Managing Puppet Profiles and Roles

30 minutes
  • 5 Learning Objectives

About this Hands-on Lab

While it’s entirely possible to use Puppet by mapping component classes directly to nodes, most systems’ infrastructure have similar configurations. Therefore, Puppet can use profiles and roles to help us create a layer of indirection between our component modules and nodes that lets us administer more generalized roles directly to our nodes. For example, instead of having to include the `apache`, `mysql`, and `php` modules directly to a server, we can create a series of related profiles. Furthermore, we can pull them all together into a single role, and then apply that role to the relevant hosts.

Specifically, profiles are wrapped classes that contain our component modules and relevant configuration settings for a layer of our technology stack, while roles help us with building and configuring a complete system. In this lab, we’ll use this concept to write three profiles related to MySQL, and then apply them to an overall MySQL host role.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create the Base Profile
  1. Move into the modules directory in the production environment:

    cd /etc/puppetlabs/code/environments/production/modules

  2. Add the necessary modules:

    sudo puppet module install puppetlabs-ntp –version 8.0.0
    sudo puppet module install puppetlabs-motd –version 3.0.0

  3. Create the profile module to store our profiles:

    sudo pdk new module profile

    Set the Puppet Forge username and module author to your own information; leave the licensing with the default setting, and deselect Windows for the supported operating systems.

  4. Create the base profile:

    cd profile
    sudo pdk new class base

  5. Open the base class file, and update it to include the ntp module and set any motd message you want.

    sudo vim manifests/base.pp


    Base module for all nodes



    include profile::base

    class profile::base {
    include ntp

     class { 'motd':
       content => "Hi there!n",


    Save and exit.

Create the MySQL Server Profile
  1. Pull down the mysql module from the Forge:

    cd ..
    sudo puppet module install puppetlabs-mysql –version 9.0.0

  2. Create the mysql::server class:

    cd profile
    sudo pdk new class mysql::server

    Notice how this automatically creates a mysql directory under manifests.

  3. Open the new class and update it so that we use the new mysql module with the appropriate configuration settings:

    sudo vim manifests/mysql/server.pp

    class profile::mysql::server {
    class { ‘::mysql::server’:
    root_password => ‘strongpassword’,
    remove_default_accounts => true,
    override_options => {
    mysqld => {
    log-error => ‘/var/log/mysql-error.log’,

Create the MySQL Client Class
  1. Create the class:

    sudo pdk new class mysql::client

  2. Update the class to include the client component class:

    sudo vim manifests/mysql/client.pp


    Set up the client configuration for mysql



    include profile::mysql::client

    class profile::mysql::client {
    class {‘::mysql::client’:
    package_name => ‘mysql-client’,
    package_ensure => ‘1:5.5.60-1.el7_5’,
    bindings_enable => true,

Create the MySQL Server Role
  1. Create the role module:

    cd ..
    sudo pdk new module role
    cd role/

  2. Create the mysql::server class for our mysql server role:

    sudo pdk new class mysql::server

  3. Add all of our profiles to the role:

    sudo vim manifests/mysql/server.pp


    Configures a complete mysql host



    include role::mysql::server

    class role::mysql::server {
    include profile::base
    include profile::mysql::server
    include profile::mysql::client

Test the Role
  1. On the additional node, set up Puppet:

    curl -k https://puppet.ec2.internal:8140/packages/current/install.bash | sudo bash

  2. On the master, sign the cert:

    sudo puppetserver ca sign –all

  3. Add the role to the node in the main manifest:

    sudo vim ../../manifests/site.pp

    node node1.ec2.internal {
    include role::mysql::server

  4. Return to the additional node, switch to root, and perform a Puppet run:

    sudo -i
    puppet agent -t

Additional Resources

You work as a DevOps Engineer for a company that has just started using Puppet as its configuration management platform. Because of limited resources, your team has decided against writing custom modules for each component that needs configuration. Instead, you'll be installing modules from the Puppet Forge, while using profiles and roles to adapt the module to your needs.

One of the roles you have been tasked with creating is the mysql::server role. This role needs to contain three profiles: profile::base, profile::mysql::server, and profile::mysql::client. Write these profiles and the related role.

The profiles must fit the following specifications:


  • Includes the ntp module
  • Includes a custom message of the day


  • Includes the mysql::server class
  • Sets a default root password
  • Removes all default accounts
  • Has the log-error set to /var/log/mysql-error.log


  • Includes the mysql::client class

An additional node has been provided to test the role. To provision it with Puppet, run:

curl -k https://puppet.ec2.internal:8140/packages/current/install.bash | sudo bash

Then approve it on the master with:

sudo puppetserver ca sign --all

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?