github.com/rstandt/terraform@v0.12.32-0.20230710220336-b1063613405c/website/docs/provisioners/puppet.html.markdown (about) 1 --- 2 layout: "docs" 3 page_title: "Provisioner: puppet" 4 sidebar_current: "docs-provisioners-puppet" 5 description: |- 6 The `puppet` provisioner installs, configures and runs the Puppet agent on a resource. 7 --- 8 9 # Puppet Provisioner 10 11 The `puppet` provisioner installs, configures and runs the Puppet agent on a 12 remote resource. The `puppet` provisioner supports both `ssh` and `winrm` type 13 [connections](/docs/provisioners/connection.html). 14 15 -> **Note:** Provisioners should only be used as a last resort. For most 16 common situations there are better alternatives. For more information, see 17 [the main Provisioners page](./). 18 19 ## Requirements 20 21 The `puppet` provisioner has some prerequisites for specific connection types: 22 23 * For `ssh` type connections, `cURL` must be available on the remote host. 24 * For `winrm` connections, `PowerShell 2.0` must be available on the remote host. 25 26 Without these prerequisites, your provisioning execution will fail. 27 28 Additionally, the `puppet` provisioner requires 29 [Bolt](https://puppet.com/docs/bolt/latest/bolt.html) to be installed on your workstation 30 with the following [modules 31 installed](https://puppet.com/docs/bolt/latest/bolt_installing_modules.html#install-modules) 32 33 * `danieldreier/autosign` 34 * `puppetlabs/puppet_agent` 35 36 ## Example usage 37 38 ```hcl 39 resource "aws_instance" "web" { 40 # ... 41 42 provisioner "puppet" { 43 server = aws_instance.puppetmaster.public_dns 44 server_user = "ubuntu" 45 extension_requests = { 46 pp_role = "webserver" 47 } 48 } 49 } 50 ``` 51 52 ## Argument Reference 53 54 The following arguments are supported: 55 56 * `server (string)` - (Required) The FQDN of the Puppet master that the agent 57 is to connect to. 58 59 * `server_user (string)` - (Optional) The user that Bolt should connect to the 60 server as (defaults to `root`). 61 62 * `os_type (string)` - (Optional) The OS type of the resource. Valid options 63 are: `linux` and `windows`. If not supplied, the connection type will be used 64 to determine the OS type (`ssh` will assume `linux` and `winrm` will assume 65 `windows`). 66 67 * `use_sudo (boolean)` - (Optional) If `true`, commands run on the resource 68 will have their privileges elevated with sudo (defaults to `true` when the OS 69 type is `linux` and `false` when the OS type is `windows`). 70 71 * `autosign (boolean)` - (Optional) Set to `true` if the Puppet master is using an autosigner such as 72 [Daniel Dreier's policy-based autosigning 73 tool](https://danieldreier.github.io/autosign). If `false` new agent certificate requests will have to be signed manually (defaults to `true`). 74 75 * `open_source (boolean)` - (Optional) If `true` the provisioner uses an open source Puppet compatible agent install method (push via the Bolt agent install task). If `false` the simplified Puppet Enterprise installer will pull the agent from the Puppet master (defaults to `true`). 76 77 * `certname (string)` - (Optional) The Subject CN used when requesting 78 a certificate from the Puppet master CA (defaults to the FQDN of the 79 resource). 80 81 * `extension_requests (map)` - (Optional) A map of [extension 82 requests](https://puppet.com/docs/puppet/latest/ssl_attributes_extensions.html#concept-932) 83 to be embedded in the certificate signing request before it is sent to the 84 Puppet master CA and then transferred to the final certificate when the CSR 85 is signed. These become available during Puppet agent runs as [trusted facts](https://puppet.com/docs/puppet/latest/lang_facts_and_builtin_vars.html#trusted-facts). Friendly names for common extensions such as pp_role and pp_environment have [been predefined](https://puppet.com/docs/puppet/latest/ssl_attributes_extensions.html#recommended-oids-for-extensions). 86 87 * `custom_attributes (map)` - (Optional) A map of [custom 88 attributes](https://puppet.com/docs/puppet/latest/ssl_attributes_extensions.html#concept-5488) 89 to be embedded in the certificate signing request before it is sent to the 90 Puppet master CA. 91 92 * `environment (string)` - (Optional) The name of the Puppet environment that the 93 Puppet agent will be running in (defaults to `production`). 94 95 * `bolt_timeout (string)` - (Optional) The timeout to wait for Bolt tasks to 96 complete. This should be specified as a string like `30s` or `5m` (defaults 97 to `5m` - 5 minutes).