Puppet – managing desktop computers with awesome/sucky tools

Puppet is a configuration management tool. It can be used to manage desktop clients. You could compare it to Active Directory GPO, sort of. Instead of running bash scripts or whatever you tell Puppet what you want the clients to look like and it will attempt to do so. For example you can say google-chrome should be up to date and if the client is not up to date it will take steps to do so (apt-get). Like many open source projects I think it’s much harder to learn but more powerful than say GPOScreenshot from 2013-01-24 15:20:53Puppet is not so straight forward to learn and use. Why do products think I give a damn to learn about them? I don’t. I’m not a puppet developer. I don’t care about configuration management. My users sure don’t care. This post should hopefully tell you how to get started with puppet and push changes to clients. Here is a systems chart of what I want.

Screenshot from 2013-01-24 15:53:01

Server Installation

I’ll assume you want a puppet master server and clients. To install puppet master: http://docs.puppetlabs.com/guides/installation.html#debian-and-ubuntu

Not so bad. puppet-dashboard is the gui you see in that browser of my screen shot. It lets you see how clients are doing if they are checking in, making changes, MIA. It also lets you make groups in a gui. Installation is confusing because ruby on rails is crap in Ubuntu if you aren’t familiar with the process.
http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html

Since you want to push changes to clients and not learn ruby on rails garbage make sure to use the lame and boring webrick stuff that comes with the ubuntu packages you install. The documentation doesn’t really explain this at all. It says how to run it over command line for testing and a link to some ruby crap. Awesome. Here’s an idea – why not link to programming in ruby and tell the user to make their own puppet? Edit /etc/default/puppet-dashboard and /etc/default/puppet-dashboard-workers and set START=yes so that the processes start. You don’t care how it works unless you are running some huge enterprise and want to use apache instead. Now you can start it (once you followed the above link and set up databases, etc) by running service puppet-dashboard start. I got some permission errors at first that a chmod -R 777 took care of. Who cares. Guess the Ubuntu packages are buggy.

Dashboard has some inventory feature too, just ignore it. I did get it to work after many hours and it’s not terribly useful and took a long time to do.

Client Installation

Again ubuntu 12.04

  1. apt-get install puppet
  2. edit /etc/default/puppet and set START=yes
  3. edit /etc/puppet.conf and blindly add
    server = yourpuppet.server.com
    report=true
    pluginsync=true
  4. sudo puppet agent –test
  5. On puppet master run
    puppet cert sign –all
  6. If you want run on client that test again to see if it works. You should see it in dashboard if that was set up right. If not make sure the workers are running and the report stuff is set right
  7. (optional) add your “node” which is a client to a group and class. If you add it to a group you can add the group to a class. I don’t understand the difference actually.

Now to push a change. I found this a good reference because it’s task oriented. You can push things to a certain group (like maybe a testing group?) like this.

class testers {
do stuff!
}

You can set up the nodes in dashboard as I said make sure the group is in the class though. The language is ok but there are some stupid limitations. I found it impossible to run apt-get update before installing a new package which seems a reasonable thing to do. The solution on stackoverflow will make apt-get update run EVERY time which means in dashboard everything will report it’s making changes every time. I’d like to know the difference between a real change (I installed a new package) vs a stupid one (I ran apt-get update because I suck and have to). I just solved it by adding a cron job to apt-get update every day, meh. Adding the cron job file counts as a change but then cron runs itself and that isn’t a puppet change.

Once you figure it out, puppet is very nice. It’s better than GPO because Windows sucks and has no package management and no decent scripting language to do stuff without a gui. Most stuff doesn’t have a msi file so GPO can’t be used. In linux, most applications have a repository or at least a .deb file.  The ability to make system wide changes on the fly is wonderful. Tasks that would have taken too long are suddenly possible. Here is my site.pp file in you want to see what I use it for and complain about my terrible hacks.