Puppet Chef for Networks
1 Puppet and Chef
Has Puppet Masters
and that control
puppet agents
. The puppet master controls
agents on each device
. The puppet master can make changes to many agents.
Focused on configuration management
. Both servers and routers. (Ansible can
do configuration mgt as well as mgt of deployment and operations).
All the configuration states
of the multitude of agents is kept on the puppet
master
in a database called puppetdb
.
Puppet
uses a pull model
, where configs are "pulled" down from the puppet
agents.
Compare that to ansible
which is a "push" model
where the ansible controller
pushes out configs to the end devices.
Puppet is writtin in Ruby based (Ansible is python based). Both have a DSL, Domain Specific Language, to interact with devices.
1.1 Puppet Agents
run on the puppets. They communicate back to the master via tcp, ssl. The nodes (puppets) agent reach out to the puppet master, and if needed "pull" This allows puppet to be used in a network with network devices which often cannot install an agent.
1.2 Puppet Master
Always best to have 2 or more puppet masters. You can add more masters as
you grow in the number of nodes in you network. Each master can scale up
to 4000 nodes
. Or monolhic compilied master i.e. a very big deployment you
will need to have a MOM to keep things organized and make sure you take the
garbage out. MOM is "master of masters"
2 Configuration
2.1 Manifest.pp
This is a file that has your configuration of your routers and switches.
The puppet master replies to agents when they ask for the manifest.pp
file.
The Manifest.pp is kept on the master, but the agents will need access to
pull the manifest.pp down for use on each individiual node.
Manifests
- have classes
- have resources
Resources are things like Apache, or Loopback7, similar to what ansible calls 'tasks'. They declare that I want apache installed at version x.y These are declarative states.
- have resources
Modules
- can have multiple related manifests. so larger system wide automated construct.
2.2 Docker container running puppet bolt
Network Chuck has a container you can down load.
docker container run -dt --name puppetbolt thenetworkchuck/puppet
Then access that container through docker exec -it puppetbolt bash
.
2.3 puppetbolt inventory file
inventory.yml — targets:
- alias: ciscoios config: transport: remote remote: remote-transport: ciscoios user: developer password: C1sco12345 enablepassword: C1sco12345 uri: ios-xe-mgmt-latest.cisco.com:8181
- alias: ciscoios2 config: transport: remote remote: remote-transport: ciscoios user: networkchuck password: Password123! enablepassword: Password123!
2.4 running puppetbolt from the command line
bolt task run ciscoios::clicommand -t ciscoios command='show run' raw=true
2.5 running puppetbolt using a manifest file (.pp)
Here is an example of motd.pp
banner { 'default': motd => 'This router is controlled by a puppet master. See dude with a hat for changes', }
Then apply that with:
bolt apply motd.pp -t cisco_ios