a web-based mono (everything on one node) installation and taking all the defaults. You can always upgrade later. You can avoid most problems if you start with a fresh Linux system image—don’t “help” by, say, installing PostgreSQL ahead of time.

—

Cost: Open source Puppet: free. Puppet Enterprise: 10 nodes free, $120/node/year up to 500 nodes with standard support. Puppet Discovery is currently in technical preview. Puppet Pipelines: five nodes free, $29.99/node/month up to 100 nodes with standard support.

Platform: Master: Red Hat, SUSE, or Ubuntu Linux. Agents: Linux, Windows Vista or later, MacOS 10.10 or later, Solaris 10 or 11. Cloud master available as AWS OpsWorks for Puppet Enterprise.