This document provides an overview of Puppet and Puppet Enterprise. It summarizes the key components and projects that make up Puppet like Puppet, Facter, Hiera, MCollective and PuppetDB. It describes the capabilities of Puppet Enterprise like configuration management, orchestration, discovery, provisioning and reporting. The document also provides community growth metrics and information on training offered by Puppet Labs.
14. Community Growth
1,700 modules
449 module authors
1.3 million downloads
on the Puppet Forge
80,000 people
have downloaded Puppet,
PE, MCollective or the
Learning VM
5,000+ people
have been trained on
Puppet technologies
16. Easy to Get Involved
• Help with Documentation
• Ask/Answer questions
• http://ask.puppetlabs.com
• mailing lists
• IRC
• Help with bug triage
• Contribute code
• Contribute modules on the Forge
puppetlabs.com/community
20. Puppet Enterprise
IT automation for end-to-end infrastructure lifecycle management
Discovery of nodes, resources, and status using
real-time data
Provisioning of bare metal, virtual, and cloud
capacity
IT Automation
Configuration installation and configuration of
operating systems and applications
and automated enforcement
Orchestration of multi-step operations to targeted
collections of nodes
Reporting of all state changes of all resources
across all nodes
21. Puppet Enterprise: Discovery
Dynamic, real-time discovery of nodes, resources, and state
Address all nodes simultaneously
Query any data source on a node
% mco find –S “environment=QA and !dept=sales”
!dept=sales”
Nodes
Puppet Classes & Facts
Files & Databases
System Queries
puppet
enterprise
No More Outdated CMDBs
Current deployment =
source of truth
Cloud Service APIs (eg, EC2)
Ask Specific Questions
Focus queries using
booleans and regular
expressions
Scalable, Real-time Responses
Asynchronous message busbased architecture
22. Puppet Enterprise: Provisioning
Quickly stand-up private and public cloud infrastructure
Provisions instances and install agents
Agents register with master
puppet
enterprise
Agents apply configurations
Leverage Existing Work
Re-use on-premise
configs for cloud
deployments
Many Clouds, One Solution
Avoid lock-in to cloud
vendor-specific APIs
Prevent Cloud Drift
Maintain consistent
environments between onpremise and the cloud
23. Puppet Enterprise: Configuration
Improve agility and productivity through defining and enforcing a desired state
1. Define the desired state
service { ‘ssh’:
ssh’
ensure => running,
enable => true,
true,
subscribe => File[‘/etc/sshd_config’]
File[ /etc/sshd_config’
}
2. Simulate configuration changes
4. Report on differences
and any changes made
puppet
enterprise
Current State
Desired State
3. Enforce the deployed desired
state – automatically
24. Puppet Enterprise: Orchestration
Controlled, multi-step operations to targeted collections of nodes
Goal: update Apache on all QA nodes
Update 10%
of nodes
Update
next 20%
Wait 20 min
100% of
nodes updated
Wait 20 min
Puppet Enterprise
Dynamic Multi-step Operations
Chain the outputs of one
operation into the next
Manage Change Rate
Progressively apply
changes to sub-sets of
nodes
Control Change Scope
Apply changes only to
specifically tagged nodes
25. Puppet Enterprise: Reporting
Inventory and change data accessible via GUI and APIs
Comprehensive Infrastructure Data
Hardware and software inventory,
change reports, configuration graphs
Open Standards
YAML, JSON, and .dot-formatted
data accessible via RESTful API
Rich Ecosystem of Tools
Boundary, New Relic, Graphite,
GraphViz, Gephi, and many more
26. Puppet Enterprise: Event Inspector
Quickly understand and act on changes occurring in your infrastructure
Know What Changed, Where, & How
Visualize infrastructure changes by
Nodes, Classes, and Resources
Understand the Impact
Drill-down, zoom-out to evaluate the
scope of changes
Take Action & Improve Service Levels
Get the specifics to address and
manage change
27. Puppet Enterprise: Role-Based Access Control
Read-only, Read-write, and Admin roles
Easy Set-up
Quickly create new users through the
Puppet Enterprise console GUI
Easy Installation
Select from Read-only, Read-write, or
Admin roles
Native Resource Support
Users’ activities logged and auditable
Third-Party Authentication Support
LDAP, Active Directory, Google Apps
29. Puppet
• Core project in the Puppet ecosystem
• Idempotent, model-based configuration management
• A simple language to describe state and an engine for
enforcing it
• Huge library of reusable modules on the Puppet Forge
Puppet Enterprise built on top of Puppet
30. MCollective (mco)
•
•
•
•
•
Framework for server orchestration
Parallel, real-time job execution
Pluggable discovery of resources
Target only the systems you want
Extensible through simple Ruby agents
Drives Orchestration Engine in Puppet Enterprise
31. PuppetDB
• Foundation for applications that use Puppet data
• Central storage for catalogs and facts that are part of your
puppet infrastructure
• Incredibly fast replacement for existing ActiveRecord stored
configs
• The most recent facts and catalog for every node
Foundation for Puppet / Puppet Enterprise data storage
32. Hiera
•
•
•
•
Simple, pluggable Hierarchical Database
Key/value lookup tool for configuration data
Keeps site-specific data out of your manifests
Puppet classes request data and Hiera will act like a site-wide
config file
• Makes it easy to configure nodes, re-use Puppet modules and
publish your modules
Foundation for Puppet / Puppet Enterprise Hierarchical Data
33. Facter
• Collects Facts about each system and uploads them to the Puppet
•
•
•
master, making an inventory system and a way to make decisions in
your Puppet code
Facts are available as variables in the Puppet DSL, like
‘$operatingsystem’
Super easy to plug-in additional facts in Ruby
External Facts let you extend your inventory without Ruby:
• shell, batch files or Powershell on windows, raw YAML
Foundation for Puppet / Puppet Enterprise Inventory
34. Razor Provisioning
• Rules-based provisioning for bare metal hardware and virtual
•
•
•
•
•
servers
Developed in cooperation with EMC/VMWare
Easily deployed via a puppet module from the Forge
Automatically brings new servers into your puppet
infrastructure
Open, pluggable, and programmable
Not yet ready for prime time - Help us get there by filing bugs
and contributing to the community
35. Puppet Armatures (ARM)
• Proposals to enhance / add features
• Process for collecting, reviewing, sorting, and recording the
result of proposals for enhancements
• Used for work that is significant or large impact
• Community-focused process with improved openness and
transparency
Feature Enhancements for Puppet
github.com/puppetlabs/armatures
36. Puppet Forge: Module Repository
• By the community ... For the community
• Identify and use the best ones
• Contribute your own modules
Jan 2012
September 2013
Modules
260
1525+
Users
930
3100+
Total Downloads
Since Feb 2012
1.4 million
Add Additional Functionality to Puppet / Puppet Enterprise
How many people are using Puppet now?
How many using Puppet for more than a year? More than 2 years? 3 years?
How many are currently on 2.x series? 3.x series?
How many are using PE?
More services
More servers
More critical
No future in which IT is smaller and matters less
Remember Maintenance windows?
Remember back-out plans that involved reverting on Saturday night if things didn’t go well?
9 months is too long
*3* months is too long
You can’t hire 1 sysadmin for every 25 servers any moreYou can’t decide not to change
You can launch 1000 machines in 20 minutes
Workloads can shift in minutes, not days
Many of your developers adopted Agile and Lean practices
Shipping code to you every week or even every day
Bad.
Big incumbents that are pre-cloud, pre-devops
Shell scripts and hand-rolled solutions
Manual configuration
80k downloads: any user (ie, they've given us their email address) who downloaded Puppet OR Puppet Enterprise OR MCollective OR Learning Puppet VM.5000 have attended a Puppet training class.
The community continues to grow and grow!
Question(s) Slide Answers and/or Slide’s Purpose:
“What’s the difference between your FOSS projects and Puppet Enterprise?”
Communicate that it is not an apples-to-apples comparison between PE and Puppet open source – each addresses a fundamentally different need.
“You wouldn’t want to run your mission-critical business on a collection of cutting-edge open source projects, right?”
Question(s) Slide Answers and/or Slide’s Purpose:
“What are the basic capabilities of Puppet Enterprise?”
Plant the seed that PE is not just a single-shot, one-off tactical tool; it can play a strategic role in IT infrastructure management.
Problem
IT is forced to use different tools from different vendors when managing their infrastructure.
Capability
Puppet Enterprise has the capabilities IT needs for end-to-end lifecycle management of their infrastructure.
Benefit
One tool, one training, one vendor
Multiple capabilities certified to work well together
DISCOVERY
Problem
Old way of keeping track of servers with barcodes, clipboards, and spreadsheets simply doesn’t scale and isn’t dynamic enough.
Ask “What do you do today to keep track of your nodes and the services and resources on them?”
Ask “Does anyone ever ask, ‘What’s on that box?’ … and no one can answer?”
Capabilities
Instead, with dynamic infrastructure the infrastructure itself is the best single-source of truth.
Puppet Enterprise’s discovery capability allows users to access any data source in real-time in their node network.
Benefits
Never out-of-date data about node status, resources, etc. – always current, always consistent.
No more, “What’s on that box?” confusion.
Pluggable / customizable – any file, API, etc can serve as a data source.
Highly scalable and fast
CLOUD PROVISIONING
Problem
QA team needs to rapidly provision virtual machine (VM) environments for testing
performance engineering team needs to provision lots of AWS instances to create test load on applications
sysadmins finding they need multiple, silo’d tools for provisioning, configuring, and managing VMware or AWS environments
Capability
Create VMware or Amazon cloud node capacity
Automatically install the Puppet Enterprise Agent
Automatically configure the new nodes using Puppet Modules
Benefit
Respond quickly to business demands while maintaining consistency across your deployment environments – public or private
Re-use the same configurations you built for your physical infrastructure for your virtual and/or cloud infrastructure
FAQs
Q: Will this work with my existing VMware deployment?
A: Yes, PE cloud provisioning uses the VMware vSphere API
CONFIGURATION MANAGEMENT
Problem
Ask “How does your team configure operating systems and applications today?”
Sysadmins struggle to quickly configure nodes and deploy applications
Lack of confidence that, despite following procedural steps, the nodes are actually in the intended state
Sysadmins struggle to maintain the original server and app configurations over time – “configuration drift”
Little-to-no visibility into what configurations are changing in their infrastructure over time
Capability: Declarative, Model-based Automation
Define the desired end-state of resources and applications in the Puppet language
Simulate the definitions to make sure they do what was expected
Then, in enforcement mode, Puppet Enterprise automatically maintains the defined state
Puppet Enterprise rolls-up any changes to any resource made in enforcement mode into reports accessible via Puppet Enterprise GUI and APIs
Benefits
Automate away repetitive, menial tasks
Eliminate configuration drift
Centralized management – change a single definition file, all nodes get updated
Write definitions once and re-use again and again and again
Complete visibility into the state and rate-of-change of the infrastructure and applications
ORCHESTRATION
Problems
Ask, “What orchestration tool are you using today?”
The problem isn’t just automating change to a single node; most IT organizations are managing 100s even 1000s of nodes.
How do you roll-out changes to all the nodes? If you do it all at once, what if you make a mistake?
How do you roll-out changes to just a subset of nodes, eg, just the QA nodes?
Capabilities
Based on input from Discovery, target changes to subsets of nodes, eg, just the QA nodes
Automatically roll-out changes across entire data center one subset at a time, separated by user-defined period of time
Schedule and trigger Puppet Enterprise agents directly from Puppet Enterprise console GUI
Benefits
Complete control over rate-of-change to nodes
Re-usability of progressive deployment automation
Fast and highly scalable
REPORTING
(Graphic = visualization of node graph data, showing configuration dependencies among nodes)
Problems
Trying to easily populate their asset management database.
Needing more configuration change details for auditing or change management process verification.
Stumped by configuration dependencies between Puppet modules.
Capabilities
Three sets of data
Node hardware and software inventory data (Facts provided by PE 2.5’s inventory service)
Puppet run reports (run results, including automatically enforced configuration changes)
Node configuration graph data (dependencies within and amongst nodes)
Formats: YAML, .dot
API: Accessible via RESTful Puppet API
Puppet Enterprise console GUI
Benefits
Enables customers to dig deeper into the changes occurring in their infrastructure.
Open data formats and APIs allow customers to take advantage of a wide range of tools available to process, analyze and visualize.
Open data formats and APIs are technically accessible to system administrators – they do not need to ask development to build the app, the system administrators can do it themselves.
EXAMPLES
A customer using Dell server hardware used the Puppet Data Library API to access the PDL inventory service and regularly pull each server’s serial number, then automatically check the serial number against Dell’s support website to see whether the server was still under warranty.
A customer trying to optimize configuration modules uses Puppet Data Library to create graph of configuration dependencies and then visualize that using GraphViz.
FAQs
Available in Puppet open source? Yes.
What about Splunk? Complementary with Splunk. Splunk only looks at log files. PDL looks at separate, complementary data. If system admin is using Splunk, they’re a good candidate for Puppet Data Library.
EVENT INSPECTOR
(Graphic = event inspector screen in PE console)
Problems
“What class (eg, “Apache service”) changed in my infrastructure?”
“Which nodes did it impact?”
“How did this change happen?”
Capabilities
Inspect changes from Class, Node, and Resource points-of-view
Zoom-in to individual resources (files, users, packages, etc) to get specific details
Zoom-out to aggregations of 10s and 100s to understand impact
Benefits
Quickly identify what changed, and where
Understand the scope of impact – Large? Small?
Get details needed to take action to remediate and/or pro-actively manage
FAQs
Available in open source Puppet? No.
Role-Based Access Control (RBAC)
(Graphic = RBAC Admin GUI, showing set-up/editing of user with Read-only access)
Problem
Multiple system administrators of varying degrees of experience and seniority managing PE environment via same PE console.
Managers wanting access but system administrators concerned that the managers will accidentally screw things up.
Security compliance team complains about lack of auditability of system administrators’ activities.
Capability
Create users and assign Read-only, Read-write, or Admin roles via Puppet Enterprise console GUI.
Activate / De-activate individual users as necessary.
All users’ activities logged.
Benefits
Balances Access & Control: Allows system administration team to maintain control while providing access and visibility to managers, junior employees, colleagues in other departments, etc.
Accountability & Auditability: Security compliance teams can demonstrate IT compliance with policies as well as conduct audits and forensics on log data.
FAQs
Available in Puppet open source? No, Puppet Enterprise only.
Comparable functionality accessible via command line? No.
What’s on roadmap? Customer-defined roles, command line functionality comparable with GUI.
Unpacking the second bullet point a bit--
Idempotent = “Run the command multiple times, only the first one makes a change”
Model-based = Don’t tell puppet how to do something, just describe what you want done
Configuration management = Automated, repeatable, auditable changes to Unix, Linux and Windows systems
You do this through Puppet’s Domain Specific Language, aka the Puppet DSL, which looks kind of like a nagios configuration file but has some programming language concepts like if/else conditions, variables and loops.
But mostly, especially if you’re getting started with managing common services like web and database servers, you can just download and use modules from the Puppet Forge, configure them for your environment and start “pulling the strings” of your infrastructure.
‘Stored configs’ are Puppet’s way of sharing information between nodes in your infrastructure. You pick resources to EXPORT from one node’s configuration, puppet STORES them in the database, then COLLECTS them for other machines to use. A really common use for this is EXPORTING all your web servers’ instance names and port numbers and then COLLECTING them for your monitoring server to build nagios configuration automatically.
What all this means is that puppet plus razor allows the administrator to automate the entire infrastructure stack, from bare metal to fully deployed applications in a cloud
armature |ˈärməCHər, -ˌCHo͝or |2 a metal framework on which a sculpture is molded with clay or similar material. • a framework or formal structure, esp. of a literary work: Shakespeare's plots have served as the armature for many novels.-- New Oxford American Dictionary
Puppet Armatures are proposals to enhance / add features to Puppet or something in the Puppet eco-system. This is a community-focused process intended to improve openness and transparency in both Puppet Labs-funded and contributor efforts. For details, please read ARM-0, which describes the rationale and process.
There is currently a gap in the process for developing Puppet that is sometimes critiqued as lack of openness, frustration over where and how to get ideas heard, and the perception that the redmine issue tracker functions as a dumping ground for fly by feature requests that sit there for years with no, or very little, action or value.
Other open source projects have adopted an enhancement process to deal with such issues, and thus, this is an attempt to define ARM - Puppet Armatures. This proposal is heavily inspired by the Java community's JEP process.
In some cases, ARMs are artifacts of the process leading up to one or several issues/feature requests in the issue tracker. In others, they may be detailed, principled specifications for major innovations.
Read more about ARM process here: https://github.com/puppetlabs/armatures/blob/master/arm-0.arm/arm.md
Lots more focus
Dedicated team
- Puppet Test Pilots is our user research program.
- To make sure we build products that solve real problems, we must talk the experts - you. We want your honest feedback.
- Test Pilot sessions are typically 1 hour remote screensharing meetings.
- Topics range from PuppetDB to release management to the Puppet Forge.
- Test Pilots have a direct impact on the future of Puppet products.
- Test Pilots receive gift cards and t-shirts for every session they participate in.
- Anyone can sign up to be a Puppet Test Pilot, even if you don't use Puppet.
- Sign up at puppetlabs.com/ptp. You'll be invited to participate in the next session we're conducting!
These short, online video courses are focused on a specific topic with exercises and quizzes to test your learning all from the comfort of your home, office, couch or favorite coffee shop. Best of all, we’re currently offering these courses for free!