Review: Puppet 3.0 pulls more strings
Version 3.0 of Puppet Labs' configuration automation tool shines with speed boosts, orchestration improvements, and deeper support for Windows servers
To apply this module to a node, we would then define a new class in the Web UI called ntp
, edit a node group or a node itself, and add that class to the group or node. This will cause Puppet to apply that configuration to the node through the Puppet agent installed on the node.
By default, the agent checks in with the Puppet Master every 30 minutes, but of course that is a configurable parameter. The node can also be forced to update through the Live Management tab in the Web UI. Live Management allows an admin to enable, disable, run, and monitor the Puppet agent on a node or group of nodes. We can select a node to refresh, then force the refresh. If we select the node we configured with our ntp
module, it will check in with the server, download the module information, install the ntp
package, modify the configuration file, and start the service.
If somewhere down the line, the node checks in with the master and discovers the configuration has been manually changed or the service has been stopped or uninstalled, the agent will again apply the changes and start the service back up.
This is a very simple example of what Puppet can do. There are hundreds of modules available from Puppet Labs and contributors that can be used to manage a wide variety of configuration elements on Linux and Windows systems, across a wide variety of distributions and versions.
If we were to do the same thing for Windows servers, we might use the adenning
/winntp
module by Adam Denning. This is configured similarly on the Puppet Master:
class winntp (
$special_poll_interval = 900, # 15 minutes
$ntp_server = 192.168.32.10, 192.168.16.10',
$max_pos_phase_correction = 54000, # 15 hours
$max_neg_phase_correction = 54000, # 15 hours {
include 'registry'
service { 'w32time':
ensure => 'running',
}
...
)
When applied to Windows hosts, this module would modify the required registry values to configure the Windows time service to use our NTP servers, and make sure the service was started.
Modules can be constructed to perform a variety of tasks, not just package installation and file modification. You can also place entire files in specific directories and construct templates using the Ruby-based ERB language.
However, it is of paramount importance that any Puppet implementation have a testing and development sandbox. Each configuration element incorporates a significant number of moving parts and needs to be tested thoroughly before rolling out to production. You can accomplish this by maintaining a set of virtual servers that represent their production counterparts, and testing new modules and modifications only on the appropriate test node or group.
Puppet Enterprise also includes the Cloud Provisioner, which is an extension designed to work with Amazon's EC2 cloud service. It provides a way to create a new EC2 instance, install the Puppet agent, and sign the certificate from the command line on a Puppet Master server.