The fastest-growing segment of Puppet users is companies who utilize Puppet agent to manage their Windows nodes. Puppet brings a configuration management toolset (and mindset) to Windows administration far beyond the tools provided by Microsoft. The Windows admins I have met who have become Puppet users cannot imagine how they would do without it now.
Puppet on Windows with the Puppet Labs Supported modules provides the ability to:
Everything you’ve already learned about Puppet applies to Puppet on Windows. For the remainder of this chapter, we’ll review the differences between Windows and Linux nodes.
If you want to build a Windows virtual machine for testing against the Puppet Server virtual machine used in this book, follow the steps outlined in the following sections.
To create a Windows virtual machine, start the VirtualBox Manager program as follows (see Figure 28-1):
Create a new virtual machine as follows:
Now attach an internal network interface used to communicate with the Puppet server as follows (see Figure 28-2):
Acquire an ISO image of the Windows version you would like to install. Windows 10 ISOs can be found on Microsoft’s site at “Download Windows 10 Disc Image”.
Now make the Windows installation media ISO image available as a mounted drive as follows (see Figure 28-3):
The Windows Installer will start automatically. Install Windows as you normally do.
After Windows has been installed and running, you will need to configure the IP address of the internal network interface. Open Network Connections in one of the many ways that Windows provides. In Windows 10, you would do as follows (see Figure 28-4):
The internal network interface will likely be named Ethernet 2. You may want to rename this for convenience.
Now configure this interface to have an IP on the same network as the Puppet server by performing the following steps (see Figure 28-5):
On this interface, we configure only a unique IP on the same network as the Puppet server. All other fields are blank as DNS and routing will happen on the primary interface.
Download the Puppet agent for Windows from “Open Source Puppet” on the Puppet Labs site:
puppet.example.com
when using the Vagrant instances (or the name of your server if you called it something else).You can also install Puppet noninteractively with the same installer:
C:
>
msiexec
/qn
/norestart
/i
puppet-latest.msi
PUPPET_MASTER_SERVER
=
puppet.example.com
You can find a list of all the MSI exec properties at “Installing Puppet: MSI Properties” on the Puppet docs site.
On Windows the Puppet configuration file can be found at C:ProgramDataPuppetLabspuppetetcpuppet.conf. This file contains the same configuration settings in the same format as on Linux, but paths with spaces in them must be quoted.
Check the puppet.conf file to ensure it contains the following:
[
agent
]
server
=
puppet
.
example
.
com
The file as installed by default should work as well. Just ensure that the server name is correct:
[
main
]
server
=
puppet
.
example
.
com
pluginsync
=
true
autoflush
=
true
environment
=
production
Then edit the hosts file at C:WindowsSystem32driversetchosts to add an entry for the Puppet server. You can do this from an administrator Command Prompt with the following commands:
C:
>
set
hostspath
=
%windir%
S
ystem32
d
rivers
e
tc
h
osts
C:
>
echo
192.168.250.6
puppet.example.com
>>
%hostspath%
The Puppet installer creates a folder in the Start menu with shortcuts to Puppet documentation, and direct invocation of many Puppet commands, including Facter
and Puppet Agent
(see Figure 28-7). Each of these will request elevated privileges in order to run.
After installation, when you start Command Prompt or PowerShell, you’ll find the Puppet command in your PATH
by default. Running Puppet commands with or without elevated privileges behaves exactly the same as running Puppet commands on Linux with or without sudo
.
The menu option “Start Command Prompt with Puppet” initializes a command prompt with many Puppet installation directories in the PATH
. Furthermore, the environment will contain the necessary settings for using Ruby gem
and related commands. Start this command prompt and run set
by itself to see the values for:
FACTER_DIR
FACTER_env_windows_installdir
HIERA_DIR
MCOLLECTIVE_DIR
PL_BASEDIR
PUPPET_DIR
RUBYLIB
SSL_CERT_DIR
SSL_CERT_FILE
Every command shown in this chapter will need to be run with administrator privileges. The best way to execute these commands is to right-click on “Start Command Prompt with Puppet” and select “Run as administrator,” as shown in Figure 28-8.
The alternative is to preface each command with the following: runas /noprofile/user:Administrator
, which is the Windows equivalent of sudo
.
The Puppet agent must run with elevated privileges. You can select one of two Start menu items:
Either one needs to be started by right-clicking and choosing “Run as administrator.”
Use the following commands to stop, start, and query the Puppet service on Windows:
C:
>
sc
stop
puppet
C:
>
sc
start
puppet
C:
>
sc
query
puppet
You can configure the service to start at boot or run only on demand. Choose the appropriate command:
C:
>
sc
config
puppet
start
=
disabled
C:
>
sc
config
puppet
start
=
auto
C:
>
sc
config
puppet
start
=
demand
To run the Puppet service with debug output, use the following command arguments:
C:
>
sc
stop
puppet
C:
>
sc
start
puppet
--debug
--logdest
eventlog
You’ll find detailed Puppet debugging in the Windows Event Viewer.
You can find more suggestions for debugging at “Troubleshooting Puppet on Windows” on the Puppet docs site.
For most things, writing Puppet manifests for Windows hosts is identical to writing them for Linux hosts, with some fairly straightforward exceptions:
flat
filetype can handle this translation for you.)You can find the latest tips for writing manifests for Windows hosts on the Puppet docs site at “Puppet on Windows: Writing Manifests”.
There is a combined package of the Puppet Forge’s best Windows modules available in the puppetlabs/windows collection on the Puppet Forge.
A few of my personal favorites on the Puppet Forge above and beyond this collection are:
You can find other modules that support Windows by performing a Puppet Forge search filtered with Operating System = Windows.
When you attempt to use Puppet to upgrade a package on Windows, you’ll get an unexpected result:
Failed to apply catalog: Parameter ensure failed on Package[
thing]
: Provider must have features'upgradeable'
toset
'ensure'
to'latest'
That’s right—the built-in package management in Windows doesn’t allow for upgrades of packages.
You might be wishing you had the Yum or Apt package managers on Windows right about now. The good news that something similar exists, and has been used successfully at thousands of sites. The Chocolatey package manager provides an API for automated installation and removal of packages:
[Chocolatey] was designed to be a decentralized framework for quickly installing applications and tools that you need. It is built on the NuGet infrastructure currently using PowerShell as its focus for delivering packages from the distros to your door, err computer.
The Puppet module to use Chocolatey can be found at chocolatey/chocolatey on the Puppet Forge.
Adding your Windows servers to Puppet will give you consistent management of Windows resources in a way that you’d never believe if I tried to describe it to you.
In many organizations, this creates social dynamic changes that were hard to imagine a decade ago. It will break down the door between your Linux and Windows support teams, allowing each to benefit from the knowledge and experience of the other. Be prepared to embrace this opportunity.