Setup

The Puppet Module in Sovlabs is split into two parts:

Puppet Master Configuration
Puppet Agent Configuration

Puppet Configuration High Level

The Puppet Master Configuration and its associated workflow in VRO is responsible for configuring details of the provisioned nodes in the Puppet Master. The key function of this workflow is the configuration of puppet groups (or roles) for the nodes being provisioned.

The Puppet Agent Configuration and its workflow is responsible the initial configuration of the puppet agent on the provisioned node.

Once the configurations have been created corresponding vRA Property Groups are created named: SovLabs_PuppetMaster_* and SovLabs_PuppetAgent_*. To configure the VM’s blueprint a matching pair of a Master and Agent configuration property group should be attached to the VM in the blueprint designer.

Add Puppet Master Configuration

Login to vRA tenant
Click on the Catalog tab
Request the Add Puppet Master Configuration vRA Catalog Item
Fill out the form accordingly (see below) and Submit

Add Puppet Master Configuration

Puppet Master Certificate Hiera Hiera Scripts Purge Node Script

Field	Value
General
Configuration label	No spaces, periods or special characters except underscore (`_`) and dash (`-`) Unique label DO NOT prepend with your tenant name and an underscore, e.g. mytenant_
Puppet Master version	Select the Puppet Master version
Puppet Master Connection Configuration
Puppet Master OS family	Currently, only allows for `unix`
Puppet pe-puppetserver port	Defaults to 8140 Port the pe-puppetserver listens on
Puppet Master connection method	Select the connection method to connect to the Puppet Master server
Puppet Master hostname	Shown when 'Puppet Master connection method' is `ssh` Hostname of Puppet Master server in FQDN format
Puppet Master vCenter Endpoint	Shown when 'Puppet Master connection method' is `vmware-tools` Select an existing SovLabs vCenter Endpoint where the Puppet Master VM resides in
Puppet Master VM name as it appears in vCenter	Shown when 'Puppet Master connection method' is `vmware-tools` Type in the VM name of the Puppet Master server as it appears in vCenter *VM name is case sensitive!
Directory for temporary Puppet Master scripts	Directory to put temporary scripts on the Puppet Master
Create credential?	Check the checkbox to create a new credential. Uncheck the checkbox to use an existing credential.
Credential	Shown when 'Create credential?' is not checked Select the appropriate credential from an existing list of credentials
Credential Configuration label	Shown when 'Create credential?' is checked No spaces, periods or special characters except underscore (`_`) and dash (`-`) Unique label DO NOT prepend with your tenant name and an underscore, e.g. mytenant_
SSH Key used?	Shown when Create credential?' is checked and 'Connection method' is `SSH` based Check the checkbox to use an SSH Key
Username	Shown when 'Create credential?' is checked Username that has necessary permissions
Password	Shown when 'Create credential?' is checked and SSH Key used? is not checked User's password
SSH Key	Shown when 'Create credential?' is checked and SSH Key used? is checked SSH Key
SSH Key Password	Shown when 'Create credential?' is checked and SSH Key used? is checked SSH Key password, if any
Console Configuration
Console OS family	Currently, only allows for `unix`
Console port	Defaults to 4433 Port the Puppet Console listens on
Console connection method	Select the connection method to connect to the Puppet Console server
Console hostname	Shown when 'Console connection method' is `ssh` Puppet Console server in FQDN format
Console vCenter Endpoint	Shown when 'Console connection method' is `vmware-tools` Select an existing SovLabs vCenter Endpoint where the Puppet Console VM resides in
Console VM name as it appears in vCenter	Shown when 'Console connection method' is `vmware-tools` Type in the VM name of the Puppet Console server as it appears in vCenter *VM name is case sensitive!
Directory for temporary Console scripts	Directory to put temporary scripts on the Puppet Console
Console Create credential?	Check the checkbox to create a new Console credential. Uncheck the checkbox to use an existing Console credential.
Console Credential	Shown when 'Create credential?' is not checked Select the appropriate Console credential from an existing list of credentials
Console Credential Configuration label	Shown when 'Create credential?' is checked No spaces, periods or special characters except underscore (`_`) and dash (`-`) Unique label DO NOT prepend with your tenant name and an underscore, e.g. mytenant_
Console SSH Key used?	Shown when Create credential?' is checked and 'Connection method' is `SSH` based Check the checkbox to use an SSH Key
Console Username	Shown when 'Create credential?' is checked Username that has necessary permissions
Console Password	Shown when 'Create credential?' is checked and SSH Key used? is not checked User's password
Console SSH Key	Shown when 'Create credential?' is checked and SSH Key used? is checked Console SSH Key
Console SSH Key Password	Shown when 'Create credential?' is checked and SSH Key used? is checked SSH Key password, if any
Compile Masters
Use separate Compile Masters?	Check the checkbox to define Compile Masters
Compile Masters OS family	Shown when 'Use separate Compile Masters?' is checked Currently, only allows for `unix`
Compile Masters connection method	Shown when 'Use separate Compile Masters?' is checked Select the connection method to connect to the Compile Masters server
Compile Masters hostnames	Shown when 'Use separate Compile Masters?' is checked and 'Compile Masters connection method' is `ssh` Compile Masters server(s) in FQDN format
Compile Masters vCenter Endpoint	Shown when 'Use separate Compile Masters?' is checked and 'Compile Masters connection method' is `vmware-tools` Select an existing SovLabs vCenter Endpoint where the Compile Masters VMs reside in
Compile Masters VM names as they appears in vCenter	Shown when 'Use separate Compile Masters?' is checked and 'Compile Masters connection method' is `vmware-tools` Type in the VM names of the Compile Masters servers as they appears in vCenter *VM name is case sensitive!
Directory for temporary Compile Masters scripts	Shown when 'Use separate Compile Masters?' is checked Directory to put temporary scripts on the Compile Masters
Compile Masters Create credential?	Check the checkbox to create a new Compile Masters credential. Uncheck the checkbox to use an existing Compile Masters credential.
Compile Masters Credential	Shown when 'Create credential?' is not checked Select the appropriate Compile Masters credential from an existing list of credentials
Compile Masters Credential Configuration label	Shown when 'Create credential?' is checked No spaces, periods or special characters except underscore (`_`) and dash (`-`) Unique label DO NOT prepend with your tenant name and an underscore, e.g. mytenant_
Compile Masters SSH Key used?	Shown when Create credential?' is checked and 'Connection method' is `SSH` based Check the checkbox to use an SSH Key
Compile Masters Username	Shown when 'Create credential?' is checked Username that has necessary permissions
Compile Masters Password	Shown when 'Create credential?' is checked and SSH Key used? is not checked User's password
Compile Masters SSH Key	Shown when 'Create credential?' is checked and SSH Key used? is checked Compile Masters SSH Key
Compile Masters SSH Key Password	Shown when 'Create credential?' is checked and SSH Key used? is checked SSH Key password, if any
Database Configuration
Use separate Database?	Check the checkbox to define Database
Database OS family	Shown when 'Use separate Database?' is checked Currently, only allows for `unix`
Database connection method	Shown when 'Use separate Database?' is checked Select the connection method to connect to the Puppet Database server
Database hostname	Shown when 'Use separate Database?' is checked and 'Database connection method' is `ssh` Puppet Database server in FQDN format
Database vCenter Endpoint	Shown when 'Use separate Database?' is checked and 'Database connection method' is `vmware-tools` Select an existing SovLabs vCenter Endpoint where the Puppet Database VM resides in
Database VM name as it appears in vCenter	Shown when 'Use separate Database?' is checked and 'Database connection method' is `vmware-tools` Type in the VM name of the Puppet Database server as it appears in vCenter *VM name is case sensitive!
Directory for temporary Database scripts	Shown when 'Use separate Database?' is checked Directory to put temporary scripts on the Puppet Database
Database Create credential?	Check the checkbox to create a new Database credential. Uncheck the checkbox to use an existing Database credential.
Database Credential	Shown when 'Create credential?' is not checked Select the appropriate Database credential from an existing list of credentials
Database Credential Configuration label	Shown when 'Create credential?' is checked No spaces, periods or special characters except underscore (`_`) and dash (`-`) Unique label DO NOT prepend with your tenant name and an underscore, e.g. mytenant_
Database SSH Key used?	Shown when Create credential?' is checked and 'Connection method' is `SSH` based Check the checkbox to use an SSH Key
Database Username	Shown when 'Create credential?' is checked Username that has necessary permissions
Database Password	Shown when 'Create credential?' is checked and SSH Key used? is not checked User's password
Database SSH Key	Shown when 'Create credential?' is checked and SSH Key used? is checked Database SSH Key
Database SSH Key Password	Shown when 'Create credential?' is checked and SSH Key used? is checked SSH Key password, if any
Group Configuration
Parent Group	Any existing group in the Puppet console that will be the parent for all newly created node groups to be created under This field is templatable. Click the link below to view documentation on the SovLabs Template Engine SovLabs Template Engine page
Parent Group Environment	The parent group environment This field is templatable. Click the link below to view documentation on the SovLabs Template Engine SovLabs Template Engine page
Group name template	Template for the group name This field is templatable. Click the link below to view documentation on the SovLabs Template Engine SovLabs Template Engine page

Click for

Field	Value
Certificate PEM files
API Certificate	Normally found on the Puppet Master and is the Service Account Certificate `/etc/puppetlabs/puppet/ssl/certs/CERTNAME` Puppet API Certificate PEM file
API RSA Private Key	Normally found on the Puppet Master and is the Service Account Private `/etc/puppetlabs/puppet/ssl/private_keys/CERTNAME` Puppet API RSA Private Key PEM file
API CA Certificate	Normally found on the Puppet Master and is the CA Certificate `/etc/puppetlabs/puppet/ssl/ca/ca_crt` CA Certification
Certificate Authority
Is auto-sign enabled in Puppet?	If checked, skips signing the certificate Select if auto-sign is enabled in Puppet
Certificate Authority hostname	Puppet Certificate Authority Hostname (FQDN)
Certificate Authority port	Defaults to 8140 Port the Puppet Certificate Authority listens on

Click for

Field	Value
Hiera Configuration
Create hiera node data?	Check the checkbox to create hiera node data
Hiera on Puppet Master server?	Shown when 'Create hiera node data?' is checked Check the checkbox if the hiera server is not on the Puppet master server
Hiera OS family	Shown when 'Hiera on Puppet Master server?' is not checked Select Hiera OS type
Hiera connection method	Shown when 'Hiera on Puppet Master server?' is not checked Select the connection method to connect to the hiera server
Hiera hostname	Shown when 'Hiera connection method' is `ssh` Hiera hostname in FQDN format
Hiera vCenter Endpoint	Shown when 'Hiera connection method' is `vmware-tools` Select an existing SovLabs vCenter Endpoint where the Hiera server VM resides in
Hiera VM name as it appears in vCenter	Shown when 'Hiera connection method' is `vmware-tools` Type in the VM name of the Hiera server as it appears in vCenter *VM name is case sensitive!
Directory for temporary Hiera scripts	Directory to put temporary scripts on the Hiera server
Hiera Create credential?	Check the checkbox to create a new Hiera credential. Uncheck the checkbox to use an existing Hiera credential.
Hiera Credential	Shown when 'Create credential?' is not checked Select the appropriate Hiera credential from an existing list of credentials
Hiera Credential Configuration label	Shown when 'Create credential?' is checked No spaces, periods or special characters except underscore (`_`) and dash (`-`) Unique label DO NOT prepend with your tenant name and an underscore, e.g. mytenant_
Hiera SSH Key used?	Shown when Create credential?' is checked and 'Connection method' is `SSH` based Check the checkbox to use an SSH Key
Hiera Username	Shown when 'Create credential?' is checked Username that has necessary permissions
Hiera Password	Shown when 'Create credential?' is checked and SSH Key used? is not checked User's password
Hiera SSH Key	Shown when 'Create credential?' is checked and SSH Key used? is checked Hiera SSH Key
Hiera SSH Key Password	Shown when 'Create credential?' is checked and SSH Key used? is checked SSH Key password, if any
Hiera Node Data Configuration
Shown when 'Create Hiera node data?' is checked
Hiera node data format	Hiera node data format
Hiera node data filename	Filename for hiera node data This field is templatable. Click the link below to view documentation on the SovLabs Template Engine SovLabs Template Engine page
Hiera node data template	Hiera data template This field is templatable. Click the link below to view documentation on the SovLabs Template Engine SovLabs Template Engine page
Hiera eyaml Public Key	Shown when 'Hiera node data format' is `eyaml` Hiera eyaml public key

Click for

Field	Value
Hiera Pre-Create Script
Hiera pre-create script	Script to execute prior to creating the hiera node data This field is templatable. Click the link below to view documentation on the SovLabs Template Engine SovLabs Template Engine page
Hiera pre-create script arguments	Script arguments, if any
Hiera pre-create script interpreter	Script interpreter, e.g. `/bin/bash`
Compile Masters Hiera pre-create script	Shown when 'Use separate Compile Masters?' is checked Script to execute prior to creating the hiera node data on the Compile Masters
Compile Masters Hiera pre-create script arguments	Shown when 'Use separate Compile Masters?' is checked Script arguments, if any
Compile Masters Hiera pre-create script interpreter	Shown when 'Use separate Compile Masters?' is checked Script interpreter, e.g. `/bin/bash`
Hiera Post-Create Script
Hiera post-create script	Script to execute after creating the hiera node data This field is templatable. Click the link below to view documentation on the SovLabs Template Engine SovLabs Template Engine page
Hiera post-create script arguments	Script arguments, if any
Hiera post-create script interpreter	Script interpreter, e.g. `/bin/bash`
Compile Masters Hiera post-create script	Shown when 'Use separate Compile Masters?' is checked Script to execute after creating the hiera node data on the Compile Masters
Compile Masters Hiera post-create script arguments	Shown when 'Use separate Compile Masters?' is checked Script arguments, if any
Compile Masters Hiera post-create script interpreter	Shown when 'Use separate Compile Masters?' is checked Script interpreter, e.g. `/bin/bash`
Hiera Pre-Delete Script
Hiera pre-delete script	Script to execute prior to deleting the hiera node data This field is templatable. Click the link below to view documentation on the SovLabs Template Engine SovLabs Template Engine page
Hiera pre-delete script arguments	Script arguments, if any
Hiera pre-delete script interpreter	Script interpreter, e.g. `/bin/bash`
Compile Masters Hiera pre-delete script	Shown when 'Use separate Compile Masters?' is checked Script to execute prior to deleting the hiera node data on the Compile Masters
Compile Masters Hiera pre-delete script arguments	Shown when 'Use separate Compile Masters?' is checked Script arguments, if any
Compile Masters Hiera pre-delete script interpreter	Shown when 'Use separate Compile Masters?' is checked Script interpreter, e.g. `/bin/bash`
Hiera Post-Delete Script
Hiera post-delete script	Script to execute after deleting the hiera node data This field is templatable. Click the link below to view documentation on the SovLabs Template Engine SovLabs Template Engine page
Hiera post-delete script arguments	Script arguments, if any
Hiera post-delete script interpreter	Script interpreter, e.g. `/bin/bash`
Compile Masters Hiera post-delete script	Shown when 'Use separate Compile Masters?' is checked Script to execute after deleting the hiera node data on the Compile Masters
Compile Masters Hiera post-delete script arguments	Shown when 'Use separate Compile Masters?' is checked Script arguments, if any
Compile Masters Hiera post-delete script interpreter	Shown when 'Use separate Compile Masters?' is checked Script interpreter, e.g. `/bin/bash`

Click for

Field	Value
Purge Node Script
Purge node script	Script purge the node This field is templatable. Click the link below to view documentation on the SovLabs Template Engine SovLabs Template Engine page
Purge node script arguments	Script arguments, if any
Purge node script interpreter	Script interpreter, e.g. `/bin/bash`
Compile Masters
Shown when 'Use separate Compile Masters?' is checked
Compile Masters Purge node script	Shown when 'Use separate Compile Masters?' is checked Script purge the node
Compile Masters Hiera Purge node script arguments	Shown when 'Use separate Compile Masters?' is checked Script arguments, if any
Compile Masters Hiera Purge node script interpreter	Shown when 'Use separate Compile Masters?' is checked Script interpreter, e.g. `/bin/bash`
Console
Purge node console script	Script purge the node This field is templatable. Click the link below to view documentation on the SovLabs Template Engine SovLabs Template Engine page
Purge node console script arguments	Script arguments, if any
Purge node console script interpreter	Script interpreter, e.g. `/bin/bash`
Database
Shown when 'Use separate database?' is checked
Purge node database script	Script purge the node This field is templatable. Click the link below to view documentation on the SovLabs Template Engine SovLabs Template Engine page
Purge node database script arguments	Script arguments, if any
Purge node database script interpreter	Script interpreter, e.g. `/bin/bash`

Add Puppet Agent Configuration

Login to vRA tenant
Click on the Catalog tab
Request the Add Puppet Agent Configuration vRA Catalog Item
Fill out the form accordingly (see below) and Submit

Add Puppet Agent Configuration

Puppet Agent Facter, Classes and Group Puppet Install Puppet Run Post Puppet Run Pre-Puppet Remove

Field	Value
General
Configuration label	No spaces, periods or special characters except underscore (`_`) and dash (`-`) Unique label DO NOT prepend with your tenant name and an underscore, e.g. mytenant_
Puppet version	Select the Puppet Agent version
Environment	Provisioned node environment This field is templatable. Click the link below to view documentation on the SovLabs Template Engine SovLabs Template Engine page
OS Family for provisioned nodes	Choose whether the provisioned nodes are `unix` or `windows`
Directory for temporary scripts	Directory to put temporary scripts on the provisioned node
puppet.conf configuration
puppet.conf file content	If not defined, the puppet.conf will not be updated on the provisioned node File content of puppet.conf This field is templatable. Click the link below to view documentation on the SovLabs Template Engine SovLabs Template Engine page
puppet.conf filename	Filename of puppet.conf This field is templatable. Click the link below to view documentation on the SovLabs Template Engine SovLabs Template Engine page
Connection configuration
Credential connection method	Select the connection method to connect to the provisioned node
vCenter Endpoint	Shown when 'Credential connection method' is `vmware-tools` Select an existing SovLabs vCenter Endpoint where the provisioned node's VM will resides in
Create credential?	Check the checkbox to create a new credential. Uncheck the checkbox to use an existing credential.
Credential	Shown when 'Create credential?' is not checked Select the appropriate credential from an existing list of credentials
Credential Configuration label	Shown when 'Create credential?' is checked No spaces, periods or special characters except underscore (`_`) and dash (`-`) Unique label DO NOT prepend with your tenant name and an underscore, e.g. mytenant_
SSH Key used?	Shown when Create credential?' is checked and 'Connection method' is `SSH` based Check the checkbox to use an SSH Key
Username	Shown when 'Create credential?' is checked Username that has necessary permissions
Password	Shown when 'Create credential?' is checked and SSH Key used? is not checked User's password
SSH Key	Shown when 'Create credential?' is checked and SSH Key used? is checked SSH Key
SSH Key Password	Shown when 'Create credential?' is checked and SSH Key used? is checked SSH Key password, if any

Click for

Field	Value
Facter Files
Facter facts template	Warning! Facter facts file contents does not support encryption Template of the facter facts This field is templatable. Click the link below to view documentation on the SovLabs Template Engine SovLabs Template Engine page
Facter facts format	Format for the Facter facts file
Facter facts filename	Filename (with path) for Facter facts This field is templatable. Click the link below to view documentation on the SovLabs Template Engine SovLabs Template Engine page
Classes
Classes	Add existing classes in Puppet Console for provisioned node to join This field is templatable. Click the link below to view documentation on the SovLabs Template Engine SovLabs Template Engine page
Groups
Groups	Add existing groups in Puppet Console for provisioned node to join This field is templatable. Click the link below to view documentation on the SovLabs Template Engine SovLabs Template Engine page

Click for

Field	Value
Installer File(s)
Source Installer file	Define source installer file (for Windows Puppet Agent)
Destination Installer file	Define destination installer file (for Windows Puppet Agent)
Install Puppet on a Node Script
Install script	If left blank, expects Puppet to already installed Script to install Puppet on a provisioned node This field is templatable. Click the link below to view documentation on the SovLabs Template Engine SovLabs Template Engine page
Install script arguments	Script arguments, if any
Install script interpreter	Script interpreter, e.g. `/bin/bash`

Click for

Field	Value
Max retry attempt to Run Puppet	Maximum number of attempts to retry Run Puppet
Ignore final Run Puppet errors?	Useful in initial development of new Puppet content If true, any errors found on the final Puppet run will be ignored and install will be allowed to continue
Run Puppet Script
Run Puppet script	Script to run Puppet on a provisioned node This field is templatable. Click the link below to view documentation on the SovLabs Template Engine SovLabs Template Engine page
Run Puppet script arguments	Script arguments, if any
Run Puppet script interpreter	For Windows, only `powershell` and `bat` are valid interpreters Script interpreter, e.g. `/bin/bash`
Run Puppet Script Validation
Run Puppet script success exit codes	List multiple exit codes comma separated Success exit code(s)
Run Puppet script arguments	Overrides defined exit codes, if any Match the regular expression(s) to the output to determine success
Run Puppet Script Validation prior to Certificate being Signed
Pre-certificate success exit codes	List multiple exit codes comma separated Success exit code(s)
Pre-certificate success exit RegExp	Overrides defined exit codes, if any Match the regular expression(s) to the output to determine success
Final Run Puppet Script Validation
Final Puppet Run script success exit codes	List multiple exit codes comma separated Success exit code(s)
Final Puppet Run script success exit RegExp	Overrides defined exit codes, if any Match the regular expression(s) to the output to determine success

Click for

Field	Value
Post Script	Script to execute after final Puppet run on a provisioned node This field is templatable. Click the link below to view documentation on the SovLabs Template Engine SovLabs Template Engine page
Post script arguments	Script arguments, if any
Post script interpreter	For Windows, only `powershell` and `bat` are valid interpreters Script interpreter, e.g. `/bin/bash`
Post Script Validation
Post script success exit codes	List multiple exit codes comma separated Success exit code(s)
Post script arguments	Overrides defined exit codes, if any Match the regular expression(s) to the output to determine success

Click for

Field Value

Pre-Puppet Remove script

Field	Value
Pre-Puppet Remove script	Script to run prior to removing Puppet from node during deprovisioning This field is templatable. Click the link below to view documentation on the SovLabs Template Engine SovLabs Template Engine page
Pre-Puppet Remove script arguments	Script arguments, if any
Pre-Puppet Remove script interpreter	For Windows, only `powershell` and `bat` are valid interpreters Script interpreter, e.g. `/bin/bash`

Script to run prior to removing Puppet from node during deprovisioning

This field is templatable. Click the link below to view documentation on the SovLabs Template Engine

SovLabs Template Engine page

Pre-Puppet Remove script arguments

Script arguments, if any

Pre-Puppet Remove script interpreter

For Windows, only powershell and bat are valid interpreters

Script interpreter, e.g. /bin/bash