Puppet on Windows (Part 1 of ?)

Dimitri Ars [KPN] Maarten Bruntink [Itility]

1

Agenda •  Why? •  Agents •  Available types and modules

- Native types - Modules - Chocolatey

•  DSC •  Development

- Editors - Modules - Testing

2

Why use Puppet on Windows?

 Is Puppet better than SCCM and/or GPO?

 Infrastructure as Code

 Easy to manage various customers

 One way of working

 Pricing

3

Why use Puppet on Windows? Puppet vs SCCM Pros Cons

SCCM

Integrates very well into Windows environments

Expensive

Guaranteed support from Microsoft

Proprietary model, so users cannot change or customize the product

Easier to learn, so faster to start using for Windows admins

Doesn’t integrate well with mixed Windows -Linux setups

Single-pane of management Hard to implement versioning / IaC

Puppet

Cheaper and more flexible More complex and difficult to learn and start using

Works well with most OS platforms

Forces users to learn and use Ruby-based DSL

4

Agents

Linux

Windows

Chocolatey

5

curl -1 -k https://mypuppetmaster:8140/packages/current/install.bash -o /tmp/install.bash sh /tmp/install.bash "agent:environment=stable" "agent:certname=`hostname -s`“

msiexec /qn /l*v install.log /i puppet-3.8.1.msi INSTALLDIR="C:\Puppet Labs\Puppet Enterprise" PUPPET_MASTER_SERVER="master.domain.com“ PUPPET_AGENT_CERTNAME="agent.domain.com"

PS> Invoke-Expression ((New-Object Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))

Available types and modules: Native Types

6

Available types and modules: Missing Properties

7

Available types and modules: Missing Properties

8

Available types and modules: PuppetLabs (Supported) Modules

9

Available types and modules: Community Modules •  Currently around 180 Windows modules are available on The Forge

•  Puppetlabs-windows module installs a collection of Puppetlabs and community modules

•  registry, powershell, iis, windows_feature, acl, chocolatey, download_file, windows_env

•  Some excellent modules are available, but a large number of modules have overlapping functionality and many are of moderate quality

•  Prepare yourself to develop your own modules or even providers

10

Chocolatey: What is Chocolatey? •  Native package type only supports MSI or EXE installers, which can be

complex compared to yum / apt-get

•  Chocolatey is a package manager for Windows

•  Based on NuGet

•  Created by Puppetlabs employee Rob Reynolds

•  Chocolatey takes care of downloading, unzipping, installing applications (and whatever you can do with Powershell…)

11

Chocolatey: Installing Packages

12

Chocolatey: Creating Packages

13

Chocolatey: Puppet and Chocolatey

14

Chocolatey: Declaring Packages

15

Chocolatey: Versioning, Defaults, Chocolatey Client

16

Chocolatey: Host your own repository

17

DSC

•  Microsoft couldn’t stay behind and watch...Desired State Configuration

•  Usable from Powershell 4.0 and included in WMF 5

•  DSC language looks like Puppet DSL, imperative and idempotent

•  200+ resources available, of reasonable quality...not every property is exposed but more than Puppet counterparts if there are any

•  Unclear if DSC will eventually replace machine based GPO’s and that SCCM/Intune will provide a server part like Puppet/Hiera, but I expect it!

•  Puppet and DSC might very well be an ideal combo with Puppet on Windows...in the future

18

DSC: Using DSC Resources  Puppet DSC resources are prefixed with ‘dsc_’

19

Editors: Use your personal favorite

20

Development: Windows Specifics - File Paths  Line endings

 CRLF (Windows) vs LF (Linux)

 File paths  'C:\WINDOWS\system32'  'C:/WINDOWS/system32‘  "C:\\Windows\\system32“  $::system32  "C:\\Folder\\${my_variable}"

21

Development: Windows Specifics - Permissions

22

Development: Windows Specifics - Facts  Custom facts can be written in Ruby, batch, Powershell or use custom executables

 STDOUT must contain key-value pairs on each line

 Files must be placed in C:\ProgramData\Puppetlabs\facter\facts.d or in a modules root folder named facts.d

23

Development: Windows Specifics - Facts

24

Development: Testing  Just as on Linux, modules can be tested using rspec-puppet

25

Development: Testing  Testing multi-platform modules has some challenges

 Workaround

26

•  Puppet on Windows PuppetConf 2013 https://www.youtube.com/watch?v=GI_xv0vIR8M

•  DSC Webinar https://puppetlabs.com/webinars/windows-dsc-wsus-webinar-09-17-2015

•  Chocolatey •  https://chocolatey.org

•  Available DSC resources: •  https://gallery.technet.microsoft.com/scriptcenter/DSC-Resource-Kit-

All-c449312d

27

Additional Resources

28