It began with a very simple set of requirements:
- I have a few Solaris and Linux machines I manage.
- While most of the users are handled by LDAP, there are a few administrative users and groups I want defined locally on each of the machines.
- So far I’ve had used a script to define the users for me, however, the script was never meant to be run more then once, so I’ve had to work around it as well as run it manually on each of the machines whenever I needed to add a new user.
- Using the script, there was no way to know, in one place, which users are defined on which machine, what are their permissions, etc.
So, I though about solving this, and what I had in mind was to have the list of users and their permissions stored in a file or a table somewhere, and have some kind of a cron job run periodically on each of the server and make sure the server’s user configuration matches the description in the file.
But before setting out to implement this, I figured I should have a look around the web and especially pay some attention to this series of articles discussing massive installation management tools for Linux.
What I’ve found was Puppet.
Puppet is a tool meant to ease the automation woes of system administrators, it combines a configuration distribution mechanism, based on XML-RPC, with a declarative configuration language that allows you to define what should be on your server or servers in terms of types and resources.
Deciding to look into it I’ve setup a couple of VirtualBox VMs running CentOS 5.0, installing one as the puppetmaster (the server containing the central configuration repository, called manifest) and the other as a puppet (e.g. a server managed by puppet), after having the initial setup figured out (nothing really complicated about it, just little details like having the host FQDNs resolve properly), It was unbelievably easy to list the users and permissions in the manifest file and have puppet define them automatically on the server.
But puppet can do much more that just setup users, with just its built-in capabilities, its mind-numbingly simple to install packages, manage system services and even generate and distribute configuration files with Puppet’s built-in template language.
With a little bit of creativity, one can have puppet automate much more complex tasks such as the mundane but complex setup required to prepare a machine for Oracle installation or more exciting ones such as VM deployment and management.
With the numerous technical advantages, by far puppets greatest strength is its user community, a major motivation for Puppets creation by its author had been his understanding that sysadmins constantly write automation scripts to do largely the same tasks over and over again with little if any sharing and reuse.
One reason for the lack of reuse, is that existing tools make it very difficult to write a script in such a way that would make applicable outside the system for which it was written, Puppet was built to provide the framework that would allow reuse and sharing on sysadmin scripts, or recipes, as they are referred to in the puppet documentation.
Looking through the (though modest) list of recipes provided by the puppet community, I’m excited with thoughts of implied possibilities, who knows? maybe someone already wrote a recipe for installing Oracle? now that would be a time saver…