Automate System Administration Tasks with Puppet

Use Puppet for configuration management.

If you have more than one UNIX box in your care, you know how duplication happens. Every machine needs a common set of settings. Package upgrades need to be deployed. Certain packages need to be on every server.

You also want to make sure that any changes to your systems happen in a controlled manner. It's one thing to start off with two servers that are similarly configured; it's another thing to know they're the same a year later, especially if other people are involved.

Puppet is a system for automating system administration tasks (in the author's own words). In the Puppet world, you define a policy (called a manifest) that describes the end state of your systems, and the Puppet software takes care of making sure the system meets that end state. If a file changes, it is replaced with a pristine copy. If a required package is removed, it is re-installed.

It is important to draw a distinction between shell scripts that copy files between systems and a tool like Puppet. The latter abstracts the policy from the steps required to make a system conform. Puppet is smart enough to use apt-get to install a package on a Debian system and yum on a Fedora system. Puppet is smart enough to do nothing if the system already is conformant to the policy.

The Puppet system is split into two parts: a central server and the clients. The server runs a dæmon called puppetmaster. The clients run puppetd, which both connects to, and receives connections from, the puppetmaster. The manifest is written on the puppetmaster. If Puppet is used to manage the central server, it also runs the puppetd client.

The best way to begin with a configuration management system like Puppet is to start with a single client and a simple policy, and then roll it out to more clients and a more complex policy. To that end, start off by installing the Puppet software. Puppet is written in the Ruby scripting language, so you need to install that before you begin (Ruby is available as a package for most distributions).

Installation

If you choose to install from source, you need the facter and puppet tarballs from the author's site:

  • http://reductivelabs.com/downloads/facter/facter-latest.tgz

  • http://reductivelabs.com/downloads/puppet/puppet-latest.tgz

The facter tarball contains the Facter utility, which generates facts about the host system. Facts can be anything from the Linux distribution to whether the host is a virtual machine. The puppet tarball contains both puppetd and puppetmaster.

Untar the files (tar -xzf facter-latest.tgz and tar -xzf puppet-latest.tgz). Change to the newly created facter directory, and run ruby install.rb as root. You will do the same for the puppet directory, which installs both the client and server packages.

Then, run:

puppetmasterd --mkusers; chown puppet /var/puppet 

on the puppetmaster to create the puppet user (which also creates the initial directory structure and then fixes a permissions problem). You can skip this step if you are installing from packages.

On the client, run:

puppetd --mkusers; puppetd --server puppet.example.com --test

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Puppet Tutorial

John Arundel's picture

Excellent write-up! I'm a Puppet consultant and have just published the first article in a Puppet tutorial series up to date with Puppet 0.25.0 and the 'best practices' module layout:

Puppet Tutorial: Powering Up With Puppet

I would love to hear from any Puppet / Linux beginners whether they found the article helpful or not, or if anyone has suggestions for how it might be improved.

Great write-up

mschenck's picture

I really like your organization. Puppet is a great tool. One more area for people to look into is the use of templates. They're a very powerfully addition to puppet, leveraging ruby's erb files.

Erb files probably get the greatest exposure in ruby on rails, but can prove to be a very powerful tool for system administrator in lending a hand to remove human error when managing the differences in configuration between different environments.

Speaking of environments, that's also great asset puppet provides and should be considered another area of interest for potential adopters of puppet to look into.

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix