Dmitry Nikolaev - stock.adobe.co
Combine Puppet and Chocolatey to drive Windows DevOps
Through the use of Puppet and Chocolatey side by side, Windows IT professionals can use Linux-like DevOps tools to automate the deployment and configuration of their systems.
Windows has historically lagged behind Linux in package management. To address that gap, Windows admins can use the Puppet configuration management tool alongside Chocolatey.
Since a former Puppet engineer, Rob Reynolds, created the Chocolatey package manager -- with the goal of making a Windows tool that works like Yum or apt-get commands -- the integration between Puppet and Chocolatey is solid. IT admins can install and manage software with Chocolatey through Puppet.
The alternative to Chocolatey for Windows software installation via Puppet is to use MSI and EXE files directly, which increases overhead to manage the software install files. For Puppet, or another configuration management platform -- DevOps-specific or otherwise -- Chocolatey is the most adept tool and a regular choice for Windows DevOps professionals.
Set up Puppet and Chocolatey
The step to use Chocolatey with Puppet for software management is to install the Chocolatey client on the nodes. To do this, the Windows Puppet agent must already be installed. Chocolatey has two prerequisites: PowerShell, which needs to be at least at version 2, and .NET framework version 4. While there are various ways to install Chocolatey, here are the two simplest:
1. Use a PowerShell command in a Puppet manifest:
exec { 'Install-Choco':
command => 'Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((-Object System.Net.WebClient).DownloadString("https://chocolatey.org/install.ps1"))',
unless => 'if (!(choco)){exit 1}',
provider => 'powershell',
}
2. Use the include command in Puppet, which ensures that the Chocolatey software is installed on the Windows node:
node 'puppetagent-win' {
include chocolatey
}
Next, install the Chocolatey Puppet module, which enables admins to write Chocolatey code in the Puppet manifests. Use the puppet module install command:
[vagrant@puppet-test ~]$ sudo /opt/puppetlabs/bin/puppet module install puppetlabs-chocolatey --version 3.3.0
Notice: Preparing to install into /etc/puppetlabs/code/environments/production/modules ...
Notice: Downloading from https://forgeapi.puppet.com ...
Notice: Installing -- do not interrupt ...
/etc/puppetlabs/code/environments/production/modules
└─┬ puppetlabs-chocolatey (v3.3.0)
├── puppetlabs-powershell (v2.3.0)
├── puppetlabs-registry (v1.1.4)
└── puppetlabs-stdlib (v4.25.1)
Configure Chocolatey
One common Chocolatey client setting to configure is an internal source, which is a NuGet repository. Here, add to the manifest to create an additional source and set the priority value to 10, as seen below. If Chocolatey installs software without a source specified, it will always look for the package in the highest priority source and then continue down to other configured sources lower in priority. By default, Chocolatey is installed with only the community repository configured.
chocolateysource {'myrepo':
ensure => present,
location => 'https://myrepo.com/api/v2',
priority => 10,
user => 'admin',
password => 'ThisisMyPassword90',
}
With Chocolatey for Business -- an enterprise version of the tool that comes with more features than the open source and Personal editions -- Chocolatey clients can use either VirusTotal or local antivirus software to check packages being downloaded before installation. This feature is also available with Puppet; ensure that viruscheck is enabled and that the scanner type is Generic, which defaults to VirusTotal.
chocolateyfeature {'viruscheck':
ensure => enabled,
}
chocolateyconfig {'virusScannerType':
value => 'Generic',
require => Package['chocolatey.extension'],
}
Install Chocolatey packages with Puppet
Once the Chocolatey client is installed, focus on how to use Chocolatey in a Puppet manifest to install software. To start, configure Chocolatey with certain settings. For example, ensure the latest version of Firefox from an internal source myrepo:
package { 'firefox':
ensure => 'latest',
provider => 'chocolatey',
source => 'https://myrepo.com/api/v2',
}
One of Chocolatey's greatest features is how it easily maintains and installs specific versions of software. Versioning is built into Chocolatey, as any package must have a version number in its metadata. In the example below, version 3.0.7 of the package vlc is installed:
package { 'vlc':
ensure => '3.0.7',
provider => 'chocolatey',
}