To register a Puppet Master within a deployment environment you must prepare the Puppet Master to work with the Application Services server.

About this task

You can also automate the registration process, see Register a Puppet Master Solution Instance.


  • Verify that Puppet Enterprise version 3.0.1 to 3.2.3 or Puppet Open Source version 3.2.4 to 3.6.2 is installed.

  • Verify that you have the latest supported version of the Puppet agents installed. See the Puppet Labs documentation Web site for the agent installation instructions.

  • Make sure that there is a client machine available with Puppet installed besides the Puppet Master.

  • Make sure the system times for the Application Services and the Puppet Master servers are synchronized. You can use an NTP server for this purpose. The time difference between the two servers cannot be more than 60 seconds.


  1. Navigate to the directory on your Puppet Master and create a directory called appd_nodes.
    • On Puppet Enterprise, navigate to /etc/puppetlabs/puppet/manifests/.

    • On Puppet Open Source, navigate to /etc/puppet/manifests/.

  2. Open the /etc/puppetlabs/puppet/manifests/site.pp or /etc/puppet/manifests/site.pp file and add the command import 'appd_nodes/*.pp' to the first line of the file.
  3. In the command line, create the empty_manifest_file.pp file.
    • On Puppet Enterprise, enter touch /etc/puppetlabs/puppet/manifests/appd_nodes/empty_manifest_file.pp

    • On Puppet Open Source, enter touch /etc/puppet/manifests/appd_nodes/empty_manifest_file.pp

  4. Open the mcollective server configuration file and add the line plugin.ssl_serializer = yaml, if missing.
    • On Puppet Enterprise, open the file /etc/puppetlabs/mcollective/server.cfg.

    • On Puppet Open Source, open the file /etc/mcollective/server.cfg.

  5. Download the appdintegn.rb and appdintegn.ddl agent files.



  6. Copy the appdintegn.rb and appdintegn.ddl agent files to the LIBDIR/mcollective/agent directory on the Puppet master.

    LIBDIR is the value of the MCollective libdir setting that is typically set to /opt/puppet/libexec/mcollective/.

  7. Restart MCollective to view the newly copied agent files.
    • On Puppet Enterprise, enter /etc/init.d/pe-mcollective restart.

    • On Puppet Open Source, enter /etc/init.d/mcollective restart.

  8. On a client machine that has Puppet installed, generate a certificate.

    puppet certificate generate Name --ssldir TempCredsDir --ca-location remote --ca_server CAPuppetMaster

    Name is the name of a string for the Application Services certificate corresponding to the Puppet master. TempCredsDir is a locally created directory in the /tmp folder such as /tmp/appd_mc/credentials and CAPuppetMaster is the host name or IP address of the Puppet master.

  9. (Optional) : On the Puppet master, if the auto-sign for the certificate is not turned on enter the command sudo puppet cert sign Name.
  10. Copy the signed public certificate file to the MCollective authorized client list.

    cp CertDirectory/Name.pem AuthorizedClientsDirectory

    CertDirectory is the Puppet master certdir config setting and AuthorizedClientsDirectory is the config setting for the MCollective server plugin.ssl_client_cert_dir.

    A sample Puppet Enterprise copy command, cp /etc/puppetlabs/puppet/ssl/ca/signed/vmware-appd.pem /etc/puppetlabs/mcollective/ssl/clients/

  11. On the client machine that has Puppet installed, get the signed certificates from the Puppet master.

    puppet certificate find Name --ssldir TempCredsDir --ca-location remote --ca_server CAPuppetMaster

    puppet certificate find ca --ssldir TempCredsDir --ca-location remote --ca_server CAPuppetMaster

  12. On the client machine that has Puppet installed, get the public certificate from the Puppet master.
    • On Puppet Enterprise, enter puppet certificate find pe-internal-mcollective-servers --ssldir TempCredsDir --ca-location remote --ca_server CAPuppetMaster.

    • On Puppet Open Source, enter puppet certificate find mcollective-servers --ssldir TempCredsDir --ca-location remote --ca_server CAPuppetMaster.


Application Services creates the node definition file *.pp for each virtual machine it provisions in the /etc/puppetlabs/puppet/manifests/appd_nodes or /etc/puppet/manifests/appd_nodes directory.

What to do next

Register the Puppet master within a deployment environment in Application Services. See Create a Puppet Solution Instance.