Kristian Glass - Do I Smell Burning?

Mostly technical things

Trying Out Puppet

Things recently had been a bit quiet on the development front, and when the opportunity arose to get involved in some more “operational” things, I jumped at it. Faced with a bunch of machines spanning production, development slush boxes, and office servers, a general desire to clean them up, consolidate a variety of services, and generally just apply some consistency.

The machines in question had had a varied and chequered history – most were hooked up to authenticate via LDAP but not all of them; some ran SUSE, most ran some version of Ubuntu; various nominally identical/similar/clustered machines had a whole range of differently configured sudoers and packages, et cetera.

I’d already heard a lot about Puppet, “an automated administrative engine for your *nix systems, performs administrative tasks […] based on a centralized specification.” and it sounded rather good. I took a brief look at Chef and Cfengine, which seemed to be the main competitors; Chef was discounted because Puppet seemed to have much more in the way of install-base, community and documentation (I also preferred the idea of a small DSL for configuration rather than “write some Ruby”; Cfengine seemed much lower-level and more in the “I have some scripts, push them out” sense – Puppet’s ability to succinctly express “ensure the package of this name is present” seemed far superior.

So far, my experiences have generally been excellent. Two things I’ve learnt so far:

First, modules are “just” building blocks. If it feels organisation-specific, it’s a service. This is documented in Puppet Best Practices but not something I fully appreciated until after I’d played around a bit more. Still, it all needed a refactor anyway!

Second, Puppet Forge and puppet-module seem truly excellent resources for grabbing other people’s modules to save yourself the leg-work. My initial foray into Puppet involved writing a basic module or two myself, to improve familiarity with the DSL and concepts, but seriously, unsurprisingly you’re not going to be the only Puppet user who has found themselves wanting to add an apt repository and keys orĀ configure munin et cetera.

Ultimately, Puppet has been an invaluable tool so far in my current mission to bring some more sanity, order and consistency to these configurations, and I heartily recommend it.