Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
113
Views
1
Helpful
2
Replies

Puppet Master -> Puppet Agent Communication

Go to solution
Mitrixsen
Level 1
Level 1

‎07-14-2025 06:38 AM - edited ‎07-14-2025 06:39 AM

Hello, everyone.

I am studying for my ENCOR exam so I really only need to know the basics regarding orchestration tools (ansible, puppet, chef, saltstack). My question is, what exactly do Puppet agents use to communicate with the Puppet Master and pull the configuration from it? The official website says that it can use HTTPs over port 8140 but my book also mentions this:

Mitrixsen_0-1752500174690.png

So can Puppet also use SSH or what exactly does it leverage for the communication?

My second question is -> Puppet uses a pull-model (the devices communicate with the Puppet master and retrieve the configured manifests/catalogs from it). If I was to suddenly create my own catalog file, how will the devices know that they should talk to the Puppet Master and retrieve the catalog from it? Are they notified about the new catalog somehow, or?

Thank you!
David

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
bigevilbeard
VIP
VIP

‎07-14-2025 07:39 AM

You are right yes. Puppet agents communicate with the puppet master on https and the puppet master, though can use various protocols, including ssh (which i think the book is referring too), to apply the desired state to the end devices it might be managing, this therefore allow options depending on the device type and the puppet module being used.

Second one, correct again (top points) puppet uses a time based pull model by default. Say you made a new catalog or updated a new one, when the next pull happens (i think this is default 30 minutes) they will apply the changes/new config etc.. however you can manually trigger an immediate run. But the end devices are not notified they have changes, they discover changes when they perform their next scheduled check in. So its a pull, not a push.

Hope this help, and your study is going well!

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

View solution in original post

2 Replies 2

Go to solution
Torbjørn
VIP
VIP

‎07-14-2025 06:57 AM

The cisco_ios module should be installed on a proxy agent that manages Cisco IOS & IOS-XE devices. This way you don't have to run the agent on the devices themselves. The proxy agent uses SSH to manage the devices. See the Github repo for the module for more information: https://github.com/puppetlabs/cisco_ios

The agent checks in periodically. AFAIK there is no mechanism to notify the agent of changes.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev
0 Helpful

Go to solution
bigevilbeard
VIP
VIP

‎07-14-2025 07:39 AM

You are right yes. Puppet agents communicate with the puppet master on https and the puppet master, though can use various protocols, including ssh (which i think the book is referring too), to apply the desired state to the end devices it might be managing, this therefore allow options depending on the device type and the puppet module being used.

Second one, correct again (top points) puppet uses a time based pull model by default. Say you made a new catalog or updated a new one, when the next pull happens (i think this is default 30 minutes) they will apply the changes/new config etc.. however you can manually trigger an immediate run. But the end devices are not notified they have changes, they discover changes when they perform their next scheduled check in. So its a pull, not a push.

Hope this help, and your study is going well!

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io
Customers Also Viewed These Support Documents