Photo by lee junda on Unsplash

Photo by lee junda on Unsplash

Puppet Bolt orchestration tool

Lightning Strike

Article from ADMIN 70/2022
Puppet Bolt free software automates administrative tasks to speed up the admin's daily work.

Because Bolt is a member of the Puppet product family, the question naturally arises as to how Bolt [1] differs from Puppet. Puppet is used for continuous resource management. In particular, it provides monitoring functionality and checks at short intervals whether the services in question are still available or whether infrastructure elements have gone missing.

Bolt basically zooms in on point-in-time changes. Instead of using declarative statements that define an infrastructure, Bolt is more about when commands are executed and which ones. In particular, the tool simplifies the execution or orchestration of tasks.

Admins benefit from the ability to run a script over any number of network nodes. Bolt uses plans that bundle the execution details. The focus is particularly on error handling, but comparatively simple scripts can also be used to handle complex tasks.


Ad hoc commands and scripts are run on the infrastructure with the Puppet Enterprise (PE) orchestrator or with Puppet's standalone task runner, Bolt. Bolt lets you patch and update systems and services, troubleshoot servers, roll out applications, and start and stop services. It runs on a standard workstation (Linux, Windows, macOS), and secure shell (SSH), secure copy (SCP), Windows Remote Management (WinRM), and other popular authentication methods (password, public key) connect to the remote node. According to the developers, the solution scales to more than 1,000 simultaneous connections.

Bolt uses YAML files or its own orchestration script wrapper, called a "plan." Above all, if statements are used in the scripts for concrete error handling. Administrators who are already familiar with YAML files can generate their tasks in this particular format and then use Bolt's built-in tool to convert YAML files into Bolt plans.

You will find various special features beneficial: Bolt has pre-built scripts that you only need to adapt to specific tasks; it also lets you use existing automation scripts and offers support for Python, Ruby, and PowerShell. Although many orchestration tools rely on agents, Bolt also supports agentless deployment or a combination of the two strategies. Bolt also offers Bash support and workflow orchestration.

Installation and Setup

Bolt runs on all popular operating systems. In addition to a Linux-based machine, you can use the orchestration tool on a macOS or Windows workstation. Installing Bolt on Debian is a matter of a few simple commands:

sudo dpkg -i puppet-tools-release-bullseye.deb
sudo apt-get update
sudo apt-get install puppet-bolt

To run Bolt on a macOS system, you first need to install Homebrew [2], an open source package manager for the operating system. To install Homebrew, run the following command in the macOS terminal:

/bin/bash -c "$(curl -fsSL"

Use the tap brew command to instruct Homebrew to use additional repositories. By default, the tap command assumes you are accessing sources from GitHub repositories, so you need to prepare Homebrew for using the Puppet sources by typing:

brew tap puppetlabs/puppet

To install Bolt, run the command:

brew install --cask puppet-bolt

Alternatively, you can use the macOS installer and use the DMG file from the Bolt project site.

To use Bolt on Windows, you need Chocolatey [3], a package manager that performs typical functions such as downloading and installing applications. To install the Bolt packages, and refresh the environment, run the commands:

choco install puppet-bolt

To import the Bolt PowerShell modules, type

Install-Module PuppetBolt

and run a Bolt cmdlet as a test. Ideally, you will not see any error messages. If you do, you might need to add more Bolt modules to PowerShell or edit the execution authorizations.

Task-Specific Configuration

Bolt offers a wide range of customization options for global and project-specific configuration. Four categories can be distinguished:

  • Customizing Bolt's general behavior, such as choosing the format for displaying the output and defining the number of threads for connecting to targets
  • Defining project-specific settings by specifying how to deal with concrete orchestration tasks, including configuring the path to an inventory file or to a Hiera configuration file. (Hiera is a key/value database for the configuration data.)
  • Deciding which transport protocols to use, such as adjusting the path to your private SSH key or the port for the WinRM connection
  • Grouping inventory data by targets and assigning them their own configurations

Bolt options and functions are configured at the project, user, or system level. At the project level, you specify the Bolt configuration in the bolt-project.yaml and inventory.yaml files.

Customizations at the user and system level are defined in bolt-defaults.yaml. If the specific use case does not require user-specific or global configurations, configuration at the project level is the recommended approach.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus