1PUPPETCONF(5) PUPPETCONF(5)
2
3
4
7
8 {:toc}
9
11 On The Command-Line +++++++++++++++++++ Every Puppet executable (with
12 the exception of puppetdoc) accepts all of the parameters below, but
13 not all of the arguments make sense for every executable.
14
15 I have tried to be as thorough as possible in the descriptions of the
16 arguments, so it should be obvious whether an argument is appropriate
17 or not.
18
19 These parameters can be supplied to the executables either as com‐
20 mand-line options or in the configuration file. For instance, the com‐
21 mand-line invocation below would set the configuration directory to
22 /private/puppet:
23
24
25
26 $ puppet agent --confdir=/private/puppet
27
28
29
30 Note that boolean options are turned on and off with a slightly differ‐
31 ent syntax on the command line:
32
33
34
35 $ puppet agent --storeconfigs
36
37 $ puppet agent --no-storeconfigs
38
39
40
41 The invocations above will enable and disable, respectively, the stor‐
42 age of the client configuration.
43
44 Configuration Files +++++++++++++++++++
45
46 As mentioned above, the configuration parameters can also be stored in
47 a configuration file, located in the configuration directory. As root,
48 the default configuration directory is /etc/puppet, and as a regular
49 user, the default configuration directory is ~user/.puppet. As of
50 0.23.0, all executables look for puppet.conf in their configuration
51 directory (although they previously looked for separate files). For
52 example, puppet.conf is located at /etc/puppet/puppet.conf as root and
53 ~user/.puppet/puppet.conf as a regular user by default.
54
55 All executables will set any parameters set within the [main] section,
56 and each executable will also use one of the [master], [agent].
57
58 File Format ´´´´´´´´´´´
59
60 The file follows INI-style formatting. Here is an example of a very
61 simple puppet.conf file:
62
63
64
65 [main]
66 confdir = /private/puppet
67 storeconfigs = true
68
69
70
71 Note that boolean parameters must be explicitly specified as true or
72 false as seen above.
73
74 If you need to change file parameters (e.g., reset the mode or owner),
75 do so within curly braces on the same line:
76
77
78
79 [main]
80 myfile = /tmp/whatever {owner = root, mode = 644}
81
82
83
84 If you´re starting out with a fresh configuration, you may wish to let
85 the executable generate a template configuration file for you by invok‐
86 ing the executable in question with the --genconfig command. The exe‐
87 cutable will print a template configuration to standard output, which
88 can be redirected to a file like so:
89
90
91
92 $ puppet agent --genconfig > /etc/puppet/puppet.conf
93
94
95
96 Note that this invocation will replace the contents of any pre-existing
97 puppet.conf file, so make a backup of your present config if it con‐
98 tains valuable information.
99
100 Like the --genconfig argument, the executables also accept a --genmani‐
101 fest argument, which will generate a manifest that can be used to man‐
102 age all of Puppet´s directories and files and prints it to standard
103 output. This can likewise be redirected to a file:
104
105
106
107 $ puppet agent --genmanifest > /etc/puppet/manifests/site.pp
108
109
110
111 Puppet can also create user and group accounts for itself (one puppet
112 group and one puppet user) if it is invoked as root with the --mkusers
113 argument:
114
115
116
117 $ puppet agent --mkusers
118
119
120
122 The puppet agent and puppet master executables catch some signals for
123 special handling. Both daemons catch (SIGHUP), which forces the server
124 to restart tself. Predictably, interrupt and terminate (SIGINT and
125 SIGTERM) will shut down the server, whether it be an instance of puppet
126 agent or puppet master.
127
128 Sending the SIGUSR1 signal to an instance of puppet agent will cause it
129 to immediately begin a new configuration transaction with the server.
130 This signal has no effect on puppet master.
131
133 Below is a list of all documented parameters. Not all of them are valid
134 with all Puppet executables, but the executables will ignore any inap‐
135 propriate values.
136
137 async_storeconfigs ++++++++++++++++++
138
139 Whether to use a queueing system to provide asynchronous database inte‐
140 gration. Requires that puppetqd be running and that ´PSON´ support for
141 ruby be installed.
142
143 · Default: false
144
145
146
147 authconfig ++++++++++
148
149 The configuration file that defines the rights to the different names‐
150 paces and methods. This can be used as a coarse-grained authorization
151 system for both puppet agent and puppet master.
152
153 · Default: $confdir/namespaceauth.conf
154
155
156
157 autoflush +++++++++
158
159 Whether log files should always flush to disk.
160
161 · Default: false
162
163
164
165 autosign ++++++++
166
167 Whether to enable autosign. Valid values are true (which autosigns any
168 key request, and is a very bad idea), false (which never autosigns any
169 key request), and the path to a file, which uses that configuration
170 file to determine which keys to sign.
171
172 · Default: $confdir/autosign.conf
173
174
175
176 bindaddress +++++++++++
177
178 The address a listening server should bind to. Mongrel servers default
179 to 127.0.0.1 and WEBrick defaults to 0.0.0.0.
180
181 bucketdir +++++++++
182
183 Where FileBucket files are stored.
184
185 · Default: $vardir/bucket
186
187
188
189 ca ++
190
191 Wether the master should function as a certificate authority.
192
193 · Default: true
194
195
196
197 ca_days +++++++
198
199 How long a certificate should be valid. This parameter is deprecated,
200 use ca_ttl instead
201
202 ca_md +++++
203
204 The type of hash used in certificates.
205
206 · Default: md5
207
208
209
210 ca_name +++++++
211
212 The name to use the Certificate Authority certificate.
213
214 · Default: $certname
215
216
217
218 ca_port +++++++
219
220 The port to use for the certificate authority.
221
222 · Default: $masterport
223
224
225
226 ca_server +++++++++
227
228 The server to use for certificate authority requests. It´s a separate
229 server because it cannot and does not need to horizontally scale.
230
231 · Default: $server
232
233
234
235 ca_ttl ++++++
236
237 The default TTL for new certificates; valid values must be an integer,
238 optionally followed by one of the units ´y´ (years of 365 days), ´d´
239 (days), ´h´ (hours), or ´s´ (seconds). The unit defaults to seconds. If
240 this parameter is set, ca_days is ignored. Examples are ´3600´ (one
241 hour) and ´1825d´, which is the same as ´5y´ (5 years)
242
243 · Default: 5y
244
245
246
247 cacert ++++++
248
249 The CA certificate.
250
251 · Default: $cadir/ca_crt.pem
252
253
254
255 cacrl +++++
256
257 The certificate revocation list (CRL) for the CA. Will be used if
258 present but otherwise ignored.
259
260 · Default: $cadir/ca_crl.pem
261
262
263
264 cadir +++++
265
266 The root directory for the certificate authority.
267
268 · Default: $ssldir/ca
269
270
271
272 cakey +++++
273
274 The CA private key.
275
276 · Default: $cadir/ca_key.pem
277
278
279
280 capass ++++++
281
282 Where the CA stores the password for the private key
283
284 · Default: $caprivatedir/ca.pass
285
286
287
288 caprivatedir ++++++++++++
289
290 Where the CA stores private certificate information.
291
292 · Default: $cadir/private
293
294
295
296 capub +++++
297
298 The CA public key.
299
300 · Default: $cadir/ca_pub.pem
301
302
303
304 catalog_format ++++++++++++++
305
306 (Deprecated for ´preferred_serialization_format´) What format to use to
307 dump the catalog. Only supports ´marshal´ and ´yaml´. Only matters on
308 the client, since it asks the server for a specific format.
309
310 catalog_terminus ++++++++++++++++
311
312 Where to get node catalogs. This is useful to change if, for instance,
313 you´d like to pre-compile catalogs and store them in memcached or some
314 other easily-accessed store.
315
316 · Default: compiler
317
318
319
320 cert_inventory ++++++++++++++
321
322 A Complete listing of all certificates
323
324 · Default: $cadir/inventory.txt
325
326
327
328 certdir +++++++
329
330 The certificate directory.
331
332 · Default: $ssldir/certs
333
334
335
336 certdnsnames ++++++++++++
337
338 The DNS names on the Server certificate as a colon-separated list. If
339 it´s anything other than an empty string, it will be used as an alias
340 in the created certificate. By default, only the server gets an alias
341 set up, and only for ´puppet´.
342
343 certificate_revocation ++++++++++++++++++++++
344
345 Whether certificate revocation should be supported by downloading a
346 Certificate Revocation List (CRL) to all clients. If enabled, CA chain‐
347 ing will almost definitely not work.
348
349 · Default: true
350
351
352
353 certname ++++++++
354
355 The name to use when handling certificates. Defaults to the fully qual‐
356 ified domain name.
357
358 · Default: pelin.members.linode.com
359
360
361
362 classfile +++++++++
363
364 The file in which puppet agent stores a list of the classes associated
365 with the retrieved configuration. Can be loaded in the separate puppet
366 executable using the --loadclasses option.
367
368 · Default: $statedir/classes.txt
369
370
371
372 client_datadir ++++++++++++++
373
374 The directory in which serialized data is stored on the client.
375
376 · Default: $vardir/client_data
377
378
379
380 clientbucketdir +++++++++++++++
381
382 Where FileBucket files are stored locally.
383
384 · Default: $vardir/clientbucket
385
386
387
388 clientyamldir +++++++++++++
389
390 The directory in which client-side YAML data is stored.
391
392 · Default: $vardir/client_yaml
393
394
395
396 code ++++
397
398 Code to parse directly. This is essentially only used by puppet, and
399 should only be set if you´re writing your own Puppet executable
400
401 color +++++
402
403 Whether to use colors when logging to the console. Valid values are
404 ansi (equivalent to true), html (mostly used during testing with Text‐
405 Mate), and false, which produces no color.
406
407 · Default: ansi
408
409
410
411 confdir +++++++
412
413 The main Puppet configuration directory. The default for this parameter
414 is calculated based on the user. If the process is running as root or
415 the user that puppet master is supposed to run as, it defaults to a
416 system directory, but if it´s running as any other user, it defaults to
417 being in ~.
418
419 · Default: /etc/puppet
420
421
422
423 config ++++++
424
425 The configuration file for doc.
426
427 · Default: $confdir/puppet.conf
428
429
430
431 config_version ++++++++++++++
432
433 How to determine the configuration version. By default, it will be the
434 time that the configuration is parsed, but you can provide a shell
435 script to override how the version is determined. The output of this
436 script will be added to every log message in the reports, allowing you
437 to correlate changes on your hosts to the source version on the server.
438
439 configprint +++++++++++
440
441 Print the value of a specific configuration parameter. If a parameter
442 is provided for this, then the value is printed and puppet exits.
443 Comma-separate multiple values. For a list of all values, specify
444 ´all´. This feature is only available in Puppet versions higher than
445 0.18.4.
446
447 configtimeout +++++++++++++
448
449 How long the client should wait for the configuration to be retrieved
450 before considering it a failure. This can help reduce flapping if too
451 many clients contact the server at one time.
452
453 · Default: 120
454
455
456
457 couchdb_url +++++++++++
458
459 The url where the puppet couchdb database will be created
460
461 · Default: http://127.0.0.1:5984/puppet
462
463
464
465 csrdir ++++++
466
467 Where the CA stores certificate requests
468
469 · Default: $cadir/requests
470
471
472
473 daemonize +++++++++
474
475 Send the process into the background. This is the default.
476
477 · Default: true
478
479
480
481 dbadapter +++++++++
482
483 The type of database to use.
484
485 · Default: sqlite3
486
487
488
489 dbconnections +++++++++++++
490
491 The number of database connections. Only used when networked databases
492 are used. Will be ignored if the value is an empty string or is less
493 than 1.
494
495 · Default: 0
496
497
498
499 dblocation ++++++++++
500
501 The database cache for client configurations. Used for querying within
502 the language.
503
504 · Default: $statedir/clientconfigs.sqlite3
505
506
507
508 dbmigrate +++++++++
509
510 Whether to automatically migrate the database.
511
512 · Default: false
513
514
515
516 dbname ++++++
517
518 The name of the database to use.
519
520 · Default: puppet
521
522
523
524 dbpassword ++++++++++
525
526 The database password for caching. Only used when networked databases
527 are used.
528
529 · Default: puppet
530
531
532
533 dbport ++++++
534
535 The database password for caching. Only used when networked databases
536 are used.
537
538 dbserver ++++++++
539
540 The database server for caching. Only used when networked databases are
541 used.
542
543 · Default: localhost
544
545
546
547 dbsocket ++++++++
548
549 The database socket location. Only used when networked databases are
550 used. Will be ignored if the value is an empty string.
551
552 dbuser ++++++
553
554 The database user for caching. Only used when networked databases are
555 used.
556
557 · Default: puppet
558
559
560
561 diff ++++
562
563 Which diff command to use when printing differences between files.
564
565 · Default: diff
566
567
568
569 diff_args +++++++++
570
571 Which arguments to pass to the diff command when printing differences
572 between files.
573
574 · Default: -u
575
576
577
578 downcasefacts +++++++++++++
579
580 Whether facts should be made all lowercase when sent to the server.
581
582 · Default: false
583
584
585
586 dynamicfacts ++++++++++++
587
588 Facts that are dynamic; these facts will be ignored when deciding
589 whether changed facts should result in a recompile. Multiple facts
590 should be comma-separated.
591
592 · Default: memorysize,memoryfree,swapsize,swapfree
593
594
595
596 environment +++++++++++
597
598 The environment Puppet is running in. For clients (e.g., puppet agent)
599 this determines the environment itself, which is used to find modules
600 and much more. For servers (i.e., puppet master) this provides the
601 default environment for nodes we know nothing about.
602
603 · Default: production
604
605
606
607 evaltrace +++++++++
608
609 Whether each resource should log when it is being evaluated. This
610 allows you to interactively see exactly what is being done.
611
612 · Default: false
613
614
615
616 external_nodes ++++++++++++++
617
618 An external command that can produce node information. The output must
619 be a YAML dump of a hash, and that hash must have one or both of
620 classes and parameters, where classes is an array and parameters is a
621 hash. For unknown nodes, the commands should exit with a non-zero exit
622 code. This command makes it straightforward to store your node mapping
623 information in other data sources like databases.
624
625 · Default: none
626
627
628
629 factdest ++++++++
630
631 Where Puppet should store facts that it pulls down from the central
632 server.
633
634 · Default: $vardir/facts/
635
636
637
638 factpath ++++++++
639
640 Where Puppet should look for facts. Multiple directories should be
641 colon-separated, like normal PATH variables.
642
643 · Default: $vardir/lib/facter:$vardir/facts
644
645
646
647 facts_terminus ++++++++++++++
648
649 The node facts terminus.
650
651 · Default: facter
652
653
654
655 factsignore +++++++++++
656
657 What files to ignore when pulling down facts.
658
659 · Default: .svn CVS
660
661
662
663 factsource ++++++++++
664
665 From where to retrieve facts. The standard Puppet file type is used for
666 retrieval, so anything that is a valid file source can be used here.
667
668 · Default: puppet://$server/facts/
669
670
671
672 factsync ++++++++
673
674 Whether facts should be synced with the central server.
675
676 · Default: false
677
678
679
680 fileserverconfig ++++++++++++++++
681
682 Where the fileserver configuration is stored.
683
684 · Default: $confdir/fileserver.conf
685
686
687
688 filetimeout +++++++++++
689
690 The minimum time to wait (in seconds) between checking for updates in
691 configuration files. This timeout determines how quickly Puppet checks
692 whether a file (such as manifests or templates) has changed on disk.
693
694 · Default: 15
695
696
697
698 freeze_main +++++++++++
699
700 Freezes the ´main´ class, disallowing any code to be added to it. This
701 essentially means that you can´t have any code outside of a node,
702 class, or definition other than in the site manifest.
703
704 · Default: false
705
706
707
708 genconfig +++++++++
709
710 Whether to just print a configuration to stdout and exit. Only makes
711 sense when used interactively. Takes into account arguments specified
712 on the CLI.
713
714 · Default: false
715
716
717
718 genmanifest +++++++++++
719
720 Whether to just print a manifest to stdout and exit. Only makes sense
721 when used interactively. Takes into account arguments specified on the
722 CLI.
723
724 · Default: false
725
726
727
728 graph +++++
729
730 Whether to create dot graph files for the different configuration
731 graphs. These dot files can be interpreted by tools like OmniGraffle or
732 dot (which is part of ImageMagick).
733
734 · Default: false
735
736
737
738 graphdir ++++++++
739
740 Where to store dot-outputted graphs.
741
742 · Default: $statedir/graphs
743
744
745
746 group +++++
747
748 The group puppet master should run as.
749
750 · Default: puppet
751
752
753
754 hostcert ++++++++
755
756 Where individual hosts store and look for their certificates.
757
758 · Default: $certdir/$certname.pem
759
760
761
762 hostcrl +++++++
763
764 Where the host´s certificate revocation list can be found. This is dis‐
765 tinct from the certificate authority´s CRL.
766
767 · Default: $ssldir/crl.pem
768
769
770
771 hostcsr +++++++
772
773 Where individual hosts store and look for their certificate requests.
774
775 · Default: $ssldir/csr_$certname.pem
776
777
778
779 hostprivkey +++++++++++
780
781 Where individual hosts store and look for their private key.
782
783 · Default: $privatekeydir/$certname.pem
784
785
786
787 hostpubkey ++++++++++
788
789 Where individual hosts store and look for their public key.
790
791 · Default: $publickeydir/$certname.pem
792
793
794
795 http_compression ++++++++++++++++
796
797 Allow http compression in REST communication with the master. This set‐
798 ting might improve performance for agent -> master communications over
799 slow WANs. Your puppetmaster needs to support compression (usually by
800 activating some settings in a reverse-proxy in front of the puppetmas‐
801 ter, which rules out webrick). It is harmless to activate this settings
802 if your master doesn´t support compression, but if it supports it, this
803 setting might reduce performance on high-speed LANs.
804
805 · Default: false
806
807
808
809 http_proxy_host +++++++++++++++
810
811 The HTTP proxy host to use for outgoing connections. Note: You may need
812 to use a FQDN for the server hostname when using a proxy.
813
814 · Default: none
815
816
817
818 http_proxy_port +++++++++++++++
819
820 The HTTP proxy port to use for outgoing connections
821
822 · Default: 3128
823
824
825
826 httplog +++++++
827
828 Where the puppet agent web server logs.
829
830 · Default: $logdir/http.log
831
832
833
834 ignorecache +++++++++++
835
836 Ignore cache and always recompile the configuration. This is useful for
837 testing new configurations, where the local cache may in fact be stale
838 even if the timestamps are up to date - if the facts change or if the
839 server changes.
840
841 · Default: false
842
843
844
845 ignoreimport ++++++++++++
846
847 A parameter that can be used in commit hooks, since it enables you to
848 parse-check a single file rather than requiring that all files exist.
849
850 · Default: false
851
852
853
854 ignoreschedules +++++++++++++++
855
856 Boolean; whether puppet agent should ignore schedules. This is useful
857 for initial puppet agent runs.
858
859 · Default: false
860
861
862
863 keylength +++++++++
864
865 The bit length of keys.
866
867 · Default: 1024
868
869
870
871 ldapattrs +++++++++
872
873 The LDAP attributes to include when querying LDAP for nodes. All
874 returned attributes are set as variables in the top-level scope. Multi‐
875 ple values should be comma-separated. The value ´all´ returns all
876 attributes.
877
878 · Default: all
879
880
881
882 ldapbase ++++++++
883
884 The search base for LDAP searches. It´s impossible to provide a mean‐
885 ingful default here, although the LDAP libraries might have one already
886 set. Generally, it should be the ´ou=Hosts´ branch under your main
887 directory.
888
889 ldapclassattrs ++++++++++++++
890
891 The LDAP attributes to use to define Puppet classes. Values should be
892 comma-separated.
893
894 · Default: puppetclass
895
896
897
898 ldapnodes +++++++++
899
900 Whether to search for node configurations in LDAP. See
901 http://projects.puppetlabs.com/projects/puppet/wiki/LDAP_Nodes for more
902 information.
903
904 · Default: false
905
906
907
908 ldapparentattr ++++++++++++++
909
910 The attribute to use to define the parent node.
911
912 · Default: parentnode
913
914
915
916 ldappassword ++++++++++++
917
918 The password to use to connect to LDAP.
919
920 ldapport ++++++++
921
922 The LDAP port. Only used if ldapnodes is enabled.
923
924 · Default: 389
925
926
927
928 ldapserver ++++++++++
929
930 The LDAP server. Only used if ldapnodes is enabled.
931
932 · Default: ldap
933
934
935
936 ldapssl +++++++
937
938 Whether SSL should be used when searching for nodes. Defaults to false
939 because SSL usually requires certificates to be set up on the client
940 side.
941
942 · Default: false
943
944
945
946 ldapstackedattrs ++++++++++++++++
947
948 The LDAP attributes that should be stacked to arrays by adding the val‐
949 ues in all hierarchy elements of the tree. Values should be comma-sepa‐
950 rated.
951
952 · Default: puppetvar
953
954
955
956 ldapstring ++++++++++
957
958 The search string used to find an LDAP node.
959
960 · Default: (&(objectclass=puppetClient)(cn=%s))
961
962
963
964 ldaptls +++++++
965
966 Whether TLS should be used when searching for nodes. Defaults to false
967 because TLS usually requires certificates to be set up on the client
968 side.
969
970 · Default: false
971
972
973
974 ldapuser ++++++++
975
976 The user to use to connect to LDAP. Must be specified as a full DN.
977
978 lexical +++++++
979
980 Whether to use lexical scoping (vs. dynamic).
981
982 · Default: false
983
984
985
986 libdir ++++++
987
988 An extra search path for Puppet. This is only useful for those files
989 that Puppet will load on demand, and is only guaranteed to work for
990 those cases. In fact, the autoload mechanism is responsible for making
991 sure this directory is in Ruby´s search path
992
993 · Default: $vardir/lib
994
995
996
997 listen ++++++
998
999 Whether puppet agent should listen for connections. If this is true,
1000 then by default only the runner server is started, which allows remote
1001 authorized and authenticated nodes to connect and trigger puppet agent
1002 runs.
1003
1004 · Default: false
1005
1006
1007
1008 localcacert +++++++++++
1009
1010 Where each client stores the CA certificate.
1011
1012 · Default: $certdir/ca.pem
1013
1014
1015
1016 localconfig +++++++++++
1017
1018 Where puppet agent caches the local configuration. An extension indi‐
1019 cating the cache format is added automatically.
1020
1021 · Default: $statedir/localconfig
1022
1023
1024
1025 logdir ++++++
1026
1027 The Puppet log directory.
1028
1029 · Default: $vardir/log
1030
1031
1032
1033 manage_internal_file_permissions ++++++++++++++++++++++++++++++++
1034
1035 Whether Puppet should manage the owner, group, and mode of files it
1036 uses internally
1037
1038 · Default: true
1039
1040
1041
1042 manifest ++++++++
1043
1044 The entry-point manifest for puppet master.
1045
1046 · Default: $manifestdir/site.pp
1047
1048
1049
1050 manifestdir +++++++++++
1051
1052 Where puppet master looks for its manifests.
1053
1054 · Default: $confdir/manifests
1055
1056
1057
1058 masterhttplog +++++++++++++
1059
1060 Where the puppet master web server logs.
1061
1062 · Default: $logdir/masterhttp.log
1063
1064
1065
1066 masterlog +++++++++
1067
1068 Where puppet master logs. This is generally not used, since syslog is
1069 the default log destination.
1070
1071 · Default: $logdir/puppetmaster.log
1072
1073
1074
1075 masterport ++++++++++
1076
1077 Which port puppet master listens on.
1078
1079 · Default: 8140
1080
1081
1082
1083 maximum_uid +++++++++++
1084
1085 The maximum allowed UID. Some platforms use negative UIDs but then ship
1086 with tools that do not know how to handle signed ints, so the UIDs show
1087 up as huge numbers that can then not be fed back into the system. This
1088 is a hackish way to fail in a slightly more useful way when that hap‐
1089 pens.
1090
1091 · Default: 4294967290
1092
1093
1094
1095 mkusers +++++++
1096
1097 Whether to create the necessary user and group that puppet agent will
1098 run as.
1099
1100 · Default: false
1101
1102
1103
1104 modulepath ++++++++++
1105
1106 The search path for modules as a colon-separated list of directories.
1107
1108 · Default: $confdir/modules:/usr/share/puppet/modules
1109
1110
1111
1112 name ++++
1113
1114 The name of the application, if we are running as one. The default is
1115 essentially $0 without the path or .rb.
1116
1117 · Default: doc
1118
1119
1120
1121 node_name +++++++++
1122
1123 How the puppetmaster determines the client´s identity and sets the
1124 ´hostname´, ´fqdn´ and ´domain´ facts for use in the manifest, in par‐
1125 ticular for determining which ´node´ statement applies to the client.
1126 Possible values are ´cert´ (use the subject´s CN in the client´s cer‐
1127 tificate) and ´facter´ (use the hostname that the client reported in
1128 its facts)
1129
1130 · Default: cert
1131
1132
1133
1134 node_terminus +++++++++++++
1135
1136 Where to find information about nodes.
1137
1138 · Default: plain
1139
1140
1141
1142 noop ++++
1143
1144 Whether puppet agent should be run in noop mode.
1145
1146 · Default: false
1147
1148
1149
1150 onetime +++++++
1151
1152 Run the configuration once, rather than as a long-running daemon. This
1153 is useful for interactively running puppetd.
1154
1155 · Default: false
1156
1157
1158
1159 parseonly +++++++++
1160
1161 Just check the syntax of the manifests.
1162
1163 · Default: false
1164
1165
1166
1167 passfile ++++++++
1168
1169 Where puppet agent stores the password for its private key. Generally
1170 unused.
1171
1172 · Default: $privatedir/password
1173
1174
1175
1176 path ++++
1177
1178 The shell search path. Defaults to whatever is inherited from the par‐
1179 ent process.
1180
1181 · Default: none
1182
1183
1184
1185 pidfile +++++++
1186
1187 The pid file
1188
1189 · Default: $rundir/$name.pid
1190
1191
1192
1193 plugindest ++++++++++
1194
1195 Where Puppet should store plugins that it pulls down from the central
1196 server.
1197
1198 · Default: $libdir
1199
1200
1201
1202 pluginsignore +++++++++++++
1203
1204 What files to ignore when pulling down plugins.
1205
1206 · Default: .svn CVS .git
1207
1208
1209
1210 pluginsource ++++++++++++
1211
1212 From where to retrieve plugins. The standard Puppet file type is used
1213 for retrieval, so anything that is a valid file source can be used
1214 here.
1215
1216 · Default: puppet://$server/plugins
1217
1218
1219
1220 pluginsync ++++++++++
1221
1222 Whether plugins should be synced with the central server.
1223
1224 · Default: false
1225
1226
1227
1228 postrun_command +++++++++++++++
1229
1230 A command to run after every agent run. If this command returns a
1231 non-zero return code, the entire Puppet run will be considered to have
1232 failed, even though it might have performed work during the normal run.
1233
1234 preferred_serialization_format ++++++++++++++++++++++++++++++
1235
1236 The preferred means of serializing ruby instances for passing over the
1237 wire. This won´t guarantee that all instances will be serialized using
1238 this method, since not all classes can be guaranteed to support this
1239 format, but it will be used for all classes that support it.
1240
1241 · Default: pson
1242
1243
1244
1245 prerun_command ++++++++++++++
1246
1247 A command to run before every agent run. If this command returns a
1248 non-zero return code, the entire Puppet run will fail.
1249
1250 privatedir ++++++++++
1251
1252 Where the client stores private certificate information.
1253
1254 · Default: $ssldir/private
1255
1256
1257
1258 privatekeydir +++++++++++++
1259
1260 The private key directory.
1261
1262 · Default: $ssldir/private_keys
1263
1264
1265
1266 publickeydir ++++++++++++
1267
1268 The public key directory.
1269
1270 · Default: $ssldir/public_keys
1271
1272
1273
1274 puppetdlockfile +++++++++++++++
1275
1276 A lock file to temporarily stop puppet agent from doing anything.
1277
1278 · Default: $statedir/puppetdlock
1279
1280
1281
1282 puppetdlog ++++++++++
1283
1284 The log file for puppet agent. This is generally not used.
1285
1286 · Default: $logdir/puppetd.log
1287
1288
1289
1290 puppetport ++++++++++
1291
1292 Which port puppet agent listens on.
1293
1294 · Default: 8139
1295
1296
1297
1298 queue_source ++++++++++++
1299
1300 Which type of queue to use for asynchronous processing. If your stomp
1301 server requires authentication, you can include it in the URI as long
1302 as your stomp client library is at least 1.1.1
1303
1304 · Default: stomp://localhost:61613/
1305
1306
1307
1308 queue_type ++++++++++
1309
1310 Which type of queue to use for asynchronous processing.
1311
1312 · Default: stomp
1313
1314
1315
1316 rails_loglevel ++++++++++++++
1317
1318 The log level for Rails connections. The value must be a valid log
1319 level within Rails. Production environments normally use info and other
1320 environments normally use debug.
1321
1322 · Default: info
1323
1324
1325
1326 railslog ++++++++
1327
1328 Where Rails-specific logs are sent
1329
1330 · Default: $logdir/rails.log
1331
1332
1333
1334 report ++++++
1335
1336 Whether to send reports after every transaction.
1337
1338 · Default: false
1339
1340
1341
1342 report_port +++++++++++
1343
1344 The port to communicate with the report_server.
1345
1346 · Default: $masterport
1347
1348
1349
1350 report_server +++++++++++++
1351
1352 The server to which to send transaction reports.
1353
1354 · Default: $server
1355
1356
1357
1358 reportdir +++++++++
1359
1360 The directory in which to store reports received from the client. Each
1361 client gets a separate subdirectory.
1362
1363 · Default: $vardir/reports
1364
1365
1366
1367 reportfrom ++++++++++
1368
1369 The ´from´ email address for the reports.
1370
1371 · Default: report@pelin.members.linode.com
1372
1373
1374
1375 reports +++++++
1376
1377 The list of reports to generate. All reports are looked for in pup‐
1378 pet/reports/name.rb, and multiple report names should be comma-sepa‐
1379 rated (whitespace is okay).
1380
1381 · Default: store
1382
1383
1384
1385 reportserver ++++++++++++
1386
1387 (Deprecated for ´report_server´) The server to which to send transac‐
1388 tion reports.
1389
1390 · Default: $server
1391
1392
1393
1394 reporturl +++++++++
1395
1396 The URL used by the http reports processor to send reports
1397
1398 · Default: http://localhost:3000/reports
1399
1400
1401
1402 req_bits ++++++++
1403
1404 The bit length of the certificates.
1405
1406 · Default: 2048
1407
1408
1409
1410 requestdir ++++++++++
1411
1412 Where host certificate requests are stored.
1413
1414 · Default: $ssldir/certificate_requests
1415
1416
1417
1418 rest_authconfig +++++++++++++++
1419
1420 The configuration file that defines the rights to the different rest
1421 indirections. This can be used as a fine-grained authorization system
1422 for puppet master.
1423
1424 · Default: $confdir/auth.conf
1425
1426
1427
1428 rrddir ++++++
1429
1430 The directory where RRD database files are stored. Directories for each
1431 reporting host will be created under this directory.
1432
1433 · Default: $vardir/rrd
1434
1435
1436
1437 rrdinterval +++++++++++
1438
1439 How often RRD should expect data. This should match how often the hosts
1440 report back to the server.
1441
1442 · Default: $runinterval
1443
1444
1445
1446 run_mode ++++++++
1447
1448 The effective ´run mode´ of the application: master, agent, or user.
1449
1450 · Default: master
1451
1452
1453
1454 rundir ++++++
1455
1456 Where Puppet PID files are kept.
1457
1458 · Default: $vardir/run
1459
1460
1461
1462 runinterval +++++++++++
1463
1464 How often puppet agent applies the client configuration; in seconds.
1465
1466 · Default: 1800
1467
1468
1469
1470 sendmail ++++++++
1471
1472 Where to find the sendmail binary with which to send email.
1473
1474 · Default: /usr/sbin/sendmail
1475
1476
1477
1478 serial ++++++
1479
1480 Where the serial number for certificates is stored.
1481
1482 · Default: $cadir/serial
1483
1484
1485
1486 server ++++++
1487
1488 The server to which server puppet agent should connect
1489
1490 · Default: puppet
1491
1492
1493
1494 server_datadir ++++++++++++++
1495
1496 The directory in which serialized data is stored, usually in a subdi‐
1497 rectory.
1498
1499 · Default: $vardir/server_data
1500
1501
1502
1503 servertype ++++++++++
1504
1505 The type of server to use. Currently supported options are webrick and
1506 mongrel. If you use mongrel, you will need a proxy in front of the
1507 process or processes, since Mongrel cannot speak SSL.
1508
1509 · Default: webrick
1510
1511
1512
1513 show_diff +++++++++
1514
1515 Whether to print a contextual diff when files are being replaced. The
1516 diff is printed on stdout, so this option is meaningless unless you are
1517 running Puppet interactively. This feature currently requires the
1518 diff/lcs Ruby library.
1519
1520 · Default: false
1521
1522
1523
1524 signeddir +++++++++
1525
1526 Where the CA stores signed certificates.
1527
1528 · Default: $cadir/signed
1529
1530
1531
1532 smtpserver ++++++++++
1533
1534 The server through which to send email reports.
1535
1536 · Default: none
1537
1538
1539
1540 splay +++++
1541
1542 Whether to sleep for a pseudo-random (but consistent) amount of time
1543 before a run.
1544
1545 · Default: false
1546
1547
1548
1549 splaylimit ++++++++++
1550
1551 The maximum time to delay before runs. Defaults to being the same as
1552 the run interval.
1553
1554 · Default: $runinterval
1555
1556
1557
1558 ssl_client_header +++++++++++++++++
1559
1560 The header containing an authenticated client´s SSL DN. Only used with
1561 Mongrel. This header must be set by the proxy to the authenticated
1562 client´s SSL DN (e.g., /CN=puppet.puppetlabs.com). See
1563 http://projects.puppetlabs.com/projects/puppet/wiki/Using_Mongrel for
1564 more information.
1565
1566 · Default: HTTP_X_CLIENT_DN
1567
1568
1569
1570 ssl_client_verify_header ++++++++++++++++++++++++
1571
1572 The header containing the status message of the client verification.
1573 Only used with Mongrel. This header must be set by the proxy to ´SUC‐
1574 CESS´ if the client successfully authenticated, and anything else oth‐
1575 erwise. See http://projects.puppetlabs.com/projects/pup‐
1576 pet/wiki/Using_Mongrel for more information.
1577
1578 · Default: HTTP_X_CLIENT_VERIFY
1579
1580
1581
1582 ssldir ++++++
1583
1584 Where SSL certificates are kept.
1585
1586 · Default: $confdir/ssl
1587
1588
1589
1590 statedir ++++++++
1591
1592 The directory where Puppet state is stored. Generally, this directory
1593 can be removed without causing harm (although it might result in spuri‐
1594 ous service restarts).
1595
1596 · Default: $vardir/state
1597
1598
1599
1600 statefile +++++++++
1601
1602 Where puppet agent and puppet master store state associated with the
1603 running configuration. In the case of puppet master, this file reflects
1604 the state discovered through interacting with clients.
1605
1606 · Default: $statedir/state.yaml
1607
1608
1609
1610 storeconfigs ++++++++++++
1611
1612 Whether to store each client´s configuration. This requires ActiveRe‐
1613 cord from Ruby on Rails.
1614
1615 · Default: false
1616
1617
1618
1619 strict_hostname_checking ++++++++++++++++++++++++
1620
1621 Whether to only search for the complete hostname as it is in the cer‐
1622 tificate when searching for node information in the catalogs.
1623
1624 · Default: false
1625
1626
1627
1628 summarize +++++++++
1629
1630 Whether to print a transaction summary.
1631
1632 · Default: false
1633
1634
1635
1636 syslogfacility ++++++++++++++
1637
1638 What syslog facility to use when logging to syslog. Syslog has a fixed
1639 list of valid facilities, and you must choose one of those; you cannot
1640 just make one up.
1641
1642 · Default: daemon
1643
1644
1645
1646 tagmap ++++++
1647
1648 The mapping between reporting tags and email addresses.
1649
1650 · Default: $confdir/tagmail.conf
1651
1652
1653
1654 tags ++++
1655
1656 Tags to use to find resources. If this is set, then only resources
1657 tagged with the specified tags will be applied. Values must be
1658 comma-separated.
1659
1660 templatedir +++++++++++
1661
1662 Where Puppet looks for template files. Can be a list of colon-seperated
1663 directories.
1664
1665 · Default: $vardir/templates
1666
1667
1668
1669 thin_storeconfigs +++++++++++++++++
1670
1671 Boolean; wether storeconfigs store in the database only the facts and
1672 exported resources. If true, then storeconfigs performance will be
1673 higher and still allow exported/collected resources, but other usage
1674 external to Puppet might not work
1675
1676 · Default: false
1677
1678
1679
1680 trace +++++
1681
1682 Whether to print stack traces on some errors
1683
1684 · Default: false
1685
1686
1687
1688 use_cached_catalog ++++++++++++++++++
1689
1690 Whether to only use the cached catalog rather than compiling a new cat‐
1691 alog on every run. Puppet can be run with this enabled by default and
1692 then selectively disabled when a recompile is desired.
1693
1694 · Default: false
1695
1696
1697
1698 usecacheonfailure +++++++++++++++++
1699
1700 Whether to use the cached configuration when the remote configuration
1701 will not compile. This option is useful for testing new configurations,
1702 where you want to fix the broken configuration rather than reverting to
1703 a known-good one.
1704
1705 · Default: true
1706
1707
1708
1709 user ++++
1710
1711 The user puppet master should run as.
1712
1713 · Default: puppet
1714
1715
1716
1717 vardir ++++++
1718
1719 Where Puppet stores dynamic and growing data. The default for this
1720 parameter is calculated specially, like confdir_.
1721
1722 · Default: /var/lib/puppet
1723
1724
1725
1726 yamldir +++++++
1727
1728 The directory in which YAML data is stored, usually in a subdirectory.
1729
1730 · Default: $vardir/yaml
1731
1732
1733
1734 zlib ++++
1735
1736 Boolean; whether to use the zlib library
1737
1738 · Default: true
1739
1740
1741
1742 This page autogenerated on Sat Aug 28 14:00:20 -0700 2010
1743
1744
1745
1746 August 2010 PUPPETCONF(5)