6 min to read
Essential links for the Puppet practitioner
A cheat sheet for everyday Puppet
This is a living list of links to Puppet resources that I always have on hand when working with Puppet Open Source and Puppet Enterprise. They help a lot with managing the platform and developing robust Puppet code to deploy and manage my infrastructure and ensure consistency over its operational lifetime.
Table of Contents
Puppet Lint
Link: Puppet Lint documentation
Information on all the checks performed by the Puppet linter. Super useful if you ever need to disable checks or figure out why certain tests are failing for your module or control repository.
Disabling tests can be done by adding them to .puppet-lint.rc - the linter’s run commands file which is honoured by pdk.
Usually mine has the following test disabled as I run puppet fileserver and it pdk doesn’t like profiles referencing it for file sources since the linter is designed with full self-contained modules in mind instead:
--no-puppet_url_without_modules-check
Puppet Forge
Link: Puppet Forge
The official central repository for Puppet modules. Module pages on Puppet Forge also link back to the upstream repositories they originate from which is super handy for being able to pull apart community code as a learning or troubleshooting tool.
Some of my favourite modules include:
- Firewalld: A module for configuring the on-system firewall for systemd based Linux distributions, providing an easy to use declarative interface for managing local system firewalling.
- Patching as Code: A super handy module that allows you to configure system patching declaratively, supporting both Linux and Windows.
- Stdlib: The Puppet standard library module containing tons of useful features for Puppet, so much so that I’ve included a little bit about it below.
The Puppet Stdlib Module
Link: The Puppet Stdlib module
The Puppet standard library module (stdlib). You’ll almost certainly include this in your environment and the data types section is particularly for improving the quality of inputs for your Puppet profiles and classes by providing easy guard rails for your inputs.
Some of the data types in Stdlib I use the most include:
Stdlib::Absolutepath: Only accepts values that represent the absolute path of something such asC:\Users\kitsutron\Documents\foo.txtor\etc\sssd\sssd.conf.Stdlib::HTTPSUrl: Only accepts web URLs for the HTTPS protocol optionally including port, such ashttps://google.comorhttps://splunk.local:8000.Stdlib::IP::Address: Only accepts valid IP addresses for IPv4¹ or IPv6, such asFEC0:0:0:0:0:0:0:100or192.168.0.2.
[1] : Caveat for IPv4 addresses is it only accepts the standard notation, not shenanigans like decimal, octal, or hexidecimal representation even though these are supported by the IPv4 specification.
Official Puppet Documentation
Link: Official Puppet documentation
The official documentation for Open Source Puppet and Puppet Enterprise. Puppet maintain a copy of all their old documentation as well as rich documentation for the latest builds, making this invaluable for understanding how to get the most out of your environment.
Below are a couple of sections I always have ready in my bookmarks.
The Puppet Language Reference
Link: Puppet language reference
The official language reference for Puppet. This is the authoritative document for how to write Puppet code and is full of plenty of goodness such as accessing facts from Puppet code with the $facts['fact_name'] hash or how to template configurations with embedded Puppet covered in more detail below.
Creating Templates with Embedded Puppet
Link: Embedded Puppet reference
Templating is a powerful way of turning any text-based file into a dynamic, declaratively configurable resource using Puppet code. Modern Puppet templates use the EPP (embedded Puppet) format which allows you to write regular Puppet code inline with your config that is then rendered on your node into whatever kind of file you want, whether a configuration for a service or a plain text file such as an MOTD.
Templates can be invoked as a function as part of file resources, and take parameters direct from your manifests or Hiera as a hash.
If you’re writing your own module templates are normally invoked with the epp function, however if you have a need to include templates outside a module (such as in a profile in your control repo) where loading template files isn’t supported, you can also include them inline with the inline_epp function instead.
Here’s an example of an inline template.
$my_template = @(EOF)
<%- |
String[1] $foo,
Integer $bar,
Stdlib::IP::Address $baz,
| -%>
# THIS CONFIGURATION IS MANAGED BY PUPPET
[main]
foo = <%= $foo %>
bar = <%= $bar %>
[extra]
baz = <%= $baz %>
| EOF
$my_vars = {
foo => 'Bananas',
bar => 42,
baz => '192.168.0.2',
}
file { '/etc/example.conf':
owner => 'root',
group => 'root',
mode => '0600',
content => inline_epp($my_template, $my_vars),
}
A regular template is exactly the same, except the inline_epp function is swapped out for the epp function which references a template stored in your module instead of inline in the file. For example: epp('example/example.conf.epp', $my_vars).
The Puppet Platform Repository Guide
Link: Puppet official repository installation
Particularly useful when deploying agents for Open Source Puppet. If you don’t have some other part of your CI/CD pipeline handling initial agent onboarding, this part of the doco is somewhere you’ll come back to a lot. Always make sure to install from the official repositories instead of the system repositories to ensure you’re getting the latest supported version of Puppet!
I am semi-regularly coming back here for a quick and dirty copy paste of sudo rpm -Uvh https://yum.puppet.com/puppet8-release-el-8.noarch.rpm for my Open Source Puppet home lab.
The Puppet Tuning Guide
Link: Tuning Puppet Server
Essential for production when managing a large number of nodes. Talks about configuring JRuby to optimise parallelisation of agent runs, Java memory tuning, and managing how environments (branches of your control repository) are refreshed.