Puppet 8 for DevOps Engineers E-Book

Puppet 8 for DevOps Engineers

Automate your infrastructure at an enterprise scale

David Sandilands

BIRMINGHAM—MUMBAI

Puppet 8 for DevOps Engineers

Copyright © 2023 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Associate Group Product Manager: Preet Ahuja

Senior Editor: Athikho Sapuni Rishana

Technical Editor: Rajat Sharma

Copy Editor: Safis Editing

Project Coordinator: Sean Lobo

Proofreader: Safis Editing

Indexer: Hemangini Bari

Production Designer: Alishon Mendonca

Marketing Coordinator: Rohan Dobhal

First published: June 2023

Production reference: 2310723

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80323-170-9

www.packtpub.com

This book is dedicated to my family: my wife, Linzi, for always supporting and believing in me; my sons, John and Jude, for inspiring me to push myself; and my parents, Neil and Janet, who have always been so nurturing and loving throughout my life.

– David Sandilands

Foreword

I’m not exactly sure when I first became aware of David Sandilands as a member of the Puppet Community, but it must have been about a decade ago, when I was the CTO of Puppet, and DevOps, infrastructure as code, and automated configuration management were all still things I was having to evangelize and explain to enterprises. It was immediately apparent that David was a rare individual, someone who was keenly plugged into the cutting edge of IT automation, but with extensive experience inside large, and relatively conservative, organizations.

This combination meant that David understood that automation at scale is a social activity as much as a technical one, and that driving real value and improvement means treating your Puppet installation as a platform for collaboration, not just a collection of technical capabilities.

In the decade since, we’ve seen DevOps explode in popularity and the emergence of the platform engineering movement, where enterprises all over the planet have realized they need to be taking the approach that David knew was necessary 10 years ago.

This foresight, concern for the human side of automation, and collaborative mindset are why, many years later, I was thrilled to have David join my team at Puppet as a principal solutions architect, helping companies big and small build out true Puppet platforms at scale.

There have been a number of books written about Puppet over the years, but this is a truly special one, distilling David’s immense knowledge and experience into a pragmatic journey through the core concepts and tooling around Puppet, all with an eye toward building a collaborative platform.

I don’t believe we’ve ever seen a Puppet book like this, and whether you’re a first-time Puppet user or an enterprise IT architect, or you’re looking to use your existing Puppet skills to deliver more for your organization, I know you’re going to find this an invaluable reference.

Nigel Kersten

VP of product and engineering at Synadia

(Nigel served in a variety of senior technical executive roles at Puppet over 12 years, from CTO to VP of engineering to head of product.)

Contributors

About the author

David Sandilands is a principal solutions architect at Puppet, with a focus on the product management of Puppet’s development ecosystem and integrations. This includes management of the Forge, supported modules, the Puppet Developer Kit, and integrations such as ServiceNow and Splunk. Before this, David worked within Puppet’s solutions architect team, helping Puppet’s largest customers deliver infrastructure automation at scale, and supported these customers in their DevOps working practices. He spent eight years at NatWest as a cloud infrastructure engineer delivering their IaaS platform. Based in Falkirk, Scotland, David has a Bachelor of Engineering in computer science from the University of Edinburgh.

I want to thank my wife, sons, parents, and parents-in-law for their love, support, and patience.

I would also like to thank Nigel Kersten for championing my work on this book, along with so many Puppet colleagues and Puppet Community friends who I have learned so much from on this research journey.

Finally, thanks to my editors and reviewers for their endless patience with me throughout the writing of this book.

About the reviewers

Aditya Soni is a DevOps/SRE tech professional who has taken an inspiring journey with technology and achieved a lot in a short period of time. He has worked with product- and service-based companies, including Red Hat and Searce, and is currently positioned at Forrester as a DevOps engineer. He holds AWS, GCP, Azure, Red Hat, and Kubernetes certifications. He mentors and contributes to the open source community. He is a CNCF ambassador and has been an AWS Community Builder for four years. He leads AWS, CNCF, and HashiCorp user groups for the state of Rajasthan in India. He has spoken at many conferences, both in-person and virtual. He is a hardcore traveler who loves food, exploring, and self-care and shares stories on social media as @adityasonittyl.

I would like to thank my parents and family who support me in numerous ways with my busy schedule. Taking the time to review the book wouldn’t have been easy without them. To my friends, who always cheer me up and give me confidence whenever I feel lost. Last but not least, to the open source communities, mentors, managers, and co-workers from the early days up to now who have helped me along my path.

Jerald Sheets has been an industry system administration professional for over 30 years specializing in automation with Puppet. He owns and operates a Puppet consulting firm within the Metro Atlanta, GA, area and can be reached via https://sscgatl.com. He has been a Puppet Partner since 2014, has consulted for both employers and clients in the areas of Puppet Enterprise and Puppet Community, and has authored for the Puppet Blog. He can be found on the Puppet Community Slack under the handle CVQuesty and loves to help other Puppet Community users in any way he can. A father and step-father of 7, he lives, works, and worships with his family in rural Georgia.

Edwin Maldonado has worked in the tech industry for more than 15 years. He is a product manager at Puppet by Perforce, where he leads the Puppet Forge. Before joining the product team, Edwin worked as a solutions architect at Puppet, and as a software engineer and consulting architect in the Americas and Europe. Edwin loves learning about history and being a home barista.

Table of Contents

Preface

Part 1 – Introduction to Puppet and the Basics of the Puppet Language

1

Puppet Concepts and Practices

Puppet’s history and relationship to DevOps

Puppet as a declarative and idempotent language

Key terms in the Puppet language

Puppet as a platform

Common misconceptions

Summary

2

Major Changes, Useful Tools, and References

Technical requirements

Major changes since Puppet 5

Puppet 5

Puppet 6

Puppet 7

Puppet 8

Legacy Puppet patterns

IDEs and tools to assist in Puppet development

How to deploy your Puppet lab and development tools

Mac desktop

Windows desktop

Linux desktop – RPM-based

Linux desktop – APT-based

Configuring tools

References and further research

Summary

3

Puppet Classes, Resource Types, and Providers

Technical requirements

Classes and defined types

Including a class

Defined types

Namespaces

Resources, types, and providers

Lab

The package type

The file type

Service types

Lab

Core resource types

The exec type

The Augeas type

The notify type

Metaparameters and advanced resources

audit

tag

The resources metatype

Arrays of titles

Overriding parameters

Attribute splats

Lab

Anti-patterns

Abstract resource types

Defaults

schedule

Summary

4

Variables and Data Types

Technical requirements

Variables

Naming

Reserved variable names

Interpolation

Data types

Strings

Numbers

undef

Booleans

Regexp

Lab

Arrays and hashes

Assigning arrays

Accessing an array index

Accessing a subset of an array

Nested array

Array operators

Array data type

Assigning hashes

Accessing hash values

Nested hashes

Hash operators

Hash data type

Mixing hashes and arrays

Lab

Abstract data types, including Sensitive

Prefixes

Patterns

Arrays and hashes

Parent data types

Lab

Scope

Summary

5

Facts and Functions

Technical requirements

Facts and Facter

Custom facts and external facts

External facts

Custom facts

Lab

Functions

Statement functions

Prefix and chained functions

A selection of built-in functions

stdlib module functions

Lab

Deferred functions

Summary

Part 2 – Structuring, Ordering, and Managing Data in the Puppet Language

6

Relationships, Ordering, and Scope

Technical requirements

Relationships and ordering

Containment

Scope

Best practices and pitfalls

Lab – overview of relationships, ordering, and scope

Summary

7

Templating, Iterating, and Conditionals

Technical requirement

Templating formats in Puppet – EPP and ERB

EPP templates

ERB templates

EPP and ERB comparison

Iteration and loops

Iterative loops

Data transformation

Nested data

Conditional statements

If and unless statements

Case statement

Selectors

Capture variables

Lab – creating and testing templates containing loops and conditions

Summary

8

Developing and Managing Modules

Technical requirements

What is a module and what is in it?

Lab – reviewing the apache module

Roles and profiles method

Writing and testing a module using the PDK

Testing with RSpec using the PDK

The describe and context keywords

Examples, expectations, and matchers

Parameters and preconditions

Relationships

Data from Hiera and facts

Managing dependencies with fixtures

Coverage reports

Further research and tools for RSpec

Serverspec

Understanding Puppet Forge

Lab – creating a module and testing it

Summary

9

Handling Data with Puppet

Technical requirements

What is Hiera?

Using the built-in backends

Accessing data

Using custom backends

Hiera layers

Lab – add data to a module

Deciding when to use static code or dynamic data

Keeping data secure

Lab – use eyaml to store a secret

Pitfalls, gotchas, and issues

Lab – troubleshoot Hiera

Summary

Part 3 – The Puppet Platform and Bolt Orchestration

10

Puppet Platform Parts and Functions

Technical requirements

Puppet platform installation and versioning

Puppet Server

The embedded web server

The Puppet API service

The Admin API

CA

JRuby interpreters

Configuration and logs for Puppet Server

The Puppet agent-to-server lifecycle

Lab – monitoring certificate signing logging

PuppetDB and PostgreSQL

Lab – querying PuppetDB

Scaling with compilers

Lab – viewing compiler and load balancer configuration

Summary

11

Classification and Release Management

Technical requirements

Puppet environments

Environment directories and paths

Environment configuration files

Environment validation and deployment

Understanding node classification

Node definitions

Classifying nodes with Hiera

ENC scripts

PE classifier

Recommended approach

Puppet runs

Managing and deploying Puppet code

Creating a workflow

Lab – classifying and deploying code

Summary

12

Bolt for Orchestration

Technical requirements

Exploring and configuring Bolt

Connecting to clients with transports and targets

Running ad hoc commands with Bolt

Output and debugging

Understanding the structure of projects

Configuring a project

Configuring transports

System level and legacy

Introducing tasks and plans

Creating tasks

Creating Puppet plans

Constructing targets

Using plan functions

Logging and results

Handling errors

Managing data sources

Documenting plan metadata

Plan testing

Introducing YAML plans

Plugins

Reference plugins

Secret plugins

Puppet library

Lab – creating and using a Bolt project

Summary

13

Taking Puppet Server Further

Technical requirements

Logging and status

Exploring log locations

Forwarding server logs

Report processors

Accessing status APIs

Metrics, tuning, and scaling

Exploring metrics dashboards

Identifying and avoiding common issues

Lab – configuring metric dashboards

External data provider pattern

Understanding external data provider components

External data provider implementations

Lab – hands-on with Splunk and Puppet Data Service

Summary

Part 4 – Puppet Enterprise and Approaches to the Adoption of Puppet

14

A Brief Overview of Puppet Enterprise

Technical requirements

What is Puppet Enterprise?

Exploring the Puppet Enterprise console and services

Puppet Server

Introducing Puppet web console components

Using Bolt with Puppet Enterprise

Orchestrator services

Running jobs

Configuring performance settings

Automating deployment and reference architectures

Understanding supported architectures

Deployment and configuration

Puppet Enterprise-related projects and tooling

Monitoring and troubleshooting Puppet Enterprise infrastructure

Managing deployments and ensuring compliance

Lab – Puppet Enterprise extensions and configuration

Summary

15

Approaches to Adoption

Scope and focus

Managing heritage estates with no-op mode

A platform engineering approach

Adoption in regulated environments

Moving to the cloud

Summary

Index

Other Books You May Enjoy

Preface

As DevOps and platform engineering have pushed demand for powerful internal development platforms, the need for infrastructure automation solutions has never been greater. Puppet is one of the most powerful infrastructure automation solutions used by the largest enterprises in the world and has a strong open source community. This book comprehensively explains both the Puppet language and the platform. Starting with the basic concepts and approach of how Puppet works as a stateful language, it builds up to explaining how to structure Puppet code to scale and allow flexibility and collaboration among teams. It then looks at how the Puppet platform allows management and reporting of infrastructure configuration, showing how the platform can be integrated with other tools such as ServiceNow and Splunk. Finally, approaches will be discussed to understand how to implement Puppet to fit into heavily regulated and audited environments as well as modern hybrid cloud environments.

By the end of this book, you will have a full understanding of the capabilities of both the Puppet language and platform and be able to structure and scale Puppet to create a platform to provide enterprise-grade infrastructure automation.

Who this book is for

This book is ideal for DevOps engineers looking to automate infrastructure configuration with Puppet. It specifically focuses on Puppet’s configuration management capabilities but goes on to touch on other infrastructure management practices in general. It will allow both beginners and current Puppet users to learn about the full power of the Puppet language and platform.

What this book covers

Chapter 1, Puppet Concepts and Practices, focuses on why Puppet was developed, how it has changed over time, and the core concepts and practices of Puppet. It also focuses on how Puppet assists in a DevOps transformation and our approach to it.

Chapter 2, Major Changes, Useful Tools, and References, discusses major changes such as harmful terminology, sensitive values, deferred functions, and other high-level items that have emerged since Puppet 5. It will also highlight items that have dropped out of Puppet. It will cover useful tools to assist development, such as VS Code and the Puppet Development Kit (PDK), showing how the lab and development environment will work for the book. It will also show various Puppet and community references for further learning.

Chapter 3, Puppet Classes, Resource Types, and Providers, introduces the most basic building blocks of Puppet and how to use them so you can understand the initial stages of writing Puppet code, showing how resource types and providers work together to create stateful code independent of the underlying OS implementation and how classes allow us to group these resources.

Chapter 4, Variables and Data Types, details how to assign variables with data types in Puppet, how they can be managed in arrays and hashes, the use of the sensitive data type to secure variables, and how the variable scope is managed. Then, we’ll provide some best practice advice on how to use these variables and data structures well within Puppet.

Chapter 5, Facts and Functions, looks at the facts and factors that it provides, how to use them in Puppet code, and how to customize them. It will also look at functions: what they are, how lambdas can be used with them, and how the relatively recent deferred functions can be used with them

Chapter 6, Relationships, Ordering, and Scope, covers how Puppet handles relationships and order as well as scope and containment. These issues come together to help the user understand how cross-module or cross-class resources and variables will intersect.

Chapter 7, Templating, Iterating, and Conditionals, shows how to use templates, iteration, loops, and various conditional statements, such as if cases and selectors to affect the flow and management of code.

Chapter 8, Developing and Managing Modules, discusses the structure of modules, the use of the PDK to create them, and how we can test modules. It will also discuss how to use Puppet Forge well to both consume and share code and understand the quality of shared modules.

Chapter 9, Handling Data with Puppet, runs through how Puppet handles data, discussing what Hiera is, at what levels to store data, and some pitfalls and mistakes to avoid in structure and approach.

Chapter 10, Puppet Platform Parts and Functions, helps you understand what Puppet is as a platform, how the various components work together and communicate, and common architecture approaches to deliver scale.

Chapter 11, Classification and Release Management, discusses how Puppet manages servers and code in environments, how servers can be classified, and how the Puppet run of this classification actually runs. The tooling to deploy code into these environments will also be discussed.

Chapter 12, Bolt for Orchestration, looks at how to use Bolt as an orchestrator for procedural tasks, showing the various transport options – SSH, WinRM, and PCP – to use via Puppet agents. You will see how tasks and plans can complement Puppet code and how Puppet code can be orchestrated and deployed via Bolt itself.

Chapter 13, Taking Puppet Server Further, looks at more advanced topics to ensure you can monitor and scale your infrastructure, deal with common issues, and integrate external data sources.

Chapter 14, A Brief Overview of Puppet Enterprise, highlights the differences between Puppet Enterprise compared to open source, and the integrations and services available to help scale and tune infrastructure.

Chapter 15, Approaches to Adoption, discusses how Puppet can be adopted and worked with in real brownfield environments, highlighting lessons learned in the field and from various adoptions, and looking at correctly scoping use cases to benefit from delivering regularly. It will look at how Puppet can work within platform engineering as well as with heritage estates, and even in highly regulated and change-managed estates.

To get the most out of this book

Some background understanding of system administration for Unix and Windows systems and application deployment is required. Also, some core development concept knowledge is required, such as revision control tools (Git, virtualization, and testing) and coding tooling (such as vi or Visual Studio Code).

Software/hardware covered in the book

Operating system requirements

Puppet 7 or 8

Windows, macOS, or Linux

Bolt

Windows, macOS, or Linux

Visual Studio Code

Windows, macOS, or Linux

Azure

Puppet Development Kit (PDK)

Windows, macOS, or Linux

The PEADM module

Windows, macOS, or Linux

The full configuration of the required software for the lab environment will be covered in Chapter 2.

If you are using the digital version of this book, we advise you to type the code yourself or access the code from the book’s GitHub repository (a link is available in the next section). Doing so will help you avoid any potential errors related to the copying and pasting of code.

Download the example code files

You can download the example code files for this book from GitHub at https://github.com/PacktPublishing/Puppet-8-for-DevOps-Engineers. If there’s an update to the code, it will be updated in the GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Download the color images

We also provide a PDF file that has color images of the screenshots and diagrams used in this book. You can download it here: https://packt.link/vPsXh

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "The lookup function key, data_hash, accepts yaml_data, json_data and hocon_data as values but most Puppet implementations just use YAML data, so this book will default to the yaml_data backend."

A block of code is set as follows:

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

Any command-line input or output is written as follows:

Bold: Indicates a new term, an important word, or words that you see onscreen. For instance, words in menus or dialog boxes appear in bold. Here is an example: “Select System info from the Administration panel.”

Tips or important notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, email us at [email protected] and mention the book title in the subject of your message.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Share Your Thoughts

Once you’ve read Puppet 8 for DevOps Engineers, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.

Download a free PDF copy of this book

Thanks for purchasing this book!

Do you like to read on the go but are unable to carry your print books everywhere?

Is your eBook purchase not compatible with the device of your choice?

Don’t worry, now with every Packt book you get a DRM-free PDF version of that book at no cost.

Read anywhere, any place, on any device. Search, copy, and paste code from your favorite technical books directly into your application.

The perks don’t stop there, you can get exclusive access to discounts, newsletters, and great free content in your inbox daily

Follow these simple steps to get the benefits:

https://packt.link/free-ebook/9781803231709

Part 1 – Introduction to Puppet and the Basics of the Puppet Language

This part will establish the core concepts of what Puppet is, what you can achieve with Puppet, how it fits into a DevOps approach, and how we will approach it in this book. We will then take a high-level overview of the core components of Puppet. The development lab environment used throughout the book will be reviewed, along with useful references and further learning resources. Then, we will begin with the basics of the language by looking at classes, resources, variables, and functions.

This part has the following chapters:

2

Major Changes, Useful Tools, and References

This chapter will set out the major changes that have taken place since Puppet 5 up to the current versions, Puppet 7.24 and 8.0. This is viewed as the modern era of Puppet, where in the previous chapter, the change of focus was highlighted in the history of Puppet. This summary of changes will also cover some redundant patterns and approaches that might still be seen from earlier versions of Puppet, as these can still be visible in code and various sources. The chapter will then go on to discuss tooling to create a productive developer environment for Puppet, which will be used for the lab environment throughout this book. The aim will be to give an opinionated view of how to develop Puppet code and tooling that can assist with this. These tools can be installed in an environment of the readers’ choice. The lab environment itself will then be demonstrated by standing up a simple setup and logging in. The chapter will finish by looking at what resources are available for you to keep up to date with Puppet and research further topics of interest.

In this chapter, we’re going to cover the following main topics:

Technical requirements

The development environment will require an OS with access to the internet, which can be any of the following:

The following software is required for the development environment:

The pecdm module (https://github.com/puppetlabs/puppetlabs-pecdm) will create resources as specified via the bolt command. The cost of running the labs in Azure should be carefully watched via the Azure cost analysis tools to avoid unexpected bills. Labs not in use should be destroyed or at least deallocated to reduce charges.

All of these components have equivalents that you might use in your organization. However, the purpose of this development and lab setup is to make it as simple and automated a setup as possible. It might well be an exercise you wish to do as the book progresses to test out your own components. The pecdm module itself supports AWS, Azure, and GCP with instructions on the module to configure the necessary CLI.

The code for this section can be found at https://github.com/PacktPublishing/Puppet-8-for-DevOps-Engineers/tree/main/ch02.

Major changes since Puppet 5

Puppet 5 reflects the change in direction of Puppet as an organization, which was highlighted in the previous chapter. Its focus is on performance and scaling for infrastructure and stability in the language. This section will cover the changes that have taken place between Puppet 5 and 8; these versions reflect the versions of Puppet in use, which you are likely to see in code bases you are working with and in modules you would take from the Puppet forge. It will also cover some old patterns and issues you might see in code that reflect how Puppet was before version 5.

Puppet 5

Puppet 4 had a large number of deprecated features, which were almost all removed in Puppet 5. It is not worth listing all of these features, but just to set the context of the release, it was more about finishing what had been started in Puppet 4 by introducing more new features. It standardized package numbering, with all the Puppet packages starting at 5.0.0 instead of the mismatches of various packages, such as Puppet 4 requiring Puppet Server 2.x and Puppet agent 1.x.

Puppet 5 as a server platform delivered big boosts in performance: agent runtimes were 30 percent lower, CPU utilization was at least 20 percent lower, the catalog compile times reported by Puppet Server were 7 to 10 percent lower, and Puppet 5 was able to scale to 40 percent more agents. Puppet Server metrics were introduced to give greater observability of the Puppet platform. In addition to this greater performance and scalability, Puppet Enterprise 2017.4 onward had capabilities to allow for disaster recovery along with package inspection, which stored information about software installed across the estate regardless of whether Puppet managed it or not. Full technical details of the Puppet Enterprise features will be discussed in Chapter 14.

Although not affiliated directly with Puppet 5, the Puppet Development Kit (PDK) was released around the same time, which automated a lot of tool installation, testing, linting, and the creation of module directories (this will be covered in detail in Chapter 8). Previously, this had to be done by hand or by individual developer automation. Additionally, Hiera 5 integrated with EYAML (a mechanism of encrypted data covered in Chapter 9), which was introduced and massively simplified how data could be secured and still used.

Puppet 6