Please enable JavaScript to view the comments powered by Disqus. What is Puppet and What are its Key Components





What is Puppet and What are its Key Components



Last updated 27/07/2021

What is Puppet and What are its Key Components

Puppet is a tool that helps you manage and automate the configuration of servers.

When you use Puppet, you define the desired state of the systems in your infrastructure that you want to manage. You do this by writing infrastructure code in Puppet's Domain-Specific Language (DSL) — Puppet Code — which you can use with a wide array of devices and operating systems. Puppet code is declarative, which means that you describe the desired state of your systems, not the steps needed to get there. Puppet then automates the process of getting these systems into that state and keeping them there. Puppet does this through Puppet primary server and a Puppet agent. The Puppet primary server is the server that stores the code that defines your desired state. The Puppet agent translates your code into commands and then executes it on the systems you specify, in what is called a Puppet run.

The diagram below shows how the server-agent architecture of a Puppet run works.

The primary server and the agent are part of the Puppet platform, which is described in The components that make up Puppet — along with facts, catalogs, and reports.

How Puppet Works 

Puppet has a primary-secondary node architecture. 

The clients are distributed across the network and communicate with the primary-secondary environment where Puppet modules are present. The client agent sends a certificate with its ID to the server; the server then signs that certificate and sends it back to the client. This authentication allows for secure and verifiable communication between the client and the master. 

The factar then collects the state of the clients and sends it to the master. Based on the fact sent, the master compiles the manifests into the catalogs, which are sent to the clients, and an agent executes the manifests on its machine. A report is generated by the client that describes any changes made and is sent to the master. 

This process is repeated at regular intervals, ensuring all client systems are up to date. In the next section, let us find out about the various companies adopting Puppet as a part of our learning about what is Puppet.

Why use Puppet desired state management?

There are many benefits to implementing a declarative configuration tool like Puppet into your environment — most notably consistency and automation.

  • Consistency. Troubleshooting problems with servers is a time-consuming and manually intensive process. Without configuration management, you are unable to make assumptions about your infrastructure — such as which version of Apache you have or whether your colleague configured the machine to follow all the manual steps correctly. But when you use configuration management, you are able to validate that Puppet applied the desired state you wanted. You can then assume that state has been applied, helping you to identify why your model failed and what was incomplete, and saving you valuable time in the process. Most importantly, once you figure it out, you can add the missing part to your model and ensure that you never have to deal with that same problem again.
  • Automation. When you manage a set of servers in your infrastructure, you want to keep them in a certain state. If you only have to manage homogeneous 10 servers, you can do so with a script or by manually going into each server. In this case, a tool like Puppet may not provide much extra value. But if you have 100 or 1,000 servers, a mixed environment, or you have plans to scale your infrastructure in the future, it is difficult to do this manually. This is where Puppet can help you — to save you time and money, to scale effectively, and to do so securely.

Puppet in DevOps?

Puppet is often used and applied in DevOps so let’s review the reasons for its use in DevOps. 

  • Puppet applies the model of continuous delivery to the software release cycle by automating operations and working process of deployment
  • Idle time caused by issues with configuration is minimized or can be avoided as the speed of system recovery is high thanks to Puppet and other automation systems for servers management
  • Unlike scripts, Puppet can work well in large infrastructures and automates repetitive tasks easily; also, it’s well-supported
  • Puppet has broad sectoral support in Cloud and DevOps ecosystems and is often applied in automation.

Scalability and consistency, portable infrastructure, flexibility, and constant infrastructure analysis are essential aspects for the DevOps to pay attention to. When using Puppet, many of these problems are solved. There are many other useful tools for the DevOps to use and the range is continuously growing. The difference between the newer tools that they are not as popular, while Puppet has a solid reputation, shows significant progress and is in use by many large IT companies.  

Key concepts behind Puppet

Using Puppet is not just about the tool, but also about a different culture and a way of working. The following concepts and practices are key to using and being successful with Puppet.


Puppet is built on the concept of infrastructure-as-code, which is the practice of treating infrastructure as if it were code. This concept is the foundation of DevOps — the practice of combining software development and operations. Treating infrastructure as code means that system administrators adopt practices that are traditionally associated with software developers, such as version control, peer review, automated testing, and continuous delivery. These practices that test code are effectively testing your infrastructure. When you get further along in your automation journey, you can choose to write your own unit and acceptance tests — these validate that your code, your infrastructure changes, do as you expect.


A key feature of Puppet is idempotency — the ability to repeatedly apply code to guarantee the desired state on a system, with the assurance that you will get the same result every time. Idempotency is what allows Puppet to run continuously. It ensures that the state of the infrastructure always matches the desired state. If a system state changes from what you describe, Puppet will bring it back to where it is meant to be. It also means that if you make a change to your desired state, your entire infrastructure automatically updates to match.

Agile methodology 

When adopting a tool like Puppet, you will be more successful with an agile methodology in mind — working in incremental units of work and reusing code. Trying to do too much at once is a common pitfall. The more familiar you get with Puppet, the more you can scale, and the more you get used to agile methodology, the more you can democratize work. When you share a common methodology, a common pipeline, and a common language (the Puppet language) with your colleagues, your organization becomes more efficient at getting changes deployed quickly and safely.

Git and version control

Git is a version control system that tracks changes in code. While version control is not required to use Puppet, it is highly recommended that you store your Puppet code in a Git repository. Git is the industry standard for version control, and using it will help your team gain the benefits of the DevOps and agile methodologies

When you develop and store your Puppet code in a Git repository, you will likely have multiple branches — feature branches for developing and testing code and a production branch for releasing code. You test all of your code on a feature branch before you merge it to the production branch. This process, known as Git flow, allows you to test, track, and share code, making it easier to collaborate with colleagues. For example, if someone on your team wants to make a change to an application's firewall requirements, they can create a pull request that shows their proposed changes to the existing code, which everyone on your team can review before it gets pushed to production. This process leaves far less room for errors that could cause an outage.

The components that makeup Puppet 

Puppet is made up of several components. Together these are called the Puppet platform, which is what you use to manage, store and run your Puppet code. These components include Puppet ServerPuppet agentFacterHiera, and PuppetDB.

Puppet is configured in an agent-server architecture, in which a primary node (system) controls configuration information for one or more managed agent nodes. Servers and agents communicate by HTTPS using SSL certificates. Puppet includes a built-in certificate authority for managing certificates. Puppet Server performs the role of the primary node and also runs an agent to configure itself.

Facter, Puppet’s inventory tool, gathers facts about an agent node such as its hostname, IP address, and operating system. The agent sends these facts to the primary server in the form of a special Puppet code file called a manifest. This is the information the primary server uses to compile a catalog — a JSON document describing the desired state of a specific agent node. Each agent requests and receives its own individual catalog and then enforces that desired state on the node it's running on. In this way, Puppet applies changes all across your infrastructure, ensuring that each node matches the state you defined with your Puppet code. The agent sends a report back to the primary server.

You keep nearly all of your Puppet code, such as manifests, in modules. Each module manages a specific task in your infrastructure, such as installing and configuring a piece of software. Modules contain both code and data. The data is what allows you to customize your configuration. Using a tool called Hiera, you can separate the data from the code and place it in a centralized location. This allows you to specify guardrails and define known parameters and variations so that your code is fully testable and you can validate all the edge cases of your parameters. If you have just joined an existing team that uses Puppet, take a look at how they organize their Hiera data.

All of the data generated by Puppet (for example facts, catalogs, reports) is stored in the Puppet database (PuppetDB). Storing data in PuppetDB allows Puppet to work faster and provides an API for other applications to access Puppet's collected data. Once PuppetDB is full of your data, it becomes a great tool for infrastructure discovery, compliance reporting, vulnerability assessment, and more. You perform all of these tasks with PuppetDB queries.

The diagram below shows how the Puppet components fit together.

Open source Puppet vs. Puppet Enterprise (PE)

Puppet Enterprise (PE) is the commercial version of Puppet and is built on top of the Puppet platform. Both products allow you to manage the configuration of thousands of nodes. Open source Puppet does this with desired state management. PE provides an imperative, as well as a declarative approach to infrastructure automation.

If you have a complex or large infrastructure that is used and managed by multiple teams, PE is a more suitable option, as it provides a graphical user interface, point-and-click code deployment strategies, continuous testing and integration, and the ability to predict the impact of code changes before deployment.

The Puppet ecosystem

Alongside Puppet the configuration tool, there are additional Puppet tools and resources to help you use and be successful. These make up the Puppet ecosystem

Install existing modules from Puppet Forge

Modules manage a specific technology in your infrastructure and serve as the basic building blocks of Puppet desired state management. On the Puppet Forge, there is a module to manage almost any part of your infrastructure. Whether you want to manage packages or patch operating systems, a module is already set up for you.

When using an existing module from the Forge, most of the Puppet code is written for you. You just need to install the module and its dependencies and write a small amount of code (known as a profile) to tie things together

Develop existing or new modules with Puppet Development Kit (PDK)

You can write your own Puppet code and modules using Puppet Development Kit (PDK), which is a framework to successfully build, test, and validate your modules. Note that most Puppet users won’t have to write full Puppet code at all, though you can if you want to...

Write Puppet code with the VSCode extension

The Puppet VSCode extension makes writing and managing Puppet code easier and ensures your code is high quality. Its features include Puppet DSL IntelliSense, linting, and built-in commands. You can use the extension with Windows, Linux, or macOS.

Run acceptance tests with Litmus

Litmus is a command-line tool that allows you to run acceptance tests against Puppet modules for a variety of operating systems and deployment scenarios. Acceptance tests validate that your code does what you intend it to do.

Use cases

Puppet Forge has existing modules and code examples that assist with automating the following use cases:

  • Base system configuration
  • Manage web servers
  • Manage database systems
  • Manage middleware/application systems
  • Source control
  • Monitoring
  • Patch management
  • Package management
  • Containers and cloud-native
  • Networking
  • Secrets management
  • Continuous integration and delivery of Puppet code
  • Incident remediation


In this article, we have looked through many things connected with Puppet and DevOps. We also saw key components of Puppet and all the use cases related to puppet.


Topic Related Post

DevOps Trends in 2024: The Continued Rise of GitOps, Data Observability, and Security
Building a High-Performing SRE Team: Key Strategies and Best Practices
Securing the Pipeline: Integrating Security into Your SRE Practices

About Author

NovelVista Learning Solutions is a professionally managed training organization with specialization in certification courses. The core management team consists of highly qualified professionals with vast industry experience. NovelVista is an Accredited Training Organization (ATO) to conduct all levels of ITIL Courses. We also conduct training on DevOps, AWS Solution Architect associate, Prince2, MSP, CSM, Cloud Computing, Apache Hadoop, Six Sigma, ISO 20000/27000 & Agile Methodologies.




* Your personal details are for internal use only and will remain confidential.


Upcoming Events


Every Weekend


Every Weekend


Every Weekend


Every Weekend

Topic Related

Take Simple Quiz and Get Discount Upto 50%

Popular Certifications

AWS Solution Architect Associates
SIAM Professional Training & Certification
ITIL® 4 Foundation Certification
DevOps Foundation By DOI
Certified DevOps Developer
PRINCE2® Foundation & Practitioner
ITIL® 4 Managing Professional Course
Certified DevOps Engineer
DevOps Practitioner + Agile Scrum Master
ISO Lead Auditor Combo Certification
Microsoft Azure Administrator AZ-104
Digital Transformation Officer
Certified Full Stack Data Scientist
Microsoft Azure DevOps Engineer
OCM Foundation
SRE Practitioner
Professional Scrum Product Owner II (PSPO II) Certification
Certified Associate in Project Management (CAPM)
Practitioner Certified In Business Analysis
Certified Blockchain Professional Program
Certified Cyber Security Foundation
Post Graduate Program in Project Management
Certified Data Science Professional
Certified PMO Professional
AWS Certified Cloud Practitioner (CLF-C01)
Certified Scrum Product Owners
Professional Scrum Product Owner-II
Professional Scrum Product Owner (PSPO) Training-I
GSDC Agile Scrum Master
ITIL® 4 Certification Scheme
Agile Project Management
FinOps Certified Practitioner certification
ITSM Foundation: ISO/IEC 20000:2011
Certified Design Thinking Professional
Certified Data Science Professional Certification
Generative AI Certification
Generative AI in Software Development
Generative AI in Business
Generative AI in Cybersecurity
Generative AI for HR and L&D
Generative AI in Finance and Banking
Generative AI in Marketing
Generative AI in Retail
Generative AI in Risk & Compliance
ISO 27001 Certification & Training in the Philippines
Generative AI in Project Management
Prompt Engineering Certification
SRE Certification Course
Devsecops Practitioner Certification
AIOPS Foundation Certification
ISO 9001:2015 Lead Auditor Training and Certification
ITIL4 Specialist Monitor Support and Fulfil Certification
SRE Foundation and Practitioner Combo
Generative AI webinar
Leadership Excellence Webinar
Certificate Of Global Leadership Excellence
SRE Webinar
ISO 27701 Lead Auditor Certification
Gen AI for Project Management Webinar
Certified Cloud Tester Foundation
HR Business Partner Certification
Chief Learning Officer Certification