Puppet 2.7.0 is available. This is a feature-based release for the Puppet project. This release incorporates several key new features, hundreds of bug fixes and enhancements, and a lot of input from the community. We went through four release candidates on Puppet 2.7.0 and appreciate all the feedback, bugs, questions and ideas that made Puppet 2.7.0.

First things first: You can download Puppet 2.7.0.

The release notes cover thoroughly what’s new, what’s changed and what’s improved with Puppet. I’ll highlight some of my favorite features, coming from a system management prospective. We’ve had a few blog articles already about some of the API enhancements, including Faces.

License Change

As previously mentioned, in 2.7.0 we changed the license of Puppet to the Apache Software License Version 2.0.

Ruby 1.9 Support

2.7.0 is the first version of Puppet to support Ruby 1.9. We’ve targeted 1.9.2 and higher versions. There are still a few known issues, but bugs are being aggresively fixed with Ruby 1.9 and it’s now a first-class citizen on our Continuous Integration system.

Deterministic Catalog Application

Previously, Puppet didn’t guarantee the application of a catalog of unrelated resources in any particular order. This meant that if you forgot to specify some important `before` or `require` relationship, a single catalog might work fine on eight nodes and then fail mysteriously on the ninth and tenth. This could be frustrating! Now it’s gone: Puppet will make sure that the same catalog will always be applied in the same order on every machine, and it’ll either succeed reliably or fail reliably. (This change will also be appearing in the final 2.6.x releases.)

Manage Network Devices

Puppet has new types for managing network hardware, and a new `puppet device` subcommand for applying these configurations. These are in their early stages and can currently only handle Cisco IOS-based hardware, but they’re the start of a big leap forward in Puppet’s ability to manage your entire infrastructure. Look a blog with more details of this functionality soon.

Deprecations

We’re starting the hourglass on a few older features:

• ‘puppet‘ as a synonym for ‘puppet apply‘ — Starting today, running `puppet my-manifest.pp` will issue a warning; you should start using `puppet apply` directly instead. Support for implicit invocation of puppet apply will be dropped in Puppet 2.8.
• Dynamic scope — We’ve started issuing warnings when variables or resource defaults are found via dynamic lookup. There’s more info and explanation in a guide on the docs site, but the short version is that you should start referencing variables with their qualified names instead of counting on dynamic scope. We hope to drop support for dynamic scope in Puppet 2.8.
• No more `–parseonly` option — This one’s already gone, because we used Faces to build a drop-in replacement: use `puppet parser validate [] [ ...]` instead.

Download Puppet 2.7.0

For about three years now (since basically 15 minutes after Pulling Strings with Puppet was released) James has been asked, “When is the 2nd edition coming out?” This is quickly followed by, “Why is the book so short?” And then the question one never gets sick of: “Why isn’t there an index?”

Well y’all can stop asking—Pro Puppet is here and shipping. This edition is a complete rewrite and extension of the original book. It covers the 2.6.x series of releases and covers a lot more ground than the heavily space-limited Pulling Strings book.

The book includes quite a bit of material. The first two chapters re-introduce the reader to Puppet and provide step-by-step instructions to get a Puppet Master and Agent up and managing some resources. Puppet modules and organizing your code are also covered in these two chapters to help you get things nice and organized from the beginning. Since James is a fairly organized and sane person (and doesn’t separate out his right and left socks within pairs like Jeff does), he wrote these chapters with just the right attention to detail. Chapter 3 builds upon the organizational structure James introduces in the form of modules by covering Puppet environments. The chapter is actually more of a description of a typical dev/test/prod change management workflow with version control underlying the whole process. In Chapter 4, Jeff tackles scalability with Puppet by replacing the out-of-box Puppet Master with a full blown SSL load balancer enabling horizontal scaling by adding as many Puppet Masters as you’d like. If you’re interested in encryption, HTTP load balancing, and scalability then this chapter is definitely for you.

Following the scalability chapter, the rest of the book covers a number of different features of Puppet added since Pulling Strings. First, external node classification, which is really just a fancy term for “pulling in data from anywhere you want” is covered in a great chapter written by James. Next, Jeff covers the ability to exchange resources between Puppet managed nodes in the chapter about how to export resources from one node and collect them on another. If you’ve ever been annoyed by SSH host key warning messages or prompts, read this section. You should never again have to press “enter” before connecting to a host for the first time. Think of the time you’ll save!

Finally, a number of tools external to the core Puppet project are covered in the rest of the book. We cover how to setup and connect the Puppet Dashboard, providing a nice web interface to Puppet and the reports produced by Puppet runs. Other tools covered are the Puppet Forge and Puppet module tool, reports and custom report processors, Cucumber Puppet and the Ruby DSL. One tool in particular, MCollective, works incredibly well in combination with Puppet. It works so well, in fact, that an entire chapter has been dedicated to the subject of integrating MCollective for use with Puppet. If you’ve ever said to yourself, “Boy, I really wish I could make this change to all of those systems _right now_ but I hate having to know their hostnames to SSH into them,” then MCollective is something you should definitely check out in Chapter 11.

So why did it take so long? Well life, mostly, and waiting for the right release to base the book on. Thankfully this book was a collaboration with the awesome Jeff McCune, who unlike the book’s other author, James Turnbull, isn’t a shocking procrastinator. It was largely due to Jeff coming on board and writing half the book that the book got done at all.

Preview

This follows on from my

previous post on Faces

and continues the explanation of what Faces are and how they work. Last
time I talked about Facades, the generic mechanisms for accessing Faces.

The fundamental components here are:

1. Facades – the ways you can interact with your Faces and Actions.
2. Faces – these represent a coherent subsystem, or modelled object or entity.
3. Actions – these represent things you can do to the modelled object or entity.
4. Options – these modify the way that actions work

Faces: a subsystem, or a modelled object or entity

Each Face represents one coherent thing. Mostly, these are objects or
entities that we manage—catalogs, nodes, certificates, and other parts of
the coherent data model that Puppet maintains about the nodes on your network.

Many of those wrap our existing indirection and
terminus system, including:

• Catalog: provide access to the catalog compiler and cache.
• Certificate: provide access to the certificate authority.
• Facts: provide access to the fact discovery or cache systems.
• Status: provide access to the Puppet status terminus.

Generally, we don’t expect too many people (you, or us) to write Faces that
get back into core: something like that usually means a fairly fundamental
addition or modification to the code data model in Puppet. Since that data
model moves relatively slowly, Faces will also be created and destroyed
relatively slowly.

Most of the growth around Faces will come from two areas: one is a
collection of “functional” Faces rather than data model Faces. These will
replaces the current set of applications, either spreading their actions over
the appropriate Faces that form the underlying model, or by adding new Faces
focused on their actions.

We also expect to see a lot of people use Faces to help integrate their own
model and function into Puppet: being able to say puppet helpdesk report
… in order to file a bug report on a system is a great extension, and
something that you can naturally integrate into your own platform with Faces.

Extending and Creating Faces

There are two ways that you will interact with Faces: extending an existing
Face by adding a new Action, or creating a new Face from scratch. I will
cover adding Actions in my next post; for now, to create a new Face you need
to start with an idea of what you are modeling.

In this case we are going to create the outline of a backup Face,
to demonstrate how you might go ahead and build something like that in your
own system.

Our overall goal is to produce a tool that will create a backup copy of our
Puppet modules, ready for archiving. This is NOT going to
be a complete backup solution, but it will be a complete example of building a
Face and action.

In this episode we start by creating the stub for the Face and getting it to
the point that it can be used:

We start by creating the Face itself, in
lib/puppet/face/backup.rb. This example will only contain
documentation, no actions; we will add those next round.

# encoding: utf-8
# Dear Ruby and Emacs, this is -*- ruby -*- in lib/puppet/face/backup.rb
 
# We need to load the Face support library...
require 'puppet/face'
 
# ...and declare our Face. We have to give it a version; I chose version
# 0.1.0 because Face is still under heavy development. See http://semver.org/
# for the details of why that is an appropriate version number.
Puppet::Face.define(:backup, '0.1.0') do
  # First, the annoying bits that make our lawyers happy. You should probably
  # include this information in your Faces as well, but our defaults are
  # restrictive so your code is not redistributable unless you make an effort
  # to achieve the same.
  #
  # We just include the literal string directly in the output; use whatever
  # you want here. It isn't like the computer cares much.
  license "Apache 2"
 
  # Copyright takes one or more authors as a string, then a sensible set of
  # years. It should pretty much do what you expect for any input (or fail
  # with a clear error message. ;)
  copyright "Puppet Labs", 2011
 
  # You can call out the authors of your Face, too, and Actions. They will be
  # displayed in the help output, which can help folks track you down when
  # they need to talk to you about something.
  author "Daniel Pittman <daniel@puppetlabs.com>"
  # You can add more authors with more 'author' statements:
  # author "U.N.Owen <anon@example.com>"
 
 
  ########################################################################
  # Now, on to more interesting things. We should document what our Face
  # is all about so that 'puppet help backup' does the right thing.
  #
  # The summary is a single, brief, line describing what the Face is for.
  # It gets used when displaying lists of Faces, and similar places.
  summary "Manage backups of the Puppet installation"
 
  # We also give a description; this is a block of text used to give broader
  # context to the Face, like the description in a manual page.
  #
  # We automatically trim away whitespace used for gross indentation in the
  # description, but preserve semantic indentation. So, you don't need to
  # write your text aligned hard-left to get it output nicely.
  #
  # Note that we don't describe options or actions here: they are documented
  # separately, and that is automatically extracted from the appropriate files
  # when the time comes to display it.
  description <<-DESCRIPTION
    The 'backup' Face provides tools to help manage backups of the Puppet
    installation; it focuses on making it easier for the backup system to
    work reliably with our deployment without needing to bake in specific
    knowledge of Puppet to our backup system – just fire this up instead.
  DESCRIPTION
 
  # We can give some examples; these make it easier for the user to understand
  # how to use the Face. They won&#039;t work yet, but they should eventually...
  examples <<-EXAMPLES
    # Just create a new backup under the current directory:
    ] puppet backup
 
    # The same thing, explicitly naming that we are creating a backup:
    ] puppet backup create
 
    # Name the target directory explicitly:
    ] puppet backup create --target=saved_copy
  EXAMPLES
 
  # Also, some notes; these are displayed under a notes header, and are things
  # that the user might care about, but not important enough to call out in
  # the description.
  notes <<-NOTES
    * This is **NOT** a complete backup solution.
    * NO WARRANTY IS PROVIDED OR IMPLIED!
  NOTES
end

Wiring it all up

Once you have written your Face you are almost there. Unfortunately, you need
to wire it up to the Puppet::Application system so that it can be
invoked from the command line.

We have a plan (#6753)
to clear this up, but for the moment we need to wire things together by
creating lib/puppet/application/backup.rb to match our Face:

# Dear Ruby and Emacs, this is -*- ruby -*- in lib/puppet/application/backup.rb
require 'puppet/application/face_base'
 
# Create our placeholder class. The naming convention is simple, but not
# entirely clear: take the name of the Face as a symbol, convert in all to
# lower-case except the first letter, and name your class that way.
#
# For example:
# :backup    => Backup
# :two_words => Two_words
#
# ...and, yes, we are away that this isn't really the Ruby way. ;)
class Puppet::Application::Backup < Puppet::Application::FaceBase
  # This class is deliberately left empty. It exists as a placeholder to
  # signal that this application is implemented as a Face, nothing more.
end

Next Time…

Stay tuned for the next episode, where we add an Action to the Backup Face, and illuminate the more interesting parts of the system.

The Faces blog series thusfar:

• Puppet Faces: What the heck are Faces?
• Faces, Actions, Options, and Facades, Oh My!

We are happy to announce the second release candidate for Puppet 2.7.0.

This moves us firmly toward a final release of the 2.7.0 series, including 38 maintenance changes to improve the robustness of the software, and 85 distinct bug fixes resolving issues found with the RC or the new features included.

Notably, we have added a large set of improvements to the pkgutil package provider, resolving #4528, and making it better, faster, stronger, and harder working.

We have updated the default ACL on the puppet master, allowing nodes to request information about themselves from the configured node terminus. This exposes data from the ENC, as well as any static node configuration, to the same node; by default you still cannot query information across nodes without changing the ACL rules. This allows interesting changes, including the ability to inspect the ENC data from the client when using the new Faces-based agent.

Finally, we have made substantial usability improvements to the Faces; this fills out the set of plumbing features we expected to make available to Face authors in the initial release, resolves a swath of bugs found during testing, and adds documentation to all Faces and actions accessible through the puppet help subcommand.

Run puppet help to get started with the new help system; it includes all the details you need to explore the available subcommands and actions.

We hope that this is the final step in delivering a functional and capable Puppet 2.7.0 to the community. The second release candidate for Puppet 2.7.0 can be downloaded here.

As most of you realize by now, Puppet 2.7 was released under the Apache 2.0 license instead of under the GPL, and Facter has already been released under the Apache license. My goal in this post is to explain why, and what effects you might expect to see as a result.

We’ve been talking about the possibility of this change for about two years, but it was only in the last six months that it’s been solidified as the right plan. For the vast majority of people, this change won’t affect you at all—Puppet is still open source, and under one of the most open licenses available. For a few of you, however, this license change will make it easier to embed Puppet into your software, ship it as part of a solution you’re building, or contribute code to it.

Our goal at Puppet Labs, and my goal since I started the company and the project, has been to have Puppet everywhere. I want every OS to ship with Puppet, I want every appliance to use Puppet, and I want every device that can’t run Puppet to speak its language and still integrate with it. Heck, I want to replace the package manifest formats with Puppet’s language. I’m a big believer in open source, but for strictly practical reasons. Puppet always had to be open source, because I couldn’t get the kind of ubiquity that I wanted with a purely commercial product—too much of our infrastructure is already open, and too many sysadmins understand the risks of locking yourself into software you can’t control and have no visibility into. Also, when I started the project I had no reputation and, um, no money; open source was a great way to bootstrap the company and project with very little expense.

With the GPL, realizing this goal of ubiquity was very difficult—some companies are comfortable with the GPL and have no problems including software released under it, but plenty of other companies are dreadfully afraid of the potential for it to force releasing of other code, whether or not that fear is rational. With Apache, these companies can focus on whether Puppet will make their solution better, and not worry about whether they’ll have to make significant business changes in order to use it. You won’t see me making arguments about freedom here (and you probably won’t have much luck engaging in such a conversation with me separately), but you have already seen that my practical perspective on this drives toward open source as much as anything else.

To me, the choice between GPL and Apache was never about which one is more free. It has always been about which one can best accomplish the goals of the project, and possibly which can do the best job of helping me fund those goals. In the end, choosing GPL means more companies that want to partner with us have to pay us, else their software must also be open, while choosing Apache means anyone can use, embed, and extend Puppet without having to worry about it affecting any other software. In other words, the choice between GPL and Apache for us as a company largely comes down to the GPL enabling fewer partnerships but some number of which that pay us, while Apache enables far more partnerships but few (if any) that pay us.

Puppet is primarily meant to be directly used by sysadmins. Switching to Apache, and hopefully seeing far more integrations and embedding, seems like a good trade-off. We give up business we might never have in exchange for relationships right now. Thus, the goal of ubiquity feels a bit closer.

I know this argument doesn’t persuade all of you, and I’ve already exchanged emails with one person who is convinced that this change means Puppet is no longer free software, but it is my sincere hope that we can quickly get back to writing and releasing software rather than talking about licenses. And, of course, it’s also my sincere hope that we see far more people embedding and integrating with Puppet.

As always, please contact me directly at luke@puppetlabs.com if you have any questions or concerns.

The needs and benefits of configuration management software (CMS) to manage environments have long been recognized, even before the explosion of system growth due to virtualization and cloud computing. “Towards a High-Level Machine Configuration System” was not the first paper written about configuration management, but it underlines the need for configuration management software existed as far back as early 90s. Due to the lack of viable solutions, early adapters in this field had to create various homegrown solutions ranging from make, bash, and perl scripts tied with version control software such as CVS to manage complex environments. Rolling your own configuration management tool may have made sense back when Linux fit on floppy disks and open source was a new vocabulary where there were no viable options. But today, there are compelling reasons to adapt and convert to a tool like Puppet rather than writing and maintaining an in-house configuration management tool. Why should you make the effort to migrate to Puppet from an existing solution?

1. The cost to develop and maintain the entire tool chain. It’s cost-prohibitive for organizations to write and maintain a custom configuration management tool due to the time and cost to develop and maintain the software as well as training users on the custom solution. The initial developer/admin is often the only expert on the internally developed software, and this creates a vicious cycle of difficulty for hiring people who can understand and extend the home grown tool, which is often neglected and no longer maintainable. This often leads to new staff rewriting the same solution in a new language to replace the existing tool.

2. The complexity to support multiple platforms and large environments. Scripts developed internally were rarely flexible enough to handle multiple platforms. The internally developed solution is often targeted for one platform, so it needs to be ported and rewritten for another operating system, or even a newer version of the existing OS. And as the number of systems grows, the homegrown tool (which is usually several tools chained together) will stress and often break as the environment scales. Puppet, which is supported on most Unix platforms, has been tested and proven in several large-scale infrastructures. Now with Puppet Enterprise, Puppet is scalable out of the box with full stack including Ruby along with Apache and Passenger.

3. Lack of user community and open source ecosystem. Very few of the tools developed internally have adapted a clear licensing policy, so it’s rare for them to be published, documented, and reused/adapted outside the organization. This severely limits the scope of the users, and the number of minds that can work on any problems that may come up within the system. Puppet is open source, and users have published modules to deploy applications and extend functionality at forge.puppetlabs.com. There are thousands of users on the puppet user mailing list and hundreds of active participant on freenode #puppet—which means countless resources to help anyone writing Puppet manifest or extending Puppet on their own.

If these reasons convinced you to check out Puppet, see our intro to Puppet documentation, and download Puppet Enterprise.

The new Ruby DSL for Puppet (available in 2.6.0 and later) has introduced lots of interesting new ways you can articulate Puppet code.  One of the more interesting new ways is the ability to mix and match Ruby code with the Puppet Ruby DSL.  I’m going to show you an example of this using stand-alone Puppet and a CMDB in a MySQL database. This probably isn’t something you’d do on a production host, rather you’d store this data in an external node classifier, but it shows what sort of extensibility is available.

I’ve assumed you’ve got Puppet installed on your host and that you’ve got a MySQL server running somewhere that we can add a database (and some data) to.  We’re going to start by installing the mysql gem that allows us to interact with MySQL databases in Ruby.

$ gem install mysql

You’ll need the MySQL development libraries to install the gem.  You can install these via your distribution’s packaging system, on Ubuntu for example the libmysqlclient-dev package needs to be installed.

Next, we’re going to sign into our MySQL server and create a database.

$ mysql -u root -p
mysql> create database cmdb;
mysql> use cmdb;
mysql> create table packages (id VARCHAR(2), name VARCHAR(40), version VARCHAR(20));
mysql> insert into packages values ( 1,"vim","2:7.2.330-1ubuntu4");
mysql> quit;

Here we’ve signed into MySQL, created a database called cmdb and a table called packages. We’ve then added just one package to our table: vim with a version of 2:7.2.330-1ubuntu4.

Now that we’ve got our CMDB (you’ve hopefully got a more sophisticated one…) we can use its data in Puppet. To do we’re going to write a Puppet manifest in the new Ruby DSL. Let’s start by creating a new file to hold our manifest.

$ touch packages.rb

You’ll notice rather than the usual .pp manifest file we’ve created a file with a Ruby or .rb suffix. This lets us and Puppet know that this is a Ruby DSL file. Now let’s put some code into our packages.rb file:

require 'mysql'
 
hostclass :packages do
  conn = Mysql.new('localhost', 'user', 'password', 'cmdb')
  pkgs = conn.query('select * from packages')
  pkgs.each_hash { |p| package p['name'], :ensure => p['version'] }
  conn.close
end
 
node 'default' do
  include 'packages'
end

You’ll notice we’ve created something that looks just like a normal Ruby program.

First required the mysql gem and then created a new Puppet class, called packages, using the hostclass block. Inside this class we’ve connected to our MySQL server, passing it the server, username, password and the database to connect to. We’ve assumed our server is located locally but you could easily specify a remote MySQL server. We’ve then selected all the records in the packages table and added the values to a hash called pkgs.

Taking this hash we’ve iterated through it, passing the results to a block. Inside our block is some more Puppet Ruby DSL, this time we’ve defined some package resources:

package p['name'], :ensure => p['version']

Each resource uses the name of the name and version fields from the packages table to create a new package resource. This is the equivalent of creating a standard Puppet package resource like so:

package { "vim":
  ensure => "2:7.2.330-1ubuntu4",
}

Lastly, we’ve closed the MySQL connection and specified that the packages class should be included in the default node.

Once we’ve saved this file we can use Puppet in stand-alone mode to run and install our packages:

$ puppet apply --verbose packages.rb
notice: /Stage[main]/Packages/Package[vim]/ensure: ensure changed 'purged' to '2:7.2.330-1ubuntu4'
notice: Finished catalog run in 0.51 seconds

Notice our results? Yep, Puppet happily installed the vim package at the required version. It did this by connecting to the MySQL database, retrieving the required data, creating a Puppet resource using the Ruby DSL, and then executing that resource and installing the package.

That’s just a small example of how powerful the new Ruby DSL (in combination with the power of Ruby itself) can be!

The team at Puppet Labs is really pleased to announce that MCollective has been included in the forthcoming Ubuntu “Natty” release. The packaging is due to hard work by the team at Canonical, the MCollective community, and the continuing efforts of RI Pienaar.

This is awesome news because it makes it easier for people running Ubuntu to get and use MCollective. The news also coincides with the release of  the 1.0.1 stable and 1.1.2 development releases of MCollective in the last week and the announcement of our first MCollective training session.

For earlier Ubuntu/Debian platforms also provide DEB packages (in addition to Red Hat RPM packages) for both the stable and development releases that you can download yourself!

James Turnbull, our Director of Operations, was interviewed for his FOSDEM 2011 talk, “DevOps – More than Marketing.” The full text of the interview can be found here.

A lot of Operations people have no idea about the benefits of automation, collaboration, adoption of some development practices, etc. My goal is to get more people to do Ops better. To do this I’m currently using the DevOps meme. If that doesn’t work or something that works better comes along then I’ll use that (too).

James is going to be at FOSDEM with fellow puppeteers Nigel Kersten and Cody Herriges. Be sure to stop by the Puppet Configuration Management DevRoom and say hi.

FOSDEM 2011

6 February 2011, 09:00 to 17:00, Brussels, Belgium

Contact: fosdem2011@puppetlabs.com

We will be holding a Configuration Management DevRoom at fosdem 2011 and
are requesting abstracts for structured presentations now.

Important information, dates:

• Submission deadline for abstracts: 2011-01-08
• Notification of accepted speakers: 2011-01-10
• Final schedule: 2011-01-11

About this DevRoom

Configuration Management is exciting! It is. Really. There is huge interest in automation, configuration management and especially PAAS, SAAS, IAAS and the cloud generally. We’re seeking people who are working the field, interested in the field, or just interested in learning more about how to make their lives easier with automation and configuration management.

We invite you to submit talks on these topics:

• Configuration Management theory principles
• Configuration Management tools – real world use cases
• Tools, techniques and case studies
• Configuration Management and the Cloud
• Configuration Management, Compliance and Security

NOTE: Puppet Labs is helping organise this room but we’re looking for talks on more than Puppet! We’re looking for CFengine, Chef, bcfg2, AutomateIT, and the myriad of other tools out there.

Your submission must include:

• Your name
• The title of your talk
• A short abstract of one to two paragraphs (150 words, max.)
• A short biography
• Links to related websites/blogs etc.

Send the abstracts here.

Presentations are to be formal and not longer than 30 minutes, plus 15 extra for questions (45 in total). Panels with more than one speaker are something we’re also seeking, a “My configuration management tools is the awesomest and I’ll debate that!” is possible, as are shorter presentations of 20 minutes. We’re also exploring some un-conference style presentations too.

The deadline for submissions is January 8th 2011. If your proposal has been accepted, you will be informed by email by January 10th 2011.

Please feel free to forward this call for abstracts and papers to relevant lists, people and sites. We’re looking forward to seeing lots of interested folks, have lots of spirited presentations, debates, discussion and … quite possibly drinking.