Sergey Nivens - Fotolia
Use Puppet Bolt to simplify configuration management
Bolt, Puppet's cross-platform automation tool, is designed to minimize the learning curve for ops teams, but users still need to grasp its primary commands and elements.
To manage hundreds or thousands of servers can be a time-consuming and -- until recently -- error-prone task for IT operations admins.
Configuration management tools, such as Puppet, Chef and Ansible, address this challenge. These tools manage server configurations in code, which makes server management and deployment -- as well as application deployment -- more efficient. The challenge, however, is that these tools introduce a learning curve for operations teams.
Puppet Bolt, an open source tool from Puppet, attempts to make the on-ramp to configuration management in code -- and DevOps -- a bit easier. Puppet Bolt is a cross-platform automation tool that provides a centralized command-line interface to perform remote tasks and execute orchestration, regardless of whether the local or remote OS is Windows or Linux. This is a big difference compared to the Puppet configuration management tool itself, which requires the master server to run Linux. However, while Bolt supports Windows, it does seem to be built primarily with Linux management in mind.
To connect to Windows, admins write commands and scripts and run them on multiple servers at once with Bolt via Windows Remote Management (WinRM), while Secure Socket Shell is used for Linux. Bolt supports a range of languages, including Bash, PowerShell and Python. The tool requires no agents on its nodes or a centralized server.
While Bolt is designed to be easy to use, it's still helpful for users to grasp its key commands and concepts, such as tasks, plans and inventory files.
Run Bolt commands
At its most basic level, Bolt runs just one command remotely on a system. Here, we run the command Get-Service Netlogon from one Windows system on another. One caveat with Bolt is that the username and password must be sent as parameters with the command to run remotely on Windows with WinRM.
To make this a bit more secure, use a PowerShell credential object for the password:
This Bolt command returned an output that shows the Netlogon service is running. The object returned, however, is not the same as it would be if we ran the same command from within PowerShell without Bolt; in the context of PowerShell, it is just a string. This is another caveat of using Bolt, as PowerShell users prefer to get back objects that enable additional manipulation -- in this case, the ServiceController type.
For Windows-only shops, PowerShell remoting might be a better option for this reason.
Use tasks and plans
Puppet Bolt also offers tasks and plans. Tasks carry out a single action and provide a more reusable and efficient way to make changes to infrastructure devices, such as restarting a service. Plans are multiple tasks that can combine with additional logic to complete more complex actions.
Like other scripts, admins can write tasks and plans in multiple languages -- such as Bash, Python and PowerShell -- and Bolt also provides prewritten tasks and plans.
Below is a task for Windows, which, in this example, starts the Netlogon service.
Admins can write plans in the Puppet programming language, in addition to YAML. Users familiar with Puppet can pair Bolt plans with the Puppet Enterprise orchestrator for more advanced automation and management features.
Set up inventory files
To manage multiple systems -- a requirement in most IT organizations -- Bolt uses simple text files or inventory files written in YAML. YAML provides a way to group together similar systems, such as web servers, to improve task organization.
Here is an example that has the group name web_nodes with nodes web1 and web2:
groups:
- name: web_nodes
nodes:
- web1
- web2
- notweb
In the example below, we run Bolt with an inventory file and use a wildcard to run this command on only nodes that start with web:
PS C:\> bolt command run 'Stop-Process TestProcess' --nodes winrm://Test1 –user dan --password '$PassW0rd54 --nodes 'web*'
