Inviting Windows to the Puppet PartyChris Kittell and Derek Robinson

+

Any reference in this presentation to any specific commercial product, process, or service, or the use of any trade, firm or corporation name is for the information purposes only and does not constitute an endorsement or recommendation by Wal-Mart Stores, Inc.

Challenges

40,000 Windows servers

Outdated toolchain and processes

No version control

Point and click culture

Goals

Reporting

Scalability and speed to implement

Tackling greenfield first

Walmart DSCConfiguration Management Tool

ConfiguratorAPIs

(no web UI)

Facts(not supported yet)

Parameters(not supported yet)

DSC Resources

Microsoft Community Walmart

DSC Engine

Worked great!

… until it didn’t

13 major bugs in first 6 months

Only 4 people knew how it worked

Very limited documentation

Powershell v5 would require rewriting scripts

We had to constantly tweak WMI settings after 1000 nodes

Then the world changed

Then the world changed

47,000 Linux servers were already managed by Puppet

Linux teammates were planning the upgrade to Puppet Enterprise

Puppet 3.7 introduced 64-bit support for Windows

PowerShell v5 introduced better 3rd party integration

Puppet Labs DSC module was announced

Integrating Tools

SCCM

Image management

Software delivery

Patch management

Active Directory

User policy settings

Server-side security

policy settings

Puppet

Native resource types

DSC

Additional plugins and providers

Choosing the best tool for the job

How Windows got invited to the partyStart small and build on success

• Started with new OS version (no “legacy” to worry about)

• All new builds are now done using Puppet

• > 5,000 servers have been built using Puppet > 7,000

including cloud servers

• > 30,000 managed Windows nodes

Big wins

Shared learnings Compliance Increased visibility

Speed Scale Partnering for solutions

GotchasWorkarounds for Windows

Plugin sync issues

Standard DSC resources had

more stuff than we needed

External facts and PowerShell

TBD

We removed

DSC resources we don't use

Setting up test environments

is important

Issue Workaround

Four pillars of success

Documentation Automation Collaboration Measurement

What’s next?

Onboarding more servers

Custom DSC resources

PQL

Automating infrastructure apps

Key takeaways

Buy-in from

other teams

Visibility and

tracking

Greater

agility

Questions?

Thank you!