Puppet

Puppet is a leading open-source configuration management tool, widely used by DevOps and SRE teams to automate provisioning, enforce compliance, and manage cloud and on-premises infrastructure at scale.

Overview (2025)

Puppet enables Infrastructure as Code (IaC) using a declarative, model-driven approach. It supports hybrid and multi-cloud environments (AWS, Azure, GCP), integrates with CI/CD pipelines, and is ideal for large-scale, compliance-driven operations.

Pros

Declarative language for infrastructure configuration
Large module ecosystem
Strong community support
Idempotent operations
Cross-platform support
Built-in reporting and compliance
Integration with cloud providers
Excellent for large-scale deployments

Cons

Steep learning curve
Complex setup for master-agent architecture
Resource-intensive master server
Limited real-time execution compared to other tools
Ruby dependency
Can be overkill for small infrastructures

Installation and Setup (2025)

Linux (Ubuntu/Debian)

# Install Puppet server
wget https://apt.puppet.com/puppet7-release-focal.deb
sudo dpkg -i puppet7-release-focal.deb
sudo apt update
sudo apt install puppetserver

# Configure Java heap size if needed
sudo vi /etc/default/puppetserver
# JAVA_ARGS="-Xms1g -Xmx1g"

# Start Puppet server
sudo systemctl start puppetserver
sudo systemctl enable puppetserver

WSL

# Install Puppet agent
wget https://apt.puppet.com/puppet7-release-focal.deb
sudo dpkg -i puppet7-release-focal.deb
sudo apt update
sudo apt install puppet-agent

NixOS

# Add to configuration.nix
{
  services.puppet = {
    enable = true;
    masterService.enable = true;
    extraConfig = ''
      [main]
      server = puppet.example.com
    '';
  };
}

Real-Life DevOps & SRE Examples

1. Enforcing Compliance Across Cloud VMs

node /^web\d+\.prod\.aws\.example\.com$/ {
  include profile::base
  include profile::cloudwatch_agent
  include profile::cis_hardening
}

2. Automated User Management (SRE)

users::user { 'devops_engineer':
  ensure     => present,
  uid        => '1050',
  groups     => ['sudo', 'docker'],
  ssh_keys   => ['ssh-rsa AAAA...'],
  managehome => true,
}

3. Multi-Cloud Resource Tagging (AWS & Azure)

# AWS EC2 Tagging
aws_tag { 'Environment':
  resource_id => 'i-0abcd1234',
  value       => 'production',
}

# Azure VM Tagging
azure_vm_tag { 'web-vm':
  resource_group => 'prod-rg',
  tags           => { 'Owner' => 'SRE', 'CostCenter' => '1234' },
}

4. Integrating Puppet with CI/CD (GitHub Actions)

name: Puppet Validate & Deploy
on: [push]
jobs:
  puppet:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Validate Puppet code
        run: |
          gem install puppet-lint
          puppet-lint manifests/
      - name: Deploy with r10k
        run: |
          gem install r10k
          r10k deploy environment -p

Best Practices for DevOps & SRE (2025)

Use roles/profiles for code organization
Integrate Puppet runs with CI/CD pipelines
Store secrets in Hiera or external vaults
Monitor agent runs and failures (e.g., with Prometheus)
Use resource collectors for dynamic infrastructure
Test modules with rspec-puppet and puppet-lint
Prefer declarative over imperative code

Common Pitfalls

Not using version control for manifests
Hardcoding secrets in code
Ignoring resource dependencies (ordering)
Not monitoring agent failures
Overusing exec resources (prefer native types)

Troubleshooting

Common issues and their solutions:

Certificate Issues:
- Clean SSL on agent
- Regenerate certificates
- Check time synchronization
Resource Ordering:
- Use proper dependencies
- Implement proper require/before statements
- Use resource collectors wisely
Performance Issues:
- Check JVM heap size
- Optimize agent runs
- Monitor PuppetDB performance

Resources

Puppet Joke: Why did the SRE break up with Puppet? Too many strings attached!

PreviousAnsible NextDocumentation Strategy

Last updated 19 days ago