Easily Manage Patching and Application Updates with Chocolatey + Puppet - April 29, 2020
Download as PPTX, PDF0 likes244 views
The document outlines a workshop focused on managing software patching and updates using Puppet and Chocolatey. It covers topics such as the unique capabilities of Chocolatey for Windows package management, the integration of both tools in CI/CD pipelines, and the benefits of automation and lifecycle management of software deployments. The session includes practical exercises to demonstrate the effective use of Puppet and Chocolatey together for a streamlined software management process.
Easily Manage Patching and Application Updates with Chocolatey + Puppet - April 29, 2020
- 1. Manage patching and updates with ease A Puppet and Chocolatey Workshop
- 2. Meet our Presenters Matt Stone Sr. Solutions Engineer / Windows Advocate Puppet, Inc. @matthewrstone | github.com/matthewrstone | @souldo (puppet slack) 2 Paul Broadwith Sr. Technical Engineer / MVP Chocolatey Software @pauby | github.com/pauby | https://chocolatey.org/contact
- 3. Agenda Today’s webinar will feature: • Quick Intro to Puppet and Chocolatey • Using Chocolatey for Package Management • Using Puppet Enterprise to automate package deployment. • Using Puppet and Chocolatey as part of a CI/CD pipeline for infrastructure code. • How Chocolatey and Puppet differ from tools like SCCM. 3
- 5. Windows Automation: Goals and Challenges 5 Goals ● Deploy more software faster; ● Automate infrastructure using latest tools (eg. PowerShell, Puppet etc.) ● Standardize, consistent and scalable approach; Challenges ● TIME: Deploying software manually time consuming / inefficient. ● COMPLEXITY: Traditional tools complex / ineffective in modern IT env.; ● COST: Deploying & managing software without package management;
- 6. “Chocolatey allows you to deploy any Windows software, anywhere, with anything, and manage and track that software over time.” - Rob Reynolds, Creator of Chocolatey 6 apt | yum | pacman | brew Chocolatey Is The Package Manager For Windows
- 7. Chocolatey’s Unique Approach 7 Chocolatey uses a universal packaging format for managing all Windows software (i.e. native installers, zips, scripts, binaries) as first class citizens. ● Write a software deployment one time (with PowerShell); ● Deploy it anywhere you have Windows (i.e Desktop, Servers, Docker, Azure, AWS, etc.); ● Deploy to any supported version of Windows; ● With everything (i.e. Puppet); ● Then manage & track that software over time (even without installers);
- 8. Chocolatey - Sane Software Management 8 ● Packages are independent building blocks; ● Uses tools you already know (ie. PowerShell); ● Chocolatey is 9+ years old; ● Extensive community – 979M+ downloads; ● No need to reinvent the wheel - 7600+ unique Community packages; Business Version which is more closely aligned to organizational use cases and allows complete software management. Easily manage the entire software lifecycle.
- 10. With Puppet Enterprise, you can... • Continuously enforce configuration and security policy. • Run ad-hoc tasks or orchestrated workflows on a schedule or on demand. • Analyze the impact of changes to your environment before code is merged. • Quickly migrate PowerShell scripts into the Puppet automation framework. • Migrate PowerShell DSC code into the Puppet automation framework. 10
- 11. With Chocolatey and Puppet, you can... • Deliver chocolatey packages at scale. • Include non-package dependencies, such as Windows Features, registry settings and more. • Write a software deployment one time (with PowerShell). • Analyze the impact of your deployments before they go to production. • Manage deployments to Windows Server, regardless of edition. • Review inventory of packages installed, regardless of provider. • Cross-platform - Manage Windows and Linux, agent or not. 11
- 13. Anatomy of a Chocolatey Package 13
- 14. Anatomy of a Chocolatey Package 14
- 16. Installing software the traditional way. ● Let’s install paint.net 16
- 17. Installing software the traditional way. 17
- 18. Installing software the traditional way. 18
- 19. Installing software the traditional way. 19
- 20. Installing software the traditional way. 20
- 21. Installing software the traditional way. 21 There IS a better way …. … and we need to talk about sources and organizational best practices….
- 23. About Chocolatey Sources 23 “Chocolatey has had the ability to be able to work with packages from one or more sources since its inception back in 2011. With that, Chocolatey comes with a default package repository configured - the Chocolatey Community Package Repository”
- 24. About Chocolatey Repositories 24 ● Sonatype Nexus OSS; ● Artifactory; ● ProGet; ● Any other NuGet v2 repository; ● NFS/CIFS share can be used to lesser results; ● Chocolatey Quick Deployment Environment; Repository Managers
- 25. Chocolatey Community Package Repository 25 ● Community Maintained; ● Moderated as of October 2014; ● Everything goes through VirusTotal; ● Not recommended for organizations: ○ Not fully reliable; ○ Distribution rights; ○ Trust; ○ Bandwidth; ● Solution: Package Internalization
- 26. Chocolatey Package Internalizer 26 ● Take advantage of existing packages without dependency on the internet ● Downloads existing package and all remote resources ● Recompiles package to use those internal resources ● Option to download and point to other locations
- 27. Exercise: Before We Start ● Disable license warning 27 choco feature disable -n=warnOnUpcomingLicenseExpiration
- 28. Exercise: Using Package Internalizer ● List sources 28 choco download firefox --internalize
- 29. Exercise: Using Internal Sources ● List sources 29 choco source list
- 30. Exercise: Using Internal Sources ● Remove the public source 30 choco source remove --name="'chocolatey'"
- 31. Exercise: Using Internal Sources ● Add the internal source 31 choco source add --name="'nexus'" ` -- source="'http://localhost:8081/repository/internalrepo/'" ` --allow-self-service
- 32. Exercise: Using Internal Sources ● List packages 32 choco source list
- 33. Exercise: Using Internal Sources ● Get Nexus Password ● In your browser open http://localhost:8081 and login with the username admin and the password obtained above. ● When logged in, change password when prompted and choose to enable Anonymous access. ○ This is important if the repository is used for installing packages, without authenticating. 33 Get-Content C:my_nexus_pw.txt
- 34. Exercise: Using Internal Sources ● Get Nexus API Key ● Add the Nexus API Key to Chocolatey - this allows you to push packages 34 $apikey = Get-Content C:my_api_key.txt choco apikey --api-key=$apikey ` -- source="'http://localhost:8081/repository/internalrepo/'
- 35. Exercise: Using Internal Sources ● Install firefox 35 choco install firefox
- 37. ● Cross platform on-demand or scheduled task execution ● Easily share scripts amongst team members ● Integrates with Puppet Enterprise RBAC, logging and a simple execution interface ● Easily migrate scripts into Bolt Tasks enabling version control and collaboration
- 38. • Step based orchestration of commands, scripts, tasks, plans and puppet code. • Easily share workflows among team members. • Integrates with Puppet Enterprise RBAC, logging and a simple execution interface. • Start quickly with YAML plans or use the puppet language for more advanced features.
- 39. 39
- 40. Exercise: Install a Package with Bolt ● Change to C:workshop (this is case sensitive) ● Run `bolt plan run choco_workshop::install_edge` ● When completed, run `choco list --lo` 40
- 41. Exercise: Managing Sources with Puppet DSL ● Change to C:workshop (this is case sensitive) ● Run `bolt plan run choco_workshop::sources` ● When completed, run `choco sources list` 41
- 42. 42 An Easy Life With Self Service
- 43. Background Agent 43 ● Non-admin can install only from approved, configured sources; ● GUI or command line; ● Commands / sources validated prior to running; ● Abuses logged for further review; ● Background mode defaults for install / upgrade - can be configured for other commands;
- 44. Graphical Interface and Self Service - ChocolateyGUI 44 ● Big clickable buttons; ● Manage software; ● Great for desktop / non- technical users; ● Great for Self-Service Management (C4B)
- 46. Package Synchronizer - Automatic Sync 46 ● Chocolatey maintains state based on packages; ● System state can be manipulated outside of Chocolatey; ● Any Chocolatey command will trigger synchronization in licensed editions of Chocolatey; ● Package Synchronizer syncs with manual software removal or software that automatically upgrades, such as Chrome;
- 47. Exercise: Using Automatic Sync ● Run:choco install paint.net -y Get-Cotent C:my_nexus_pw.t 47 choco list --local-only
- 48. Exercise: Using Automatic Sync 48
- 49. Exercise: Using Automatic Sync ● Open Programs and Features and manually uninstall chocolateygui. ● Run:stall paint.net -y Get-Cotent C:my_nexus 49 choco list --local-only
- 50. Exercise: Using Automatic Sync 50
- 51. Package Synchronizer 51 ● Programs and Features is only 50-80% of installed software; ● Chocolatey brings management for non-installer packages; ● Supporting legacy inventory reporting systems is now easy; ● No need to build MSI / Installers for internal use just to support legacy reporting
- 52. Exercise: Using Package Synchroniser ● Run:choco install paint.net -y Get-Cotent C:my_nexus_pw.t 52 choco list --local-only --include-programs
- 53. Exercise: Using Package Synchroniser ● Run:choco install paint.net -y Get-Cotent C:my_nexus_pw.t 53 choco sync --id="'VLC media player'" --package-id="'vlc'" choco list --local-only --include-programs
- 54. Exercise: Using Automatic Sync 54
- 55. Exercise: Using Package Synchroniser ● Run:choco install paint.net -y Get-Cotent C:my_nexus_pw.t 55 choco oudated
- 56. Exercise: Using Package Synchroniser ● Run:choco install paint.net -y Get-Cotent C:my_nexus_pw.t 56 choco upgrade vlc
- 58. Chocolatey Central Management 58 ● See reports / information across the organization; ● Modules / plugins coming;
- 59. Puppet Enterprise Console Package Inventory 59
- 60. Continuous Delivery for Puppet Enterprise Events 60
- 61. Continuous Delivery for Puppet Enterprise Impact Analysis 61
- 62. 62 See it in action: Continuous Enforcement
- 63. See it in action: Tasks and Plans in Console
- 64. 64 Questions?