top of page

Puppet in Complex Enterprise Environments

Enterprise IT environments are usually complex, heterogeneous and spread across multiple data centers. Server deployment usually takes multiple days unless the proper automation or system is in place. Configuration drift, IT compliance, agility and visibility are other challenges. To address such challenges, Sys Admins or DevOps Engineers often prefer to go with configuration management and automation tools like Puppet, Chef, Ansible, etc.

What is Puppet

Puppet is the model-driven open-source Configuration Management tool from PuppetLabs. It’s written in C++, Ruby, and has a well-developed user interface and a Command-line interface (CLI) that uses either a Ruby-derived Domain Specific Language (DSL) or pure Ruby code.

When using Puppet …

  1. Reduce cycle times to get more software deployed

  2. Make fast, iterative changes

  3. Define a configuration once, and apply it to thousands of machines

  4. Automatically remediate configuration drift

  5. Get detailed insight into hardware and software configurations

Puppet supports the following operating systems.

  1. Red Hat Enterprise Linux (RHEL)

  2. Windows (support Puppet agent only)

  3. Ubuntu

  4. Debian

  5. Solaris

  6. Scientific Linux

  7. CentOS

  8. Oracle Linux

  9. AIX


Puppet usually follows client-server architecture. The client is known as Agent and the server is known as Master. But Master can only be installed in *nux OS. It is installed on one or more servers and the systems that need to be configured install Puppet Agent. Puppet Agents communicate with the Master and fetch configuration instructions. The Agent then applies the configuration on the system and sends the status report to the Master. Devices can run Puppet Agent as a daemon (or service in windows), that can be triggered periodically as a Cron job or can be run manually whenever needed.

How Puppet Works

Puppet provides the ability to define which software and configuration a system requires and then maintain a specified state after an initial setup.

You use a declarative DSL (Domain Specific Language) that is similar to Ruby to define configuration parameters for a specific environment or infrastructure. Puppet discovers information about a system by using a utility called ‘Facter’, which gets installed when you install the Puppet software package.

The Puppet master is the system that manages important configuration information for all of the nodes that it controls by using manifests. (The various resources that you need to declare for a specific configuration are stored in files that are called manifests. Manifests contain Puppet code)

The nodes that the master controls are those that have Puppet installed on them and are running the Puppet agent, which is a daemon (or service). The configuration information that the agent collects about a node is sent to the Puppet master. The Puppet master then compiles a catalog based on how the node should be configured. Each node uses that information to apply any necessary configuration updates to it-self.

Puppet works by using a pull mode, where agents poll the master at regular intervals (every 30 minutes) to retrieve site-specific and node-specific configurations. In this infrastructure, managed nodes run the Puppet agent application, typically as a background service.

About the Puppet Master

The Puppet master is a daemon that runs on a designated server(s) and is the primary source of configuration data and authority for Puppet. The master provides instructions for all of the nodes that are part of the Puppet infrastructure. Because some aspects of component configuration depend on the configuration of other components, the server that is designated as the Puppet master is required to be aware of the system's entire configuration. The master is responsible for several actions, including the following:

  1. Compiling the catalog for the agents

  2. Transferring files from a file server

  3. Sending reports to a central instance

About the Puppet Agent

The Puppet daemon (service in windows) that runs on a target system (or node) is known as the Puppet agent. The agent must have the appropriate privileges for the node on which it is enabled so that it can apply the configuration catalogs that it pulls from the Puppet master. The agent gains communication privileges from the master server by requesting a Secure Socket Layer (SSL) certificate the first time that it contacts the master. Subsequently, whenever the agent polls the master for configuration updates, it only receives updates if its certificate is valid.

The Puppet agent that runs on each of the target nodes must have the ability to modify most aspects of the system's configuration. This requirement enforces the state in which the master has indicated the agent should be. Because so much access to the system is required by the puppet agent, it is run as the root user or a user who is assigned the Puppet Management rights profile.

Puppet Code Basics


Puppet code is composed primarily of resource declarations. A resource describes something about the state of the system, such as a certain user or file should exist, or a package should be installed.

Puppet provides a Domain Specific Language (DSL) that expresses the intended state of a system’s configuration through collections of resources. Resources are declared in Puppet’s DSL with the following syntax:


# User Kamal should exist

# Create folder Temp1 (Windows)

# File foo.txt should exist before adding contents to it (Windows)

# Install apache2 package

# To stop Windows Time service

# Schedule a windows task to delete files in Temp folder


Puppet programs are called manifests. Manifests are composed of puppet code and their filenames use the .pp extension.


In Puppet, classes are code blocks that can be called in a code elsewhere. Using classes allows you reuse to Puppet code, and can make reading manifests easier.


A module is a collection of manifests and data (such as facts, files, and templates), and they have a specific directory structure. Modules are useful for organizing your Puppet code, because they allow you to split your code into multiple manifests.

Puppet Enterprise console UI

The Puppet Enterprise console is the web-based user interface for managing your systems.

The console can:

  1. browse and compare resources on your nodes in real time

  2. analyze events and reports to help you visualize your infrastructure over time

  3. browse inventory data and backed-up file contents from your nodes

  4. group and classify nodes, and control the Puppet classes they receive in their catalogs

  5. manage user access, including integration with external user directories

Author: Indika Ranasinghe is a DevOps engineer at CMS - Remote Technology Center of Bluecorp. Indika has over 20 years of industry knowledge and he is certified in Microsoft Azure, AWS, RedHat and Oracle Cloud.


bottom of page