Puppet commands

Puppet’s command line interface (CLI) consists of a single puppet command with many subcommands.

Puppet Server and Puppet’s companion utilities Facter and Hiera , have their own CLI.

Puppet agent

Puppet agent is a core service that manages systems, with the help of a Puppet primary server. It requests a configuration catalog from a Puppet primary server server, then ensures that all resources in that catalog are in their desired state.

Puppet Server

Using Puppet code and various other data sources, Puppet Server compiles configurations for any number of Puppet agents.

Puppet Server is a core service and has its own subcommand, puppetserver, which isn’t prefaced by the usual puppet subcommand.

Puppet apply

Puppet apply is a core command that manages systems without contacting a Puppet primary server. Using Puppet modules and various other data sources, it compiles its own configuration catalog, and then immediately applies the catalog.

Puppet ssl

Puppet ssl is a command for managing SSL keys and certificates for Puppet SSL clients needing to communicate with your Puppetinfrastructure.

Puppet ssl usage: puppet ssl <action> [--certname <name>]

Possible actions:

  • submit request: Generate a certificate signing request (CSR) and submit it to the CA. If a private and public key pair already exist, they are used to generate the CSR. Otherwise, a new key pair is generated. If a CSR has already been submitted with the given certname, then the operation fails.

  • download_cert: Download a certificate for this host. If the current private key matches the downloaded certificate, then the certificate is saved and used for subsequent requests. If there is already an existing certificate, it is overwritten.

  • verify: Verify that the private key and certificate are present and match. Verify the certificate is issued by a trusted CA, and check the revocation status

  • bootstrap: Perform all of the steps necessary to request and download a client certificate. If autosigning is disabled, then puppet will wait every waitforcert seconds for its certificate to be signed. To only attempt once and never wait, specify a time of 0. Since waitforcert is a Puppet setting, it can be specified as a time interval, such as 30s, 5m, 1h.

For more information, see the SSL man page.

Puppet module

Puppet module is a multi-purpose administrative tool for working with Puppet modules. It can install and upgrade new modules from the Puppet Forge, help generate new modules, and package modules for public release.

Puppet resource

Puppet resource is an administrative tool that lets you inspect and manipulate resources on a system. It can work with any resource type Puppet knows about. For more information, see PuppetResource’s man page.

Puppet config

Puppet config is an administrative tool that lets you view and change Puppet settings.

Puppet parser

Puppet parser lets you validate Puppet code to make sure it contains no syntax errors. It can be a useful part of your continuous integration toolchain. For more information, see PuppetParser’s man page.

Puppet help and Puppet man

Puppet help and Puppet man can display online help for Puppet’s other subcommands.

Full list of subcommands

For a full list of Puppet subcommands, see Puppet’s subcommands.