- Timekeeping and name resolution
- Web URLs used for deployment and management
- Firewall configuration for monolithic installations
- Firewall configuration for monolithic installations with compile masters
- Firewall configuration for monolithic installations with compile masters and standalone PE-PostgreSQL
- Port usage for all installation types
Before installing Puppet Enterprise, make sure that your nodes and network are properly configured.
Timekeeping and name resolution
Before installing , there are network requirements you need to consider and prepare for. The most important requirements include syncing time and creating a plan for name resolution.
Use NTP or an equivalent service to ensure that time is in sync between your master, which acts as the certificate authority, and any agent nodes. If time drifts out of sync in your infrastructure, you might encounter issues such as agents recieving outdated certificates. A service like NTP (available as a supported module) ensures accurate timekeeping.
Decide on a preferred name or set of names that agent nodes can use to contact the master. Ensure that the master can be reached by domain name lookup by all future agent nodes.
You can simplify configuration of agent nodes by using a CNAME record to make the master reachable at the hostname
puppet, which is the default master hostname that is suggested when installing an agent node.
Web URLs used for deployment and management
PE uses some external web URLs for certain deployment and management tasks. You might want to ensure these URLs are reachable from your network prior to installation, and be aware that they might be called at various stages of configuration.
Firewall configuration for monolithic installations
These are the port requirements for monolithic installations.
Firewall configuration for monolithic installations with compile masters
These are the port requirements for monolithic installations with compile masters.
Firewall configuration for monolithic installations with compile masters and standalone PE-PostgreSQL
These are the port requirements for monolithic installations with compile masters and standalone PE-PostgreSQL
Port usage for all installation types
In addition to installation-specific firewall configuration, some features and tools have specific port requirements.
Port 3000: If you are installing using the web-based installer ensure port 3000 is open. You can close this port when the installation is complete.
Port 8150 and 8151: Razor uses port 8150 for HTTP and 8151 for HTTPS. Any node classified as a Razor server must be able to use these ports.
Port 4432: Local connections for the node classifier, activity service, and RBAC status checks are sent over this port. Remote connections should use port 4433.
Port 8170: Code Manager uses this port to deploy environments, run webhooks, and make API calls.