Quite some time ago, in my previous blog, I compared Ansible and Puppet in terms of configuration management. In this blog, I want to focus on other aspects of Puppet.
Key features of Puppet
We all know that the major argument against using Puppet is that it requires infrastructure to run, and yes, this is true if you want to run Puppet on a larger scale… but, Puppet is great! The community around Puppet is great. So in this blog, I wanted to show you how we, DevOpsGroup, have tackled this problem with Puppet infrastructure for our customers.
Puppet Forge is the goldmine when it comes down to the modules available. You can see how many things are supported by Puppet and how many people contribute to that. There are lots of modules written by the community, but those which are approved by Puppet are written in the highest standard.
Using Puppet at DevOpsGroup
What we created in DevOpsGroup is a kind of recipe on how to build Puppet infrastructure… using Puppet itself. Yes, you read that right! We are building Puppet infrastructure using Puppet. Now, you probably think (before you read this further) how could this be possible?! Well… Puppet can also run in masterless mode, which means you can install Puppet agent, write your manifests and apply them directly on the node itself.
We use AWS services and GitHub to demonstrate this solution. As a prerequisite, we had to upload the SSH key to AWS SSM Parameter Store for Puppet’s R10K so it can get access to GitHub repositories with the code base.
We used terraform to build basic Puppet infrastructure in the shape of Puppet Server (Master) and PuppetDB. User data scripts provided configure both services together waiting for their availability. For the purpose of this demonstration, we also create private Route53 puppet.aws domain and A records for Puppet Server and PuppetDB. Besides that, we build basic VPC structure with 2 subnets and Internet Gateway and we also create some basic Security Group and attach created Instance Profile to Puppet Server so it can access AWS SSM. We also supply SSH key which is being used for the PuppetServer and PuppetDB access.
There are multiple GitHub repositories which support this configuration and these are managed by Puppetfile:
· puppet-terraform-infrastructure – terraform code for this demo
· puppet-main – repository which contains the basic site.pp declaration and Puppetfile
· puppet-hiera – repository which contains all the hiera data
· puppet-roles – repository which contains the code describing Puppet roles
· puppet-profiles – repository which contains the code describing Puppet profiles
The entire process takes about 10 minutes and builds fully functional Puppet infrastructure…
Diagram showing the entire flow of this setup (click to enlarge image):