Over the last few years, configuration management has become increasingly significant to the IT world. Server operations in particular is hardly even feasible without a robust management infrastructure. Among the available tools, Puppet has established itself as one of the most popular and widespread solutions. Originally written by Luke Kanies, the tool is now distributed under the terms of Apache License 2.0 and maintained by Luke's company, Puppet Labs. It boasts a large and bustling community, rich APIs for plugins and supporting tools, outstanding online documentation, and a great security model based on SSL authentication.
Like all configuration management systems, Puppet allows you to maintain a central repository of infrastructure definitions, along with a toolchain to enforce the desired state on the systems under management. The whole feature set is quite impressive. This book will guide you through some steps to quickly grasp the most important aspects and principles of Puppet.
In this chapter, we will cover the following topics:
- Getting started
- Introducing resources and properties
- Interpreting the output of the
puppet applycommand - Adding control structures in manifests
- Using variables
- Controlling the order of evaluation
- Implementing resource interaction
- Examining the most notable resource types
Installing Puppet is easy. On large Linux distributions, you can just install the Puppet package via apt-get or yum.
The installation of Puppet can be done in the following ways:
- From default Operating System repositories
- From Puppet Labs
The former way is generally simpler. Chapter 2, The Master and Its Agents, provides simple instructions to install the Puppet Labs packages. A platform-independent way to install Puppet is to get the puppet Ruby gem. This is fine for testing and managing single systems, but is not recommended for production use.
After installing Puppet, you can use it to do something for you right away. Puppet is driven by manifests, the equivalent of scripts or programs, written in Puppet's domain-specific language (DSL). Let's start with the obligatory Hello, world! manifest:
# hello_world.pp
notify { 'Hello, world!':
}Tip
Downloading the example code
You can download the example code files for all the Packt Publishing books you have purchased from your account at http://www.packtpub.com. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register yourself to have the files e-mailed directly to you.
To put the manifest to work, use the following command. (We avoided the term "execute" on purpose—manifests cannot be executed. More details will follow around the middle of this chapter.):
root@puppetmaster:~# puppet apply hello_world.pp Notice: Compiled catalog for puppetmaster.example.net in environment production in 0.45 seconds Notice: Hello, world! Notice: /Stage[main]/Main/Notify[Hello, world!]/message: defined 'message' as 'Hello, world!' Notice: Applied catalog in 0.03 seconds
Before we take a look at the structure of the manifest and the output from the puppet apply command, let's do something useful, just as an example. Puppet comes with its own background service. Let's assume that you want to learn the basics before letting it mess with your system. You can write a manifest to have Puppet make sure that the service is not currently running and will not be started at system boot:
# puppet_service.pp
service { 'puppet':
ensure => 'stopped',
enable => false,
}To control system processes, boot options, and the like, Puppet needs to be run with root privileges. This is the most common way to invoke the tool, because Puppet will often manage OS-level facilities. Apply your new manifest with root access, either through sudo, or from a root shell, as shown in the following transcript:
root@puppetmaster:~# puppet apply puppet_service.pp Notice: Compiled catalog for puppetmaster.example.net in environment production in 0.61 seconds Notice: /Stage[main]/Main/Service[puppet]/ensure: ensure changed 'running' to 'stopped' Notice: Applied catalog in 0.15 seconds
Now, Puppet has disabled the automatic startup of its background service for you. Applying the same manifest again has no effect, because the necessary steps are already complete:
root@puppetmaster:~# puppet apply puppet_service.pp Notice: Compiled catalog for puppetmaster.example.net in environment production in 0.62 seconds Notice: Applied catalog in 0.07 seconds
This reflects a standard behavior in Puppet: Puppet resources are idempotent—which means that every resource first compares the actual (system) with the desired (puppet) state and only initiates actions in case there is a difference (configuration drift).
You will often get this output, as shown previously, from Puppet. It tells you that everything is as it should be. As such, this is a desirable outcome, like the all clean output from git status.