Managing devices using Puppet device

Running the puppet device or puppet-device command (without --resource or --apply options) tells the proxy agent to retrieve catalogs from the primary server and apply them to the remote devices listed in the device.conf file.

To run Puppet device on demand and for all of the devices in device.conf , run:

Copy 
sudo puppet device --verbose

To run Puppet device for only one of the multiple devices in the device.conf file, specify a --target option:

Copy 
$ sudo puppet device -verbose --target f5.example.com

To run Puppet device on a specific group of devices, as opposed to all devices in the device.conf file, create a separate configuration file containing the devices you want to manage, and specify the file with the --deviceconfig option:

Copy 
$ sudo puppet device --verbose --deviceconfig /path/to/custom-device.conf

To set up a cron job to run Puppet device on a recurring schedule, run:

Copy 
$ sudo puppet resource cron puppet-device ensure=present user=root minute=30 command='/opt/puppetlabs/bin/puppet device --verbose --logdest syslog'

Example

Follow the steps below to run Puppet device in a production environment, using cisco_ios as an example.

  1. Install the module on the primary Puppet server: sudo puppet module install puppetlabs-cisco_ios.

  2. Include the module on the proxy Puppet agent by adding the following line to the primary server’s site.pp file:

    Copy 
    include cisco_ios

  3. Edit device.conf on the proxy Puppet agent:

    Copy 
    [cisco.example.com]
    type cisco_ios
    url file:///etc/puppetlabs/puppet/devices/cisco.example.com.yaml

  4. Create the cisco.example.com credentials file required by modules that use the Puppet Resource API:

    Copy 
    {
      "address": "cisco.example.com"
      "port": 22
      "username": "username"
      "password": "password"
      "enable_password": "password"
    }

  5. Request a certificate on the proxy Puppet agent:

    Copy 
    sudo puppet device --verbose --waitforcert 0 --target cisco.example.com

  6. Sign the certificate on the primary server:

    Copy 
    sudo puppetserver ca sign cisco.example.com

  7. Run puppet device on the proxy Puppet agent to test the credentials:

    Copy 
    sudo puppet device --target cisco.example.com