System requirements

Puppet system requirements depend on your deployment type and size. Before installing, ensure your systems are compatible with infrastructure and agent requirements.

Note: Puppet primary servers must run on some variant of *nix. You can't run primary servers on Windows.

Hardware requirements

The primary server is fairly resource intensive, and must be installed on a robust, dedicated server. The agent service has few system requirements and can run on nearly anything.

The Puppet agent has been run and tested on a variety of hardware specifications. These are the weakest hardware specifications we have successfully tested. Both were tested using Intel Xeon processors.
CPUs GHz GiB memory OS
1 2.4 0.5 Amazon Linux 2 AMI
1 2.5 1 Windows Server 2019

The demands on the primary server vary widely between deployments. Resource needs are affected by the number of agents being served, how frequently agents check in, how many resources are being managed on each agent, and the complexity of the manifests and modules in use.

These minimum hardware requirements are based on internal testing.
Node volume Cores Heap ReservedCodeCache
dozens 2 1 GB n/a
1,000 2-4 4 GB 512m

Supported agent platforms

Puppet provides official packages for various operating systems and versions. You aren't necessarily limited to using official packages, but installation and maintenance is generally easier with official tested packages.

Packaged platforms

puppet-agent packages are available for these platforms.

Packages for tested versions are officially tested. Packages for untested versions might not be automatically tested.
Operating system Tested versions Untested versions
Debian 9, 10, 11
Fedora 34
macOS 10.15 Catalina, 11 Big Sur (64-bit packages only), 12 Monterey (64-bit packages only), 12 (M1)
Microsoft Windows 10 Enterprise, 11 Enterprise (x86_64) 7, 8, 10
Microsoft Windows Server 2008R2, 2012R2, 2016, 2019, 2022 2008, 2012
Red Hat Enterprise Linux, including:
  • Amazon Linux v1 (using RHEL 6 packages)

  • Amazon Linux v2 (using RHEL 7 packages)

6, 7, 8, 9
SUSE Linux Enterprise Server 11, 12, 15
  • x86_64
  • i386 for version 11
  • ppc64le for version 12
AlmaLinux 8 (x86_64)
Rocky Linux 8 (x86_64)
Oracle Linux 6 (x86_64), 6 (i386), 7 (x86_64), 7 (aarch64), 7 (ppc64le), 8 (x86_64), 8 (aarch64), 8 (ppc64le)
Scientific Linux 6 (x86_64), 6 (i386), 7 (x86_64), 7 (aarch64), 7 (ppc64le), 8 (x86_64), 8 (aarch64), 8 (ppc64le)
Ubuntu 18.04, 18.04 (aarch64), 20.04, 20.04 AARCH, 22.04 (x86_64)

Dependencies

If you install using an official package, your system’s package manager ensures that dependencies are installed. If you install the agent on a platform without a supported package, you must manually install these packages, libraries, and gems:
  • Ruby 2.5.x
  • CFPropertyList 2.2 or later
  • Facter 2.0 or later
  • The msgpack gem, if you're using msgpack serialization

Timekeeping and name resolution

Before installing , there are network requirements you need to consider and prepare for. The most important requirements include syncing time and creating a plan for name resolution.

Timekeeping

Use NTP or an equivalent service to ensure that time is in sync between your primary server, which acts as the certificate authority, and any agent nodes. If time drifts out of sync in your infrastructure, you might encounter issues such as agents recieving outdated certificates. A service like NTP (available as a supported module) ensures accurate timekeeping.

Name resolution

Decide on a preferred name or set of names that agent nodes can use to contact the primary server. Ensure that the primary server can be reached by domain name lookup by all future agent nodes.

You can simplify configuration of agent nodes by using a CNAME record to make the primary server reachable at the hostname puppet, which is the default primary server hostname that is suggested when installing an agent node.

Firewall configuration

In the agent-server architecture, your primary server must allow incoming connections on port 8140, and agent nodes must be able to connect to the primary server on that port.