Usage of Bolt with Puppet

What is Puppet?⭕

Puppet is a system management tool. It is used in DevOps. The task of puppet is to deploy and manage the servers. Microsoft Windows and Ubuntu, which we commonly use, are controlled by puppet. Puppet is based on the client-server model. The system working as the server is called the puppet master. The system that works as a client is known as the slave. One advantage of puppet is that you can run the exact configuration instructions on the same system.

Now that we are familiar with the concepts of bolt and puppet, let us now move to the idea of the usage of bolt with puppet.😎

Using Bolt with Puppet📌

In this section we will learn about the usage of bolt with puppet in detail. We will basically learn to apply puppet code blocks through bolt and applying manifests.

Applying Puppet Code Blocks Through Bolt🎯

The first concept that comes up in the discussion of the usage of bolt with puppet is, using bolt to apply puppet code. Let us see how we can apply puppet code blocks on the command line. One command for applying a standalone puppet system to a local system, is puppet apply.  We can also use bolt for the same purpose. When bolt is applied, it installs the packages required on its own. There can be cases when the agent is not installed. Bolt applies the command, puppet_agent:: install. This installs the agent.

Applying Manifest😎

There are two ways in which bolt applies a manifest. The ways are as follows.

⭕Passing an absolute path to the manifest.

The commands for this type are as follows.

📌Powershell

Invoke-BoltApply -Manifest manifests/server.pp -Targets servers

📌Nix shell command

bolt apply manifests/server.pp --targets servers

⭕Passing the code to execute command line.

📌Powershell

Invoke-BoltApply -Execute "file { '/etc/puppetlabs': ensure => present }" -Targets servers

📌Nix command shell

bolt apply --execute "file { '/etc/puppetlabs': ensure => present }" --targets servers

Declarations Vs Definition⭕

The understanding of the difference between declarations and definitions is important in order to apply manifest blocks correctly. The definitions basically refer to the definitions of class which can be reused when called by name. The person can access this code in the catalog when it is defined. This calling of the code by name is known as declaration. When the code is not declared it cannot be added to the catalog. If the person attempts to change targets using only definition, bolt will yield the following output depicting that it is not possible.

$ bolt apply --execute "define bolt { file { 'etc/puppetlabs': ensure => present } }" --targets servers

Application of Manifest Blocks📃

The order of compilation of code by bolt is as follows.

⭕Facts from targets.

⭕vars that you have set in your inventory.

The puppet apply command will show you all the variables.This helps you to reuse the code of bolt and puppet. The catalog is applied on each target. After successful compilation, you can view all the reports using the bolt apply command.

Return Value

After the application of the command, first all the required packages are installed by bolt. It will then return the outcome for any changes that were made in the system.

Puppet and Puppet Forge Modules💻

The puppet code can also be applied from the module that is downloaded from the puppet forge in the YAML plan. For this you have to make use of the resources step in YAML plan.

Applying Manifest Blocks From Puppet Plan🤷‍♀️

You can use the apply function to apply the manifest blocks to remote system while puppet plan is in execution. The options that the apply function has are as follows.

📌_catch_errors => true 

It gives the failed results set as output.

📌_noop=>true

Uses the no operation mode of puppet to apply manifest blocks and returns the summary of the changes that are to be made.

📌_run_as=>true
Used to apply the manifest block as a specified user.

Application Of Manifest Blocks💻

The order of compilation of code by bolt is as follows.

⭕Facts from targets.

⭕Local variables in the plan.

⭕Vars set in the inventory.

Return Value

The apply function returns an object of ResultSet that has ApplyResult object for every target.

$results = apply($targets) { ... }
$results.each |$result| {
   notice($result.report)
}

Configuring Concurrency✅

Every target has unique vars and facts. This implies that every target needs a separate catalog compilation. The apply function is used to simultaneously apply catalogs and compile them on the Bolt host. The compile-concurrency option controls the concurrency of the catalog.

Hiera and Manifest Block📌

Hiera has a key-value configuration lookup system. Hiera is used to separate the puppet code from the data. You can lookup the data in Hiera using the lookup function as follows.

plan do_thing() {
  apply('localhost') {
    notice("Some data in Hiera: ${lookup('mydata')}")
  }
}

Limitations of Manifest Block🎯

Let us now discuss about some of the limitations that you must keep in mind when working with the manifest blocks.

📌Manifest blocks do not support exported resources.

📌The variables like $servername, $environment are not included in the manifest block compilation.

Puppet Log Functions in Bolt📍

This is an important concept in understanding the usage of bolt with puppet. The table below shows the mapping in puppet log level and bolt log level.

Bolt Log Level	Puppet Log Level
trace	debug
info	notice
error	err
error	alert
warn	warning

These functions are used in bolt.

Creating a Bolt Plan For IIS (Windows)⭕

1️⃣Create a directory. You will use this directory as your bolt project.

2️⃣Run the command bolt project init profiles. This will change the directory to a bolt project named ‘profiles’.

3️⃣Add the module puppetlabs-iis to bolt-project yaml under modules key which is given as follows.

modules:
  - name: puppetlabs-iis
    version_requirement: 4.3.2

4️⃣Run the bolt module install command.

Create a new puppet language bolt inside your project. Run the following command for this purpose: bolt plan new files.

5️⃣Put the following bolt plan in your project.

plan profiles(
     TargetSpec $targets,
     String $site_content = 'coding ninjas',
) {
  $targets.apply_prep
 return apply($targets, '_catch_errors' => true) {
    $iis_features = ['Web-WebServer','Web-Scripting-Tools']
    iis_feature { $iis_features:
      ensure => 'present',
    }
    iis_site {'Default Web Site':
      ensure  => absent,
      require => Iis_feature['Web-WebServer'],
    }
 iis_site { 'minimal':
      ensure          => 'started',
      physicalpath    => 'c:\\inetpub\\minimal',
      applicationpool => 'DefaultAppPool',
      require         => [
        File['minimal'],
        Iis_site['Default Web Site']
      ],
    }
file { 'minimal':
      ensure => 'directory',
      path   => 'c:\\inetpub\\minimal',
    }


    file { 'content':
      ensure  => 'file',
      path    => 'c:\\inetpub\\minimal\\index.html',
      content => $site_content,
    }
  }
}

6️⃣Run the following command on nix shell command.

bolt plan run profiles --targets winrm://mytarget.mydomain

7️⃣Open mytarget.mydomain. The page will give output  “coding ninjas”.

Moving forward in discussing the usage of a bolt with puppet, let us discuss how we can connect bolt to the puppet enterprise version.🎯

Bolt and Puppet Enterprise⭕

There is a specific set of rules to connect bolt to your enterprise version of puppet. This is known as PCP (Puppet Communications Protocol). However, this protocol is not much into use these days. These days people use PE (Puppet Enterprise) tasks and plans more. The module required for connecting bolt and puppet enterprise is bolt_shim module.The steps of connecting bolt to puppet enterprise are as follows.

1️⃣Install the bolt_shim module.

2️⃣Grant the permissions to the user role accordingly.

3️⃣Setup the configuration of bolt to connect to PuppetDb.

Configuration Of Bolt and PuppetDB🎯

The table below shows the values that you must add to puppetdb to bolt config section.

Option	Type
cacert	String
connect_timeout	Integer
read_timeout	Integer
server_urls	Array

Configuration Of Multiple PuppetDB Instances😎

Let us now discuss the usage of bolt with puppet in the case of configuring multiple PuppetDB instances. The puppetdb-instances section needs to be added to the bolt config. This section has data in the form of key-value pairs. The key stores the PuppetDB instance. The value stores the configuration of instance.

The example below shows the configuration of an instance that uses SSL authentication  and another instance using PE RBAC authentication.

Note- PE RBAC stands for Puppet Enterprise Role Based Access Control. In this type of authentication you can access the tasks as groups, individual users and nodes. It is useful when different teams are managing some permissions, nodes and list of users.

puppetdb-instances:
  instance-1:
    server_urls: ["https://instance-1.example.com:8081"]
    cacert: /etc/puppetlabs/puppet/ssl/certs/ca.pem
    cert: /etc/puppetlabs/puppet/ssl/certs/my-host.example.com.pem
    key: /etc/puppetlabs/puppet/ssl/private_keys/my-host.example.com.pem
  instance-2:
    server_urls: ["https://instance-2.example.com:8081"]
    cacert: /etc/puppetlabs/puppet/ssl/certs/ca.pem
    token: ~/.puppetlabs/token

Test Of the Configuration📌

Once you have set up the configuration, your task is to check whether everything is on point. You can do this by checking the list of all nodes in the PuppetDB.

plan pdb_test {
  return(puppetdb_query("nodes[certname] {}"))
}

Practical Usage

You can see the practical use of the configuration also. Below is an example of puppetdb_query function.

plan puppetdb_query_targets {


  # [ {"certname": "node1"}, {"certname": "node2"} ]
  $query_results = puppetdb_query("nodes[certname] {}")
  
  # since puppetdb_query() returns the JSON results from the API call, we need to transform this
  # data into Targets to use it in one of the run_*() functions.
  # extract the "certname" values, so now we have an array of hostnames
  $certnames = $query_results.map |$r| { $r['certname'] }
  
  # transform the arary of certnames into an array of Targets
  $targets = get_targets($certnames)
  
  # gather facts about all of the nodes
  run_task('facts', $targets)
}

We hope you have understood the concept of usage of bolt with puppet.🎯

Frequently Asked Questions

Is bolt open-source?

Yes, bolt is an open-source tool used for orchestration.

What language is Puppet built on?

Puppet is built using Ruby domain-specific language.

Is puppet an open-source tool?

Puppet is an open-source tool. Puppet is also available in the enterprise version.

Is there any set of rules for connecting bolt to PuppetDB?

Yes, for the connection of bolt to PuppetDB, bolt has to authenticate through the SSL client certification.

Which language is used to write bolt plans?

We use the puppet language or YAML to write the bolt plans.

Conclusion

In this blog, we have discussed about the usage of bolt with puppet. We started with the discussion of bolt and puppet in detail.The blog then discussed about applying manifests and puppet log functions. Moving further we created a bolt plan for IIS for the windows operating system. We also connected bolt and puppet enterprise versions along with setting up their configuration. Finally to understand the concept of usage of bolt with puppet better, we tested the configuration and saw its practical usage.

You can refer to other similar articles as well

• Overview of PuppetDB
• Puppet Language
• Continuous Delivery for Puppet Enterprise
• Overview of Custom Facts in Puppet
• Configuration Management 
• Configuring PuppetDB

 

Refer to our guided paths on Coding Ninjas Studio to learn more about DSA, Competitive Programming, JavaScript, System Design, etc. Enroll in our courses and refer to the mock test and problems available.

Happy Learning Ninja! 🥷