managing windows systems with puppet - puppetconf 2013
DESCRIPTION
"Managing Windows Systems with Puppet" by James Sweeny Professional Services Engineer, Puppet Labs. Presentation Overview: Since Puppet grew up in the *nix world, there is a common misconception that it can't be used to effectively manage Windows. This talk hopes to dispel confusion on the matter and demonstrate that Windows can be managed effectively and easily with Puppet. Along with basic how-tos and tips on working with Windows systems using Puppet, Windows specific issues and caveats will be discussed with effective mitigations. Speaker Bio: James is a recovering sysadmin currently working as a Professional Services Engineer at Puppet Labs. He performs training and advises on configuration and systems management best practices in his day job. Though his focus is primarily on Linux systems, he frequently is tasked to work on Solaris, OS/X, and Windows. He is unafraid to admit that he runs Windows 7 on his primary desktop.TRANSCRIPT
Managing Windows Systems with PuppetJames SweenyProfessional Services | Puppet Labs [email protected] on irc.freenode.net@jsween_y
Friday, August 23, 13
puppetconf.com #puppetconf
Introduction
• Windows Agent overview
• Puppet resource model overview
• Managing Linux vs. managing Windows
• Windows specific challenges and solutions
• Windows oddities that will bite you
Friday, August 23, 13
puppetconf.com #puppetconf
Supported Platforms
• Server 2003 and 2003 R2
• Server 2008
• Windows 7/Server 2008 R2
• Windows Server 2012
Friday, August 23, 13
puppetconf.com #puppetconf
Installation
Friday, August 23, 13
puppetconf.com #puppetconf
msiexec /qn /l*v install.log /i puppet-3.2.4.msi
INSTALLDIR="C:\Program Files\Puppet Labs\Puppet Enterprise"
PUPPET_MASTER_SERVER="master.domain.com"
PUPPET_AGENT_CERTNAME="agenthost.domain.com"
Friday, August 23, 13
puppetconf.com #puppetconf
Friday, August 23, 13
puppetconf.com #puppetconf
• C:\Program Files (x86)\Puppet Labs\Puppet
– \sys– \bin
Friday, August 23, 13
puppetconf.com #puppetconf
• C:\ProgramData\PuppetLabs
- or -
• C:\Documents and Settings\All Users\Application Data\PuppetLabs
– \puppet\var• cached data• plugins
– \puppet\etc• puppet.conf• ssl data
Friday, August 23, 13
puppetconf.com #puppetconf
Anatomy of a Puppet run
Friday, August 23, 13
puppetconf.com #puppetconf
ResourcesThe fundamental building block
Friday, August 23, 13
puppetconf.com #puppetconf
Resource Abstraction
Friday, August 23, 13
puppetconf.com #puppetconf
Providers
Friday, August 23, 13
puppetconf.com #puppetconf
Linux Resources
Friday, August 23, 13
puppetconf.com #puppetconf
So what makes Windows special?
Friday, August 23, 13
puppetconf.com #puppetconf
Host Resource
Friday, August 23, 13
puppetconf.com #puppetconf
Service Resource
Friday, August 23, 13
puppetconf.com #puppetconf
Windows Service
Friday, August 23, 13
puppetconf.com #puppetconf
Cron Resource
Friday, August 23, 13
puppetconf.com #puppetconf
Cron Scheduled Task Resource
Friday, August 23, 13
puppetconf.com #puppetconf
Files
• Line Endings
• Paths
Always ask yourself: “Where is this evaluated”?
Friday, August 23, 13
puppetconf.com #puppetconf
Files - Paths
• 'C:\WINDOWS\system32'
• 'C:/WINDOWS/system32'
• "C:\\WINDOWS\\system32"
All are OK, but forward slashes are safer...
Friday, August 23, 13
puppetconf.com #puppetconf
Files - Paths
. . . except when a Windows program will read them.
Friday, August 23, 13
puppetconf.com #puppetconf
Files - Line Endings^M^M^M
• CRLF vs. LF^M
• Windows uses two characters for^M newlines^M
• Puppet master always runs in Linux^M
Friday, August 23, 13
puppetconf.com #puppetconf
Files - Line Endings
• File resources are written in binary
• source with Windows newlines will be preserved
• content will always generate Linux newlines, unless you add them
Friday, August 23, 13
puppetconf.com #puppetconf
File Resource - Permissions
• Still specified with Unix-style modes
• Mode must be specified if owner/group are
Friday, August 23, 13
puppetconf.com #puppetconf
Friday, August 23, 13
puppetconf.com #puppetconf
File Resource - Permissions
• Be careful of case
• Can't set SID
Friday, August 23, 13
puppetconf.com #puppetconf
Exec Resource
Friday, August 23, 13
puppetconf.com #puppetconf
• Execs run without a shell
Friday, August 23, 13
puppetconf.com #puppetconf
32-bit Redirection
• %WINDIR%\Sysnative
• %WINDIR%\System32
Friday, August 23, 13
puppetconf.com #puppetconf
Powershell Exec
Friday, August 23, 13
puppetconf.com #puppetconf
Powershell Exec Provider
Friday, August 23, 13
puppetconf.com #puppetconf
ModulesModules are the best way to organize your code and extend core Puppet
forge.puppetlabs.com
puppet module search <keyword>
puppet module install <author-module>
Friday, August 23, 13
puppetconf.com #puppetconf
puppetlabs/registry
Friday, August 23, 13
puppetconf.com #puppetconf
puppetlabs/registry
Friday, August 23, 13
puppetconf.com #puppetconf
puppetlabs/registry
Friday, August 23, 13
puppetconf.com #puppetconf
adenning/winntp
Friday, August 23, 13
puppetconf.com #puppetconf
simondean/net_share
Friday, August 23, 13
puppetconf.com #puppetconf
trlinkin/domain_membership
Friday, August 23, 13
puppetconf.com #puppetconf
More Windows Modules
• puppetlabs/mssql
• simondean/iis
• adenning/winfacts
• jonnyx/msuac
Search 'windows' on forge.puppetlabs.com
Friday, August 23, 13
puppetconf.com #puppetconf
MSI Package Provider
Friday, August 23, 13
puppetconf.com #puppetconf
MSI Package Provider
Friday, August 23, 13
puppetconf.com #puppetconf
Windows Package Provider
• Deprecates msi provider
• Available in Puppet 3.0
• Backports available for Puppet 2.7
• Supports .exe and .msi seamlessly
Friday, August 23, 13
puppetconf.com #puppetconf
Centralized Packages
• Versionable and Upgradable
• Linux has it easy
• yum
• apt-get
• zypper
Friday, August 23, 13
puppetconf.com #puppetconf
Chocolately
• Third party Windows package manager
• http://chocolatey.org/
cinst my_package
See Rob Reynolds tomorrow in the Fountain Room at 5:10PM!
Friday, August 23, 13
puppetconf.com #puppetconf
rismoney/chocolatey
Friday, August 23, 13
puppetconf.com #puppetconf
DISM
• Server 2008+ Roles and Features
• Install Windows server roles such as
• DNS Server
• DHCP Server
• IIS
Friday, August 23, 13
puppetconf.com #puppetconf
puppetlabs/dism
Friday, August 23, 13
puppetconf.com #puppetconf
Rebooting
Friday, August 23, 13
puppetconf.com #puppetconf
Pending Reboots
Friday, August 23, 13
puppetconf.com #puppetconf
Pending Reboots
Friday, August 23, 13
puppetconf.com #puppetconf
Windows Reboot
Friday, August 23, 13
puppetconf.com #puppetconf
Additional Resources
• http://docs.puppetlabs.com/windows
• http://docs.puppetlabs.com/references/latest/type.html
• http://puppetlabs.com/blog/part-top-questions-on-puppet-and-windows/
• Puppet Types and Providers by Dan Bode and Nan Liu
Friday, August 23, 13
Thank You - Questions?James SweenyProfessional Services | Puppet Labs [email protected] on irc.freenode.net@jsween_y
Collaborate. Automate. Ship.
Friday, August 23, 13
Follow us on Twitter @puppetlabs
youtube.com/puppetlabsinc
slideshare.net/puppetlabs
Collaborate. Automate. Ship.
Friday, August 23, 13