Puppet Architecture

 

 Puppet Setup

• System configuration in Puppet can be done in a client/server architecture,

• using the Puppet agent and Puppet master applications

• in a stand-alone architecture, using the Puppet apply application

• Starting with a catalog that describes the desired system state for a computer

• Catalog will list all resources as well as any dependencies between those resources, that need to be managed

• Puppet uses several sources of information to compile a catalog.


Puppet Architecture Master Agent

• The Puppet master server manages the configuration information of all nodes

• Managed nodes run the Puppet agent application as a background service

• Puppet Server runs the Puppet master application

• Puppet Agent gathers facts about the node using Facter

• Puppet agent sends its configuration requirements to the Puppet master

• Puppet Master in turn compiles and returns that node’s catalog, using Puppet Forge Content Marketplace

• Puppet agent upon receiving the catalog, applies it to the node

• If Agent finds any resources that are not in the state that they should be, it makes the necessary changes

• Agent sends a report to the Puppet master after applying changes

• Puppet agent nodes and Puppet masters communicate using HTTPS

• Each master and agent must have an identifying SSL certificate

• Upon examining other’s certificate they decide whether to allow an exchange of information


Puppet Master Agent Setup

• A Puppet server (running as 'puppet') listening on 8140 on the Puppet Master (the server )

• A Puppet client (running as 'root') on each managed node

• Client can be run as a service (default), via cron (with random delays), manually or via MCollective

• Client and Server have to share SSL certificates

• New client certificates must be signed by the Master CA

• It's possible to enable automatic clients certificates signing on the Master (be careful of security concerns)


Puppet Architecture Standalone

• Each Puppet node has its complete configuration info using which it compiles catalog

• Nodes run Puppet apply application

• Puppet Apply uses several sources of configuration data which it uses to compile catalog for the node

• Puppet Apply applies catalog after compiling the catalog

• Puppet Apply makes the changes necessary nodes based on catalog

• Puppet Apply stores a report on disk for applied changes


Cross Platform Puppet

• Puppet Master and Agents can run on:

• Linux

• Windows

• OS X

• Other Unix (anything that can support Ruby/RubyGems)

• Puppet can determine individual run time environment information using Factor


Puppet Master

• When set up as an agent/master architecture, a Puppet master server controls the configuration information, and each managed agent node requests its own configuration catalog from the master

• In this architecture, managed nodes run the Puppet agent application, usually as a background service

• One or more servers run the Puppet master application, Puppet Server

• Periodically, each Puppet agent sends facts to the Puppet master, and requests a catalog

• The master compiles and returns that node’s catalog, using several sources of information it has access to.

• Once it receives a catalog, Puppet agent applies it to the node by checking each resource the catalog describes.

• If it finds any resources that are not in their desired state, it makes the changes necessary to correct them.


Puppet Agent

• This is the main puppet client

• Its job is to retrieve the local machine's configuration from a remote server and apply it

• In order to successfully communicate with the remote server, the client must have a certificate signed by a certificate authority that the server trusts; the recommended method for this, at the moment, is to run a certificate authority as part of the puppet server (which is the default)

• The client will connect and request a signed certificate, and will continue connecting until it receives one

• Once the client has a signed certificate, it will retrieve its configuration and apply it


Puppet Agent

• Are software packages installed on each server

• “do the work” of installing and configuring software

• Can be configured to run regularly or on demand or not at all

• Can be executed in a “noop” mode for reporting purposes

• Can also execute the entire lifecycle with puppet apply locally (masterless puppet)

Comments

Popular posts from this blog

Different Types of Reports in Scrum - Agile

Terraform

Scrum Master Interview help - Bootcamp