chris - Fotolia

Puppet Relay links event-driven IT automation to Enterprise

Puppet's Relay event-driven automation framework ships this week, with Puppet Enterprise integration that can link cloud-native workflows with on-premises infrastructure and apps.

Puppet has expanded an appeal to traditional enterprises for its Relay event-driven workflow software with dozens of integrations into IT automation tools, including Puppet Enterprise configuration management.

The product, previewed in beta in June 2020, is based on open source utilities such as Tekton and Knative event-driven automation, as well as the Ambassador Kubernetes API gateway. It uses these tools to trigger IT workflows in response to incidents or compliance policy violations, two use cases Puppet Relay is focused on with this initial release. Relay also includes low-code and no-code interfaces to make workflow automation features accessible to non-developers.

IT pros could piece together these tools on their own using APIs, scripts and webhooks; bleeding-edge shops with advanced GitOps pipelines and immutable containerized infrastructure arguably don't need a tool such as Relay.

But for mainstream enterprises, Puppet officials assert that something needs to reliably connect the multitude of cloud-native services available and link it to traditional infrastructure.

Deepak GiridharagopalDeepak Giridharagopal

"If I've got four different vendors that I need to tie together to get a workflow done [and] I'm going it alone [with webhooks], I have to build four different services that are up 24/7 to always receive events," said Puppet CTO Deepak Giridharagopal. "Now I have four new things that I have to manage, which is sad, because I wanted to tie these things together [with automation] to manage less."

Puppet Relay uses Ambassador to give webhooks their own subdomains, so that every webhook receiver gets its own URL for reliability, according to Giridharagopal, and Knative to automatically spin up containers that receive events via those webhooks. It also wraps those components in a graphical interface to abstract the deeper details from the end user as desired.

"When we first heard about Relay in 2019, it was still called Project Nebula, and it was a fancy thing [built] around Puppet Bolt, but then [Puppet] really made a point of having [event-driven] triggers to start workflows without human intervention [in recent versions]," said Dries Dams, DevOps architect at Puppet partner Bryxx, a managed services provider in Belgium that tested Relay in beta and plans to use it in its managed services for customers.

Dries DamsDries Dams

"There probably are a lot of tools that do the same thing," Dams added. "But the main [appeal of Relay] is the ease of use … and all the different tools you can integrate."

Puppet Relay's event-driven integrations with third-party tools in the first release include cloud providers such as AWS, Google Cloud Platform and Azure; monitoring tools including Datadog; DevOps tools such as Atlassian Jira; infrastructure-as-code tools such as HashiCorp Terraform, Slack for ChatOps and PagerDuty for alerting and incident response; and more.

There probably are a lot of tools that do the same thing, but the main [appeal of Relay] is the ease of use … and all the different tools you can integrate.
Dries DamsDevOps architect, Bryxx

While Puppet officials say Relay is suitable for production use as of this release, some key features are still on the roadmap. For example, Puppet engineers are still working with Tekton maintainers upstream to add support for no-code and low-code workspaces that will preserve application states, Giridharagopal said. Integration with compliance-as-code tools such as Open Policy Agent is also planned for later releases.

Puppet Relay pulls in Puppet Enterprise

Puppet Relay is available in a Team version for $20 per user, per month that supports up to 30 active users and 500 workflows, and an Enterprise edition that also adds integration with Puppet Enterprise. Relay Enterprise pricing was not disclosed.

Puppet Enterprise was given a facelift last year with a new Kubernetes-based architecture. However, in the most highly automated container-based environments that use immutable infrastructure, updates to resources via such a configuration management tool are considered passé.

These still represent a minority of IT shops, though, and are not necessarily the target audience for Puppet Relay, according to one Gartner analyst.

"In the cloud-native space, they have been eclipsed by Terraform -- probably everybody has," said Paul Delory, an analyst at Gartner. "But most enterprise IT shops are still dealing with more than that."

In container-based environments with immutable infrastructure, a tool such as Terraform ensures congruence between the desired state of infrastructure and its actual state. When changes to that state are made, Terraform builds the infrastructure over again from scratch.

However, enterprises that aren't yet ready to embrace immutable infrastructure or have VM-based workloads may use Terraform to initially provision resources. Then they could hand off the management of configuration and updates to a tool such as Puppet Enterprise, Delory said.

"Puppet Enterprise focuses on convergence between the desired state of a system and its actual state over time," he said. "It's a declarative tool that has understanding of the state of each machine, and the Puppet language is designed to let you describe that state in detail."

Puppet Relay's integration with Puppet Enterprise will therefore differentiate the tool from container-focused competitors such as Red Hat's OpenShift with Ansible, Delory said. However, enterprises should watch for VMware to potentially create something similar using IP acquired with SaltStack, which also offers event-driven IT automation.

Puppet Relay also provides a safe, systematic means to trigger Puppet runs on an ad hoc basis, according to Bryxx's Dams. That's opposed to waiting the minimum 30 minutes for them to run regularly -- or longer, for organizations that might only trigger Puppet runs to force convergence every few hours or only once per day.

"This is important for creating self-healing infrastructure, to take action right away but with a repeatable workflow and approvals," Dams said.

Puppet Relay can also integrate with Puppet Bolt, Puppet's agentless IT automation tool, in environments not suited to agent-based management with Puppet Enterprise. It can create integration scripts using SSH, Kubernetes command-line tools such as kubectl or kubeadm, or connect to AWS CloudFormation or Terraform if users prefer those tools.

"Puppet Relay can help tie traditional environments and cloud environments together," Dams said. "Puppet Enterprise isn't the best tool available if all you have is Kubernetes and containers, but it can bridge the gap between those two worlds."

Dig Deeper on Systems automation and orchestration