Puppet automation shows value in enterprise container management

The future of configuration management is debatable to some due to container orchestration, but industry watchers say Puppet's is bright thanks to a new API integration module.

SAN DIEGO -- Puppet automation may be considered old hat among some startups using containers, but for enterprises operating at scale, configuration management remains an indispensable part of containerization.

One such enterprise, Healthdirect Australia, had its use case illustrated for the masses at PuppetConf last month by its former solution architect, Scott Coulton, now platform engineering lead at Autopilot HQ, a marketing software company in San Francisco. Coulton is also a Docker Captain and a longtime Puppet user.

"I heard someone say last week that 'I'm just going to use Docker. I'm not going to use Puppet anymore,'" Coulton said in a PuppetConf keynote presentation. "That's kind of two different levels of thinking, why would you do that? ... The conversation shouldn't be about, 'Should we use Docker or Puppet?' It should be, 'How do we use them together?'"

Coulton extends Docker's maritime metaphors to encompass the role of Puppet in containerized environments, a role some bleeding-edge DevOps shops considered nonexistent earlier this year.

"Docker does build, ship, run -- Puppet's the ship," he said. "They build the ship so we can ship out the container code."

Whether a container lives one second or 10 days or a year, they're going to be consistently modified, and you've got to put controls around them.
Robert Stroudanalyst, Forrester Research

Otherwise, "How are you going to get the container to the host? How are you going to set up your Docker API? How are you going to set up your schedulers?" Coulton said.

To deploy Kubernetes or Docker Swarm at scale, using Transport Layer Security (TLS) with something such as HashiCorp's Vault to handle secrets will take a long time to do consistently and repeatedly at scale, Coulton said.

Meanwhile, last year Puppet engineer Gareth Rushgrove wrote a module for Puppet (also called gareth) that allows Puppet to communicate with the Docker REST API, and that kind of Puppet automation is a whole new way to think about what Puppet can do, Coulton said.

"If you're using something like Docker that has a really [well-specified] API, as long as you write your Ruby code to understand the responses, when Puppet runs, it will look for the resource on a cluster of nodes," Coulton said. "That blew my mind."

Using Puppet automation to harden the Docker REST API, and then direct it to deploy container infrastructure, helped put Healthdirect Australia's developers and IT operations pros on the same page for the first time -- bringing together app development and infrastructure as code into the same continuous delivery process, Coulton said.

"Configuration management is your best friend" in a container environment, Coulton said.

At the startup company where he now works, "we have the type of environment that knows if the container's healthy and knows if the service is running the right amount of containers, and it also allows us to know if a node has failed," he said. "If Puppet sees that one of the containers that's part of a service is not running, Puppet will actually send an API call to update the service to make sure it is running."

This example of Puppet automation is the direction that infrastructure is headed, Coulton said, and an industry analyst who attended PuppetConf agreed in a separate interview.

"If we roll forward to 12 months from now, containers will be an even more complex environment to manage and a requirement of containers will be configuration management," said Robert Stroud, analyst at Forrester Research. "Whether a container lives one second or 10 days or a year, they're going to be consistently modified, and you've got to put controls around them."

Thus, tools like Puppet and Chef will need to coexist with platforms like Docker Swarm, Kubernetes and Mesos, Stroud said, which Puppet already has a jump on doing with the gareth module.

Puppet in the majority of instances is still a required aspect of life in enterprises, which will be slower than startups to convert to a 100% container environment, if they ever do, Stroud said.

"Tools like Puppet allow you to bring that under control on a consistent basis, especially in industries that are highly regulated," he said.

Beth Pariseau is senior news writer for TechTarget's Data Center and Virtualization Media Group. Write to her at [email protected] or follow @PariseauTT on Twitter.

Next Steps

Puppet upgrade: Are the new features worth it?

How to find the correct configuration management tool

Look at Puppet for open source cloud automation

Dig Deeper on Configuration Management and DevOps