Puppet’s model-driven approach means you can compare the actual state of your infrastructure to its desired state. In simulation mode, also called no-op, you can preview any changes your code will make without any actual impact to your systems. Simulation mode is native to Puppet’s operation, so all configurations that you define within your Puppet code can always be run in a simulation mode.
Desired state conflict detection
Puppet understands the relationships between all configurations on a system, and generates a single model of your infrastructure. Using this model, Puppet can find conflicts in the desired configuration.
This means that if two different team members are writing Puppet code, Puppet will protect one person’s code from overwriting the other’s. As your automation contributors grow over time, this guarantees your systems are truly in the desired state.
Unmanaged configuration purging
Puppet understands all system configurations, whether they’re being managed by Puppet or not, and can remove configurations that aren’t being managed by Puppet. Things like erroneous firewall rules, IIS sites, packages, SSH keys, certificates and more can be purged from the system so they do not represent a security risk.
Puppet understands configuration dependencies, and handles configuration failures intelligently. If a failure occurs, Puppet will skip configurations that are dependent on the failed configuration, and continue managing configurations that have no relationship to the failure.
The orchestration capabilities in Puppet Enterprise follow the same approach. Puppet knows the relationships between the web of services on your infrastructure and can automatically determine the order of operations and concurrency when delivering a change.
Puppet has the ability to introspect a system’s existing configuration to report on current configurations, even if they’re not managed by Puppet. You can use this information to inventory all the existing packages, users, SQL Server databases, firewall rules, etc. so you can quickly know what you need to automate.
Configuration settings management
Puppet Enterprise lets you assign default infrastructure configuration settings, such as NTP servers and database credentials, based on location, virtualization platform, infrastructure environments and more. You can also build hierarchies to override default settings when needed.