github.com/hugorut/terraform@v1.1.3/website/docs/language/resources/provisioners/puppet.mdx

github.com/hugorut/terraform@v1.1.3/website/docs/language/resources/provisioners/puppet.mdx (about)

     1  ---
     2  page_title: 'Provisioner: puppet'
     3  description: >-
     4    The `puppet` provisioner installs, configures and runs the Puppet agent on a
     5    resource.
     6  ---
     7  
     8  # Puppet Provisioner
     9  
    10  The `puppet` provisioner installs, configures and runs the Puppet agent on a
    11  remote resource. The `puppet` provisioner supports both `ssh` and `winrm` type
    12  [connections](/language/resources/provisioners/connection).
    13  
    14  !> **Note:** This provisioner was removed in the 0.15.0 version of Terraform after being deprecated as of Terraform 0.13.4. For most common situations there are better alternatives to using provisioners. For more information, see [the main Provisioners page](/language/resources/provisioners).
    15  
    16  ## Requirements
    17  
    18  The `puppet` provisioner has some prerequisites for specific connection types:
    19  
    20  * For `ssh` type connections, `cURL` must be available on the remote host.
    21  * For `winrm` connections, `PowerShell 2.0` must be available on the remote host.
    22  
    23  Without these prerequisites, your provisioning execution will fail.
    24  
    25  Additionally, the `puppet` provisioner requires
    26  [Bolt](https://puppet.com/docs/bolt/latest/bolt.html) to be installed on your workstation
    27  with the following [modules
    28  installed](https://puppet.com/docs/bolt/latest/bolt_installing_modules.html#install-modules)
    29  
    30  * `danieldreier/autosign`
    31  * `puppetlabs/puppet_agent`
    32  
    33  ## Example usage
    34  
    35  ```hcl
    36  resource "aws_instance" "web" {
    37    # ...
    38  
    39    provisioner "puppet" {
    40      server             = aws_instance.puppetmaster.public_dns
    41      server_user        = "ubuntu"
    42      extension_requests = {
    43        pp_role = "webserver"
    44      }
    45    }
    46  }
    47  ```
    48  
    49  ## Argument Reference
    50  
    51  The following arguments are supported:
    52  
    53  * `server (string)` - (Required) The FQDN of the Puppet master that the agent
    54    is to connect to.
    55  
    56  * `server_user (string)` - (Optional) The user that Bolt should connect to the
    57    server as (defaults to `root`).
    58  
    59  * `os_type (string)` - (Optional) The OS type of the resource. Valid options
    60    are: `linux` and `windows`. If not supplied, the connection type will be used
    61    to determine the OS type (`ssh` will assume `linux` and `winrm` will assume
    62    `windows`).
    63  
    64  * `use_sudo (boolean)` - (Optional) If `true`, commands run on the resource
    65    will have their privileges elevated with sudo (defaults to `true` when the OS
    66    type is `linux` and `false` when the OS type is `windows`).
    67  
    68  * `autosign (boolean)` - (Optional) Set to `true` if the Puppet master is using an autosigner such as
    69    [Daniel Dreier's policy-based autosigning
    70    tool](https://danieldreier.github.io/autosign). If `false` new agent certificate requests will have to be signed manually (defaults to `true`).
    71  
    72  * `open_source (boolean)` - (Optional) If `true` the provisioner uses an open source Puppet compatible agent install method (push via the Bolt agent install task). If `false` the simplified Puppet Enterprise installer will pull the agent from the Puppet master (defaults to `true`).
    73  
    74  * `certname (string)` - (Optional) The Subject CN used when requesting
    75    a certificate from the Puppet master CA (defaults to the FQDN of the
    76    resource).
    77  
    78  * `extension_requests (map)` - (Optional) A map of [extension
    79    requests](https://puppet.com/docs/puppet/latest/ssl_attributes_extensions.html#concept-932)
    80    to be embedded in the certificate signing request before it is sent to the
    81    Puppet master CA and then transferred to the final certificate when the CSR
    82    is signed. These become available during Puppet agent runs as [trusted facts](https://puppet.com/docs/puppet/latest/lang_facts_and_builtin_vars.html#trusted-facts). Friendly names for common extensions such as pp_role and pp_environment have [been predefined](https://puppet.com/docs/puppet/latest/ssl_attributes_extensions.html#recommended-oids-for-extensions).
    83  
    84  * `custom_attributes (map)` - (Optional) A map of [custom
    85    attributes](https://puppet.com/docs/puppet/latest/ssl_attributes_extensions.html#concept-5488)
    86    to be embedded in the certificate signing request before it is sent to the
    87    Puppet master CA.
    88  
    89  * `environment (string)` - (Optional) The name of the Puppet environment that the
    90    Puppet agent will be running in (defaults to `production`).
    91  
    92  * `bolt_timeout (string)` - (Optional) The timeout to wait for Bolt tasks to
    93    complete. This should be specified as a string like `30s` or `5m` (defaults
    94    to `5m` - 5 minutes).