Puppetizing the workstations

Spotify is a very frequent user of Puppet. We have given many talks and presentations on the subject but these have all been based on systems in our production environment. None have discussed how we use Puppet on internal clients (desktop machines).

In fact the Puppet community itself hasn’t paid much attention to the use of puppet for clients. Puppetlabs hosted a lunch table about “Puppet for Mac” during last year’s PuppetConf. The table was full of people interested in bringing puppet to the desktop. One thing I noticed during the conversation was that very few were actually using puppet on the desktop.

We all face the same problems when managing a fleet of workstations. An open conversation on how common problems can be solved will benefit the community. This is our experience on puppetizing our workstations.

Facts

We launched Puppet for Mac OS X in late 2010 and started puppetizing Windows machines in 2012. Puppet didn’t do much more than installing a few applications in the beginning, but we quickly realized it can do so much more! Our setup today encompass over 1500 nodes, thirty modules which configure applications, printers, network and some security measures.

Every new machine gets pre installed with puppet using DeployStudio. The user only needs to run through the initial setup guide.

We schedule a run of our puppet script every fifteen minutes. The script takes care of node naming (username-serialnumber) and potential certificate issues due to reinstalling a machine with the same certname.

Bandwidth

Spotify is available in twenty eight countries, each with employees requiring software. Some software/updates we supply with puppet are fairly heavy and the bandwidth to the office can be extremely poor. So we had to come up with a solution!

Since we already have some shiny Mac Minis acting as DeployStudio replicas at the different offices we figured, why not use them as a local cache? I spent a day puppetizing apache on these machines to use mod_cache to cache our software. Node’s would then fetch software from the local network repository instead from of our master in Sweden. Everything handled by puppet based on the node’s IP address. This managed to speed up some puppet runs by 1000%

Requesting Software

Spotify loves automation and so do the people in IT. We don’t want to receive a request for Microsoft Office by email and then manually tag nodes with the Office class to install it. Instead we created a self-tagging website. It takes the computer’s certname and opens a web browser that allows the user to select the software they want. Let the user do the tagging!

software

System information

System information is great for troubleshooting workstations and everyone loves technology but that doesn’t imply you know how to determine your vlan or MAC address. It’s hard to navigate non-tech people to run $ facter in the terminal.
A Systeminfo.app runs facter for the user, all they need to do is to copy and paste that information to the support technician.

Dekstop Notifications

Some updates might cause problems to the user experience if they are performed whilst the user is working in the application. Some applications even restart without notice when performing a background update. I tried to improve this by adding desktop notifications via puppet. It could be a notification about pending software updates or a notification about cake in the cafeteria!

notification_example 

The future

Each team should have a puppetized development environment. Why should newcomers spend days configuring something that everyone has done before?

We’ve started to use Boxen in a smaller scale. A masterless puppet setup with lots of custom providers and apps to automate workstations. Thanks to Boxen I managed to automate everything (except ssh keys and Login.keychain). Let’s reinstall clients on a weekly basis!

The truth is that workstations can be both hard and time consuming to automate. Every software manufacturer have their own way of updating and managing their applications. We can’t stop people from using the best tools because they’re hard to automate so we need to be the “puppeteers” that make it work!

We’re constantly on the lookout for skilled engineers. If you are passionate and understand the needs for automation you should really come to Spotify. We’re hiring!

IT Technician Stockholm
IT Technician NYC
SRE Engineer