github.com/rstandt/terraform@v0.12.32-0.20230710220336-b1063613405c/website/docs/provisioners/puppet.html.markdown (about)

     1  ---
     2  layout: "docs"
     3  page_title: "Provisioner: puppet"
     4  sidebar_current: "docs-provisioners-puppet"
     5  description: |-
     6    The `puppet` provisioner installs, configures and runs the Puppet agent on a resource.
     7  ---
     8  
     9  # Puppet Provisioner
    10  
    11  The `puppet` provisioner installs, configures and runs the Puppet agent on a
    12  remote resource. The `puppet` provisioner supports both `ssh` and `winrm` type
    13  [connections](/docs/provisioners/connection.html).
    14  
    15  -> **Note:** Provisioners should only be used as a last resort. For most
    16  common situations there are better alternatives. For more information, see
    17  [the main Provisioners page](./).
    18  
    19  ## Requirements
    20  
    21  The `puppet` provisioner has some prerequisites for specific connection types:
    22  
    23  * For `ssh` type connections, `cURL` must be available on the remote host.
    24  * For `winrm` connections, `PowerShell 2.0` must be available on the remote host.
    25  
    26  Without these prerequisites, your provisioning execution will fail.
    27  
    28  Additionally, the `puppet` provisioner requires
    29  [Bolt](https://puppet.com/docs/bolt/latest/bolt.html) to be installed on your workstation
    30  with the following [modules
    31  installed](https://puppet.com/docs/bolt/latest/bolt_installing_modules.html#install-modules)
    32  
    33  * `danieldreier/autosign`
    34  * `puppetlabs/puppet_agent`
    35  
    36  ## Example usage
    37  
    38  ```hcl
    39  resource "aws_instance" "web" {
    40    # ...
    41  
    42    provisioner "puppet" {
    43      server             = aws_instance.puppetmaster.public_dns
    44      server_user        = "ubuntu"
    45      extension_requests = {
    46        pp_role = "webserver"
    47      }
    48    }
    49  }
    50  ```
    51  
    52  ## Argument Reference
    53  
    54  The following arguments are supported:
    55  
    56  * `server (string)` - (Required) The FQDN of the Puppet master that the agent
    57    is to connect to.
    58  
    59  * `server_user (string)` - (Optional) The user that Bolt should connect to the
    60    server as (defaults to `root`).
    61  
    62  * `os_type (string)` - (Optional) The OS type of the resource. Valid options
    63    are: `linux` and `windows`. If not supplied, the connection type will be used
    64    to determine the OS type (`ssh` will assume `linux` and `winrm` will assume
    65    `windows`).
    66  
    67  * `use_sudo (boolean)` - (Optional) If `true`, commands run on the resource
    68    will have their privileges elevated with sudo (defaults to `true` when the OS
    69    type is `linux` and `false` when the OS type is `windows`).
    70  
    71  * `autosign (boolean)` - (Optional) Set to `true` if the Puppet master is using an autosigner such as
    72    [Daniel Dreier's policy-based autosigning
    73    tool](https://danieldreier.github.io/autosign). If `false` new agent certificate requests will have to be signed manually (defaults to `true`).
    74  
    75  * `open_source (boolean)` - (Optional) If `true` the provisioner uses an open source Puppet compatible agent install method (push via the Bolt agent install task). If `false` the simplified Puppet Enterprise installer will pull the agent from the Puppet master (defaults to `true`).
    76  
    77  * `certname (string)` - (Optional) The Subject CN used when requesting
    78    a certificate from the Puppet master CA (defaults to the FQDN of the
    79    resource).
    80  
    81  * `extension_requests (map)` - (Optional) A map of [extension 
    82    requests](https://puppet.com/docs/puppet/latest/ssl_attributes_extensions.html#concept-932)
    83    to be embedded in the certificate signing request before it is sent to the
    84    Puppet master CA and then transferred to the final certificate when the CSR
    85    is signed. These become available during Puppet agent runs as [trusted facts](https://puppet.com/docs/puppet/latest/lang_facts_and_builtin_vars.html#trusted-facts). Friendly names for common extensions such as pp_role and pp_environment have [been predefined](https://puppet.com/docs/puppet/latest/ssl_attributes_extensions.html#recommended-oids-for-extensions).
    86  
    87  * `custom_attributes (map)` - (Optional) A map of [custom
    88    attributes](https://puppet.com/docs/puppet/latest/ssl_attributes_extensions.html#concept-5488)
    89    to be embedded in the certificate signing request before it is sent to the
    90    Puppet master CA.
    91  
    92  * `environment (string)` - (Optional) The name of the Puppet environment that the
    93    Puppet agent will be running in (defaults to `production`).
    94  
    95  * `bolt_timeout (string)` - (Optional) The timeout to wait for Bolt tasks to
    96    complete. This should be specified as a string like `30s` or `5m` (defaults
    97    to `5m` - 5 minutes).