Puppet Interview Questions

1. What size organizations should use Puppet?
Answer:  There is no minimum or maximum organization size that can benefit from Puppet, but there are sizes that are more likely to benefit. Organizations with only a handful of servers are unlikely to consider maintaining those servers to be a real problem, while those that have more need to consider carefully how they eliminate manual management tasks. (puppet interview questions)

2. How to upgrade Puppet and Factor?
 You can upgrade Puppet and Facter through your operating system package management system. You can do this either through the vendor’s repository or through the Puppet Labs’ public repositories.

3. How do you test your manifest files?
Answer: Explain how you will first run syntax checks with puppet parser validate command. If you are using VIM, you can use plugins like Syntastic to verify code (or else) use a full-fledged IDE like Geppetto. Also, use puppet-lint to verify in addition to puppet parser.
You can add RSpec/cucumber tests to your application. (BE CAREFUL: RUBY skills are required) and use Cucumber in standalone mode to test your manifests.

4. How Do I Document My Manifests?
Answer: The puppet language includes a simple documentation syntax, which is currently documented on the Puppet Manifest Documentation wiki page. The puppet doc command uses this inline documentation to automatically generate RDoc or HTML documents for your manifests and modules.

5. What Is Puppets’ Definition Of A Node?
Answer: A node is an any physical or virtual system that is managed by Puppet. This could be a physical server in your data center, a virtual server in the cloud or even a desktop machine. (E learning portal)

6. What are the characters permitted in a class and module name?
Answer: The characters that are permitted in a class and module name can be lowercase letters, underscores, numbers. It should be with a lowercase letter, you can use “::” as a namespace separator. The variable names can be including alphanumeric characters and underscore and can be case sensitive. 

7. Does this change affect all the components of a Puppet?
 As part of this change, we’re also changing the license of the Factor system inventory tool to Apache. This change will take effect with Factor version 1.6.0, and earlier versions of Factor will remain licensed under the GPLv2 license. This change will bring the licensing of Puppet’s two key components into alignment.

Our other major product, MCollective, is already licensed under the Apache 2.0 license.

8. Can I Access Environment Variables With Factor?
Answer: Not directly. However, Factor reads in custom facts from a special subset of environment variables. Any environment variable with a prefix of FACTER_ will be converted into a fact when Factor runs. For example:

The value of the FACTER_FOO environment variable would now be available in your Puppet manifests as $foo, and would have a value of ‘bar’. Using shell scripting to export an arbitrary subset of environment variables as facts are left as an exercise for the reader.

9. Can Puppet manage workstations?
Answer: Yes, Puppet can manage any machine and is used to manage many organizations that have a mix of laptops and desktops.

10. Describe the most significant gain you made from automating a process through Puppet?
 “I automated the configuration and deployment of Linux and Windows machines using Puppet. In addition to shortening the processing time from one week to 10 minutes, I used the roles and profiles paradigm and documented the purpose of each module in README to ensure that others could update the module using Git. The modules I wrote are still being used, but they’ve been improved by my teammates and members of the community.”

11. What is Module and How it is different from Manifest?
Answer: Whatever the manifests we defined in modules, can call or include into other manifests. Which makes easier management of Manifests. It helps you to push specific manifests on a specific Node or Agent.

Learn how to use Puppet, from beginner basics to advanced techniques, with online video tutorials taught by industry experts.

12. Tell me about a time when you used collaboration and Puppet to help resolve a conflict within a team?
Explain to them about your past experience of Puppet and how it was useful to resolve conflicts, you can refer to the below-mentioned example:

The development team wanted root access on test machines managed by Puppet in order to make specific configuration changes. We responded by meeting with them weekly to agree on a process for developers to communicate configuration changes and to empower them to make many of the changes they needed. Through our joint efforts, we came up with a way for the developers to change specific configuration values themselves via data abstracted through Hiera. In fact, we even taught one of the developers how to write Puppet code in collaboration with us.

13. What is the use of etckeeper-commit-post and etckeeper-commit-pre on Puppet Agent?
Answer: Etckeeper-commit-post: In this configuration file you can define command and scripts which executes after pushing configuration on Agent.

Etckeeper-commit-pre: In this configuration file you can define command and scripts which executes before pushing configuration on Agent.

14. Which version of Ruby does Puppet support?
Answer: I will suggest you mention the below points in your answer:

Certain versions of Ruby are tested more thoroughly with Puppet than others, and some versions are not tested at all. Run ruby –version to check the version of Ruby on your system.
Starting with Puppet 4, Puppet Agent packages do not rely on the OS’s Ruby version, as it bundles its own Ruby environment. You can install puppet-agent alongside any version of Ruby or on systems without Ruby installed.
Puppet Enterprise (PE) also does not rely on the OS’s Ruby version, as it bundles its own Ruby environment. You can install PE alongside any version of Ruby or on systems without Ruby installed.
The Windows installers provided by Puppet Labs don’t rely on the OS’s Ruby version and can be installed alongside any version of Ruby or on systems without Ruby installed. 

15. Which open source or community tools do you use to make Puppet more powerful?
Explain about some tools that you have used along with Puppet to do a specific task. You can refer the below example:

Changes and requests are ticketed through Jira and we manage requests through an internal process. Then, we use Git and Puppet’s Code Manager app to manage Puppet code in accordance with best practices. Additionally, we run all of our Puppet changes through our continuous integration pipeline in Jenkins using the beaker testing framework.

16. What is the use of etckeeper-commit-post and etckeeper-commit-pre on PUPPET AGENT?
Etckeeper Commit-post: In this configuration file you can define command and scripts which executes after pushing configuration on Agent

Etckeeper Commit-pre: In this configuration file you can define command and scripts which executes before pushing configuration on Agent

17. What is Module and How it is different from Manifest?
Whatever the manifests we defined in modules, can call or include into other manifests. Which makes easier management of Manifests. It helps you to push specific manifests on a specific Node or Agent. 

18. What Does This Mean If I Or My Company Have Or Want To Contribute Code To Puppet?

  • As part of this license change, Puppet Labs has approached every existing contributor to the project and asked them to sign a Contributor License Agreement or CLA.
  • Signing this CLA for yourself or your company provides both you and Puppet Labs with additional legal protections and confirms:
  • That you own and are entitled to the code you are contributing to Puppet
  • That you are willing to have it used in distributions
  • This gives assurance that the origins and ownership of the code cannot be disputed in the event of any legal challenge. 

19. Which Versions Of Ruby Does Puppet Support?
Puppet requires an MRI Ruby interpreter. Certain versions of Ruby are tested more thoroughly with Puppet than others, and some versions are not tested at all. Run ruby –version to check the version of Ruby on your system.

Starting with Puppet 4, puppet-agent packages do not rely on the OS’s Ruby version, as it bundles its own Ruby environment. You can install puppet-agent alongside any version of Ruby or on systems without Ruby installed. Likewise, Puppet Enterprise does not rely on the OS’s Ruby version, as it bundles its own Ruby environment. You can install PE alongside any version of Ruby or on systems without Ruby installed. The Windows installers provided by Puppet Labs don’t rely on the OS’s Ruby version and can be installed alongside any version of Ruby or on systems without Ruby installed.

20. Why would I use store configs?
The immediate use of store configs is exported resources. Exported resources are resources which are prefixed by. Those resources are marked specially so that they can be collected on several other nodes. Some sample use cases are: Share/distribute public keys (ssh or OpenSSL or other types) Build a list of hosts running some services (for monitoring) Build configuration files which require multiple hosts (for instance /etc/resolv.conf can be the concatenation of files exported by your DNS cache hosts.

21. Explain differences in class definition vs declaration?
Defining a class makes it available for later use. It doesn’t yet add any resources to the catalog; to do that, you must declare it or assign it from an ENC.

22. Which scripting language is most important for a DevOps engineer?
Software development and Operational automation require programming. In terms of scripting

Bash is the most frequently used Unix shell which should be your first automation choice. It has a simple syntax and is designed specifically to execute programs in a non-interactive manner. The same stands for Perl which owes a great deal of its popularity to being very good at manipulating text and storing data in databases.

Next, if you are using Puppet or Chef it’s worth learning Ruby which is relatively easy to learn, and so many of the automation tools have been specifically with it.

Java has a huge impact on IT backend, although it has a limited spread across Operations.

23. My servers are all unique; can Puppet still help?
Answer: All servers are at least somewhat unique, but very few servers are unique; hostnames and IP addresses (e.g.) will always differ, but nearly every server runs a relatively standard operating system. Servers are also often very similar to other servers within a single organization — all Solaris servers might have similar security settings, or all web servers might have roughly equivalent configurations — even if they’re very different from servers in other organizations. Finally, servers are often needlessly unique, in that they have been built and managed manually with no attempt at retaining appropriate consistency.

Puppet can help both on the side of consistency and uniqueness. Puppet can be used to express the consistency that should exist, even if that consistency spans arbitrary sets of servers based on any data like operating system, data center, or physical location. Puppet can also be used to handle uniqueness, either by allowing the special provision of what makes a given host unique or through specifying exceptions to otherwise standard classes.

24. How Do I Manage Passwords On Red Hat Enterprise Linux, Centos, And Fedora Core?
Answer: As described in the Type reference, you need the Shadow Password Library, which is provided by the ruby-shadow package. The ruby-shadow library is available natively for fc6 (and higher) and should build on the corresponding RHEL and CentOS variants. 

25. What Happens If I Am On Puppet 2.6x Or Earlier?
Answer: Nothing changes for you. Puppet 2.6.x remains licensed as GPLv2. The license change is not retroactive.

26. Can Puppet run on servers that are unique?
Answer: Puppet can run on servers that are unique. Even though there might be very fewer chances of servers being unique since within an organization there are a lot of similarities that exist like the operating system that they are running on, and so on.

27. What would be a common workflow for using r10K?
 Much of the common workflow depends on the standard git-flow to creating feature branches and making all changes in feature branches, deploying the environment in test mode, and on verification, merging to master branch before cleaning up feature branch. If you are not using the standard git-flow, adapt accordingly. 

28. What is the Puppet Manifests?

  • It is a very important question and just make sure you go in a correct flow according to me you should first define Manifests.
  • Every node (or Puppet Agent) has got its configuration details in Puppet Master, written in the native Puppet language. These details are written in the language which Puppet can understand and are termed as Manifests. Manifests are composed of Puppet code and their filenames use the .pp extension.
  • Now give an example, you can write a manifest in Puppet Master that creates a file and installs apache on all Puppet Agents (Slaves) connected to the Puppet Master.

29. What is Puppet Catalog?
 I will suggest you to first, tell the uses of Puppet Catalog.

When configuring a node, the Puppet Agent uses a document called a catalog, which it downloads from a Puppet Master. The catalog describes the desired state for each resource that should be managed and may specify dependency information for resources that should be managed in a certain order.

If your interviewer wants to know more about it mention the below points:

Puppet compiles a catalog using three main sources of configuration info:

  • Agent-provided data
  • External data
  • Puppet manifests

30. What Characters Are Permitted In A Class Name? In A Module Name? In Other Identifiers?

  • Class names can contain lowercase letters, numbers, and underscores, and should begin with a lowercase letter. “::” can be used as a namespace separator.
  • The same rules should be used when naming defined resource types, modules, and parameters, although modules and parameters cannot use the namespace separator.
  • Variable names can include alphanumeric characters and underscore, and are case-sensitive.

31. What if I haven’t signed a CLA?
Answer: If you haven’t signed a CLA, then we can’t yet accept your code contribution into Puppet or Factor. Signing a CLA is very easy: simply log into your GitHub account and go to our CLA page to sign the agreement.

We’ve worked hard to try to find to everyone who has contributed code to Puppet, but if you have questions or concerns about a previous contribution you’ve made to Puppet and you don’t believe you’ve signed a CLA, please sign a CLA or contact us for further information. 

32. What are Resource types in Puppet?

  • Every resource is associated with a resource type, which determines the kind of configuration it manages.
  • Puppet has many built-in resource types, like files, cron jobs, services, etc. See the resource type reference for information about the built-in resource types. 

33. What is Puppet Kick?
Answer: By default Puppet Agent request to Puppet Master after a periodic time which was known as “run interval”. Puppet Kick is a utility which allows you to trigger Puppet Agent from Puppet Master.

34. Why shouldn’t I use auto-sign for all my clients?
It is very tempting to enable auto-sign for all nodes, as it cuts down on the manual steps required to bootstrap a new node (or indeed to move it to a new puppet master).

Typically this would be done with a *.example.com or even * in the auto-sign.conf file.

This, however, can be very dangerous as it can enable a node to masquerade as another node and get the configuration intended for that node. The reason for this is that the node chooses the certificate common name (‘CN’ – usually its fqdn, but this is fully configurable), and the puppet master then uses this CN to look up the node definition to serve. The certificate itself is stored, so two nodes could not connect with the same CN (e.g. Alice. example.com), but this is not the problem.

The problem lies in the fact that the puppet master does not make a 1-1 mapping between a node and the first certificate it saw for it, and hence multiple certificates can map to the same node, for example,

Alice.example.com connects, gets node Alice { } definition.
bob.example.com connects with CN Alice. bob.example.com, and also matches the node Alice { } definition.
Without auto signing, it would be apparent that bob was trying to get Alice’s configuration – as the puppet cert process lists the full fqdn/CN presented. With auto-sign turned on, bob silently retrieves Alice’s configuration.

35. What are the chef and puppet used for?
Answer: Puppet and Chef are the major configuration management systems on Linux, along with CFEngine, Ansible. More than a configuration management tool, Chef, along with Puppet and Ansible, is one of the industry’s most notable Infrastructure as Code (IAC) tools.

36. What are the core commands of Puppet?

Core commands of Puppet are:

    • Pupper Agent
    • Pupper Server
    • Puppet Apply
    • Puppet Cert
    • Puppet Module
    • Puppet Resource
    • Puppet Config
    • Puppet Parser
    • Puppet Help
    • Puppet Man

37. What’s Special About Puppet’s Model-driven Design?
Traditionally, managing the configurations of a large group of computers has meant a series of imperative steps; in its rawest state, SSH and a for a loop. This general approach grew more sophisticated over time, but it retained the more profound limitations at its root.

Puppet takes a different approach, which is to model everything — the current state of the node, the desired configuration state, the actions taken during configuration enforcement — as data: each node receives a catalog of resources and relationships, compares it to the current system state, and makes changes as needed to bring the system into compliance.

The benefits go far beyond just healing the headaches of configuration drift and unknown system state: modeling systems as data let Puppet simulate configuration changes, track the history of a system over its lifecycle, and prove that refactored manifest code still produces the same system state. It also drastically lowers the barrier to entry for hacking and extending Puppet: instead of analyzing code and reverse-engineering the effects of each step, a user can just parse data, and sysadmins have been able to add significant value to their Puppet deployments with an afternoon’s worth of Perl scripting.

38. How does merging work?
An external node Every node always gets a node object (which may be empty or may contain classes, parameters, and an environment) from the configured node_terminus. (This setting takes effect where the catalog is compiled; on the puppet master server when using an agent/master arrangement, and on the node, itself when using puppet apply. The default node terminus is plain, which returns an empty node object; the exec terminus calls an ENC script to determine what should go in the node object.) Every node may also get a node definition from the site manifest (usually called site.pp).

When compiling a node’s catalog, Puppet will include all the following: Any classes specified in the node object is received from the node terminus Any classes or resources which are in the site manifest but outside any node definitions Any classes or resources in the most specific node definition in the site.pp that matches the current node (if site.pp contains any node definitions)

Note 1: If site.pp contains at least one node definition, it must have a node definition that matches the current node; compilation will fail if a match can’t be found.

Note 2: If the node name resembles a dot-separated fully qualified domain name, Puppet will make multiple attempts to match a node definition, removing the right-most part of the name each time. Thus, Puppet would first try agent1. example.com, then agent1. example, then agent1. This behavior isn’t mimicked when calling an ENC, which is invoked only once with the agent’s full node name. 

Note 3: If no matching node definition can be found with the node’s name, Puppet will try one last time with a node name of default; most users include a node default {} statement on their site.pp file. This behavior isn’t mimicked when calling an ENC.

39. What are the classes?
Classes are named blocks of Puppet code that are stored in modules for later use and are not applied until they are invoked by name. They can be added to a node’s catalog by either declaring them in your manifests or assigning them from an ENC.

Classes generally configure large or medium-sized chunks of functionality, such as all of the packages, config files, and services needed to run an application. 

40. Explain what you mean by ordering and relationships?
By default, Puppet applies resources in the order they’re declared in their manifest. However, if a group of resources must always be managed in a specific order, you should explicitly declare such relationships with relationship meta parameters, chaining arrows, and the require function. Puppet uses four meta parameters to establish relationships, and you can set each of them as an attribute in any resource. The value of any relationship meta parameter should be a resource reference (or array of references) pointing to one or more target resources. before – Applies a resource before the target resource. require – Applies a resource after the target resource. notify – Applies a resource before the target resource. The target resource refreshes if the notifying resource changes. subscribe – Applies a resource after the target resource. The subscribing resource refreshes if the target resource changes.

If two resources need to happen in order, you can either put a before attribute in the prior one or a required attribute in the subsequent one; either approach creates the same relationship. The same is true of notifying and subscribe. 

41. Explain how DevOps is helpful to developers?
DevOps brings faster and more frequent release cycles which allow developers to identify and resolve issues immediately as well as implementing new features quickly.

Since DevOps is what makes people do better work by making them wear different hats, Developers who collaborate with Operations will create software that is easier to operate, more reliable, and ultimately better for the business.

42. What is an MX record?
An MX record tells senders how to send an email for your domain. When your domain is registered, it’s assigned several DNS records, which enable your domain to be located on the Internet. These include MX records, which direct the domain’s mail flow. Each MX record points to an email server that’s configured to process mail for that domain. There’s typically one record that points to a primary server, then additional records that point to one or more backup servers. For users to send and receive an email, their domain’s MX records must point to a server that can process their mail.

43. What is module path in Puppet?
The Puppetmaster service and the puppet apply command both load most of their content from modules. (See the page on module structure and behavior for more details.)

Puppet automatically loads modules from one or more directories. The list of directories Puppet will find modules in is called the modulepath.

44. How should I upgrade Puppet and Factor?
The best way to install and upgrade Puppet and Factor is via your operating system’s package management system, using either your vendor’s repository or one of Puppet Labs’ public repositories.

If you have installed Puppet from source, make sure you remove old versions entirely (including all application and library files) before upgrading. Configuration data (usually located in/etc/puppet or /var/lib/puppet, although the location can vary) can be left in place between installs.

45. Does Puppet runs on windows?
 Yes. As of Puppet 2.7.6 basic types and providers do run on Windows, and the test suite is being run on Windows to ensure future compatibility.

46. What is Puppet Module and How it is different from Puppet Manifest?
For this answer, I will prefer the below-mentioned explanation:

A Puppet Module is a collection of Manifests and data (such as facts, files, and templates), and they have a specific directory structure. Modules are useful for organizing your Puppet code because they allow you to split your code into multiple Manifests. It is considered the best practice to use Modules to organize almost all of your Puppet Manifests.

Puppet programs are called Manifests. Manifests are composed of Puppet code and their file names use the .pp extension.

47. Who Is Puppet Labs?
 Puppet Labs (formerly Reductive Labs) is a small, private company focused on re-framing the server automation problem.

48. How Do All Of These Variables, Like $operatingsystem, Get Set?
Answer: The variables are all set by Factor. You can get a full listing of the available variables and their values by running faster by itself in a shell. 

49. Depending on your environment, this may not present a significant risk. It essentially boils down to the question ‘Do I trust everything that can connect to my puppet master?
 If you do still choose to have a permanent, or semi-permanent, permissive auto sign.conf, please consider doing the following:

Firewall your puppet master – restrict port tcp/8140 to only networks that you trust.

Create puppet masters for each ‘trust zone’, and only include the trusted nodes in that Puppet masters manifest.

Never use a full wildcard such as *.

50. What is Factor?
Answer: Sometimes you need to write manifests on conditional experession based on agent-specific data which is available through Factor. Factor provides information like Kernel version, Dist release, IP Address, CPU info and etc. You can define your factor also.

51. How Does Puppet work?
Answer: For this question just explain Puppet Architecture. Refer to the diagram below:

The following functions are performed in the above image:

The Puppet Agent sends the Facts to the Puppet Master. Facts are basically key/value data pair that represents some aspect of a Slave state, such as its IP address, up-time, operating system, or whether it’s a virtual machine. I will explain Facts in detail later in the blog.

Puppet Master uses the facts to compile a Catalog that defines how the Slave should be configured. Catalogis a document that describes the desired state for each resource that the Puppet Master manages on a Slave. I will explain catalogs and resources in detail later.

Puppet Slave reports back to Master indicating that Configuration is complete, which is visible in the Puppet dashboard.
Now the interviewer might dig in deep, so the next set of Puppet interview questions will test your knowledge about various components of Puppet.

52. Does Puppet Run On Windows?
Yes. As of Puppet 2.7.6 basic types and providers do run on Windows, and the test suite is being run on Windows to ensure future compatibility. More information can be found on the Puppet on Windows page, and bug reports and patches are welcome.

53. What is Puppet apply?
Answer: Puppet apply manages systems without needing to contact a Puppet master server. It compiles its own configuration catalog, using Puppet modules and various other data sources, then immediately applies the catalog.

54. What is a puppet module command?
 The puppet module command provides an interface for managing modules from the Puppet Forge. Its interface is similar to several common package managers (such as gem, apt-get, or yum). You can use the puppet module command to search for, install, and manage modules.

55. Why does Puppet have its language? Why not use XML or YAML as the configuration format? Why not use Ruby as the input language?
The language used for manifests is ultimately Puppet’s human interface, and XML and YAML, being data formats developed around the processing capabilities of computers, are horrible human interfaces. While some people are comfortable reading and writing them, there’s a reason why we use web browsers instead of just reading the HTML directly. Also, using XML or YAML would limit any assurance that the interface was declarative – one process might treat an XML configuration differently from another.

Note: Browse latest Devops Interview Questions and Devops training videos. Here you can check Devops Online Training details and Devops Training Videos for self learning. Contact +91 988 502 2027 for more information.

Leave a Comment