Automate your Windows environment faster with Puppet + Chocolatey. Together, Puppet and Chocolatey bring faster and more secure deployments to your Windows environments. By using Chocolatey for package management and Puppet to automate and guarantee the desired state of your Windows infrastructure, your teams can securely deploy applications faster than ever.
2. Meet our Presenters
Matt Stone
Sr. Solutions Engineer / Windows Advocate
Puppet, Inc.
@matthewrstone | github.com/matthewrstone | @souldo (puppet slack)
2
Paul Broadwith
Sr. Technical Engineer / MVP
Chocolatey Software
@pauby | github.com/pauby | https://chocolatey.org/contact
3. Agenda
Today’s webinar will feature:
• Quick Intro to Puppet and Chocolatey
• Using Chocolatey for Package Management
• Using Puppet Enterprise to automate package
deployment.
• Using Puppet and Chocolatey as part of a CI/CD
pipeline for infrastructure code.
• How Chocolatey and Puppet differ from tools like
SCCM.
3
5. Windows Automation: Goals and Challenges
5
Goals
● Deploy more software faster;
● Automate infrastructure using latest tools (eg. PowerShell, Puppet etc.)
● Standardize, consistent and scalable approach;
Challenges
● TIME: Deploying software manually time consuming / inefficient.
● COMPLEXITY: Traditional tools complex / ineffective in modern IT env.;
● COST: Deploying & managing software without package management;
6. “Chocolatey allows you to
deploy any Windows
software, anywhere, with
anything, and manage and
track that software over
time.” - Rob Reynolds, Creator of Chocolatey
6
apt | yum | pacman | brew
Chocolatey Is The Package Manager For Windows
7. Chocolatey’s Unique Approach
7
Chocolatey uses a universal packaging format for managing all Windows
software (i.e. native installers, zips, scripts, binaries) as first class citizens.
● Write a software deployment one time (with PowerShell);
● Deploy it anywhere you have Windows (i.e Desktop, Servers, Docker,
Azure, AWS, etc.);
● Deploy to any supported version of Windows;
● With everything (i.e. Puppet);
● Then manage & track that software over time (even without installers);
8. Chocolatey - Sane Software Management
8
● Packages are independent building blocks;
● Uses tools you already know (ie. PowerShell);
● Chocolatey is 9+ years old;
● Extensive community – 979M+ downloads;
● No need to reinvent the wheel - 7600+ unique Community packages;
Business Version which is more closely aligned to organizational use cases
and allows complete software management.
Easily manage the entire software lifecycle.
10. With Puppet Enterprise, you can...
• Continuously enforce configuration and security policy.
• Run ad-hoc tasks or orchestrated workflows on a schedule or on demand.
• Analyze the impact of changes to your environment before code is merged.
• Quickly migrate PowerShell scripts into the Puppet automation framework.
• Migrate PowerShell DSC code into the Puppet automation framework.
10
11. With Chocolatey and Puppet, you can...
• Deliver chocolatey packages at scale.
• Include non-package dependencies, such as Windows Features, registry settings and
more.
• Write a software deployment one time (with PowerShell).
• Analyze the impact of your deployments before they go to production.
• Manage deployments to Windows Server, regardless of edition.
• Review inventory of packages installed, regardless of provider.
• Cross-platform - Manage Windows and Linux, agent or not.
11
23. About Chocolatey Sources
23
“Chocolatey has had the ability to
be able to work with packages
from one or more sources since its
inception back in 2011. With that,
Chocolatey comes with a default
package repository configured -
the Chocolatey Community
Package Repository”
24. About Chocolatey Repositories
24
● Sonatype Nexus OSS;
● Artifactory;
● ProGet;
● Any other NuGet v2 repository;
● NFS/CIFS share can be used to lesser results;
● Chocolatey Quick Deployment Environment;
Repository Managers
25. Chocolatey Community Package Repository
25
● Community Maintained;
● Moderated as of October 2014;
● Everything goes through VirusTotal;
● Not recommended for organizations:
○ Not fully reliable;
○ Distribution rights;
○ Trust;
○ Bandwidth;
● Solution: Package Internalization
26. Chocolatey Package Internalizer
26
● Take advantage of existing
packages without dependency on
the internet
● Downloads existing package and all
remote resources
● Recompiles package to use those
internal resources
● Option to download and point to
other locations
27. Exercise: Before We Start
● Disable license warning
27
choco feature disable -n=warnOnUpcomingLicenseExpiration
33. Exercise: Using Internal Sources
● Get Nexus Password
● In your browser open http://localhost:8081 and login with the
username admin and the password obtained above.
● When logged in, change password when prompted and choose to enable
Anonymous access.
○ This is important if the repository is used for installing packages, without
authenticating.
33
Get-Content C:my_nexus_pw.txt
34. Exercise: Using Internal Sources
● Get Nexus API Key
● Add the Nexus API Key to Chocolatey - this allows you to push packages
34
$apikey = Get-Content C:my_api_key.txt
choco apikey --api-key=$apikey ` --
source="'http://localhost:8081/repository/internalrepo/'
37. ● Cross platform on-demand or
scheduled task execution
● Easily share scripts amongst team
members
● Integrates with Puppet Enterprise
RBAC, logging and a simple
execution interface
● Easily migrate scripts into Bolt Tasks
enabling version control and
collaboration
38. • Step based orchestration of commands,
scripts, tasks, plans and puppet code.
• Easily share workflows among team
members.
• Integrates with Puppet Enterprise RBAC,
logging and a simple execution interface.
• Start quickly with YAML plans or use the
puppet language for more advanced
features.
40. Exercise: Install a Package with Bolt
● Change to C:workshop
(this is case sensitive)
● Run `bolt plan run choco_workshop::install_edge`
● When completed, run `choco list --lo`
40
41. Exercise: Managing Sources with Puppet DSL
● Change to C:workshop
(this is case sensitive)
● Run `bolt plan run choco_workshop::sources`
● When completed, run `choco sources list`
41
43. Background Agent
43
● Non-admin can install only from
approved, configured sources;
● GUI or command line;
● Commands / sources validated prior
to running;
● Abuses logged for further review;
● Background mode defaults for
install / upgrade - can be configured
for other commands;
44. Graphical Interface and Self Service - ChocolateyGUI
44
● Big clickable buttons;
● Manage software;
● Great for desktop / non-
technical users;
● Great for Self-Service
Management (C4B)
46. Package Synchronizer - Automatic Sync
46
● Chocolatey maintains state based
on packages;
● System state can be manipulated
outside of Chocolatey;
● Any Chocolatey command will
trigger synchronization in licensed
editions of Chocolatey;
● Package Synchronizer syncs with
manual software removal or
software that automatically
upgrades, such as Chrome;
47. Exercise: Using Automatic Sync
● Run:choco install paint.net -y
Get-Cotent C:my_nexus_pw.t
47
choco list --local-only
49. Exercise: Using Automatic Sync
● Open Programs and Features and manually uninstall
chocolateygui.
● Run:stall paint.net -y
Get-Cotent C:my_nexus
49
choco list --local-only
51. Package Synchronizer
51
● Programs and Features is only
50-80% of installed software;
● Chocolatey brings
management for non-installer
packages;
● Supporting legacy inventory
reporting systems is now easy;
● No need to build MSI /
Installers for internal use just to
support legacy reporting
52. Exercise: Using Package Synchroniser
● Run:choco install paint.net -y
Get-Cotent C:my_nexus_pw.t
52
choco list --local-only --include-programs
53. Exercise: Using Package Synchroniser
● Run:choco install paint.net -y
Get-Cotent C:my_nexus_pw.t
53
choco sync --id="'VLC media player'" --package-id="'vlc'"
choco list --local-only --include-programs