What is Puppet? Why is it used?

What is Puppet? Why is it used?

The concept of Configuration Management or CM talks about the different processes in Systems Engineering used for establishing and maintaining consistency of a product's performance, its functional and physical attributes with design and requirements, and the operation data throughout its lifecycle.

What is Puppet?

Puppet is an open-source Software Configuration Management and Deployment tool. It's mostly used in Linux Cloud environments to automate infrastructure, management of different servers, etc.

Puppet Architecture

image.png

Puppet uses a Master-Agent architecture in which the Master and Slave communicate through a secure encrypted channel with the help of SSL.

Puppet Master

Puppet Master is the Hub or the main node in the network of systems that handles all the configuration across systems. It is capable of applying different configurations to other nodes called Puppet Agents.

Puppet Agent

Puppet Agents are working machines in which different servers are set up for different use cases. These servers and their configurations are managed by the Puppet Master.


Use Cases

  • Server and Database Management

    Multiple Servers and Databases can be controlled in one place using Puppet.
  • System Configuration

    A key feature of Puppet is that multiple systems can be configured at once from the Puppet Master device.
  • Networking

    Due to Puppet's architecture, it can be used for secure networking and data transfer across systems.
  • Container Management

    Puppet makes it easy to integrate containers with existing IT infrastructure.

We now have a decent understanding of how useful Puppet can be. Let's try it out, shall we?


Real-life Task: Provisioning a LAMP Stack using Puppet

Have you guys heard about the LAMP Stack?

image.png LAMP stands for Linux-Apache-MySQL-PHP. It's a pretty famous PHP web stack used to create web applications. A very popular framework Laravel is based on this stack too!

Let's take up a small task, where we provide a LAMP stack to 2 different machines from one puppet master. So we connect the master machine to these two agents and then from the master machine, we run certain commands to install the dependencies for a LAMP stack (i.e. Apache, PHP, MySQL) from the same, onto these two agent machines.

Cloud Services to be used

  • AWS EC2

Login with your IAM account in the AWS Console and open up the EC2 Dashboard

Creating an EC2 Security Group

image.png

To ensure that all our master machine will be able to interact with its clients, we need some modifications to our Instance Security Rules. Under Network and Security, choose Security Groups.

Click on Create to create a new Security Group.

image.png

Under Inbound Rules, add two entries to allow all traffic via All TCP and SSH. Once done, apply the changes.

Launching 3 AWS EC2 Instances

image.png Back in the EC2 Dashboard, click on Launch Instance to launch our EC2 Instances. We'll be using 3 instances, 1 as our master and 2 agents. Enter 3 in the Number of Instances and change the AMI to Ubuntu 22.04 so that we get 3 Ubuntu Linux instances.

image.png

Create a new Key Pair or add a pre-existing one. You'll need the PEM file locally to be able to access the machine via SSH or you can simply connect to this machine using EC2 Instance-Connect.

image.png

Under Network Settings, instead of creating a new Security Group, choose the one we just created and click on Launch Instance to successfully launch all 3 of our machines.

image.png You can rename these machines for further convenience.

Connecting to an EC2 Instance via SSH

You can connect to your EC2 instance using EC2 Instance Connect directly on the browser, but I'm going to demonstrate a remote connection using SSH.

image.png

Open your Terminal and change your directory to the folder where your PEM file is located. In my case, it is in the downloads folder.

ssh -i EC2KeyFile.PEM ubuntu@YOUR_INSTANCE_PUBLIC_IP

Then, run this command to connect to your EC2 instance via SSH. You can find your EC2 Instance's Public IP address in the Details.

image.png

Click yes on receiving this prompt to complete the connection.

You need to do this process on all 3 instances individually.

Updating the Hosts File

Once we are done remotely connecting to all 3 instances, we can start working on them.

On ALL THREE machines, run the following commands.

sudo apt-get update -y
sudo nano /etc/hosts

image.png Nano will open the hosts file. In which, you have to add these lines in all 3 machines. Add your public IP addresses accordingly.

Use Ctrl + S to Save and Ctrl + X to Exit.

<IP_OF_MASTER> puppetmaster puppet
<IP_OF_Agent-1> puppetclient0
<IP_OF_Agent-2> puppetclient1

Installing puppet-server on the Puppet Master

Perform these commands only on the master machine.

# Download the Puppet Release
wget https://apt.puppetlabs.com/puppet6-release-focal.deb

# Use dpkg to add Puppet to the package list
sudo dpkg -i puppet6-release-focal.deb

# Update the Package Repository
sudo apt-get update -y

# Install Puppet Server
sudo apt-get install puppetserver -y

# Update Configuration
sudo nano /etc/default/puppetserver

## Change 2g to 200m or 300m to reduce memory usage

image.png

# Restart and enable puppetserver
systemctl restart puppetserver
systemctl enable puppetserver
# Check puppetserver status
systemctl status puppetserver

image.png

If you see this output, you're good to go.

Installing puppet-agent on the Puppet Agents

Run the following commands on both agent machines.

# Download the Puppet Release
wget https://apt.puppetlabs.com/puppet6-release-focal.deb

# Use dpkg to add Puppet to the package list
sudo dpkg -i puppet6-release-focal.deb

# Update the Package Repository
sudo apt-get update -y

# Install Puppet Agent
sudo apt-get install puppet-agent -y

# Start and Enable Puppet
sudo systemctl start puppet
sudo systemctl enable puppet

# Check Puppet Service status
sudo systemctl status puppet

image.png

If you see a similar output, the puppet agents are configured properly.

Validating Certificates

Now, we need to sign the certificate requests of these agents on the Master Machine.

On the master machine, run these commands.

## List CA Certificates
sudo /opt/puppetlabs/bin/puppetserver ca list

## Sign All Certificates
sudo /opt/puppetlabs/bin/puppetserver ca sign --all

image.png

image.png

This message means that the certificates were signed successfully.

Testing the connection

Run this command on the master to test the agents

sudo /opt/puppetlabs/bin/puppet agent --test

image.png

We've successfully connected two puppet agents to a puppet master. Next up, we'll be provisioning a LAMP stack from the master to the agents.

Writing a Manifest File for installing LAMP Stack Dependencies

Run these commands only on the master machine.

# Move to the production manifests' directory
cd /etc/puppetlabs/code/environments/production/manifests

# Create a new puppet manifest file lamp.pp
sudo nano lamp.pp

image.png

In this file, we'll write a manifest to install the dependencies for the LAMP stack. The code for the same is available on my GitHub repository.

Once done, save and close the file.

Applying the Manifest File Catalog

These steps are to be performed on the Master machine only.

# Change directory to puppetlabs/bin where the puppet executable is located
cd /opt/puppetlabs/bin

# Use apply to apply the manifest scripts
sudo ./puppet apply /etc/puppetlabs/code/environments/production/manifests/lamp.pp

image.png Once you get a similar prompt, you can go to the browser and check the public IP addresses of both agent machines.

Results

URL: <PUBLIC_IP_ADDRESS_AGENT_1>

image.png

URL: <PUBLIC_IP_ADDRESS_AGENT_1>/info.php

image.png

You can also similarly check the public IP address of agent-2 for the same results.


Thus, we learned how to use Puppet, a Configuration Management tool that can be used to provide software and setup across systems in an interconnected cluster.

Thanks for reading, I hope you liked working with Puppet. Until next time, take care, peace :)

Did you find this article valuable?

Support Sreekesh Iyer by becoming a sponsor. Any amount is appreciated!