Efficient tools are necessary for managing complex software products and helping teams build a stable infrastructure. Puppet stands out as one of the most popular software configuration management (SCM) tools used by developers today.
SCM is the process of making use of tools to automate, manage, and monitor system configuration files during the software development lifecycle.
As many of us know, performing manual and repetitive tasks daily becomes quite tedious. If we want to automate the configuration and setup of our server environment and other layers of our infrastructure, we can turn to Puppet.
Puppet helps us effectively manage virtual machines and other cloud infrastructure tasks we are accustomed to doing manually, so we no longer have to worry about them. This translates to deploying application changes faster.
Configuration management has been used for different projects like hardware, software, and production control systems. However, these systems have expanded to handling software processes, including code management, requirements management, version control, agile methodologies for software quality control, etc.
Lessons from manual tooling have necessitated the advancement of newer tools, which brought about the era of software configuration management tools. Some of the most notable ones are Puppet, Chef, and Ansible.
Puppet falls under the paradigm known as infrastructure-as-code (IaC). As the name suggests, this approach allows us to treat infrastructure like actual code. We use software development practices like version control, continuous delivery, and automated testing. This makes it possible to have reusable, testable, shareable, and easily debugged infrastructure. Also, since most teams are already used to the agile approach, it can usually be adopted quickly.
With Puppet, we can build out our infrastructure solution in an iterative manner, fixing things up as we go. This is because we can lock in the state of our resources at any point in time, see the results of our actions, and improve on them if necessary. We can start from the layer that needs the most automation until we cover all layers of our infrastructure.
One of Puppet’s key features is that a change we make to our application infrastructure will always lead to the same result — no matter how many times we apply it. Here’s how it’s done:
At a high level, Puppet consists of several packages: a primary server (known as Puppet Server), a database (PuppetDB), and a puppet agent (such as Facter and Hiera). The server stores the state of the code that holds the desired state of our infrastructure. The work of the agent is to translate this code into rules and commands that are executed and run in the program environment we specify.
To manage our infrastructure with Puppet, we first need to define the state of the infrastructure. We do this using Puppet code, which we write in the declarative Puppets DSL (domain-specific language). This means that we define the desired state or end-goal of the systems we are trying to automate and not the process of how we get to those stages.
To write Puppet code in the DSL, we use Puppet manifests, which are particular files for configuring and managing services on a target system. These manifests are kept in modules that help us manage a specific part of our infrastructures, such as software installation and configuration.
The modules also contain data that allows us to write custom configurations. In a situation where we want a distinct location for our code file and corresponding data, we can use another tool called Hiera. Hiera helps us store these different pieces in a central location so that we can specify parameters and ensure our code is testable.
To gather facts about a node’s IP, OS, and so on, we use Puppet’s inventory tool, Facter. The puppet agent then sends these facts to the server as a manifest, which the server then compiles into a JSON document describing the node’s state in question.
After this, Puppet applies these changes across the entire setup, ensuring that each node matches the state defined in the manifest file. The puppet agent then sends a report back to the primary server.
Puppet has many modules we can use based on the use case or problem domain we aim for. These modules are available on Puppet Forge. Let’s explore a few.
Puppet is excellent when we’re looking to automate our development process. For example, we might use Puppet if we intend to automate and manage web servers (including Apache and Nginx) or database systems like PostgreSQL. Puppet also integrates with various version control systems useful for automating our coding pipelines, like GitHub and GitLab.
Puppet can be used for management and configuration. For example, middleware-based applications like RabbitMQ, Kafka, Redis, and Elasticsearch can be managed through Puppet. Also, when we’re configuring our base system, we can integrate Puppet to help us set up firewalls like iptables.
Security and secrets management are also benefitted by Puppet. Puppet supports cloud-native workloads like Docker or Kubernetes and other tools for managing secrets, including the Hashi Corp vault and Azure key vault. Puppet also has a tool, Puppet Remediate, specifically for remediating breaches and vulnerabilities across our entire infrastructure.
When it comes to application monitoring, we can use Puppet to manage it. Supported monitoring tools include Prometheus, New Relic, Splunk, etc. Puppet can also be integrated into our existing instructor workflows via the Splunk plugin, a monitoring tool for checking running services’ health and analyzing data.
With Puppet Enterprise, we can have a CI/CD customizable workflow for deploying our code across different environments. With the Enterprise version comes tools for testing and monitoring our code.
