homeblogdocker image build orchestration corrective change reporting puppet enterprise 2016 4

Docker image build, orchestration updates & corrective change reporting in Puppet Enterprise 2016.4

I’m excited to get our latest product release out the door and in your hands today. The new Puppet Enterprise 2016.4 gives you the power to use automation as the bridge to your future, whether that's moving to the cloud or adopting containers in production.

In this release, you’ll find new change reporting and orchestration enhancements that make it easy to drive change with confidence. You'll also find new ways of building and deploying Docker to give you a standard way to automate delivery and operation of all your software.

Here's a rundown of what's new.

Build and deploy services in Docker containers

Today we're shipping the next advancement from Project Blueshift, which builds tools to help you rapidly adopt emerging technologies. Puppet Docker Image Build automates the container build process to help you define, build and deploy containers into production environments. This new set of capabilities adds to our existing support for installing and managing container infrastructure, including Docker, Kubernetes, Mesos, among others.

With Puppet Docker Image Build, you’ll get a familiar, predictable way to define and deploy the services you want to run in Docker containers. Puppet’s domain-specific language (DSL) supports powerful ways of reusing application configurations, regardless of the underlying infrastructure they run on.

Because Puppet gives you a straightforward way to move your existing services to containers without needing to redefine those services, you can now quickly deploy containers in production environments.

Segment infrastructure and orchestrate phased deployments

We've heard from you that the ability to roll out changes incrementally is important to reduce risk in your deployment process. Making changes in small batches allows proactive status monitoring, and lets you drive your software updates more intelligently.


In this release, we’ve made enhancements to the Puppet Orchestrator to let you run phased deployments of change by targeting specific portions of your infrastructure and applications for updates. You can now segment your infrastructure and applications based on any facts stored in PuppetDB — for example, location, environment, configuration resources applied, and resource events — and deploy changes only to those targeted segments.

Using the Puppet Orchestrator, you can now do things like:

  • Deploy only specific services of an application in a coordinated rollout. For example, you can target just the database service, or just the web server or load balancer.
  • Target an isolated location for a deployment. You could deploy a change to your development environment only in your European data center, for example, without affecting the rest of your infrastructure.
  • Isolate a Puppet run to nodes that have recently failed. For example, if a Puppet run completes and some configurations failed to apply on a set of nodes, you could deploy an update just to the nodes with recently failed configurations.
  • Roll out a change only to machines that are running specific packages, services or other managed resources.

Visualize intended vs. corrective changes

Without automation solutions like Puppet, changes that take place across the infrastructure and applications are often a black box for IT teams. We don’t think it should be this way. With this release, we’ve added new corrective change reporting within the Puppet Enterprise web UI to give you detailed visibility into the causes of change across your infrastructure.

New reporting identifies intentional changes you’ve made in your Puppet code, versus unexpected changes that Puppet corrects back to your desired state. With this information, it’s easy to determine whether changes occurring across your infrastructure were planned or were the result of drift from your desired state. This will help you troubleshoot faster, reduce mean time to recover, ensure changes are taking place within Puppet, and quickly alert security teams when needed.


Integrate with vRealize Automation

When we get out and talk to organizations considering a move to Puppet, we often hear of development and operations teams operating in silos. The result is poor communication and incomplete handoffs when requesting infrastructure and deploying applications. Many of our customers are also seeing their developers demand self-service processes so they can request and be provisioned with a fully configured set of infrastructure on demand.

That’s why we’ve worked with VMware to build a new vRealize Automation plugin for Puppet. This plugin accelerates the delivery and operation of infrastructure throughout its lifecycle by giving you a fully automated self-service provisioning workflow that uses vRealize and Puppet Enterprise.

This integration lets you create blueprint templates for your virtual machines, using the intuitive graphical user interface in vRealize, and then trigger Puppet Enterprise to configure your virtual machines and continually enforce your desired state. We want to make it possible for you to instantly deliver fully configured VMs to developers who request virtual infrastructure, and this new integration makes it possible.

The new Puppet plugin for vRealize Automation will be available next month. Stay tuned.


Integrate with Jenkins

We’ve teamed up with CloudBees to roll out a new Jenkins integration for Puppet Enterprise. This new integration enables you to build continuous delivery pipelines in Jenkins and use Puppet Enterprise to orchestrate all your application and infrastructure deployment tasks. As a result, you can start integrating Puppet into your continuous delivery pipelines without modifying any operating system in the Jenkins infrastructure. Just install the Puppet Enterprise Pipeline plugin, and you’re good to go.

This integration will help lay the foundation for your DevOps practice by giving you a fully integrated toolchain that includes infrastructure and deployment automation, continuous integration, version control and monitoring. Puppet already integrates with a range of technologies, such as Git, Splunk and others, to enable agile IT practices and integrated DevOps workflows. Our integration with Jenkins further enables you to rapidly scale your DevOps practice.


Automate additional resources in Microsoft Azure

We’re also introducing updates to our Microsoft Azure supported module, to increase the types and breadth of resources you can provision in Azure, using Puppet. You’ll find new support for Resource Manager Templates, Storage Accounts, plus VM improvements for private IP addresses, disks, extensions, and custom data. The new Azure module will be released next month on the Puppet Forge.

Work faster from Windows and Mac workstations

We’ve rolled out new command line tools to manage your Puppet infrastructure directly from your Windows or Mac OS X workstation without needing to SSH into other servers first. Now you can use the workstation you’re most comfortable with to direct changes to infrastructure and applications via Puppet.

Report on status of changes in simulation mode


One of the great things about Puppet is our simulation mode (using the no-op flag), which lets you do a test flight of proposed infrastructure changes before they happen, so you can deploy more confidently. With this release, you can now gain deeper insight into the impact of proposed changes for your next Puppet run, with detailed performance reporting from simulation mode runs of Puppet. This makes it easier to understand where runs are likely to fail in enforcement, so you can refactor your code and ensure higher change success rates.

Visualize your node group hierarchy

Historically, classifying nodes in Puppet Enterprise would show a flat list sorted by group name, making it difficult to understand the complete hierarchical structure of how node groups relate to each other. With this release, we’ve improved the node classifier to help you confirm that the hierarchical structure of your node groups has been set up accurately, and ensure that class inheritance works as intended. This makes it easier to understand how node groups relate to each other, and how class inheritance flows through the groups.


Redact sensitive data in Puppet

When entering sensitive configuration data in Hiera, we know it’s important to have assurance that sensitive data such as passwords are not visible as plain text. With this release, you can hide or redact sensitive data from PuppetDB, logs and change reports to increase security.

We're excited to make this release available to you today, and look forward to seeing you get started.

Jamie Hull is vice president of product at Puppet.

Learn more