Puppet on Solaris 11.2

The first public beta of Solaris 11.2 is finally available and I am very excited about this release. For some of the highlights check the Oracle Solaris blog.
There is a lot of buzz about the Openstack integration, but for now I am more interested in the integration of the automation framework Puppet. Openstack very likely has a big future and will address IT automation on its own way, but it’s a very new technology.
Puppet on the other hand is in production since many years. But according to my experience, the majority of the users use it for managing Linux systems and not Solaris. With 11.2 Oracle finally embraces Puppet and makes it a lot easier to use the framework for Solaris users.

1. Puppet is packaged and shipped with Solaris.
2. Supported through Oracle Premier support. If something is not working for you, you can file a SR at Oracle Support.
3. Oracle is working with Puppet Labs to get all improvements pushed back to the upstream project.
4. Oracle is in a unique position to improve the quality of the automation integration, because it can and does change the underlying base technologies. E.g. with the introduction of /etc/system.d you can just deploy kernel configs as puppet templates.

But frankly beside the Solaris specific advantages, the biggest advantage for me is, that you can manage Linux, Windows and Solaris with the same automation framework. That means if you already have somebody in the company with Puppet knowledge, you likely don’t need an extra engineer for the Solaris automation. I think this is huge.
Puppet supports Solaris for a long time, thanks to Puppet Labs and various Open Source contributors, but starting with 11.2 Oracle is contributing improvements and own providers for the Solaris technologies like boot environments, network virtualization, etc.
To start using Puppet you have to install it. For testing you can download the excellent Solaris 11.2 beta Virtualbox image and install the package.

# pkg install puppet

You can create a backup boot environment for very easy rollback, before you apply further automated changes with Puppet:

create-boot_environment.pp

boot_environment { 'solaris-backup':
  description => 'Solaris installation before Puppet run',
  ensure => 'present',
}

# puppet apply -v create-boot_environment.pp
Notice: Compiled catalog for sol112beta.zach.st in environment production in 0.03 seconds
Info: Applying configuration version '1400407333'
Notice: /Stage[main]/Main/Boot_environment[solaris-backup]/ensure: created
Notice: Finished catalog run in 4.60 seconds

# beadm list
BE             Active Mountpoint Space Policy Created
--             ------ ---------- ----- ------ -------
solaris        NR     /          5.85G static 2014-04-24 13:51
solaris-backup -      -          84.0K static 2014-05-18 10:02

The next Puppet manifest does the following:

1. Configures a ZFS quota of 1GB for the users home directories
2. Installs the package ‘tmux’
3. Creates a Crossbow virtual NIC ‘vnic0’

basic-config.pp

zfs { 'rpool/export':
  quota  => '1G',
}

package { 'tmux':
  ensure  => 'present',
}

vnic { 'vnic0':
  ensure  => 'present',
  lower_link  => 'net0'
}

In this examples we don’t use an own dedicated Puppet server (puppetmaster), we just use the Puppet agent with local files. Of course Puppet gives you the great simulation mode (‘–noop’) for free:

# puppet apply -v --noop basic-config.pp
Notice: Compiled catalog for sol112beta.zach.st in environment production in 0.25 seconds
Notice: /Stage[main]/Main/Zfs[rpool/export]/quota: current_value none, should be 1G (noop)
Notice: /Stage[main]/Main/Package[tmux]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Main/Vnic[vnic0]/ensure: current_value absent, should be present (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 3 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 1.99 seconds

Apply manifest to the system:

# puppet apply -v basic-config.pp
Notice: Compiled catalog for sol112beta.zach.st in environment production in 0.25 seconds
Notice: /Stage[main]/Main/Zfs[rpool/export]/quota: quota changed 'none' to '1G'
Notice: /Stage[main]/Main/Package[tmux]/ensure: created
Notice: /Stage[main]/Main/Vnic[vnic0]/ensure: created
Notice: Finished catalog run in 43.38 seconds

As you can see Puppet has applied the changes as expected:

# df -h /export/home
Filesystem             Size   Used  Available Capacity  Mounted on
rpool/export/home      1.0G    32K       1.0G     1%    /export/home

# pkg list tmux
NAME (PUBLISHER)                                  VERSION                    IFO
terminal/tmux                                     1.8-0.175.2.0.0.37.1       i--

# dladm show-vnic
LINK                OVER              SPEED  MACADDRESS        MACADDRTYPE VIDS
vnic0               net0              1000   2:8:20:71:3f:72   random      0

These are just a few examples, there are also interesting possibilities with SMF stencils and I assume not all new providers are included in the 11.2 beta yet. If you find some bugs in this beta, please report them to get them fixed in the final release.

Related:

• Building Puppet from source for other/older platforms
• Oracle blog: Puppet Configuration in Solaris
• Oracle blog: Solaris-specific Providers for Puppet