Puppet is a configuration management tool that uses a declarative language to describe system state. It uses an agent–server (master) model: a Puppet server compiles catalogs and serves them to Puppet agents on your nodes. In this guide you install Puppet 7 open-source server on Ubuntu 22.04 LTS (Jammy), configure the server and an agent, then deploy Nginx using a simple manifest.

Puppet is shipped as several packages: puppetserver (runs on the JVM and compiles catalogs), puppet-agent (runs on each node), and puppetdb (optional, for storing Puppet data). Here we use puppetserver and puppet-agent only.

In this guide you’ll:

• Update the system and set hostname (and /etc/hosts)
• Add the Puppet 7 APT repo for Ubuntu 22.04 and install puppetserver and puppet-agent
• Configure puppet.conf and memory for Puppet server, then start and enable services
• Open port 8140 (ufw or firewalld), add Puppet binaries to PATH, and run the agent (including signing the certificate)
• Create a simple manifest to install and enable Nginx and verify with puppet agent -t

Related: Puppet 8 on Rocky Linux/AlmaLinux 9 · Puppet 7 on Ubuntu 20.04 · Puppet 7 on Rocky Linux/CentOS 8 · Ansible on Rocky Linux/CentOS 8

Prerequisites

• One or two machines running Ubuntu 22.04 LTS (one for server, optionally one for agent).
• Root or sudo access.
• Internet access to install packages and the Puppet APT repo.
• Basic familiarity with the Linux terminal and vim (or another editor).

Table of contents

• Prerequisites
• Table of contents
• 1. Ensure the servers are up to date
• 2. Set the hostname
• 3. Install Puppet Server
• 4. Configure Puppet master and agent
• 5. Start and enable Puppet server
• 6. Open port 8140 on the firewall
• 7. Add Puppet binaries to PATH
• 8. Start the Puppet agent
• 9. Verify the Puppet agent
• 10. Create a simple manifest to deploy Nginx
• Frequently Asked Questions (FAQ)
  • What is Puppet Server?
  • What port does Puppet use?
  • How do I sign a Puppet agent certificate?
  • Where are Puppet manifests stored on Ubuntu?
  • Which Puppet repo do I use for Ubuntu 22.04?
• Conclusion

1. Ensure the servers are up to date

Update packages on the server (and agent, if separate):

1
2

sudo apt update
sudo apt upgrade -y

2. Set the hostname

Puppet uses the server hostname for certificates and agent communication. On the Puppet server, set the hostname to a FQDN (replace with your own):

1

sudo hostnamectl set-hostname puppetmaster.citizix.com

Ensure the hostname resolves (DNS or /etc/hosts). Edit /etc/hosts:

1

sudo vim /etc/hosts

Add a line like (use your server’s IP and hostname):

1

10.20.5.51 puppetmaster.citizix.com puppetmaster

Confirm:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

$ sudo hostnamectl
 Static hostname: puppetmaster.citizix.com
       Icon name: computer-vm
         Chassis: vm
      Machine ID: ec231cbf3ee47ac3bd58ccb3c63b4f28
         Boot ID: 4d8ec8cc4179435ebb3c2d6cc8845eb0
  Virtualization: amazon
Operating System: Ubuntu 22.04.1 LTS
          Kernel: Linux 5.15.0-1017-aws
    Architecture: x86-64
 Hardware Vendor: Amazon EC2
  Hardware Model: t3.large

Optional: verify resolution with ping puppetmaster (or your short name).

3. Install Puppet Server

Add the Puppet 7 APT repository for Ubuntu 22.04 (Jammy), then install the puppetserver package:

1
2
3
4

curl -LO https://apt.puppet.com/puppet7-release-jammy.deb
sudo dpkg -i ./puppet7-release-jammy.deb
sudo apt update
sudo apt install -y puppetserver

4. Configure Puppet master and agent

Memory for Puppet Server: On Ubuntu, the config file is /etc/default/puppetserver. Edit it and set the JVM heap (e.g. 1 GB):

1

sudo vim /etc/default/puppetserver

Set:

1

JAVA_ARGS="-Xms1g -Xmx1g"

Server and agent config: Edit puppet.conf:

1

sudo vim /etc/puppetlabs/puppet/puppet.conf

Add a [server] section with dns_alt_names (use your FQDN and short name), and a [main] section for the agent:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

[server]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
dns_alt_names=puppetmaster.citizix.com,puppetmaster

[main]
certname = puppetmaster.citizix.com
server = puppetmaster.citizix.com
environment = production
runinterval = 30m

5. Start and enable Puppet server

Start the service and enable it on boot:

1
2

sudo systemctl start puppetserver
sudo systemctl enable puppetserver

Check status: sudo systemctl status puppetserver (should show active (running)). Verify the version: puppetserver -v (e.g. puppetserver version: 7.9.0).

6. Open port 8140 on the firewall

Agents connect to the server on TCP 8140. On Ubuntu, ufw is the default firewall. Open the port and reload:

1
2

sudo ufw allow 8140/tcp
sudo ufw reload

If you use firewalld instead: sudo firewall-cmd --add-port=8140/tcp --permanent and sudo firewall-cmd --reload.

7. Add Puppet binaries to PATH

Puppet CLI tools live in /opt/puppetlabs/bin. Add it to your PATH so you can run puppet and facter without the full path:

1
2

echo 'export PATH=$PATH:/opt/puppetlabs/bin' | tee -a ~/.bashrc
source ~/.bashrc

8. Start the Puppet agent

On the same machine (or another node that will be an agent), start the Puppet agent so it contacts the server and requests a certificate:

1

sudo systemctl start puppet

Check the status using this command:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

$ sudo systemctl status puppet
● puppet.service - Puppet agent
     Loaded: loaded (/lib/systemd/system/puppet.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2022-08-18 20:12:27 UTC; 13s ago
   Main PID: 76605 (puppet)
      Tasks: 1 (limit: 2309)
     Memory: 78.1M
        CPU: 1.992s
     CGroup: /system.slice/puppet.service
             └─76605 /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daemonize

Aug 18 20:12:27 puppetmaster.citizix.com systemd[1]: Started Puppet agent.
Aug 18 20:12:29 puppetmaster.citizix.com puppet-agent[76605]: Starting Puppet client version 7.18.0
Aug 18 20:12:32 puppetmaster.citizix.com puppet-agent[76606]: Applied catalog in 0.01 seconds

9. Verify the Puppet agent

After the server has signed the agent’s certificate, run a test run on the agent:

1

puppet agent --test

You should see output like:

1
2
3
4
5
6

Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetmaster.citizix.com
Info: Applying configuration version '1646343518'
Notice: Applied catalog in 0.02 seconds

That means the agent successfully pulled the catalog from the server and applied it.

10. Create a simple manifest to deploy Nginx

Manifests live under /etc/puppetlabs/code/environments/<environment>/manifests. We use the production environment. Create the site manifest:

1
2

cd /etc/puppetlabs/code/environments/production/manifests
sudo vim site.pp

Add the following (replace puppetmaster.citizix.com with your node’s FQDN if different):

1
2
3
4
5
6
7
8
9

node 'puppetmaster.citizix.com' {
  package { 'nginx':
    ensure => installed,
  }
  service { 'nginx':
    ensure => running,
    enable => true,
  }
}

Save and exit. Then on the agent, run:

1

puppet agent -t

Puppet will fetch the catalog and apply it: Nginx is installed and the service is started and enabled. You can also validate and apply locally with puppet parser validate site.pp and puppet apply site.pp if you’re on the same host. Example output:

1
2
3

Notice: Compiled catalog for puppetmaster.citizix.com in environment production in 0.33 seconds
Notice: .../Package[nginx]/ensure: created
Notice: Applied catalog in 6.06 seconds

Check Nginx:

1

sudo systemctl status nginx

You should see active (running). The Nginx web server was installed and configured by Puppet.

Frequently Asked Questions (FAQ)

What is Puppet Server?

Puppet Server is the central component that runs on the JVM. It compiles catalogs from Puppet code and data, serves them to agents, and hosts the certificate authority for agent certificates.

What port does Puppet use?

Agents connect to the server on TCP 8140. Ensure this port is open (e.g. with ufw allow 8140/tcp on Ubuntu) and that the hostname in puppet.conf resolves to the server.

How do I sign a Puppet agent certificate?

On the Puppet server, run puppet cert list to see pending requests, then puppet cert sign <agent-fqdn> to sign one agent, or puppet cert sign --all to sign all. The agent must have run at least once so it has requested a cert.

Where are Puppet manifests stored on Ubuntu?

Manifests live under /etc/puppetlabs/code/environments/<environment>/manifests/. The default environment is production; the main manifest is typically site.pp. On Ubuntu, Puppet Server uses the same paths as on other platforms.

Which Puppet repo do I use for Ubuntu 22.04?

Use the Jammy (22.04) package: puppet7-release-jammy.deb. For Ubuntu 20.04 (Focal), use puppet7-release-focal.deb.

Conclusion

You installed Puppet 7 server and agent on Ubuntu 22.04 LTS: added the Puppet 7 APT repo (Jammy), configured hostname and puppet.conf, started and enabled puppetserver, opened port 8140 (ufw), added Puppet to PATH, signed the agent certificate, and deployed Nginx with a simple manifest. For Puppet 7 on Ubuntu 20.04, see How to Install and Configure Puppet 7 Server on Ubuntu 20.04. For Rocky Linux / AlmaLinux, see Puppet 7 on Rocky/CentOS 8 or Puppet 8 on Rocky/AlmaLinux 9.