Version information
This version is compatible with:
- Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >= 4.7.0 < 7.0.0
- CentOS
Plans:
- clean
- install
- bootstrap
- clean
- sign
- clean
- sign
Start using this module
Documentation
puppet
1) rpm -Uvh https://yum.puppet.com/puppet5-release-el-7.noarch.rpm 2) yum -y install puppet-agent
bootstrap
3) echo -e "[main]\nserver = " >> /etc/puppetlabs/puppet/puppet.conf
in case if not first installation
4) find /etc/puppetlabs/puppet/ -name "$(hostname)" -delete 5) /opt/puppetlabs/bin/puppet agent --test
See REFERENCE.md for some details
Reference
Table of Contents
Classes
puppet: A short summary of the purpose of this classpuppet::agent::bootstrap: Puppet bootstrap commandspuppet::agent::config: Configure Puppet Agent settingspuppet::agent::install: Puppet 5 agent installationpuppet::agent::ssl::clean: Remove Puppet cerificate and keys on the hostpuppet::config: Setup Puppet configuration file (puppet.conf)puppet::enc: Install ENC scriptpuppet::params: A short summary of the purpose of this classpuppet::profile::master: Puppet server installationpuppet::r10k::install: R10K installation on the serverpuppet::repo: Setup Puppet Platform repositorypuppet::server::ca::allow: Adjust Puppet auth.conf to allow 'puppetserver ca' commandpuppet::server::install: Puppet server package installationpuppet::server::setup: Puppet server environment setuppuppet::service: Puppet server service managementpuppet::setup: Puppet node environment setup (either agent or server host)
Defined types
puppet::server::ca::clean: Puppet certificate cleanup callpuppet::server::ca::sign: Puppet certificate sign
Resource types
puppet_auth_rule: Create or remove the rule.
Data types
Plans
puppet::agent5::cleanpuppet::agent5::installpuppet::bootstrappuppet::cert::clean: Clean node certificates on Puppet serverpuppet::cert::sign: Sign node certificates on Puppet serverpuppet::server::clean: Clean node certificates on Puppet controller nodepuppet::server::sign: Sign node certificates on Puppet controller node
Classes
puppet
puppet
Puppet 5 installation module
Examples
include puppet
Parameters
The following parameters are available in the puppet class.
environment
Data type: String
production_remote
Data type: String
server
Data type: String
ca_server
Data type: Optional[String]
dns_alt_names
Data type: Optional[Array[String]]
server_ipaddress
Data type: Optional[String]
hosts_update
Data type: Boolean
agent_version
Data type: String
master
Data type: Boolean
server_version
Data type: String
server_service_ensure
Data type: String
server_service_enable
Data type: Boolean
use_common_env
Data type: Boolean
common_envname
Data type: String
common_remote
Data type: String
basemodulepath
Data type: Optional[Stdlib::Absolutepath]
strict
Data type: Puppet::Strictness
strict_variables
Data type: Boolean
daemonize
Data type: Boolean
onetime
Data type: Boolean
runtimeout
Data type: Optional[Puppet::TimeUnit]
http_read_timeout
Data type: Puppet::TimeUnit
ordering
Data type: Puppet::Ordering
priority
Data type: Optional[Puppet::Priority]
usecacheonfailure
Data type: Boolean
autosign
Data type: Optional[Puppet::Autosign]
environment_timeout
Data type: Puppet::TimeUnit
sameca
Data type: Boolean
allow_duplicate_certs
Data type: Boolean
use_enc
Data type: Boolean
enc_template
Data type: String
enc_data_source
Data type: Optional[Stdlib::Absolutepath]
use_enc_env
Data type: Boolean
enc_envname
Data type: String
enc_remote
Data type: String
use_puppetdb
Data type: Boolean
r10k_config_setup
Data type: Boolean
r10k_yaml_template
Data type: String
r10k_cachedir
Data type: String
environment_setup_on_each_run
Data type: Boolean
puppet::agent::bootstrap
Puppet bootstrap commands
Examples
include puppet::agent::bootstrap
Parameters
The following parameters are available in the puppet::agent::bootstrap class.
puppet_path
Data type: Stdlib::Unixpath
Default value: $puppet::params::puppet_path
options
Data type: String
Default value: '--test'
hostprivkey
Data type: Stdlib::Unixpath
Default value: $puppet::params::hostprivkey
hostcert
Data type: Stdlib::Unixpath
Default value: $puppet::params::hostcert
puppet::agent::config
Configure Puppet Agent settings
Examples
include puppet::agent::config
Parameters
The following parameters are available in the puppet::agent::config class.
server
Data type: Stdlib::Fqdn
Default value: 'puppet'
node_environment
Data type: String
Default value: 'production'
onetime
Data type: Boolean
Default value: true
runtimeout
Data type: Puppet::TimeUnit
Default value: '10m'
puppet::agent::install
puppet::agent::install
Puppet 5 agent installation
Examples
include puppet::agent::install
Parameters
The following parameters are available in the puppet::agent::install class.
agent_package_name
Data type: String
Default value: $puppet::params::agent_package_name
agent_version
Data type: String
Default value: $puppet::agent_version
puppet::agent::ssl::clean
Remove Puppet cerificate and keys on the host
Examples
include puppet::agent::ssl::clean
Parameters
The following parameters are available in the puppet::agent::ssl::clean class.
hostprivkey
Data type: Stdlib::Unixpath
Default value: $puppet::params::hostprivkey
hostpubkey
Data type: Stdlib::Unixpath
Default value: $puppet::params::hostpubkey
hostcert
Data type: Stdlib::Unixpath
Default value: $puppet::params::hostcert
hostreq
Data type: Stdlib::Unixpath
Default value: $puppet::params::hostreq
localcacert
Data type: Stdlib::Unixpath
Default value: $puppet::params::localcacert
puppet::config
Setup Puppet configuration file (puppet.conf)
Examples
include puppet::config
Parameters
The following parameters are available in the puppet::config class.
basemodulepath
Data type: Optional[Stdlib::Absolutepath]
The search path for global modules. Should be specified as a list of directories separated by the system path separator character. (The POSIX path separator is ':', and the Windows path separator is ';'.) These are the modules that will be used by all environments. Note that the modules directory of the active environment will have priority over any global directories. For more info, see https://docs.puppet.com/puppet/latest/environments.html Default: $codedir/modules:/opt/puppetlabs/puppet/modules
Default value: $puppet::basemodulepath
common_envname
Data type: String
String. Default is 'common'. Name of common environment which will consists global Hiera config (data/global.yaml) and glomal modules (see use_common_env and basemodulepath)
Default value: $puppet::common_envname
use_common_env
Data type: Boolean
If set to true then basemodulepath will set to "${environmentpath}/${common_envname}/modules" only if basemodulepath parameter (see above) is not defined.
Default value: $puppet::use_common_env
dns_alt_names
Data type: Optional[Array[String]]
Array of String or undef. A comma-separated list of alternate DNS names for Puppet Server. These are extra hostnames (in addition to its certname) that the server is allowed to use when serving agents. Puppet checks this setting when automatically requesting a certificate for Puppet agent or Puppet Server, and when manually generating a certificate with puppet cert generate. In order to handle agent requests at a given hostname (like "puppet.example.com"), Puppet Server needs a certificate that proves it’s allowed to use that name; if a server shows a certificate that doesn’t include its hostname, Puppet agents will refuse to trust it. If you use a single hostname for Puppet traffic but load-balance it to multiple Puppet Servers, each of those servers needs to include the official hostname in its list of extra names. Note: The list of alternate names is locked in when the server’s certificate is signed. If you need to change the list later, you can’t just change this setting; you also need to:
- On the server: Stop Puppet Server.
- On the CA server: Revoke and clean the server’s old certificate. (puppet cert clean )
- On the server: Delete the old certificate (and any old certificate signing requests) from the ssldir.
- On the server: Run puppet agent -t --ca_server to request a new certificate
- On the CA server: Sign the certificate request, explicitly allowing alternate names (puppet cert sign --allow-dns-alt-names ).
- On the server: Run puppet agent -t --ca_server to retrieve the cert.
- On the server: Start Puppet Server again. To see all the alternate names your servers are using, log into your CA server and run puppet cert list -a, then check the output for (alt names: ...). Most agent nodes should NOT have alternate names; the only certs that should have them are Puppet Server nodes that you want other agents to trust.
Default value: $puppet::dns_alt_names
environment_timeout
Data type: Puppet::TimeUnit
Puppet::TimeUnit. Default - 0. How long the Puppet master should cache data it loads from an environment. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). A value of 0 will disable caching. This setting can also be set to unlimited, which will cache environments until the master is restarted or told to refresh the cache. You should change this setting once your Puppet deployment is doing non- trivial work. We chose the default value of 0 because it lets new users update their code without any extra steps, but it lowers the performance of your Puppet master. We recommend setting this to unlimited and explicitly refreshing your Puppet master as part of your code deployment process.
- With Puppet Server, you should refresh environments by calling the environment-cache API endpoint. See the docs for the Puppet Server administrative API.
- With a Rack Puppet master, you should restart the web server or the application server. Passenger lets you touch a restart.txt file to refresh an application without restarting Apache; see the Passenger docs for details. We don’t recommend using any value other than 0 or unlimited, since most Puppet masters use a pool of Ruby interpreters which all have their own cache timers. When these timers drift out of sync, agents can be served inconsistent catalogs. Default: 0
Default value: $puppet::environment_timeout
sameca
Data type: Boolean
Whether the master should function as a certificate authority. Default: true
Default value: $puppet::sameca
allow_duplicate_certs
Data type: Boolean
Whether to allow a new certificate request to overwrite an existing certificate. Default: false
Default value: $puppet::allow_duplicate_certs
use_enc
Data type: Boolean
When enabled, Puppet will use external nodes classifier script which defined in puppet::params::external_nodes variable
Default value: $puppet::use_enc
puppet_master
Data type: Boolean
Default value: $puppet::master
server
Data type: String
Default value: $puppet::server
ca_server
Data type: Optional[String]
Default value: $puppet::ca_server
strict
Data type: Puppet::Strictness
Default value: $puppet::strict
strict_variables
Data type: Boolean
Default value: $puppet::strict_variables
daemonize
Data type: Boolean
Default value: $puppet::daemonize
onetime
Data type: Boolean
Default value: $puppet::onetime
http_read_timeout
Data type: Puppet::TimeUnit
Default value: $puppet::http_read_timeout
ordering
Data type: Puppet::Ordering
Default value: $puppet::ordering
priority
Data type: Optional[Puppet::Priority]
Default value: $puppet::priority
usecacheonfailure
Data type: Boolean
Default value: $puppet::usecacheonfailure
autosign
Data type: Optional[Puppet::Autosign]
Default value: $puppet::autosign
use_puppetdb
Data type: Boolean
Default value: $puppet::use_puppetdb
puppet_config
Data type: Stdlib::Absolutepath
Default value: $puppet::params::puppet_config
environmentpath
Data type: Stdlib::Absolutepath
Default value: $puppet::params::environmentpath
external_nodes
Data type: Stdlib::Absolutepath
Default value: $puppet::params::external_nodes
node_environment
Data type: Optional[String]
Default value: undef
runtimeout
Data type: Optional[Puppet::TimeUnit]
Default value: $puppet::runtimeout
puppet::enc
puppet::enc
Install ENC script
Examples
include puppet::enc
Parameters
The following parameters are available in the puppet::enc class.
enc_template
Data type: String
Default value: $puppet::enc_template
enc_data_source
Data type: Optional[Stdlib::Absolutepath]
Default value: $puppet::enc_data_source
enc_envname
Data type: String
Default value: $puppet::enc_envname
ruby_path
Data type: Stdlib::Absolutepath
Default value: $puppet::params::ruby_path
external_nodes
Data type: Stdlib::Absolutepath
Default value: $puppet::params::external_nodes
puppet::params
puppet::params
A description of what this class does
Examples
include puppet::params
puppet::profile::master
Puppet single host installation (Puppet Agent/Server/PuppetDB)
Examples
include puppet::profile::master
Parameters
The following parameters are available in the puppet::profile::master class.
use_puppetdb
Data type: Boolean
Boolean. Default is true. If set puppet.conf will be set to use PuppetDB for storeconfigs and reports storage. Also PuppetDB will be managed through puppetlabs-puppetdb module (including PostgreSQL database)
Default value: true
puppetdb_server
Data type: String
String. Default is 'puppet'. Server name for PuppetDB. Puppetdb::Master::Config class (from puppetlabs-puppetdb) use ::fqdn for check connection to PuppetDB server. As ::fqdn could be ot resolvable it is possible to set up server name via parameter puppetdb_server. Class '::puppet' by default set into /etc/hosts file record 127.0.0.1 puppet therefore hostname 'puppet' is resolvable. If you changed this behavior - you should properly set parameter puppetdb_server as well
Default value: 'puppet'
manage_puppet_config
Data type: Boolean
Boolean. Default is false. If set then class Puppetdb::Master::Config will check puppet.conf (using Ini_setting resources) for proper setup of report/reports and storeconfigs/storeconfigs_backend directives. By default class Puppet generates Puppet config from template therefore we do not manage it inside class Puppetdb::Master::Config.
Default value: false
postgres_local
Data type: Boolean
Boolean. Default is true. If set then class Puppetdb will use puppetlabs/postgresql for Postgres database server management and PuppetDB database setup
Default value: true
manage_puppetdb_firewall
Data type: Boolean
Boolean. Default is false. If set than class Puppetdb::Server will use puppetlabs/firewall for firewall rules setup, iptables/ip6tables services management
Default value: false
server
Data type: String
Default value: 'puppet'
postgres_database_name
Data type: String
Default value: 'puppetdb'
postgres_database_username
Data type: String
Default value: 'puppetdb'
postgres_database_password
Data type: String
Default value: 'puppetdb'
r10k_cachedir
Data type: String
Default value: '/var/cache/r10k'
puppet::r10k::install
puppet::install::r10k
R10K installation on the server
Examples
include puppet::install::r10k
Parameters
The following parameters are available in the puppet::r10k::install class.
r10k_package_name
Data type: String
Default value: $puppet::params::r10k_package_name
gem_path
Data type: Stdlib::Absolutepath
Default value: $puppet::params::gem_path
r10k_path
Data type: Stdlib::Absolutepath
Default value: $puppet::params::r10k_path
puppet::repo
puppet::repo
Setup Puppet Platform repository
Examples
include puppet::repo
Parameters
The following parameters are available in the puppet::repo class.
package_name
Data type: String
Default value: $puppet::params::package_name
package_filename
Data type: String
Default value: $puppet::params::package_filename
package_provider
Data type: String
Default value: $puppet::params::package_provider
platform_repository
Data type: String
Default value: $puppet::params::platform_repository
puppet::server::ca::allow
Adjust Puppet auth.conf to allow 'puppetserver ca' command
Examples
include puppet::server::ca::allow
Parameters
The following parameters are available in the puppet::server::ca::allow class.
puppet_master
Data type: Boolean
Default value: true
server
Data type: String
Default value: $puppet::server
ca_server
Data type: Optional[String]
Default value: undef
puppet::server::install
puppet::install::server
Puppet server package installation
Examples
include puppet::install::server
Parameters
The following parameters are available in the puppet::server::install class.
server_version
Data type: String
puppetserver package version or one of puppet Package resource ensure parameter values (latest, installed, absent)
Default value: $puppet::server_version
server_package_name
Data type: String
Default value: $puppet::params::server_package_name
puppet::server::setup
puppet::setup::server
This class setup dynamic environments using r10k invocation. If r10k is not configured, than it will setup it from template
Examples
include puppet::setup::server
Parameters
The following parameters are available in the puppet::server::setup class.
r10k_config_setup
Data type: Boolean
Default value: $puppet::r10k_config_setup
r10k_yaml_template
Data type: String
Default value: $puppet::r10k_yaml_template
production_remote
Data type: String
Default value: $puppet::production_remote
use_common_env
Data type: Boolean
Default value: $puppet::use_common_env
common_remote
Data type: String
Default value: $puppet::common_remote
use_enc
Data type: Boolean
Default value: $puppet::use_enc
enc_remote
Data type: String
Default value: $puppet::enc_remote
cachedir
Data type: Stdlib::Absolutepath
Default value: $puppet::r10k_cachedir
r10k_config_file
Data type: Stdlib::Absolutepath
Default value: $puppet::params::r10k_config_file
r10k_path
Data type: Stdlib::Absolutepath
Default value: $puppet::params::r10k_path
environmentpath
Data type: Stdlib::Absolutepath
Default value: $puppet::params::environmentpath
eyaml_keys_path
Data type: Stdlib::Absolutepath
Default value: $puppet::params::eyaml_keys_path
eyaml_public_key
Data type: String
Default value: $puppet::params::eyaml_public_key
eyaml_private_key
Data type: String
Default value: $puppet::params::eyaml_private_key
setup_on_each_run
Data type: Boolean
Default value: $puppet::environment_setup_on_each_run
puppet::service
puppet::service
Puppet server service management
Examples
include puppet::service
Parameters
The following parameters are available in the puppet::service class.
server_service_ensure
Data type: String
Default value: $puppet::server_service_ensure
server_service_enable
Data type: Boolean
Default value: $puppet::server_service_enable
service_name
Data type: String
Default value: $puppet::params::service_name
puppet::setup
puppet::setup
Puppet node environment setup
Examples
include puppet::setup
Parameters
The following parameters are available in the puppet::setup class.
server_name
Data type: String
Default value: $puppet::server
hosts_update
Data type: Boolean
Default value: $puppet::hosts_update
server_ipaddress
Data type: Optional[String]
Default value: $puppet::server_ipaddress
dns_alt_names
Data type: Optional[Array[String]]
Default value: $puppet::dns_alt_names
Defined types
puppet::server::ca::clean
Puppet certificate cleanup call
Examples
puppet::server::ca::clean { 'namevar': }
Parameters
The following parameters are available in the puppet::server::ca::clean defined type.
certname
Data type: String
Certificate name for which run puppetserver ca clean command
Default value: $name
puppet::server::ca::sign
Puppet certificate sign
Examples
puppet::server::ca::sign { 'namevar': }
Parameters
The following parameters are available in the puppet::server::ca::sign defined type.
certname
Data type: String
Certificate name, for which run command puppetserver ca sign
Default value: $name
Resource types
puppet_auth_rule
Create or remove the rule.
Properties
The following properties are available in the puppet_auth_rule type.
allow
If the request's authenticated name matches the parameter's value, Puppet Server allows it.
allow_unauthenticated
Valid values: true, false
Enable domain (default)
deny
Refuses the request if the authenticated name matches - even if the rule contains an allow value that also matches.
ensure
Valid values: present, absent
Create or remove the rule.
Default value: present
match_request_method
Valid values: get, post, put, delete, head
Puppet Server applies that rule only to requests that use its value's listed HTTP methods.
match_request_path
The parameter path can be a literal string or regular expression
match_request_type
Valid values: regex, path
Type of the perameter path. The parameter path can be a literal string or regular expression.
sort_order
Valid values: %r{\d+}
Sets the order in which Puppet Server evaluates the rule by prioritizing it on a numeric value between 1 and 399 (to be evaluated before default Puppet rules) or 601 to 998 (to be evaluated after Puppet), with lower-numbered values evaluated first.
Default value: 500
Parameters
The following parameters are available in the puppet_auth_rule type.
name
namevar
Unique string value identifies the rule to Puppet Server
provider
The specific backend to use for this puppet_auth_rule resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
Data types
Puppet::Autosign
The Puppet::Autosign data type.
Alias of Variant[Boolean, Stdlib::Absolutepath]
Puppet::Ordering
The Puppet::Ordering data type.
Alias of Enum['manifest', 'title-hash', 'random']
Puppet::Priority
The Puppet::Priority data type.
Alias of Variant[Enum['high', 'normal', 'low', 'idle'], Integer]
Puppet::Strictness
The Puppet::Strictness data type.
Alias of Enum['off', 'warning', 'error']
Puppet::TimeUnit
The Puppet::TimeUnit data type.
Alias of Variant[Integer, Pattern[/^[0-9]+[ydhms]?$/]]
Plans
puppet::agent5::clean
The puppet::agent5::clean class.
Parameters
The following parameters are available in the puppet::agent5::clean plan.
targets
Data type: TargetSpec
puppet::agent5::install
The puppet::agent5::install class.
Parameters
The following parameters are available in the puppet::agent5::install plan.
targets
Data type: TargetSpec
puppet::bootstrap
The puppet::bootstrap class.
Parameters
The following parameters are available in the puppet::bootstrap plan.
targets
Data type: TargetSpec
server
Data type: Stdlib::Fqdn
puppet::cert::clean
Bolt plan which run puppetserver ca clean command for each node on Puppet controller node. The Bolt plan targets are Nodes
Parameters
The following parameters are available in the puppet::cert::clean plan.
targets
Data type: TargetSpec
Nodes for which certificate should be cleaned
server
Data type: Stdlib::Fqdn
Puppet controller server(s) on which certificate should be cleaned
puppet::cert::sign
Bolt plan which run puppetserver ca sign command for each node on Puppet controller node. The Bolt plan targets are Nodes
Parameters
The following parameters are available in the puppet::cert::sign plan.
targets
Data type: TargetSpec
Nodes for which certificate signing requests should be signed
server
Data type: Stdlib::Fqdn
Puppet controller server(s) on which certificate should be signed
puppet::server::clean
Bolt plan which run puppetserver ca clean command for each node on Puppet controller node as Bolt plan target
Parameters
The following parameters are available in the puppet::server::clean plan.
targets
Data type: TargetSpec
Puppet server(s) where certificate should be cleaned
nodes
Data type: Array[Stdlib::Fqdn]
Nodes for which certificates should be cleaned
puppet::server::sign
Bolt plan which run puppetserver ca sign command for each node on Puppet controller node as Bolt plan target
Parameters
The following parameters are available in the puppet::server::sign plan.
targets
Data type: TargetSpec
Puppet server(s) where certificate should be signed
nodes
Data type: Array[Stdlib::Fqdn]
Nodes for which certificate signing requesgts should be signed
What are plans?
Modules can contain plans that take action outside of a desired state managed by Puppet. It’s perfect for troubleshooting or deploying one-off changes, distributing scripts to run across your infrastructure, or automating changes that need to happen in a particular order as part of an application deployment.
Dependencies
- puppetlabs/puppet_agent (>= 1.6.1 < 5.0.0)
- puppetlabs/puppetdb (>= 7.5.0 < 8.0.0)
- puppet/r10k (>= 8.3.0 < 9.0.0)
- puppetlabs/stdlib (>= 3.2.0 < 7.0.0)