Get started Bring yourself up to speed with our introductory content.

What is the Puppet configuration management tool, and how does it work?

With Puppet, enterprises can manage configurations and simplify the DevOps process as a whole. Grasp how it works, and see if it's the right choice for your organization.

When looking at DevOps, the stream from development to operations is a single overall process, with a myriad of tasks underneath that push it along. Configuration management tools, including Puppet, support some of these critical tasks.

What is a configuration management tool?

A major part of the DevOps process is configuration management. Here, IT admins use a tool, or set of tools, to model existing infrastructure and create configurations to provision onto that infrastructure. These tools also enable admins to monitor configurations as they run and remediate any problems that occur within the runtime environment.

The process progresses as such: Build a blueprint of infrastructure that's already there; define the desired end result; create the means to achieve this result; carry out the changes; ensure that the desired result is achieved; monitor the system; and make any required changes.

Meet the Puppet configuration management tool

There is a variety of tools on the market, ranging from open source to commercial systems, that offer these capabilities. One open source tool with a strong following is Puppet.

Founded in 2015, Puppet first focused on the provision of a GNU general public license for a configuration management tool but changed to an Apache License 2.0 model as of Puppet version 2.7.0.

Puppet offers both an open source version and a commercial version of its software, Puppet Enterprise, which runs alongside its Puppet Remediate tool to provide a full configuration management system.

Although Puppet can run in a server-only model with command-line access, the majority of users run it in full client-server mode, where the servers run as masters and the clients run as agents.

How Puppet works

Puppet uses a declarative language that models the infrastructure as a series of resources. Manifests pull together these resources and define the desired state of the final platform. Puppet stores manifests on the servers and uses them to create compiled configuration instructions for agents, as needed.

Puppet uses a tool called Facter to discover and report facts about nodes. Facts include built-in details obtained directly via Puppet, custom information the user defines and provides, or external details written in another programming language, such as Perl or C -- or even in plain text. These facts become variables available in the Puppet manifest. This enables users to create configurations that are agnostic to the platform on which they run. Therefore, admins can reference different OSes on different machine configurations from a single resource. The Puppet configuration management tool then ensures that the desired outcome occurs on each platform.

This approach has become known as infrastructure as code -- the user needs little to no knowledge of what physically exists in terms of servers, network items or storage. Instead, the user declares what is required and leaves the configuration management tool to convert the requirements into reality.

While the difference between the two tools was greater in the past, both Puppet and Chef have encroached on each other's territory.

There are occasions, however, where a manual override may be required. Puppet accommodates this via Hiera, a system that provides storage for site-specific configuration data as external information in a key-value pair look-up table. This lets a user create a manifest that calls specific configuration data through Hiera, and bypass Facter, to create a highly specific runtime instance.

Puppet also provides thousands of prebuilt modules to help organizations get off the ground as rapidly as possible.

As such, the Puppet configuration management tool is a good option to manage the process of packaging and provisioning live application instances in the operations environment. When enterprises run versions of Puppet in a development environment, then they can link those versions to support a DevOps process. To aid this process, many development tools provide Puppet integrations that enable developers to work directly in their tool of choice. With this option, Puppet functions as the depository for code items and stores them as resources. Puppet has worked with organizations, such as Microsoft's Visual Studio team and Ruby, to enhance these integrations.

Puppet vs. other configuration management tools

Historically, Puppet has been a leading DevOps tool for sys admins and operations managers. Chef, another open source configuration management tool that is popular among developers, is also widely used in the market.

While the difference between the two tools was greater in the past, both Puppet and Chef have encroached on each other's territory. At the basic level, there are few major differences between the two products. IT organizations should carefully evaluate each tool's native features, and ecosystem, to decide which fits best with their own circumstances.

Puppet vs. Chef: The major differences

Puppet handles high availability via data replication to a second node and works in an active-passive mode, which brings the passive node into action if the active one malfunctions. Chef, on the other hand, uses a triple-active mode which produces better scalability overall.

Chef and Puppet also differ in terms of idempotency: Puppet uses its own domain-specific language, which allows for highly granular scripting, and according to the company, is more admin-friendly. Conversely, Chef uses the Ruby language, which it claims is far more wide-ranging and developer-friendly.

Puppet also has a software development kit to test its manifests in situ before releasing them; Chef uses a workstation environment to test its recipes.

There are other open source tools, such as Ansible and CFEngine, although buyers must choose carefully, as several open source configuration management engines have faded away due to lack of support.

At the commercial-software level, there are also several options. Some act purely as a configuration management tool. However, others, such as CloudBees Flow -- formerly Electric Cloud ElectricFlow -- HashiCorp Terraform and Atlassian Bamboo provide an extra capability to enable users to plug in Puppet, Chef or another tool as the main configuration management engine.

Each system has its own strengths and weaknesses, many of which depend on the upstream development languages in use, and many of which are specific to the organization that will use them. Buyers must describe their needs carefully before they shortlist possible configuration management tools.

Editor's note: To cover more recent Puppet and configuration management concepts, this article has replaced a previous SearchITOperations article from 2009 by Andrew Shafer.

Next Steps

Ensure that configuration management tasks are secure

Weigh configuration management tool options

Learn the importance of language when it comes to configuration management

Dig Deeper on Configuration Management and DevOps