Puppet Chef for Networks

Home

1 Puppet and Chef

Has Puppet Masters and that control puppet agents. The puppet master controls agents on each device. The puppet master can make changes to many agents.

Focused on configuration management. Both servers and routers. (Ansible can do configuration mgt as well as mgt of deployment and operations).

All the configuration states of the multitude of agents is kept on the puppet master in a database called puppetdb.

Puppet uses a pull model, where configs are "pulled" down from the puppet agents.

Compare that to ansible which is a "push" model where the ansible controller pushes out configs to the end devices.

Puppet is writtin in Ruby based (Ansible is python based). Both have a DSL, Domain Specific Language, to interact with devices.

1.1 Puppet Agents

run on the puppets. They communicate back to the master via tcp, ssl. The nodes (puppets) agent reach out to the puppet master, and if needed "pull" This allows puppet to be used in a network with network devices which often cannot install an agent.

1.2 Puppet Master

Always best to have 2 or more puppet masters. You can add more masters as you grow in the number of nodes in you network. Each master can scale up to 4000 nodes. Or monolhic compilied master i.e. a very big deployment you will need to have a MOM to keep things organized and make sure you take the garbage out. MOM is "master of masters"

2 Configuration

2.1 Manifest.pp

This is a file that has your configuration of your routers and switches. The puppet master replies to agents when they ask for the manifest.pp file. The Manifest.pp is kept on the master, but the agents will need access to pull the manifest.pp down for use on each individiual node.

Manifests

  • have classes
    • have resources

      Resources are things like Apache, or Loopback7, similar to what ansible calls 'tasks'. They declare that I want apache installed at version x.y These are declarative states.

Modules

  • can have multiple related manifests. so larger system wide automated construct.

2.2 Docker container running puppet bolt

Network Chuck has a container you can down load. docker container run -dt --name puppetbolt thenetworkchuck/puppet

Then access that container through docker exec -it puppetbolt bash.

2.3 puppetbolt inventory file

inventory.yml — targets:

  • alias: ciscoios config: transport: remote remote: remote-transport: ciscoios user: developer password: C1sco12345 enablepassword: C1sco12345 uri: ios-xe-mgmt-latest.cisco.com:8181
  • alias: ciscoios2 config: transport: remote remote: remote-transport: ciscoios user: networkchuck password: Password123! enablepassword: Password123!

2.4 running puppetbolt from the command line

bolt task run ciscoios::clicommand -t ciscoios command='show run' raw=true

2.5 running puppetbolt using a manifest file (.pp)

Here is an example of motd.pp 

banner { 'default':
  motd => 'This router is controlled by a puppet master.  See dude with a hat for changes',
}

Then apply that with: bolt apply motd.pp -t cisco_ios

2.6 Home