Testing infrastructure as code: A complete guide Understand IT change management vs. configuration management

How Puppet works: Using the configuration management tool

With Puppet, enterprises can manage configurations and simplify the DevOps process as a whole. Grasp how it works, and see if it's the right choice for your organization.

The DevOps stream from development to operations is a single overall process, with a multitude of tasks underneath that push it along. Feedback loops must be maintained to ensure that any issues picked up along the stream are reported back to the right area for remediation. Configuration management tools, including Puppet, support some of these critical tasks.

What is a configuration management tool?

A major part of the DevOps process is configuration management. Here, IT admins use a tool, or set of tools, to model existing infrastructure and create configurations to provision onto that infrastructure. These tools also enable admins to monitor configurations as they run and remediate any problems that occur within the runtime environment.

The process progresses as such:

  • Build a blueprint of infrastructure that's already there.
  • Define the desired end result.
  • Create the means to achieve this result.
  • Carry out the changes.
  • Ensure that the desired result is achieved.
  • Monitor the system.
  • Make any required changes.

These steps are looped as needed, and feedback is provided to the development and support teams.

What is Puppet?

There are various tools on the market, both open source and commercial systems, that offer these configuration management capabilities. One tool with a strong following is Puppet, which is available as an open source tool as well as a fully supported commercial version, Puppet Enterprise.

Puppet also provides additional products:

  • Puppet Remediate provides vulnerability assessment and response capabilities.
  • Puppet Connect provides agentless orchestration of self-service tasks across on-premises, cloud and hybrid infrastructures.
  • Puppet Comply provides capabilities to continuously monitor policy as code.
  • Puppet Relay provides an event-driven platform that pulls an organization's DevOps environment together into a cohesive whole.

Puppet also provides other standalone software to support enterprises.

How Puppet works

Puppet uses a declarative language that models the infrastructure as a series of resources. Manifests, consisting of a set of JSON files, pull together these resources and define the desired state of the final platform. Puppet stores manifests on the servers and uses them to create compiled configuration instructions as needed, feeding them to the agents via REST APIs.

A Puppet tool called Facter discovers and reports facts about nodes which are then used to create the manifests and configurations. Facts include built-in details of the overall platform and its nodes obtained directly via Puppet, custom information the user defines and provides, or external details written in another programming language, such as Perl or C -- or even in plain text. These facts become variables available in the Puppet manifest.

With facts and manifests, users can create platform-agnostic configurations, and reference different OSes on different machine configurations from a single resource. The Puppet configuration management tool then ensures the desired outcome occurs on each platform.

This overall approach to create a heavily hardware-agnostic environment is known as infrastructure as code. The user needs little to no knowledge of what physically exists in terms of servers, network items or storage. Instead, the user declares what is required and the configuration management tool converts the requirements into reality. This also encompasses a capability known as idempotency, which creates instructions that ensure the same result is created time after time, no matter where the results are created.

Certain situations may require a manual override, such as a service dependency on an OS patch or device driver. Puppet accommodates this via Hiera, a system that provides storage for site-specific configuration data as external information in a key-value pair lookup table. This system supports JSON, YAML and EYAML files, as well as providing back-end support for other systems such as PostgreSQL. This lets a user create a manifest that calls specific configuration data through Hiera, and bypass Facter, to create a highly specific runtime instance.

Nearly all aspects of Puppet code are maintained in modules that contain both code and data. Each module manages specific tasks, such as installing and managing apps across the IT platform. Most of the items to do with Puppet are then saved by the server in PuppetDB, a database that enables fast operations and access to data via APIs for other applications.

Puppet also provides thousands of prebuilt modules, from itself or its large group of third-party and individual developers, through its Puppet Forge repository. Puppet facilitates and maintains the Puppet Community, but many of the thousands of people involved are completely independent from the company.

Puppet architecture, master and agents. Although Puppet can run in a server-only model with command-line access, the majority of users run it in full client-server mode, where the servers run as masters and the clients run as agents. (For high availability, you should use more than one server.)

The Puppet agent requests and receives individual catalogues from the server and then enforces that state on the node for which it is responsible. Each agent then maintains reports that are sent back to the server. The server monitors and manages the overall platform; it also provides the data and configuration files that the agents request, and receives and manages data coming back from the agents.

Puppet versions

Puppet offers both an open source version and a commercial version of its software. The basic version of Puppet initially focused on the provision of a GNU general public license for a configuration management tool, but changed to an Apache License 2.0 model as of Puppet version 2.7.0 in 2011. The current version of Puppet is 7.0.0, released in December 2020.

The commercial version, Puppet Enterprise, adds a collection of capabilities to help automate the delivery and operation of an organization's infrastructure: orchestration, automation, role-based access control, compliance and reporting. It also runs alongside the Puppet Remediate tool to provide a full configuration management system. Puppet Enterprise will support up to 10 nodes for free; extra nodes are enabled via a contract with Puppet.

Applications and benefits of Puppet

Puppet is a good option for managing the processes to package and provision live application instances in the IT operations environment. Puppet can run as a standalone installation but it also has an open architecture. Enterprises that run Puppet in a development environment can link it to support DevOps processes managed by other systems.

To aid this process, many development tools provide Puppet integrations that enable developers to work directly in their chosen tool. With this option, Puppet functions as the repository for code items and stores them as resources. Puppet has worked with organizations, such as Microsoft's Visual Studio team and Ruby, to enhance these integrations.

As a DevOps tool, Puppet provides a reasonably comprehensive means to extend processes from developers through to operations and help desk staff. It is sufficiently code-agnostic and platform-agnostic, and works alongside existing development and operations systems. It has broad support in the market from commercial and community entities. It is among the front-runner tools to provision, automate, monitor, manage and report on workloads in a modern DevOps environment.

Puppet vs. other configuration management tools

Historically, Puppet has been a leading DevOps tool for sys admins and operations managers. Chef, another open source configuration management tool, is popular among developers and widely used in the market.

The differences between Puppet and Chef were greater in the past, but these two tools have largely converged in their capabilities, and at a basic level they have few major differences. IT organizations should carefully evaluate each tool's native features and ecosystem to decide which fits best with their own circumstances.

Puppet vs. Chef: The major differences

Puppet handles high availability via data replication to a second node and works in an active-passive mode, which brings the passive node into action if the active one malfunctions. Chef, on the other hand, uses a triple-active mode which produces better scalability overall.

Chef and Puppet also differ in terms of idempotency: Puppet uses its own domain-specific language, which allows for highly granular scripting, and according to the company, is more admin-friendly. Conversely, Chef uses the Ruby language, which it claims is far more wide-ranging and developer-friendly.

Puppet also has a software development kit to test its manifests in situ before releasing them; Chef uses a workstation environment to test its recipes.

There are other open source configuration management tools, such as Ansible and CFEngine, although buyers must choose carefully, as several open source configuration management engines have faded away due to lack of support.

At the commercial software level, there are also several options as purely configuration management tools. Others, such as CloudBees CD (Flow), HashiCorp Terraform and Atlassian Bamboo, provide an extra capability to enable users to plug in Puppet, Chef or another tool as the main configuration management engine.

Each system has its own strengths and weaknesses, many of which depend on the upstream development languages in use, and many of which are specific to the organization that will use them. Buyers must understand their needs carefully before they shortlist possible configuration management tools.

Editor's note: To cover more recent Puppet and configuration management concepts, this article has replaced a previous SearchITOperations article from 2009 by Andrew Shafer.

Next Steps

Secure configuration management tasks with a certificate authority

Select the best configuration management tools for your company

How a domain-specific language affects configuration management

Dig Deeper on Systems automation and orchestration

Software Quality
App Architecture
Cloud Computing
Data Center