Robbie Jerrom presents on Puppet, an open source configuration management tool. Puppet takes a declarative approach, allowing users to define what a system configuration should be rather than how to achieve it. Everything in Puppet is defined as a resource like packages, files, and services. Puppet uses a client-server model to manage configurations across multiple systems from a central Puppet master. It provides an easier way to deploy and manage software compared to traditional scripting approaches.

1. © 2009 VMware Inc. All rights reserved
Puppet Primer
Robbie Jerrom – Solution Architect VMware
Twitter- @robbiej

2. Disclaimer
The material in the presentation is based from my exploration and
learning of puppet.
My views are my own and not necessarily shared by PuppetLabs or
VMware.
2 Confidential

3. About me..
I’m a Solution Architect at VMware.
Ex- IBM where I did many things.. The most relevant to this presentation
is running the WebSphere build team for 2 years..
.. And it hurt.. Every version of AIX / Solaris / Windows & Early Linux
environments.. All from a single build environment .. Distributed around
the globe.
I wish Puppet had existed back then !
3 Confidential

4. Software Eats the World..
“Puppet Labs Secures $30 Million
Investment From VMware”
4 Confidential

5. 5

6. So what is Puppet.. And why would I care ?
Old school software deployment..
• Production
• Dev / Test
• Service Support
• Many of the challenges are the same and our solutions very similar..
 Scripts… lots and lots of them..
- Perl / PowerShell / Bash / SH / Make / Awk
- Whatever your particular poison was you or your team created scripts to make
things easier.
- Then you left.. Or got promoted.. And the next guy did the same.. Probably in
their favourite scripting language.
6 Confidential

7. Result… script hell..
Growing complexity..
Inherited ‘mess’, undocumented and unmanageable.
7 Confidential

8. As a concept.. A script is ‘how to do something’
Scripts of any variety typically fall into describing how to perform a
task.
• Copy file a to location b
 If that fails log an error and stop.
• Compile file a found in location b
 If that fails log an error and stop
• Start Application server
 Call deploy script for myapplication found in location b.
And they usually spawn more scripts !
8 Confidential

9. A new way..
Puppet takes a different approach..
Puppet is a state machine, it takes a declarative
approach to configuration management.
You tell puppet ‘what’ and it works out the ‘how’.
With Puppet you are providing a definition of what it means to be:
• A Webserver
• An Application server
• A Proxy server
9 Confidential

10. Puppet Operating Layers
10 Confidential
Deployment
Configuration & Resource Abstraction
Transactional Layer

11. Deployment Layer
Client Server Architecture
11 Confidential
Node Node Node
Node
Node
Node
(Puppet) Master

12. Configuration & Resource Abstraction Layer
Much more on this shortly..
12 Confidential
Configuration & Resource Abstraction
Modules Classes Packages Files ServicesResources

13. Transaction Layer

14. To complete the picture..
14 Confidential
Puppet Enterprise

15. Everything to Puppet is a resource
15 Confidential
[root@puppet ~]# puppet resource user robbie
user { 'robbie':
ensure => 'present',
comment => 'Robbie',
gid => '500',
groups => ['sudoers'],
home => '/home/robbie',
password => '$1$W3RSF$sQhH9VeK1f5IwR.TNCj8y1',
password_max_age => '99999',
password_min_age => '0',
shell => '/bin/bash',
uid => '500',
}

16. Doing something in Puppet..
Simple example – Single machine not client server.
16 Confidential

17. Doing something in Puppet..
A puppet managed environment consists of a number of core files.
• site.pp - starting point for Puppet default configurations.
• node.pp – file host descriptions.
• modules - collection of .pp files to define your environment.
17 Confidential

18. site.pp
import "templates.pp"
import "node.pp"
# global defaults
Package {
provider => $operatingsystem ? {
debian => aptitude,
redhat => up2date }
}
18 Confidential

19. include vim
node basenode
{service {“telnet":ensure => "stopped", }}
node ‘proxy.example.com’ inherits basenode
{ include proxy }
node /^wwwd+.example.com/ inherits basenode
{ include webserver }
node /^appd+.example.com/ inherits basenode
{ include appserver
package {‘vim’ : ensure => present }}
node basenode
{
service {“telnet":ensure => "stopped", }
}
node.pp
19 Confidential
node ‘proxy.example.com’ inherits basenode
{ include proxy }
node /^wwwd+.example.com/ inherits basenode
{ include webserver }
Regex to include :
www1.example.com
www2.example.com
…. etc.
node /^appd+.example.com inherits basenode
{ include appserver
package {‘vim’ : ensure => present }}
Regex to include :
app1.example.com
app2.example.com
…. etc.

20. Package/File/Service
file – Manage Local Files
• ensure { present, absent, file, directory, link }
• source
• Content
• purge
package – Package management
• ensure {present, latest, version, absent, purged }
• Name
• source
20 Confidential

21. Package/File/Service
service – System services management
• ensure {running, stopped}
• enable {true, false}
• hasrestart {true,false}
Notify – log a message
• message {“hello world!”}
21 Confidential

22. Simple Puppet Example – Part of SSH Module
22 Confidential
package { ssh:
ensure => latest,
}
file { /etc/ssh/sshd_config:
source => puppet:///modules/ssh/sshd_config,
require => Package[ssh],
notify => Service[sshd],
}
service { sshd:
ensure => running,
subscribe => Package[ssh],
}

23. Modules
23 Confidential

24. Apply to a node..
Lets make a webserver then an app server.
24 Confidential

25. The new platform scenario
Puppet makes things far quicker..
1. Add the new node..
• And any variations or missing configurations will be reported.
• Factor will pull the new platform specifics and report up to puppetmaster.
• Puppet will deploy & configure software as per the node policy.
2. Update App Specific Manifests & Configs if new platform.
3. Done !
25 Confidential

26. Things I’ve learnt..
SSL Cert’s are a pain anytime and place.
• The Puppet Labs site has some great guides on configuration and
management of these but I still spent a reasonable amount of time fighting with
them.
• Make sure DNS is working .. See above.. If your hostnames don’t match certs
get upset – For local testing /etc/hosts might be easier.
• Start small.. SSH / Tomcat are great little examples.. WebSphere or JBoss not
so much. Apache is a good learning exercise.
• MS Windows adds complexity, consider each windows version a completely
different platform. Some services provided by puppet do not work on Windows
yet.
26 Confidential

27. Final words.. Questions ?
VMware & PuppetLabs.. working together on some ‘cool stuff’.
Right now vCloud Automation Centre & AppDirector products can
take advantage of Puppet.
If you’re a VMware person, its worth becoming a Puppet person too.
27 Confidential

28. Thanks for listening..
Special thanks to the guys at PuppetLabs; Reid & Chris for
technical support, t-shirts, stickers and books.
28 Confidential