Skip to main content

Managing Puppet Profiles and Roles

Hands-On Lab


Photo of Elle Krout

Elle Krout

Content Team Lead in Content





While it's entirely possible to use Puppet by mapping component classes directly to nodes, most systems' infrastructure have similar configurations. Therefore, Puppet can use profiles and roles to help us create a layer of indirection between our component modules and nodes that lets us administer more generalized roles directly to our nodes. For example, instead of having to include the apache, mysql, and php modules directly to a server, we can create a series of related profiles. Furthermore, we can pull them all together into a single role, and then apply that role to the relevant hosts. Specifically, profiles are wrapped classes that contain our component modules and relevant configuration settings for a layer of our technology stack, while roles help us with building and configuring a complete system. In this lab, we'll use this concept to write three profiles related to MySQL, and then apply them to an overall MySQL host role.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Managing Puppet Profiles and Roles


In this lab, we'll write three profiles related to MySQL, and then apply them to an overall MySQL host role.


  1. Begin by logging in to the lab server using the credentials provided on the hands-on lab page:

    ssh cloud_user@PUBLIC_IP_ADDRESS

Create the Base Profile

  1. Move into the modules directory located in the production environment:

    cd /etc/puppetlabs/code/environments/production/modules

  2. Add the necessary modules:

    sudo puppet module install puppetlabs-ntp --version 8.0.0 sudo puppet module install puppetlabs-motd --version 3.0.0

  3. Create the profile module to store our profiles:

    sudo pdk new module profile

    Set the Puppet Forge username and module author to your own information; leave the licensing with the default setting, and deselect Windows for the supported operating systems.

  4. Create the base profile:

    cd profile sudo pdk new class base

  5. Open the base class file and update it to include the ntp module, and then set any motd message you want.

    sudo vim manifests/base.pp


    Base module for all nodes



    include profile::base

    class profile::base { include ntp

     class { 'motd':
       content => "Hello there!n",


    Save and exit.

Create the MySQL Server Profile

  1. Pull down the mysql module from the Forge:

    cd .. sudo puppet module install puppetlabs-mysql --version 9.0.0

  2. Create the mysql::server class:

    cd profile sudo pdk new class mysql::server

    Notice how this automatically creates a mysql directory under manifests.

  3. Open the new class and update it so that we use the new mysql module with the appropriate configuration settings:

    sudo vim manifests/mysql/server.pp

    class profile::mysql::server { class { '::mysql::server': root_password => 'strongpassword', remove_default_accounts => true, override_options => { mysqld => { log-error => '/var/log/mysql-error.log', }, } } }

Create the MySQL Client Class

  1. Create the class:

    sudo pdk new class mysql::client

  2. Update the class to include the client component class:

    sudo vim manifests/mysql/client.pp


    Set up the client configuration for mysql



    include profile::mysql::client

    class profile::mysql::client { class {'::mysql::client': package_name => 'mysql-client', package_ensure => '1:5.5.60-1.el7_5', bindings_enable => true, } }

Create the MySQL Server Role

  1. Create the role module:

    cd .. sudo pdk new module role cd role/

  2. Create the mysql::server class for our mysql server role:

    sudo pdk new class mysql::server

  3. Add all of our profiles to the role:

    sudo vim manifests/mysql/server.pp


    Configures a complete mysql host



    include role::mysql::server

    class role::mysql::server { include profile::base include profile::mysql::server include profile::mysql::client }

Test the Role

  1. On the additional node, set up Puppet:

    curl -k https://puppet.ec2.internal:8140/packages/current/install.bash | sudo bash

  2. On the master, sign the cert:

    sudo puppetserver ca sign --all

  3. Add the role to the node in the main manifest:

    sudo vim ../../manifests/site.pp

    node node1.ec2.internal { include role::mysql::server }

  4. Return to the additional node, switch to root, and perform a Puppet run:

    sudo -i puppet agent -t


Congratulations — you've completed this hands-on lab!