Install agents with the install script
You can use the install script for *nix, Windows, and macOS nodes. The install script installs and configures the agent on target nodes using installation packages from the Puppet Enterprise (PE) package management repo.
- Detects the operating system on which it's running, sets up an
apt
,yum
, orzipper
repo that refers back to the primary server, and then pulls down and installs thepuppet-agent
packages. If the install script can't find agent packages corresponding to the agent's platform, it fails with an error telling you whichpe_repo
class you need to declare on the primary server (in the console at ). - Downloads a plug-in tarball from the primary server. This feature is controlled
by the
pe_repo::enable_bulk_pluginsync
andpe_repo::enable_windows_bulk_pluginsync
settings, which are set totrue
(enabled) by default.Note: Depending on how many modules you have installed, bulk plug-in sync can improve agent installation speed. However, if your primary server runs on a different platform than your agent nodes, bulk plug-in sync might be less beneficial. The plug-in tarball is based on the plug-ins running on the primary server's agent, which might not match the plug-ins required for agents on other platforms. - Creates a basic
puppet.conf
file containing the node's configuration settings. This file is stored at/etc/puppetlabs/puppet/puppet.conf
. - Kicks off a Puppet run.
Use the install script
If you're
installing an agent with a different OS than your primary server, you must
declare the corresponding pe_repo
class on the primary server,
such as pe_repo::platform::el_7_x86_64
. Declare these classes
in the console at .
If your primary server is airgapped or uses a proxy server
to access the internet, before installing agents, you must specify
pe_repo::http_proxy_host
and
pe_repo::http_proxy_port
in the PE
Master node group's pe_repo
class. For information about how to download agent installation packages through
a proxy, see Configure proxies.
- In the PE console, go to .
- Under Manual installation, copy the command corresponding with your node's OS. You can use the *nix nodes script for *nix and macOS nodes.
- Launch the install script by running the command you copied. For Windows nodes, run the command in an
administrative PowerShell window.Remember: If the install script can't find agent packages corresponding to the agent's OS, it fails with an error telling you which
pe_repo::platform
class you need to declare on the primary server (at ). - Run
puppet agent -t
to add the node to the node inventory and generate the CSR. - Accept the CSR as explained in Managing certificate signing requests.
Customize the install script
If necessary, you can use these options to modify the install script to define specific agent configuration settings, CSR attributes, or MSI properties. You can also control whether the Puppet service is running or enabled after agent installation.
For general information about forming curl commands, authentication in commands, and Windows modifications, go to Using example commands.
puppet.conf
settings
You can use the install script to specify agent configuration settings in the node's
puppet.conf
file, which is generated by the install script.
puppet.conf
and provides
tips for successfully defining settings. Some commonly-specified settings include: server
certname
environment
splay
splaylimit
noop
You can specify an unlimited number of settings in any order. In the install script
command, use the section:key=value
pattern to define each setting
and leave one space between settings. In the *nix
install script command, use -s
to introduce the
assortment of settings.
http_proxy_host
setting by adding the following code to the install
script
command:-s agent:http_proxy_host=<PROXY_FQDN>
splay
, certname
, and environment
settings in the main
and agent
sections of the
puppet.conf
file:
main:certname=node1.company.com \
agent:splay=true \
agent:environment=development
The puppet.conf
file
resulting from this code contains:[main]
certname = node1.corp.net
[agent]
splay = true
environment = development
puppet.conf
file directly (at
/etc/puppetlabs/puppet/puppet.conf
) or using the puppet
config set
sub-command.For example, to point an agent at a primary
server called primary.example.com
, run puppet config
set server primary.example.com
. This command adds server =
primary.example.com
to the [main]
section of the
node's puppet.conf
file.
CSR attribute settings
Certificate signing request attribute settings are added to the node's
puppet.conf
file and are included in the
custom_attributes
and extension_requests
sections of the csr_attributes.yaml
file. The Puppet
csr_attributes.yaml: Certificate extensions reference
provides details about these settings.
You can specify an unlimited number of settings in any order. In the install script
command, use the section:key=value
pattern to define each setting
and leave one space between settings. In the *nix
install script command, use -s
to introduce the
assortment of settings.
-s main:certname=<CERTNAME_OTHER_THAN_FQDN> \
custom_attributes:challengePassword=<PASSWORD_FOR_AUTOSIGNER_SCRIPT> \
extension_requests:pp_role=<PUPPET_NODE_ROLE>
The above code adds
the main:certname
setting to the puppet.conf
file and a
csr_attributes.yaml
file
containing:---
custom_attributes:
challengePassword: <PASSWORD_FOR_AUTOSIGNER_SCRIPT>
extension_requests:
pp_role: <PUPPET_NODE_ROLE>
csr_attributes.yaml
file in the Puppet
confdir
(at
C:\ProgramData\PuppetLabs\puppet\etc\csr_attributes.yaml
) prior
to installing the Puppet agent package with another
agent installation method.MSI properties (Windows only)
MSI Property | PowerShell flag |
---|---|
INSTALLDIR |
-InstallDir |
PUPPET_AGENT_ACCOUNT_USER |
-PuppetAgentAccountUser |
PUPPET_AGENT_ACCOUNT_PASSWORD |
-PuppetAgentAccountPassword |
PUPPET_AGENT_ACCOUNT_DOMAIN |
-PuppetAgentAccountDomain |
pup_adm
with the defined
password:-PuppetAgentAccountUser ‘pup_adm’ -PuppetAgentAccountPassword ‘<PASSWORD>’ -PuppetAgentAccountDomain '<DOMAIN>'
PUPPET_AGENT_ACCOUNT_USER
, you
must also specify PUPPET_AGENT_ACCOUNT_PASSWORD
and
PUPPET_AGENT_ACCOUNT_DOMAIN
unless the node is under a
gMSA.For gMSAs, you must specify
PUPPET_AGENT_ACCOUNT_USER
(the user for the gMSA) and
PUPPET_AGENT_ACCOUNT_DOMAIN
. Do not specify
PUPPET_AGENT_ACCOUNT_PASSWORD
.
If you need to specify additional MSI properties, you might need to Install Windows agents with the .msi package.
Puppet service status
-
ensure
controls whether the Puppet service is running.- Accepts values of
running
orstopped
. -
*nix format:
--puppet-service-ensure <VALUE>
-
Windows format:
-PuppetServiceEnsure <VALUE>
- Accepts values of
-
enable
controls whether the Puppet service is enabled.- Accepts values of
true
,false
,mask
, ormanual
(Windows only). -
*nix format:
--puppet-service-enable <VALUE>
-
Windows format:
-PuppetServiceEnable <VALUE>
- Accepts values of
-s --puppet-service-ensure stopped --puppet-service-enable false
-PuppetServiceEnsure stopped -PuppetServiceEnable false