Install Puppet on Ubuntu Server

This article is for those looking for a detailed and straightforward guide on installing Puppet on Ubuntu Server.
Puppet is a cross-platform client-server application that allows you to centrally manage the configuration of operating systems and programs installed on multiple computers.
IMPORTANTOpenSSH must be installed on the server, and port 22 must be open in order to be able to connect to the server using the SSH protocol.
To install OpenSSH on a server, you can use the command:
sudo apt install openssh-server
NOTETo connect to the server from a Windows system, you can use tools like PuTTY or MobaXterm.
NOTEThis guide walks you through connecting to a server with the iTerm2 terminal emulator on macOS.
CAUTIONYou will need to open the following TCP ports for access to the services:
- TCP port 8140 - for Puppet Agent to work.
We connect to the server on which you plan to install Puppet Server.
Let’s name the server using the command:
sudo hostnamectl set-hostname puppet.heyvaldemar.net
This tutorial uses puppet.heyvaldemar.net
as the Puppet server name.
The server with the agent installed must resolve the name of the Puppet server and also the Puppet server must resolve the name of the client-server.
Make sure the server name has the correct DNS entry and also update the “/etc/hosts” file on the server with the command:
echo "10.170.19.82 puppet.heyvaldemar.net puppetdb.heyvaldemar.net puppet puppetdb" | sudo tee -a /etc/hosts
This tutorial uses puppet.heyvaldemar.net
as the Puppet server name.
NOTEThe entry
puppetdb.heyvaldemar.net
is useful if you plan to install PuppetDB in the future. This name must also have a valid DNS record.
You can find out how to install PuppetDB on Ubuntu Server by reading Install PuppetDB on Ubuntu Server.
Restart the hostamed service for the changes to the server name to take effect using the command:
sudo systemctl restart systemd-hostnamed
Let’s check the correctness of the server name using the command:
hostname
Now let’s replace the current shell process with a new one using the command:
exec bash
The correct time must be set on the Puppet server, as it will act as a CA for signing certificates from clients.
To set the time correctly, you will need to install the NTP package and synchronize the time with the upstream NTP servers.
Update the local package index to the latest changes in the repositories using the command:
sudo apt update
Install NTP and ntpdate using the command:
sudo apt install -y ntp ntpdate
NOTEntpdate allows you to manually check the configuration of your connection to the NTP server.
Synchronize time with upstream NTP servers using the command:
sudo ntpdate -u 0.ubuntu.pool.ntp.org
Let’s check the correctness of the date and time on the server using the command:
date
NOTEThis tutorial is based on a server located in Berlin.
Let’s see a list of time zone values for all locations using the command:
sudo timedatectl list-timezones
We select the value suitable for your location and change the time zone using the command:
sudo timedatectl set-timezone Europe/Berlin
NOTEThis tutorial is based on a server located in Berlin.
We again check the correctness of the date and time on the server using the command:
date
Now you need to download and install the Puppet Server repository configuration package.
Download the Puppet Server repository configuration package using the command:
wget https://apt.puppetlabs.com/puppet7-release-jammy.deb
Install the Puppet Server repository configuration package using the command:
sudo dpkg -i puppet7-release-jammy.deb
Update the local package index to the latest changes in the repositories using the command:
sudo apt update
Now install Puppet Server using the command:
sudo apt install -y puppetserver
Puppet binaries are located in the “/opt/puppetlabs/bin/” directory, which is not in the “PATH” environment variable by default and in the “secure_path” variable that is used for “sudo” operations.
NOTEThe path to the executable files is irrelevant for the Puppet services since the start of the services does not depend on the “PATH” and “secure_path”.
By adding the path to executable files to variables, you can use:
sudo puppet agent -t
Instead:
sudo /opt/puppetlabs/bin/puppet agent -t
Add the path to the Puppet executable files to the “secure_path” variable.
Open the “sudoers” configuration file in a text editor using the command:
sudo visudo
Find the variable “secure_path”, and at the end of the line, before the closing quote, add the path to the Puppet executable files :/opt/puppetlabs/bin
.
In order to save the changes in the “sudoers” file, press “Ctrl + x”.
Now you need to confirm the changes in the file.
Click on the “y” button.
Press the “Enter” button to confirm saving the file.
Now let’s add the path to the Puppet executables to the “PATH” environment variable.
Open the “environment” configuration file in a text editor using the command:
sudo vim /etc/environment
Press the “i” button to enter edit mode, and at the end of the line, before the closing quote, add the path to the Puppet executable files :/opt/puppetlabs/bin
.
Now press the “Esc” button to exit edit mode, then type "
By default, the Puppet Server JVM is configured to use 2 GB of RAM. This value can be changed in the Puppet config file by opening it in a text editor using the command:
sudo vim /etc/default/puppetserver
Press the “i” button to enter edit mode, find the line JAVA_ARGS="-Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"
and change the Xms
parameters and Xmx
according to your Puppet server requirements.
NOTEIn this manual the
Xms
andXmx
parameters will be set to 1 GB.
Now press the “Esc” button to exit edit mode, then type "
Next, you need to make changes to another Puppet configuration file by opening it in a text editor using the command:
sudo vim /etc/puppetlabs/puppet/puppet.conf
Hit the “i” button to go into edit mode, find the [master]
section and add a new line with the alternative names of the Puppet server:
dns_alt_names = puppet,puppetdb,puppet.heyvaldemar.net,puppetdb.heyvaldemar.net
Next, add a new section [main]
with the following parameters:
[main]certname = puppet.heyvaldemar.netserver = puppet.heyvaldemar.netenvironment = productionruninterval = 15m
NOTEIn this tutorial, the Puppet Server is installed on the
puppet.heyvaldemar.net
server. You will need to specify your server through which your Puppet Server will be accessible from the Internet or on the local network of your organization.
NOTEThe entries puppetdb and
puppetdb.heyvaldemar.net
will come in handy if you plan to install PuppetDB in the future. This name must also have a valid DNS record.
You can find out how to install PuppetDB on Ubuntu Server by reading Install PuppetDB on Ubuntu Server.
NOTEThe “runinterval” parameter specifies the time interval between agent requests to the Puppet server.
Now press the “Esc” button to exit edit mode, then type "
Now let’s create the root and intermediate CA signature for Puppet Server using the command:
sudo puppetserver ca setup
We start Puppet Server using the command:
sudo systemctl start puppetserver
Check that Puppet Server has started successfully using the command:
sudo systemctl status puppetserver
We enable Puppet Server autorun when starting the operating system using the command:
sudo systemctl enable puppetserver
Next, we connect to the server on which you plan to install Puppet Agent.
Let’s name the server using the command:
sudo hostnamectl set-hostname puppet-agent.heyvaldemar.net
This tutorial uses puppet-agent.heyvaldemar.net
as the name of the server with the Puppet agent installed.
The server with the agent installed must resolve the name of the Puppet server and also the Puppet server must resolve the name of the client-server.
Make sure the server name has the correct DNS entry and also update the “/etc/hosts” file with the IP address and client-server name using the command:
echo "10.170.19.3 puppet-agent.heyvaldemar.net puppet-agent" | sudo tee -a /etc/hosts
This tutorial uses puppet-agent.heyvaldemar.net
as the name of the server with the Puppet agent installed.
Next, add the IP address and the name of the Puppet server to the “/etc/hosts” file using the command:
echo "10.170.19.82 puppet.heyvaldemar.net puppetdb.heyvaldemar.net puppet puppetdb" | sudo tee -a /etc/hosts
Having this record will allow the server with the agent installed to resolve the Puppet server name even without a DNS record.
NOTEThe entry
puppetdb.heyvaldemar.net
is useful if you plan to install PuppetDB in the future. This name must also have a valid DNS record.
You can find out how to install PuppetDB on Ubuntu Server by reading Install PuppetDB on Ubuntu Server.
Restart the hostamed service for the changes to the server name to take effect using the command:
sudo systemctl restart systemd-hostnamed
Let’s check the correctness of the server name using the command:
hostname
Now let’s replace the current shell process with a new one using the command:
exec bash
The correct time must be set on the server with Puppet Agent.
To set the time correctly, you will need to install the NTP package and synchronize the time with the upstream NTP servers.
Update the local package index to the latest changes in the repositories using the command:
sudo apt update
Install NTP and ntpdate using the command:
sudo apt install -y ntp ntpdate
NOTEntpdate allows you to manually check the configuration of your connection to the NTP server.
Synchronize time with upstream NTP servers using the command:
sudo ntpdate -u 0.ubuntu.pool.ntp.org
Let’s check the correctness of the date and time on the server using the command:
date
NOTEThis tutorial is based on a server located in Berlin.
Let’s see a list of time zone values for all locations using the command:
sudo timedatectl list-timezones
We select the value suitable for your location and change the time zone using the command:
sudo timedatectl set-timezone Europe/Berlin
NOTEThis tutorial is based on a server located in Berlin.
We again check the correctness of the date and time on the server using the command:
date
Now you need to download and install the Puppet Agent repository configuration package.
Download the Puppet Agent repository configuration package using the command:
wget https://apt.puppetlabs.com/puppet7-release-jammy.deb
Install the Puppet Agent repository configuration package using the command:
sudo dpkg -i puppet7-release-jammy.deb
Update the local package index to the latest changes in the repositories using the command:
sudo apt update
Now install Puppet Agent using the command:
sudo apt install -y puppet-agent
Puppet binaries are located in the “/opt/puppetlabs/bin/” directory, which is not in the “PATH” environment variable by default and in the “secure_path” variable that is used for “sudo” operations.
NOTEThe path to the executable files is irrelevant for the Puppet services, since the start of the services does not depend on the “PATH” and “secure_path”.
By adding the path to executable files to variables, you can use:
sudo puppet agent -t
Instead:
sudo /opt/puppetlabs/bin/puppet agent -t
Add the path to the Puppet executable files to the “secure_path” variable.
Open the “sudoers” configuration file in a text editor using the command:
sudo visudo
Find the variable “secure_path”, and at the end of the line, before the closing quote, add the path to the Puppet executable files :/opt/puppetlabs/bin
.
Now you need to confirm the changes in the file.
Click on the “y” button.
Press the “Enter” button to confirm saving the file.
Now let’s add the path to the Puppet executables to the “PATH” environment variable.
Open the “environment” configuration file in a text editor using the command:
sudo vim /etc/environment
Press the “i” button to enter edit mode, and at the end of the line, before the closing quote, add the path to the Puppet executable files :/opt/puppetlabs/bin
.
Now press the “Esc” button to exit edit mode, then type "
Next, you need to make changes to the Puppet configuration file by opening it in a text editor using the command:
sudo vim /etc/puppetlabs/puppet/puppet.conf
Press the “i” button to switch to edit mode, add a new section [main]
with the following parameters:
[main]certname = puppet-agent.heyvaldemar.netserver = puppet.heyvaldemar.netenvironment = productionruninterval = 15m
NOTEIn this tutorial, Puppet Agent is installed on the
puppet-agent.heyvaldemar.net
server. You will need to specify your server through which your Puppet Agent will be accessible from the Internet or on the local network of your organization.Also, the Puppet Server is installed on the
puppet.heyvaldemar.net
server. You will need to specify your server through which your Puppet Server will be accessible from the Internet or on the local network of your organization.
NOTEThe “runinterval” parameter specifies the time interval between agent requests to the Puppet server.
Now press the “Esc” button to exit edit mode, and then type ”: x” and press the “Enter” button to save your changes and exit the editor.
Launch Puppet Agent and enable it to autostart when the operating system starts up using the command:
sudo puppet resource service puppet ensure=running enable=true
We return to the server with Puppet Server installed.
Now you need to approve the certificate request for the server on which the Puppet Agent is installed so that later the client can receive the configuration from the Puppet server.
Let’s look at the client requests in the queue using the command:
sudo puppetserver ca list
We sign the client request using the command:
sudo puppetserver ca sign --certname puppet-agent.heyvaldemar.net
NOTEIn this tutorial, Puppet Agent is installed on the
puppet-agent.heyvaldemar.net
server. You will need to specify your server through which your Puppet Agent will be accessible from the Internet or on the local network of your organization.
The client request has been successfully signed.
Next, you can view all signed and unsigned client requests using the command:
sudo puppetserver ca list --all
You can sign all client requests in the queue using the command:
sudo puppetserver ca sign --all
You can revoke a client certificate using the command:
sudo puppetserver ca revoke --certname puppet-agent.heyvaldemar.net
NOTEIn this tutorial, Puppet Agent is installed on the
puppet-agent.heyvaldemar.net
server. You will need to specify your server through which your Puppet Agent will be accessible from the Internet or on the local network of your organization.
Now you can create a manifest to test Puppet’s functionality.
A manifest is a data file containing client configuration written in Puppet or Ruby DSL.
Let’s create a manifest using the command:
sudo vim /etc/puppetlabs/code/environments/production/manifests/site.pp
Hit the “i” button to go into edit mode, then insert the following configuration:
node 'puppet-agent.heyvaldemar.net' { file { '/tmp/puppetfile': ensure => 'present', owner => 'root', group => 'root', mode => '0644', content => "This File is created by Puppet Server\n", }}
NOTEIn this tutorial, Puppet Agent is installed on the
puppet-agent.heyvaldemar.net
server. You will need to specify your server through which your Puppet Agent will be accessible from the Internet or on the local network of your organization.
NOTEA “puppetfile” file will be created in the “/tmp” directory containing the text “This File is created by Puppet Server”. The user “root” will be the owner of the file.
Now press the “Esc” button to exit edit mode, then type "
We return to the server with the Puppet Agent installed.
Now you need to get the configuration for the client from the Puppet server using the command:
sudo puppet agent -t
Next, you can check that the file was successfully created and contains the text specified earlier in the manifest using the command:
cat /tmp/puppetfile
The file was successfully created and contains the text specified in the manifest.
Social Channels
- 🎬 YouTube
- 🐦 X (Twitter)
- 🐘 Mastodon
- 🧵 Threads
- 🧊 Bluesky
- 🎥 TikTok
- 📣 daily.dev Squad
- ✈️ Telegram
- 🐈 GitHub
Community of IT Experts
- 👾 Discord
Is this content AI-generated?
No. Every article on this blog is written by me personally, drawing on decades of hands-on IT experience and a genuine passion for technology.
I use AI tools exclusively to help polish grammar and ensure my technical guidance is as clear as possible. However, the core ideas, strategic insights, and step-by-step solutions are entirely my own, born from real-world work.
Because of this human-and-AI partnership, some detection tools might flag this content. You can be confident, though, that the expertise is authentic. My goal is to share road-tested knowledge you can trust.