Before installing Puppet Enterprise at your site, make sure that your nodes and network are properly configured.
Timekeeping and name resolution
Before installing PE, there are some basic network requirements you need to consider and prepare for. The most important requirements include syncing time and creating a plan for name resolution.
We recommend using NTP or an equivalent service to ensure that time is in sync between your Puppet master and any Puppet agent nodes. If time drifts out of sync in your PE infrastructure, you may encounter issues such as nodes disappearing from live manangement in the console. A service like NTP (available as a Puppet supported module) will ensure accurate timekeeping.
Decide on a preferred name or set of names agent nodes can use to contact the Puppet master server.
Ensure that the Puppet master server can be reached via domain name lookup by all of the future Puppet agent nodes at the site.
You can also simplify configuration of agent nodes by using a CNAME record to make the Puppet master reachable at the hostname puppet. (This is the default Puppet master hostname that is automatically suggested when installing an agent node.)
Puppet Enterprise requires access to certain ports for its network traffic. The following diagrams show port usages for standard PE installations.
Port 3000: If you are installing PE using the web-based installer, ensure port 3000 is open. You can close this port when the installation is complete. If necessary, instructions for port forwarding to the web-based installer are available in the installation instructions. (This applies to both split and mono installs.)
Port 8143: The orchestrator client uses this port to communicate with the orchestration services running on the Puppet master. If you install the client on a workstation, this port must be available.
Port 8150 and 8151: Razor uses port 8150 for HTTP and 8151 for HTTPS. Any node classified as a Razor server must be able to use these ports.
Port 4432: Local connections for node classifier, activity service, and RBAC status checks are sent over this port. Remote connections should use port 4433.
Port 8170: If you use Code Manager, it requires this port. Code manager status checks are sent over this port.