The Puppet Enterprise client tools is a set of command line tools that let you access Puppet Enterprise services from a workstation that may or may not be managed by Puppet. Because you can safely run these tools remotely, you no longer need to SSH into the Puppet master to execute commands. Your permissions to see information and to take action are controlled by PE role-based access control (RBAC). Your activity is logged under your username rather than under
root or the
The package includes clients for the following services:
- Puppet orchestrator: Tools that allow you to control the rollout of changes in your infrastructure, and provides the interface to the Puppet Application Orchestration service. These tools include
- Puppet access: A client used to authenticate yourself to the PE RBAC token-based authentication service so that you can use other capabilities and APIs.
- Razor: The client for Razor, the provisioning application for deploying bare metal systems.
- Code Manager: A tool that provides the interface for the Code Manager and file sync services. This tool includes
The PE client tools package can be installed on the following platforms:
|Red Hat Enterprise Linux||6, 7||x86_64|
|Oracle Linux||6, 7||x86_64|
|Scientific Linux||6, 7||x86_64|
|SUSE Linux Enterprise Server||11, 12||x86_64|
|Ubuntu||12.04, 14.04. 16.04||x86_64|
Installing PE client tools
Puppet master installation (default)
pe-client-tools package is included in the PE installation tarball. When you install PE, it’s automatically installed on the same node as the Puppet master.
PE-managed workstation installation
Note: To install the
pe-client-toolspackage on a Puppet agent node, it must be running the same platform as the Puppet master.
- Follow the Puppet agent installation documentation to install a Puppet agent that will act as your controller machine.
- In the PE console, create a controller classification group, name it (e.g., PE Controller), and ensure its Parent name is set to All Nodes.
Select the PE Controller group, and add the
PE uses the
puppet_enterprise::profile::controllerclass to manage client tools global configuration files.
Add the controller machine to the PE Controller group.
a. In the Rules tab, scroll down to the pinned nodes section.
b. In the Certname field, enter the certname of the node.
c. Click Pin node, and then click the commit button.
- Run Puppet on the controller machine.
- Review Global configuration file management to configure the client tools as needed.
Non-managed workstation installation
You can install the
pe-client-tools package on any workstation running a supported OS platform.
The pe-client-tools package requires the puppet-agent package. However, the workstation you’re installing on needn’t be managed by Puppet.
To install the pe-client-tools package on a workstation:
Review the prerequisites for timekeeping, name resolution, and firewall configuration in the system configuration requirements.
Important: Ensure that the following ports are available on the workstation:
Port 8143: The orchestrator client uses this port to communicate with the Orchestration services running on the Puppet master.
Port 4433: The Puppet access client uses this port to communicate with the RBAC service running on the Puppet master.
Port 8151: The Razor client uses this port to communicate with the Razor server.
Port 8170: If you use the Code Manager service, it requires this port.
- Copy the Puppet Enterprise tarball for the appropriate supported OS platform to your workstation.
- Unpack the tarball and navigate to the
Use your workstation’s package management tools to install the puppet-agent and pe-client-tools. (Package install tools vary from platform to platform.)
For example, on RHEL platforms, run the following commands:
rpm -Uvh puppet-agent-<VERSION-and-PLATFORM>.rpm
rpm -Uvh pe-client-tools-<VERSION-and-PLATFORM>.rpm
- On the workstation, create the following directory:
- On the Puppet master, navigate to
ca.pemto the directory on the workstation you made in the previous step.
- On the workstation, make sure the file permissions are correct by running
chmod 444 /etc/puppetlabs/puppet/ssl/certs/ca.pem.
- Verify that the checksum of
ca.pemon the workstation matches the checksum of the same file on the Puppet master.
Configuring and using client tools
After installing the tools, see the following documentation to configure and start using each client tool. Note that for the Puppet Access, Puppet code, or Puppet orchestrator clients, you can use a global configuration file for each service, or create a configuration file for each service on a per user basis. Instructions for creating configuration files are in the corresponding documentation.
Global configuration file management
If you’re running the Puppet code or Puppet orchestrator clients from a PE-managed machine, you can have PE manage their global configuration file with the
puppet_enterprise::profile::controller class. This class manages global configuration files in
Note that if you’re running a client from a workstation, you will need to create the global file and populate it with the correct configuration file settings. PE cannot manage a configuration file from a non-PE-managed workstation.
Details about configuration files are in the corresponding documentation.