With an update to its namesake configuration tool, Puppet Labs has introduced a programming language designed to give administrators more flexibility in scripting their deployment routines.
Puppet 3.2.1, the first public release in the Puppet 3.2 series, can also now accept external certificate authorities (CAs), allowing organizations to use their in-house authorization systems with their Puppet deployments.
Puppet is open-source software that system administrators can use to help manage systems. It can be used to automate repetitive tasks, deploy applications and manage the process of adding servers to scale systems.
"Puppet's configuration language has always been focused on the best combination of simplicity and power, and my goal was always to have it be more like a configuration file than a programming language," wrote Luke Kanies, founder and CEO of Puppet Labs, in an email interview. "However, as our community has built more sophisticated infrastructures with Puppet Enterprise ... people have needed more power in the language."
The new language is "a great step forward in terms of being able to concisely express complicated configurations in a readable, maintainable way," Kanies wrote. In particular, the language can be used to more easily manage multiple systems as a single group, rather than manage each one separately. It will also allow administrators to automate large groups of services as a single entity.
The language, and associated parser, is "really a ground-up reimplementation of the Puppet language, using an expression- instead of statement-based grammar, which allows both a lot more power and flexibility with what you can do," explained Puppet product owner Eric Sorenson, in a Puppet blog post announcing the new version.
Development of the new language came about after the Puppet maintainers deprecated the Puppet Ruby DSL (domain specific language) module. The Puppet Ruby DSL offered a number of advanced features not available in Puppet's native language, most notably the ability to run iterative loops, long a common feature in nearly all programming languages today. The DSL, however, proved to be too buggy to support.
The new parser is not finished, Puppet admitted. It requires more work, in how it interprets both the new and old Puppet commands. As a result, it does not run by default on Puppet 3.2. Instead, the user must evoke it from the command line or from Puppet's startup configuration file. The Puppet maintainers are also looking for feedback from users on other ways to improve the language and parser.
Puppet 3.2 can now also accept digital certificates from external sources. The maintainers developed this feature in conjunction with the Mozilla Foundation, which had already created code for its own Puppet implementation that would recognize external CAs. Originally, Kanies built a simple CA into Puppet, one that used a simple implementation of the Secure Socket Layer (SSL). "Now many organizations are running their own CA internally ... so it makes sense to integrate with the services our customers already have," Kanies wrote.
Sign up for CIO Asia eNewsletters.