How I Configured Chocolatey with Puppet

Chocolatey is an apt-like package manager for Windows ( that greatly simplifies the installation of software, especially with Puppet (versus having to call MSI packages with obscure switches that may or may not work). Many of my future tutorials that involve managing Windows with Puppet will require that Chocolatey be configured. Here I will explain how I’ve gotten Chocolatey up and running on Windows with Puppet.

This guide assumes that you have Puppet already installed on Windows. If you’re familiar with installing Puppet on Linux systems, it’s about the same for Windows. You would download and install the MSI package from the link here and afterwards sign the certificate request on your master server. You will also need to install the chocolatey/chocolatey and puppetlabs/powershell Forge modules. If you’re using R10K to manage your modules, just add the following to your Puppetfile:

mod 'puppetlabs/powershell'
mod 'chocolatey/chocolatey'

Otherwise, just install them using sudo puppet module install puppetlabs-powershell and sudo puppet module install chocolatey-chocolatey. Once these have been installed, I would then recommend defining some default parameters for the package and file resources at the top scope, in site.pp.

if $::kernel == 'windows' {
  File {
    owner              => undef,
    group              => undef,
    source_permissions => 'ignore',

  Package {
    provider => 'chocolatey',h

These tell Puppet not to attempt to apply *nix-style permissions to Windows file resources and to use Chocolatey as the default provider for packages. Now create a class that installs Chocolatey itself. Since the chocolatey/chocolatey module currently is not capable of installing Chocolatey, your class will need to install it using an exec resource. I’ve named my class windows::chocolatey and have created it under windows/manifests/chocolatey.pp.

class windows::chocolatey {

  exec { 'install_chocolatey':
    command  => "set-executionpolicy unrestricted -force -scope process; (iex ((new-object net.webclient).DownloadString('')))>\$null 2>&1",
    provider => 'powershell',
    creates  => 'C:/ProgramData/chocolatey',


The above command for installing Chocolatey is from Chocolatey installation guide. It’s possible that this may change in the near future. Therefore, you should refer to that page before setting up your exec. If this is for a lab or evaluation environment, you may also want to have Puppet use Chocolatey to keep up to date with the latest Chocolatey release.

  package { 'chocolatey':
    ensure  => latest,
    require => Exec['install_chocolatey'],

Once you have created this module and committed it to the repository containing your custom modules, you would then include the Chocolatey class (windows::chocolatey) in the catalog for your Windows node and initiate a Puppet run on it to apply the class. Now you can use Puppet to manage packages that have been made available by contributors to the Chocolatey project. A full listing can be found here. To manage a particular package with Puppet, include it the same way you would as with a package for Linux:

class windows::git {

  package { 'git':
    ensure => installed,


3 thoughts on “How I Configured Chocolatey with Puppet

  1. Been working on this all day and was stuck at the command for the chocolatey-install for hours. This worked flawlessly. Thank you!

  2. Hey Matt! You’re blog is pretty cool, however I am very new to Puppet and I just managed to get it installed (Puppet/Foreman)

    I’m confused about the site.pp file which I thought is where you specified your nodes?
    Just wondering where you can specify my nodes (i have 2, have have been certification signed)

    If I make those files with that code, will that work right out of it or do I have to define more things?

    Thanks and sorry if it’s a dumb question.


    • Hi Joey, I apologize for the belated response. The simplest way to configure site.pp in Puppet 3.x is to:

      1) create a directory at /etc/puppet/manifests
      2) create your site.pp in /etc/puppet/manifests
      3) specify the location in /etc/puppet/puppet.conf like: manifest = $confdir/manifests/site.pp

      The more current method of doing this, however, is to setup Puppet environments and specify the location of your manifest in environment.conf like manifest = manifests/site.pp. However, the first method will work fine if you’re just starting out or are using masterless Puppet.

      I hope this helps.


Comments are closed.