Puppet Expands Beyond Configuration Management
Tuesday, at the Union Square Hilton in San Francisco, Puppet revealed how drastically it broadened its product line beyond configuration management to include offerings across the software lifecycle.
The company has introduced a set of new products to accompany the existing enterprise-targeted distribution of its eponymous configuration management system. These new products include Pipelines for continuous integration and continuous deployment, Puppet Bolt and Puppet Tasks for running arbitrary configuration management tasks on specific machines, and Puppet Discovery which can perform governance and compliance tasks associated with auditing and tracing modes of control for systems.
While the theme of Puppet’s new launches is a major broadening of its product line, these announcements are also about blurring the lines between traditional development and administrative domains, said Puppet Chief Technical Strategist Nigel Kersten. When asked if Puppet was now a continuous integration/continuous deployment (CI/CD) company, he responded that, “I think we’re seeing the blurring of those lines. They’re all blurring: configuration management with provisioning in the form of Tasks blurring the lines with CI/CD stuff.”
10 Years On
According to Puppet creator and former systems administrator and engineer Luke Kanies, Puppet was created out of, “Fear and desperation.” Kanies was desperate for work after passing through a number of companies and terrified that in ten years, the world might still be using CFEngine to configure servers.
Initially, Kanies became one of the largest contributors to CFEngine, even forking it into his own version, CFNG. Still, he had a vision in his head of what he wanted, and what he knew other administrators would need. That vision was of building a model of a system, then having a tool enact that model on said systems. The machine, the OS, the software, none of those things mattered to this tool: it would handle the heterogeneity, and if a system didn’t match the model when it came online because one change was out of order, you’d just run the process again and it things would eventually match the model.
Puppet has remained, if nothing else, true to its original vision, perhaps to its own fault. Across the years, the gospel of automated configuration management spread, and users flocked to the platform. Hundreds of operating systems were supported. As DevOps spread and automation became popular, the configuration management space began to move away from Puppet and its chief competitor, Chef. Ansible also rose to prominence and was quickly acquired by Red Hat, giving Puppet a huge, well-moneyed competitor overnight.
New Puppet Master
With this week’s new offerings, that puzzle has gotten much larger than just configuration management. Puppet Chief Architect Deepak Giridharagopal said Puppet Discovery is, “Based on the core strengths of the existing technology we’ve got. If you want to manage a thing in an idempotent way — a safe way — step one is to get the current status of things you want to manage. Instead of starting with, ‘This is what people’s idea of the desired state is,’ let’s do the opposite of that using the same code. Can’t we go to a system we don’t know anything about and say, ‘What is the current state of everything?’ If you want a modern discovery tool, it’s not enough to say, ‘Here’s a network scan, and here’s the IPs.’ What can you really do from a list of numbers? What’s far more valuable is if you can say, ‘Here’s the systems, now we can dive into all the systems. That’s way more interesting inspection of these targets,” said Giridharagopal.
That dovetails with the recent Puppet acquisition of Distelli, a CI/CD company which offered pipelines and a container registry. Adding that registry to this new Puppet toolchain ensures that the company’s enterprise product can give a clear picture of an entire environment, and help those systems keep track of each other as well. This also enables the enaction of governance, compliance management, and policy enforcement across those systems found in the discovery process, something that the Puppet team expects will win a lot of larger contracts in regulated markets.
Once machines have been audited, Puppet Enterprise can utilize the new “do it now” capabilities of Puppet Bolt to enact changes and do so through a series of drop-down menus in the web-based management system. Those menus can be delineated by administrators in the Puppet DSL (domain-specific language), thus ensuring there are no possible bad states to choose from. This also means enterprises can immediately have a view of how automated their control processes are, as Puppet Discovery tracks the chains of command. Thus, Bolt is more than just a reaction to configuration market demands, it’s an enabler for a wider management platform.
“Our approach has been a model-driven, declarative approach. Though that’s fantastic for managing global infrastructure at scale, it requires you to know what you want to model and what you want that to look like,” said Tim Zonca, vice president of marketing and business development at Puppet.
These changing needs also necessitated the addition of verbs to the Puppet language. Puppet Tasks, which is the combination of Puppet Enterprise and Puppet Bolt, enables the use of these verbs, and the use of languages other than the Puppet DSL to enable them. Said Giridharagopal, “You get benefits on the model-driven side to write your Puppet code independently. For things like Tasks, we wanted to give people a different way to do it. Say you have a database to configure: nouns would say, ‘I’ want to create a database that looks like this. Verbs should go along with that. ‘I want to flush a cache,’ or ‘flush privileges,’ or ‘I want to do a schema upgrade, here’s a SQL script I need to apply.’ Those are verbs. That’s phase one. You can write a task in whatever language, from Bash to Powershell Python, compiled binary in Go or Rust.”
Chef, Puppet and Red Hat are sponsors of The New Stack.
Feature image via Pixabay.