What are pro and cons in using puppet master vs. distribute puppet manifests with git

puppet

I've started reading about puppet and see that there are two main ways in how you distribute you puppet manifest; one is to use the puppet master and the second one is to use git to distribute them.

What are the pros and cons between the two different version. What is recommended for an environment using both windows and linux servers?

Best Answer

The two ways to distribute manifests are either using a puppet master or in a masterless configuration. They are not mutually exclusive and we use both approaches at my work.

Masterful

With the masterful setup, you have a puppet master which contains a collection of all the modules in your infrastructure. The nodes then report in (every 30 minutes by default) and request a catalog of what software should then be installed.

This model is more common. If your company has dozens or hundreds of servers, you can easily define the configuration once and it will be pushed out magically to all the nodes.

Advantages:

  • Simple, scalable distributed configuration management
  • Automatically reverts accidental changes every puppet run
  • Puppet dashboard gives realtime feedback, and reporting

Disadvantages:

  • The puppet agent doesn't scale to tens of thousands of nodes easily. (Large companies like PayPal actually use cron for their reporting)
  • If adding or removing nodes frequently, it becomes tedious to manage the certificates.

Masterless

Masterless still uses the advantages of puppet, but does so by manually calling modules. Basically just run puppet apply foo --modulepath=bar on your server. I wrote a much more detailed explanation of this model here: https://unix.stackexchange.com/questions/129318/can-we-install-puppet-without-touching-the-servers/130695#130695

Advantages:

  • Easily provision laptops, and workstations that don't need to be managed centrally
  • No need to wrangle cowboy laptops which frequently leave and enter infrastructure
  • Masterless puppet modules are about as simple as writing bash scripts, however they are more maintainable, easily made to be cross platform.
  • Still gives you the advantage of the abstraction layer that puppet provides (try writing a bash script to install packages with different names. e.g. openssl-devel on all CentOS machines, but openssl-dev on Ubuntu machines, yuck).

Disadvantages:

  • More difficult to distribute to nodes, need pulp, git or other distribution technique

I highly recommend you take a look at the following resources

Related Question