Puppet Interview Questions DevOps

Puppet is one of the most widely used configuration management tools. It is used for deploying , configuring and managing servers.

It is used for the below.

• Define configurations for every slave machines
• It performs search on all the slaves it manages, continuously checking and confirming whether the required configuration is in place on the hosts.
• Provides control of all the slave machines it manages using master-slave architecture.

• Puppet Slave sends the status of itself using facts to the Puppet Master. These are usually key/value data pair which has details of Slave’s state like its uptime, operating system, IP address and other configuration details.
• Puppet Master analyses the facts sent by the Puppet slave and prepares a catalog which is a document which has the desired state for each resource which the Puppet Master manages on a slave.
• Puppet slave conveys that the configuration is complete as per the catalog which can be seen in Puppet dashboard.

Resournces are fundamental units for modelling system configurations which  describes attributes of  of system, like a specific package users and networking ..etc.

Below is an example of a user resource declaration:

user { 'andrew':
 ensure     => present,
 uid        => '100',
 gid        => '100',
 shell      => '/bin/bash',
 home       => '/home/andrew'
}

Every resource is associated with a resource type, which provides the details of kind of configuration it manages. It  has  many built-in resource types, like files, cron jobs, services, etc. 

Custom resource types are written in Ruby, and have access to the same capabilities as Puppet’s built-in types.

Collection of resources which are grouped together to have a desired machine in a desired state. They are defined inside Puppet manifest files which are found in Puppet modules.

A class definition has the details of the codes which are used in the class. Defining a class makes the class available to be used in manifests, but does not actually evaluate anything.

Class Definition Example: 

class example_class {
 ...
 code
 ...
}

The above defines a class named "example_class", and the Puppet code would go between the curly braces.

Before requesting a catalog , Puppet will collect system information with Facter. Puppet receives this information as facts, which are pre-set variables you can use anywhere in your manifests.

Puppet can access Facter’s built-in core facts and custom facts which are present in the modules.

Puppet supports functions.It supports two types of functions known with the name of statement and rvalue functions.

• Statements stand on their own and they do not have any return type. They are used for performing standalone tasks like importing other Puppet modules in the new manifest file.
• Rvalue returns values and can only be used when the statement requires a value, such as an assignment or a case statement.

You can write your own functions in the Puppet language to transform data and construct values. A function can optionally take one or more parameters as arguments. A function returns a calculated value from its final expression.

Function Syntax in Puppet: 

function <MODULE NAME>::<NAME>(<PARAMETER LIST>) >> <RETURN TYPE> {  ... body of function ...  final expression, which will be the returned value of the function}

Function Example in Puppet: 

function apache::bool2http(Variant[String, Boolean] $arg) >> String {  case $arg {    false, undef, /(?i:false)/ : { 'Off' }    true, /(?i:true)/          : { 'On' }    default               : { "$arg" }  }}

A catalog is a document that describes the desired system state for one specific computer. It lists all of the resources that need to be managed, as well as any dependencies between those resources.
Puppet configures systems in two stages:
Compile a catalog & Apply the catalog.

• When set up as an agent/master architecture, a Puppet master server controls the configuration information, and each managed agent node requests its own configuration catalog from the master.
  
  
• In this architecture, managed nodes run the Puppet agent application, usually as a background service. One or more servers run the Puppet master application, Puppet Server.

• Slave has to first send a Certificate signing request to Master and Master has to sign that Certificate in order to establish a secure connection between Puppet Master and Puppet Slave as shown on the diagram below.
  
  
• Puppet Slave sends a request to Puppet Master and Puppet Master then pushes configuration on Slave.

• Puppet can run in a stand-alone architecture, where each managed node has its own complete copy of configuration info and compiles its own catalog.
• In this architecture, managed nodes run the Puppet apply application, usually as a scheduled task or cron job.
• Puppet apply needs access to several sources of configuration data, which it uses to compile a catalog for the node it is managing.

Below are the steps for installing Puppet on Linux Platform.

• Enable Dependencies
• Enable the Puppet package repository
• Install Puppet on the Puppet Master Server
• Install Puppet on Agent Nodes
• Configure Puppet Master Server
• Configure a Puppet Agent Node

All the programs in Puppet are written using Ruby programming language and saved with an extension of .pp are called manifests. All the programs written in Puppet follow Puppet coding style.

Puppet manifest consists of the following components

• Files
• Resources
• Templates
• Nodes
• Classes

Puppet Module is a collection of Manifests and data which have a specific directory structure. Modules are useful for organizing your Puppet code in which you can split your code into multiple Manifests. It is considered best practice to use Modules while working with Manifests.

Execute puppet cert list  command in Puppet Master to check requests of Certificates from Puppet Agent.

Puppet’s codedir is the main directory for Puppet code and data. It contains environments and  Hiera data.

It is found in the below locations:

*nix Systems: /etc/puppetlabs/codeWindows: %PROGRAMDATA%\PuppetLabs\code (usually C:\ProgramData\PuppetLabs\code)non-root users: ~/.puppetlabs/etc/code

• Puppet stores its certificate infrastructure in the ssldir directory.
• The ssldir directory contains Puppet certificates, private keys, certificate signing requests (CSRs), and other cryptographic documents.
• The ssldir directory on Agent nodes and Puppet masters contain a private key a public key, a signed certificate , a copy of the CA certificate  and a copy of the certificate revocation list (CRL) (crl.pem).
• They usually also retain a copy of their CSR after submitting it . If these files don’t exist, they are either generated locally or requested from the CA Puppet master

Permanent Test Environment : Environment in which there is a stable group of test nodes where all changes must succeed before they can be merged into the production code. The test nodes are a smaller version of the whole production infrastructure.

Temporary test environment : Test a single change or group of changes by checking the changes out of version control into the $codedir/environments directory, where it will be detected as a new environment.

Hiera is a key/value lookup used for separating data from Puppet Code. It is used for Storing the configuring data in key-value pairs and to search what data a module needs for a given during node during catalog compilation.

Hiera supports JSON , YAML and EYAML files

MCollective is a powerful orchestration framework which is used to run actions on thousands of servers simultaneously, using existing plugins or writing your own.

Puppet always starts compiling using a single manifest file. This main starting point is called the main manifest or site manifest.

Puppet supports several kinds of plug-ins:

• Custom facts (written in Ruby).
• External facts (executable scripts or static data).
• Custom resource types and providers (written in Ruby).
• Custom functions written in Ruby.
• Custom functions written in the Puppet language.
• Custom Augeas lenses.
• Miscellaneous utility Ruby code used by other plug-ins.

This command provides an interface for managing modules from the Puppet Forge. Its interface is similar to several common package managers. You can use the puppet module command to search for, install, and manage modules.

• Puppet module install command installs a module and all of its dependencies.
• By default, it installs into the first directory in Puppet’s modulepath, which defaults t to $codedir/environments/production/modules.

For example, to install the puppetlabs-apache module, run:

puppet module install puppetlabs-apache

Use the puppet module install command with the full name of the module you want.
The full name of a Forge module is formatted as username-modulename. For example, to instal puppetlabs-apache:
puppet module install puppetlabs-apache

Puppet Module list command will list all the modules which have been  installed and which directory they’re installed in.

# verify the module is installed
$ sudo /opt/puppetlabs/bin/puppet module list
/etc/puppetlabs/code/environments/production/site
 |-- garethr-docker (v5.3.0)

• Puppet Agent
• Puppet Server
• Puppet Apply
• Puppet Cert
• Puppet Module
• Puppet Resource
• Puppet Config
• Puppet Parser
• Puppet Help
• Puppet Man

PSON is a variant of JSON which puppet uses for serializing data to transmit across the network or store on disk. JSON requires that the serialized form is valid unicode (usually UTF-8). A PSON string is a sequence of 8-bit ASCII encoded data. It must start and end with “(ASCII 0x22) characters.

• Node Management: Manage a large number of nodes with Puppet.
• Code Management: Puppet supports Infrastructure as code. It is easy to manage, deploy, and test the environment configuration for Development, Testing and Production environments.
• Reporting & Visualization: Puppet provides Graphical tools to visualize and see the status of infrastructure configuration.
• Provisioning Automation: Using Puppet we can automate deployment for creating  new servers and resources.
• Orchestration: For a large Cluster of nodes, we can orchestrate the complete process by using Puppet. It can follow the order in which we want to deploy the infrastructure environments.
• Automation of Configuration: With Configuration automation, the chances of manual errors are reduced. The process becomes more reliable with this.

Puppet and facter can be upgraded through operating system package management system. This could be done either through the vendor’s repository or through the Puppet Labs’ public repositories.

Facter is a library that reports and discovers the facts details and send them to the puppet master. The facts details may include the operating system, SSH keys, IP address, MAC addresses, either it is a virtual machine or not etc.

When a node is configured, puppet agent uses a document that is termed as the Catalog and it can be downloaded from the Puppet Master. It has the state details  of each resource that will be managed in a specific order. The data stored in Puppet Catalog is driven by three facts 

• Data provided by the puppet agent
• External data details
• Cetails related to Puppet manifests

Puppet is suitable for any organization size. The main objective of Puppet is to manage or configure a plenty of servers together using automation.

Commands that are used to sign the request certificates for master-slave authentication. These commands are used by the puppet slave.

• Puppetca –list (2.6)
• Puppet ca list (3.0)

Below, are the commands that are used by the puppet master to sign the requested certificates by puppet agent.

Puppet ca sign hostname-of-agent (3.0)

Command for locating  the file where signed certifications are stored.

/var/lib/puppet/ssl/ca/signed

Puppet uses a unique approach where it models everything like the present state of the node, the configuration details, SSH keys, modules, Catalog etc. The major benefits of the tool are that complete configuration details are stored securely, even in case of failure, same system state would be generated again later.

Puppet uses its programming language as it is more declarative and can be quickly understood by developers which is more easy to understand compared to other programming languages.