The Puppet platform bundles the components needed for a successful deployment.
Puppet platform components
The Puppet platform includes these components:
Package | Contents |
---|---|
puppet-agent
| Puppet, Facter, Hiera, the PXP agent, root certificates, and prerequisites like Ruby and Augeas. Note: In Puppet version 3.8 and later, Enterprise Linux 5 packages contain only the agent component. |
puppetserver
| Puppet Server |
puppetdb
| PuppetDB |
puppetdb-termini
| Plugins to connect your master to PuppetDB |
puppet-agent
component is available independently for Windows and macOS. Puppet platform location and naming
The Puppet platform is packaged separately for each supported operating system and version.
Package management system | URL naming convention | URL example |
---|---|---|
Yum | https://yum.puppet.com/<PLATFORM_NAME>-release-<OS ABBREVIATION>-<OS VERSION>.noarch.rpm | https://yum.puppet.com/puppet6-release-el-7.noarch.rpm |
Apt | https://apt.puppet.com/<PLATFORM_VERSION>-release-<VERSION CODE NAME>.deb Tip: For Ubuntu releases, the code name is the adjective, not the animal. | https://apt.puppet.com/puppet6-release-wheezy.deb |
Windows and macOS agent packages are indexed on the Puppet download site.
Managing platform versions
To receive the most up-to-date software without introducing breaking changes, use the latest
platform, pin your infrastructure to known versions, and update the pinned version manually when you’re ready to update.
puppetlabs/puppet_agent
module to manage the installed puppet-agent
package, use this resource to pin it to version 6.0:class { '::puppet_agent':
collection => 'latest',
package_version => '6.0.0',
}
If you’re upgrading from a 1.x version of puppet-agent
, simply update the package_version
when you’re ready to upgrade to the 6.x series.Enable the Puppet platform repository
Enabling the Puppet platform repository makes the components needed for installation available on your system.
The process for enabling the repository varies based on your package management system.
Enable the Puppet platform on Yum
Identify the URL of the package you want to enable based on your operating system and version. For details, see Puppet platform location and naming.
sudo rpm -U <PACKAGE_URL>
wget https://yum.puppet.com/puppet6-release-el-5.noarch.rpm
sudo rpm -Uvh puppet6-release-el-5.noarch.rpm
sudo rpm -Uvh https://yum.puppet.com/puppet6-release-el-7.noarch.rpm
Enable the Puppet platform on Apt
Identify the URL of the package you want to enable based on your operating system and version. For details, see Puppet platform location and naming.
Verify packages
Puppet signs most of its packages, Ruby gems, and release tarballs with GNU Privacy Guard (GPG). This signature proves that the packages originate from Puppet and have not been compromised. Security-conscious users can use GPG to verify package signatures.
-
If you install from the Puppet Yum and Apt repositories, the release package that enables the repository also installs our release signing key. The Yum and Apt tools automatically verify the integrity of packages as you install them.
-
If you install a Windows agent using an .msi package, the Windows installer automatically verifies the signature before installing the package.
Verify a source tarball or gem
You can manually verify the signature for Puppet source tarballs or Ruby gems.
Verify an RPM package
RPM packages include an embedded signature, which you can verify after importing the Puppet public key.
Verify a macOS puppet-agent
package
puppet-agent
packages for macOS are signed with a developer ID and certificate. You can verify the package signature using the pkgutil
tool or the installer.
- Download and mount the
puppet-agent
disk image, and then use thepkgutil
tool to check the package's signature:
The tool confirms the signature and outputs fingerprints for each certificate in the chain:pkgutil --check-signature /Volumes/puppet-agent-<AGENT-VERSION>-1.osx10.10/puppet-agent-<AGENT-VERSION>-1-installer.pkg
Package "puppet-agent-<AGENT-VERSION>-1-installer.pkg": Status: signed by a certificate trusted by macOS Certificate Chain: 1. Developer ID Installer: PUPPET LABS, INC. (VKGLGN2B6Y) SHA1 fingerprint: AF 91 BF B7 7E CF 87 9F A8 0A 06 C3 03 5A B4 C7 11 34 0A 6F ----------------------------------------------------------------------------- 2. Developer ID Certification Authority SHA1 fingerprint: 3B 16 6C 3B 7D C4 B7 51 C9 FE 2A FA B9 13 56 41 E3 88 E1 86 ----------------------------------------------------------------------------- 3. Apple Root CA SHA1 fingerprint: 61 1E 5B 66 2C 59 3A 08 FF 58 D1 4A E2 24 52 D1 98 DF 6C 60
- When you install the package, click the lock icon in the top right corner of the installer.
The installer displays details about the package's certificate.