Config Management
Chapter 50: Configuration Management with Puppet/Chef
Section titled “Chapter 50: Configuration Management with Puppet/Chef”Overview
Section titled “Overview”This chapter covers Puppet and Chef configuration management tools.
50.1 Puppet Basics
Section titled “50.1 Puppet Basics”Architecture
Section titled “Architecture” Puppet Architecture+------------------------------------------------------------------+| || Puppet Master || +------------------------------------------------------------+ || | Catalog compilation | || | Manifests (.pp files) | || | Module distribution | || +------------------------------------------------------------+ || || Agent (Puppet Agent) || +------------------------------------------------------------+ || | Facter - System facts | || | Apply catalog | || | Report to master | || +------------------------------------------------------------+ || |+------------------------------------------------------------------+50.2 Puppet Manifests
Section titled “50.2 Puppet Manifests”Basic Manifest
Section titled “Basic Manifest”# Package resourcepackage { 'nginx': ensure => installed,}
# Service resourceservice { 'nginx': ensure => running, enable => true, requires => Package['nginx'],}
# File resourcefile { '/etc/nginx/nginx.conf': ensure => file, source => 'puppet:///modules/nginx/nginx.conf', require => Package['nginx'], notify => Service['nginx'],}Resource Types
Section titled “Resource Types”# Useruser { 'deploy': ensure => present, shell => '/bin/bash', home => '/home/deploy', managehome => true,}
# Groupgroup { 'developers': ensure => present,}
# Croncron { 'backup': command => '/usr/local/bin/backup.sh', hour => '2', minute => '0',}50.3 Puppet Modules
Section titled “50.3 Puppet Modules”Module Structure
Section titled “Module Structure”# ├── manifests/# │ ├── init.pp# │ ├── install.pp# │ ├── config.pp# │ └── service.pp# ├── files/# │ └── nginx.conf# └── templates/# └── nginx.conf.erbUsing Modules
Section titled “Using Modules”# Include classinclude nginx
# Declare class with parametersclass { 'nginx': version => '1.24.0',}50.4 Chef Basics
Section titled “50.4 Chef Basics”Architecture
Section titled “Architecture” Chef Architecture+------------------------------------------------------------------+| || +----------------+ +----------------+ +--------------+ || | Chef Server | <-- | Chef Client | --> | Cookbooks | || | (Central) | | (On node) | | (Recipes) | || +----------------+ +----------------+ +--------------+ || | | | || v v v || +----------------+ +----------------+ +--------------+ || | Workstation | | Ohai | | Attributes | || | (knife) | | (System facts) | | (Variables) | || +----------------+ +----------------+ +--------------+ || |+------------------------------------------------------------------+50.5 Chef Cookbooks
Section titled “50.5 Chef Cookbooks”Recipe Example
Section titled “Recipe Example”# Install packagepackage 'nginx' do action :installend
# Start serviceservice 'nginx' do action [:enable, :start]end
# Template configtemplate '/etc/nginx/nginx.conf' do source 'nginx.conf.erb' owner 'root' group 'root' mode '0644' notifies :restart, 'service[nginx]'endResources
Section titled “Resources”# Filecookbook_file '/etc/motd' do source 'motd' mode '0644'end
# Executeexecute 'update-apt' do command 'apt-get update' not_if { ::File.exist?('/var/cache/apt/initialized') }end
# Templatetemplate '/etc/app.conf' do variables( app_name: 'myapp', port: 8080 )end50.6 Chef Tools
Section titled “50.6 Chef Tools”Knife Commands
Section titled “Knife Commands”# Upload cookbookknife cookbook upload nginx
# Bootstrap nodeknife bootstrap node.example.com -x admin -P password
# Run chef-clientknife ssh 'role:web' 'sudo chef-client'
# List nodesknife node listknife node show node150.7 Comparison
Section titled “50.7 Comparison”Tools Comparison
Section titled “Tools Comparison”+------------------------------------------------------------------+| Feature | Puppet | Chef | Ansible |+----------------+---------------+--------------+----------------+| Language | DSL (.pp) | Ruby (.rb) | YAML || Agent | Required | Required | Optional || Push/Pull | Pull | Pull | Push || Learning Curve | Moderate | Steep | Easy || Enterprise | Yes | Yes | Yes || Idempotent | Yes | Yes | Yes |+------------------------------------------------------------------+Why This Matters in DevOps/SRE
Section titled “Why This Matters in DevOps/SRE”Configuration management tools are essential for IaC:
Configuration Management in DevOps/SRE+------------------------------------------------------------------+| || Tool Selection: || +----------------------------------------------------------+ || | Puppet -> Enterprise, mature | || | Chef -> Ruby-based, developer-friendly | || | Ansible -> Agentless, YAML-based | || +----------------------------------------------------------+ || || Industry Trends: || +----------------------------------------------------------+ || | Ansible gaining popularity for agentless simplicity | || | Puppet/Chef still used in enterprise | || | Cloud-native tools emerging | || +----------------------------------------------------------+ || |+------------------------------------------------------------------+Practical Impact:
- Choose right tool for your organization
- Understand trade-offs between tools
- Enable configuration management at scale
Common Mistakes & Anti-Patterns
Section titled “Common Mistakes & Anti-Patterns”1. Not Using Version Control
Section titled “1. Not Using Version Control”# WRONG: Storing configs in shared drive# No history, no rollback
# CORRECT: Use Git# Store all configs in version control# Use GitOps workflow2. Not Testing Changes
Section titled “2. Not Testing Changes”# WRONG: Applying changes directly to production# puppet apply production.pp
# CORRECT: Use testing pipeline# Development -> Staging -> Production# Use tools like Test Kitchen, serverspec3. Not Managing Secrets Properly
Section titled “3. Not Managing Secrets Properly”# WRONG: Hardcoded passwords in config files# db_password = "secret123"
# CORRECT: Use secret management# HashiCorp Vault integration# Ansible Vault, Chef VaultSummary
Section titled “Summary”In this chapter, you learned:
- ✅ Puppet architecture and manifests
- ✅ Puppet resources and modules
- ✅ Chef architecture and cookbooks
- ✅ Chef recipes and resources
- ✅ Tools comparison
Next Chapter
Section titled “Next Chapter”Chapter 50: Infrastructure as Code
Last Updated: February 2026