iTranslated by AI
Puppet: A Configuration Management Tool Even a Rabbit Can Understand!
Puppet: A Configuration Management Tool Even a Rabbit Can Understand!
👇️ Also available on PodCast
Hello! I'm Usagi~ 🐰
Technical keywords really do pop up every single day, don't they? Today, I've looked into "Puppet," a configuration management tool I recently discovered!
Apparently, this tool allows you to manipulate server settings at will, just like controlling a puppet. The name is so cute—I simply had to investigate!
What is Puppet?
Puppet is an open-source tool for IT infrastructure configuration management and automation. It's a historical tool that Luke Kanies began developing in 2005.
What problems does it solve?
If you only have one or two servers, you might manage by configuring them manually. But what if you have 100 or 1,000?
- You need to repeat the same settings over and over again
- Configuration errors are prone to happen
- Settings become slightly different for each server
- No change history remains
Puppet is the solution to these headaches! It's a struggle for me to manage a huge pile of carrots, so maybe it's something like that?
Features and Strengths of Puppet
1. Declarative Configuration Management
The biggest feature of Puppet is that it is "declarative." This means describing "how it should be" rather than "how to do it."
For example, instead of "Install and start Apache," you describe the state where "Apache is installed and running."
2. Puppet's Unique Language (DSL)
Puppet uses its own Domain Specific Language (DSL). This is called a Puppet Manifest, and it is written in .pp files.
# Define Apache installation and startup
package { 'apache2':
ensure => installed,
}
service { 'apache2':
ensure => running,
enable => true,
require => Package['apache2'],
}
Easy enough even for a rabbit! The key feature is describing the "state"—like "the package is installed" or "the service is running."
3. Agent-Master Architecture
Puppet is primarily composed of two components:
- Puppet Master: A central server that manages configuration information.
- Puppet Agent: An agent that runs on each node (managed server).
Agents periodically poll the master to compare the desired state with the current state and apply changes as necessary.
4. Abundant Resource Types
Puppet provides various resource types, allowing you to manage almost all system settings:
- file
- package
- service
- user
- cron (scheduled tasks)
- exec (command execution)
Illustrating Puppet's Architecture
It's time for diagrams, which I love! I've created an SVG of Puppet's architecture.
Looking at this architecture diagram, you can clearly see how Puppet is structured. It's a system where the Master manages configurations centrally, and Agents periodically retrieve settings from the Master.
Let's take a closer look at Puppet's operational flow!
# Example of a more practical manifest
class webserver {
# Install the Apache package
package { 'apache2':
ensure => installed,
}
# Place the configuration file
file { '/etc/apache2/sites-available/mysite.conf':
ensure => file,
content => template('webserver/mysite.conf.erb'),
require => Package['apache2'],
notify => Service['apache2'],
}
# Start the service
service { 'apache2':
ensure => running,
enable => true,
require => Package['apache2'],
}
# Firewall rules
firewall { '100 allow http':
chain => 'INPUT',
dport => [80],
proto => 'tcp',
action => 'accept',
}
}
# Node definition
node 'web01.example.com' {
include webserver
}
This manifest defines the complete configuration for a web server. In my experience, defining configurations as classes like this is very handy because you can reuse them across multiple servers!
Comparison with Other Configuration Management Tools
There are other configuration management tools like Ansible and Chef, each with its own characteristics.
Puppet vs Ansible
| Item | Puppet | Ansible |
|---|---|---|
| Language | Puppet DSL | YAML |
| Architecture | Agent-based | Agentless |
| Learning Curve | Slightly high | Relatively low |
| Scalability | High | Moderate |
| Execution Method | Pull-based | Push-based |
Puppet vs Chef
| Item | Puppet | Chef |
|---|---|---|
| Language | Puppet DSL | Ruby |
| Design Philosophy | Declarative | Procedural |
| Extensibility | High | Very high |
| Community | Large-scale | Large-scale |
| Enterprise Features | Extensive | Extensive |
In my personal opinion, they might be used differently like this:
- Puppet: When focusing on long-term operations in large-scale environments
- Ansible: When simple and fast configuration management is needed
- Chef: When you are proficient in Ruby and prioritize flexibility
Practical Examples of Puppet
Let's look at some specific examples of what you can actually do with Puppet!
1. Automating User Management
# Create a user for developers
user { 'developer':
ensure => present,
uid => '1001',
gid => 'developers',
shell => '/bin/bash',
home => '/home/developer',
managehome => true,
}
# Place the SSH authorized key
ssh_authorized_key { 'developer_key':
ensure => present,
user => 'developer',
type => 'ssh-rsa',
key => 'AAAAB3NzaC1yc2EAAAA....',
}
2. Standardizing Development Environments
class development_environment {
# Install Git
package { 'git':
ensure => installed,
}
# Install and configure Docker
class { 'docker':
ensure => present,
}
# Install Node.js
package { 'nodejs':
ensure => '16.x',
}
# Install VS Code
package { 'code':
ensure => installed,
provider => 'snap',
}
}
3. Applying Security Settings
# Harden SSH configuration
class { 'ssh':
permit_root_login => 'no',
password_authentication => false,
pubkey_authentication => true,
}
# Firewall settings
firewall { '000 accept all icmp':
proto => 'icmp',
action => 'accept',
}
firewall { '001 accept all to lo interface':
proto => 'all',
iniface => 'lo',
action => 'accept',
}
firewall { '999 drop all':
proto => 'all',
action => 'drop',
before => undef,
}
Latest Puppet Information (2025 Edition)
Puppet in 2025 has evolved even further! In the latest Puppet Enterprise 2025, the following new features have been added.
1. Enhanced Security Features
- Automated vulnerability detection and remediation
- Compliance with CIS (Center for Internet Security) benchmarks
- More advanced audit logging capabilities
2. DevSecOps Support
It supports DevSecOps, which includes security as well as DevOps. This allows security to be integrated from the early stages of development.
3. Integration with AI
Features such as AI-powered configuration anomaly detection and optimal configuration suggestions have been added. I'd love to get smarter with the help of AI too!~
Summary
Usagi's Learning Notes 📝
After investigating Puppet, I've learned the following:
- Declarative configuration management is easy to understand because you describe "how things should be."
- Its agent-master model makes it strong for large-scale environments.
- Puppet DSL is a dedicated language, but it's surprisingly readable.
- With abundant resource types, you can manage almost anything.
Cases where Puppet should be used
- Large-scale environments with dozens to thousands of servers.
- Projects that prioritize stability and are based on long-term operations.
- Environments with strict compliance or auditing requirements.
- Mission-critical systems where configuration consistency is vital.
What Usagi wants to learn next
- How to create Puppet modules (I want to publish them on Puppet Forge!)
- Hiera, a data management tool for Puppet.
- Code management using r10k.
- Integration between Puppet and Terraform.
Configuration management tools are so deep! Maybe I should use Puppet to manage my carrot patch? (Just kidding~ 😊)
If you're interested in infrastructure automation, give Puppet a try! It should be especially helpful for those managing large-scale environments.
Well then, see you in the next "Tech Keywords Usagi Just Learned"! 🐰✨
Discussion