How to be a Puppet master: Make Amazon, VMware dance for you

Deployment tool jumps onto the cloud train


Sysadmin blog Puppet, if you haven't heard of it, is automation software that takes on a role similar to Active Directory's group policy. Puppet can also handle application deployment, image deployment and anything else you can imagine that you would typically manage with scripts.

Puppet is both cross platform and very simple to use. Born as a strong *nix administrative tool, Puppet has grown to support Mac OS X and Windows, and is now incorporating private and public cloud management capabilities.

For years I have used Puppet as a way of enforcing a centrally managed configuration on my Linux boxen. As Puppet's repertoire grew it became my de facto tool for dealing with Macs. If you are going to do Macs in the enterprise, you should be managing them with Puppet. Recent developments allow us to add virtualisation awareness to the list; the tool can do everything from provision Amazon EC2 instances to managing and reporting on virtual-machine specific items such as integration tools.

The Puppet modules that make up the Cloud Provisioner pack started appearing in the latter half of 2011. There was a broader launch as part of Puppet Enterprise 2.0 in December, but it was still mostly a silent launch.

With the support of Puppet Labs' nearly fanatical community, the cloud pack has evolved to a fully enterprise-ready offering. Amazon and VMware have the broadest support. Puppet CEO Luke Kanies told El Reg that the reasoning for this choice was simple: when you're talking about clouds "there's VMware and there's Amazon, and everyone else is a rounding error".

This isn't to say that work hasn't gone into supporting other stacks. Puppet Labs has been working very closely with OpenStack supporters. Kanies is proud of what they have accomplished: "A set of about 10 modules to build an entire OpenStack cloud. We worked with Cisco, Red Hat, and others … all of it available on the Puppet Forge."

Other cloud stacks are slowly being integrated. Modules exist to support Google's Compute Engine. Work on Eucalyptus has started, and Kanies claimed to have seen some deployments in the wild. He was also quick to put rest any suggestions that Microsoft Azure had been deliberately left out. "Azure is not an omission; it's just early days on the integration front," Kanies said. Puppet Labs has only so many resources, and they have targeted the most widely implemented cloud providers first.

Getting vendors onside

Kanies is obviously proud of the work accomplished by his team and the efforts of the community. He also attributes some of Puppet Labs' success with cloud integration to "great participation from vendors". It's a relationship that has seen intellectual property flow in both directions; Red Hat's OpenStack packages are based on Puppet modules.

Experience in public cloud computing has driven demand for better support of similar technologies for private infrastructure. Puppet Labs has been working closely with EMC and they have jointly announced a tool called Razor. Razor is billed as next-generation storage provisioning; the goal is to bring to the private cloud the same simplicity we have become accustomed to with public cloud services.

I asked Kanies what drove the march towards cloud integration – was this decision made by Puppet Labs, or was it driven by the community? The answer is "a bit of both". There was initially some pushback from the community. Those who haven't yet bought into the idea of cloud computing were irked that development time was going into these projects instead of the various issues each felt more pressing.

Over time the community has largely chosen to embrace the new features, driving demand for Razor and other private cloud projects alongside the growing support for public cloud infrastructure. The ultimate goal is a single tool that handles deployment, management and reporting of operating systems running on bare metal, on local virtualised infrastructure or in a public cloud.

According to Kanies: "You shouldn't have to care where your image comes from; that should be a business decision not a technical decision. You should have a single tool to work from. You should be able to just work and not worry about the details". Ultimately, that's exactly what Puppet has been about from the very beginning: one management tool, multiple operating systems. Embracing the cloud is simply the next logical step, one I'm eager try out in practice. ®

Broader topics


Other stories you might like

  • If you're using the ctx Python package, bad news: Vandal added info-stealing code
    Domain associated with maintainer email expired, taken over in supply-chain attack

    The Python Package Index (PyPI), a repository for Python software libraries, has advised Python developers that the ctx package has been compromised.

    Any installation of the software in the past ten days should be investigated to determine whether sensitive account identifiers stored in environment variables, such as cloud access keys, have been stolen.

    The PyPI administrators estimate that about 27,000 malicious copies of ctx were downloaded from the registry since the rogue versions of ctx first appeared, starting around 19:18 UTC on May 14, 2022.

    Continue reading
  • DigitalOcean sets sail for serverless seas with Functions feature
    Might be something for those who find AWS, Azure, GCP overly complex

    DigitalOcean dipped its toes in the serverless seas Tuesday with the launch of a Functions service it's positioning as a developer-friendly alternative to Amazon Web Services Lambda, Microsoft Azure Functions, and Google Cloud Functions.

    The platform enables developers to deploy blocks or snippets of code without concern for the underlying infrastructure, hence the name serverless. However, according to DigitalOcean Chief Product Officer Gabe Monroy, most serverless platforms are challenging to use and require developers to rewrite their apps for the new architecture. The ultimate goal being to structure, or restructure, an application into bits of code that only run when events occur, without having to provision servers and stand up and leave running a full stack.

    "Competing solutions are not doing a great job at meeting developers where they are with workloads that are already running today," Monroy told The Register.

    Continue reading
  • Patch now: Zoom chat messages can infect PCs, Macs, phones with malware
    Google Project Zero blows lid off bug involving that old chestnut: XML parsing

    Zoom has fixed a security flaw in its video-conferencing software that a miscreant could exploit with chat messages to potentially execute malicious code on a victim's device.

    The bug, tracked as CVE-2022-22787, received a CVSS severity score of 5.9 out of 10, making it a medium-severity vulnerability. It affects Zoom Client for Meetings running on Android, iOS, Linux, macOS and Windows systems before version 5.10.0, and users should download the latest version of the software to protect against this arbitrary remote-code-execution vulnerability.

    The upshot is that someone who can send you chat messages could cause your vulnerable Zoom client app to install malicious code, such as malware and spyware, from an arbitrary server. Exploiting this is a bit involved, so crooks may not jump on it, but you should still update your app.

    Continue reading

Biting the hand that feeds IT © 1998–2022