Using Puppet and DSC to Report on Environment Change

Using Puppet and DSC to Report on Environment Change

You already have Puppet and PowerShell DSC working together on your systems at your company. Puppet made it easy to plug in DSC to handle special circumstances while Puppet handled the rest of the configuration management on your servers, no matter the platform. However, you want to get the most out of your investment in time and effort by tracking change in your environment. DSC by itself offers little historical information on what changes were done in your environment, but Puppet can show change across your entire environment. This talk will setup an environment using Puppet and DSC and show how the Puppet console will track and report on change that has occured in your environment, both from your configuration management files and from outside users. Then it will show how Puppet ensures the proper state is kept on your servers.

A26b90499b6fa8de10ddd86a00a5dfe6?s=128

James Pogran

October 11, 2017
Tweet

Transcript

  1. Using Puppet and DSC to Report on Environment Change James

    Pogran Senior Software Engineer - Windows Puppet
  2. > Get-Agenda • Importance of Change Reporting • How DSC

    does Change Reporting • How Puppet improves Change Reporting
  3. > whoami • At Puppet for over 2 years •

    Puppet Modules • Core Agent and Installer • PDK • Puppet VS Code extension
  4. > whoami • http://jamespogran.com • @ender2025

  5. Change Reporting

  6. Change Reporting Why is it important?

  7. None
  8. Change Reporting Knowledge is power

  9. More frequent Code deployments 46x That’s the difference between multiple

    times per day and once a week or less. Faster lead time from commit to deploy 440x That’s the difference between less than an hour and more than a week.
  10. 96x faster mean time to recover from downtime That means

    high performers recover in less than an hour instead of several days. 5x lower change failure rate That means high performers’ changes fail 7.5% of the time instead of 38.5%.
  11. Change Reporting Time spent looking is time wasted

  12. Change Reporting It should be automatic

  13. Change Reporting It needs to be recorded

  14. Those who cannot remember the past are condemned to repeat

    it. - George Santayana
  15. DSC Change Reporting

  16. PowerShell DSC A primer

  17. PowerShell DSC Primer 1. DSC Configurations 2. DSC Resources 3.

    Local Configuration Manager (LCM)
  18. None
  19. None
  20. None
  21. DSC Deployment Modes DSC Push Mode • One time execution

    of DSC Configurations • Does not distribute DSC Resources • Does not store results from DSC execution
  22. DSC Deployment Modes DSC Push Mode • One time execution

    of DSC Configurations • Does not distribute DSC Resources • Does not store results from DSC execution DSC Pull Server • Stores and executes DSC Configurations • Distributes DSC Resources • Maintains registry of nodes • Stores data from each DSC execution
  23. DSC Change Event Types

  24. DSC Change Event Types

  25. PowerShell DSC Ok, really, how do we get the change

    data?
  26. Getting DSC Change Events • Query change events using REST

    API • Use any script/command capable of web calls • PowerShell to the rescue! Maybe…
  27. Demo Getting DSC Change Events

  28. Puppet Change Reporting Puppet & DSC Together

  29. Puppet A Primer

  30. Puppet Primer 1. Puppet Manifests 2. Puppet Modules 3. Puppet

    Agent
  31. None
  32. None
  33. Puppet Enterprise Deployment Modes • Stores and distributes manifests, modules

    and files • Maintains a registry of nodes • Stores data from each Puppet execution
  34. Puppet Change Event Types • Failure • Corrective Change •

    Intentional Change • Corrective no-op • Intentional no-op • Skip
  35. Puppet Change Event Types • Failure • Corrective Change •

    Intentional Change • Corrective no-op • Intentional no-op • Skip
  36. Puppet Property based change events

  37. View Puppet Change Events • PE Console to view results

    • Visual representation of target node status • Detailed information on change status
  38. Puppet Change Reporting • Entire environment at a glance

  39. Puppet Change Reporting • Event summary

  40. Puppet Change Reporting • Granular filtering

  41. Demo Puppet & DSC together

  42. > Get-Summary Puppet provides • A single way to view

    change events across all nodes without manual effort • Reports for most use cases built in • Queryable API provides customized reporting • Information collated for you without have to do extra configuration
  43. > Get-Help -full • Code available at https://github.com/jpogran/presentations/puppetconf/puppetconf2017 • Beginners

    guide to install PE: https://puppet.com/blog/how-get-started-puppet-beginners- guide • Windows on the Puppet blog: https://puppet.com/blog-tags/windows • Glenn Sarti – How to Not Freak out When you Start Writing Puppet Modules for Windows https://youtu.be/9A2-_nPrqfs
  44. Questions? Thanks for listening!

  45. None