Install and configure Puppetdb using PostgreSQL

by | Feb 10, 2016 | Puppet

Its possible to configure Puppetdb with PostgreSQL as its much more manageable as compared to the in-built DB that comes with Puppetdb i.e. HSQLDB. Plus its much easier to query and troubleshoot any issues you comes across especially when using Puppet Hiera and exported resources. Follow this easy to follow guide and you should be up and running with a basic config of Puppetdb in no time.


  • You already have a working Puppet server and Puppet client running on the host.
  • Good understanding of Puppet and Puppetdb working.

Current Scenario:

Setting up PostgreSQL, Puppetdb and Puppetdb-Terminus (exported resources) – both on same server.

Host details:

  • Hostname:
  • IP:

1st Step – Install and configure PostgreSQL

Start with downloading PostgreSQL and setting it up.

Enable the PostgreSQL repo and install it on the host.

# rpm -Uvh
# yum -y install postgresql95 postgresql95-server postgresql95-contrib

Now initialize the db

# service postgresql-9.5 initdb

Edit authorization settings in pg_hba.conf

# vi /var/lib/pgsql/9.5/data/pg_hba.conf

Replace “ident”

host    all             all               ident
host    all             all             ::1/128                    ident

With “md5”

host    all             all               md5
host    all             all             ::1/128                    md5

Now start the PostgreSQL service and enable it at Runtime

# service postgresql-9.5 start
# chkconfig postgresql-9.5 on

Next create user and database for Puppetdb. It will prompt you create a password for the db at the same time.

# su - postgres
-bash-4.1$ createuser -DRSP puppetdb
-bash-4.1$ createdb -O puppetdb puppetdb

Once the above is completed you can now test the access to the database.

-bash-4.1$ psql -h -p 5432 -U puppetdb -W puppetdb


[root@puppet-server ~]# psql -h -p 5432 -U puppetdb -W puppetdb
Password for user puppetdb:
psql (9.5.0)
Type "help" for help.


If all went good up-till here then the next step is to install and setup Puppetdb and puppetdb-terminus.

2nd Step – Install and configure Puppetdb and Puppetdb-terminus

First start off with enabling the Repo for Puppetlabs.

# rpm -ivh

Then install puppetdb and puppetdb-terminus

# yum -y install puppetdb puppetdb-terminus

Now configure “database.ini” with PostgreSQL as the backend

# vi /etc/puppetdb/conf.d/database.ini
classname = org.postgresql.Driver
subprotocol = postgresql
subname = //
username = puppetdb
password = dbpasswordhere
log-slow-statements = 10

Add/Edit the [jetty] section of jetty.ini config with Host IP

# vi /etc/puppetdb/conf.d/jetty.ini
host =

Edit puppetdb config

# vi /etc/puppet/puppetdb.conf
server =
port = 8081
soft_write_failure = false
# vi /etc/puppet/routes.yaml
terminus: puppetdb
cache: yaml

Add this in the [main] section of puppet.conf

# vi /etc/puppet/puppet.conf
        pluginsync = true
        storeconfigs = true
        storeconfigs_backend = puppetdb
        reports = store,puppetdb

Now secure puppetdb with ssl. You need to stop Puppetmaster service if its running BUT if you haven’t run the Puppetmaster service till now, you have to run it once to generate the certificates.

Puppetmaster never run (or) 1st time.

# service puppetmaster start
# service puppetmaster stop

IF Puppetmaster has been running for a while then stop the service before running ssl-setup

# service puppetmaster stop
# puppetdb ssl-setup

Now restart puppetmaster, puppetdb and puppet.

# service puppetdb restart
# service puppetmaster restart
# service puppet restart

Enable them at Runtime.

# chkconfig puppetdb on
# chkocnfig puppetmaster on
# chkconfig puppet on

For a test just create a simple site.pp for packages install.

# vi /etc/puppet/manifests/site.pp
node '' {
       Package { ensure => installed }
       package { 'telnet': }
       package { 'openssh-clients': }
       package { 'tcpdump': }

And now run a puppet agent test on the host.

# puppet agent -t


[root@puppet-server ~]# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for
Info: Applying configuration version '1455104511'
Notice: /Stage[main]/Main/Node[]/Package[openssh-clients]/ensure: created
Notice: /Stage[main]/Main/Node[]/Package[tcpdump]/ensure: created
Notice: /Stage[main]/Main/Node[]/Package[telnet]/ensure: created
Notice: Finished catalog run in 11.76 seconds

That’s should be it with the setup. If you hit any issues please let us know via Contact Us and will try our best to help you out.

Related Articles….