A Comprehensive Guide to Puppet: Architecture, Installation, and Resource Management

Puppet is an open‑source, cross‑platform configuration management framework that uses a client‑server (C/S) architecture to manage packages, files, services and cron jobs across Linux, Windows, Unix and macOS.

In large‑scale environments where thousands of servers need rapid, consistent provisioning, Puppet can automate DNS changes, template‑based deployments, Apache configuration updates, software installations, service restarts, and incremental configuration modifications.

Background

Traditional manual configuration becomes impractical when the number of servers reaches tens of thousands. The article describes a case where over 30,000 web servers require fast, reliable deployment.

Puppet Architecture

Puppet consists of a master (server) that stores manifests and a set of agents (clients) that periodically request their catalogs. SSL is used for authentication; in high‑availability setups a separate CA server centralises certificate management.

Workflow

Agent establishes SSL connection to master.

Agent sends facts (hostname, OS version, IP, load) to master.

Master selects the appropriate manifest or ENC.

Manifest is parsed; syntax errors abort the run.

Master compiles a catalog and returns it to the agent.

Agent applies the catalog, logs results, and reports back.

Agent information is sent to master as a report.

Process ends.

Installation and Configuration – Master

Four master nodes manage roughly 15,000 servers. Steps include installing puppet-server , Apache, mod_ssl , mod_passenger ; editing /etc/puppet/puppet.conf ; copying the CA SSL directory; initializing the master; creating Apache virtual‑host configuration; setting DocumentRoot ; and starting the Puppet service.

Installation and Configuration – CA Server

A dedicated CA server handles certificate issuance for the master cluster. Steps mirror the master installation, plus creating /etc/puppet/autosign.conf ("*" to allow all hosts) and starting the master to generate keys.

Installation and Configuration – Agent

Agents are installed via internal packages addops-puppet and addops-puppet-agent-extra , which automatically set ca_server , server and node_name_value . Testing is done with puppet agent --test and optional environment flags.

Puppet Configuration File (puppet.conf)

The file resides in /etc/puppet/ and contains three sections: main , master , and agent . Main options include confdir , vardir , logdir , rundir , ssldir , etc. Master options cover user , group , certname , bindaddress , masterport , and CA settings. Agent options include classfile , localconfig , runinterval , listen , report , and server details.

Resources

Resources are the core abstraction in Puppet. Common types are package , file , service , and exec . The article details the package resource (attributes: name , ensure , source , provider ) and the file resource (attributes: ensure , path , owner , group , mode , source ) with example manifests.

Conclusion

As server fleets grow, automated configuration reduces operational cost. Puppet’s ease of use, rapid deployment, and broad adoption (e.g., Alibaba, Oracle, Google) make it a solid foundation for large‑scale cluster management. Future topics will cover Facter, Hiera, module standards, and master cluster scaling.