Introduction/ Issue
In modern DevOps environments, automation is not just a luxury—it’s a necessity. When you’re managing hundreds of Linux virtual machines across hybrid or cloud-native infrastructure, manual configuration becomes a bottleneck. Puppet, a powerful configuration management tool, simplifies this complexity by ensuring consistency, scalability, and auditability.
This blog walks you through Puppet’s core configuration for Linux VMs and provides a real-time scenario from enterprise experience that highlights how Puppet streamlines configuration management across environments.
What is Puppet?
Puppet is an open-source configuration management tool that automates the provisioning, configuration, and management of infrastructure. It uses a declarative language to describe the desired system state and ensures systems conform to that state through its agent-master architecture.
Puppet Architecture at a Glance
- Puppet Master – The central server that stores configuration manifests and modules.
- Puppet Agent – Installed on client nodes (Linux VMs), it communicates with the master to apply configurations.
- Manifests – Files written in Puppet DSL that define system state.
- Facter – Gathers system-specific facts (e.g., OS, IP, memory).
- Catalog – A compiled list of resources and their desired state, generated by the master and applied by the agent.
How do we solve
Installing Puppet on Linux VMs
1. Setup Puppet Master (on RHEL/CentOS 8)
sudo dnf install -y https://yum.puppet.com/puppet7-release-el-8.noarch.rpm
sudo dnf install -y puppetserver
Edit /etc/puppetlabs/puppet/puppet.conf:
[main]
certname = puppetmaster.domain.com
server = puppetmaster.domain.com
environment = production
runinterval = 30m
Start and enable the Puppet Server:
sudo systemctl enable –now puppetserver
2. Set up Puppet Agent (on Linux VM)
sudo dnf install -y https://yum.puppet.com/puppet7-release-el-8.noarch.rpm
sudo dnf install -y puppet-agent
Edit /etc/puppetlabs/puppet/puppet.conf:
[main]
server = puppetmaster.domain.com
Enable and start the agent:
sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true
3. Sign Certificates
On the master:
sudo /opt/puppetlabs/bin/puppetserver ca list
sudo /opt/puppetlabs/bin/puppetserver ca sign –all
Real-Time Scenario: Enforcing NTP Configuration Across Linux VMs
1. Problem Statement:
An enterprise operates over 300 RHEL 8 virtual machines across development, UAT, and production environments. Time drift across VMs is causing issues in log analysis and transaction tracing. The solution is to enforce uniform NTP configuration using Puppet.
2. Solution: Puppet Manifest for NTP
Create a manifest file: ntp.pp
class ntp {
package { ‘chrony’:
ensure => installed,
}
service { ‘chronyd’:
ensure => running,
enable => true,
require => Package[‘chrony’],
}
file { ‘/etc/chrony.conf’:
ensure => file,
content => template(‘ntp/chrony.conf.erb’),
notify => Service[‘chronyd’],
}
}
include ntp
Template file: chrony.conf.erb
server time1.google.com iburst
server time2.google.com iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
3. Deploying the Manifest
- Place the manifest and template inside /etc/puppetlabs/code/environments/production/modules/ntp/.
- On the Linux VM (agent), trigger a run:
sudo /opt/puppetlabs/bin/puppet agent –t
4. Results
- All VMs now have a consistent chrony configuration.
- Logs are timestamped uniformly.
- No manual SSH or scripting was needed—compliance is enforced automatically.
- Auditable history of changes via Git (if code is versioned).
Conclusion
Puppet makes managing complex Linux infrastructure far more efficient, consistent, and secure. As shown in the NTP example, what would take hours of manual work can be reduced to minutes with one Puppet manifest and a central repository. Whether you’re managing DNS settings, SSH hardening, or middleware configurations, Puppet scales with your needs and keeps your systems under control.
