Puppet is configured in an agent-master architecture, in which a master node controls configuration information for a fleet of managed agent nodes.
An agent node sends facts to the master and requests a catalog.
The master compiles and returns the node’s catalog using the sources of information the master has access to.
The agent applies the catalog to the node by checking each resource the catalog describes. If it finds resources that are not in their desired state, it makes the changes necessary to correct them. Or, in no-op mode, it assesses what changes would be needed to reconcile the catalog.
The agent sends a report back to the master.
Communication and security in agent-master installations
Masters and agents communicate by HTTPS using SSL certificates.
Puppet includes a built-in certificate authority for
managing certificates. Agents automatically request certificates through the master’s
HTTP endpoint, and you use the
puppetserver ca command to inspect requests and sign new certificates.