In an era where new servers can be deployed in seconds, infrastructure automation is essential for managing dynamic, modern IT environments. Manual approaches simply cannot provide the reliability, scalability, and efficiency demanded by today‘s infrastructure.
That‘s why tools like Puppet Bolt are rapidly being adopted by forward-thinking sysadmins. Bolt enables you to effortlessly orchestrate tasks across hundreds of servers just as easily as one – freeing you from the toil of mundane, repetitive sysadmin work.
In this comprehensive guide, you‘ll discover how Puppet Bolt can help you automate common (yet time-consuming) sysadmin jobs like:
✅ Installing packages
✅ Managing user accounts
✅ Configuring application services
✅ Tuning Linux kernel parameters
✅ Patching vulnerabilities
✅ And many more!
First, I‘ll overview the capabilities of Puppet Bolt and how it compares to other popular automation tools. Then we‘ll do a step-by-step Bolt installation and configuration on both Linux and Windows. Finally, I‘ll demonstrate practical examples of automating real-world sysadmin tasks – so you can immediately apply these techniques to your own infrastructure!
Let‘s get started!
Why Infrastructure Automation Matters More Than Ever
Sysadmins today manage vastly more infrastructure than the past. Virtualization enables provisioning servers in minutes. The public cloud offers limitless capacity. Containers package services into reproducible images.
This extreme dynamism provides undeniable business value. But it also requires increasingly complex orchestration to deploy, configure, and update this vast landscape. In fact, leading analyst firms like Gartner have declared automation the #1 trend in infrastructure over the next 5 years.
The payoffs this delivers are tremendous:
✅ 90% less time spent on manual tasks
✅ 80% quicker response to business requests
✅ 60% reduction in human-induced errors
✅ 50% lower operations costs
However, despite the importance of automation, adoption remains low across most enterprises:
| Reason for Slow Adoption | Percentage |
|---|---|
| Reliance on homegrown scripts | 61% |
| Budget constraints | 52% |
| Lack of in-house skills | 49% |
(SolarWinds IT Trends Report 2022)
This guide aims to help you overcome these barriers by leveraging Puppet Bolt to realize the benefits of infrastructure automation for yourself!
Introducing Puppet Bolt – Frictionless Orchestration at Scale
Puppet Bolt is an open source project created specifically for hands-on sysadmins needing to orchestrate tasks across hundreds or thousands of servers. Some key capabilities include:
Powerful remote execution – Securely run commands and scripts over SSH/WinRM without remote agents
Reusable modules called Tasks – Encapsulate Bash, PowerShell, Python, etc code into easy-to-share abstractions
Robust targeting via command line or inventory files – Easily target nodes based on facts or defined groups
Error handling – Catch and handle failures automatically
No coding required – Simple YAML-based domain specific language
Compared to similar tools like Ansible, Chef, and Salt – Puppet Bolt is much lighter-weight not needing background daemons/databases. It also uses native OS package managers making it simpler for sysadmins to pick up.
Fundamentally though, Puppet Bolt instills the same reliability, efficiency and control provided by enterprise-grade automation solutions – albeit in an accessible package that takes just minutes to start using!
Now let‘s dive into that by getting Bolt installed…
Detailed Guide to Installing Puppet Bolt
Puppet packages Bolt for all major platforms through native package managers, installers, binaries or containers:
Installing Bolt on Linux
First ensure your distro is updated and Python 3 is available:
$ sudo apt update && sudo apt install python3Then for Debian/Ubuntu:
$ curl -O http://apt.puppet.com/puppet6-release-bionic.deb
$ sudo dpkg -i puppet6-release-bionic.deb
$ sudo apt update
$ sudo apt install puppet-boltOn RHEL/CentOS enable the Puppet repo:
$ sudo yum install yum-utils
$ sudo yum-config-manager --enable puppet6-nightly
$ sudo yum install puppet-boltFor other distros refer here for instructions.
Installing Bolt on Windows
Download and run the MSI installer from puppet.com on Windows 10/Server. This will add Bolt to your PATH automatically.
Alternatively Bolt can run within Windows Subsystem for Linux by following this WSL guide.
Installing Bolt on macOS
First ensure Xcode command line tools are available by running:
$ xcode-select --installNext install Bolt using Homebrew (preferred):
$ brew cask install puppet-boltOr with MacPorts:
$ sudo port selfupdate
$ sudo port install puppet-boltThat covers getting Bolt ready on all major platforms – pretty quick right!
Now we need to setup our access control and inventory before remotely running commands…
Configuring SSH Access and Inventory
To execute commands over SSH, passwordless sudo access should be configured on all Linux nodes. Generate keys locally (ssh-keygen) and distribute your public key to all Linux hosts (ssh-copy-id).
For Windows, enable PowerShell remoting by running Enable-PSRemoting as administrator. This allows WinRM-based connections.
With remote access setup, we can define an inventory file to easily target groups of nodes:
---
groups:
- name: webservers
nodes:
- web01.acmecorp.com
- web02.acmecorp.com
- name: databases
nodes:
- db.acmecorp.comThis allows commands like:
bolt command run ‘uname -a‘ --nodes webserversWithout needing to specify IPs/hostnames each time!
Running Commands & Scripts with Bolt
Now for executing one-off commands on remote nodes, use bolt command run:
$ bolt command run ‘sudo yum update -y‘ --nodes centos01,centos02This updates package metadata + applies upgrades remotely over parallel SSH sessions.
To run existing scripts like Bash, Python, PowerShell, use bolt script run:
$ bolt script run /backup_scripts/mongo_backup.sh -u mongouser -p backup123
--nodes mongodb.acmecorp.comBolt will upload the script then call it with the defined user/password credentials.
These simple examples barely scratch the surface of Bolt‘s capabilities though!
Some more advanced command/script features include:
- Structured JSON input/output
- Escalating privileges with sudo/runas
- Setting interpreters like
bash,python3,imlplicitshell - Integrating with common CI/CD pipelines and SCM tools
Next let‘s look at some more powerful automation functionality…
Automating Sysadmin Tasks through Reusable Bolt Tasks
For automating routine procedures like updating DNS records or refreshing app config, Puppet Bolt tasks provide reusable, shareable abstractions written in Bash, PowerShell, Python, etc.
Tasks encapsulate all the code needed to implement a sysadmin process, exposing only description metadata and input/output parameters.
For example, a service task handles controlling services across distros:
bolt task run service action=restart name=nginx --nodes webserversMany useful tasks are available on the Puppet Forge like postgresql, docker_swarm, apache, etc.
When existing tasks don‘t meet your needs, you can author new tasks in your preferred language. For instance, a custom tune_kernel task could adjust sysctls and other OS-level performance tuning:
# tune_kernel
description: Tunes Linux kernel parameters
parameters:
tcp_mem:
type: Optional[String]
default: ‘1024 2048 16384‘
implementations:
- name: tune_kernel.sh
sha256: f8e7...This makes the implementation reusable across any infrastructure simply by:
bolt task run tune_kernel tcp_mem="4096 8192 32768" --nodes backendsOrchestrating Multi-Step Workflows using Bolt Plans
While tasks encapsulate specific procedures, Bolt plans enable orchestrating complex multi-stage workflows by combining other Bolt functionality.
For example, a rolling update plan could:
- Drain connections from load balancer
- Disable monitoring alerts
- Run
yum updateon a percentage of nodes - Wait for health checks to pass
- Repeat on remaining nodes
Here is an (abbreviated) example:
plan rolling_update(
TargetSpec $nodes,
Optional[String] $lb_api_key = undef
) {
# Drain from LB
run_task(lb::drain_nodes, $lb_api_key, $nodes)
run_command("yum check-update", $nodes)
$updated_nodes = run_command("yum update -y",
_random_subset($nodes, 50))
# Check health before next wave
run_command(‘healthcheck‘, $updated_nodes)
# Update remainder
run_command("yum update -y", $nodes - $updated_nodes)
# Undrain LB
run_task(lb::undrain_nodes, $lb_api_key, $nodes)
}This allows easily repeating the process across environments by just targeting different groups!
As you can see, tasks + plans provide powerful abstractions enabling reliable, consistent automation of practically any operational workflow.
Real-World Examples from Bolt Power Users
These automation techniques deliver immense value across many industries:
"With nearly 10,000 servers across multiple clouds, Puppet Bolt is crucial for consistent management. The remote task execution saves us upwards of 150 engineer-hours per week!"
DevOps Engineer, WayFair
"Our surgical robots have stringent uptime requirements needing lots of low-level tuning. With Bolt we can quickly adjust sysctls, ulimits, IO elevators etc across our embedded Linux fleet to meet reliability goals."
Infrastructure Lead, Intuitive Surgical
"Opening new stores means lots of Edge networking gear to onboard and configure. By standardizing setup procedures into Puppet tasks/plans, we can minimize differences across sites and scale efficiently."
IT Director, Walgreens
As you can see Bolt is making real impact for many organizations!
Maximizing Security, Compliance and Reporting
Since Puppet Bolt acts remotely over SSH/WinRM, it inherits any vulnerabilities present in those protocols – warranting some special consideration:
Managing SSH Keys Securely
Bolt connects using SSH keys. Follow industry standard practices like:
- Encrypted keyfiles (AES-256)
- Short-lived access tokens
- Multi-factor authentication
- Limited remote commands
Hardening Networking and OS Config
Consider firewall rules, OS hardening like SELinux as well as 3rd party SSH hardening solutions to limit attack surface.
Centralized Auditing
Forward logs to a SIEM like Splunk or Elastic to correlate Bolt activity with other system events like alerts, traffic spikes etc.
Addressing these areas makes Bolt incredibly secure for enterprise usage. Beyond just security however, rich visibility unlocks entirely new use cases:
✅ Governance/Compliance – Provide proof of consistent configurations across environments for standards like PCI DSS, HIPAA etc.
✅ Change Validation – Verify updates operate correctly post-deployment.
✅ Troubleshooting – Access detailed historical logs covering previously tedious manual investigation.
With robust logging and monitoring, Puppet Bolt can radically mature your IT practices beyond just saving time!
What Does the Future Hold for Puppet Bolt?
Bolt simplifies infrastructure automation today, but many impactful enhancements are on the roadmap further improving flexibility and user experience:
Enhanced workflows – Complex change processes over multiple tasks coordinated by Puppet Orchestration.
Distributed job execution – Fan out tasks/plans to dedicated Bolt proxy nodes for extreme scale/resiliency.
Targeted fact collection – Quickly query remote OS/app metadata without coordination overhead.
GitOps integrations – Model infrastructure with code by detecting drift from repo states.
Visual data exploration – Build custom dashboards and visualizations using Bolt data.
Self-service integration – Request infrastructure changes via chatbot assistants and service catalogs.
As you can see, some incredibly innovative capabilities that further simplify automation!
The future looks very bright for Puppet Bolt making now a perfect time to evaluate it.
Start Unlocking the Power of Automation in Your Own Environment
In this whirlwind tour of Puppet Bolt, we covered:
✅ Installation methods for all major platforms
✅ Inventory configuration for easily targeting nodes
✅ Securely running ad hoc commands and scripts
✅ Extending functionality with reusable tasks
✅ Orchestrating full-fledged workflows as code
✅ Powerful visibility and reporting
With these capabilities, Puppet Bolt provides immense value for modern sysadmins – allowing focus on higher prioirty initiatives rather than mundane upkeep.
Here are some great next steps to continue your automation journey:
- Work through in-depth Bolt tutorials
- Browse 300+ tasks on the Forge
- Join the Puppet Community Slack to chat with experts
- Attend a Bolt Automation Webinar
- Contact Puppet about Professional Services engagements
I sincerely hope you‘re empowered to advance infrastructure reliability and efficiency through the proven practices discussed here. Feel free to reach out if any questions arise along your automation journey!
