Definition
Efficient tools are necessary for managing complex software products and helping teams build a stable infrastructure. Puppet stands out as one of the most popular software configuration management (SCM) tools used by developers today.
SCM is the process of making use of tools to automate, manage, and monitor system configuration files during the software development lifecycle.
As many of us know, performing manual and repetitive tasks daily becomes quite tedious. If we want to automate the configuration and setup of our server environment and other layers of our infrastructure, we can turn to Puppet.
Puppet helps us effectively manage virtual machines and other cloud infrastructure tasks we are accustomed to doing manually, so we no longer have to worry about them. This translates to deploying application changes faster.
Overview
Configuration management has been used for different projects like hardware, software, and production control systems. However, these systems have expanded to handling software processes, including code management, requirements management, version control, agile methodologies for software quality control, etc.
Lessons from manual tooling have necessitated the advancement of newer tools, which brought about the era of software configuration management tools. Some of the most notable ones are Puppet, Chef, and Ansible.
Puppet falls under the paradigm known as infrastructure-as-code (IaC). As the name suggests, this approach allows us to treat infrastructure like actual code. We use software development practices like version control, continuous delivery, and automated testing. This makes it possible to have reusable, testable, shareable, and easily debugged infrastructure. Also, since most teams are already used to the agile approach, it can usually be adopted quickly.
With Puppet, we can build out our infrastructure solution in an iterative manner, fixing things up as we go. This is because we can lock in the state of our resources at any point in time, see the results of our actions, and improve on them if necessary. We can start from the layer that needs the most automation until we cover all layers of our infrastructure.
One of Puppet’s key features is that a change we make to our application infrastructure will always lead to the same result — no matter how many times we apply it. Here’s how it’s done:
- Before Puppet makes a change, it first collects all the cascading effects of a potential difference and creates an entire “mock” state of the database.
- Then, it applies the mock state to the actual database all at once so that if the same change is applied again, the same mock state gets pushed to the real thing.
- As a result, we can easily set up our configuration management once and avoid recreating it every time Puppet runs.
- Since we initially let Puppet know of our desired state, Puppet can also tell when a change that has been made in the manifest file might have been done erroneously.
How Puppet works
At a high level, Puppet consists of several packages: a primary server (known as Puppet Server), a database (PuppetDB), and a puppet agent (such as Facter and Hiera). The server stores the state of the code that holds the desired state of our infrastructure. The work of the agent is to translate this code into rules and commands that are executed and run in the program environment we specify.
To manage our infrastructure with Puppet, we first need to define the state of the infrastructure. We do this using Puppet code, which we write in the declarative Puppets DSL (domain-specific language). This means that we define the desired state or end-goal of the systems we are trying to automate and not the process of how we get to those stages.
To write Puppet code in the DSL, we use Puppet manifests, which are particular files for configuring and managing services on a target system. These manifests are kept in modules that help us manage a specific part of our infrastructures, such as software installation and configuration.
The modules also contain data that allows us to write custom configurations. In a situation where we want a distinct location for our code file and corresponding data, we can use another tool called Hiera. Hiera helps us store these different pieces in a central location so that we can specify parameters and ensure our code is testable.
To gather facts about a node’s IP, OS, and so on, we use Puppet’s inventory tool, Facter. The puppet agent then sends these facts to the server as a manifest, which the server then compiles into a JSON document describing the node’s state in question.
After this, Puppet applies these changes across the entire setup, ensuring that each node matches the state defined in the manifest file. The puppet agent then sends a report back to the primary server.
Examples of Puppet
Puppet has many modules we can use based on the use case or problem domain we aim for. These modules are available on Puppet Forge. Let’s explore a few.
Automation
Puppet is excellent when we’re looking to automate our development process. For example, we might use Puppet if we intend to automate and manage web servers (including Apache and Nginx) or database systems like PostgreSQL. Puppet also integrates with various version control systems useful for automating our coding pipelines, like GitHub and GitLab.
Middleware and Configuration
Puppet can be used for management and configuration. For example, middleware-based applications like RabbitMQ, Kafka, Redis, and Elasticsearch can be managed through Puppet. Also, when we’re configuring our base system, we can integrate Puppet to help us set up firewalls like iptables.
Security and Secrets Management
Security and secrets management are also benefitted by Puppet. Puppet supports cloud-native workloads like Docker or Kubernetes and other tools for managing secrets, including the Hashi Corp vault and Azure key vault. Puppet also has a tool, Puppet Remediate, specifically for remediating breaches and vulnerabilities across our entire infrastructure.
Monitoring
When it comes to application monitoring, we can use Puppet to manage it. Supported monitoring tools include Prometheus, New Relic, Splunk, etc. Puppet can also be integrated into our existing instructor workflows via the Splunk plugin, a monitoring tool for checking running services’ health and analyzing data.
With Puppet Enterprise, we can have a CI/CD customizable workflow for deploying our code across different environments. With the Enterprise version comes tools for testing and monitoring our code.
Key Takeaways
- Puppet helps us with managing and provisioning our infrastructure environment. Puppet also comes in handy in automating how we migrate our infrastructure from an on-prem environment to the cloud quickly and efficiently.
- Puppet allows us to keep track and monitor changes in assets like code files, eliminating all manual processes concerning provisioning infrastructure. Puppet’s declarative approach will enable us to define the shape of our infrastructure at any point of our automation journey and reuse our code for many different portions of our infrastructure.
- Puppet also ensures that what is executed is based on the state we specify, and we can also go ahead and validate that. Therefore, it becomes easier to fix bugs or issues as they arise and reduce time-wasting efforts looking for problems.
- Puppet can help you scale your infrastructure in a secure, effective, and predictable manner when it comes to automation.
- Puppet integrates with several monitoring tools, so we can rest assured that our infrastructure has good visibility. In the case of any issues resulting from external attacks or vulnerabilities, we’ll be aware and can act quickly, minimizing the risk for our application infrastructure.