# Puppet — Infrastructure Configuration Management at Scale > A declarative configuration management tool that automates provisioning, configuration, and enforcement of desired state across thousands of servers. ## Install Save as a script file and run: # Puppet — Infrastructure Configuration Management at Scale ## Quick Use ```bash # Install Puppet agent on Linux curl -O https://apt.puppet.com/puppet8-release-focal.deb sudo dpkg -i puppet8-release-focal.deb && sudo apt update sudo apt install puppet-agent # Apply a local manifest puppet apply -e "package { 'nginx': ensure => installed }" ``` ## Introduction Puppet is a configuration management tool that lets you define infrastructure as code using a declarative language. It enforces the desired state of servers, packages, services, and files across fleets of machines, keeping environments consistent and auditable. ## What Puppet Does - Declares desired system state in manifests using the Puppet DSL - Continuously enforces configuration and auto-corrects drift - Manages packages, services, files, users, cron jobs, and custom resources - Provides a module ecosystem on the Puppet Forge with thousands of reusable modules - Reports on compliance with detailed run logs and change audits ## Architecture Overview Puppet uses a client-server model. The Puppet Server compiles catalogs from manifests, Hiera data, and facts reported by each agent. Agents run on managed nodes, collect system facts via Facter, request a catalog from the server, apply resources in dependency order, and send a report back. In agentless mode, Puppet Bolt pushes tasks over SSH or WinRM. ## Self-Hosting & Configuration - Deploy Puppet Server on a dedicated host; agents connect on port 8140 - Write manifests in .pp files and organize them into modules under a control repo - Use Hiera for hierarchical data separation (secrets, per-environment values) - Store modules in a Puppetfile and install them with r10k or Code Manager - Use Puppet Bolt for agentless ad-hoc task execution over SSH ## Key Features - Declarative language with strong typing and dependency ordering - Idempotent runs ensure repeated application produces the same result - Puppet Forge provides thousands of community and vendor-supported modules - Built-in reporting and compliance auditing for every managed node - Supports Linux, Windows, macOS, and network devices ## Comparison with Similar Tools - **Ansible** — agentless with YAML playbooks; Puppet uses agents and a custom DSL for continuous enforcement - **Chef Infra** — Ruby-based imperative recipes; Puppet is declarative and models desired state - **SaltStack** — event-driven with remote execution; Puppet focuses on configuration convergence - **Terraform** — provisions infrastructure; Puppet manages OS-level configuration after provisioning - **NixOS** — functional OS configuration; Puppet works across existing Linux and Windows systems ## FAQ **Q: Does Puppet require agents on every node?** A: The traditional model uses agents, but Puppet Bolt provides agentless task execution over SSH or WinRM for ad-hoc operations. **Q: Is Puppet still relevant in a container world?** A: Yes. Puppet manages the hosts running containers, configures base images, and handles non-containerized infrastructure like databases and network devices. **Q: What is Hiera?** A: Hiera is Puppet's built-in key-value lookup system that separates data from code, letting you define environment-specific or role-specific values in YAML files. **Q: How does Puppet handle secrets?** A: Puppet integrates with HashiCorp Vault, eyaml (encrypted YAML), and other secret backends via Hiera backends and custom functions. ## Sources - https://github.com/puppetlabs/puppet - https://www.puppet.com/docs/puppet/latest/puppet_index.html --- Source: https://tokrepo.com/en/workflows/asset-d31b7f8c Author: Script Depot