The only way is up: Puppet’s cloud-infra automation platform Relay hits GA

puppet automation

With on-premises taken care of, Puppet used 2020 to present its first focused foray into cloud-infrastructure automation by unleashing Relay on willing beta testers. A good 10 months later, the workflow automation platform has reached general availability and now looks to bridge the divide between estates. 

Workflows are Relay’s focal point and describe a sort of pipeline for task automation, which is made up of triggers (alerts for example) and steps (like opening a JIRA ticket and informing the on-call team). They can be created and edited either through a UI, which lets users build something similar to a process graph, or writing YAML code.

Balancing ease of use with options to make code modifications that reflect more specialised workflows was one of the tasks Puppet worked on since putting Relay forward, Puppet CTO Deepak Giridharagopal told DevClass in a call last week. 

“We present people with this low-code experience for actually selecting what steps you want, auto-completing all the parameters that you need to put in, letting you quickly and easily search for things in the ecosystem, and add steps together to build a workflow. Yet, at the same time, every single thing that a user does is also one-to-one reflected in a pretty simple code base notation behind it,” he said.

“The things we wanted to avoid was a situation where there were plenty of tools where you create something in a designer, and then the code that it generates … sure, it’s code, but it’s like 12,000 lines – no one can understand it.”

The Relay platform follows an event-driven approach, and provides functionality to pause workflows until certain external triggers are released. The idea is for teams to have an easier time implementing timed runs, or manual approval mechanisms, which often throw a spanner into automation works. And to make all the logic reusable and shareable between teams, there are capabilities to duplicate steps which can then be combined into new workflows. 

According to Giridharagopal, this is largely possible because of Relay’s container-focused architecture. “Every step is itself really just a container, which means that you can build a step in any language you want, you don’t have to be an expert programmer, and it makes it extremely easy to connect them in different ways,” he told DevClass. “That has allowed for a pretty big variety in the kinds of workflows people build.”

In case you were wondering, parallel processes are definitely an option and despite starting out as a CD tool, beta customers have helped to move the project to a place where it now covers use-cases ranging from incident response and self-healing infrastructure to compliance scenarios.

Developers interested in more of the Relay internals should head over to GitHub, where Puppet published the Kubernetes-based execution backend of the project. The container orchestrator aside, it makes use of CI/CD software Tekton, Knative’s serving component, and the Ambassador API Gateway. “Sometimes people think how hard can it really be to just receive some events from a couple of different tools, and then launch something,” Giridharagopal told DevClass. “That doesn’t seem like rocket science until you try to do it.”

Although many companies have agreed on web hooks to trigger actions, things tend to get complex when building a managed service which needs to be able to provide different services for all the possible events and user/vendor combinations out there. “Whenever events happen, they’ll trigger a web hook, and you go into your tool and say, here’s the URL I want you to hit whenever something happens.” 

However, you mostly can’t use the same URL for all the different vendors, since processing might need to look different for each of them, and then there’s the issue of external accessibility which tools like GitHub or Docker Hub need.

“So what we needed was a networking kind of abstraction layer that allowed us to [..] have uniquely generated subdomains. If you go into Relay and you add a trigger, and it’s going to receive a webhook, we will automatically dynamically provision a subdomain for you [..] and then that’s the URL that you can hand the third party.”

“Behind the scenes, whenever we receive that web hook, we need to have a listener that works at that subdomain. It has to be a dynamic system, as users add and remove web hooks, and then once we get the payload, we need to route that inside of our internal kind of a Kubernetes cluster.” 

The API gateway helps with all of that and also makes sure everything happens on time, because “if you don’t respond in a certain number of seconds, then [the event] is gone and some tools do not make it easy to send it again”.

Besides perfecting workflow generation and adding features for authentication, Puppet also worked towards its goal of making Relay work with on-premises components, since at its inception it was cloud-only which doesn’t reflect the reality of most enterprise customers. In a first step, integration with Puppet and Puppet Enterprise became available to handle mixed estates, though Giridharagopal sees the open source proxy used for that to be easily modifiable to work for shell scripts or other automation tooling as well.

Coming up, Relay is going to get more compliance-specific features to generate reports and listen to different kinds of events, as well as prepackaged content that implements certain security standards. Apparently there’s also some demand for workflows that automatically check for compliance violations and offer ways of fixing it, but getting there might still take a while.

Relay being generally available also means Puppet has reworked its pricing options. Customers can now decide between a Community, Team and Enterprise edition. Community is a free offering which allows one user to have 100 workflows, though only one is allowed to run at a time. 

The team tier can be used for up to 30 users and sets organisations back $20 per user and month. On top of the functionality of the free version, it will provide users with the ability to run 10 concurrent workflows, though 500 workflows in total are allowed, and include more enterprise-like authentication features. Pricing for the Enterprise tier is available on request. The version includes access for up to 5000 users, 50 concurrent workflows, and the option to connect to Puppet Enterprise. 
More information is available via the Relay website.