This knowledge base has moved to the documentation site. Please visit the knowledge base here for the most up to date content. This site is no longer maintained.

[RETIRED]: Puppet: Setting up a Basic Lab


This article outlines the process for managing a switch using Puppet in a lab environment, where the lab is stored on a physical server or virtual machine.


  • Cumulus Linux 2.5.z only

Note: To use Puppet with Cumulus Linux 3.y.z, use the native Puppet agent.


  • One switch running Cumulus Linux (2.5.z version), called switch1
  • A server or virtual machine running Debian, with a basic installation (default packages only), called server1

You'll set up:

  • DHCP
  • DNS
  • Puppet master

Network addresses:

  •, the existing gateway
  •, server1
  • - 200, DHCP


  • domain

Configuring server1

  1. Confirm /etc/hosts contains: server1
  2. Install the required packages:
    root@server:~# apt-get install isc-dhcp-server bind9 bind9-host puppetmaster
  3. Assign the static IP address to server1. Edit /etc/network/interfaces so it looks like:
    auto lo
    iface lo inet loopback

    auto eth0
    iface eth0 inet static
  4. Configure the DHCP scope. Edit /etc/dhcp/dhcpd.conf and add this to the file:
    subnet netmask {
        option routers;
        option domain-name-server;
        option domain-name "";
  5. Create an zone file /etc/bind/

    $TTL 604800
    @ IN SOA (
        1 ; Serial
        604800 ; Refresh
        86400 ; Retry
        2419200 ; Expire
        604800 ) ; Negative Cache TTL
     @ IN NS
     server1 IN A
     puppet IN CNAME
  6. Add an entry for the zone into /etc/bind/named.conf.local:

    zone "" {
         type master;
         file "/etc/bind/";
  7. Update the DNS resolver settings for the server in /etc/resolv.conf:

  8. Restart server1.
  9. Confirm that name resolution for the zone is working:
    root@server:~# host has address

    root@server:~# host is an alias for has address
  10. Verify that external resolution is also working:
    root@server:~# host is an alias for has address
  11. Check that the certificates for the Puppet master are present, as fingerprints will differ per installation:
    root@server:~# puppet cert list —all
     + "" (15:FC:1E:7D:CD:8A:C5:80:1E:1D:16:E5:D4:2B:9D:35) (alt names: "DNS:puppet", "", "")
  12. Note: this step depends on your version of Puppet here we show the step for older versions of Puppet prior to 3.0, if you're using a later version update the settings as prescribed by Puppet documentation here
    Allow Puppet clients on the local subnet to use the Puppet file server. Edit /etc/puppet/fileserver.conf:
  13. [files]
    path = /etc/puppet/files
  14. Enable certificate auto signing. Create /etc/puppet/autosign.conf:
  15. Restart Puppet Master sudo service puppetmaster restart

Setting Up the Puppet Master Test Configuration

Replace the message of the day on the switches.

Create the directory: mkdir /etc/puppet/files

Create a file on master to be copied by Puppet, /etc/puppet/files/motd:

    Hello world!

Create a manifest file, /etc/puppet/manifests/site.pp:

node default {
if $operatingsystem == "CumulusLinux" {
include switchbase
} class switchbase {
include motd
} class motd {
file { "/etc/motd":
owner => root,
group => root,
source => "puppet:///files/motd"
} }

Configuring the Switch

  1. Power up the switch and connect the management interface to same L2 segment as server1.
  2. Change the name of the switch. Add the following to /etc/hostname:
  3. Also, add the following to /etc/hosts: switch1
  4. Log in and confirm the switch has received a DHCP address within
    root@switch1:~# ip addr show eth0
     2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
     link/ether 44:38:39:00:1a:6b brd ff:ff:ff:ff:ff:ff
     inet brd scope global eth0
     inet6 fe80::4638:39ff:fe00:1a6b/64 scope link
     valid_lft forever preferred_lft forever
  5. Confirm you can ping the server by IP address:
    root@switch1:~# ping
     PING ( 56(84) bytes of data.
     64 bytes from icmp_req=1 ttl=64 time=0.547 ms
     64 bytes from icmp_req=2 ttl=64 time=0.316 ms
  6. Also verify you can ping the server by name:
    root@switch1:~$ ping
     PING ( 56(84) bytes of data.
     64 bytes from ( icmp_req=1 ttl=56 time=0.580 ms
     64 bytes from ( icmp_req=2 ttl=56 time=0.412 ms
  7. Install the Puppet client on the switch:
    root@switch1:~$ apt-get install puppet
  8. Edit the Puppet default configuration to enable the agent in /etc/default/puppet:
     # Defaults for puppet - sourced by /etc/init.d/puppet
     # Start puppet on boot?
     # Startup options
  9. Restart the Puppet agent:
    root@switch1:~# /etc/init.d/puppet restart
     Restarting puppet agent.

    The agent will now exchange certificates with the Puppet master and auto signing will take place. This may take up to a minute.
  10. Confirm on the server that a new certificate for switch1 is present:
    root@server:~# puppet cert list —all
     + "" (15:FC:1E:7D:CD:8A:C5:80:1E:1D:16:E5:D4:2B:9D:35)
    (alt names: "DNS:puppet", "", "") 
     + "" (3E:B4:ED:64:98:3C:86:30:74:F8:93:24:CD:A6:BD:86)
  11. On the switch, log out of the console and log in again. The message of the day will be updated:
    switch1 login: root
     Last login: Tue Oct 29 16:48:04 UTC 2013 on ttyS0

     Hello World!
    root@switch1 :~#


This support portal has moved

Cumulus Networks is now part of the NVIDIA Networking Business Unit! The NVIDIA Cumulus Global Support Services (GSS) team has merged its operations with the NVIDIA Mellanox support services team.

You can access NVIDIA Cumulus support content from the Mellanox support portal.

You open and update new cases on the Mellanox support portal. Any previous cases that have been closed have been migrated to the Mellanox support portal.

Cases that are still open on the Cumulus portal will continue to be managed on the Cumulus portal. Once these cases close, they will be moved to the Mellanox support portal.

Powered by Zendesk