Puppet Automation Series - Part 2 - Architecture

by Summer Nguyen — on  , 

Puppet Version

There are 2 versions of Puppet: (From: https://puppetlabs.com/puppet/puppet-open-source)

  • Puppet Open Source: Open Source Puppet is a declarative, model-based configuration management solution that lets you define the state of your IT infrastructure, using the Puppet language. Open Source Puppet then automatically enforces the correct configuration to ensure the right services are up and running, on the right platforms.
  • Puppet Enterprise : Puppet Open Souce + commercial-only enhancements, supported modules and integrations.

and I use Puppet OpenSource

Overview of Puppet’s Architecture

There are 2 deployment models when using Puppet :

  • Master / Agent architecture
  • Stand-Alone Architecture

Puppet Architecture

(Image from http://www.slideshare.net/GiacomoVacca/automatic-kamailiodeploymentswithpuppet-33085423)

Deployment architecture doesn’t affect how we code the puppet configuration. The main different is : Where the puppet are configuration files placed and how we apply the configuration to the servers. And I will focus on Master / Agent architecture .

Master / Agent Architecture

“In this architecture, managed nodes run the Puppet agent application, usually as a background service. One or more servers run the Puppet master application, usually in the form of Puppet Server.”

There are two parts in this architecture :

  • Puppet agent runs on all the servers we want to config.
  • Puppet master runs on seperated machine(s).

Communication and Security

Puppet agent nodes and Puppet masters communicate via HTTPS with client-verification.

The Puppet master provides an HTTP interface, with various endpoints available. When requesting or submitting anything to the master, the agent will make an HTTPS request to one of those endpoints.

Client-verified HTTPS means each master or agent must have an identifying SSL certificate, and will examine their counterpart’s certificate to decide whether to allow an exchange of information.

Puppet includes a built-in certificate authority (CA) for managing certificates. Agents can automatically request certificates via the master’s HTTP API, users can use the puppet cert command to inspect requests and sign new certificates, and agents can then download the signed certificates.

How master and agent communicate :

Puppet Architecture

(Image from http://www.slideshare.net/ssuser5a2151/puppet-27665547)

And how the whole system works :

Puppet Architecture

(Image from http://www.slideshare.net/glynnfoster/managing-oracle-solaris-systems-with-puppet)

Hope you can understand how it works.

Previous Topic : PUPPET AUTOMATION SERIES - PART 1 - INTRODUCTION

Next Topic : PUPPET AUTOMATION SERIES - PART 3 - INSTALLATION

Summer Nguyen's photo Author

Summer Nguyen

[email protected]

live simply think deeply :)

Comments