What is Puppet

Puppet is an Industry Standard Software Configuration Management tool that includes its own declarative language to describe system configuration. Puppet allows system administrators to write infrastructure as code using descriptive language to configure machines, instead of using individual and customized scripts to do operations. Puppet Domain-Specific Language (DSL) issued to describe the state of each machine, and Puppet can enforce this state. That means that if an administrator mistakenly changes something on the machine, Puppet can enforce the state and return the machine to the desired state. Thus, not only can Puppet code be used to configure the system initially, but it can also be used to keep the state of the system in line with the desired configuration.

The system administrator no longer needs a script for initial configuration and a separate script (or worse yet, human interaction) for verification of the state. Puppet can be used to set the desired state and have the machine converge to that state. Puppet manages system configuration and verifies that the system is in the desired state. This can scale much better than the traditional scripts for each system.

A traditional system admin would need to log in to each machine to perform system administration operations, but that does not scale well. Perhaps the system admin would create an initial configuration script (e.g., a Kickstart file) for a machine, but once the initial script has run, the machine can (and will) begin to diverge from that initial script configuration. In the best-case scenario, the system admin would need to periodically check the machine to verify the configurations. In the worst-case scenario, the system administrator would need to figure out why the machine is no longer functioning or rebuild the machine and redeploy the configuration.

Puppet Architecture

Puppet uses a server-client model. The server is called  Puppet master. The clients are called Puppet nodes and run the Puppet agent software. The Puppet Master stores manifests or recipes (code containing resources and desired states) for the clients. These nodes normally run a puppet daemon (agent) that is used to connect to the Puppet master. The nodes will download the recipe or manifest assigned to the node from the Puppet master and apply the configuration if needed.

The puppet run starts with the Puppet node (not the Puppet master). By default, the Puppet agent starts a Puppet run every 30 minutes. This run uses secure transmission (SSL) services to pass data back and forth between the Puppet node and the puppet master. The node starts by gathering facts about the system using the facter command. Facter includes information on block devices, MAC addresses, IP addresses, memory, operating system, file systems, CPUs, virtualization, network interface,   etc. These facts are sent from the node to the master.

Once the Puppet master receives the facts from the nodes, It will compile the catalog, which describes the desired state for each resource configured for the node. Master checks the hostname of the node and matches it to the specific node configuration(called node classification) or uses the default configuration if the node does not match. This catalog may include dependency information for the resources (e.g., should Puppet install the package first, or start the service first?). Once the catalog is compiled, Puppet master sends the catalog to the node. Puppet will then apply the catalog on the Puppet node, configuring all resources defined in the catalog. Puppet is idempotent it can apply the catalog to a node multiple times without affecting the resultant state.

Once the catalog is applied to the node by the Puppet agent, the node will report back to the puppet master with the details of the run. This report includes information on what changes were made to the node (if any), and whether the run completed successfully. Puppet’s reporting infrastructure has an API, so other applications can download reports from the Puppet master for storage or further analysis.

What can be managed by Puppet

Puppet is used to describe the desired state of a system using predefined resource types. To a system admin, these resources will be fairly intuitive. For instance, the package resource is used to configure software packages and the user resource is used to configure users.

Below is some simple DLS code example

user { 'notauser':
 ensure => 'absent',

The above code will ensure that the user named notauser will not be present on the system. If the notauser user does not exist on the system, Puppet will report back success. If the notauser user exists on the system, Puppet will run the necessary commands to remove the user from the system (userdel in this case). Puppet is available on multiple operating systems, so this same code can be used on other supported operating systems without having to know the actual commands to delete a user account.

file { '/var/www/html/index.html':
  ensure => 'file',
  owner  => 'root',
  group  => 'root',
  mode   => '0640',

The above code will ensure there is a file named /var/www/html/index.html on the system. The owner and group will be root, and the mode will be 640. Although it is not shown in this simple code, Puppet DSL does allow management of file content as well as file ownership and permissions.

package { 'httpd':
  ensure => 'installed',

The above code will ensure that the httpd package is installed on the system.

service { 'httpd':
  ensure => 'running',
  enable => true,

The previous code will ensure that the httpd service is started and enabled on the system.

To know more about puppet, you can visit here.

You can also read about another configuration management tool Ansible.

I hope you like this post “What is Puppet”, if you have any questions? please leave a comment below! 

Thanks for reading. If you like this post probably you might like my next ones, so please support me by subscribing to my blog.

Rohit Kumar Singh

Technical writer, enthusiastic to learn new technologies and exploring the things.

Leave a Reply

Your email address will not be published. Required fields are marked *