Introduction
This document aims to provide both novice and experienced Puppet users with a structured and practical reference for mastering Puppet commands. Whether you are initiating a new deployment or looking to refine your existing Puppet workflows, the following sections will equip you with the knowledge to navigate and harness the full potential of Puppet's capabilities.
Puppet Syntax overview
Before delving into specific commands, it's essential to grasp Puppet's declarative syntax. Puppet manifests, written in Puppet's language, describe the desired state of a system. Each command contributes to building and enforcing this desired state.
example:
file { '/etc/example.conf':
ensure => present,
content => 'This is an example configuration file.',
}
Puppet Commands:
Let’s discuss some puppet common and specialized commands.
1) $ puppet agent
This command is used to invoke the puppet agent daemon process on the node. This retrieves the client configuration from the Puppet master and applies it to the local host. This service may be run as a daemon, run periodically using cron (or something similar), or run interactively for testing purposes.
The main job of the agent is to retrieve the local machine's configuration from a remote puppet server and apply it. The agent has to have a certificate signed with the server to retrieve the configuration.
$ sudo puppet agent -t --server puppet.example.com
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for puppet_node1.example.com
Info: Applying configuration version '1705733062'
Notice: Applied catalog in 0.04 seconds
One can refer to the official documentation for more details on the options that we can use while running this command.
2) $ puppet apply
$ sudo puppet apply <path_to_manifest_file>
Here's an example to apply config changes from the manifest file.
$ sudo puppet apply user.pp
Notice: Compiled catalog for puppet.us-east1-b.c.gothic-sylph-409917.internal in environment production in 0.07 seconds
Notice: Applied catalog in 0.01 seconds
This is the standalone puppet execution tool, use it to apply individual manifests.
This command is used for applying config changes defined in the manifest, locally. The Puppet Agent is not invoked in this case; thus, no puppet daemon service is started and puppet server is not contacted by Puppet agent.
Puppet apply command effectively mimics the catalog that would be served by the puppet server.
3) $ puppet config
This subcommand can inspect and modify settings from Puppet's 'puppet.conf' configuration file. Here's an example,
$ sudo puppet config set reports puppetdb --section server
$ sudo puppet config print
Above command is an example of using the puppet config command. This command can help us to print, delete and set the settings in the puppet.conf file located in the /etc/puppetlabs/puppet folder.
4) $ puppet lookup
Here's a sample command,
$ sudo puppet lookup <KEY> --node <NAME> --environment <ENV> --explain
This command is used to perform a Hiera lookup from the command line. This command needs access to the Hiera data source. This command will perform a data lookup using the hiera.yaml file definition and return a value for the key under lookup.
If you're debugging your Hiera data and want to see where values are coming from, use the '--explain' option.
You can provide multiple lookup keys to this command, but it only returns a value for the first found key, omitting the rest.
5) $ puppet module
The puppet module subcommand can find, install and manage modules from the Puppet forge, a repository of user-contributed puppet code.
$ sudo puppet module <action> [--environment production ] [--modulepath ]
This command can’t help you with generating a new module for that we have to take help of the PDK utility. this command also comes with additional actions like, change, install, list, uninstall and upgrade. The install, uninstall and upgrade command helps in managing modules on the server. The list subcommand ill list all modules that are installed on the server.
Here the --environment option helps in defining which environment the module should be listed from.
6) $ puppet resource
let's look at couple of examples for resource subcommand.
$ sudo puppet resource <type> <name_of_resource> >> <file-name>
## append the resource definition defined in standard puppet language into a file.
$ sudo puppet resource <type> <name_of_resource> --edit
## dynamically edit the resource attributes.
This command provides simple facilities for converting current system state into Puppet code, along with some ability to modify the current state using Puppet language.
If given a type, a name, and a series of <attribute>=<value> pairs, puppet resource will modify the state of the specified resource. Alternately, if given a type, a name, and the '--edit' flag, puppet resource will write its output to a file, open that file in an editor, and then apply the saved file as a Puppet transaction.
7) $ puppet describe
$ sudo puppet describe <resource_name>
$ sudo puppet describe –list
## lists all resource types
The describe command prints help about Puppet resource types, providers, and metaparameters.
In the next part of the document, we will look into puppet resources and how to work with each resource and use it within a Manifest file.
8) $ puppet catalog
This subcommand deals with catalogs, which are compiled per-node artifacts generated from a set of Puppet manifests. By default, it interacts with the compiling subsystem and compiles a catalog using the default manifest and certname, but you can change the source of the catalog with the --terminus option.
$ sudo puppet catalog compile <manifest_filename> compile a file
$ sudo puppet catalog apply … finds and applies a catalog.
This subcommand has few other options like, 'download', 'find', 'info', 'save', and 'select'. these commands help us to download a find the catalog for the node and use the catalog to validate the changes.
9) $ puppet device
The puppet device command is used in Puppet to manage devices, which are typically networking devices like routers, switches, or firewalls. It allows Puppet to extend its configuration management capabilities to non-traditional computing devices. The puppet device command is used to apply Puppet manifests to these network devices.
Thus, the devices that this command can help to manage are non-agent nodes like network devices. It allows you to manage and configure devices in a manner similar to managing traditional servers.
$ sudo puppet device --target <device-name>
A Puppet manifest for a device might include resource declarations specific to network device configurations, such as VLANs, interfaces, or firewall rules.
Here’s the sample code, a device.pp file.
network_device { 'router':
ensure => 'present',
device_type => 'cisco',
enable_password => 'secret',
snmp_community => 'public',
interfaces => {
'GigabitEthernet0/1' => {
ensure => 'up',
mode => 'access',
vlan => 10,
},
'GigabitEthernet0/2' => {
ensure => 'up',
mode => 'trunk',
native_vlan => 1,
allowed_vlans => [10, 20, 30],
},
},
}
Note:
Ensure that your Puppet environment is properly configured for network device management.
Puppet supports various device types, and the specific configuration details may vary based on the type of network device.
10) $ puppet facts
This subcommand manages facts, which are collections of normalized system information used by Puppet. It can read facts directly from the local system (with the default `facter` terminus).
$ puppet facts <action> [--terminus _TERMINUS]
ACTIONS:
find Retrieve a node's facts. ## the output is same as the $ facter command
info Print the default terminus class for this face.
save API only: create or overwrite an object.
show Retrieve current node's facts. ## dumps node facts on screen
upload Upload local facts to the puppet master.
11) $ puppet node
This subcommand interacts with node objects, which are used by Puppet to build a catalog. A node object consists of the node's facts, environment, node parameters (exposed in the parser as top-scope variables), and classes.
$ sudo puppet node <action> [--terminus _terminus]
ACTIONS:
clean Clean up signed certs, cached facts, node objects, and reports for a node on the puppet server
find Retrieve a node object.
info Print the default terminus class for this face.
12) $ puppet parser
This command allows you to interact directly with the parser.
There are two actions / sub-commands,
$ sudo puppet parser dump
This sub-command outputs a dump of the internal parse tree for debugging
$ sudo puppet parser validate <manifest_file(s)>
The sub-command 'validate' helps in validating syntax of manifest files.
This command helps identify any syntax errors in your Puppet code before applying it to nodes, preventing potential issues during the configuration process. It's essential to run the puppet parser validate command as part of your development and testing workflow to catch syntax errors early in the process.
13) $ puppet script
This is a standalone puppet script runner tool / command; use it to run puppet code without compiling a catalog. When provided with a modulepath, via command line or config file, puppet script can load functions, types, tasks and plans from modules.
$ sudo puppet script -l /tmp/manifest.log manifest.pp
$ sudo puppet script --modulepath=/root/dev/modules
This command can also be used with no-op mode where Puppet runs in dry-run mode.
14) $ puppet ssl
Manage SSL keys and certificates for SSL clients needing to communicate with a puppet infrastructure. puppet ssl subcommands that are used for managing SSL certificates on the Puppet master. SSL certificates play a crucial role in securing the communication between Puppet agents and the Puppet master.
Here are few options we can use with puppet ssl command.
$ sudo puppet ssl submit_request ## this command option will generate a certificate singing request (CSR) and send it to the puppet server for signing.
$ sudo puppet ssl verify ## to Verify the private key and certificate are present and match, verify the certificate is issues by trusted CA.
$ sudo puppet ssl show ## Print the full-text version of this host's certificate
$ sudo puppet ssl clean ## this will remove the private key and cert related files from the host.
Commentaires