Problem solve Get help with specific problems with your technologies, process and projects.

Puppet 2.6.x: Using new features

The popular open source enterprise systems management tool, Puppet, has been updated in 2.6.0 and 2.6.5. Learn about the new features and see how they work with sample code.

Puppet, the open source enterprise systems management tool, has had a number of new features added with the release of Puppet 2.6.0 (and the subsequent maintenance releases including the recently issued 2.6.5). The 2.6.x series of releases are a next generation for Puppet in a number of ways – including normalizing the release numbers by moving the decimal point in the version number, from 0.25 to make the 2.6.x series. In this tip, the new features will be highlighted and some examples of how they work are provided along with links to documentation.

To start, the new release marks the deprecation of Puppet’s original XMLRPC connectivity in favor of the faster RESTful API. This has resulted in performance enhancements for Puppet and makes integrating with it easier. You can see details of the API specification.

Support for Ruby DSL
Another new feature is the new Ruby DSL (domain specific language). Puppet has an existing DSL that can be used to manage your configuration, but 2.6.0 adds support for a pure Ruby version of this. In the current DSL you can create a resource to be managed:

class host {
 file { “/etc/hosts”:
  mode => 0750,
  owner => root,

In the new Ruby DSL you can express this as:

hostclass :host do
 file “/etc/hosts”, :mode => 0750, :owner => “root”

If you are familiar with Ruby you can also use Ruby code to perform tasks in your manifests with Ruby DSL. For example, you can manipulate data or retrieve data from another source inside your manifests, for example retrieving data from a MySQL database and using it in Puppet resources:

require 'rubygems'
require 'mysql'

hostclass :packages do
  con ='localhost', 'user', 'password', 'cmdb')
  pkgs = con.query('select * from packages')
  pkgs.each_hash { |p| package p['name'], :ensure => 'latest' }

node 'default' do
  include 'packages'

New features in the language of Puppet
The Puppet language itself also has some new capabilities, including the ability to use hashes (Puppet already understands arrays) and an elsif construct to add to the existing if/else conditional. Previously, Puppet only supported one if/else clause:

if $foo == ‘bar’ {
  include baz
} else {
  include qux

Now Puppet allows a more full if/elsif/else syntax like so:

if $foo == ‘bar' {     
    include baz
 } elsif $qux == 'hum' { 
    include valve
} else {      
    include box

Additionally, Puppet now supports a concept of “stages.” This means you can add more coarse-grained ordering to your manifests. This is useful for managing blocks if configuration needs to occur in a particular order. For example, all the steps needed to bootstrap a host can occur before configuration of an application on the host. Puppet creates a default stage called main. You can create other stages and specify the order in which they occur:

stage { [pre, post]: }
Stage[pre] -> Stage[main] -> Stage[post]

This code defines two stages: pre and post.  It then specifies the order of execution, pre then main and then post.  We can then add resources and classes to particular stages for execution in that stage, for example:

class {      
  "keys": stage => pre;      
  "dns": stage => main;
  "web":   stage => post;   

Stages are also described in more detail in the Puppet language tutorial.

Auditing configuration options
Another new development is the concept of Puppet auditing configuration. Until now when you ran Puppet you only had two modes:

  • Enforcement, which made actual changes on the host
  • Simulation or `noop` mode in which Puppet tells you what changes it’s going to make but does not actually make them.

The new audit capability allows you to specify configuration where you just want to know and understand its state. You can specify configuration, for example tracking the ownership of files in a directory, and tell Puppet to watch those files and send reports showing their state over time. For example, you can audit the `/etc/hosts` file. The first time Puppet runs it will report the characteristics of the file --  who owns it, permissions, etc. On each successive run, Puppet will check the current state and report any differences from the previous, for example if the owner of the file has changed a log message will be generated:

audit change: previously recorded value owner root has been changed to owner james

This functionality allows you replicate some of the auditing functionality of tools like Tripwire with Puppet.

Puppet Enterprise released
Puppet Labs has released Puppet Enterprise, a commercial offering that bundles all of Puppet and its associated dependencies with an installer. It’s designed to lower the barrier to entry for users and help people implement a best practice Puppet configuration.  It’s functionally identical to the open source product but comes with support, more robust testing, the installer and additional documentation.

Future releases include upgrades to the Puppet Dashboard and another major feature release, Puppet 2.7.0, both of which are due in the middle of the 2011.

Dig Deeper on Linux servers

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.