What is Puppet Domain-Specific Language?

Puppet is an open-source configuration management automation tool. Puppet permits system administrators to type in infrastructure as code, using the Puppet Descriptive Language rather than utilizing any customized and individual scripts to do so. This means in case the system administrator erroneously alters the state of the machine, at that point puppet can uphold the change and guarantee that the framework returns to the required state. A conventional approach would require the system administrator to login to each machine to perform framework organization assignments but that does not scale well.

Puppet Architecture

Puppet uses the client/server model. The server is called a puppet master. The puppet master stores the recipes or manifests( code containing resources and desired states) for clients. The clients are called Puppet nodes and runs the puppet agent software. The node runs a puppet daemon(agent) to connect to the puppet master. These nodes will download the manifest assigned to the node from the puppet master and apply the configuration if needed.

How does puppet works?

A puppet run starts with the nodes and not the master. This run uses SSL services to pass data packets back and forth between the nodes and master. The nodes run the factor command to assemble information about the system. These facts are then sent to master.

Once the master receives the facts, it compiles a catalog that describes the state of each resource in the node. The master compares the host-name of each node and matches it to the specific node configuration or uses the default configuration if the node does not match. After the catalog is compiled, the puppet master sends it to the node. Puppet will apply the catalog on the node, ensuring the system is in the desired state.

Puppet Blocks

1. Resources- Puppet has many built-in resources like file, user, package and service. The puppet language allows administrators to manage the system resources independently and ensure that the system is in the desired state. The example of the resources are package, service, notify, user, exec, and many more. The puppet resource_type command lists the available resource types on a Puppet host. The syntax for a resource_type is as follows:

resource_type { 'resource_title':
  attr1 => value1,
  attr2 => value2,
  attr3 => value3,
  ...
  attrN => valueN,
}

The resource deceleration starts with declaring the type of the resource. Puppet has many built-in resource types like file, user, package, and service. The resource type is followed by curly brackets (braces) that include the resource title and the list of value/attribute pairs. The resource title is a string enclosed within single quotes. A colon separator is used to separate the resource tile and the list of attribute/value pairs.

Each resource has its attributes that are also called as parameters. For example, the file has attributes like path, owner, group, ensure, and mode. These attributes are defined as a value using => operator. For example, the owner can have a value of root or the user account that has created the file. As well as, the mode of the file can be 750 or 777 depending on what kind of permission is needed for the file.

Resource Title

The resource title should be defined with utmost care. The title informs the Puppet Compiler about the resource to be actioned on. Multiple similar "resource titles" may have the same attributes. In that case, they can be grouped together in a single resource definition. A similar example is shown below

file { [ '/etc/firewalld',
         '/etc/firewalld/helpers',
         '/etc/firewalld/services',
         '/etc/firewalld/ipsets' ]:
  ensure => 'directory',
  owner  => 'root',
  group  => 'root',
  mode   => '750',
}

1. The following example shows the declaration for the firewalld service.

service { 'httpd':
  ensure => 'running',
  enable => true,
}

1. Puppet Manifests– Puppet Manifests are the text documents written in Puppet DSL that describes the end state of the host system. It can be creates using any text editor and the extension of it .pp extension. The following noalice.pp will ensure that Puppet deletes an account called alice from the system.

[root@master ~]# vim alice.pp
[root@master ~]# cat noalice.pp
user {'alice':
  ensure => 'absent',
}

1. Puppet Classes- Puppet Classes helps to ensure that the Puppet resource definitions can be made more robust and reusable so that they can be applied to multiple hosts. A puppet class is usually used to define all the resources that are needed to implement a service or run an application. The following example demonstrates the syntax of the class

class class_name ($param = 'value') {
  resource definitions...
}

The following example demonstrates a class called test

class test {
  user { 'master':
    ensure  => 'present',
    home    => '/home/master',
    shell   => '/bin/bash',
  }

  file { '/home/master':
    ensure  => 'directory',
    owner   => 'master',
    group   => 'master',
    mode    => '0770',
    require => User['master'],
  }

  package { 'httpd':
    ensure  => 'present',
  }

  service { 'httpd':
    ensure  => 'running',
    enable  => true,
    require => Package['httpd'],
  }

}
include test # include is a function that is used to call the class test in the manifest

1. The include command is used in a manifest to use a class. It is similar to calling a previously defined function in a programming language
2. Puppet Modules- Puppet module is a way of packaging puppet manifests and related files into a single file. The module is a tar archive that has an established hierarchy. Puppet module provides a standard, predictable directory structure for the puppet code and related files that they contain. Some of the essential or most frequently used directories in a module hierarchy are listed below:
   • Manifests directory contains all of the puppet manifests defined in the module.
   • File directory contains static files
   • lib/factor directory contains custom fact definitions
   • The test directory contains manifests that are used to test the functionality provided by the module.
   • Evaluating the templates
   • Performing mathematical calculations
   • Modifies the catalog
   • Catalog Statements like include, require, contain and tag
   • Logging statements like debug, info, notice, warning, err.
   • Failure statements like fail.
   • The function_name is the full name of the function.
   • An opening parentheses to include the list of the arguments. (Parentheses are not required while using the statement functions like include <class-name>). In all the other cases its needed. To understand what are the arguments required by a function, it can be checked in the documentation of that function. In case of an opening parentheses there should be a closing one.
   • Code block or lambda in case the function needs one.