Preconfigured node groups

Puppet Enterprise includes preconfigured node groups that are used to manage your configuration.

All Nodes node group

This node group is at the top of the hierarchy tree. All other node groups stem from this node group.

Classes
No default classes. Avoid adding classes to this node group.
Matching nodes
All nodes.
Notes
You can't modify the preconfigured rule that matches all nodes.

Infrastructure node groups

Infrastructure node groups are used to manage PE.

Important: Don't make changes to infrastructure node groups other than pinning new nodes for documented functions, like creating compilers. If you want to add custom classifications to infrastructure nodes, create new child groups and apply classification there.

PE Infrastructure node group

The PE Infrastructure node group is the parent to all other infrastructure node groups. This node group contains data, such as the service hostnames, service ports, and database info (excluding passwords).

CAUTION:

It's important to correctly configure the puppet_enterprise class in the PE Infrastructure node group. This class' parameters impact the behavior of all other preconfigured node groups that use classes starting with puppet_enterprise::profile. Incorrectly configuring this class can cause a service outage.

Don't remove the PE Infrastructure node group. Removing this node group disrupts communication between all of your infrastructure nodes.

Classes
puppet_enterprise: Sets the default parameters for all child infrastructure node groups
Matching nodes
Nodes are not pinned to this node group.
The PE Infrastructure node group is the parent to all other infrastructure node groups, such as PE Master. The PE Infrastructure node group's only purpose is to set classifications that are inherited by all child infrastructure node groups.
Never pin nodes directly to the PE Infrastructure node group. Instead, pin nodes to children of this group.
The following table describes the puppet_enterprise class parameters set on the PE Infrastructure node group (and that are inherited by child infrastructure node groups).
Tip: <YOUR HOST> is your primary server's certname. To find the certname run: puppet config print certname
Parameter Value
certificate_authority_host "<YOUR HOST>"
console_host "<YOUR HOST>"
console_port 443 or another port number.

Only change this if you changed the PE console service port number from the default of 443.

database_host "<YOUR HOST>"
database_port 5432 or another port number.

Only change this if you changed the PostgreSQL database port from the default of 5432.

database_ssl

true if you're using PE-installed PostgreSQL.

false if you're using your own PostgreSQL.

pcp_broker_host "<YOUR HOST>"
puppet_master_host "<YOUR HOST>"
puppetdb_database_name "pe-puppetdb"
puppetdb_database_user "pe-puppetdb"
puppetdb_host ["<YOUR HOST>"]
puppetdb_port [8081] or another port number.

Only change this if you changed the PuppetDB port number from the default of 8081. For example, if The PuppetDB default port conflicts with another service.

PE Certificate Authority node group

This node group is used to manage the certificate authority (CA).

Classes
puppet_enterprise::profile::certificate_authority — manages the certificate authority on the primary server
Matching nodes
On a new install, the primary server is pinned to this node group.
Notes
Don't add additional nodes to this node group. To avoid issues, don't set the client_allowlist parameter of the puppet_enterprise::profile::certificate_authority class in this node group. Instead, to grant certificates access to the CA API without listing individual certificate names, use the "pp_cli_auth": "true" certificate extension. For instructions, see Puppet-specific registered IDs.

PE Master node group

This node group is used to manage the primary server.

Classes
  • puppet_enterprise::profile::master — manages the primary server service
Matching nodes
On a new install, the primary server is pinned to this node group.

PE Compiler node group

This node group is a subset of the PE Master node group used to manage compilers running the PuppetDB service.

Classes
  • puppet_enterprise::profile::master — manages the primary server service
  • puppet_enterprise::profile::puppetdb — manages the PuppetDB service

Matching nodes
Compilers running the PuppetDB service are automatically added to this node group.
Notes
Don't add additional nodes to this node group.

PE Orchestrator node group

This node group is used to manage the PE orchestration services configuration, which includes things like task concurrency limits, the PCP broker timeout, and how many JRubies can run in the orchestrator at one time.

Classes
puppet_enterprise::profile::orchestrator — manages PE orchestration services
Matching nodes
On a new install, the primary server is pinned to this node group.
Notes
Don't add additional nodes to this node group.

PE PuppetDB node group

This node group is used to manage nodes running the PuppetDB service. If the node is also serving as a compiler, it's instead classified in the PE Compiler node group.

Classes
puppet_enterprise::profile::puppetdb — manages the PuppetDB service
Matching nodes
PuppetDB nodes that aren't functioning as compilers are pinned to this node group.
Notes
Don't add additional nodes to this node group.

PE Console node group

This node group is used to manage the console.

Classes
  • puppet_enterprise::profile::console — manages the console, node classifier, and RBAC
  • puppet_enterprise::license — manages the PE license file for the status indicator
Matching nodes
On a new install, the console server node is pinned to this node group.
Notes
Don't add additional nodes to this node group.

PE Agent node group

This node group is used to manage the configuration of agents.

Classes
puppet_enterprise::profile::agent — manages your agent configuration
Matching nodes
All managed nodes are pinned to this node group by default.

PE Infrastructure Agent node group

This node group is a subset of the PE Agent node group used to manage infrastructure-specific overrides.

Classes
puppet_enterprise::profile::agent — manages your agent configuration
Matching nodes
All nodes used to run your Puppet infrastructure and managed by the PE installer are pinned to this node group by default, including the primary server, PuppetDB, console, and compilers.
Notes
You might want to manually pin to this group any additional nodes used to run your infrastructure, such as compiler load balancer nodes. Pinning a compiler load balancer node to this group allows it to receive its catalog from the primary server, rather than the compiler, which helps ensure availability.

PE Database node group

This node group is used to manage the PostgreSQL service.

Classes
  • puppet_enterprise::profile::database — manages the PE-PostgreSQL service
Matching nodes
The node specified as puppet_enterprise::database_host is pinned to this group. By default, the database host is the PuppetDB server node.
Notes
Don't add additional nodes to this node group.

PE Patch Management node group

This is a parent node group for nodes under patch management. Create child node groups based on your needs.

Classes
pe_patch — enables patching on nodes.
Matching nodes
There are no nodes pinned to this group. PE Patch Management is a parent group for node groups under patch management. You can create node groups with unique configurations based on your patching needs.
Notes
Don't add additional nodes to this node group, only add node groups.

Environment node groups

Environment node groups are used only to set environments. They cannot contain any classification.

Preconfigured environment node groups differ depending on the version of PE you're on and you can customize environment groups as needed for your ecosystem. If you upgrade from an older version of PE, your environment node groups stay the same as they were in the older version.