Robbie Jerrom presents on Puppet, an open source configuration management tool. Puppet takes a declarative approach, allowing users to define what a system configuration should be rather than how to achieve it. Everything in Puppet is defined as a resource like packages, files, and services. Puppet operates in a client-server model and uses modules to define common configurations that can be applied across nodes. It aims to provide an easier way to deploy and manage software compared to traditional script-based approaches.

1. © 2009 VMware Inc. All rights reserved
Puppet Primer
Robbie Jerrom – Solution Architect VMware
Twitter- @robbiej

2. Disclaimer
The material in the presentation is based from my exploration and
learning of puppet.
My views are my own and not necessarily shared by PuppetLabs or
VMware.
2 Confidential

3. About me..
I’m a Solution Architect at VMware.
Ex- IBM where I did many things.. The most relevant to this presentation
is running the WebSphere build team for 2 years..
.. And it hurt.. Every version of AIX / Solaris / Windows & Early Linux
environments.. All from a single build environment .. Distributed around
the globe.
I wish Puppet had existed back then !
3 Confidential

4. Software Eats the World..
“Puppet Labs Secures $30 Million
Investment From VMware”
4 Confidential

5. 5

6. So what is Puppet.. And why would I care ?
Old school software deployment..
• Production
• Dev / Test
• Service Support
• Many of the challenges are the same and our solutions very similar..
 Scripts… lots and lots of them..
- Perl / PowerShell / Bash / SH / Make / Awk
- Whatever your particular poison was you or your team created scripts to make
things easier.
- Then you left.. Or got promoted.. And the next guy did the same.. Probably in
their favourite scripting language.
6 Confidential

7. Result… script hell..
Growing complexity..
Inherited ‘mess’, undocumented and unmanageable.
7 Confidential

8. As a concept.. A script is ‘how to do something’
Scripts of any variety typically fall into describing how to perform a
task.
• Copy file a to location b
 If that fails log an error and stop.
• Compile file a found in location b
 If that fails log an error and stop
• Start Application server
 Call deploy script for myapplication found in location b.
And they usually spawn more scripts !
8 Confidential

9. A new way..
Puppet takes a different approach..
Puppet is a state machine, it takes a declarative
approach to configuration management.
You tell puppet ‘what’ and it works out the ‘how’.
With Puppet you are providing a definition of what it means to be:
• A Webserver
• An Application server
• A Proxy server
9 Confidential

10. Puppet Operating Layers
10 Confidential
Deployment
Configuration & Resource Abstraction
Transactional Layer

11. Deployment Layer
Client Server Architecture
11 Confidential
Node Node Node
Node
Node
Node
(Puppet) Master

12. Configuration & Resource Abstraction Layer
Much more on this shortly..
12 Confidential
Configuration & Resource Abstraction
Modules Classes Packages Files ServicesResources

13. Transaction Layer

14. To complete the picture..
14 Confidential
Puppet Enterprise

15. Everything to Puppet is a resource
15 Confidential
[root@puppet ~]# puppet resource user robbie
user { 'robbie':
ensure => 'present',
comment => 'Robbie',
gid => '500',
groups => ['sudoers'],
home => '/home/robbie',
password => '$1$W3RSF$sQhH9VeK1f5IwR.TNCj8y1',
password_max_age => '99999',
password_min_age => '0',
shell => '/bin/bash',
uid => '500',
}

16. Doing something in Puppet..
Simple example – Single machine not client server.
16 Confidential

17. Doing something in Puppet..
A puppet managed environment consists of a number of core files.
• site.pp - starting point for Puppet default configurations.
• node.pp – file host descriptions.
• modules - collection of .pp files to define your environment.
17 Confidential

18. site.pp
import "templates.pp"
import "node.pp"
# global defaults
Package {
provider => $operatingsystem ? {
debian => aptitude,
redhat => up2date }
}
18 Confidential

19. include vim
node basenode
{service {“telnet":ensure => "stopped", }}
node ‘proxy.example.com’ inherits basenode
{ include proxy }
node /^wwwd+.example.com/ inherits basenode
{ include webserver }
node /^appd+.example.com/ inherits basenode
{ include appserver
package {‘vim’ : ensure => present }}
node basenode
{
service {“telnet":ensure => "stopped", }
}
node.pp
19 Confidential
node ‘proxy.example.com’ inherits basenode
{ include proxy }
node /^wwwd+.example.com/ inherits basenode
{ include webserver }
Regex to include :
www1.example.com
www2.example.com
…. etc.
node /^appd+.example.com inherits basenode
{ include appserver
package {‘vim’ : ensure => present }}
Regex to include :
app1.example.com
app2.example.com
…. etc.

20. Package/File/Service
file – Manage Local Files
• ensure { present, absent, file, directory, link }
• source
• Content
• purge
package – Package management
• ensure {present, latest, version, absent, purged }
• Name
• source
20 Confidential

21. Package/File/Service
service – System services management
• ensure {running, stopped}
• enable {true, false}
• hasrestart {true,false}
Notify – log a message
• message {“hello world!”}
21 Confidential

22. Simple Puppet Example – Part of SSH Module
22 Confidential
package { ssh:
ensure => latest,
}
file { /etc/ssh/sshd_config:
source => puppet:///modules/ssh/sshd_config,
require => Package[ssh],
notify => Service[sshd],
}
service { sshd:
ensure => running,
subscribe => Package[ssh],
}

23. Modules
23 Confidential

24. Apply to a node..
Lets make a webserver then an app server.
24 Confidential

25. The new platform scenario
Puppet makes things far quicker..
1. Add the new node..
• And any variations or missing configurations will be reported.
• Factor will pull the new platform specifics and report up to puppetmaster.
• Puppet will deploy & configure software as per the node policy.
2. Update App Specific Manifests & Configs if new platform.
3. Done !
25 Confidential

26. Things I’ve learnt..
SSL Cert’s are a pain anytime and place.
• The Puppet Labs site has some great guides on configuration and
management of these but I still spent a reasonable amount of time fighting with
them.
• Make sure DNS is working .. See above.. If your hostnames don’t match certs
get upset – For local testing /etc/hosts might be easier.
• Start small.. SSH / Tomcat are great little examples.. WebSphere or JBoss not
so much. Apache is a good learning exercise.
• MS Windows adds complexity, consider each windows version a completely
different platform. Some services provided by puppet do not work on Windows
yet.
26 Confidential

27. Final words.. Questions ?
VMware & PuppetLabs.. working together on some ‘cool stuff’.
Right now vCloud Automation Centre & AppDirector products can
take advantage of Puppet.
If you’re a VMware person, its worth becoming a Puppet person too.
27 Confidential

28. Thanks for listening..
Special thanks to the guys at PuppetLabs; Reid & Chris for
technical support, t-shirts, stickers and books.
28 Confidential