Windows configuration management: packages, services and PowerShell
Editor’s note: This is one in a series of posts about using Puppet to automate your Windows servers. For a deep dive into managing Windows with Puppet, check out our white paper, Managing Windows with Puppet Enterprise.
Installing software and managing services across multiple Windows machines can be a nightmare — if done manually. Thankfully, Puppet can automatically install and update Windows software and ensure services are configured correctly across multiple machines in your infrastructure.
There are two ways to automatically install Windows applications using Puppet. You can run a simple install through Puppet or have Puppet use Chocolatey, a highly customizable Windows installation tool. In this example we’ll have Puppet install some software using Chocolatey.
The process is simple and can be done through the Puppet dashboard, an easy-to-learn GUI. In this example, we’ve already set up a group of Windows servers with Puppet agents installed, and we've installed and configured Chocolatey to learn all about Puppet and Chocolatey). First, launch Puppet and create a group for your Windows servers. Groups define the requirements for server membership and in this instance we’ll choose Windows machines. Next, we'll use some facts to filter out the machines we don't need. I'll use osfamily = windows in order to make sure all of my Windows nodes receive the classification that I'm going to apply.
Once we’ve selected the type of machines we’ll be addressing, we can apply a class to them that will tell Puppet to run the software installation. We’re using the Chocolatey class, which defines our software installation. Once we apply that class to the machines in our group, we can trigger a Puppet run and our software will be installed silently in the background.
With Windows you usually run a simple command from PowerShell or the command line when you're trying to apply these package changes. Puppet, however, lets you specify and bundle all the packages that you would like to see in your Windows system. In this case we're actually going to be managing Notepad++, Firefox, Google Chrome and a plugin.
Let’s look at the Puppet code behind the Chocolatey class to see how it works:
The Puppet code specifies the Chocolatey package. If you need to change any of it, you only do it once in Puppet and the changes will be applied across your entire infrastructure when Puppet runs.
Monitoring and managing services can be tedious in a large Windows environment. With Puppet, you can interrogate systems to see how resources are being used and managed. In this example we’ll examine the automatic update service, called wuauserv in Puppet.
Currently the service is stopped, but that can easily be changed in the Puppet code. It’s just a simple matter of changing the enabled parameter to
When we run Puppet, the change will be made on one machine in our group, however the number of machines doesn’t matter — the same code can be used to update 1,000 machines or more.
WSUS and Puppet
Puppet can easily manage patching and hot fixes in a Windows environment. This diagram shows how you can use Puppet to move a patch from development to testing to production.
And this is the sample code:
With Puppet you can schedule the install date and the time to avoid interruptions or disruptions to the flow of your business.
Want more details on managing Windows systems with Puppet? We've got a white paper for that: Managing Windows with Puppet Enterprise.
Grace Andrews is a technical solutions engineer at Puppet.