System requirements

Puppet system requirements depend on your deployment type and size. Before installing Puppet, ensure your systems are compatible with infrastructure and agent requirements.

Restriction: Puppet primary servers must run on some variant of *nix. You can't run primary servers on Windows.

Hardware requirements

The primary server is fairly resource intensive, and must be installed on a robust, dedicated server. The agent service has few system requirements and can run on a less powerful server.

The Puppet agent has been run and tested on various servers. The following table lists the minimum hardware specifications that have been successfully tested. In these tests, Intel Xeon processors were used.
CPUs GHz GiB memory OS
1 2.4 0.5 Amazon Linux 2 AMI
1 2.5 1 Windows Server 2019

The demands on the primary server vary widely between deployments. Resource needs are affected by the number of agents being served, how frequently agents check in, how many resources are being managed on each agent, and the complexity of the manifests and modules in use.

The following minimum hardware requirements are based on internal testing.
Node volume Cores Heap ReservedCodeCache
Dozens 2 1 GB Not applicable
1,000 2-4 4 GB 512m

Supported agent platforms

Puppet provides official packages for various operating systems and versions. Although you are not limited to using official packages, their use helps to simplify installation and maintenance.

Packaged platforms

puppet-agent packages are available for the platforms listed in the table.

For Puppet Server system requirements, see Supported operating systems.

Operating system Tested versions Untested versions
Debian 10, 11, 11 (ARM), 12 (x86_64, ARM)
Fedora 36 (x86_64), 40 (x86_64)
macOS 11 Big Sur (64-bit packages only), 12 Monterey (64-bit packages only), 12 (M1), 13 Ventura (x86_64, ARM), 14 (ARM), 14 (Intel)
Microsoft Windows 10 Enterprise, 11 Enterprise (x86_64) 8, 10
Microsoft Windows Server 2012R2, 2016, 2019, 2022 2012
Red Hat Enterprise Linux, including:
  • Amazon Linux v1 (using RHEL 6 packages)
  • Amazon Linux v2 x86_64 (using RHEL 7 packages)
6 (i386, x86_64), 7 (x86_64), 8 (x86_64, aarch64, ppc64le), 9 (x86_64, ARM64, ppc64le)
Amazon Linux 2 (AARCH64), 2023 (x86_64, AARCH64)
SUSE Linux Enterprise Server 12 (x86_64), 15 (x86_64)
AlmaLinux 8 (x86_64), 9 (x86_64, AARCH64)
Rocky Linux 8 (x86_64), 9 (x86_64, AARCH64)
Oracle Linux 6 (x86_64, i386), 7 (x86_64), 8 (x86_64, aarch64, ppc64le)
Scientific Linux 6 (x86_64, i386), 7 (x86_64)
Ubuntu 18.04, 18.04 AARCH, 20.04, 20.04 AARCH, 22.04 (x86_64, ARM64), 24.04 (x86_64, ARM)

Dependencies

If you install the agent by using an official package, your system’s package manager ensures that dependencies are installed. If you install the agent on a platform without a supported package, you must manually install the following packages, libraries, and gems:
  • Ruby 2.5 or later
  • Facter 2.0 or later
  • Optional gems such hiera-eyaml, hocon, msgpack, ruby-shadow, and so on.
Important: If you use the SELinux security module, you must grant a compliance exception for Puppet and the PXP agent in order for those services to effectively manage configuration.

Timekeeping and name resolution

Before you install Puppet, prepare to meet the network requirements. The most important requirements include syncing time and creating a plan for name resolution.

Timekeeping

Use NTP or an equivalent service to ensure that time is in sync between your primary server, which acts as the certificate authority, and any agent nodes. If time drifts out of sync in your infrastructure, you might encounter issues such as agents receiving outdated certificates. A service like NTP (available as a supported module) helps to ensure accurate timekeeping.

Name resolution

Decide on a preferred name or set of names that agent nodes can use to contact the primary server. Ensure that the primary server can be reached by domain name lookup by all future agent nodes.

You can simplify configuration of agent nodes by using a CNAME record to make the primary server reachable at the hostname puppet, which is the default primary server hostname that is suggested when installing an agent node.

Firewall configuration

In the agent-server architecture, your primary server must support incoming connections on port 8140, and agent nodes must be able to connect to the primary server on that port.