Core Types Cheat Sheet

• latest
• {any version string}
• absent
• purged (Potentially dangerous. Ensures absent, then
zaps configuration files and dependencies, including
THE TRIFECTA file those that other packages depend on. Provider-
Package/file/service: Learn it, live it, love it. If you can Manages local files.
● name — The name of the package, as known to your
only do this, you can still do a lot. ATTRIBUTES packaging system; defaults to title.
● ensure — Whether the file should exist, and what it ● source — Where to obtain the package, if your
should be.
package { 'openssh-server': system’s packaging tools don’t use a repository.
ensure => installed, • present
● See also: adminfile, allowcdrom, category,
} • absent
• file configfiles, description, flavor, instance,
file { '/etc/ssh/sshd_config': • directory platform, provider, responsefile, root,
source => 'puppet:///modules/sshd/ • link status, type, vendor.
● path — The fully qualified path to the file; defaults

=> 'root',
=> 'root', to title. service
mode => '640', ● source — Where to download the file. A puppet:/// Manages services running on the node. Like with
notify => Service['sshd'], # sshd URL to a file on the master, or a path to a local file on packages, some platforms have better tools than others,
will restart whenever you the agent. so read up. To restart a service whenever a file changes,
edit this file. subscribe to the file or have the file notify the service.
require => Package['openssh-server'], ● content — A string with the file’s desired contents.
Most useful when paired with templates, but you can (subscribe => File['sshd _ config'] or notify
} => Service['sshd'])
also use the output of the file function.
service { 'sshd': ● target — The symlink target. (When ensure => link.) ATTRIBUTES
ensure => running,
recurse — Whether to recursively manage the ● ensure — The desired status of the service.
enable => true, • running (or true)
hasstatus => true, directory. (When ensure => directory.)
• true or false • stopped (or false)
hasrestart => true,
} ● 
purge — Whether to keep unmanaged files out of the ● enable — Whether the service should start on boot.
directory. (When recurse => true.) Doesn’t work everywhere.
• true or false • true or false
● owner — By name or UID. ● name — The name of the service to run; defaults
to title.
● group — By name or GID.
● status, start, stop, and restart — Manually
Package[openssh-server] ● 
mode — Must be specified exactly. Does the right thing
specified commands for working around bad init
for directories.
● See also: backup, checksum, force, ignore,
hasrestart — Whether to use the init script’s restart
links, provider, recurselimit, replace,
command instead of stop+start. Defaults to false.
selrange, selrole, seltype, seluser,
• true or false
File[/etc/ssh/sshd_config] sourceselect, type.
● hasstatus — Whether to use the init script’s status

package command instead of grepping the process table.

Defaults to false.
Manages software packages. Some platforms have better • true or false
package tools than others, so you’ll have to do some ● pattern — A regular expression to use when
Service[sshd] research on yours; check the type reference for more info. grepping the process table. Defaults to the name of
ATTRIBUTES the service.
● ensure — The state for this package. ● See also: binary, control, manifest, path,
• present provider.
HELLO WORLD ● creates — A file created by this command; if the file
exists, the command won’t run.

notify ● refreshonly — If true, the exec will only run if a

● name (defaults to title)
● uid — The user ID. Must be specified numerically;
Sends an arbitrary message to the agent run-time log. resource it subscribes to (or a resource which notifies chosen automatically if omitted.
it) has changed.
● ensure — Whether the user should exist.
• true or false
notify { "This message is getting logged • present
on the agent node.": } ● onlyif — A command or array of commands; if any • absent
have a non-zero return value, the command won’t run. • role
notify { "Mac warning": ● unless — The opposite of onlyif. ● gid — The user’s primary group. Can be specified
message => $operatingsystem ? {
'Darwin' => "This seems to be a ● environment — An array of environment numerically or by name.
Mac.", variables to set (e.g. ['MYVAR=somevalue', ● groups — An array of secondary groups to which the
default => "And I’m a PC.", 'OTHERVAR=othervalue']). user belongs. (Don’t include the group specified as the
}, ● See also: cwd, group, logoutput, returns, GID.)
} timeout, tries, try _ sleep, user. ● home — The user’s home directory.
● managehome — Whether to manage the home
ATTRIBUTES cron directory when managing the user; if you don’t set this
● message — Defaults to title. to true, you’ll need to create the user’s home directory
Manages cron jobs. Largely self-explanatory.
● See also: withpath manually.
• true or false
cron { logrotate:
command => "/usr/sbin/logrotate", ● shell — The user’s login shell.
● See also: allowdupe, auths, comment, expiry,

user => root,
hour => 2, key _ membership, keys, membership,
minute => 0 password, password _ max _ age, password _
min _ age, profile _ membership, profiles,
Executes an arbitrary command on the agent node. When
project, provider, role _ membership, roles.
using execs, make sure the command can be safely run
multiple times or specify that it should only run under ATTRIBUTES
certain conditions. ● command — The command to execute. group
ATTRIBUTES ● ensure — Whether the job should exist. Manages groups.
• present
● command — The command to run; defaults to title. If ATTRIBUTES
• absent
this isn’t a fully-qualified path, use the path attribute.
● hour, minute, month, monthday, and weekday ● name (defaults to title)
● path — A search path for executables; colon-
— The timing of the cron job. ● gid — The group ID; must be specified numerically,
separated list or an array. This is most useful as a
● See also: environment, name, provider, and will be chosen automatically if omitted.
resource default, e.g.:
special, target, user. ● ensure — Whether the group should exist.
• present
Exec { • absent
path => [ user ● See also: allowdupe, auth _ membership,
Manages user accounts; mostly used for system users. members, provider.
'/usr/sbin', user { "dave":
ensure => present,
'/sbin'], uid => '507',
logoutput => true, gid => 'admin',
} You are ready. Go check the types reference at
shell => '/bin/zsh',
home => '/home/dave',
exec {'pwd':} managehome => true,
exec {'whoami':} }

