Should i use puppet

It is a bit time consuming to get your infrastructure ready for puppet, but the time invested is assured to be well spent when you expand. KISS Keep it simple stupid - Don't use new technologies just because they are there rather because you have a requirement for them, use the bare minimum that your deployment requires, update as required don't try to keep up with the bleeding edge. If you start with a basic setup and build on that it is easier to pickup as you go, and they shouldn't need a course are these even available?

The other area you can look at are your sysadmins. If they can't program as well, then are they advanced enough for a large deployment, where most of the work needs to be scripted whatever tools you use? I work for a non profit as well and was responsible for initially bringing Linux boxes in house and shortly thereafter Puppet for managing them.

There are a couple specific things we've done which have really helped get things rolling. First and foremost I've tried to stay away from the third party modules.

The biggest third party utility I use is the firewall module. Any custom facts, etc are developed with the whole team involved. We developed a template module and keep the file management, package, services, etc all standardized off this template.

Second, after standardizing on using the inbuilt modules we started using Git and Atlassian's Crucible - free for non profits, by the way - for performing reviews of all configuration changes.

This provides the transparency desired. Third, I automated the setup for Puppet so that new hosts can be added automatically with a default set of options.

There are several ways of addressing this. Since I already had a complete Kickstart environment I opted to add a script there.

My how times have changed, for the worse: a greybeard like me was expected to be a better programmer than professional programmers, or else would have never been able to pass for a system administrator. Now, we have "system administrators", who are basically Windows desktop users who have at some point converted to Linux and cannot program, and do not find anything whatsoever wrong with that.

The elephant in the room is why management tolerates such a destructive attitude. Destructive to whom or what? To the business and to the infrastructure. Everyone loses. When you have to use an automated hacking tool like Puppet or Chef, or CFEngine , it means you lack the wherewithal to design and to implement a process which would, by that same design, enforce completely pristine and lights out managed systems, fully automated and completely non-interactive.

Another important point is, if you have to have Puppet or some such solution to correct someone hacking system or application configuration by hand, that also goes back to not having the experience to design a process, and in that process a framework where configuration is packaged into discrete components.

In effect, whoever implements Puppet and the like, has no concept of component owners, releases, configuration management, Capability Maturity Model. This is rapidly developing into a very serious problem in the industry. Working with Puppet also helped me learn Ruby, which has come to replace Bash as my default system tools language. Why is Ruby needed, when a comprehensive, end-to-end configuration management can be encapsulated in preinstall, postinstall, preremove and postremove sections of operating system packages, just by using Bourne shell programs, AWK, and sed?

That someone would go to the length of learning an esoteric language of Ruby, and a dialect thereof in the context of Puppet, is completely unnecessary. The problem of configuration management is easily solvable and to wit, has been solved with shell programs and AWK, and a little sed 1 here and there as a glue. It's a cool feeling to see your Puppet manifest configure an entire machine or a new service from scratch. It is an even cooler thing seeing it done by Kickstart, AutoYaST, or JumpStart, without a single line of code , and being able to query the operating system by using built in tools, without needing any esoteric or extra software , no client-server architecture required SSH is more than fine, way more than fine , and seeing your operating system being aware of each and every change made to it.

Separate code from data. This is one of the harder concepts to learn. Hardcoding values like Monitoring Hosts into your module code is bad. Putting them in a data store db, yaml Hiera uses this be default , csv, whatever that your modules can consume is good. An example is a webapp that uses Mysql. What this allows is the ability to push code and data separately. This makes your development process simpler. Or you could just template your configuration files with shell variables, even backquotes for example ls Why make it complex, when it can be really, really simple?

Where will you store the configuration values? Why, anywhere you please, such as for example pkginfo 4 files, or a database like Oracle, or pretty much anywhere. No need for ultracomplex solutions. The library I mention above could simply be sourced from the preinstall or postinstall sections in the operating system packages, thereby removing duplication and leveraging a central piece of code But above all, I find that the above quote is an example of the next generation of system administrators needing tutoring not by system administrators, but by system engineers.

Find yourself a greybeard and sign on as an apprentice. Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. How can the little guys effectively learn and use Puppet? Asked 9 years, 5 months ago. Active 4 years, 3 months ago. Viewed 28k times. Improve this question. Add a comment. Active Oldest Votes. A few notes on your points Improve this answer.

Community Bot 1. I went from no experience on Puppet to having my complete environment managed in two weeks flat. That simplified things quite a bit. I'm a developer by profession. Excellent answer! I would recommend them to start deploying small services, first in standalone then start tinkering with more servers.

If they want to keep up with the rest of sysadmins in the current century, they had better be open-minded. I do it because I like, and I guess not everybody likes learning new things, but one thing is for sure, nowadays sysadmins are closer to developers than ever.

I work in a small company and I also run puppetd -t for testing on a couple boxes before pushing to all the servers.

Despite being more complicated in some ways, Puppet does have advantages over Ansible in its use. A big one is that if you have syntax errors, they can be easily highlighted in Puppet before you run the task.

Management of Ansible vs. Puppet focuses on push and pull configurations. In Puppet, the client pulls configurations from the server, whereas in Ansible, the server pushes configurations to the nodes, for instantaneous deployment. As for scheduling, in the default settings, Puppet Agent checks every 30 minutes to make sure the nodes are in the desired state.

Overall, Ansible lacks some advanced features that Puppet and other more mature competitors have. Both Ansible and Puppet have backups in case of failure, meaning availability need never be interrupted. Ansible has a secondary node in case the active node fails, and Puppet has more than one master in case the original master fails. Both tools are highly scalable, meaning they can handle a big increase in nodes with no problem. However, scalability is generally considered to be easier in Ansible.

When it was introduced, Ansible was a command-line-only tool. You can also access a technical account manager TAM or become involved in the Puppet community thousands of people by attending events or participating in other channels. Ansible offers two levels of professional support for its enterprise version.

There are also more than meetups around the world; a bigger gathering of users and contributors annually, called AnsibleFest; and mailing lists by topic, such as general questions, developer questions, and announcements. Overall, it has a smaller developer and user community than Puppet and the support and troubleshooting resources on the web.

As mentioned, the basic versions of both Puppet and Ansible are free and open source. You can try out Puppet Enterprise on 10 nodes for free. Ansible Tower has three levels of pricing: 1. Learn for free! The answer is, it depends. Both tools are excellent for different reasons, and each has advantages and disadvantages. If you aim to manage multiple firewall rules for your system in the future, it is recommended to create a custom resource for firewalls.

It is inadvisable to use executable resources to constantly chain many Bash commands. If we define a custom port, we need to add configuration that allows SELinux to grant access.

Puppet contains resource types to manage some SELinux functions, such as Booleans and modules. However, we need to execute the semanage command to manage port settings.

This tool is a part of the policycoreutils-python package, which is not installed on Red Hat Enterprise Linux systems by default. Puppet installs policycoreutils-python first, then configures port access before starting the httpd service.

The HTTP server configuration is now complete. This provides a platform for installing a web-based application, which Puppet can also configure. For this example, however, we will only copy over a simple index web page to our web server. Create a file named index.

Add the following content to this file:. Create a manifest named app. This new class contains a single resource declaration. Additionally, the require attribute ensures the mymodule::httpd class completes the configuration successfully before we apply mymodule::app. Finally, include this new manifest in our main init.

The output should resemble the following:. This output notice message shows that the index. Our module is ready for use. To export the module into an archive for Red Hat Satellite 6 to use, enter the following command:.

If any changes are required, edit the files within the modules directories and rebuild the module using the puppet module build command. The changes will only be reflected in Satellite if the module version is increased.

Upload and publish the new version in Satellite Server. Hide Table of Contents English English. Chapter 2. Building Puppet Modules from Scratch. Examining the Anatomy of a Puppet Module. Static Files Modules can contain static files that Puppet can copy to certain locations on your system. Templates Sometimes configuration files require custom content. Plug-ins Plug-ins allow for aspects that extend beyond the core functionality of Puppet.

Procedure Use this procedure to deploy a new Puppet development system. Enable the Red Hat Satellite Tools 6. If not, Puppet starts it. In this case, it ensures the httpd service starts after the httpd package installs.

This creates a dependency between the service and its respective package. This checks our configuration file for any changes. If the file has changed, Puppet restarts the service. We check the httpd package is installed before adding this file. We add a second file resource declaration. Use the operatingsystemmajrelease fact to determine whether the operating system is Red Hat Enterprise Linux 6 or 7.

If using Red Hat Enterprise Linux 6, declare an executable exec resource that runs iptables and iptables-save to add a permanent firewall rule.

After the exec resource completes, we trigger a refresh of the iptables service.