Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools


Puppet Professional - exam objectives


Identify Style Guide recommendations

to do…

Describe language features

to do…

Identify the core resource types

to do…

Demonstrate knowledge of classes and defines

to do…


Describe how to use modules from the Forge

  • List installed modules:
    puppet module list --tree
  • Search modules:
    puppet module search nginx
  • Install module:
    puppet module install <module>
  • Install module to different environment:
    puppet module install saz-motd --environment test

Demonstrate knowledge of module structure

to do…

Identify module authoring best practices

to do…

Using Puppet

Describe environments in Puppet

Environments are groups of puppet agents. Configured via directory or config file. Directory is easier and will replace config file environments.

  • Directory environments, per default enabled in v3.7.
  • Provides module path, main manifest and -config version- script.
create test environment
mv /etc/puppetlabs/puppet/environments/production/manifests/site.pp /etc/puppetlabs/puppet/manifests

# edit puppet.conf
default_manifest = $confdir/manifests

cp -R /etc/puppetlabs/puppet/environments/production/ /etc/puppetlabs/puppet/environments/test

# check basemodulepath in puppet.conf includes: /opt/puppet/share/puppet/modules

Describe the life cycle of a Puppet run

  • Node sends data about its state (facts) to the puppet master (hostname, node name, os, virtual, etc.)
  • Puppet uses the facts to compile a catalog that specifies how the node should be configured. Sends the catalog to the agent.
  • Config changes (if necessary) are reported back to the master.
  • Puppet master aggregates reports and Puppet's API can also report to 3rd party tools.

Describe Puppet ecosystem component usage

to do…

Describe how to configure a Puppet master

Pre install

  • Meet the necessary system requirements.
  • Make sure DNS is working, configure A and PTR records, a puppet CNAME will also work.
  • Sync time with NTPd or Chronyd.
  • Open firewall ports 8140/tcp (puppet master), 443/tcp (web console), 61613/tcp (ActiveMQ MCollective). If you are using the web-based install, open port 3000/tcp during install.


  • Monolitic or split install.
  • Local or remote database.

Post install

  • Configure master server.
  • Install agents via OS repo or download package. Configure puppet.conf, enable puppet.service and start agent.
  • Sign agent certificates.
    puppet cert list
    puppet cert sign <name>
    puppet cert sign --all

Puppet Internals

Describe the purpose of types and providers

to do…

Describe Puppet’s use of SSL certificates

  • All client↔server traffic over HTTPS.
  • Uses its own CA per default.
  • Public / private keys to encrypt and sign.
  • List outstanding certificates:
    puppet cert list
  • List all certificates:
    puppet cert list --all
  • Sign certificate:
    puppet cert sign <NAME>


Describe classification

  • Using the PE console, the best practice architecture is to create environment groups and classification groups.
  • Classify via site.pp
  • Classify using Hiera.

Environment node group

  • Create groups for setting environment only (dev, test, accept), do not add classes to these groups.
  • Set environment override only in the environment node groups.
  • Create a rule to match agents to env. groups. You can use pinning, but rules are the most flexible way to assign nodes.

Classification node group

  • Create classification node group for example web-dev, web-prod, monitor, etc.
  • Create a rule to match agents to class. groups.


Describe Node Manager

  • Puppet Enterprise rule based node classification.
  • Dynamically assign nodes to groups:
    • Create node groups
    • Create rules to dynamically add and remove nodes from node groups
    • Assign classes to node groups

Describe RBAC

  • Role Based Access Control, manages permissions.
  • Can use external directories: LDAP, ActiveDirectory.
  • Manage roles and users via Enterprise Console “Access Control” tab.

Demonstrate knowledge of how to troubleshoot PE Console

to do…

Describe reporting capabilities in PE Console

to do…


Describe the purpose of PuppetDB

  • Collects data generated by puppet.
    • most recent facts from every node.
    • most recent catalog from every node.
    • optionally event reports.
  • Exports resources. Can be used by other nodes. For example a backup module configures the client and also adds the backup agent definition to the backup server.

Demonstrate knowledge of Hiera

to do…

Describe the usage of MCollective

  • Log in as peadmin (cli).
    su - peadmin
  • Install, enable and start the MCollective agent on the client:
    yum install mcollective
  • Test connectivity:
    peadmin@puppet:~$ mco ping                time=51.06 ms
    ---- ping statistics ----
    1 replies max: 51.06 min: 51.06 avg: 51.06

Demonstrate knowledge of Facter

  • Facter collects facts about the current system.
  • Per default all facts will be returned.
  • Display single fact:
    $ facter netmask
  • Can be extended with scripts on the local system or on puppet master (Plugins in Modules)
  • A single script can return multiple facts.
    • Local executable system script example: /etc/facter/facts.d/testje:
      # create executable script:
      echo "key1=value1"
      # Then run the test:
      $ facter key1
  • Find bottlenecks with:
    facter --timing
  • Structured facts: hash or array.
puppet_professional_objectives.txt · Last modified: 2021/10/09 15:14 by