Puppet: Setting up a Basic Lab


This article outlines the process for managing a switch using Puppet in a lab environment, where the lab is stored on a physical server or virtual machine.


  • One switch running Cumulus Linux (any version), called switch1
  • A server or virtual machine running Debian, with a basic installation (default packages only), called server1

You'll set up:

  • DHCP
  • DNS
  • Puppet master

Network addresses:

  •, the existing gateway
  •, server1
  • - 200, DHCP


  • domain example.com
  • server1.example.com

Configuring server1

  1. Confirm /etc/hosts contains: server1.example.com server1
  2. Install the required packages:
    root@server:~# apt-get install isc-dhcp-server bind9 bind9-host puppetmaster
  3. Assign the static IP address to server1. Edit /etc/network/interfaces so it looks like:
    auto lo
    iface lo inet loopback

    auto eth0
    iface eth0 inet static
  4. Configure the DHCP scope. Edit /etc/dhcp/dhcpd.conf and add this to the file:
    subnet netmask {
        option routers;
        option domain-name-server;
        option domain-name "example.com";
  5. Create an example.com zone file /etc/bind/db.example.com:

    $TTL 604800
    @ IN SOA server1.example.com. hostmaster.example.com. (
        1 ; Serial
        604800 ; Refresh
        86400 ; Retry
        2419200 ; Expire
        604800 ) ; Negative Cache TTL
     @ IN NS server1.example.com.
     server1 IN A
     puppet IN CNAME server1.example.com.
  6. Add an entry for the example.com zone into /etc/bind/named.conf.local:

    zone "example.com" {
         type master;
         file "/etc/bind/db.example.com";
  7. Update the DNS resolver settings for the server in /etc/resolv.conf:

    domain example.com
    search example.com
  8. Restart server1.
  9. Confirm that name resolution for the example.com zone is working:
    root@server:~# host server1.example.com
    server1.example.com has address

    root@server:~# host puppet.example.com
    puppet.example.com is an alias for server1.example.com.
    server1.example.com has address
  10. Verify that external resolution is also working:
    root@server:~# host repo.cumulusnetworks.com
    repo.cumulusnetworks.com is an alias for RepoLoadBalancer-1976282915.us-east-1.elb.amazonaws.com.
    RepoLoadBalancer-1976282915.us-east-1.elb.amazonaws.com has address
  11. Check that the certificates for the Puppet master are present, as fingerprints will differ per installation:
    root@server:~# puppet cert list —all
     + "server1.example.com" (15:FC:1E:7D:CD:8A:C5:80:1E:1D:16:E5:D4:2B:9D:35) (alt names: "DNS:puppet", "DNS:server1.example.com", "DNS:server1.example.com")
  12. Note: this step depends on your version of Puppet here we show the step for older versions of Puppet prior to 3.0, if you're using a later version update the settings as prescribed by Puppet documentation here
    Allow Puppet clients on the local subnet to use the Puppet file server. Edit /etc/puppet/fileserver.conf:
  13. [files]
    path = /etc/puppet/files
  14. Enable certificate auto signing. Create /etc/puppet/autosign.conf:
  15. Restart Puppet Master sudo service puppetmaster restart

Setting Up the Puppet Master Test Configuration

Replace the message of the day on the switches.

Create the directory: mkdir /etc/puppet/files

Create a file on master to be copied by Puppet, /etc/puppet/files/motd:

    Hello world!

Create a manifest file, /etc/puppet/manifests/site.pp:

node default {
if $operatingsystem == "CumulusLinux" {
include switchbase
} class switchbase {
include motd
} class motd {
file { "/etc/motd":
owner => root,
group => root,
source => "puppet:///files/motd"
} }

Configuring the Switch

  1. Power up the switch and connect the management interface to same L2 segment as server1.
  2. Change the name of the switch. Add the following to /etc/hostname:
  3. Also, add the following to /etc/hosts: switch1
  4. Log in and confirm the switch has received a DHCP address within
    root@switch1:~# ip addr show eth0
     2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
     link/ether 44:38:39:00:1a:6b brd ff:ff:ff:ff:ff:ff
     inet brd scope global eth0
     inet6 fe80::4638:39ff:fe00:1a6b/64 scope link
     valid_lft forever preferred_lft forever
  5. Confirm you can ping the server by IP address:
    root@switch1:~# ping
     PING ( 56(84) bytes of data.
     64 bytes from icmp_req=1 ttl=64 time=0.547 ms
     64 bytes from icmp_req=2 ttl=64 time=0.316 ms
  6. Also verify you can ping the server by name:
    root@switch1:~$ ping server1.example.com
     PING server1.example.com ( 56(84) bytes of data.
     64 bytes from server1.example.com ( icmp_req=1 ttl=56 time=0.580 ms
     64 bytes from server1.example.com ( icmp_req=2 ttl=56 time=0.412 ms
  7. Install the Puppet client on the switch:
    root@switch1:~$ apt-get install puppet
  8. Edit the Puppet default configuration to enable the agent in /etc/default/puppet:
     # Defaults for puppet - sourced by /etc/init.d/puppet
     # Start puppet on boot?
     # Startup options
  9. Restart the Puppet agent:
    root@switch1:~# /etc/init.d/puppet restart
     Restarting puppet agent.

    The agent will now exchange certificates with the Puppet master and auto signing will take place. This may take up to a minute.
  10. Confirm on the server that a new certificate for switch1 is present:
    root@server:~# puppet cert list —all
     + "server1.example.com" (15:FC:1E:7D:CD:8A:C5:80:1E:1D:16:E5:D4:2B:9D:35)
    (alt names: "DNS:puppet", "DNS:server1.example.com", "DNS:server1.example.com") 
     + "switch1.example.com" (3E:B4:ED:64:98:3C:86:30:74:F8:93:24:CD:A6:BD:86)
  11. On the switch, log out of the console and log in again. The message of the day will be updated:
    switch1 login: root
     Last login: Tue Oct 29 16:48:04 UTC 2013 on ttyS0

     Hello World!
    root@switch1 :~#
Have more questions? Submit a request


Powered by Zendesk