Puppet: A System Administration Abstraction and Automation Framework

A Presentation by Luke Kanies

Puppet is a system administration automation framework, written entirely in Ruby. The big difference between Puppet and other frameworks is that Puppet provides an abstraction layer between the sysadmin and all of those messy operating system details -- instead of caring about how useradd or crontab work, you talk about users and cron jobs, and Puppet will figure out how to create or modify the objects as necessary. This allows you to focus on data specification, and Puppet translates the specification into functional operating system details.

Puppet is written modularly, so you can directly use its library within Ruby, or you can access its XMLRPC interface and interact with the individual agents, but Puppet's primary interface is its custom language. The language bears some resemblance to both Ruby and Cfengine, and it is developed around specifying the elements that make up a functional system, like users, packages, and filesystems; you specify these elements in a Puppet manifest, and Puppet's library uses it to figure out what work needs to be done. The language also includes encapsulation features, for creating reusable libraries that specify how to deploy an ldap server or web server, or how to create new instances of applications like Trac and Ruby on Rails.

Because the ultimate goal for Puppet is to be capable of managing all aspects of any operating system via these high-level elements, its library has been developed for ease of extensibility. You can add entirely new types, such as for managing a rare or custom element type, and you can add new back-ends for existing types; Puppet calls these back-ends "providers", and makes it easy to add new providers for existing elements like services and packages. As of today, Puppet supports fourteen different package providers, including rpm, apt, and darwinports, and one was recently added by a new Puppet user in about an hour.

Most environments will use Puppet's centralization features, which allow you to specify the configuration of your entire network in one set of Puppet manifests, with each client getting a custom configuration compiled. Puppet's centralized configurations provide enhanced reporting and auditing functionality, since the compiled configurations are stored in a database for easy introspection. This centralization also allows you to think programmatically about your environment, because you are creating a single Puppet program that runs your entire network.

Direct link to video