System requirements

Puppet system requirements depend on your deployment type and size. Before installing, ensure your systems are compatible with infrastructure and agent requirements.

Note: Puppet primary servers must run on some variant of *nix. You can't run primary servers on Windows.

Hardware requirements

The primary server is fairly resource intensive, and must be installed on a robust, dedicated server. The agent service has few system requirements and can run on nearly anything.

The Puppet agent has been run and tested on a variety of hardware specifications. These are the weakest hardware specifications we have successfully tested. Both were tested using Intel Xeon processors.
CPUs GHz GiB memory OS
1 2.4 0.5 Amazon Linux 2 AMI
1 2.5 1 Windows Server 2019

The demands on the primary server vary widely between deployments. Resource needs are affected by the number of agents being served, how frequently agents check in, how many resources are being managed on each agent, and the complexity of the manifests and modules in use.

These minimum hardware requirements are based on internal testing.
Node volume Cores Heap ReservedCodeCache
dozens 2 1 GB n/a
1,000 2-4 4 GB 512m

Supported agent platforms

Puppet provides official packages for various operating systems and versions. You aren't necessarily limited to using official packages, but installation and maintenance is generally easier with official tested packages.

Packaged platforms

puppet-agent packages are available for these platforms.

For information on supported operating systems for Puppet Server, visit https://puppet.com/docs/puppet/7/server/install_from_packages.html#supported-operating-systems.

Packages for tested versions are officially tested. Packages for untested versions might not be automatically tested.
Operating system Tested versions Untested versions
Debian 10, 11, 11 (ARM)
Fedora 36 (x86_64)
macOS 11 Big Sur (64-bit packages only), 12 Monterey (64-bit packages only), 12 (M1), 13 Ventura (x86_64, ARM), 14 (ARM), 14 (Intel)
Microsoft Windows 10 Enterprise, 11 Enterprise (x86_64) 8, 10
Microsoft Windows Server 2012R2, 2016, 2019, 2022 2012
Red Hat Enterprise Linux, including:
  • Amazon Linux v1 (using RHEL 6 packages)

  • Amazon Linux v2 (using RHEL 7 packages)

7, 8 (aarch64), 9, 9 (ARM64)
Amazon Linux 2023
SUSE Linux Enterprise Server 12 (x86_64), 15 (x86_64)
AlmaLinux 8 (x86_64)
Rocky Linux 8 (x86_64)
Oracle Linux 7 (x86_64), 8 (x86_64), 8 (aarch64), 8 (ppc64le)
Scientific Linux 7 (x86_64), 8 (x86_64), 8 (aarch64), 8 (ppc64le)
Ubuntu 18.04, 18.04 AARCH, 20.04, 20.04 AARCH, 22.04 (x86_64, ARM64)

Dependencies

If you install using an official package, your system’s package manager ensures that dependencies are installed. If you install the agent on a platform without a supported package, you must manually install these packages, libraries, and gems:
  • Ruby 2.5.x
  • Facter 2.0 or later
  • Optional gems such hiera-eyaml, hocon, msgpack, ruby-shadow, etc.
Note: If you use the SELinux security module, you must grant a compliance exception for Puppet and the PXP agent in order for those services to effectively manage configuration.

Timekeeping and name resolution

Before installing , there are network requirements you need to consider and prepare for. The most important requirements include syncing time and creating a plan for name resolution.

Timekeeping

Use NTP or an equivalent service to ensure that time is in sync between your primary server, which acts as the certificate authority, and any agent nodes. If time drifts out of sync in your infrastructure, you might encounter issues such as agents recieving outdated certificates. A service like NTP (available as a supported module) ensures accurate timekeeping.

Name resolution

Decide on a preferred name or set of names that agent nodes can use to contact the primary server. Ensure that the primary server can be reached by domain name lookup by all future agent nodes.

You can simplify configuration of agent nodes by using a CNAME record to make the primary server reachable at the hostname puppet, which is the default primary server hostname that is suggested when installing an agent node.

Firewall configuration

In the agent-server architecture, your primary server must allow incoming connections on port 8140, and agent nodes must be able to connect to the primary server on that port.