Puppeteers Blog

Category: Introduction

Hiera lookups in rspec-puppet

While rspec-puppet documentation is quite decent, it does not really explain how to test classes that get their parameters via Hiera lookups, such as profiles in the roles and profiles pattern. Several parameters related to Hiera are listed in the rspec-puppet configuration reference, but that's all. The other documentation you find on the Internet is […]

Windows domain in Azure

I wrote this article to better understand all the pieces called "AD" or "Active Directory" in Microsoft Azure fit together. The pieces are as follows: Active Directory (AD): The is the classic on-premise Active Directory with LDAP, Kerberos, group policies and all that. Traditionally Windows machines in larger environments have been domain-joined to on-premise AD. […]

Serverless Puppet with control repo, Hiera, roles and profiles and Puppet Bolt

The traditional way of managing systems with Puppet is to install Puppet agent on the nodes being managed and point those agents to a Puppet server (more details here). This approach works well for environments with tens or hundreds of nodes, but is an overkill for small environments with just a handful of nodes. Fortunately […]

Short introduction to Packer and Vagrant

This article is a short introduction to Packer and Vagrant - tools that we often recommend to our customers but which may be a bit hard to understand if you have no previous expose to them. Packer Packer is used to “create identical machine images for multiple platforms from a single source configuration”. Packer works […]

OpenVPN server options in Azure

OpenVPN is among the best VPN solutions, especially when you need a cross-platform (Windows, Mac, Linux, Android, iOS) solution that just works. It is best suited for point to site (P2S) or "road warrior" setups where users access internal resources using a VPN client when on the road. When setting up OpenVPN server in Azure […]

What Vagrant plugins actually are?

This was a revelation that came to me when fixing Vagrant on my Fedora 34 laptop: Vagrant plugins seem to be just Ruby gems installed into an isolated runtime environment, with "vagrant plugin" ensuring that the gems are installed in the correct place. The same gems that you can install with "vagrant plugiin install" can […]

Managing self-hosted GitLab with Terraform

GitLab has an extensive API which allows managing its internal configuration such as users, groups and projects. The official GitLab Terraform provider builds on top of this API. It assumed here that the Terraform controller (e.g. your laptop) is able to reach your GitLab instance's TCP port 443 - if it can't there's no way […]

The four ways to install Puppet modules

When working with Puppet and Puppet modules in particular you quickly notice that there are several ways to manage module dependencies. Today I learned about a new way introduced in Puppet Bolt 3.x, so I thought I'd compile a list that celebrates this diversity: metadata.json: used primarily to dependency metadata to Puppet Forge. Some tools […]

Notes about puppet-litmus testing

Puppet Litmus is a Puppet acceptance test harness that leverages on many existing, proven technologies. In the long run Litmus aims to replace Beaker. However, the latter is currently still the only way to run multi-machine (e.g. cluster) acceptance tests in a standardized way. For example we use Beaker for our Keycloak domain mode cluster […]

Ejabberd message archiving and history playback

When using ejabberd in a company for multi-user chat (see my earlier blog post) people will quickly start complaining that they missed discussions because they had been offline. Ejabberd does play back last 20 messages when user joins a room, but that is too little for an active chatroom. The simplistic approach is to set […]

Configuring ejabberd multi-user chatrooms

Ejabberd is a very flexible and scalable XMPP server. We use it because it can be configured using a simple yaml configuration file and managed via ejabberdctl commands. This makes it a good fit for our infrastructure as code approach. That said, ejabberd does require one to understand the XMPP protocol/jargon as it does not […]

Creating custom facts programmatically

Writing static facts is fairly easy even with a low level of Ruby skills. Below is an example of a fact that returns true or false depending on whether the node has a /boot partition: As you can see above the required information was already inside the "mountpoints" fact of Facter. Using the fact is […]

Duplo series, part 2: Puppet agents at work

Here's the next episode in our Duplo visualization series, have a look! This time we put Puppet agents to work. Featuring: Puppet agents will retrieve their desired state definition (catalog) from Puppet master for the Puppet environment they're in. Puppet agent reads the catalog: Puppet agent compares the current state to the catalog and notices […]

Fattening the workflow, part 5: Hiera and content encryption

Separating data from code in Puppet modules is advisable as it improves reusability of code. The separation can be accomplished with Hiera by having separate levels based on facts, organizational units, locations, etc. Hiera can also be used for storing private data that needs to be protected and must not be readable by outsiders. Typically […]

Fattening the workflow, part 4: Roles and profiles

If the workflow that includes the control repository, r10k and GitLab still feels too light, there are yet more ways to make the workflow heavier by adding more abstraction to the Puppet modules themselves. This is done by adopting the "Roles and Profiles pattern" that was developed by Craig Dunn and popularized in the blog […]

Duplo series, part 1: R10k at work

We've been having DIY visualization sessions on Puppet and sysadmin related topics and we wanted to share some of them with you. We had a lot of fun doing this, hope you'll enjoy this even a bit as much as we did! Let me introduce the characters involved in the first chapter: R10k is started […]

Fattening the workflow, part 3: GitLab and similar

In the previous posts of this series I discussed the control repository and r10k. The last component in fattening the workflow is Git provider such as GitLab, GitHub or Bitbucket. Nowadays all of them are reasonable choices for storing private Git modules, which Puppet control repositories and site-specific modules tend to be. One of the […]

Fattening the workflow, part 2: r10k

In the previous post I discussed the control repository structure. In this post I'll talk about r10k. That tool is used for deploying control repository branches into matching Puppet environments on the Puppet server. Installing r10k is very straightforward with the bundled gem: After this you'll need a settings file for r10k, /etc/puppetlabs/r10k/r10k.yaml: Several requirements […]

Fattening the Puppet workflow, part 1: The control repository

If editing Puppet code and Hiera directly with puppetmaster feels too easy, you can complicate the Puppet workflow as much you like by adding more components to the palette. Adding the so called control repository and r10k to Puppet environment maintenance instantly adds several phases to your initially simple workflow. There are also benefits that […]

Using Puppet Bolt to apply roles to nodes, part 1

NOTE: this article is somewhat outdated. Please refer to Serverless Puppet with control repo, Hiera, roles and profiles and Puppet Bolt instead. Puppet Bolt is a designed to be an orchestration tool, but it can be used for configuration management as well. For example you may have a small environment of handful of nodes where […]