PuppetDB is the next-generation open source storage service for Puppet-produced data. With the initial 1.0 release in September 2012, it provided a high-performance system for capturing all of the catalogs and facts for your Puppet nodes. It could be used as a drop-in replacement for the Puppet inventory service, and for the first time gave users a fast and scalable way to take advantage of Puppet storeconfigs and exported resources.

But you already know all of that, because you’re already using and loving PuppetDB, right? On the off chance that you’re not, take a peek at the “Learn More” section at the end of this document. There you’ll find links to an introductory video, blog post, and other info about getting started with PuppetDB.

Today we’re excited to announce the next major release of PuppetDB: version 1.1. There are quite a few new features, but the main theme is to empower you to do even more with your Puppet data. To that end, we’ve exposed a much more robust query API. We’ve also provided some more user-friendly HTTP routes, improved performance, and introduced experimental storage for Puppet reports. We think you’re going to love these new features, so, without further ado, let’s have a look at each of them in a bit more detail!

What’s New in PuppetDB 1.1

Enhanced Query API

Version 1.0 introduced an HTTP query API that would allow you to search through your catalog and fact data from anywhere you like. Its main purpose was to allow us to provide a drop-in replacement for storeconfigs and the inventory service, but we’ve always aimed for it to offer much more than that. We’re storing all of this great data about your Puppet node population, and we want to absolutely maximize your ability to query it in any way that is useful to you! PuppetDB 1.1 makes a big leap forward on that front.

The HTTP query API is now versioned, so all of the PuppetDB query URLs should now be prefixed with a version string; for example: http://localhost:8080/v1/facts. The new, enhanced versions of the various queries are available under the new /v2 endpoints, but the original versions are still accessible under /v1. (Accessing the query endpoints with a URL that does not contain a version number is considered deprecated, but will currently route you to the /v1 endpoints.)

Improved Fact Query

In PuppetDB 1.0, the facts endpoint could only be used to retrieve the set of facts for a given node. In 1.1, the new /v2/facts endpoint supports a full query language, similar to the one supported by the resources endpoint. So, for example, you can now issue a query like this:

  ["and",
    ["=", "name", "operatingsystem"],
    ["=", "value", "Debian"]]

which will return all of the operatingsystem facts for all of your Debian nodes. For more info, check out the v2 fact query documentation.

Subqueries

One of the most powerful features of PuppetDB 1.1 is the introduction of a subquery operator. This basically allows you to “join” two queries together; so you are able to, for example, construct a single query that considers both facts and resources. This gives you the ability to answer a question like “what are all of the IP addresses of the nodes that have class ‘Apache’?” Without subqueries, if you wanted to get this data, you’d need to execute a resource query to find all of the nodes, and then execute a fact query for each of the nodes to get the IP addresses. Now you can do it all in one shot!

Here’s what that query against /v2/facts might look like:

["and"
 ["=" "name" "ipaddress"]
 ["in" "certname"
  ["extract" "certname"
   ["select-resources"
    ["and"
     ["=" "type" "Class"]
     ["=" "title" "Apache"]]]]]]

which might yield some results like this:

[ {
 "certname" : "foo.example.com",
 "name" : "ipaddress",
 "value" : "192.168.100.102"
}, {
 "certname" : "bar.example.com",
 "name" : "ipaddress",
 "value" : "192.168.100.103"
} ]

The subquery syntax can be a bit tricky at first, but it opens the door for building some very expressive queries. The most common use case will be to join fact and resource queries, but it is also possible to do resource-resource subqueries, fact-fact subqueries, or even nest subqueries. For more info, check out our query API tutorial, the documentation on query operators, or the documentation for the resource and fact query endpoints.

Regular Expressions

Sometimes an admin just needs to find all of their /foo.*/ nodes, right? The v2 query endpoints add support for a regular expression operator: "~". This means that you can now do a fact query like this:

  ["and", ["=", "name", "ipaddress"], ["~", "certname", "foo.*"]]

And, voila, you’ll have all of the IP addresses for all of your nodes whose names begin with foo. (You can use this operator in other queries besides fact queries as well.)

Improved Node Query

In previous releases of PuppetDB, the node query endpoint only returned a list of node names. If you ran a node query to find some nodes that matched a certain set of conditions, and you wanted to get some additional status info about those nodes, you’d need to submit some additional follow-up queries to the status endpoint. In v2, all node queries return data that looks like this:

[ {
 "name" : "foo.mydomain.net",
 "deactivated" : null,
 "catalog_timestamp" : "2013-01-08T23:43:24.330Z",
 "facts_timestamp" : "2013-01-08T23:43:12.580Z",
 "report_timestamp" : "2013-01-08T23:43:50.000Z"
}, {
 "name" : "bar.mydomain.net",
 "deactivated" : null,
 "catalog_timestamp" : "2013-01-08T23:38:21.099Z",
 "facts_timestamp" : "2013-01-08T23:38:07.280Z",
 "report_timestamp" : "2013-01-08T23:38:37.000Z"
} ]

This should be more useful for tasks such as monitoring.

RESTful Query Routes

Most of the v2 query endpoints now support adding additional path elements to the URI, to provide a slightly more intuitive way of expressing common queries (rather than using the somewhat more verbose query parameter syntax). So, for example, if you wanted to get all of the operatingsystem facts for all of your nodes, you could do it this way (ignoring URL encoding issues for simplicity):

  /v2/facts?query=["=", "name", "operatingsystem"]

But in PuppetDB 1.1, you can now also use this shorthand:

  /v2/facts/operatingsystem

You can still pass the query argument when using these new friendlier endpoints, so you are still able to leverage the full power of the query API:

  /v2/facts/operatingsystem?query=["=", "certname", "foo.localdomain"]

Here are some other examples of the new, friendlier query URLs:

  /v2/facts/operatingsystem/Debian : Find all facts named "operatingsystem" whose value is "Debian" across all nodes
  
  /v2/resources/Package : Find all resources of type "Package" across all nodes
  
  /v2/resources/Package/postgresql : Find all resources of type "Package", with title "postgresql", across all nodes  
  
  /v2/nodes/foo.localdomain : Find the node named "foo.localdomain"

  /v2/nodes/foo.localdomain/facts : Return all facts for the node named "foo.localdomain"
  
  /v2/nodes/foo.localdomain/resources : Return all resources for the node named "foo.localdomain"

(This is not an exhaustive list. For complete documentation see the node, facts, and resources query documentation pages.)

Experimental Storage

One of the most frequently requested features for PuppetDB has been for us to allow storage and querying of Puppet report data. With PuppetDB 1.1, we’ve taken our first big step towards providing this functionality. We don’t yet support any advanced querying of reports, but by simply adding the puppetdb report processor to your Puppet master’s configuration, you can store all of your report data in PuppetDB and access it via a simple HTTP retrieval API. When this feature is enabled, the latest seven days worth of reports will be stored. This time period is configurable, so that you can make your own decision about the right balance between disk usage and how much history you’d like to retain.

So, why “experimental”? Basically, we recognize that the current API for “querying” reports is not complete enough to do a lot of the things that users will want to do with it. (It really is just a “retrieval” API at this point.) However, since the report storage code was ready to go–and provides some value even without a robust query API–we didn’t want to miss the opportunity to go ahead and get it into the hands of users. It will also give you a chance to kick the tires a bit and get a feel for what is coming down the road, in case you have any suggestions or input on the direction we’re heading with it.

For more information about enabling report storage, see the Puppet master configuration documentation; for more info about the HTTP retrieval API, see the docs for the experimental reports and events query endpoints.

Improved Performance

We’ve made a few tweaks under the hood relating to how we de-duplicate catalogs and cache data about them. In our testing, we’ve seen a significant decrease in the amount of time that it takes to “warm up” the cache and store the first catalogs for each node after a restart. We’ve also noticed some improvement to the performance of catalog storage overall. Your mileage may vary depending on what your catalogs look like, but hey, faster is better, right?

What’s Next?

We’re working hard to keep cranking out new features and make sure that you consider PuppetDB to be an indispensable part of your Puppet ecosystem. Here are a few things that you can expect to see in the not-too-distant future:

• Improved report query capabilities: we know that we haven’t yet scratched the surface of what users would like to be able to do with reports, so expect to see drastic expansion of the report query API in a future release.
• PuppetDB bundled with Puppet Enterprise: we intend to deliver an absolutely seamless, dead-simple, out-of-the-box experience for leveraging the power of PuppetDB in Puppet Enterprise environments.
• Capture data about Puppet modules: in an upcoming release of Puppet core, we’ll be adding more information to catalogs about what module (if any) each class or resource was defined in. We’ll also capture that data in PuppetDB, and extend the query API to allow you to include module information in your queries.

Tell Us What You Think!

We think that PuppetDB is really cool. But at the end of the day, it’s not what we think that keeps the lights on over here at Puppet Labs — it’s what you think. So, if you have an opinion on any of our current features or suggestions to help us shape and prioritize features for upcoming releases, we really want to hear from you! Here are some great ways to get in touch with us:

• Sign up to be a Puppet Test Pilot! You’ll get free goodies as a reward for your participation if you are able to volunteer a few minutes of your time to tell us what you think about prototypes of upcoming features. We did a lot of user testing around the new query API prior to this release, and we hope to do a lot more in the future. The upcoming reports query API is a likely candidate for this!
• Ping us on IRC: we’re usually online in #puppet on freenode. Just mention ‘puppetdb’ and you’re pretty likely to get a quick response.
• Send an e-mail to the puppet-users or puppet-dev mailing lists.

Learn More

Here are some good resources for learning about and getting started with PuppetDB:

• Deepak Giridharagopal’s Intro To PuppetDB talk from PuppetConf 2012
• Nick Lewis’ Introducing Introducing PuppetDB blog post
• PuppetDB official documentation
• Puppet “Module of the Week” blog post on the PuppetDB module, which can help you get PuppetDB up and running in no time

Well, we survived a faux apocalypse and 2013 is upon us. This is that special time of year when we reflect on what really happened over the last 12 months and what we hope to accomplish in the next 12.

Internally we’ve refocused some teams, shifted people around, and grown staff levels. Heck, the (delivery) team I run didn’t exist 12 months ago. So, in the past year, what has happened that you, the user, care about?

Puppet Labs shipped 143 separate releases of product in 2012. This excludes modules on the Puppet Forge, and Puppet Forge releases themselves. I was astonished when we started tracking this metric where we were at. It doesn’t seem like we ship that much, but when you have an array of projects, including Puppet, Facter, MCollective, Puppet Dashboard, Hiera, hiera-puppet, puppetlabs_spec_helper, PuppetDB and Puppet Enterprise, it starts to add up.

Between those projects and cutting release candidates for them, you’ve got something like 2.77 releases per week from Puppet Labs. Wow. Early in 2012, we didn’t package up every release candidate; we just made tarballs and put them up on the website. In the middle of May, however, we began automating more of our packaging and uploading processes to launch the release candidate repositories. This now means packaging (Mac, Windows, RPM, Deb, Rubygems) of preview release software, as well as final releases. Our goal wit that was to get more people trying the next thing coming out of Puppet Labs. It worked.

Puppet Labs’ first major release for 2012 was Puppet Enterprise 2.5, which launched in March. It introduced Windows support, added in the Puppet Module Tool to Puppet, and included role-based access control to the Puppet Enterprise console.

April saw the launch of MCollective 2.0, which added speed enhancements, better security features around STOMP, command chaining, JSON output, and a batch mode to run commands in smaller groups and eliminate all thundering-herd problems.

PuppetDB was released in the middle of May. This was a really exciting and interesting piece of technology for anybody in the Puppet ecosystem. First off, it was designed with APIs in mind from the ground up. It was backward compatible with the storedconfig interface. PuppetDB was also our first real project not to be primarily in Ruby. The end result, though, was fantastic. Speed was the primary feature, but you’re just beginning to see the feature-rich solutions that can be built using PuppetDB as a backend.

Shortly after Puppet Enterprise 2.6.0 was released — which added authentication options to the Puppet Enterprise console via LDAP, Active Directory and Google Apps — came my favorite time of year: PuppetConf 2012. PuppetConf was bigger and better than ever this year. We had several awesome write-ups of Conf from this year. I can promise you one thing, if you weren’t there, you’re going to want to be in 2013.

PuppetConf was a success basically any way you measure it. Besides launching the Puppet Certification Program, PuppetConf also saw us push on the platform-side of development quite a bit. PuppetDB launched 1.0 just before the conference kicked-off. And if you weren’t completely blown away by the awesome talks from Gene Kim, CERN, VMware , GitHub and SpaceX, there was more…

Puppet 3.0.0 finally made it to the hands of our users the Friday of PuppetConf. Puppet 3.0.0 was great. It was faster, so much faster. It also supports Ruby 1.9.3. Data-binding through Hiera were rolled into the core of Puppet 3.0. Tack on lots of bug fixes, better support for Solaris and Windows and you’ve got an all-around great release.

The rest of 2012 saw us ship many bug-fix and feature releases of every product in our library.

We also stepped up our game on the Puppet Forge. In June, we crossed the 400-module mark on the Forge. Today, we have 726 (as of *right* now). We created a product team for the Puppet Forge and I hope you’ve noticed some awesome changes. Module pages show if they have any issues at GitHub, module download counts, and the front page has been reworked to show you what’s new and who’s frequently putting fresh content on the Puppet Forge.

The number of Puppet Camps we hosted also grew exponentially this year, from one in 2011, to 14 in 2012. We had camps all over the world — Atlanta, Edinburgh, Stockholm, Amsterdam, New York, Los Angeles, Dublin, Geneva, Chicago, Nuremberg, Sydney, Kuala Lumpur, Boston and Singapore — and the demand for them continues to grow. Check out some of the cities we already have lined up in 2013.

I hope 2012 was awesome for you as a Puppet user. With new releases and better content, there hasn’t been a more exciting time to automate your infrastructure. We had high expectations for ourselves in 2012. We have a much higher bar for ourselves in 2013, which should mean good things for you.

Learn More

• Keep up with the latest from Puppet Labs by subscribing to our newsletter

PuppetDB is the next-generation open source storage service for Puppet-produced data. Today, this includes catalogs and facts, and will be extended in the near future. The initial release provides a drop-in replacement for both storeconfigs and inventory service.

We’ve designed PuppetDB to empower Puppet deployments, and built it from the ground up with performance in mind. It’s built on technologies known for their performance, and is highly parallel, making full use of available resources. It also stores all of its data asynchronously, freeing up the master to go compile more catalogs. Beyond that, we’ve devoted copious time to benchmarking and optimizing the performance.

Why PuppetDB?

The most immediate benefit of PuppetDB is improved performance for storeconfigs users, but even for others, it has a lot to offer. As a centralized store, PuppetDB knows about every node, resource, relationship, and fact across your entire infrastructure. All this information is easily queryable, so you can integrate it into your tools and workflow, or just satisfy your curiosity. It also provides a platform on which powerful new tooling will be built.

And if you’re not using storeconfigs, you should be. At its heart, storeconfigs can be thought of as “higher-order Puppet.” It’s a way for multiple nodes to interact with each other through Puppet, which is an immensely powerful feature. In any case where one node knows what another node is doing, storeconfigs may help.

For instance, storeconfigs can be used to configure a monitoring service, without knowing upfront any of the nodes or services being monitored. Each node to be monitored can simply define what ought to be checked, and those checks can be collected on the node doing the monitoring. Or it can be used to share SSH authorized keys, by having each node export its key, and collect everyone else’s.

Built for performance

Let’s talk about performance. I told you it was a key design goal, but just how much faster is PuppetDB than the existing solution? To find out, I ran an experiment against the old, ActiveRecord storeconfigs implementation.

I compiled and saved a catalog of 650 resources, using an initially empty PostgreSQL database. Compilation took 5.6 seconds. With nothing in the database, it took 53 seconds to store the catalog. That’s brushing right up on the agent’s timeout, risking an outright failure. With the database now primed, I submitted the same catalog a second time, unmodified, which took 4 seconds.

To find out how PuppetDB performs, we have much more information available to us. The service is highly instrumented to keep metrics on every aspect of its performance, all of which is made available over HTTP and JMX.

This is the PuppetDB dashboard, which uses the HTTP metrics API to give an overview of the current state of the system. The dashboard comes built-in, and updates live, even on your mobile device! Taking a look at this screenshot (taken from our internal PuppetDB instance), we can see the backlog of work, how long command processing is taking, how much work has been done, how large the database is, and much more. And yet this is still only a small subset of the metrics we track and make available.

In particular, we see that the queue is empty, meaning PuppetDB is keeping up with demand. Looking at the number of nodes and resources in the population, we can easily calculate that the average size of a catalog is ~670 resources. The average time to process a command is 394ms. This is around 130x faster than the worst case time of old-school storeconfigs, and 10x better than the case where catalogs are already present. We also see that PuppetDB is responding to storeconfigs queries in only 65ms.

Admittedly, these numbers are somewhat incomparable; for instance, the very first catalog stored in PuppetDB may take some extra time, but catalogs which are unchanged will be negligible. But this gives some indication of the improvement we’re talking about. It’s also important to note that all of this storage is asynchronous, freeing up the master to continue serving catalogs. Previously, the master would have been occupied waiting for storeconfigs.

Reliable data store

So we can see that PuppetDB stores your data more quickly, but what about the data itself? After all, that’s what you really care about. PuppetDB makes a few promises about its data: it will be complete, it will be accurate, and it will be current.

Every aspect of the catalog is stored, including edges and unexported resources, which are omitted in old storeconfigs and the popular thin_storeconfigs mode respectively. Nuances of the catalog like resource aliases are also respected, ensuring that every resource and edge is present and accurately represented.

It’s downright difficult to lose your data with PuppetDB. It takes great care not to let that happen, by accepting it into a persistent queue, and trying up to sixteen times (even across service restarts) to handle the command, ensuring that if the data is good, it will make it into the database. And if it somehow still doesn’t make it in, the command will be saved away with plenty of forensic data for later investigation and reprocessing.

In that vein, when configured to use PuppetDB, Puppet will refuse to serve catalogs if PuppetDB is down and the catalog can’t be persisted. This means the data PuppetDB has will always be current; an agent will never use a catalog that PuppetDB doesn’t know about.

And it’s secure. All communication between the puppet master and PuppetDB happens over SSL, authenticated with the same certificates as used for communication between puppet master and agents. Similarly, if PuppetDB and its database are separate, it’s a simple matter to secure their connection.

Plays well with others

PuppetDB is a key component of the Puppet Data Library, and brings that to bear in its query API. Resources, facts, nodes, and metrics can all be queried over HTTP. For resources and nodes, there is a simple query language which can be used to form arbitrarily complex requests. The public API is the same one that Puppet uses to make storeconfigs queries (using the <<||>> operator) of PuppetDB, but provides a superset of the functionality provided by storeconfigs. The API is fully documented and versioned, for use in scripts, Faces, or custom Puppet functions.

PuppetDB is faster, smarter, and has more complete data than ever before. If you’re a current storeconfigs user, there’s no reason not to try it out immediately. If you don’t use storeconfigs (and especially if performance was the reason), now is the time to start. We know that storeconfigs, while being a powerful and important feature, has historically been a pain point for users. One of the goals of PuppetDB is to alleviate that and personally, I want a world in which everyone uses storeconfigs and loves it. PuppetDB offers great power over and insight into your infrastructure, and it’s only going to get bigger and better.

Learn More

• Download the open beta of PuppetDB from our APT repository, YUM repository, or GitHub.
• Read the PuppetDB documentation.
• Open tickets on the PuppetDB project.
• Come see Deepak Giridharagopal talk in-depth about the development and design decisions, and ask all your usage questions this Saturday at Puppet Camp Los Angeles.

I am proud to announce the release of the next major production version of The Marionette Collective (MCollective). This release brings together almost a year’s worth of work and introduces great improvements in security, stability, platform support and new features in the core messaging layer.

The major areas of advance are below:

• Complete messaging protocol rewrite to enable direct style connectivity that would allow programs to bypass normal discovery instead using their own data sources
• An additional more robust messaging paradigm supporting a more assured addressing and delivery scheme
• Batched mode allowing users to address machines in small groups thus avoiding thundering herd and enabling more granular changes
• A more complete language for expressing discovery that includes and/or/not style queries across the infrastructure
• Improved Stomp connection security using normal industry standard Certificate Authority validated TLS
• New connector that uses ActiveMQ-specific features for better performance and scalability
• Security of the SSL and AES security plugins have been improved for tamper protection by middle men
• A message validity period has been introduced to lower the window of message replay attacks
• Better error handling and better logging for Stomp connections
• JSON output from the ‘rpc’ application
• Ability to pipe RPC requests into each other creating a chain of related RPC calls
• Better validations, better error handling and better documentation creation from the DDL
• Performance improvements in the CLI, more consistently formatted output of received data
• A Ruby GEM of the client is now made available on rubygems.org
• The rc script for Debian based systems have been improved to prevent duplicate daemons from running
• Built in packager for plugins into native OS packages—RedHat and Debian supported
• MS Windows Support

The full release notes for this release expands on key areas of the above list and you can download this release from our download area, Yum repository or our Apt repository.

I’m proud to announce the release of Puppet Enterprise 2.5, downloadable right now and free to use on up to 10 nodes.

Just over a year ago, in February of 2011, Puppet Labs released our first commercial product, Puppet Enterprise. We were about 25 people at the time, and our revenue up until then consisted of training, services, and support for our open source Puppet project. That release taught us a lot, and it was our first major step in moving us to a product company.

In the intervening year, a lot has happened. We’ve put out a minor (1.2) and major (2.0) release of Puppet Enterprise and announced another round of funding, led by Kleiner Perkins and including new investors VMware, Google Ventures, and Cisco. Along with others, we’ve continued to push DevOps and its transformation of IT operations from a cost center to a source of competitive advantage. In addition, we’ve grown from 25 to 75 people. It’s been a crazy year, but it’s been a great year.

It looks like this quarter is going to be a pivotal turning point at Puppet Labs, so I’m proud to have a release close the quarter for us. As of this morning, you can download Puppet Enterprise 2.5, an update to our major release last fall with some great new capabilities.

The first major new capability is support for Windows. With this addition, Puppet Enterprise and Puppet provide the widest platform support of any IT automation product. We have commercial support for the major Linuxes like RHEL, SuSE, and Debian, plus Solaris, and now Windows, and Puppet runs great on OS X, FreeBSD, AIX, HP-UX, and basically every Linux distribution, such as Gentoo and Arch.

The big benefit to this support is that system administrators can now use a single configuration language and platform across their entire infrastructure. With our support for Cisco and F5 devices, you can even get to the network layer for some problems. You can also build Puppet configuration modules that will work identically across both Linux and Windows machines.

Speaking of modules, the next major update is that Puppet Enterprise 2.5 includes completely revamped support for the Puppet Forge, our online configuration module marketplace. The Puppet Module Tool (PMT) user interface has been thoroughly redone, and it now also has support for dependencies. Just by installing PE you can find, download, install, and manage configuration modules from the Puppet Forge.

They have a saying in science that a couple of months in the laboratory can often save a couple of hours in the library, and this support should hopefully push people to spend a couple of hours on the Puppet Forge to save months of individual development. And with over 300 freely downloadable configurations spanning everything from MySQL and Apache to Hadoop and OpenStack, Puppet Forge has something for everyone. This dramatically shortens the amount of time you need to really solve an automation or deployment problem. In addition, you benefit from community-driven best practices, with all that shared code out there, rather than having to just rely on what standards you’ve developed internally.

Look for much more development on the Puppet Forge this year, and this is a great first step to demonstrating how we’ll be investing in it. We’re especially proud of the amount of design effort that went into PMT’s new interface. As I said at PuppetConf in 2011, we’ve become a design-driven company, and this new work is starting to show how that shift will affect the non-GUI aspects of our products.

The next Puppet Enterprise 2.5 capability is not all that large, but is very important. Puppet Enterprise is now shipping with role-based access control (RBAC). This has been asked for by nearly all of our customers, and we had to spend a lot of time simplifying and consolidating our GUI platform in order to make it possible. There is still a lot of work to do simplifying Puppet’s whole security model, and the RBAC we’ve shipped is about as simple as we could make it, but you’ll find this to be very easy to use and, frankly, a bit attractive.

The last major piece of Puppet Enterprise 2.5 is built to take a lot of the capabilities and benefits of big data and allow our users to apply it to their infrastructure. And Puppet itself is a big source of data, producing for some customers more than 750 GB of information every day about status and change in their infrastructure. All this data can be great sources of additional insight and further automation.

We’ve wrapped everything in Puppet that has to do with data into what we’re calling the Puppet Data Library (PDL). This includes all of the data types in Puppet: The software and hardware inventory data, which tells you every host you’re managing and every package, service, user, or whatever that you’re managing on them; the run reports, whether enforcement mode where you’re actually changing machines or simulation mode where you’re just seeing what a configuration would do without modifying the system at all; and the configuration graph, which includes all of the software inventory, plus all of the dependencies between them.

In addition to the data types themselves, the PDL includes completely open formats. These are primarily JSON, with some YAML, and the configuration graph can easily be converted to ‘dot’ format that is readable by graph applications like OmniGraffle, GraphViz, and Visio. This allows you to inspect your configurations, confirm they are built as you expected, and make simple optimizations that without this visualization might be impossible.

Beyond the data and formats, the Puppet Data Library includes our open RESTful APIs. These are the exact same APIs that we build our own applications on, so we’re confident they’re sufficient to build great applications.

The PDL’s combination of open data, open formats, and open APIs is very powerful. Our users are already doing interesting things with it, like building automated reports that take serial numbers from the hardware inventory and query the hardware vendor’s API to determine whether any warranties have run out. We’re also building all of our commercial applications on the PDL; the best example is Puppet Enterprise’s compliance application, which we shipped in Puppet Enterprise 1.2. It uses standard types and interfaces from the PDL, and builds a new workflow and interface with a focus on auditing rather than on management.

While Puppet Enterprise 2.5 is a minor release, it’s a very big release for us, and it’s one we’re very proud of. It also does a great job of laying the groundwork for our upcoming releases. You should be able to almost predict our direction based on where we’ve spent time here, and we hope you’re pleased with the effort.

- Luke

Learn More

• Download Puppet Enterprise 2.5 – it’s free for use up to 10 nodes
• Sign-up for a Puppet Enterprise 2.5 LIVE technical webinar & demo
• Join our Puppet Enterprise 2.5 LIVE technical Q&A on Twitter #puppetize on Wednesday, April 4th, 11am PT
• Check-out the Puppet Enterprise 2.5 docs

We’re pleased to announce the availability of Puppet Enterprise 2.0, a major new release of our powerful yet easy-to-use IT automation software for sysadmins to discover, configure, and manage their infrastructure, on-premise or in the cloud.

Download it here now.  You’ll be up-and-running in less than 5 minutes, and you can manage up to 10 nodes for free.

We’ll be holding live webinars starting today Wednesday, November 16, with our product team to cover the details of the major new capabilities:

• GUI – visually discover, clone, and manage resources
• Cloud Provisioning – create and configure nodes in VMware or Amazon Web Services
• Orchestration – apply simultaneous updates to clusters of nodes with a single command
• Compliance – monitor resources and track changes against a desired-state baseline

These new capabilities provide sysadmins with the agility, portability, and insights they demand for managing today’s dynamic infrastructures.  To learn more, sign-up here now to reserve your spot in one of the webinars – “seating” is limited!

Finally, members of our product team will be demoing Puppet Enterprise 2.0 at LISA in Boston December 4 – 9.  Swing on by, say hello, and check-out Puppet Enterprise 2.0!

Puppetize early and often,

- The Puppet Labs Team

Additional Resources

• Download Puppet Enterprise 2.0 here
• Puppet Enterprise 2.0 Overview
• Sign-up here for Puppet Enterprise 2.0 live webinars
• Puppet Enterprise 2.0 Product Brief

Our first annual PuppetConf, held last week here in Portland, was a remarkable event. Over a thousand of you attended or watched the live stream. Here are some other bits I’d like to share:

• If you attended the conference, or live streamed it, we’d appreciate your feedback on our survey. You could win a $100 Amazon gift card, and a free ticket to next year’s conference.
• PuppetConf had just over 1200 participants—300 in attendance and 900+ streaming around the world.
• Our DevOps track was viewed by 607 participants, plus our in-house audience, which, as far as we can tell, makes it the largest DevOps event ever.
• Our live stream included participants from 27 countries which, combined, represents viewership from every continent.
• Puppet Labs announced Puppet Enterprise 2.0, you can sign up now to be notified when the GA release is available.

Last but not least, thanks to all of our sponsors who helped make the conference possible. Keep an eye out for our date announcement for next year. If you missed our presentations we’ll be posting slide decks and the video content very soon.

And now, PuppetConf in pictures:

Puppet Labs CEO, Luke Kanies, delivers the keynote address on day one.

We’re pretty proud of these badges. Not only did each one have a QR code that linked to the schedule, we gave people details about social events, places to eat and how to get around Portland on public transit.

Our product manager, Nigel Kersten. You have no idea what he went through to look like this.

Eucalyptus CEO Mårten Mickos delivers his talk on Open Source and The State of Enterprise Private Clouds.

That’s our executive team in a DevOps Cafe interview with Damon Edwards (far left) and John Willis (far right) from DTO Solutions.

Voodoo Donuts. Mmmm. Donuts.

And that’s Jose, with Jasper Poppe of eBay, NOT freaking out about a crushed network cable 10 minutes before the opening keynote (which did happen, a good story for another time).

This morning at PuppetConf Luke Kanies, our founder & CEO, announced a major update of our commercial product, Puppet Enterprise 2.0. As with the first commercial release of Puppet in February this year, our goal behind Puppet Enterprise 2.0 (“PE 2.0”) is to give sysadmins powerful yet easy-to-use IT automation tools to deliver applications faster, manage infrastructure more efficiently, and get actionable insights. We’re obviously excited to see the release take shape and wanted to share the four major new capabilities, all built upon Puppet’s model-based configuration management platform.

First up is the new GUI. Before PE 2.0, in order to use Puppet sysadmins had to learn the Puppet DSL and CLI commands. Not hard, and certainly easier than the alternatives, but still something which stood between them and solving the problem at hand. The new GUI leapfrogs this and, immediately after install, allows them to quickly, visually discover and identify resources in their infrastructure, radically reducing time required to diagnose and solve problems.

Next there’s the new orchestration capability. When confronted with a critical update, such as patching a zero-day vulnerability, sysadmins often have to scramble, logging in to each node to investigate and remediate. With the new PE 2.0 GUI, sysadmins query the state of all infrastructure nodes in parallel. Then, with a single command, they can orchestrate simultaneous updates to all vulnerable nodes and receive one report of the aggregated results. This ability to graphically execute commands simultaneously on a handful of nodes — or an entire data center — provides sysadmins with a powerful, efficient tool for managing change.

And while changes are a fact of life in dynamic IT environments, the new compliance functionality in PE 2.0 helps sysadmins gain better insight into the nature of those changes. Again using the PE 2.0 GUI, sysadmins establish a baseline of the desired state of all infrastructure resources, whether actively managed by Puppet or not. Then, as the infrastructure evolves, they can visually track changes to this desired state, who made them, and when. In addition to supporting change management policies or the requests of auditors, this functionality allows sysadmins to identify resources needing active management, providing a path for gradual, incremental expansion of the automation footprint.

Rounding out the release is the new provisioning capability, initially for Amazon EC2 and VMware. It’s true that Puppet is already being used to configure and manage tens of thousands of nodes in both environments. However, given the agile nature of VM and cloud deployments, our customers were asking for a single command which would quickly create new, fully-configured VM or cloud infrastructure capacity. Not only does this capability reduce the friction of deploying to these environments, by leveraging existing configurations it also provides incremental return.

GUI, orchestration, compliance, provisioning. By integrating them together on our configuration management platform, our intent is for the whole to be greater than the sum of the parts. What this means is that sysadmins can incrementally grow their automation coverage at their own pace, starting as simple as managing a single file across tens of nodes and scaling to fully-automated private and public cloud infrastructures. And regardless of the degree of automation, each additional step enables sysadmins to deliver business results faster, with higher quality and more efficiency, than before.

But don’t take our word for it — try it yourself. Puppet Enterprise 2.0 will be generally available Friday, October 21, Update: new PE 2.0 availability date 11/14 due to security vulnerability. and you can configure and manage up to 10 nodes for free. Register here to receive an email with links to the tarball and docs once they ship.

Automate early and often,
— The Puppet Labs Team

Additional Resources

• Puppet Enterprise 2.0 Overview
• PE 2.0 Press Release
• PuppetConf LIVE Video Stream
• Register to receive the PE 2.0 tarball and docs

Today we’re excited to announce Puppet Enterprise 1.2 with two great new features that give you the intelligence you need to prove you’re in compliance with your change management processes.

With Puppet Enterprise Compliance you set a desired-state for each of your systems and monitor them for any changes, right from our web-based Dashboard, creating a baseline. You’ll be alerted to changes on monitored nodes and you choose to accept or reject each change. Accepted changes will become part of the baseline, and rejected changes will still show up in Dashboard until you manually update the node to your desired state. This helps you create a maintenance to do list, ensuring nothing slips through the cracks.

There are lots of different times this type of monitoring and insight is important. If you have a tremendous amount of change in your environment Puppet Enterprise Compliance monitors priority resources, giving you the agility to act immediately on unapproved changes. Compliance also allows you to track spent time and resources on unmanaged resources that go through periodic, high-volume change, indicating when these troublesome resources are ready for Puppet’s continuous automated management.

With Puppet Enterprise Compliance you can:

• Confirm changes are in compliance with change management policies
• Identify unauthorized or unexpected change
• Improve visibility and enforce accountability across the enterprise
• Reduce unplanned downtime and improve mean time to repair
• Gather data to track IT resources and costs
• Monitor systems under consideration for Puppet automated management

And with Puppet you’re not limited to auditing just content and metadata of files, like other monitoring software. Using built-in Puppet resource types you can also audit user accounts, packages, services, cron jobs, or anything else that Puppet manages. You can even write plug-ins to monitor your custom resources.

Also with this Puppet Enterprise 1.2 release, we’ve solved another compliance headache when it comes to managing user accounts. Puppet Enterprise now has the built-in capability to support best practices for user account management and ensure compliance with internal policies. With Puppet you can assess and make changes on all of your machines with one command, without the availability risks you find in central directory software. Puppet even manages SSH keys for password-less access, using public and private keys instead of insecure passwords. And Puppet records all account changes, creating an auditable trail and ensuring internal change management policies are followed.

Puppet Enterprise user account management now makes it easier to:

• Perform required periodic password changes
• Provision a new user
• Grant user access
• Revoke user access
• Remove a user from the database
• Grant limited access to a user, as in giving someone permission to reboot a web server but not permission shut down the machine

Find out more about components included in this release in the Puppet Enterprise FAQ. 

To see PE 1.2 in action register for Introduction to Puppet Enterprise 1.2 Live Webinar this Wednesday, August 31 at 11 am PDT.

Want to try Puppet Enterprise 1.2 for yourself?

Download Puppet Enterprise 1.2 now and start managing 10 nodes for free.

Puppet 2.7.0 is available. This is a feature-based release for the Puppet project. This release incorporates several key new features, hundreds of bug fixes and enhancements, and a lot of input from the community. We went through four release candidates on Puppet 2.7.0 and appreciate all the feedback, bugs, questions and ideas that made Puppet 2.7.0.

First things first: You can download Puppet 2.7.0.

The release notes cover thoroughly what’s new, what’s changed and what’s improved with Puppet. I’ll highlight some of my favorite features, coming from a system management prospective. We’ve had a few blog articles already about some of the API enhancements, including Faces.

License Change

As previously mentioned, in 2.7.0 we changed the license of Puppet to the Apache Software License Version 2.0.

Ruby 1.9 Support

2.7.0 is the first version of Puppet to support Ruby 1.9. We’ve targeted 1.9.2 and higher versions. There are still a few known issues, but bugs are being aggresively fixed with Ruby 1.9 and it’s now a first-class citizen on our Continuous Integration system.

Deterministic Catalog Application

Previously, Puppet didn’t guarantee the application of a catalog of unrelated resources in any particular order. This meant that if you forgot to specify some important `before` or `require` relationship, a single catalog might work fine on eight nodes and then fail mysteriously on the ninth and tenth. This could be frustrating! Now it’s gone: Puppet will make sure that the same catalog will always be applied in the same order on every machine, and it’ll either succeed reliably or fail reliably. (This change will also be appearing in the final 2.6.x releases.)

Manage Network Devices

Puppet has new types for managing network hardware, and a new `puppet device` subcommand for applying these configurations. These are in their early stages and can currently only handle Cisco IOS-based hardware, but they’re the start of a big leap forward in Puppet’s ability to manage your entire infrastructure. Look a blog with more details of this functionality soon.

Deprecations

We’re starting the hourglass on a few older features:

• ‘puppet‘ as a synonym for ‘puppet apply‘ — Starting today, running `puppet my-manifest.pp` will issue a warning; you should start using `puppet apply` directly instead. Support for implicit invocation of puppet apply will be dropped in Puppet 2.8.
• Dynamic scope — We’ve started issuing warnings when variables or resource defaults are found via dynamic lookup. There’s more info and explanation in a guide on the docs site, but the short version is that you should start referencing variables with their qualified names instead of counting on dynamic scope. We hope to drop support for dynamic scope in Puppet 2.8.
• No more `–parseonly` option — This one’s already gone, because we used Faces to build a drop-in replacement: use `puppet parser validate [] [ ...]` instead.

Download Puppet 2.7.0