Server automation framework and application

Related tags



RSpec tests Gem Version Inline docs

Puppet, an automated administrative engine for your Linux, Unix, and Windows systems, performs administrative tasks (such as adding users, installing packages, and updating server configurations) based on a centralized specification.


Documentation for Puppet and related projects can be found online at the Puppet Docs site.




The best way to run Puppet is with Puppet Enterprise (PE), which also includes orchestration features, a web console, and professional support. The PE documentation is available here.

To install an open source release of Puppet, see the installation guide on the docs site.

If you need to run Puppet from source as a tester or developer, see the Quick Start to Developing on Puppet guide.

Developing and Contributing

We'd love to get contributions from you! For a quick guide to getting your system setup for developing, take a look at our Quickstart Guide. Once you are up and running, take a look at the Contribution Documents to see how to get your changes merged in.

For more complete docs on developing with Puppet, take a look at the rest of the developer documents.


See LICENSE file. Puppet is licensed by Puppet, Inc. under the Apache license. Puppet, Inc. can be contacted at: [email protected]


Please log tickets and issues at our JIRA tracker. A mailing list is available for asking questions and getting help from others, or if you prefer chat, we also have a Puppet Community slack.

We use semantic version numbers for our releases and recommend that users stay as up-to-date as possible by upgrading to patch releases and minor releases as they become available.

Bug fixes and ongoing development will occur in minor releases for the current major version. Security fixes will be backported to a previous major version on a best-effort basis, until the previous major version is no longer maintained.

For example: If a security vulnerability is discovered in Puppet 6.1.1, we would fix it in the 6 series, most likely as 6.1.2. Maintainers would then make a best effort to backport that fix onto the latest Puppet 5 release.

Long-term support, including security patches and bug fixes, is available for commercial customers. Please see the following page for more details:

Puppet Enterprise Support Lifecycle

  • Change Crypto Spec in accordance to

    Change Crypto Spec in accordance to

    The current puppet passanger crypto spec is 5yrs old (talked to the original author). I've adapted it to something sane and have taken the current recommendations for it by the bettercrypto(.org) project.

    opened by azet 74
  • (PUP-1072) HTTP(S) support for the file type

    (PUP-1072) HTTP(S) support for the file type

    Uses two commits from #3741 which will hopefully get merged first. These maint commits will vanish upon rebasing then.

    opened by ffrank 39
  • (PUP-3930) Optimize `failed_dependencies?`

    (PUP-3930) Optimize `failed_dependencies?`

    I profiled puppet agent --test on one of my servers using stackprof [1] on Ruby 2.1.

    Something like 30% or more of the time was spent in Puppet::Graph::SimpleGraph#upstream_from_vertex, called from Puppet::Transaction#failed_dependencies?

    It turns out that, while evaluating the resource graph, when considering a resource, we look at the complete set of transitive dependencies to evaluate whether any of them have failed. This is hugely expensive, and moreover, is wasted work in the success case where no resources fail.

    Instead of all that work, this patch pushes the work to the failed nodes; When a node fails, we transitively walk the dependents of that node, and mark them as having failed dependencies, and then check that flag directly when considering whether to skip a node later.

    On my test system, this patch drops puppet agent --test runtime from about 40s to about 23s.


    opened by nelhage 38
  • (PUP-735) Fail when cannot apply complete catalog

    (PUP-735) Fail when cannot apply complete catalog

    Under some circumstances (eg. dependency cycle) when catalog could not be applied, Puppet didn't report failure (status unchanged, return code 0).

    Raise Puppet::Error so the failure gets logged and reported (status is "failed", return value is 1).

    opened by scenek 38
  • (PUP-7517) Allow agent daemon to time out stalled runs

    (PUP-7517) Allow agent daemon to time out stalled runs

    On occasion, a puppet agent can end up waiting indefinitely on some process that will never return or terminate. This patch adds a new setting, runtimeout, that can be used to specify the maximum duration allowed for a puppet run. When set to a non-zero value, the agent daemon will send a SIGTERM to any agent run it starts which exceeds this value.

    This patch does not handle runs started outside of the agent daemon by puppet agent --onetime.

    opened by Sharpie 35
  • (PUP-5844) Add Object type to the Puppet Type system

    (PUP-5844) Add Object type to the Puppet Type system

    This commit adds a new Object type to the Puppet Type system. The type is very similar to Struct in that it defines a hash of named types. There are some notable differences though:

    1. The Object type adds inheritance.
    2. An Object is only assignable to itself or to a parent type of itself.
    3. All keys of the Object must be non empty strings.
    4. An Object may redefine a parent member, but only if the type is equal or assignable to the type of that member. I.e. it may redefine it to a more special type.
    Blocked Language 
    opened by thallgren 33
  • (#4506) Revert e161cbc, which causes 'undefined allocator for Proc' errors

    (#4506) Revert e161cbc, which causes 'undefined allocator for Proc' errors

    I'm not familiar with why this causes damaged YAML output, but reverting this performance optimization commit repairs the issue for me with 3.0.0, 3.2.4, and 3.3.0-rc.

    See also for details about how this commit was identified.

    opened by floatingatoll 31
  • (#22703) Force encoding of comment value to ASCII-8BIT

    (#22703) Force encoding of comment value to ASCII-8BIT

    The comment field for user resources can often contain non-ASCII characters. Unfortunately, Puppet retrieves the existing value (current_value) as ASCII-8BIT, but strings containing non-ASCII characters are automatically turned into UTF-8, resulting in a failure to concatenate the strings in change_to_s, with messages such as the following in Puppet 3.2.4 with Ruby 1.9.3:

    Error: Could not convert change 'comment' to string: incompatible character encodings: ASCII-8BIT and UTF-8
    Error: Could not convert change 'comment' to string: incompatible character encodings: ASCII-8BIT and UTF-8
    Error: /User[rpinson]: Could not evaluate: Puppet::Util::Log requires a message

    which is due to the fact that current_value is encoded in ASCII-8BIT, but newvalue is in UTF-8 and not "softly" convertible when reaching change_to_s in property.rb.

    In order to allow proper management of non-ASCII characters in the comment field, this PR forces an ASCII-8BIT encoding on the comment property value in the type.

    Note: trying to force the encoding in Puppet code (using e.g. inline_template) doesn't solve anything, and patching change_to_s to force the encoding results in the resource not being idempotent anymore, since comparison fails (but change_to_s doesn't crash anymore).

    opened by raphink 30
  • (PUP-5482) Flag that a type could not be found

    (PUP-5482) Flag that a type could not be found

    If a Ruby type is not available in the file system, every time it is found by the parser, the Autoloader will scan all over again the directories in search_directories for it. This generates tons of stat()s that can be saved.

    This patch annotates that a type could not be found so the next time it is required during the compilation of a catalog, the file system is not hammered again unnecessarily.

    This optimization has given us a ~61% reduction in the number of stats per compilation, as we make an extensive use of the concat module which only provides Puppet "defined types".

    opened by haus 29
  • Remove

    Remove "master" in generated docs

    opened by clairecadman 0
  • (maint) Add l10n integration test

    (maint) Add l10n integration test

    While working on PUP-11158 I found that module translations were not present if the environment was reloaded during compilation. This adds an integration test to ensure a function in a module can generate a localized message using translations from the module's locale directory. There are beaker tests, but the feedback cycle is long.

    Also note translations are disabled in spec tests (see, so this provides a way for integration tests to selectively enable localizations using a shared context.

    opened by joshcooper 0
  • (PUP-10955) Normalize environment name to symbol before caching

    (PUP-10955) Normalize environment name to symbol before caching

    The Puppet::Environments::Cached.get method says it accepts Strings or Symbols. This commit normalizes the environment name before caching and getting the environment to avoid duplicated environments in cache (as String and as Symbol).

    opened by luchihoratiu 5
  • (PUP-10820) Convert data before saving to transactionstorefile

    (PUP-10820) Convert data before saving to transactionstorefile

    Binary, Sensitive, etc deferred results can corrupt the transaction store if not converted with Puppet::Pops::Serialization::ToDataConverter before saving to the file.

    opened by Dorin-Pleava 4
  • (PUP-10216) Eliminate configurer node request and use last environment

    (PUP-10216) Eliminate configurer node request and use last environment

    Remove the node definition request and rely on the configured environment or last used environment during the agent run.

    Previously, when Puppet failed to get its node definition, it would try to pluginsync against the agent-configured environment (usually 'production'). This is not what we want, as it first deletes all of its plugins, and then has to re-sync them fresh from the correct environment after it switches over.

    The environment is now written in the lastrunfile, which Puppet attempts to read if it fails to fetch the node definition. Environment values set with --environment or in puppet.conf are still prioritized over the last used environment.

    Other puppet applications such as apply also write to the lastrunfile, so in addition to writing/reading the environment, do the same for the run mode.

    This reimplements It's mostly the same as the original PR, but we now write the run_mode and environment to the lastrunfile in a new application section. We no longer rely on lastrunreport since we can't know whether the environment written there is from an apply run or an agent run.

    By removing the node request we can end up using an invalid environment read from the lastrunfile (and unable to recover without manually removing the file), so while this PR does not depend on, it would be good to merge that one first.

    opened by GabrielNagy 1
  • (PUP-10308) Fix Puppet.lookup(:current_environment)

    (PUP-10308) Fix Puppet.lookup(:current_environment)

    At the start of the configurer run, puppet pushes its configured environment or the server-specified environment onto the context.

    If pluginsync causes environment to change, then the agent switches to the new environment but the new environment is not pushed onto the context, leaving the old environment set.

    This commit updates the lib/puppet/configurer.rb to push the new environment after the convergence is done.

    opened by gimmyxd 0
  • (PE-31696) Prefer builtin lib code over external gems when autoloading

    (PE-31696) Prefer builtin lib code over external gems when autoloading

    In PE we use the ruby interpreter shipped with puppet agent to run the ace server. The ace server is responsible for executing remote tasks. Remote tasks will often use the puppet library. Remote ruby tasks run in ace over the local transport (and thus bolt) execute code with the same environment variables as the ruby process running the task runner uses. In the case of ace, we ship a puppet gem in addition to many of the other gems bolt depends on. Now that puppet has moved to using require_relative there is a bug whereby a new combination of code is loaded between the puppet gem and the puppet code shipped with the agent (because we set GEM_HOME and GEM_PATH when we start the service). This commit updates the autoloader to prefer loading code from the $LOAD_PATH. This helps solve the problem of loading code from both places in ace-server for remote tasks. The only consequence it may have would be if users somehow relied on shadowing shipped puppet code with external gems, though it is hard to imagine how they would manage to reliably configure this.

    opened by donoghuc 1
  • (RFC) Readable type errors when running Bolt plans and tasks

    (RFC) Readable type errors when running Bolt plans and tasks

    Many Bolt users aren't familiar with Puppet, and type errors are difficult to read. This proposes only print the short name of types in type mismatch errors (so "expect Bolt::TargetSpec, got Integer") when the Puppet[:tasks] setting is set. This ensures that this change only impacts Puppet when running in a Bolt context. The main caveat is that errors will still be fully detailed when running apply blocks, but because we expect apply block users to be more advanced and expect many users to be aware that apply blocks are running in a different context from the rest of the Bolt plan in general, this is acceptable.

    Do Not Merge 
    opened by lucywyman 0
  • (PUP-9570) Short-circuit compilation if the agent's current env doesn't match the server specified env

    (PUP-9570) Short-circuit compilation if the agent's current env doesn't match the server specified env

    The agent now sends a check_environment query parameter when requesting its catalog via the v3 endpoint. The server-side indirector code converts the query parameter to an an indirector request option and passes that to the compiler catalog terminus. If the option is true, then the server will check if the agent's current environment, that it last pluginsynced in, matches the server-specified environment, as determined by the node terminus, such as an ENC or PE Classifier. If the environments are mismatched, then the terminus short-circuits catalog compilation, returning an empty catalog with the server-specified environment. The agent will detect the mismatch, switch its current environment, and retry its convergence loop.

    Prior to this change, if manifests in the server-specified environment referenced a fact that didn't exist in the agent's current environment, then compilation failed and the server returned HTTP 500, causing the agent run to fail.

    Note the agent doesn't cache the empty catalog, because that step occurs after the environment has converged.

    New agents talking to old servers will behave as before, since old servers ignore the unknown check_environment parameter. Similarly, old agents talking to new servers behave as before, because the agent doesn't send the parameter.

    opened by joshcooper 3
Stacker - The environment for local web development, ready for use.

Introduction English 简体中文 Why stacker? Stacker - This is a local environment for web development with everything you need. What is its benefit? You do

Nikolay Stepanov 355 Jun 26, 2021
Monitor for any changes in your php application and automatically restart it (suitable for async apps).

PHP-watcher PHP-watcher helps develop long-running PHP applications by automatically restarting them when file changes in the directory are detected.

Sergey Zhuk 324 Jul 27, 2021
Server automation framework and application

Puppet Puppet, an automated administrative engine for your Linux, Unix, and Windows systems, performs administrative tasks (such as adding users, inst

Puppet 6.2k Jul 20, 2021
A modern Docker LAMP stack and MEAN stack for local development

The Devilbox Usage | Architecture | Community | Features | Intranet | Screenshots | Contributing | Logos | License Support for valid https out of the

cytopia 3.5k Jul 27, 2021
Vagrant is a tool for building and distributing development environments.

Vagrant Website: Source: HashiCorp Discuss:

HashiCorp 22.3k Jul 24, 2021
A development tool for all your projects that is fast, easy, powerful and liberating

Lando A Liberating Dev Tool For All Your Projects The local development and DevOps tool trusted by professional developers across the galaxy. Free you

Lando 3k Jul 24, 2021
Live Coding Project #1 | Création d'un annuaire téléphonique web (CRUD) ☎️📚

Live Coding #1 - Annuaire Téléphonique Ceci est un petit projet réalisé par les développeurs de Galsen Dev. Contribuer Si vous souhaitez une contribut

Galsen Dev LAB 9 Jun 30, 2021
Up and running with small Docker environments

Vessel Up and running with small Docker dev environments. Documentation Full documentation can be found at Install

Shipping Docker 1k Jul 24, 2021
Vagrant/Puppet GUI

PuPHPet PuPHPet - A simple GUI to set up virtual machines for PHP development What? PuPHPet is a web application that allows you to easily and quickly

PuPHPet 3.9k Jul 19, 2021
Symfony5 template w/ Docker config

Symfony5 w/ Docker config A project template in the following configuration: Symfony 5.2 PHP8 PostgreSQL 13.2 Separate Docker containers for Nginx, FP

Andrew Alyamovsky 4 Jun 28, 2021
Phansible - generate Vagrant + Ansible dev environments for PHP

Phansible Phansible is a simple generator for Vagrant projects, targeting PHP development environments, using Ansible as Provisioner. It was inspired

phansible 637 May 5, 2021
Protobox is vagrant web GUI

Protobox Protobox is a layer on top of vagrant and a web GUI to setup virtual machines for web development. A single YAML document controls everything

protobox 353 Jul 1, 2021
Dockerized version of Laravel Homestead

laraedit-docker Dockerized version of Laravel Homestead Documentation For now you can check out the wiki for details on using the container. Once the

LaraEdit 441 Jun 7, 2021