Puppet is a robust configuration management and automation tool.
Cisco supports the use of Puppet on a variety of devices such as Catalyst Switches, Nexus Switches and the Cisco Unified Computing System (UCS) server platform.
Puppet works with many different vendors and is one of the more common tools used for automation.
Puppet can be used for the entire lifecycle of a device, including initial deployment, configuration, repurposing, and removing devices.
Puppet uses the concept of a Puppet master server to communicate with devices that have the puppet agent locally installed on the device.
Changes and automation tasks are executed within the puppet console and are s hared between the puppet master and puppet agents.
The changes are stored in the Puppet database called PuppetDB, which can be located on the master server or a different box.
Puppet allows for the management and configuration of many device types at the same time.
Puppet agents communicate to the puppet master using different TCP connections.
Each TCP port represents a communications path running from an agent on a device or node.
Puppet also has the capability to periodically verify the configuration on a device. This can be set to any frequency. If the configuration is changed an alert can be sent as well as put the device back to its original configuration.
There are three different installation types with Puppet:
| Installation Type | Scale |
| Monolithic | Up to 4000 nodes |
| Monolithic with compile masters | 4000 to 20000 nodes |
| Monolithic with compile masters and standalone PE-PostgreSQL | More than 20000 nodes |
The typical installation is monolithic. Puppet can scale to very large installations though.
In very large environments Puppet needs a master of masters server to manage the distributed puppet masters and their database to help simplify management.
Large deployments need compile masters which are simply load balanced Puppet servers that help scale the number of agents to be managed.
Puppet Modules
Puppet Modules allow for configuration of anything that can be configured manually. Puppet has many modules for different vendors and device types. Puppet Modules contain the following components:
- Manifests
- Templates
- Files
Manifests are the code that configures the clients or nodes running the Puppet agent. These manifests are pushed to the device using SSL and require certificates to be installed to ensure the security of the communications between the Puppet master and Puppet agents.
Each of the manifests is used to modify the running configuration on Cisco Catalyst devices. Manifests can be saved as an individual file and have the extension .pp
Here is an example of a Puppet file that configures the network time protocol server on a Cisco Catalyst Device:
ntp_server { '1.2.3.4' :
ensure => 'present',
key => 94,
prefer => true,
minpoll => 4,
maxpoll => 14,
source_interface => 'Vlan 40',
}The line ensure => present tells the Puppet server that the NTP configuration should be present in the running configuration of the Cisco device.
Puppet leverages a domain-specific language as it’s programming language. It is based on the Ruby language.
Modules and manifests used can be found on https://forge.puppet.com where puppet modules, manifests and code can be shared within a community.
Leave a Reply