We are trying to set up a new Puppet 2025.6 server and trying to automate the setting-up somehow. An AI agent suggested that this would be the "preferred way" to implement this:

class role::pe_primary_master {
  include profile::base_config
  include puppet_enterprise::profile::master
  include puppet_enterprise::profile::console
  # ... other infrastructure classes ...
}

Would this be a good way to automate this, or a crazy AI agent's dream of doing it?

that is horrible and totally wrong

Do you want to add an additional compiler to an existing installation?

There are already multiple way to automate PE installs, like

peadm

. There's also PIM, which I don't much about https://github.com/puppetlabs/puppetlabs-peadm https://help.puppet.com/pe/2023.8/topics/install-pe-cli-pim.htm

Definitely go peadm over PIM for automating installation. I believe there are efforts to move more automation towards the peadm way of doing things.

include puppet_enterprise::...

is definitely incorrect. Those classes must be assigned through the classification config set up by the PE installer.

Would peadm be able to help us set up a new server with most of the PE Infrastructure, PE Patch management, Code manager and LDAP setup from an existing server?

Yes

I don't see any documentation to support that... It seems to mostly provision bare-bones servers of certain roles, not any custom setup.

the complexity depends on how you configured your existing setup

I assume with "new server" you mean a new primary

when all your settings are managed via puppet itself, it's very easy

Ah, I'll explain: When we "upgrade" to a new major version we usualy set up a new server (single-server setup) because an in-place upgrade feels really daunting. However, migrating all the stuff currently defined in node groups (PE Infrastructure, PE Patch Mgm) is a lot of work. And then there's a number of server settings that we customize too. Just installing the server is a breeze for a single-server. It's how we can set up what is currently implemented in Node groups under (PE Infrastructure, PE Patch Mgm) that is the most amount of work, followed by all the server settings. So we are looking to simplify this somehow, but are currently confused about the way forward... What is the modern, preferred way to do this in at least semi-auomated way if an in-place upgrade feels scary? What would be the best tools to use? Should we abandon most of the GUI setup and go hiera all the way? If so how? 🤷

yes abandon node groups as good as possible and rely on Hiera.

It's also possible to manage node groups via Puppet, and you can export and import node groups

Yes, that's the gospel I hear everywhere. But we are kind of stuck on...how? Is there any good documentation on how to setup a modern "hiera-based" PE server? Can all the settings under PE Infrastructure, PE Patch Mgm be defined in hiera also? What would be the best module to handle those hiera settings? We are clueless right now. 🙂

in the easiest form, hiera is just a collection of yaml files

which settings did you configure under the PE Infrastructure group?

they can usually be copied 1:1 to Hiera

If you want a UI for Hiera / see which nodes get which dataset from where, you can use https://github.com/betadots/hdm

Under PE Master we define the agent to provide to nodes of various distros and versions.

if you provide the exact data, we can tell you how to put that into Hiera

I'm looking for some documentation on how to confiure Puppet itself with hiera, but in the entire documentation all I could find, with one example only was: https://help.puppet.com/pe/2025.6/topics/configure_settings_with_hiera.htm Is there nothing more on this? Feels more like "if you use hiera, you're on your own".

you throw your class parameters 1:1 into Hiera

So, as an example, how would i know the syntax to convert this into hiera settings e.g: puppet config set --section main runinterval 90m" puppet config set --section main splay true"

I doubt that's what you have in your node group

The recommended module to configure your agents within PE is puppetlabs/puppet_agent. If you use the module via node manager, you can copy the data directly into Hiera

you really should just do in-place upgrades, they are very simple and easy for single-server setups. you just run one command.

You could export and import your classifier data into the new primary, but I would also agree with just upgrading in-place https://portal.perforce.com/s/article/115004588928

We only upgraded LTS versions. You leave too much baggage in place with new postgres, java, ruby and so on. Also way easier to go back if something goes wrong