System Requirements and Pre-Installation

A newer version is available; see the version menu above for details.

Before installing Puppet Enterprise:

  • Ensure that your nodes are running a supported operating system.
  • Ensure that your Puppet master and console servers are sufficiently powerful (see the hardware section below).
  • Ensure that your network, firewalls, and name resolution are configured correctly and all target servers are communicating.
  • Plan to install the Puppet master server before the console server, and the console server before any agent nodes. If you are separating components, install them in this order:
    1. Puppet Master
    2. PuppetDB and PostgreSQL
    3. Console
    4. Agents

Supported Operating Systems

Puppet Enterprise 3.8 supports the following operating systems:

Operating system Version(s) Arch Component(s)
Red Hat Enterprise Linux 4, 5, 6, 7 x86_64 all (RHEL 4 supports agent only)
CentOS 4, 5, 6, 7 x86 & x86_64 all (CentOS 4 supports agent only)
Ubuntu LTS 10.04, 12.04, 14.04 i386 & amd64 all
Debian Wheezy (7) i386 & amd64 all
Oracle Linux 4, 5, 6, 7 x86 & x86_64 all (Oracle Linux 4 supports agent only)
Scientific Linux 4, 5, 6, 7 x86 & x86_64 all (Scientific Linux 4 supports agent only)
SUSE Linux Enterprise Server 10 (SP4 only), 11 (SP1 and later), 12 x86 & x86_64 (10 also i386; 12 x86_64 only) all (SLES 10 supports agent only)
Solaris 10 (Update 9 or later), 11 SPARC & i386 agent
Microsoft Windows 2008, 2008R2, 7 Ultimate SP1, 8 Pro, 8.1 Pro, 2012, 2012R2 x86 & x64 agent
Microsoft Windows 2003, 2003R2 x86 agent
AIX 5.3, 6.1, 7.1 Power agent
Mac OS X Mavericks (10.9) x86_64 agent

Puppet Master Platform Deprecations: Several Puppet master platforms have been deprecated in PE 3.8 and will be removed in future versions of PE. PE agent support on these platforms will continue. The deprecated Puppet master platforms include all 32-bit master platforms, all Debian versions, EL 5 versions, and Ubuntu 10.04. Going forward, only 64-bit Puppet masters will be supported, but 32-bit agent support will continue to be offered.

  • All 32-bit versions
  • All Debian versions
  • EL 5 (RHEL, CentOS, Scientific, Oracle)
  • Ubuntu 10.4

See the release notes for a detailed list of deprecated platforms.

Note: Some operating systems require an active subscription with the vendor’s package management system (e.g., the Red Hat Network) to install dependencies.

Performing Major OS Upgrades When Puppet Enterprise is Installed

In this context, a major OS upgrade refers to an upgrade to a new whole version, such as an upgrade from CentOS 6.0 to CentOS 7.0; it does not refer to a minor version upgrade (e.g., CentOS 6.5 to CentOS 6.6). A major OS upgrade typically requires a new version of PE.

Performing major upgrades of your OS while PE is installed can cause problems with PE. To perform an OS upgrade, you’ll need to perform the following steps:

  1. Back up your databases and other PE files.
  2. Perform a complete uninstall (including the -p -d uninstaller option).
  3. Upgrade your OS.
  4. Install PE.
  5. Restore your backup.

Supported Network Devices

Puppet Enterprise supports running Puppet agents on the following networking devices/operating systems:

Hardware Recommendations

We provide the following hardware recommendations for Puppet Enterprise, but please note these recommendations may vary depending on the size and complexity of your PE infrastructure.

Evaluation Environment

An evaluation environment is run on a monolithic installation and is suitable for evaluating PE on 250 or fewer nodes. For the monolithic PE install (the Puppet master, PuppetDB, and PE console roles are all on same machine), we recommend that your hardware meets the following:

Node Cores RAM /opt/ EC2
Eval Monolithic node 4 6 GB 100 GB m3.large or m4.large instance

Small Environment

A small environment is run on a monolithic installation and is suitable for running PE on 500 nodes. For the monolithic PE install (the Puppet master, PuppetDB, and PE console roles are all on same machine), we recommend that your hardware meets the following:

Node Cores RAM /opt/ EC2
Small Monolithic node 4 16 GB 100 GB m3.xlarge or m4.xlarge instance

Medium Environment

A medium environment is run on a split installation and is suitable for running PE on up to 1,000 nodes. We recommend that your hardware meets the following:

Node Cores RAM /opt/ EC2
Puppet master 4 16 GB 10 GB m3.xlarge or m4.xlarge instance
PE console 4 16 GB 10 GB m3.xlarge or m4.xlarge instance
PuppetDB 4 16 GB 100 GB m3.xlarge or m4.xlarge instance

Large Environment

A large environment is run on a split/large environment installation and is suitable for running PE on 1,000 or more nodes. We recommend that your hardware meets the following:

Node Cores RAM /opt/ EC2
Puppet master 4 16 GB 10 GB m3.xlarge or m4.xlarge instance
PE console 8 30 GB 10 GB m3.2xlarge or m4.2xlarge instance
PuppetDB 4 16 GB 100 GB m3.2xlarge instance
Compile master 4 16 GB 10 GB m3.xlarge or m4.xlarge instance
ActiveMQ hubs 2 4 GB 10 GB m3.large instance
ActiveMQ Spoke 2 4 GB 10GB m3.large instance

Supported Browsers

The following browsers are supported for use with the PE console:

  • Chrome: Current version, as of release
  • Firefox: Current version, as of release
  • Internet Explorer: 9, 10, and 11
  • Safari: 7

System Configuration

Before installing Puppet Enterprise at your site, you should make sure that your nodes and network are properly configured.

Timekeeping

We recommend using NTP or an equivalent service to ensure that time is in sync between your Puppet master and any Puppet agent nodes. If time drifts out of sync in your PE infrastructure, you may encounter issues such as nodes disappearing from live manangement in the console. A service like NTP (available as a Puppet Labs supported module) will ensure accurate timekeeping.

Name Resolution

  • Decide on a preferred name or set of names agent nodes can use to contact the Puppet master server.
  • Ensure that the Puppet master server can be reached via domain name lookup by all of the future Puppet agent nodes at the site.

You can also simplify configuration of agent nodes by using a CNAME record to make the Puppet master reachable at the hostname puppet. (This is the default Puppet master hostname that is automatically suggested when installing an agent node.)

Firewall Configuration

Configure your firewalls to accommodate Puppet Enterprise’s network traffic.

For Monolithic Installs

Monolithic Port Diagram (Click to enlarge)

Port Use
8140
  • The Puppet master uses this port to accept inbound traffic/requests from Puppet agents.
  • The PE console sends request to the Puppet master on this port.
  • Certificate requests are passed over this port unless ca_port is set differently.
  • Classifier group: “PE Master”
443
  • This port provides host access to the PE console.
  • The PE console accepts traffic from the Puppet master on this port.
  • Classifier group: “PE Console”
61613
  • MCollective uses this port to accept inbound traffic/requests from Puppet agents for orchestration.
  • Any host used to invoke orchestration commands must be able to reach MCollective on this port.
  • Classifier group: “PE ActiveMQ Broker”

For Split Installs

Split Port Diagram (Click to enlarge)

Port Use
8140
  • The Puppet master uses this port to accept inbound traffic/requests from Puppet agents.
  • The PE console sends request to the Puppet master on this port.
  • Certificate requests are passed over this port unless ca_port is set differently.
  • Classifier group: “PE Master”
443
  • This port provides host access to the PE console.
  • The PE console accepts traffic from the Puppet master on this port.
  • Classifier group: “PE Console”
8081
  • PuppetDB accepts traffic/requests on this port.
  • The Puppet master and PE console send traffic to PuppetDB on this port.
  • Classifier group: “PE PuppetDB”
61613
  • MCollective uses this port to accept inbound traffic/requests from Puppet agents for orchestration.
  • Any host used to invoke orchestration commands must be able to reach MCollective on this port.
  • Classifier group: “PE ActiveMQ Broker”
5432
  • PostgreSQL runs on this port.
  • The PE console node will need to connect to the PuppetDB node hosting the PostgreSQL database on this port.
  • Classifier group: “PE PuppetDB”
4433
  • This port is used as a Classifier / Console Services API endpoint.
  • The Puppet master needs to be able to talk to the Console over this port.
  • Classifier group: “PE Console”
4435
  • This port is used as a report submission endpoint.
  • The Puppet master communicates with the PE console over this port.
  • Classifier group: “PE Console”
61616
  • This port is used for ActiveMQ hub and spoke communication.
  • Classifier group: “PE ActiveMQ Broker”

For Large Environment Installations

LEI Port Diagram (Click to enlarge)

See the split installation port/use table for explanations of the ports and their uses.

Notes about Ports:

  • For split and mono installs: If you are installing PE using the web-based installer, ensure port 3000 is open. You can close this port when the installation is complete. If necessary, instructions for port forwarding to the web-based installer are available in the installation instructions.

  • Razor uses port 8150 for HTTP and 8151 for HTTPS. Any node classified as a Razor server must be able to use these ports.

Dependencies and OS Specific Details

This section details the packages that are installed from the various OS repos. Unless you do not have internet access, you shouldn’t need to worry about installing these manually, they will be set up during PE installation.

PostgreSQL Requirement

If you will be using your own instance of PostgreSQL (as opposed to the instance PE can install) for the console and PuppetDB, it must be version 9.2.

OpenSSL Requirement

OpenSSL is a dependency required for PE. For Solaris 10 and all versions of RHEL, Debian, Ubuntu, Windows, and AIX nodes, OpenSSL is included with PE; for all other platforms it is installed directly from the system repositories.

Centos

  All Nodes Master Nodes Console Nodes Console/Console DB Nodes
pciutils x      
system-logos x      
which x      
libxml2 x      
dmidecode x      
net-tools x      
virt-what x      
apr   x x  
apr-util   x x  
curl   x x  
mailcap   x x  
libjpeg   x   x
libtool-ltdl   x x  
unixODBC   x x  
libxslt        
zlib x      

RHEL

  All Nodes Master Nodes Console Nodes Console/Console DB Nodes
pciutils x      
system-logos x      
which x      
libxml2 x      
dmidecode x      
net-tools x      
cronie (RHEL 6, 7) x      
vixie-cron (RHEL 4, 5) x      
virt-what x      
apr   x x  
apr-util   x x  
apr-util-ldap (RHEL 6)   x x  
curl   x x  
mailcap   x x  
libjpeg   x   x
libtool-ltdl (RHEL 7)   x x  
unixODBC (RHEL 7)   x x  
libxslt        
zlib x      

SLES

  All Nodes Master Nodes Console Nodes Console/Console DB Nodes
pciutils x      
pmtools x      
cron x      
libxml2 x      
net-tools x      
libxslt x x    
libapr1   x x  
libapr-util1   x x  
curl   x x  
libjpeg   x   x
db43   x x  
unixODBC   x x  
zlib x      

Debian

  All Nodes Master Nodes Console Nodes Console/Console DB Nodes
pciutils x      
dmidecode x      
cron x      
libxml2 x      
hostname x      
libldap-2.4-2 x      
libreadline5 x      
virt-what x      
file   x x  
libmagic1   x x  
libpcre3   x x  
curl   x x  
perl   x x  
mime-support   x x  
libapr1   x x  
libcap2   x x  
libaprutil1   x x  
libaprutil1-dbd-sqlite3   x x  
libaprutil1-ldap   x x  
libjpeg62   x   x
libcurl3 (Debian 7)   x x  
libxml2-dev (Debian 7)   x x x
locales-all (Debian 7)       x
libxslt1.1        
zlib x      

Ubuntu

  All Nodes Master Nodes Console Nodes Console/Console DB Nodes
pciutils x      
dmidecode x      
cron x      
libxml2 x      
hostname x      
libldap-2.4-2 x      
libreadline5 x      
virt-what x      
file   x x  
libmagic1   x x  
libpcre3   x x  
curl   x x  
perl   x x  
mime-support   x x  
libapr1   x x  
libcap2   x x  
libaprutil1   x x  
libaprutil1-dbd-sqlite3   x x  
libaprutil1-ldap   x x  
libjpeg62   x   x
libxslt1.1        
libgtk2.0-0   x x x
ca-certificates-java   x x x
openjdk-7-jre-headless*   x x x
libossp-uuid16   x x x
zlib x      

*For Ubuntu 10.04 and Debian 6, use openjdk-6-jre-headless.

AIX

In order to run the Puppet agent on AIX systems, you must ensure the following are installed before attempting to install the Puppet agent:

  • bash
  • zlib
  • readline
  • curl
  • OpenSSL

Warning: For curl and OpenSSL, you must use the versions provided by the “AIX Toolbox Cryptographic Content” repository, which is available via IBM support. Note that the curl version must be 7.9.3. Do not use the curl version in the AIX toolbox package for Linux applications, as that version does not include support for OpenSSL.

To install the bash, zlib, and readline packages on your selected node directly, you can run rpm -Uvh with the following URLs (note that the RPM package provider on AIX must be run as root):

  • ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/bash/bash-3.2-1.aix5.2.ppc.rpm
  • ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/zlib/zlib-1.2.3-4.aix5.2.ppc.rpm
  • ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/readline/readline-6.1-1.aix6.1.ppc.rpm (AIX 6.1 and 7.1 only)
  • ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/readline/readline-4.3-2.aix5.1.ppc.rpm (AIX 5.3 only)

If you are behind a firewall or running an http proxy, the above commands may not work. Instead, use the AIX toolbox packages download available from IBM.

GPG verification will not work on AIX, the RPM version used by AIX (even 7.1) is too old. The AIX package provider doesn’t support package downgrades (installing an older package over a newer package). Avoid using leading zeros when specifying a version number for the AIX provider (i.e., use 2.3.4 not 02.03.04).

The PE AIX implementation supports the NIM, BFF, and RPM package providers. Check the Type Reference for technical details on these providers.

Solaris

Solaris support is agent only.

For Solaris 10, the following packages are required:

  • SUNWgccruntime
  • SUNWzlib
  • In some instances, bash may not be present on Solaris systems. It needs to be installed before running the PE installer. Install it via the media used to install the OS or via CSW if that is present on your system. (CSWbash or SUNWbash are both suitable.)

For Solaris 11 the following packages are required:

  • system/readline
  • system/library/gcc-45-runtime
  • library/security/openssl

These packages are available in the Oracle Solaris release repository (enabled by default on Solaris 11). The PE installer will automatically install them; however, if the release repository is not enabled, the packages will need to be installed manually.


Next Steps

↑ Back to top