Automate PAM and Puppet application offline installations

During a fresh offline installation of Puppet Application Manager (PAM) and a Puppet application, you have the option to configure the software automatically rather than completing the installation script interview.

Before you begin

Ensure that your system meets the PAM system requirements.

  1. Install Puppet Application Manager. For detailed instructions, see PAM HA offline installation.
  2. Define the configuration values for your Puppet application installation, using Kubernetes YAML format.
    kind: ConfigValues
      name: app-config
          value: has_accepted_eula
          value: " 'false'"
          value: "<HOSTNAME>"
          value: "<ROOT ACCOUNT PASSWORD>"
    Tip: View the keyword names for all settings by clicking View files > upstream > config.yaml in Puppet Application Manager.
    Replace the values indicated:
    • Replace <HOSTNAME> with a hostname you want to use to configure an Ingress and to tell job hardware agents and web hooks how to connect to it. You might need to configure your DNS to resolve the hostname to your Kubernetes hosts.
    • Replace <ROOT ACCOUNT PASSWORD> your chosen password for the application root account. The root account is used to administer your application and has full access to all resources and application-wide settings. This account must NOT be used for testing and deploying control repositories or modules.
    • Optional. These configuration values disable HTTP-to-HTTPS redirection, so that SSL can be terminated at the load balancer. If you want to run the application over SSL only, change the force-ssl-redirect annotation to true.
    • Optional. If your load balancer requires HTTP health checks, you can now enable Ingress settings that do not require Server Name Indication (SNI) for /status. To enable this setting, add the following to the config values statement:
        value: "1"
    Note: The automated installation automatically accepts the Puppet application end user license agreement (EULA). Unless Puppet has otherwise agreed in writing, all software is subject to the terms and conditions of the Puppet Master License Agreement located at
  3. Write your license file and the configuration values generated in step 1 to the following locations:
    • Write your license file to ./replicated_license.yaml
    • Write your configuration values to ./replicated_config.yaml
  4. Download the application bundle:
  5. Copy the application bundle to your primary and secondary nodes and unpack it:
  6. Run the application install command on your primary node. Replace the <YOUR CHOSEN PASSWORD> , <APPLICATION NAME>, <APPLICATION BUNDLE FILE> values in the example below with your own values:
    kubectl kots install <APPLICATION NAME> --namespace default --shared-password $KOTS_PASSWORD --license-file ./license.yaml --config-values ./config.yaml --airgap-bundle ./<APPLICATION BUNDLE FILE> --port-forward=false
    # wait several minutes for the application to deploy; if it doesn’t show up, preflights or another error might have occurred
    Note: If you want to install a specific version of the application, include the --app-version-label=<VERSION> flag in the install command.