In 2013 we published two Q&A blogs titled Top Questions on Puppet and Windows. A lot has changed at Puppet since then — we've evolved from a single-product company to having a portfolio of products, and have introduced orchestration, agentless and task-oriented automation capabilities.
For the most part, interacting with Puppet is the same regardless of your operating system. There are some differences in the way that you interact with Puppet and which products you may integrate Puppet with, but in short, agent components can be installed on Windows machines and you can manage those machines either with your Linux master, or using a containerized Puppet server running on a Windows machine.
Whether you are a current customer looking to expand across your Windows estate, or thinking of deploying Puppet across your infrastructure for the first time, we hope this blog post — based on real-world customer questions and problems — can help answer some of the questions you may have.
Q1: Does Puppet run on Windows?
A: Yes — and just as well as it runs on Linux! Puppet Enterprise (PE) introduced Windows support in 2011, and we have been developing and expanding our Windows capabilities ever since.
Q2: Can the Puppet master be installed on a Windows machine?
A: The Puppet master cannot be installed on a traditional Windows machine, but you can run it in a container on a Windows machine. We currently do this in our internal acceptance testing for open source Puppet — we spin up the full composed Windows stack in Azure and connect the agent containers. Everything then exists in Docker Hub, including Puppet Server, r10k and PuppetDB. This project is called Pupperware, and you are welcome to try it. We will ship a supported version early this year which will include the full PE stack. Stay tuned!
Q3: If I’m managing Puppet from my Windows machine, which training should I take?
A: We have a new Getting Started with Puppet class, where you choose whether you want to take the class on a Windows or Linux machine. If you opt for Windows, the course provides Visual Studio Code and Puppet Development Kit (PDK) tooling for you to work with, and we have Windows examples for every exercise. Several members of our Windows development team have taken this course.
We also have a free half-day Puppet Bolt workshop on 24 January 2019 in our London office, where will will show you how you can get started with infrastructure automation. If you’re interested in joining, contact your local Puppet sales agent.
Q4: Does Puppet complement or compete with SCCM on Windows? Why would I need Puppet if I already use SCCM?
A: In some respects they are competing, and in others they are complementary. There are two parts to this answer:
- Puppet and SCCM can work better together. SCCM is widely used for patch management, and you can then bring Puppet in for everything else, including software deployment and idempotent configuration management/orchestration.
- Puppet can be used instead of SCCM for managing Windows Server systems. Puppet can perform most of the tasks that SCCM can, and can combine with WSUS to manage patches (see Q6). Additionally, while SCCM can natively manage all of your Windows systems, Microsoft is deprecating it’s Linux/UNIX support in SCCM in 2019. If you have both Windows and Linux in your infrastructure, Puppet Enterprise can help you manage both systems.
Whatever your use case, we like to meet you where you are at. The key problems we encounter with SCCM are when it hasn't been maintained, and you end up with generations of SCCM scripts in various implementation languages that become unwieldy and unmaintable. This can be a massive overhead to manage and a problematic service to integrate with Puppet’s declarative model. Replacing this with Puppet can help bring these under control. Alternatively, a well managed SCCM is a great tool for Puppet to leverage and complement. Overall, Puppet delivers a wealth of already-automated capabilities to bring Windows server infrastructure under control, fast, with the added benefit of our large community around it.
Q5: Why would I need Puppet if I already use PowerShell DSC?
A: Like Microsoft, we also believe that a declarative language is highly advantageous — it is both repeatable and consumable. Puppet shares these same qualities. Using DSC alongside our supported modules dsc and dsc_lite provide the mechanism to execute DSC and the capability to easily write, deploy, run and centrally report on DSC, so together it is a powerful tool.
In addition, Puppet provides you with the mechanism to encapsulate DSC in a reusable language providing that automated deployment and application at scale. It also comes with the ability to report and track changes, which enhances what DSC already gives you.
Q6: How can I use Puppet to automate Windows patching?
A: With Puppet, you can manage patch baselines directly in WSUS. Our WSUS client module can configure your machines and receive updates, and then you can use Tasks and Plans to orchestrate the patching execution. To attach Puppet to a Windows box running WSUS, install the Puppet agent using native PowerShell commands from a Puppet master as a source repository or as a native package using Chocolatey. To get started with the WSUS module, see our WSUS client module blog post, written by one of our customers.
Q7: How does Puppet compare to other configuration management tools for Windows?
A: At Puppet, the Windows agent, the Windows Remote Management protocol, and core resources are first class citizens in terms of development and support. All our core features work and we are always looking for opportunities to update, extend and improve. We also integrate with key technologies such as the Windows DSC, and Windows applications and tools such as SQL Server, Chocolatey and Visual Studio Code. Forrester recently named us a leader for configuration management software for infrastructure automation.
Q8: How can I use Puppet to install and manage applications on Windows?
A: In the same way that you manage any other operating system. Puppet is agnostic to the platform and supports Windows fully with the same code that you use on Linux or any cloud platform. We natively support EXE and MSI-based software packages and also have a provider for Chocolatey to manage packages. Package Inspector in Puppet Enterprise also natively works with the software in ‘Add/Remove Programs'. For more information on the packages that you can manage, see our packages documentation.
Q9: Which Windows apps/services/resources are directly supported to manage with Puppet? (E.g. IIS, SQL, etc.)
A: We support many with our modules. See here for a list of our supported Windows modules. To get started, we recommend trying our Puppet on Windows module pack. There are also many community maintained modules for managing a huge variety of software packages, like this one for VSCode.
Q10: Can I discover my (unmanaged) Windows infrastructure using Puppet?
A: Yes! If you’re unsure whether you have visibility of your entire infrastructure, we have a product that can help you discover everything in your data center(s) and cloud(s). Using Puppet Discovery, you can discover all Windows (and Linux) hosts, including host attributes, and the packages, services, users, groups and containers running on each host.
Q11: Can I build and deploy my own custom software on Windows with Puppet?
Q12: What orchestration capabilities does Puppet have?
A: Puppet Bolt and Plans provide a workflow orchestration that can be used stand-alone, and in Puppet Enterprise with the PE orchestrator service, enabling API-driven orchestration. We can orchestrate this automation against anything, including SSH, native cloud APIs, Windows remote management and PE Task Management. To get started, we recommend giving our step-by-step Bolt lab a try.
Q13: Can I get the status of the installation programmatically from Puppet?
A: Yes — use the Puppet API provided by the PE console service to query the state of Puppet runs, and then use the package inventory to query the packages on the hosts. All other resources can be executed through Puppet Tasks and Plans to return ad hoc data outside of the Puppet catalog, classified for the nodes in question. PuppetDB provides the completed data.
We hope this has helped answer some of your questions. If you don’t see yours here, please request it in a ticket and I’ll add it to this blog post.
Overall, Puppet runs just as well on Windows as it does on Linux, but we’ll let you see for yourself. Install open source Puppet Bolt or give our free full-featured Puppet Enterprise instance a try on up to 10 nodes, and start automating today!