puppet-device man page

puppet-device — Manage remote network devices


Retrieves all configurations from the puppet master and apply them to the remote devices configured in /etc/puppetlabs/puppet/device.conf.

Currently must be run out periodically, using cron or something similar.


puppet device [-d|--debug] [--detailed-exitcodes] [-V|--version] [-h|--help] [-l|--logdest syslog|file|console] [-v|--verbose] [-w|--waitforcert seconds]


Once the client has a signed certificate for a given remote device, it will retrieve its configuration and apply it.

Usage Notes

One need a /etc/puppetlabs/puppet/device.conf file with the following content:

[remote.device.fqdn] type type url url

where: * type: the current device type (the only value at this time is cisco) * url: an url allowing to connect to the device

Supported url must conforms to: scheme://user:password@hostname/?query

with: * scheme: either ssh or telnet * user: username, can be omitted depending on the switch/router configuration * password: the connection password * query: this is device specific. Cisco devices supports an enable parameter whose value would be the enable password.


Note that any setting that´s valid in the configuration file is also a valid long argument. For example, ´server´ is a valid configuration parameter, so you can specify ´--server servername´ as an argument.

Enable full debugging.
Provide transaction information via exit codes. If this is enabled, an exit code of ´1´ means at least one device had a compile failure, an exit code of ´2´ means at least one device had resource changes, and an exit code of ´4´ means at least one device had resource failures. Exit codes of ´3´, ´5´, ´6´, or ´7´ means that a bitwise combination of the preceeding exit codes happened.
Print this help message

Where to send log messages. Choose between ´syslog´ (the POSIX syslog service), ´console´, or the path to a log file. If debugging or verbosity is enabled, this defaults to ´console´. Otherwise, it defaults to ´syslog´.

A path ending with ´.json´ will receive structured output in JSON format. The log file will not have an ending ´]´ automatically written to it due to the appending nature of logging. It must be appended manually to make the content valid JSON.

Turn on verbose reporting.
This option only matters for daemons that do not yet have certificates and it is enabled by default, with a value of 120 (seconds). This causes +puppet agent+ to connect to the server every 2 minutes and ask it to sign a certificate request. This is useful for the initial setup of a puppet client. You can turn off waiting for certificates by specifying a time of 0.


$ puppet device --server puppet.domain.com


Brice Figureau


Puppet Labs, LLC Puppet manual May 2015