Gentoo Wiki


Please improve it in any way that you see fit, and remove this notice {{Cleanup}} from the article. For tips on cleaning and formatting see Cleanup process



Put simply, Puppet is a system for automating system administration tasks. To learn more, read our big picture overview of Puppet, or take a deeper look at what Puppet can do with the Puppet Introduction. There's also a Puppet Brochure which gives the highlights of Puppet's functionality. (taken from Puppet homepage)



Note: Ruby must be compiled with ipv6 USE flag
# emerge -av puppet

Puppet-0.23.0 ebuild creates puppetd.conf and puppetmasterd.conf under /etc/puppet. The configuration file should be puppet.conf so delete the others:

# rm /etc/puppet/puppetmasterd.conf /etc/puppet/puppetd.conf

Create puppet.conf /etc/puppet/puppet.conf:

File: /etc/puppet/puppet.conf
  vardir = /var/lib/puppet
  logdir = /var/log/puppet
  rundir = /var/run/puppet
  ssldir = $vardir/ssl
  classfile = $vardir/classes.txt
  localconfig = $vardir/localconfig

Create site.pp /etc/puppet/manifests/site.pp:

File: /etc/puppet/manifests/site.pp
# Create "/tmp/testfile" if it doesn't exist.
class test_class {
  file { "/tmp/testfile":
    ensure => present,
    mode   => 644,
    owner  => root,
    group  => root

# the node name has to match the host name of the node
# you can also specify a node default that will get applied
# to all nodes where there is no configuration
node gandalf {
      include test_class
# rc-update add puppetmaster default
# /etc/init.d/puppetmaster start


# rm /etc/puppet/puppetmasterd.conf /etc/puppet/puppetd.conf

Create puppet.conf /etc/puppet/puppet.conf:

File: /etc/puppet/puppet.conf
  server = yourpuppetmasterdserver
  vardir = /var/lib/puppet
  logdir = /var/log/puppet
  rundir = /var/run/puppet
  ssldir = $vardir/ssl
  classfile = $vardir/classes.txt
  localconfig = $vardir/localconfig


You need to sign your certifcate:

1. on the server: Start the puppetmasterd

2. on the client:

# puppetd --waitforcert 60 --verbose --debug
debug: Calling puppetca.getcert
warning: peer certificate won't be verified in this SSL session
notice: Did not receive certificate

3. Run puppetca -l on the server, you should see your request:

# puppetca --list
# puppetca --sign gandalf

4. At the next run your puppetd should create /tmp/testfile



class wine {
    name => 'xwininfo',
    category => 'x11-apps',
    ensure => present,

File permission/File with source/Directory

file {'sshd_config':
  path => '/etc/ssh/sshd_config',
  owner => root,
  group => root,
  mode => 600,
  hasstatus => true,
  source = "puppet://$server/global/sshd_config"
  subscribe => Service['sshd']

  enable => true,
  ensure => running,
  require => Package['openssh'],

  category => 'net-misc',
  name => 'openssh',
  ensure => present


Source means if you have setup the fileserver.conf in your puppetmasterd, then your client will be able to download that file, change the permissions and so forth, and with subscription, it will restart your service.


Enable means puppet will check your runlevel, and if the services hasnt been defined to run at this runlevel, it will ensure it has been defiend to run at this runlevel.

hasstatus set it true if /etc/init.d/scriptname supports status command. If you havent setup it will try to check the service with ps.


 Ensure => latest,installed,present,absent


Will emerge your package at run if there is a newer version


Will emerge your package if it isnt installed.


If the package isnt present it will do nothing, if it is it will perform the class' actions.


It will unmerge your app.
file {'/data':
  ensure => directory,
  owner => root,
  group => root,
  mode => 755,

Node configs

Every node should at least an empty configuration:

  node lisa {
  node '' {

I've setup some standard rules like: desktop-linux,server linux:

class desktop-linux {
  include xorg_config
class server-linux {
  include timezone-sync

Then you can setup server called lisa as server:

  node lisa {
    include server-linux


class sync {
  schedule{ daily:
  range => "2 - 4",
  repeat => 1,
  exec {"/usr/bin/emerge --sync --quiet":
    schedule => daily

Every exec which have daily schedule will be executed between 2-4AM, repeat => 1, so puppet will run only one time.

Mount options

class fs_check {
  mount { "/tmp":
    atboot => yes,
    device => "/dev/rootvg/tmp",
    ensure => mounted,
    fstype => xfs,
    remounts => true,
    pass => 1,
    dump => 0,
    options => "noexec,nosuid,nodev,noatime"

After the mount options changed, the system will try to remount it.


class check_user {
  user { superfly:
    ensure => 'present',
     home => '/home/superfly',
     shell => '/bin/zsh',
     password => 'password', 
     groups => ['wheel','users']
Note: Provider useradd does not support features manages_passwords; not managing attribute password
Retrieved from ""

Last modified: Fri, 12 Sep 2008 14:01:00 +0000 Hits: 3,979