Why Puppet? & How Does it Work?

Why Puppet?

It’s not easy being in IT operations today. The volume and complexity of infrastructure you manage is growing and getting smarter. On top of that, you’ve got demands from the business to do more and faster, without sacrificing security and reliability. How do you strike that balance?

How to Get More work Done in Less Time ?

Always system administrator attempts to automate repetitive tasks

Puppet is a configuration management tool born to automate repetitive tasks and to give system administrators a flexible framework to build on.

Puppet is written in Ruby, and comprises a configuration language to write manifests and modules, daemons to run the Puppet instructions on managed systems.

Manifests are files containing Puppet code. They are standard text files saved with the .pp extension.

Module is a collection of manifests and data (such as facts, files, and templates), and they have a specific directory structure.

How we use Puppet in Infrastructure Management

  • User/Group Management

User/Group –Creation, Modification & deletion

Password Reset

SSH-KEY distribution

Manage group members

  • Package Management – Installation & removal
  • Service Management – Start/Stop any service
  • Configuration management (file distribution)
  • Execute required commands.
  • Create Cron Jobs

Apache-Server–Example : – If you want to make any server as web server, you need to


1)Install httpd pkg

2)Configure httpd.conf  file

3)Create index.html

4)Start httpd service

5)Chkconfig httpd on

6)Create cron for logrotation

We can do all these activities with puppet master.

How Does Puppet Work?

It works like this……Puppet agent is a daemon that runs on all the client servers(the servers where you require some configuration, or the servers which are going to be managed using puppet.)

All the clients which are to be managed will have puppet agent installed on them, and are called nodes in puppet.

Puppet Master: This machine contains all the configuration for different hosts. Puppet master will run as a daemon on this master server.

The Puppet master acts as a certificate authority (CA), and must generate its own certificate which is used to sign agent certificate requests.

Puppet Agent: This is the daemon that will run on all the servers, which are to be managed using puppet. Puppet agent will go and ask the configuration for itself from the puppet master server at a specific time interval.

The connection between puppet agent and master is made in a secure encrypted channel with the help of SSL.

If suppose the puppet agent has already applied the required configuration and there are no new changes then it will do nothing.

An important fact to note is that it is the client(puppet agent or nodes) who go and fetches the configuration data from the puppet master server at a regular interval.

Note: You can also manually ask puppet agent to go and fetch the configuration from the puppet master server whenever required. People manage puppet agent to fetch configuration through a cron. But managing puppet agent to automatically fetch data, by running it as a daemon on every node is a good idea.

30 minutes is the default interval when puppet agent daemon will go and fetch config data from puppet master.

Now there are multiple steps involved whenever a puppet agent of any node connects to a puppet master server for fetching data. These steps are mentioned below.

Step 1: Whenever a client node connects to the master, the master server analyzes the configuration to be applied to the node, and how to apply that configs on the node.

Step 2:Puppet master server Takes and collects all the resources and configurations to be applied to the node, and compiles it and make it a catalog. This catalog is given to the puppet agent of the node.

Step 3: Puppet agent will apply the configuration on the node, according to the catalog, and then reply back, and submit the report of the configuration applied to the puppet master server.

How does Puppet Work with Different Platforms?

  • This is possible with the help of a tool called as Facter.
  • Whenever the agent connects to the puppet master server for configuration data, Facter tool is used to give the complete details about the node(agent) to the puppet master.
  • Facter will provide almost all information about the agent node. The information is very much detailed. See an example output of Facter below.


With facter :-

Puppet master gets the complete information about the node, and takes a decision with the help of that information on how to apply the configuration.

For example if suppose the node is debian then to install a package puppet will use apt-get instead of yum.

You can do stuff’s like if the IP address is this, then apply this gateway to the server. And you can also add custom made facts to a node, and do configuration based on that fact(this makes puppet much more customizable).

You require Facter tool to be installed on all the nodes, where you want to apply configuration using puppet. Without Facter, there is no way through which puppet server will get all information about the agent.

Data flow and Architecture as below