Lab Guide: Puppet
What is Puppet?
Puppet is a configuration management tool. It ensures all your systems are meeting a desired state that you expect them to be in. Puppet can deploy software on your systems. Puppet implements infrastructure as a code. The code is written in Ruby language.
What is Facter?
In Puppet, facter is a standalone tool that holds the environment level variable. In can be considered similar to env
variable of Bash or Linux. Sometimes there can be an overlap between the information stored in facts and environment variable of the machine. In Puppet, the key-value pair is known as fact
.
Puppet Architecture
Modules
A module is a collection of manifests and data (such as facts
, files
, and templates
), and they have a specific directory structure. Modules are useful for organizing your Puppet code, because they allow you to split your code into multiple manifests. It is considered best practice to use modules to organize almost all of your Puppet manifests.
To add a module to Puppet, place it in the /etc/puppet/modules
directory.
Manifests
Puppet programs are called manifests. Manifests are composed of puppet code and their filenames use the .pp extension. The default main manifest in Puppet installed via apt is /etc/puppet/manifests/site.pp
.
Template
Templating is a method of getting things in a standard format, which can be used in multiple locations. In Puppet, templating and templates are supported using erb
which comes as a part of standard Ruby library, which can be used on other projects apart from Ruby like in Ruby on Rails projects.
CA
Puppet uses certificates to verify the identity of nodes. These certificates are issued by the certificate authority (CA) service of a Puppet primary server.
Agent
Puppet agent is the application that manages the configurations on your nodes. It requires a Puppet primary server to fetch configuration catalogs from. Depending on your infrastructure and needs, you can manage systems with Puppet agent as a service, as a cron job, or on demand.
How Puppet Works ?
Puppet Master
The Puppet master is a daemon that runs on a designated server and is the primary source of configuration data and authority for Puppet. The master provides instructions for all of the nodes that are part of the Puppet infrastructure. Because some aspects of component configuration depend on the configuration of other components, the server that is designated as the Puppet master is required to be aware of the system's entire configuration. Puppet restricts access to the master by having the master run as its own user and group.
The master is responsible for several actions, including the following:
- Compiling the catalog for the agents
- Transferring files from a file server
- Sending reports to a central instance
Note: The master might also perform other actions that do not require root privileges.
Puppet Agent
The Puppet daemon that runs on a target system (or node) is known as the Puppet agent. The agent must have the appropriate privileges for the node on which it is enabled so that it can apply the configuration catalogs that it pulls from the Puppet master. The agent gains communication privileges from the master server by requesting an Secure Socket Layer (SSL) certificate the first time that it contacts the master. Subsequently, whenever the agent polls the master for configuration updates, it only receives updates if its certificate is valid.
The Puppet agent that runs on each of the target nodes must have the ability to modify most aspects of the system's configuration. This requirement enforces the state in which the master has indicated the agent should be. Because so much access to the system is required by the puppet agent, it is run as the root user or a user who is assigned the Puppet Management rights profile.
Puppet works by using a pull mode, where agents poll the master at regular intervals to retrieve site-specific and node-specific configurations. In this infrastructure, managed nodes run the Puppet agent application, typically as a background service. For more information, go to Overview of Puppet’s Architecture
.
The following figure describes the Puppet master/agent topology in more detail.
Node that is running the Puppet agent collects data about itself using facts.
Agent sends facts to Puppet master.
Master compiles a catalog based on data for how the node should be configured.
Master sends catalog back to agent.
Agent configures itself and reports back to the master.
Lab Guide: Setup Master and client
Master Node [ubuntu]
Client [ubuntu]
On Master Node
Manifests
Puppet manifests are written in a Puppet-specific language that is similar to Ruby, where each manifest uses a .pp
file extension. The Puppet site manifest (site. pp
) is the main file that Puppet uses to define global system configuration.
Catalogs
A catalog is a document that describes the desired state for each resource that Puppet manages on a node. A Puppet master typically compiles a catalog from manifests of Puppet code.
Puppet User and Group
The Puppet user and group are used for security purposes to ensure that a module only has access to the information that it requires from the master. The Puppet user and group also prevent the Puppet module from being exploited or compromised. The Puppet user performs tasks on the master and is a member of the Puppet group. This privileged user and group are automatically created and assigned to the master daemon when you enable the master SMF service instance during the setup process. Stores configuration manifests in the puppet manifests directory.
Through the Puppet user, the Puppet master performs the following tasks:
Accepts SSL certificates from agent.
Transfers files to agents.
Creates catalogs.
You can further read: References to puppet
Book a Discovery Call.