Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

Getting Started with Puppet Agent on Windows

By - Source: Toms IT Pro

It is possible to deploy the Puppet agent to Windows clients via Chocolatey.

Credit: Deandrobot/ShutterstockCredit: Deandrobot/ShutterstockIn the world of DevOps, specifically configuration management, Puppet is one of the most popular solutions. Puppet is a favorite among Linux administrators and engineers, although in recent years has grown in adoption by the Microsoft community as well since it supports Windows. Unfortunately, for Windows users, the Puppet master, which orchestrates much of the Puppet functionality, can only be installed on a Linux server.

But you can deploy the Puppet agent to Windows clients via Chocolatey. Read on to find out how to create a simple class on the Puppet master, and how to run the Puppet agent on a Windows client to apply that configuration.

Installing Puppet agent on a Windows node

Installing the puppet agent via the good old Windows GUI is a bad idea. The advantage of Puppet and other code driven configuration management platforms is that you can use code that can configure an entire server quickly and without user interaction. Using a GUI to install software is the opposite of that. It is manual, interactive and just plain horrible. Windows administrators and engineers need to get out of the business of GUI's. So what Windows tool do I recommend to use to install software? Chocolatey.

Not only can Chocolatey install Windows packages easily from its CLI, but it can also be integrated into a configuration management solution such as Puppet, Ansible and Chef.

In this example, I have a Puppet master server setup named "Puppet-Master" and a client named 'Win-Test-1". One of the arguments that can be used when installing the Puppet agent via MSI, is specifying the hostname of the Puppet master so that the client can easily locate it. So with PowerShell we just run this command:

PS C:> choco install puppet-agent --installargs="'PUPPET_MASTER_SERVER=puppet-master'" –y

That's it. The Puppet agent is now installed with the master configured as you can see in the puppet.conf file:

PS C:> cat C:ProgramDataPuppetLabspuppetetcpuppet.conf

Puppet uses SSL for communication between the master and its nodes. So, our first order of business after installing the puppet agent, is to have the master sign the node's SSL certificate.

On the Windows node in PowerShell we run:

PS C:> puppet agent --server puppet-master --waitforcert 60 –test

This is telling the agent to look at the puppet master "puppet-master" and wait 60 seconds for its certificate to be signed before stopping.

On the Puppet master we run this to sign the cert:

[root@puppet-master ~]# puppet cert sign win-test-1
Signing Certificate Request for:
  "win-test-1" (SHA256) B3:84:0C:FC:9C:6E:C6:72:17:86:E2:7C:7C:63:B6:18:2E:7C:17:0A:AB:AB:D8:56:E0:95:68:1D:A6:EF:5B:43
Notice: Signed certificate request for win-trest-1
Notice: Removing file Puppet::SSL::CertificateRequest Win-Test-1 at '/etc/puppetlabs/puppet/ssl/ca/requests/win-test-1.pem'

At this point, our puppet node win-test-1 is ready to pull configurations from the master. Note that on Windows clients the default location of important Puppet agent files is in "C:ProgramDataPuppetLabs".

Writing a "Hello World" configuration

Now on the Puppet master (puppet-master), we will create a simple module and apply it to our Windows node. The purpose of the module will be to ensure the "netlogon" service is running.

On our Puppet master we create the module by making a directory "netlogon" and subdirectory "manifests". Note that I am creating the module in the "production" environment.

[root@puppet-master ~]# mkdir –p /etc/puppetlabs/code/environments/production/modules/netlogon/manifests

Next, inside the manifests directory of the "netlogon" class, we create the file init.pp, which is a Puppet manifest file.

[root@puppet-master manifests]# vi init.pp

class netlogon {
  service { 'netlogon':
    ensure => running,
    enable => true,

The class is simply ensuring that the "netlogon" service is enabled and running when the Puppet agent applies this configuration.

Finally, we have to create a main manifest file, site.pp under /etc/puppetlabs/code/environments/production/manifests and place our class inside it. We will specify in the main manifest that node "win-test-1" should apply the "netlogon" class like so:

[root@puppet-master manifests]# vi /etc/puppetlabs/code/environments/production/manifests/site.pp

node 'win-test-1' {
  include netlogon

Running Puppet agent on a Windows node

Here comes the fun part: actually applying a manifest to our node "win-test-1". It can be done via cmd or PowerShell with one command puppet agent –t. Note that by default the puppet agent runs every 30 minutes:

PS C:> puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for win-test-1
Info: Applying configuration version '1503061370'
Notice: /Stage[main]/Netlogon/Service[netlogon]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Netlogon/Service[netlogon]: Unscheduling refresh on Service[netlogon]
Notice: Finished catalog run in 4.28 seconds

As you can see since the "netlogon" service was stopped prior to running puppet agent –t, so the puppet agent started the service.

Whether it is Puppet, Ansible, Chef or another solution, if you have not started using configuration management, you should even if you are not in "DevOps" position. You will quickly find that it will decrease your workload and increase your uptime of your servers significantly.