Automate your Windows environment faster with Puppet + Chocolatey. Together, Puppet and Chocolatey bring faster and more secure deployments to your Windows environments. By using Chocolatey for package management and Puppet to automate and guarantee the desired state of your Windows infrastructure, your teams can securely deploy applications faster than ever.

1. Manage patching and
updates with ease
A Puppet and Chocolatey Workshop

2. Meet our Presenters
Matt Stone
Sr. Solutions Engineer / Windows Advocate
Puppet, Inc.
@matthewrstone | github.com/matthewrstone | @souldo (puppet slack)
2
Paul Broadwith
Sr. Technical Engineer / MVP
Chocolatey Software
@pauby | github.com/pauby | https://chocolatey.org/contact

3. Agenda
Today’s webinar will feature:
• Quick Intro to Puppet and Chocolatey
• Using Chocolatey for Package Management
• Using Puppet Enterprise to automate package
deployment.
• Using Puppet and Chocolatey as part of a CI/CD
pipeline for infrastructure code.
• How Chocolatey and Puppet differ from tools like
SCCM.
3

4. 4
What is
Chocolatey?

5. Windows Automation: Goals and Challenges
5
Goals
● Deploy more software faster;
● Automate infrastructure using latest tools (eg. PowerShell, Puppet etc.)
● Standardize, consistent and scalable approach;
Challenges
● TIME: Deploying software manually time consuming / inefficient.
● COMPLEXITY: Traditional tools complex / ineffective in modern IT env.;
● COST: Deploying & managing software without package management;

6. “Chocolatey allows you to
deploy any Windows
software, anywhere, with
anything, and manage and
track that software over
time.” - Rob Reynolds, Creator of Chocolatey
6
apt | yum | pacman | brew
Chocolatey Is The Package Manager For Windows

7. Chocolatey’s Unique Approach
7
Chocolatey uses a universal packaging format for managing all Windows
software (i.e. native installers, zips, scripts, binaries) as first class citizens.
● Write a software deployment one time (with PowerShell);
● Deploy it anywhere you have Windows (i.e Desktop, Servers, Docker,
Azure, AWS, etc.);
● Deploy to any supported version of Windows;
● With everything (i.e. Puppet);
● Then manage & track that software over time (even without installers);

8. Chocolatey - Sane Software Management
8
● Packages are independent building blocks;
● Uses tools you already know (ie. PowerShell);
● Chocolatey is 9+ years old;
● Extensive community – 979M+ downloads;
● No need to reinvent the wheel - 7600+ unique Community packages;
Business Version which is more closely aligned to organizational use cases
and allows complete software management.
Easily manage the entire software lifecycle.

9. 9
What is
Puppet?

10. With Puppet Enterprise, you can...
• Continuously enforce configuration and security policy.
• Run ad-hoc tasks or orchestrated workflows on a schedule or on demand.
• Analyze the impact of changes to your environment before code is merged.
• Quickly migrate PowerShell scripts into the Puppet automation framework.
• Migrate PowerShell DSC code into the Puppet automation framework.
10

11. With Chocolatey and Puppet, you can...
• Deliver chocolatey packages at scale.
• Include non-package dependencies, such as Windows Features, registry settings and
more.
• Write a software deployment one time (with PowerShell).
• Analyze the impact of your deployments before they go to production.
• Manage deployments to Windows Server, regardless of edition.
• Review inventory of packages installed, regardless of provider.
• Cross-platform - Manage Windows and Linux, agent or not.
11

12. 12
What is a
Chocolatey
package?

13. Anatomy of a Chocolatey Package
13

14. Anatomy of a Chocolatey Package
14

15. 15
Traditional
software
installation...

16. Installing software the traditional way.
● Let’s install paint.net
16

17. Installing software the traditional way.
17

18. Installing software the traditional way.
18

19. Installing software the traditional way.
19

20. Installing software the traditional way.
20

21. Installing software the traditional way.
21
There IS a better way ….
… and we need to talk about sources and organizational best practices….

22. 22
Chocolatey
package
sources...

23. About Chocolatey Sources
23
“Chocolatey has had the ability to
be able to work with packages
from one or more sources since its
inception back in 2011. With that,
Chocolatey comes with a default
package repository configured -
the Chocolatey Community
Package Repository”

24. About Chocolatey Repositories
24
● Sonatype Nexus OSS;
● Artifactory;
● ProGet;
● Any other NuGet v2 repository;
● NFS/CIFS share can be used to lesser results;
● Chocolatey Quick Deployment Environment;
Repository Managers

25. Chocolatey Community Package Repository
25
● Community Maintained;
● Moderated as of October 2014;
● Everything goes through VirusTotal;
● Not recommended for organizations:
○ Not fully reliable;
○ Distribution rights;
○ Trust;
○ Bandwidth;
● Solution: Package Internalization

26. Chocolatey Package Internalizer
26
● Take advantage of existing
packages without dependency on
the internet
● Downloads existing package and all
remote resources
● Recompiles package to use those
internal resources
● Option to download and point to
other locations

27. Exercise: Before We Start
● Disable license warning
27
choco feature disable -n=warnOnUpcomingLicenseExpiration

28. Exercise: Using Package Internalizer
● List sources
28
choco download firefox --internalize

29. Exercise: Using Internal Sources
● List sources
29
choco source list

30. Exercise: Using Internal Sources
● Remove the public source
30
choco source remove --name="'chocolatey'"

31. Exercise: Using Internal Sources
● Add the internal source
31
choco source add --name="'nexus'" ` --
source="'http://localhost:8081/repository/internalrepo/'" `
--allow-self-service

32. Exercise: Using Internal Sources
● List packages
32
choco source list

33. Exercise: Using Internal Sources
● Get Nexus Password
● In your browser open http://localhost:8081 and login with the
username admin and the password obtained above.
● When logged in, change password when prompted and choose to enable
Anonymous access.
○ This is important if the repository is used for installing packages, without
authenticating.
33
Get-Content C:my_nexus_pw.txt

34. Exercise: Using Internal Sources
● Get Nexus API Key
● Add the Nexus API Key to Chocolatey - this allows you to push packages
34
$apikey = Get-Content C:my_api_key.txt
choco apikey --api-key=$apikey ` --
source="'http://localhost:8081/repository/internalrepo/'

35. Exercise: Using Internal Sources
● Install firefox
35
choco install firefox

36. 36
Using
Puppet Bolt
for Tasks

37. ● Cross platform on-demand or
scheduled task execution
● Easily share scripts amongst team
members
● Integrates with Puppet Enterprise
RBAC, logging and a simple
execution interface
● Easily migrate scripts into Bolt Tasks
enabling version control and
collaboration

38. • Step based orchestration of commands,
scripts, tasks, plans and puppet code.
• Easily share workflows among team
members.
• Integrates with Puppet Enterprise RBAC,
logging and a simple execution interface.
• Start quickly with YAML plans or use the
puppet language for more advanced
features.

39. 39

40. Exercise: Install a Package with Bolt
● Change to C:workshop
(this is case sensitive)
● Run `bolt plan run choco_workshop::install_edge`
● When completed, run `choco list --lo`
40

41. Exercise: Managing Sources with Puppet DSL
● Change to C:workshop
(this is case sensitive)
● Run `bolt plan run choco_workshop::sources`
● When completed, run `choco sources list`
41

42. 42
An Easy Life
With
Self Service

43. Background Agent
43
● Non-admin can install only from
approved, configured sources;
● GUI or command line;
● Commands / sources validated prior
to running;
● Abuses logged for further review;
● Background mode defaults for
install / upgrade - can be configured
for other commands;

44. Graphical Interface and Self Service - ChocolateyGUI
44
● Big clickable buttons;
● Manage software;
● Great for desktop / non-
technical users;
● Great for Self-Service
Management (C4B)

45. 45
Chocolatey
Sync

46. Package Synchronizer - Automatic Sync
46
● Chocolatey maintains state based
on packages;
● System state can be manipulated
outside of Chocolatey;
● Any Chocolatey command will
trigger synchronization in licensed
editions of Chocolatey;
● Package Synchronizer syncs with
manual software removal or
software that automatically
upgrades, such as Chrome;

47. Exercise: Using Automatic Sync
● Run:choco install paint.net -y
Get-Cotent C:my_nexus_pw.t
47
choco list --local-only

48. Exercise: Using Automatic Sync
48

49. Exercise: Using Automatic Sync
● Open Programs and Features and manually uninstall
chocolateygui.
● Run:stall paint.net -y
Get-Cotent C:my_nexus
49
choco list --local-only

50. Exercise: Using Automatic Sync
50

51. Package Synchronizer
51
● Programs and Features is only
50-80% of installed software;
● Chocolatey brings
management for non-installer
packages;
● Supporting legacy inventory
reporting systems is now easy;
● No need to build MSI /
Installers for internal use just to
support legacy reporting

52. Exercise: Using Package Synchroniser
● Run:choco install paint.net -y
Get-Cotent C:my_nexus_pw.t
52
choco list --local-only --include-programs

53. Exercise: Using Package Synchroniser
● Run:choco install paint.net -y
Get-Cotent C:my_nexus_pw.t
53
choco sync --id="'VLC media player'" --package-id="'vlc'"
choco list --local-only --include-programs

54. Exercise: Using Automatic Sync
54

55. Exercise: Using Package Synchroniser
● Run:choco install paint.net -y
Get-Cotent C:my_nexus_pw.t
55
choco oudated

56. Exercise: Using Package Synchroniser
● Run:choco install paint.net -y
Get-Cotent C:my_nexus_pw.t
56
choco upgrade vlc

57. 57
Inventory
Management

58. Chocolatey Central Management
58
● See reports / information
across the organization;
● Modules / plugins coming;

59. Puppet Enterprise Console
Package Inventory
59

60. Continuous Delivery for Puppet Enterprise
Events
60

61. Continuous Delivery for Puppet Enterprise
Impact Analysis
61

62. 62
See it in action:
Continuous
Enforcement

63. See it in action:
Tasks and Plans in
Console

64. 64
Questions?