In this section we will discuss how Puppet works. Most importantly, we will get straight to what Puppet can do for you in your environment. We will discuss how it can drastically improve the consistency of your systems, while reducing the amount of time you spend maintaining them.
First, let's talk about you. Yes, you sitting there, reading this. Based on the fact that you are reading this, you are likely to be responsible for managing systems. You might be a systems administrator paid to manage a diverse set of platforms without enough time to do it all. You might be a developer who is paid to write a code, but you find yourself spending too much time managing your development platform. You may be a DevOps engineer, with both sets of concerns. Or perhaps you are a modern homemaker trying to ensure that each of your children's laptops work consistently.
No matter what your objective is, there is a common theme to most situations today. There are too many details, too many parts, too many small differences between things, too much change within even the smallest environments, and not enough time to do it all. Puppet is designed for exactly these needs.
Doing more with less is exactly what Puppet is designed for. But let's go one step further; Puppet won't just save you time, it will ensure that each thing is exactly the way you want it, every time. When we are done, you will stop worrying if all the steps were followed, if every single thing was done. It will be like having a butler and a maid for your systems. You will learn to express the policy, and know that Puppet will handle all the details for you.
Let's talk a little bit about how this works. In this book you will learn to write out what I call the Puppet policy. This policy is built from manifests and modules. We'll talk about how to write a manifest in the very next section. We'll go on to build a custom module for managing Puppet clients. These two building blocks will comprise a policy expressing how you want things to be.
Puppet contains hundreds of built-in resource types that can handle many common systems' management tasks. In many situations, you won't have to write any more specific code. You express what you want in the policy using the built-in types, and Puppet handles the details for you.
However, you may have needs that are custom and unique to your environment. Puppet is very extensible and you'll find it very easy to build your own modules. In these modules, you can define your own resources to do things that the Puppet maintainers never dreamed about. We're going to show you how to do this in the Building a custom module section.
There are many benefits of using something which is easy to extend. One of them is that many people extend the software to meet their own needs. The other is that these people can form a community of users who share the modules with each other. So before you go off to build a module yourself, you should check out the Puppet Forge, a site containing thousands of modules and custom resources that others have already developed.
To summarize, we are going to show you how Puppet can help you do more, do it faster, and spend less time worrying about it. We are going to teach you how to extend Puppet to meet your specific needs. And we are going to introduce you to the large active community of Puppet users and developers who share their own custom modules in the Puppet Forge.
Enough with the talking. We are all busy people, it is time we got started!
You can run your puppet servers and clients on many different platforms and architectures. To get up to speed as quickly as possible, we recommend that you use Red Hat Enterprise Linux 6 or CentOS 6 for your server. There are good reasons for this, which can be stated as follows:
Puppet Labs supports Red Hat and CentOS very well. Many of their supplied modules only support the RHEL/CentOS systems. So you won't run into version or compatibility issues while you are learning to use Puppet.
All the software you need is available in binary packages for these platforms.
The binary packages include the
initscripts and default configurations that you may otherwise have to create manually.
After you have finished this book, you can migrate the server to any platform you wish to support. This guide will help you set up the server in a manner which makes it trivial to move it to another host server.
I am going to talk about the difference between deterministic results and procedural results. I will explain how Puppet is oriented around deterministic results, and why the best results can be achieved by learning to think in a deterministic manner.
What are deterministic results? Determinism is something that returns the same result every time, given the same input. A calculator or spreadsheet both return deterministic results. You might be thinking to yourself, "isn't all software deterministic?" Not in the sense that we are talking about. Most software applications don't return the same results every time; you have to check the environment in which the software runs, and modify the input you give it. For example, let's use a very simple program that creates a new user:
$ useradd –u 2000 deterministic
That worked fine, didn't it? Now let's run the same program again, with the exact same input.
useradd: user 'deterministic' already exists
Ah, same input but not the same result; that's not deterministic at all! To actually make this very simple idea deterministic requires a larger script that validates each value against the environment:
#!/bin/sh
USER=$1
USERID=$2
FOUND=$(id -u $USER 2> /dev/null)
if [ $? -ne 0 ]; then
useradd –u 2000 deterministic
else
if [ $FOUND -ne $USERID ]; then
usermod –u 2000 deterministic
fi
fiThis is how most programming is done. You have to check A, then B, and then do C or D based on what you observe. This is called Procedural programming. Think about how much more code would be required if you wanted to ensure that the gid, the comment, the home directory, and the password were correct? What about the extra code to make this function work properly for adding a root-equivalent user with UID 0? Do you agree that this would be quite a long script? You probably have a few scripts like this around. In all likeliness you end up fixing them every time you get a new platform to support, or a new version of the operating system.
Now, let's look at how you would approach this with Puppet. In Puppet, you express the ideas in a deterministic manner. By this, I mean to say that instead of expressing the steps to get to a result, you only express what you desire the final result to be. For our previous simple example, that could be as easy as this:
user { 'deterministic': uid => 2000 } If you want it to be much more specific, you can ensure that all the parameters for this user are defined, with less lines of text than our previous simple script:
user { 'deterministic':
ensure => present,
uid => 2000,
gid => 2000,
comment => 'Deterministic User',
home => '/home/determinism',
shell => '/bin/bash',
}Instead of spending time to write out A then B then C or D, you simply express the final result that you desire. In Puppet this is called a policy. You'll find that expressing your needs with a deterministic policy (definition of a final result) saves a lot of time, especially if you manage a heterogeneous environment, where the commands used to check for or create a user differ. You don't need to think about those differences when you are writing Puppet policies.
I'd like you to stop and reread this section one more time before we proceed. Here we have identified a very important shift in how to approach systems management. As the new users start developing their first puppet policies, it is common to see them fall back to the procedural thinking styles. They can do things with a procedural style in Puppet, but they will be fighting the current, going uphill, and wasting time. After a short while, they realize the utility of the deterministic manner and start defining their policy accordingly. They learn to do more with less, and do it faster than ever before.
I am going to try and help you avoid that first round of mistakes. We are, together, going to get you working like an experienced hand at Puppet by the end of this short book. The first step in avoiding that introductory round of wasting time is to go back and reread this section. Come to terms with the simplicity of expressing a final result.