Puppet is an open-source configuration management tool used to configure and maintain servers. It uses a master-agent model where manifests written in Puppet's declarative Ruby DSL on the master are compiled into catalogs and distributed to agents. Puppet Enterprise offers commercial support for Puppet and includes additional features like an agent for network devices, external node classifiers, and Puppet Dashboard for visualization. Modules can be written to define reusable components and Bolt can be used to run tasks across managed nodes.

1. Introduction to Puppet
the basics and then some
Armindo Silva
ams@eufinity.com

2. the basics

3. Puppet
●
Opensource
●
C++, Clojure and Ruby
●
Master / agent *
●
Manifests written in a Ruby DSL

4. Puppet Enterprise
●
Puppet Server
– RedHat plus variants
– Suse Enterprise Server
– Ubuntu

5. Puppet Enterprise
●
Puppet Agent
– AIX
– Amazon Linux
– Debian
– Fedora
– Mac
– Windows (NT6.1 and newer) *
– Solaris

6. Puppet Enterprise
●
Agent network devices
– Arista EOS
– Cisco IOS-XR
– Cisco NX-OS
– Cumulus Linux

7. Puppet Opensource
●
Puppet Server
– RedHat (and derivatives)
– Suse Enterprise Server
– Ubuntu

8. Puppet Opensource
●
Puppet Agent
– Debian
– Fedora
– Mac
– Windows (NT6.1 and newer) *

9. Puppet Agent
●
edit /etc/puppetlabs/puppet/puppet.conf
●
run it
[main]
certname = server01.example.com
server = puppet.example.com
environment = production
runinterval = 1h
$ sudo puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Caching catalog for server01.example.com
Info: Applying configuration version '1540689546’

10. Puppet Server
●
edit /etc/puppetlabs/puppet/puppet.conf
[master]
dns_alt_names = puppet,puppet.example.com
environment_timeout = unlimited
[main]
certname = puppet.example.com
server = puppet.example.com
environment = production
runinterval = 1h
strict_variables = true

11. Puppet Server
●
restart service
●
sign agent’s certificate
$ sudo systemctl restart puppetserver
$ sudo puppet cert list
"server01.example.com" (SHA256)
F7:72:52:87:AE:81:19:70:49:04:BF:2D:B0:D6:F5:B9:11:F7:77:76:C3:32:A8:F0:9B:88:B5:54:13:7A:EF:C
$ sudo puppet cert sign server01.example.com
Signing Certificate Request for:
"server01.example.com" (SHA256)
F7:72:52:87:AE:81:19:70:49:04:BF:2D:B0:D6:F5:B9:11:F7:77:76:C3:32:A8:F0:9B:88:B5:54:13:7A:EF:C
Notice: Signed certificate request for server01.example.com
Notice: Removing file Puppet::SSL::CertificateRequest server01.example.com at '/etc/puppetlabs/puppet/ssl/
ca/requests/server01.example.com.pem’

12. nodes
●
Puppet environment manifests
– site.pp
●
Hiera
– hiera.yaml
●
External Node Classifiers (ENC)

13. nodes
node basenode {
include common
}
node /[a-z][a-z]-dd.(foo|bar).com$/ inherits basenode {
}

14. modules
●
Write your own
●
Puppet forge
– Community repo
– Almost 6000 modules
– Core modules tested and supported by Puppetlabs (or partners)

15. modules
# modules/foo/manifests/init.pp
class foo {
file {'/tmp/message':
content => “Hello World!n”
}
# site.pp
node default {
include foo
}

16. modules
# modules/bar/manifests/init.pp
class bar (
$message = 'Hello World',
) {
file {'/tmp/bar_message':
content => $message,
}
# site.pp
node default {
class { 'bar':
message => 'Called from site.pp',
}
}

17. modules
# modules/nginx/manifests/init.pp
class nginx {
package { 'nginx':
ensure => installed,
}
service { 'nginx':
ensure => running,
enable => true,
require => [ Package['nginx'], ]
}
}
# modules/common/manifests/init.pp
class common {
$enhancers = ['iptables', 'openssh-server']
package { $enhancers: ensure => 'latest' }
}

18. templates
# modules/common/templates/fw.allow.port.erb
(…)
-A INPUT -p tcp -m tcp --dport <%= port %> -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport <%= port %> -m state --state ESTABLISHED -j ACCEPT
# modules/common/manifests/firewall.pp
class common::firewall::ssh (
$port = '22' ) {
file { '/etc/iptables/01-ssh.rules':
content => template('common/fw.allow.port.erb'),
}
}

19. and then some

20. dashboard
●
reports only
– https://github.com/voxpupuli/puppetboard
– https://github.com/dalen/puppetexplorer
●
reports, nodes configuration, etc
– https://github.com/sodabrew/puppet-dashboard
●
PE alternative
– https://theforeman.org/
●
Besides puppet supports ansible, chef and salt

21. puppetboard

22. puppetboard

23. puppetboard

24. Puppet Tasks
●
Opensource
– Bolt written in Ruby
●
Agentless
●
Multiplatform
– ssh
– WinRM

25. Puppet Tasks
●
Exec
– Command
– Scripts
●
Bash, Python, PowerShell, etc...
– Tasks
●
May be part of a module
$ bolt command run uptime --nodes server01.example.com
Started on server01.example.com...
Finished on server01.example.com:
STDOUT:
01:42:38 up 2 days, 1:51, 7 users, load average: 0.09, 0.04, 0.09
Successful on 1 node: server01.example.com
Ran on 1 node in 0.01 seconds

26. Puppet Tasks
●
Examples
$ bolt command run uptime --nodes server01.example.com
Started on server01.example.com...
Finished on server01.example.com:
STDOUT:
01:42:38 up 2 days, 1:51, 7 users, load average: 0.09, 0.04, 0.09
Successful on 1 node: server01.example.com
Ran on 1 node in 0.01 seconds
$ bolt script run ./myscript.sh --nodes server01.example.com
Started on server01.example.com...
Finished on server01.example.com:
STDOUT:
02:44:49 up 2 days, 2:53, 7 users, load average: 0.06, 0.04, 0.00
Successful on 1 node: server01.example.com
Ran on 1 node in 0.01 seconds

27. Puppet Tasks
●
exec task from module
$ bolt task run apache::init
-m /etc/puppetlabs/code/environments/production/modules/
-n server01.example.com action=reload
Started on server01.example.com...
Finished on server01.example.com:
{
"status": "reload successful"
}
Successful on 1 node: server01.example.com
Ran on 1 node in 5.75 seconds

28. Links
●
https://learn.puppet.com
●
https://puppet.com/docs
●
https://forge.puppet.com
●
https://puppet.com/products/puppet-bolt
●
https://www.udemy.com/learn-puppet/

29. Questions?

30. Thank you.