Reference

Table of Contents

Classes

puppet: Puppet 5 installation module
puppet::agent::bootstrap: Puppet bootstrap commands
puppet::agent::config: Configure Puppet Agent settings
puppet::agent::install: Puppet 5 agent installation
puppet::agent::ssl::clean: Remove Puppet cerificate and keys on the host
puppet::config: Setup Puppet configuration file (puppet.conf)
puppet::enc: Install ENC script
puppet::params: A short summary of the purpose of this class
puppet::profile::master: Puppet server installation
puppet::r10k::install: R10K installation on the server
puppet::repo: Setup Puppet Platform repository
puppet::server::ca::allow: Adjust Puppet auth.conf to allow 'puppetserver ca' command
puppet::server::install: Puppet server package installation
puppet::server::setup: Puppet server environment setup
puppet::service: Puppet server service management
puppet::setup: Puppet node environment setup (either agent or server host)

Defined types

puppet::server::ca::clean: Puppet certificate cleanup call
puppet::server::ca::sign: Puppet certificate sign

Resource types

puppet_auth_rule: Create or remove the rule.

Plans

puppet::agent5::clean
puppet::agent5::install
puppet::bootstrap
puppet::cert::clean: Clean node certificates on Puppet server
puppet::cert::sign: Sign node certificates on Puppet server
puppet::server::clean: Clean node certificates on Puppet controller node
puppet::server::sign: Sign node certificates on Puppet controller node

Classes

`puppet`

puppet

Puppet 5 installation module

Examples

include puppet

Parameters

The following parameters are available in the puppet class.

`environment`

Data type: String

`production_remote`

Data type: String

`server`

Data type: String

`ca_server`

Data type: Optional[String]

`dns_alt_names`

Data type: Optional[Array[String]]

`server_ipaddress`

Data type: Optional[String]

`hosts_update`

Data type: Boolean

`agent_version`

Data type: String

`master`

Data type: Boolean

`server_version`

Data type: String

`server_service_ensure`

Data type: String

`server_service_enable`

Data type: Boolean

`use_common_env`

Data type: Boolean

`common_envname`

Data type: String

`common_remote`

Data type: String

`basemodulepath`

Data type: Optional[Stdlib::Absolutepath]

`strict`

Data type: Puppet::Strictness

`strict_variables`

Data type: Boolean

`daemonize`

Data type: Boolean

`onetime`

Data type: Boolean

`runtimeout`

Data type: Optional[Puppet::TimeUnit]

`http_read_timeout`

Data type: Puppet::TimeUnit

`ordering`

Data type: Puppet::Ordering

`priority`

Data type: Optional[Puppet::Priority]

`usecacheonfailure`

Data type: Boolean

`autosign`

Data type: Optional[Puppet::Autosign]

`environment_timeout`

Data type: Puppet::TimeUnit

`sameca`

Data type: Boolean

`allow_duplicate_certs`

Data type: Boolean

`use_enc`

Data type: Boolean

`enc_template`

Data type: String

`enc_data_source`

Data type: Optional[Stdlib::Absolutepath]

`use_enc_env`

Data type: Boolean

`enc_envname`

Data type: String

`enc_remote`

Data type: String

`use_puppetdb`

Data type: Boolean

`r10k_config_setup`

Data type: Boolean

`r10k_yaml_template`

Data type: String

`r10k_cachedir`

Data type: String

`environment_setup_on_each_run`

Data type: Boolean

`external_facts_setup`

Data type: Boolean

`puppet::agent::bootstrap`

Puppet bootstrap commands

Examples

include puppet::agent::bootstrap

Parameters

The following parameters are available in the puppet::agent::bootstrap class.

`puppet_path`

Data type: Stdlib::Unixpath

Default value: $puppet::params::puppet_path

`options`

Data type: String

Default value: '--test'

`hostprivkey`

Data type: Stdlib::Unixpath

Default value: $puppet::params::hostprivkey

`hostcert`

Data type: Stdlib::Unixpath

Default value: $puppet::params::hostcert

`puppet::agent::config`

Configure Puppet Agent settings

Examples

include puppet::agent::config

Parameters

The following parameters are available in the puppet::agent::config class.

`server`

Data type: Stdlib::Fqdn

Default value: 'puppet'

`node_environment`

Data type: String

Default value: 'production'

`onetime`

Data type: Boolean

Default value: true

`runtimeout`

Data type: Puppet::TimeUnit

Default value: '10m'

`puppet::agent::install`

puppet::agent::install

Puppet 5 agent installation

Examples

include puppet::agent::install

Parameters

The following parameters are available in the puppet::agent::install class.

`agent_package_name`

Data type: String

Default value: $puppet::params::agent_package_name

`agent_version`

Data type: String

Default value: $puppet::agent_version

`puppet::agent::ssl::clean`

Remove Puppet cerificate and keys on the host

Examples

include puppet::agent::ssl::clean

Parameters

The following parameters are available in the puppet::agent::ssl::clean class.

`hostprivkey`

Data type: Stdlib::Unixpath

Default value: $puppet::params::hostprivkey

`hostpubkey`

Data type: Stdlib::Unixpath

Default value: $puppet::params::hostpubkey

`hostcert`

Data type: Stdlib::Unixpath

Default value: $puppet::params::hostcert

`hostreq`

Data type: Stdlib::Unixpath

Default value: $puppet::params::hostreq

`localcacert`

Data type: Stdlib::Unixpath

Default value: $puppet::params::localcacert

`puppet::config`

Setup Puppet configuration file (puppet.conf)

Examples

include puppet::config

Parameters

The following parameters are available in the puppet::config class.

`basemodulepath`

Data type: Optional[Stdlib::Absolutepath]

The search path for global modules. Should be specified as a list of directories separated by the system path separator character. (The POSIX path separator is ':', and the Windows path separator is ';'.) These are the modules that will be used by all environments. Note that the modules directory of the active environment will have priority over any global directories. For more info, see https://docs.puppet.com/puppet/latest/environments.html Default: $codedir/modules:/opt/puppetlabs/puppet/modules

Default value: $puppet::basemodulepath

`common_envname`

Data type: String

String. Default is 'common'. Name of common environment which will consists global Hiera config (data/global.yaml) and glomal modules (see use_common_env and basemodulepath)

Default value: $puppet::common_envname

`use_common_env`

Data type: Boolean

If set to true then basemodulepath will set to "${environmentpath}/${common_envname}/modules" only if basemodulepath parameter (see above) is not defined.

Default value: $puppet::use_common_env

`dns_alt_names`

Data type: Optional[Array[String]]

Array of String or undef. A comma-separated list of alternate DNS names for Puppet Server. These are extra hostnames (in addition to its certname) that the server is allowed to use when serving agents. Puppet checks this setting when automatically requesting a certificate for Puppet agent or Puppet Server, and when manually generating a certificate with puppet cert generate. In order to handle agent requests at a given hostname (like "puppet.example.com"), Puppet Server needs a certificate that proves it’s allowed to use that name; if a server shows a certificate that doesn’t include its hostname, Puppet agents will refuse to trust it. If you use a single hostname for Puppet traffic but load-balance it to multiple Puppet Servers, each of those servers needs to include the official hostname in its list of extra names. Note: The list of alternate names is locked in when the server’s certificate is signed. If you need to change the list later, you can’t just change this setting; you also need to:

On the server: Stop Puppet Server.
On the CA server: Revoke and clean the server’s old certificate. (puppet cert clean )
On the server: Delete the old certificate (and any old certificate signing requests) from the ssldir.
On the server: Run puppet agent -t --ca_server to request a new certificate
On the CA server: Sign the certificate request, explicitly allowing alternate names (puppet cert sign --allow-dns-alt-names ).
On the server: Run puppet agent -t --ca_server to retrieve the cert.
On the server: Start Puppet Server again. To see all the alternate names your servers are using, log into your CA server and run puppet cert list -a, then check the output for (alt names: ...). Most agent nodes should NOT have alternate names; the only certs that should have them are Puppet Server nodes that you want other agents to trust.

Default value: $puppet::dns_alt_names

`environment_timeout`

Data type: Puppet::TimeUnit

Puppet::TimeUnit. Default - 0. How long the Puppet master should cache data it loads from an environment. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). A value of 0 will disable caching. This setting can also be set to unlimited, which will cache environments until the master is restarted or told to refresh the cache. You should change this setting once your Puppet deployment is doing non- trivial work. We chose the default value of 0 because it lets new users update their code without any extra steps, but it lowers the performance of your Puppet master. We recommend setting this to unlimited and explicitly refreshing your Puppet master as part of your code deployment process.

With Puppet Server, you should refresh environments by calling the environment-cache API endpoint. See the docs for the Puppet Server administrative API.
With a Rack Puppet master, you should restart the web server or the application server. Passenger lets you touch a restart.txt file to refresh an application without restarting Apache; see the Passenger docs for details. We don’t recommend using any value other than 0 or unlimited, since most Puppet masters use a pool of Ruby interpreters which all have their own cache timers. When these timers drift out of sync, agents can be served inconsistent catalogs. Default: 0

Default value: $puppet::environment_timeout

`sameca`

Data type: Boolean

Whether the master should function as a certificate authority. Default: true

Default value: $puppet::sameca

`allow_duplicate_certs`

Data type: Boolean

Whether to allow a new certificate request to overwrite an existing certificate. Default: false

Default value: $puppet::allow_duplicate_certs

`use_enc`

Data type: Boolean

When enabled, Puppet will use external nodes classifier script which defined in puppet::params::external_nodes variable

Default value: $puppet::use_enc

`puppet_master`

Data type: Boolean

Default value: $puppet::master

`server`

Data type: String

Default value: $puppet::server

`ca_server`

Data type: Optional[String]

Default value: $puppet::ca_server

`strict`

Data type: Puppet::Strictness

Default value: $puppet::strict

`strict_variables`

Data type: Boolean

Default value: $puppet::strict_variables

`daemonize`

Data type: Boolean

Default value: $puppet::daemonize

`onetime`

Data type: Boolean

Default value: $puppet::onetime

`http_read_timeout`

Data type: Puppet::TimeUnit

Default value: $puppet::http_read_timeout

`ordering`

Data type: Puppet::Ordering

Default value: $puppet::ordering

`priority`

Data type: Optional[Puppet::Priority]

Default value: $puppet::priority

`usecacheonfailure`

Data type: Boolean

Default value: $puppet::usecacheonfailure

`autosign`

Data type: Optional[Puppet::Autosign]

Default value: $puppet::autosign

`use_puppetdb`

Data type: Boolean

Default value: $puppet::use_puppetdb

`puppet_config`

Data type: Stdlib::Absolutepath

Default value: $puppet::params::puppet_config

`environmentpath`

Data type: Stdlib::Absolutepath

Default value: $puppet::params::environmentpath

`external_nodes`

Data type: Stdlib::Absolutepath

Default value: $puppet::params::external_nodes

`node_environment`

Data type: Optional[String]

Default value: undef

`runtimeout`

Data type: Optional[Puppet::TimeUnit]

Default value: $puppet::runtimeout

`puppet::enc`

puppet::enc

Install ENC script

Examples

include puppet::enc

Parameters

The following parameters are available in the puppet::enc class.

`enc_template`

Data type: String

Default value: $puppet::enc_template

`enc_data_source`

Data type: Optional[Stdlib::Absolutepath]

Default value: $puppet::enc_data_source

`enc_envname`

Data type: String

Default value: $puppet::enc_envname

`ruby_path`

Data type: Stdlib::Absolutepath

Default value: $puppet::params::ruby_path

`external_nodes`

Data type: Stdlib::Absolutepath

Default value: $puppet::params::external_nodes

`puppet::params`

puppet::params

A description of what this class does

Examples

include puppet::params

`puppet::profile::master`

Puppet single host installation (Puppet Agent/Server/PuppetDB)

Examples

include puppet::profile::master

Parameters

The following parameters are available in the puppet::profile::master class.

`use_puppetdb`

Data type: Boolean

Boolean. Default is true. If set puppet.conf will be set to use PuppetDB for storeconfigs and reports storage. Also PuppetDB will be managed through puppetlabs-puppetdb module (including PostgreSQL database)

Default value: true

`puppetdb_server`

Data type: String

String. Default is 'puppet'. Server name for PuppetDB. Puppetdb::Master::Config class (from puppetlabs-puppetdb) use ::fqdn for check connection to PuppetDB server. As ::fqdn could be ot resolvable it is possible to set up server name via parameter puppetdb_server. Class '::puppet' by default set into /etc/hosts file record 127.0.0.1 puppet therefore hostname 'puppet' is resolvable. If you changed this behavior - you should properly set parameter puppetdb_server as well

Default value: 'puppet'

`manage_puppet_config`

Data type: Boolean

Boolean. Default is false. If set then class Puppetdb::Master::Config will check puppet.conf (using Ini_setting resources) for proper setup of report/reports and storeconfigs/storeconfigs_backend directives. By default class Puppet generates Puppet config from template therefore we do not manage it inside class Puppetdb::Master::Config.

Default value: false

`postgres_local`

Data type: Boolean

Boolean. Default is true. If set then class Puppetdb will use puppetlabs/postgresql for Postgres database server management and PuppetDB database setup

Default value: true

`manage_puppetdb_firewall`

Data type: Boolean

Boolean. Default is false. If set than class Puppetdb::Server will use puppetlabs/firewall for firewall rules setup, iptables/ip6tables services management

Default value: false

`server`

Data type: String

Default value: 'puppet'

`postgres_database_name`

Data type: String

Default value: 'puppetdb'

`postgres_database_username`

Data type: String

Default value: 'puppetdb'

`postgres_database_password`

Data type: String

Default value: 'puppetdb'

`r10k_cachedir`

Data type: String

Default value: '/var/cache/r10k'

`puppet::r10k::install`

puppet::install::r10k

R10K installation on the server

Examples

include puppet::install::r10k

Parameters

The following parameters are available in the puppet::r10k::install class.

`r10k_package_name`

Data type: String

Default value: $puppet::params::r10k_package_name

`gem_path`

Data type: Stdlib::Absolutepath

Default value: $puppet::params::gem_path

`r10k_path`

Data type: Stdlib::Absolutepath

Default value: $puppet::params::r10k_path

`puppet::repo`

puppet::repo

Setup Puppet Platform repository

Examples

include puppet::repo

Parameters

The following parameters are available in the puppet::repo class.

`package_name`

Data type: String

Default value: $puppet::params::package_name

`package_filename`

Data type: String

Default value: $puppet::params::package_filename

`package_provider`

Data type: String

Default value: $puppet::params::package_provider

`platform_repository`

Data type: String

Default value: $puppet::params::platform_repository

`puppet::server::ca::allow`

Adjust Puppet auth.conf to allow 'puppetserver ca' command

Examples

include puppet::server::ca::allow

Parameters

The following parameters are available in the puppet::server::ca::allow class.

`puppet_master`

Data type: Boolean

Default value: true

`server`

Data type: String

Default value: $puppet::server

`ca_server`

Data type: Optional[String]

Default value: undef

`puppet::server::install`

puppet::install::server

Puppet server package installation

Examples

include puppet::install::server

Parameters

The following parameters are available in the puppet::server::install class.

`server_version`

Data type: String

puppetserver package version or one of puppet Package resource ensure parameter values (latest, installed, absent)

Default value: $puppet::server_version

`server_package_name`

Data type: String

Default value: $puppet::params::server_package_name

`puppet::server::setup`

puppet::setup::server

This class setup dynamic environments using r10k invocation. If r10k is not configured, than it will setup it from template

Examples

include puppet::setup::server

Parameters

The following parameters are available in the puppet::server::setup class.

`r10k_config_setup`

Data type: Boolean

Default value: $puppet::r10k_config_setup

`r10k_yaml_template`

Data type: String

Default value: $puppet::r10k_yaml_template

`production_remote`

Data type: String

Default value: $puppet::production_remote

`use_common_env`

Data type: Boolean

Default value: $puppet::use_common_env

`common_remote`

Data type: String

Default value: $puppet::common_remote

`use_enc`

Data type: Boolean

Default value: $puppet::use_enc

`enc_remote`

Data type: String

Default value: $puppet::enc_remote

`cachedir`

Data type: Stdlib::Absolutepath

Default value: $puppet::r10k_cachedir

`r10k_config_file`

Data type: Stdlib::Absolutepath

Default value: $puppet::params::r10k_config_file

`r10k_path`

Data type: Stdlib::Absolutepath

Default value: $puppet::params::r10k_path

`environmentpath`

Data type: Stdlib::Absolutepath

Default value: $puppet::params::environmentpath

`eyaml_keys_path`

Data type: Stdlib::Absolutepath

Default value: $puppet::params::eyaml_keys_path

`eyaml_public_key`

Data type: String

Default value: $puppet::params::eyaml_public_key

`eyaml_private_key`

Data type: String

Default value: $puppet::params::eyaml_private_key

`setup_on_each_run`

Data type: Boolean

Default value: $puppet::environment_setup_on_each_run

`puppet::service`

puppet::service

Puppet server service management

Examples

include puppet::service

Parameters

The following parameters are available in the puppet::service class.

`server_service_ensure`

Data type: String

Default value: $puppet::server_service_ensure

`server_service_enable`

Data type: Boolean

Default value: $puppet::server_service_enable

`service_name`

Data type: String

Default value: $puppet::params::service_name

`puppet::setup`

puppet::setup

Puppet node environment setup

Examples

include puppet::setup

Parameters

The following parameters are available in the puppet::setup class.

`external_facts_setup`

Data type: Boolean

whether to setup directories for external facts see https://puppet.com/docs/puppet/6.18/external_facts.html

Default value: $puppet::external_facts_setup

`server_name`

Data type: String

Default value: $puppet::server

`hosts_update`

Data type: Boolean

Default value: $puppet::hosts_update

`server_ipaddress`

Data type: Optional[String]

Default value: $puppet::server_ipaddress

`dns_alt_names`

Data type: Optional[Array[String]]

Default value: $puppet::dns_alt_names

Defined types

`puppet::server::ca::clean`

Puppet certificate cleanup call

Examples

puppet::server::ca::clean { 'namevar': }

Parameters

The following parameters are available in the puppet::server::ca::clean defined type.

`certname`

Data type: String

Certificate name for which run puppetserver ca clean command

Default value: $name

`puppet::server::ca::sign`

Puppet certificate sign

Examples

puppet::server::ca::sign { 'namevar': }

Parameters

The following parameters are available in the puppet::server::ca::sign defined type.

`certname`

Data type: String

Certificate name, for which run command puppetserver ca sign

Default value: $name

Resource types

`puppet_auth_rule`

Create or remove the rule.

Properties

The following properties are available in the puppet_auth_rule type.

`allow`

If the request's authenticated name matches the parameter's value, Puppet Server allows it.

`allow_unauthenticated`

Valid values: true, false

Enable domain (default)

`deny`

Refuses the request if the authenticated name matches - even if the rule contains an allow value that also matches.

`ensure`

Valid values: present, absent

Create or remove the rule.

Default value: present

`match_request_method`

Valid values: get, post, put, delete, head

Puppet Server applies that rule only to requests that use its value's listed HTTP methods.

`match_request_path`

The parameter path can be a literal string or regular expression

`match_request_type`

Valid values: regex, path

Type of the perameter path. The parameter path can be a literal string or regular expression.

`sort_order`

Valid values: %r{\d+}

Sets the order in which Puppet Server evaluates the rule by prioritizing it on a numeric value between 1 and 399 (to be evaluated before default Puppet rules) or 601 to 998 (to be evaluated after Puppet), with lower-numbered values evaluated first.

Default value: 500

Parameters

The following parameters are available in the puppet_auth_rule type.

`name`

namevar

Unique string value identifies the rule to Puppet Server

`provider`

The specific backend to use for this puppet_auth_rule resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform.

Data types

`Puppet::Autosign`

The Puppet::Autosign data type.

Alias of Variant[Boolean, Stdlib::Absolutepath]

`Puppet::Ordering`

The Puppet::Ordering data type.

Alias of Enum['manifest', 'title-hash', 'random']

`Puppet::Priority`

The Puppet::Priority data type.

Alias of Variant[Enum['high', 'normal', 'low', 'idle'], Integer]

`Puppet::Strictness`

The Puppet::Strictness data type.

Alias of Enum['off', 'warning', 'error']

`Puppet::TimeUnit`

The Puppet::TimeUnit data type.

Alias of Variant[Integer, Pattern[/^[0-9]+[ydhms]?$/]]

Plans

`puppet::agent5::clean`

The puppet::agent5::clean class.

Parameters

The following parameters are available in the puppet::agent5::clean plan.

`targets`

Data type: TargetSpec

`puppet::agent5::install`

The puppet::agent5::install class.

Parameters

The following parameters are available in the puppet::agent5::install plan.

`targets`

Data type: TargetSpec

`puppet::bootstrap`

The puppet::bootstrap class.

Parameters

The following parameters are available in the puppet::bootstrap plan.

`targets`

Data type: TargetSpec

`server`

Data type: Stdlib::Fqdn

`puppet::cert::clean`

Bolt plan which run puppetserver ca clean command for each node on Puppet controller node. The Bolt plan targets are Nodes

Parameters

The following parameters are available in the puppet::cert::clean plan.

`targets`

Data type: TargetSpec

Nodes for which certificate should be cleaned

`server`

Data type: Stdlib::Fqdn

Puppet controller server(s) on which certificate should be cleaned

`puppet::cert::sign`

Bolt plan which run puppetserver ca sign command for each node on Puppet controller node. The Bolt plan targets are Nodes

Parameters

The following parameters are available in the puppet::cert::sign plan.

`targets`

Data type: TargetSpec

Nodes for which certificate signing requests should be signed

`server`

Data type: Stdlib::Fqdn

Puppet controller server(s) on which certificate should be signed

`puppet::server::clean`

Bolt plan which run puppetserver ca clean command for each node on Puppet controller node as Bolt plan target

Parameters

The following parameters are available in the puppet::server::clean plan.

`targets`

Data type: TargetSpec

Puppet server(s) where certificate should be cleaned

`nodes`

Data type: Array[Stdlib::Fqdn]

Nodes for which certificates should be cleaned

`puppet::server::sign`

Bolt plan which run puppetserver ca sign command for each node on Puppet controller node as Bolt plan target

Parameters

The following parameters are available in the puppet::server::sign plan.

`targets`

Data type: TargetSpec

Puppet server(s) where certificate should be signed

`nodes`

Data type: Array[Stdlib::Fqdn]

Nodes for which certificate signing requesgts should be signed