What is Puppet?

Puppet is a domain-specific language for describing system configurations and a client-server runtime system that implements Puppet configurations (known as manifests) on machines. To a first approximation, a manifest specifies a collection of resources, their desired state, and their inter-dependencies. Puppet has several abstractions that allow you to write clean, modular manifests. In addition, there are thousands of community-supported modules available on Puppet Forge that can be easily integrated into a system configuration.

What is Rehearsal?

The Puppet runtime implements some basic checks on manifests, but they only prevent a small range of errors. Several things can go wrong when a manifest is actually deployed. Rehearsal is a static verification tool for Puppet. It uses a model of the file-system state and Puppet's semantics to verify that manifests don't violate safety properties.

The Rehearsal demo on this website verifies that a manifest is deterministic and idempotent, which are two basic properties that all manifests should have. It is also straightforward to check custom post-conditions, if desired. To learn more about Rehearsal, we encourage you to read the technical paper.