top of page

Configuration Management Using Puppet (Part 1):

Configuration management is all about managing all the configurations of the environments of the infrastructure on physical or virtual machines or cloud hosted servers. Configuration management ensures that all the environment related changes are done systemically and the system maintains its integrity over time.

Using configuration management tools like Puppet, Ansible and Chef etc are popular in devops practice nowadays. Configuration Management Tool is used for deploying,configuring and managing servers. It's setting up distinct configuration for each host and continuously checking and confirming whether the required configuration is in place and is not changed on the host . Using configuration management tools,devops/application team can control all configured machines and centralized changes get propagated across all the machines.

In this blog, we discuss about Puppet and how it's work. Puppet is used widely as configuration management tool in many DevOps projects. It is written in Ruby DSL language.

Puppet Overview & Architecture:

Before start discussing about Puppet,let us understand the concept of Imperative and Declarative programming.With Imperative programming, we need to tell the compiler what we want to happen, step by step but for declarative programming, on the other hand, you write code that describes what you want, but not necessarily how to get it.

Imperative programming example:(Adding user using shell script)

echo "Enter username: "
read username
useradd "$username"
echo "temp4now" | passwd --stdin "$username"

Declarative programming example : ( Adding user using puppet)

user {"testuser" :
    ensure => "present",

Key Features of Puppet:

  • One of the feature of Puppet is that it's declarative programming language.Declarative language is simple compared to other programming language and easy to maintain. Using Puppet, we don't need to worry about the implementation details and how the command will work inside the system.Primary responsibility of the puppet is to maintain desired state of the configuration.

  • Puppet supports Idempotency. user can run the same set of configuration multiple times on the same machine and puppet will only make changes when there is any specific change in the configuration.

  • Puppet provides more platform support like Debian,Redhat/CentOS/Fedora,MacOS and Windows.

Puppet Versions:

  • Open Source Puppet: This is a basic version of the Puppet configuration management tool and called as Open Source Puppet. This can be downloaded from Puppet website and is licensed under the Apache 2.0 system.

  •  Puppet Enterprise: the commercial version offers features such as compliance reports, orchestration, role-based access control, GUI, API and command-line tools for effective management of us

Puppet Architecture :

Puppet follows the agent-master architecture. Below are the components of the Puppet architecture:

  • Puppet master: Puppet Master is the important mechanism which handles all the configuration related stuff. Puppet Master runs on designated servers and controls the deployment, configuration, etc and managed agent node request with their own configuration catalogs.

  • Puppet agent: Puppet agents are the actual working machines maintained and managed by the Puppet master.They have the Puppet agent daemon service running inside them.

  • Config repository: This is the repository where all nodes and server-related configurations are saved and can be pulled at any time as required.

  • Facts: Facts are the particulars connected to the node or the master machine, which are essentially used to analyze the current status of any node. Facts contain the details of the machine including operating system and network interface.

  • Catalog: All configurations written in Puppet are converted to a compiled format is known as catalogs which are then applied to the target machines.

  • Manifests: Manifests are the actual codes for configuring the clients.Manifests have the .pp extension. Templates combine code and data to define final document and files are the static content that can be downloaded by the clients.

  • Templates: Templates are written in Ruby expressions to define the customized content and variable input. They are used to develop custom configuration. Templates are defined in manifests and are copied to a location on the system.

  • Files: Static files can be defined as a general file or script which are sometimes required to perform specific tasks and these are located inside the files directory of any module. Files can be downloaded by the clients.

  • Modules: A module is a collection of manifest,template and files.

  • Classes: Classes in Puppet are similar to other programming languages for purpose of organize the codes better and easier to understand.

  • Resources: In Puppet codes, resources contain the coding block to represent packages, files, users, or commands.

  • Nodes: Servers where Puppet agents are installed are called the nodes.

Puppet Apply

It is an application that compiles and manages configurations on nodes.

How Puppet Works:

Puppet follows Master-Agent Architecture or Standalone Architecture.

Master-Agent Architecture:

  • Puppet master server controls important configuration info and managed agent nodes request only their own configuration catalogs.

  • Periodically, Puppet agent sends facts to the Puppet master and request a catalog.These facts are usually pairs of key/value data that contains configuration and status of the slave, such as its up-time, operating system, IP address etc.

  • The Puppet master will compile a catalog using the facts sent by agents.Catalog is simply a document on how the nodes should be configured.

  • Once it receives a catalog, Puppet agent will apply necessary configuration updates on their nodes and then reports back to the Puppet master.

  • The Puppet Master and Slave communication take place through a secure encrypted channel with the help of SSL (Secure Socket Layer).

Life-cycle of Puppet Run using Master Agent Architecture.

Puppet Agent/Master Communication:

  • Puppet agent nodes and Puppet masters communicate via HTTPS with client-verification. The Puppet master provides an HTTP interface, with various endpoints available. When requesting or submitting anything to the master, the agent will make an HTTPS request to one of those endpoints.

  • In Client-verified HTTPS each master or agent must have an identifying SSL certificate, and will examine their counterpart’s certificate to decide whether to allow an exchange of information.

Puppet Agent Master Communication

For any standard configuration management tool, either we have pull base mechanism or push base mechanism. Puppet is using Pull base configuration as agents are pulling updates from master after specific interval. Ansible is a example of push base machanism where master node is responsible to check agent configuration and update.

Puppet Standalone Architecture:

In the case of a standalone Puppet, managed nodes run the puppet apply command to compile the configurations and apply them. There is no Puppet master or Puppet slave for this type of deployment.After Puppet apply compiles the catalog, it immediately applies it by checking each resource the catalog describes and make necessary changes for the resources which are not in their desired state.

Puppet Master/Slave vs Standalone Deployment Model


Puppet automates every step of the software delivery process, from provisioning of physical and cloud machines to orchestration and reporting from early-stage code development to production release.

In my next blog, I will cover, how we can install, configure and run puppet scripts.

Thank you for Reading.  

Keep Learning!!!!


Recent Posts

See All

Steps to Setup kubernetes Cluster!!

In this blog, I will show you, how you can set up a Kubernetes Cluster using Kubeadm. For this hands on, I have used Ubuntu EC2s hosted in AWS environment.I have launched one master node and one work


bottom of page