To register a Puppet master within a deployment environment in vCloud Application Director you must prepare the Puppet master to work with the vCloud Application Director server.

You can also automate the registration process, see

Verify that the Puppet enterprise version 3.0.1 or later or Puppet OpenSource version 3.2.4 or later is installed.

Make sure that there is a client machine available with Puppet installed besides the Puppet master.


Navigate to the directory on your Puppet master and create a directory called nodes.

On Puppet enterprise, navigate to /etc/puppetlabs/puppet/manifests/.

On Puppet OpenSource, navigate to /etc/puppet/manifests/.


Open the /etc/puppetlabs/puppet/manifests/site.pp or /etc/puppet/manifests/site.pp file and add the command import 'nodes/*.pp' to the first line of the file.


In the command line, create the empty_manifest_file.pp file.

On Puppet enterprise, type touch /etc/puppetlabs/puppet/manifests/nodes/empty_manifest_file.pp

On Puppet OpenSource, type touch /etc/puppet/manifests/nodes/empty_manifest_file.pp


Download the appdintegn.rb and appdintegn.ddl agent files.




Copy the appdintegn.rb and appdintegn.ddl agent files to the LIBDIR/mcollective/agent directory on the Puppet master.

LIBDIR is the value of the MCollective libdir setting that is typically set to /opt/puppet/libexec/mcollective/.


Restart MCollective to view the newly copied agent files.

On Puppet enterprise, type /etc/init.d/pe-mcollective restart.

On Puppet OpenSource, type /etc/init.d/mcollective restart.


On a client machine that has Puppet installed, generate a certificate puppet certificate generate Name --ssldir TempCredsDir --ca-location remote --ca_server CAPuppetMaster

Name is the name of a string for the vCloud Application Director certificate corresponding to the Puppet master. TempCredsDir is a locally created directory in the /tmp folder such as /tmp/appd_mc/credentials and CAPuppetMaster is the host name or IP address of the Puppet master.


(Optional) On the Puppet master, if the auto-sign for the certificate is not turned on type the command sudo puppet cert sign Name.


Copy the signed public certificate file to the MCollective authorized client list.

cp CertDirectory/Name.pem AuthorizedClientsDirectory

CertDirectory is the Puppet master certdir config setting and AuthorizedClientsDirectory is the config setting for the MCollective server plugin.ssl_client_cert_dir.

A sample Puppet enterprise copy command, cp /etc/puppetlabs/puppet/ssl/ca/signed/vmware-appd.pem /etc/puppetlabs/mcollective/ssl/clients/


On the client machine that has Puppet installed, get the signed certificates from the Puppet master.

puppet certificate find Name --ssldir TempCredsDir --ca-location remote --ca_server CAPuppetMaster

puppet certificate find ca --ssldir TempCredsDir --ca-location remote --ca_server CAPuppetMaster


On the client machine that has Puppet installed, get the public certificate from the Puppet master.

On Puppet enterprise, type puppet certificate find pe-internal-mcollective-servers --ssldir TempCredsDir --ca-location remote --ca_server CAPuppetMaster.

On Puppet OpenSource, type puppet certificate find mcollective-servers --ssldir TempCredsDir --ca-location remote --ca_server CAPuppetMaster.

vCloud Application Director creates the node definition file *.pp for each virtual machine it provisions in the /etc/puppetlabs/puppet/manifests/nodes or /etc/puppet/manifests/nodes directory.

Register the Puppet master within a deployment environment in vCloud Application Director. See Create a Solution Instance.