Book Review: Puppet 3 Beginner's Guide 81
sagecreek writes "If you are in charge of a small network with just a few servers, you may still be doing configuration management primarily by hand. And you may take particular pride in maintaining that 'artisan' role. After all, it's mostly up to you to set up new users and their machines, fix current problems, manage the servers and their software, create databases and their user accounts, and try to keep the network and user configurations as uniform as possible despite running several different brands--and vintages--of hardware and software. However, warns infrastructure consultant John Arundel, '[b]eyond ten or so servers, there simply isn't a choice. You can't manage an infrastructure like this by hand. If you're using a cloud computing architecture, where servers are created and destroyed minute-by-minute in response to changing demand, the artisan approach to server crafting just won't work.' In his new book, Puppet 3 Beginner's Guide, Arundel emphasizes: 'Manual configuration management is tedious and repetitive, it's error-prone, and it doesn't scale well. Puppet is a tool for automating this process.'" Read below for the rest of sagecreek's review.
Actually, among "UNIX-like systems," there are at least three major configuration management (CM) packages — Puppet, Chef, and CFEngine — plus some other competitors, Arundel notes. He calls them "all great solutions to the CM problem...it's not very important which one you choose as long as you choose one." But he hopes, of course, you will check out Puppet and his new, well-written how-to book.
| Puppet 3 Beginner's Guide | |
| author | John Arundel |
| pages | 184 |
| publisher | Packt Publishing |
| rating | 8 out of 10 |
| reviewer | sagecreek |
| ISBN | 978-1-78216-124-0 |
| summary | Learn how to fully utilize Puppet through simple, practical examples |
Puppet 3 Beginner's Guide is structured to help system administrators "start from scratch...and learn how to fully utilize Puppet through simple, practical examples."
Arundel's book places important emphasis on the rapidly closing "divide between 'devs,' who wrangle code, and 'ops,' who wrangle configurations. Traditionally, the skills sets of the two groups haven't overlapped much," he notes. "It was common until recently for system administrators not to write complex programs, and for developers to have little or no experience of building and managing servers."
Today, he points out, system admins are "facing the challenge of scaling systems to enormous size for the web, [and] have had to get smart about programming and automation." Meanwhile, "[d]evelopers, who now often build applications, services, and businesses by themselves, couldn't do what they do without knowing how to set up and fix servers."
Therefore, "[t]he term 'devops' has begun to be used to describe the growing overlap between these skill sets," Arundel emphasizes. "Devops write code, herd servers, build apps, scale systems, analyze outages, and fix bugs. With the advent of CM systems, devs and ops are now all just people who work with code."
Arundel's 184-page Puppet 3 Beginner's Guide has 10 chapters that are smoothly structured with numerous headings, subheadings, short paragraphs, code examples, and other illustrations. He has generated his code examples using the Ubuntu 12.04 LTS "Precise" distribution of Linux. But he explains how to load the software using "Red Hat Linux, CentOS, or another Linux distribution that uses the Yum package system," as well.
Chapter 1, "Introduction to Puppet," explains the software's basic architecture and shows how Puppet deals with large-scale configuration management problems.
In Chapter 2, "First Steps with Puppet," the author details how to install Puppet, create a simple manifest, and apply it to a machine. He also offers some basic Puppet language examples.
Chapter 3, "Packages, Files, and Services," focuses on "how to use these key resource types...and how they work together" and presents "a complete and useful example based on the Nginx web server."
In Chapter 4, "Managing Puppet with Git," Arundel shows "a simple and powerful way to connect machines together using Puppet, and to distribute your manifests and work on them together collaboratively using the version control system Git."
The emphasis in Chapter 5, "Managing Users," is on "good practices for user administration" and implementing them with Puppet. The chapter also covers "how to control access using SSH and manage user privileges using sudo."
The topics covered in Chapter 6, "Tasks and Templates," include using "Puppet's resource types to run commands, schedule regular tasks, and distribute large trees of files." Also covered: "how to insert values dynamically into files using templates."
In Chapter 7, "Definitions and Classes," Arundel explains "how to organize Puppet code into reusable modules and objects. We'll see how to create definitions and classes, and how to pass parameters to them."
Chapter 8, "Expressions and Logic," dives deeper into Puppet code. It "shows how to control flow using conditional statements and logical expressions, and how to build arithmetic and string expressions. It also covers operators, arrays, and hashes."
Chapter 9, "Reporting and Troubleshooting," deals with what the author terms "the practical side of working with Puppet," including diagnosing and solving common problems, debugging the software's operations, and understanding Puppet's error messages.
The final section, Chapter 10, "Moving on Up," wraps up with a range of topics, including how to make Puppet code "more elegant, more readable, and more maintainable." Arundel also offers "links and suggestions for further reading." And he describes nine projects to help you "improve your skills and your infrastructure at the same time." The projects, he says, "provide a series of stepping-stones from your first use of Puppet to a completely automated environment."
Puppet's maker, Puppet Labs, offers some virtual-machine options for learning the software. The choices are: (1) a VXM version recommended for VMware Fusion and VMware Workstation; and (2) an OVF version recommended for VirtualBox "and all other non-VMware virtualization software." Puppet Labs also offers a Puppet Enterprise version of its software that supports up to 10 nodes free.
Along with Linux, Puppet will run on other several platforms, including Windows and Macs,, but you will find little help for those in Arundel's book. You will need to use Puppet Lab's online Mac or Windows documentation. And Windows may not be the greatest of choices. As the documentation notes: "Windows nodes can't act as puppet masters or certificate authorities, and most of the ancillary Puppet subcommands aren't supported on Windows."
It can take a bit of work to get Puppet installed and configured. But once you have it running in a Linux environment, John Arundel's new book can be a solid guide to helping you become both a proficient Puppet user and a more efficient, knowledgeable, and versatile system administrator.
You can purchase Puppet 3 Beginner's Guide from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.
Re:As Always (Score:5, Interesting)
For situations where the agents can't talk back to the Puppet Master, you can push out the manifests (config files) to each host and apply them directly, locally. (As if it were a single, standalone machine)
Not sure if there is a way to push the results back to a Puppet Master for aggregation, but there may be a way to tackle that. (Or just back to a central logging server for parsing)
The run masterlessly (Score:5, Interesting)
It requires some agent to be installed on a target server which communicates back to the Puppet Master.
You can run puppet in masterless mode, against a local copy of the manifests, either managed locally or checked out from a version control repository.
Likewise with salt (my preferred choice over puppet, but both work), you can run either with a master host, or masterlessly. With salt the nice thing is, you can use the same config for both, just invoke the command differently (salt-call --local vs salt).
Infosec is no reason not to automate, just don't automate with a master server if your policies don't permit it.
Re:Poor review (Score:1, Interesting)
Giving a summary of the table of contents isn't a review.
Yeah even by elementary school book review standards this would be pretty poor. This person apparently thought that "book review" means "synopsis".
Re:As Always (Score:4, Interesting)
For that matter do the same with puppet. You can run it on port 80 or 443 using passenger. You'll just have to customize your client config to use the same... so I don't really know why this is any sort of big deal for you.
Anyway, with foreman you can easily see if systems are out of sync, if they're erroring, etc. Might be a little unusual to do it running the way described in the previous post, but should be manageable if you really really really can't get it to work through the existing firewall configs. I've heard of people doing it when they've hit walls scaling as well. And foreman can do a lot more, though it doesn't have to. We started out using it just for the reports portion and facts searching...