Puppet BoltWhen you read my previous posts you probably know I’m a fan of Puppet. During the holidays I finally had the time to learn more about Puppet Bolt. If you don’t know what Bolt is I encourage you try it out asap. It’s an amazing new opensource tool from Puppet to automate tasks on remote systems on an as-needed basis, for example, run a script, deploying an application, checking compliancy, starting and stopping services. Bolt connects directly to remote nodes with SSH or WinRM, so you are not required to install any agent software. It’s a great way to start automating.

In this post I’ll use Puppet Bolt to automate the installation of VMware vRealize Endpoint Operations (EPOps) 7.0 agents on RHEL/CentOS systems.


  • VMware vRealize Operations 7.0 Advanced.
  • Endpoint Operations 7.0 agent package for RHEL/CentOS7.
  • RHEL/CentOS 7 system for using Bolt.
  • RHEL/CentOS 7 system(s) to install EPOps agent on.

Installing Bolt and Puppet Development Kit (PDK)

Bolt is very easy to install.

To install PDK.

PDK provides integrated testing tools and a command line interface to help you develop, validate, and test Puppet modules.

In root create a Boltdir directory. Within Boltdir create a modules directory. From modules use PDK to create a module named epops.

Puppet Bolt

Next thing to do is create a private/public keypair and use this to connect to the remote systems using SSH. You can do this manual but I found a script on the internet from Dominik Stadler to automate it. You can download it from his Github account. Before running the script, change the default FILENAME=~/.ssh/id_test into ~/.ssh/id_rsa which is the default used by Bolt.

Puppet Bolt Puppet Bolt Puppet Bolt

Go to Boltdir and create an inventory file to store information about your nodes and refer to them as a group.

Edit and save the following to inventory.yaml:

Check if Bolt works by running a simple command.

Puppet Bolt

Building my first task

Tasks are single actions that you run on target machines in your infrastructure. They can be written in any programming language that can run on the target nodes, such as Bash, Python, or Ruby. Tasks are packaged within modules, so you can reuse, download, and share tasks on the Forge. Task metadata describes the task, validates input, and controls how the task runner executes the task.

My first task will be a bash script to check if the EPOps agent is already installed and running.

Go to ~/Boltdir/modules/epops and create a new task with PDK.

Puppet Bolt

This will create the tasks directory including an empty ep_check.sh script file and a metadata file ep_check.json. The metadata file should contain a short task description and any parameters the task accepts. I don’t have any parameters but we could put something like “Checks if EPOps 7.0 is installed and if the agent is running” into the metadata description field.

Edit and save the following to ep_check.json:

Edit and save the following to ep_check.sh:

Check if the script works by running the Bolt task run command.

Puppet Bolt

As you can see two nodes don’t have the EPOps agent installed, one does but the status of the agent can not be verified because there’s no service installed which concludes that EPOps is not installed through a rpm package.

The installation process

Next are the tasks needed for the installation of the EPOps agent. We can divide the installation in four stages:

1 – Download and unzip the EPOps agent installation package

2 – Delete the default agent.properties file which comes with the installation package

3 – Copy a prepared agent.properties file to the EPOps installation directory

4 – Start the EPOps agent

For stages 1 and 4 I’ll create a Bolt task.

Edit and save the following to ep_install.json:

Edit and save the following to ep_install.sh:

This bash script will create an installation directory using a task parameter PT_installdir, download and unpack the EPOps agent software in this directory.

The ep_install script can be tested with the command:

Edit and save the following to ep_start.json:

Edit and save the following to ep_start.sh:

This bash script will go to the EPOps installation directory using the same parameter PT_installdir as in the previous task and run the agent start script available in the bin directory.

The ep_start script can be tested with the command:

For stage 2, deleting the agent.properties file, we can use Bolt command run:

For stage 3, copying the prepared agent.properties file from the Bolt node to the remote nodes, we can use Bolt file upload.

First prepare an agent.properties file to be used in your vRealize Operations environment and place it in the files directory.

Edit and save the following to linux-agent.properties:

Uploading the file can be tested with the command:

Bolting it all together

Now that we have all the necessary tasks and commands, how do we put this all together? This is were a Bolt plan comes into play. Plans allow you to run more than one task with a single command, compute values for the input to a task, process the results of tasks, or make decisions based on the result of running a task.

Plans are written in the Puppet language and given the .pp extension and should be placed in the module’s /plans directory. Plans can use any combination of Bolt functions or built-in Puppet functions. This makes a plan a very powerful tool. It’s even possible to apply Puppet manifest code using modules from Forge.

What I want to achieve with my plan is to check if the EPOps agent is installed. If this is the case I’ll skip the installation process. If no EPOps installation files are found, I’ll start the installation process.

By adding exit codes to my ep_check script I’ll be able to check the outcome and use the result to skip or continue the installation.

Go to the /epops/tasks directory, edit the ep_check.sh file and add the following exit codes; exit 0 = success, exit 1 = failure.

Let’s test the exit codes.

Puppet Bolt

Now we’re ready to build our plan. Go to ~/Boltdir/modules/epops and create a plans directory including a new plan.

Edit and save the following to epops70_linux.pp:

_catch_errors => true” prevents the plan from stopping on error during the task execution of ep_check. The result of each node ($resultset.each) is then checked on success or failure ($result.ok).  Success (exit 0) means the installation is skipped.  Failure (exit 1) means the installation continues.

In a plan we don’t use the Bolt CLI commands but execution functions. See the tabel below.

Bolt CLI Plan execution function
bolt command run run_command
bolt task run run_task
bolt file upload upload_file

$installdir is the default EPOps installation directory. “vmware” will be used if the installdir option is not used in the Bolt plan run command.

Let’s test the plan by running:

Puppet Bolt

Everything looks fine. One node has been skipped. Two nodes continued for installation. Let’s check if EPOps is really installed.

Puppet Bolt

Yes, the EPOps agent software is installed. Let’s check vRealize Operations if the agents are registered and running.

Puppet Bolt

Looks like we have a success.

I hope that with this simple example I made you curious enough about Puppet Bolt to investigate the unlimited possibilities of this tool. All code used in this blog is also available on my Github account. Thanks for reading and good luck with your automation journey!