Try Puppet Discovery to see what’s running on prem & in the cloud
Editor's note: As of 29 May 2019, we've sunsetted Puppet Discovery. Check out Puppet Remediate.
Back when applications ran only on physical servers and physical servers lived only in on-site data centers, it wasn’t terribly difficult to understand what you had running and where. If you were like most, your physical machines had names – practical or otherwise – that let everyone know which served up what.
Today, that’s hardly the case with the proliferation of virtualization, containers and cloud-based hosting. The challenge is how to keep track of all that stuff, get some insights and not spend all day doing it.
My home lab is a microcosm of this challenge, and it’s suffering from a bit of sprawl itself. So when Puppet announced a tech preview for a new product called Puppet Discovery, I figured my lab was a good place to put it through its paces.
In my home lab, I’m running half a dozen VMs and Linux containers on a ProxMox host, a handful of physical Linux boxes, an off-site VPS hosted by Virmach, an AWS instance and a Google Compute Engine instance. Puppet Discovery can run on a laptop or workstation, so I set it up on my Mac Mini. You can run it on Windows and Linux, too.
I recognized up front that Puppet Discovery, as a free tech preview, is not yet a fully baked product, so I expected a few wrinkles. However, the tool is stable and gets automatic updates from Puppet, so I was really only limited by the active features, which are still powerful.
The preferred way to run Discovery is on a network with a domain, but I deployed mine without that. Discovery really only needs to be able to access your target machines – on- and off-site – via an IP address (or domain name). For Linux machines, you use a shared SSH. On Windows machines, you use your WinRM credential. For AWS instances, you connect with your instance keys. The tech preview doesn’t yet support GCE natively, but if you can ping a server, Discovery can probably connect to it.
If you have a domain in your test environment, great. That’ll make it easier to experiment with some of Discovery’s advanced features, particularly Windows hosts. Speaking of Windows, if you haven’t already enabled WinRM on them, you’ll need to do that.
The specs for your Discovery host are light: Puppet recommends 20 GB of storage, 4 GB of memory and 2 CPUs, and you’ll need to install Docker. Discovery uses Docker to deploy a small Kubernetes cluster, which makes it easy to install, uninstall and reinstall it without leaving anything behind.
The installation process for Puppet Discovery is simple and straightforward. For example, on a Mac or Linux box, just run this command in a terminal:
Full instructions for all supported platforms can be found here. It took a little over five minutes to install on my 2011 Mac Mini, and starting Discovery and auto-launching its browser-based interface took another three minutes.
Note that there is nothing to install on your target source machines, and they can be just about any flavor of OS, including CentOS, Debian, Red Hat, SUSE, Windows and Ubuntu. Puppet Discovery uses SSH, WinRM or AWS’s API (via your AWS credentials) to do its thing. It therefore leaves all your machines untouched.
When Discovery starts, it immediately asks you to set up a source – what it calls a host you want to connect to and forage – and then asks you to add credentials. A source is anything you can reach with an IP address or domain name, or an AWS account.
You can always add more sources and credentials by using the “Act” button on the main dashboard, but adding one source and one set of credentials will get you started. Keep in mind that if you’ve used the same user@ssh key for all your Linux hosts, you’ll only need to add a single credential for all of them. Same goes for WinRM if you’ve standardized an Administrator credential on all your Windows hosts.
If you’re connecting to a Linux machine, be sure to have previously copied your Discovery host’s SSH key to that machine. For example:
In this example, the 192.168.1.50 is the remote host, or source machine.
For Windows source machines, be sure you’ve enabled WinRM:
If you’re not using a domain, you may need to relax the rules to allow basic, unencrypted connections on your Windows hosts:
Once added, Puppet Discovery will automatically start foraging your source machines and show you everything it finds. It will automatically forage every 30 minutes, looking for new source hosts and any changes that have happened on your existing source targets.
This is really where the fun happens, with the dashboard showing you the number of servers, unique packages, Docker hosts, containers, on-premises vs. public, and even database and web servers. Since it’s engineered by Puppet, the dashboard also shows you how many of your source machines have Puppet agents installed and are actively under management. If you want to bring unmanaged source machines under management, Discovery lets you easily select the hosts, enter the path to your Puppet master (i.e., puppet.example.com) and it takes care of it.
As you click on the various dashboard tiles, you’re able to drill down into all sorts of host data, including system facts, users and packages.
Since Discovery also can forage Docker hosts and identify containers on them, I installed Docker on a physical Linux box and created three containers, two running plain Ubuntu 16.04 and one Redis. Discovery properly identified the Linux box as a Docker host and found the containers, offering up facts and installed packages for each.
Discovery also gives you a view of all your unique packages, and my small set-up with just six connected source machines revealed 4,352 packages, including 2,669 unique ones. When I clicked on the Packages tile to drill into that information, I searched for “apt” and found I was running three different versions! Doing the same for other packages was similarly revealing.
At its core, Puppet Discovery lets you examine your infrastructure no matter where it lives, on premises or in the cloud. Even in the technical preview version, you’ll be able to take deep dives into all your stuff with very little effort, and without having to install agents. If you’re looking for new ways to get a handle on the sprawling universe that’s the new reality for your IT infrastructure, it’s worth exploring. And if you’re pondering automation or you’re ready to ramp up, it’ll give you some real, usable metrics to help you prove your case.