Do you think IIT Guwahati certified course can help you in your career?
Introduction
Puppet is extremely popular for infrastructure management. These days, any large organisation's infrastructure is mainly built on the cloud. Puppet, too, has a cloud version of its services that is the cloud puppet enterprise. In this blog, we will learn about the functioning and components of the Cloud Puppet Enterprise. We will also go through scaling, upgrading, troubleshooting and getting support. Let's get started with the details. 😁
Cloud PE are Puppet Enterprise's services running on major cloud providers' cloud infrastructure. Puppet Enterprise from version 2019.8 is available on the cloud. The cloud image has standard installations with PE services. Cloud images do not have built compilers, which limits the nodes to 2500. After installation on the cloud, these PE services run similar to how they would on regular machines.
Cloud Providers and Licensing
All the major cloud providers have the PE cloud image on their marketplace. It is available on:
✅AWS Marketplace
✅Oracle Cloud Marketplace
✅Microsoft Azure Marketplace
For licensing part, we have two options. Either we can go for BYOL (Bring Your Own Licensing) or get a license from the AWS Marketplace from their Enterprise Discount Program (EDP) credits. In BYOL, we can choose any cloud provider and use any of our existing licenses.
System Requirements and Security
A minimum capacity of hardware is required for deploying our primary server for PE services on the cloud. Cloud deployments can handle up to 2500 concurrent nodes with the standard architecture. The table below shows the instances on various cloud platforms, which are the bare minimum to run PE services.
Number of Nodes
AWS
Oracle
Azure
Trial use
m5.large
VM.Standard2.2
D2 v4
11-100
c5.2xlarge
VM.Standard2.8
F8s v2
101-500
c5.2xlarge
VM.Standard2.8
F8s v2
501-1000
c5.2xlarge
VM.Standard2.8
F8s v2
1000-2500
c5.4xlarge
VM.Standard2.16
F16s v2
The security is based on rules or policy setup on the ports for incoming traffic on the Virtual Cloud Platforms. Some ports are fixed for a specific type of traffic management, such as 22 for SSH, 443 for HTTPS requests, 4433 for API endpoints, 8081 for PuppetDB etc. This traffic can either come from external sources or internal such as PostgreSQL, PE Console etc. The rules set on these ports strengthen security.
Installation (AWS Image)
To install cloud PE, we can launch an image from the cloud provider of our choice. This section will go through the steps to install PE on AWS.
✅ Step 1: Go to the AWS console, SDK or any third-party tool.
✅ Step 2: Launch a PE image and specify the details: instance type, VPC, subnet and security group.
✅ Step 3: SSH into the machine using the newly created keys and username as puppetadmin.
✅ Step 4: Wait for the PE image to boot and the configuration to complete.
✅ Step 5: Set a console admin password.
✅ Step 6: Open a browser and go to https://<primary hostname>, accept the certificates and log in using the credentials.
Your primary server is now ready to handle nodes.
Connecting Agents and DNS Configuration
Agent packages handle nodes outside our primary server's scope or across cloud deployments. Cloud images have agent packages for all major platforms. We can install them using any standard method. To configure the primary server, run the update_agent_repos.sh script:
sudo /opt/puppetlabs/cloud/bin/update_agent_repos.sh public
DNS (Domain Naming Service) configuration is essential for the cloud PE deployment. In cloud PE, the primary server's private hostname generates certificates involving public hostname and puppet as alternate DNS names. Therefore, it is crucial to set up DNS so that if any instance is resized or changed to a different image type, it retains consistency.
Tuning and Running Commands
Tuning is necessary for the efficient use of available resources. For standard installations, PE could image tuned using default settings. The tuning process on the cloud is the same as any on-premise installation. We can perform three types of tuning: primary server tuning, compiler tuning and legacy compiler tuning. We can alter the following parameters for fine-tuning:
✅ RAM per JRuby
✅ JRuby max active instances
✅JRuby max requests per instance
✅Java heap
✅Puppet server reserved code cache
✅PuppetDB command processing threads
✅PostgreSQL shared buffers
✅PostgreSQL working memory
There are several common commands that we can run on the nodes. For azure, we must switch to the super user using the sudo su command. The commands are:
✅puppet agent -t
✅puppet enterprise support
✅puppet infrastructure
✅puppet license
✅puppet lookup
✅puppet node
✅puppet plugin
✅puppetserver ca
Scaling and Upgrading
As our infrastructure setup grows and the system comes under stress, it is better to scale up to a larger VM or cloud instance for improved performance. We have to follow standard procedures to scale up. IP addresses and hostnames might change during scaling up. Therefore it is crucial to check on these. During EC2 resizing, the public hostname changes. Thus to access the PE console connect to the new public hostname. To scale up in:
✅AWS: We can resize an EBS backend instance.
✅Azure: We can add a data disk to a VM through the Azure portal.
For upgrading, the process is the same as standard on-premise installations. Follow these steps for upgradation:
✅Step 1: Run the PE installer on the primary server to upgrade additional components.
✅Step 2: Download the tarball appropriate to your OS and architecture.
✅Step 3: Upack the tarball.
✅Step 4: Run the installer and follow the CLI instructions.
✅Step 5: Upgrade additional PE components, such as agents and client tools.
✅Step 6: Upgrade your replica in disaster recovery installations.
Troubleshooting Cloud Deployments
You might run into a few common problems while deploying cloud PE. Let's go through these issues and their potential solutions:
Authentication fails with SSH
The cloud providers have different support for SSH-related failure. In AWS, cloud deployments disable the root SSH access. While launching an image from the marketplace, we must specify a key and connect it with a matching private key. In contrast, Azure cloud deployments allow either an SSH key or username and password login.
After 60 days, the puppetadmin account stops working.
The password expires in 60 days, leading to account expiry. To prevent it, you must keep changing the password within 60 days. Also, you can use the command run 'chage -E -1 puppetadmin' on the primary server to prevent the auto-expiry of the password.
Agent run fails for a non-root user
We can use sudo with the command to give it root user access. For example, we may run the following:
sudo /usr/local/bin/puppet agent -t
Components of PE
Puppet Enterprise has five components. Let's discuss them briefly one by one.
Puppet
Puppet forms the basis for configuration management. It contains programming language for describing system states, an agent that can force system states and various other tools and services.
Puppet Server
It is similar to how a web server works, with the difference being that it manages HTTP requests on behalf of the puppet. It is a JVM application providing core puppet HTTPS services. Puppet agents use the server to look up the configuration catalogue.
Facter
It is a system profiling tool. Agents use it to send critical information to the puppet server, later used for compiling the node's catalogue.
Hiera
It is a hierarchical lookup tool that is used to configure puppet classes. Hiera 5 is the latest version and is backwards compatible.
PuppetDB
PuppetDB works as the data collector and is responsible for collecting any data that Puppet generates. It offers a powerful query API to analyse the data and acts as the foundation of the PE console. We can use PuppetDB APIs to build our applications.
Getting Support
There is a beautiful support system for cloud PE. The PE versions are based on the duration of support they will get, such as the STS( Short Term Support), LTS(Long Term Support), overlap support and end-of-life support. We can also get support from the large user community. Other than that, commercial support is also available. The metrics collector and support portal helps to gather support. Support scripts are available for easy debugging.
Frequently Asked Questions
What is the marketplace?
All the major cloud providers have this feature of the marketplace. It is like a shop for online services ready to plug and play directly from the cloud provider's end.
What are the functions of Puppet Server?
A puppet is an open-source tool for managing software configurations and permits administrators to perform a particular activity on multiple servers. You can install several applications with a single click. Puppets can be used on several platforms, such as Mac OS servers, Cisco routers, and IBM mainframes, making them flexible.
What are calatogs?
A Puppet Agent requests a file from a Puppet Master and utilises it while establishing a node. This file is known as a catalogue. A catalogue contains dependency data and desired state for all resources. So, it should be arranged and appropriately managed.
Conclusion
Congratulations on finishing the blog! We have studied the Overview of Cloud Puppet Enterprise. We learned about the parts of cloud infrastructure required for PE deployment. We sincerely hope that this blog has improved your understanding of the Cloud Puppet Enterprise, and if you want to learn more, then you can check articles on:-
Please refer to our guided pathways on Code studio to learn more about DSA, Competitive Programming, JavaScript, System Design, etc. Enrol in our courses, and use the accessible sample exams and questions as a guide. For placement preparations, look at the interview experiences and interview package.
Please do upvote our blogs if you find them helpful and informative!
34+ registered 
