1888N/A The contents of this file are subject to the terms of the 1888N/A Common Development and Distribution License (the "License"). 1888N/A You may not use this file except in compliance with the License. 1888N/A See the License for the specific language governing permissions 1888N/A and limitations under the License. 1888N/A When distributing Covered Code, include this CDDL HEADER in each 1888N/A If applicable, add the following below this CDDL HEADER, with the 1888N/A fields enclosed by brackets "[]" replaced with your own identifying 1888N/A information: Portions Copyright [yyyy] [name of copyright owner] 5908N/A Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved. 1888N/A NOTE: This service manifest is not editable; its contents will 1888N/A be overwritten by package or patch operations, including 1888N/A operating system upgrade. Make customizations in a different 3160N/A<
service_bundle type="manifest" name="puppet">
3160N/A <
dependency name="filesystem" grouping="require_all" restart_on="error" type="service">
3160N/A <
dependency name="network" grouping="require_all" restart_on="error" type="service">
3160N/A <
dependency name="identity" grouping="require_all" restart_on="error" type="service">
3160N/A <
exec_method type="method" name="start" exec=":true" timeout_seconds="60"/>
3160N/A <
exec_method type="method" name="stop" exec=":kill" timeout_seconds="60"/>
4875N/A <
exec_method type="method" name="refresh" exec=":true" timeout_seconds="0"/>
3160N/A <
property_group name="general" type="framework">
3160N/A <!-- to start stop puppet --> 3160N/A <!-- to change puppet properties --> 3160N/A <
property_group name="puppet_stencil" type="configfile">
3160N/A <
propval name="mode" type="astring" value="0444"/>
3160N/A <
instance name="master" enabled="false">
3160N/A <
property_group name="config" type="application">
3160N/A <
instance name="agent" enabled="false">
3160N/A <
property_group name="config" type="application">
3160N/A <
stability value="Unstable"/>
5908N/A <
loctext xml:
lang="C">Puppet version 3.8.6</
loctext>
3160N/A <
pg_pattern required="false" type="application" name="config">
3160N/A <
prop_pattern required="false" type="astring" name="agent_catalog_run_lockfile">
3160N/AA lock file to indicate that a puppet agent catalog run is currently in progress.
3160N/AThe file contains the pid of the process that holds the lock on the catalog run.
3160N/A <
prop_pattern required="false" type="astring" name="agent_disabled_lockfile">
3160N/AA lock file to indicate that puppet agent runs have been administratively
3160N/Adisabled. File contains a JSON object with state information.
3160N/A <
prop_pattern required="false" type="boolean" name="allow_duplicate_certs">
3160N/AWhether to allow a new certificate
3160N/Arequest to overwrite an existing certificate.
3160N/A <
prop_pattern required="false" type="boolean" name="allow_variables_with_dashes">
3160N/APermit hyphens (`-`) in variable names and issue deprecation warnings about
3160N/Athem. This setting **should always be `false`;** setting it to `true`
3160N/Awill cause subtle and wide-ranging bugs. It will be removed in a future version.
3160N/AHyphenated variables caused major problems in the language, but were allowed
3160N/Abetween Puppet 2.7.3 and 2.7.14. If you used them during this window, we
3160N/Aapologize for the inconvenience --- you can temporarily set this to `true`
3160N/Ain order to upgrade, and can rename your variables at your leisure. Please
3160N/Arevert it to `false` after you have renamed all affected variables.
5908N/A <
prop_pattern required="false" type="boolean" name="always_cache_features">
5908N/AAffects how we cache attempts to load Puppet 'features'. If false, then
5908N/Afeature (which can be an expensive operation) unless it has already been
5908N/Aloaded successfully. This makes it possible for a single agent run to,
5908N/Ae.g., install a package that provides the underlying capabilities for
5908N/Aa feature, and then later load that feature during the same run (even if
5908N/Athe feature had been tested earlier and had not been available).
5908N/AIf this setting is set to true, then features will only be checked once,
5908N/Aand if they are not available, the negative result is cached and returned
5908N/Afor all subsequent attempts to load the feature. This behavior is almost
5908N/Aalways appropriate for the server, and can result in a significant performance
5908N/Aimprovement for features that are checked frequently.
3160N/A <
prop_pattern required="false" type="host" name="archive_file_server">
3160N/ADuring an inspect run, the file bucket server to archive files to if archive_files is set.
3160N/A <
prop_pattern required="false" type="boolean" name="archive_files">
3160N/ADuring an inspect run, whether to archive files whose contents are audited to a file bucket.
3160N/A <
prop_pattern required="false" type="boolean" name="async_storeconfigs">
3160N/AWhether to use a queueing system to provide asynchronous database integration.
3160N/ARequires that `puppet queue` be running.
3160N/A <
prop_pattern required="false" type="boolean" name="autoflush">
3160N/AWhether log files should always flush to disk.
3160N/A <
prop_pattern required="false" type="astring" name="autosign">
3160N/AWhether (and how) to autosign certificate requests. This setting
3160N/Ais only relevant on a puppet master acting as a certificate authority (CA).
3160N/AValid values are true (autosigns all certificate requests; not recommended),
3160N/Afalse (disables autosigning certificates), or the absolute path to a file.
3160N/AThe file specified in this setting may be either a **configuration file**
3160N/Aor a **custom policy executable.** Puppet will automatically determine
3160N/Awhat it is: If the Puppet user (see the `user` setting) can execute the
3160N/Afile, it will be treated as a policy executable; otherwise, it will be
3160N/AIf a custom policy executable is configured, the CA puppet master will run it
3160N/Aevery time it receives a CSR. The executable will be passed the subject CN of the
3160N/Arequest _as a command line argument,_ and the contents of the CSR in PEM format
3160N/A_on stdin._ It should exit with a status of 0 if the cert should be autosigned
3160N/Aand non-zero if the cert should not be autosigned.
3160N/AIf a certificate request is not autosigned, it will persist for review. An admin
3160N/Auser can use the `puppet cert sign` command to manually sign it, or can delete
3160N/AFor info on autosign configuration files, see
3160N/A <
prop_pattern required="false" type="astring" name="basemodulepath">
3160N/AThe search path for **global** modules. Should be specified as a
3160N/Alist of directories separated by the system path separator character. (The
3160N/APOSIX path separator is ':', and the Windows path separator is ';'.)
3160N/AIf you are using directory environments, these are the modules that will
3160N/Abe used by _all_ environments. Note that the `modules` directory of the active
3160N/Aenvironment will have priority over any global directories. For more info, see
3160N/AThis setting also provides the default value for the deprecated `modulepath`
3160N/Asetting, which is used when directory environments are disabled.
3160N/A <
prop_pattern required="false" type="net_address" name="bindaddress">
3160N/AThe address a listening server should bind to.
3160N/A <
prop_pattern required="false" type="boolean" name="binder">
3160N/ATurns the binding system on or off. This includes bindings in modules.
3160N/AThe binding system aggregates data from modules and other locations and makes them available for lookup.
3160N/AThe binding system is experimental and any or all of it may change.
3160N/A <
prop_pattern required="false" type="astring" name="binder_config">
3160N/AThe binder configuration file. Puppet reads this file on each request to configure the bindings system.
3160N/Ais used. If the setting :binding_config is specified, it must reference a valid and existing yaml file.
3160N/A <
prop_pattern required="false" type="astring" name="bucketdir">
3160N/AWhere FileBucket files are stored.
3160N/A <
prop_pattern required="false" type="boolean" name="ca">
3160N/AWhether the master should function as a certificate authority.
3160N/A <
prop_pattern required="false" type="astring" name="ca_name">
3160N/AThe name to use the Certificate Authority certificate.
3160N/A <
prop_pattern required="false" type="integer" name="ca_port">
3160N/AThe port to use for the certificate authority.
3160N/A <
prop_pattern required="false" type="host" name="ca_server">
3160N/AThe server to use for certificate
3160N/Aauthority requests. It's a separate server because it cannot
3160N/Aand does not need to horizontally scale.
3160N/A <
prop_pattern required="false" type="integer" name="ca_ttl">
3160N/AThe default TTL for new certificates.
3160N/AThis setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y).
3160N/A <
prop_pattern required="false" type="astring" name="cacert">
3160N/A <
prop_pattern required="false" type="astring" name="cacrl">
3160N/AThe certificate revocation list (CRL) for the CA. Will be used if present but otherwise ignored.
3160N/A <
prop_pattern required="false" type="astring" name="cadir">
3160N/AThe root directory for the certificate authority.
3160N/A <
prop_pattern required="false" type="astring" name="cakey">
3160N/A <
prop_pattern required="false" type="astring" name="capass">
3160N/AWhere the CA stores the password for the private key.
3160N/A <
prop_pattern required="false" type="astring" name="caprivatedir">
3160N/AWhere the CA stores private certificate information.
3160N/A <
prop_pattern required="false" type="astring" name="capub">
3160N/A <
prop_pattern required="false" type="astring" name="catalog_cache_terminus">
3160N/AHow to store cached catalogs. Valid values are 'json', 'msgpack' and 'yaml'. The agent application defaults to 'json'.
3160N/A <
prop_pattern required="false" type="astring" name="catalog_format">
3160N/A(Deprecated for 'preferred_serialization_format') What format to
3160N/Ause to dump the catalog. Only supports 'marshal' and 'yaml'. Only
3160N/Amatters on the client, since it asks the server for a specific format.
3160N/A <
prop_pattern required="false" type="astring" name="catalog_terminus">
3160N/AWhere to get node catalogs. This is useful to change if, for instance,
3160N/Ayou'd like to pre-compile catalogs and store them in memcached or some other easily-accessed store.
3160N/A <
prop_pattern required="false" type="astring" name="cert_inventory">
3160N/AThe inventory file. This is a text file to which the CA writes a
3160N/Acomplete listing of all certificates.
3160N/A <
prop_pattern required="false" type="astring" name="certdir">
3160N/A <
prop_pattern required="false" type="astring" name="certdnsnames">
3160N/AThe `certdnsnames` setting is no longer functional,
3160N/Aafter CVE-2011-3872. We ignore the value completely.
3160N/AFor your own certificate request you can set `dns_alt_names` in the
3160N/Aconfiguration and it will apply locally. There is no configuration option to
3160N/Aset DNS alt names, or any other `subjectAltName` value, for another nodes
3160N/AAlternately you can use the `--dns_alt_names` command line option to set the
3160N/Alabels added while generating your own CSR.
3160N/A <
prop_pattern required="false" type="integer" name="certificate_expire_warning">
3160N/AThe window of time leading up to a certificate's expiration that a notification
3160N/Awill be logged. This applies to CA, master, and agent certificates. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y).
3160N/A <
prop_pattern required="false" type="boolean" name="certificate_revocation">
3160N/AWhether certificate revocation should be supported by downloading a
3160N/ACertificate Revocation List (CRL)
3160N/Ato all clients. If enabled, CA chaining will almost definitely not work.
3160N/A <
prop_pattern required="false" type="hostname" name="certname">
5908N/AThe name to use when handling certificates. When a node
5908N/Arequests a certificate from the CA puppet master, it uses the value of the
5908N/A`certname` setting as its requested Subject CN.
5908N/AThis is the name used when managing a node's permissions in
5908N/AIn most cases, it is also used as the node's name when matching
5908N/Aand requesting data from an ENC. (This can be changed with the `node_name_value`
5908N/Aand `node_name_fact` settings, although you should only do so if you have
5908N/AA node's certname is available in Puppet manifests as `$trusted['certname']`. (See
5908N/A* For best compatibility, you should limit the value of `certname` to
5908N/A only use letters, numbers, periods, underscores, and dashes. (That is,
5908N/A it should match `/A[a-z0-9._-]+Z/`.)
5908N/A* The special value `ca` is reserved, and can't be used as the certname
5908N/ADefaults to the node's fully qualified domain name.
5908N/A <
prop_pattern required="false" type="boolean" name="cfacter">
5908N/AWhether or not to use the native facter (cfacter) implementation instead of the Ruby one (facter). Defaults to false.
3160N/A <
prop_pattern required="false" type="astring" name="classfile">
3160N/AThe file in which puppet agent stores a list of the classes
3160N/Aassociated with the retrieved configuration. Can be loaded in
3160N/Athe separate `puppet` executable using the `--loadclasses`
3160N/A <
prop_pattern required="false" type="astring" name="client_datadir">
3160N/AThe directory in which serialized data is stored on the client.
3160N/A <
prop_pattern required="false" type="astring" name="clientbucketdir">
3160N/AWhere FileBucket files are stored locally.
3160N/A <
prop_pattern required="false" type="astring" name="clientyamldir">
3160N/AThe directory in which client-side YAML data is stored.
3160N/A <
prop_pattern required="false" type="astring" name="code">
3160N/ACode to parse directly. This is essentially only used
3160N/Aby `puppet`, and should only be set if you're writing your own Puppet
3160N/A <
prop_pattern required="false" type="astring" name="color">
3160N/AWhether to use colors when logging to the console. Valid values are
3160N/A`ansi` (equivalent to `true`), `html`, and `false`, which produces no color.
3160N/ADefaults to false on Windows, as its console does not support ansi colors.
3160N/A <
prop_pattern required="false" type="astring" name="confdir">
3160N/AThe main Puppet configuration directory. The default for this setting
3160N/Ais calculated based on the user. If the process is running as root or
3160N/Athe user that Puppet is supposed to run as, it defaults to a system
3160N/Adirectory, but if it's running as any other user, it defaults to being
3160N/Ain the user's home directory.
3160N/A <
prop_pattern required="false" type="astring" name="config">
3160N/AThe configuration file for the current puppet application.
3160N/A <
prop_pattern required="false" type="astring" name="config_file_name">
3160N/AThe name of the puppet config file.
3160N/A <
prop_pattern required="false" type="astring" name="config_version">
3160N/AHow to determine the configuration version. By default, it will be the
3160N/Atime that the configuration is parsed, but you can provide a shell script to override how the
3160N/Aversion is determined. The output of this script will be added to every log message in the
3160N/Areports, allowing you to correlate changes on your hosts to the source version on the server.
3160N/ASetting a global value for config_version in
puppet.conf is deprecated. Please set a
3160N/A <
prop_pattern required="false" type="astring" name="configprint">
3160N/APrint the value of a specific configuration setting. If the name of a
3160N/Asetting is provided for this, then the value is printed and puppet
3160N/Aexits. Comma-separate multiple values. For a list of all values,
3160N/A <
prop_pattern required="false" type="integer" name="configtimeout">
3160N/AHow long the client should wait for the configuration to be retrieved
3160N/Abefore considering it a failure. This can help reduce flapping if too
3160N/Amany clients contact the server at one time. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y).
3160N/A <
prop_pattern required="false" type="uri" name="couchdb_url">
3160N/AThe url where the puppet couchdb database will be created.
3160N/AOnly used when `facts_terminus` is set to `couch`.
3160N/A <
prop_pattern required="false" type="astring" name="csr_attributes">
3160N/AAn optional file containing custom attributes to add to certificate signing
3160N/Arequests (CSRs). You should ensure that this file does not exist on your CA
3160N/Apuppet master; if it does, unwanted certificate extensions may leak into
3160N/Acertificates created with the `puppet cert generate` command.
3160N/AIf present, this file must be a YAML hash containing a `custom_attributes` key
3160N/Aand/
or an `extension_requests` key. The value of each key must be a hash, where
3160N/Aeach key is a valid OID and each value is an object that can be cast to a string.
3160N/ACustom attributes can be used by the CA when deciding whether to sign the
3160N/Acertificate, but are then discarded. Attribute OIDs can be any OID value except
3160N/Athe standard CSR attributes (
i.e. attributes described in RFC 2985 section 5.4).
3160N/AThis is useful for embedding a pre-shared key for autosigning policy executables
3160N/A(see the `autosign` setting), often by using the `1.2.840.113549.1.9.7`
3160N/AExtension requests will be permanently embedded in the final certificate.
3160N/AExtension OIDs must be in the "ppRegCertExt" (`1.3.6.1.4.1.34380.1.1`) or
3160N/A"ppPrivCertExt" (`1.3.6.1.4.1.34380.1.2`) OID arcs. The ppRegCertExt arc is
3160N/Areserved for four of the most common pieces of data to embed: `pp_uuid` (`.1`),
3160N/A`pp_instance_id` (`.2`), `pp_image_name` (`.3`), and `pp_preshared_key` (`.4`)
3160N/A--- in the YAML file, these can be referred to by their short descriptive names
3160N/Ainstead of their full OID. The ppPrivCertExt arc is unregulated, and can be used
3160N/Afor site-specific extensions.
3160N/A <
prop_pattern required="false" type="astring" name="csrdir">
3160N/AWhere the CA stores certificate requests
3160N/A <
prop_pattern required="false" type="boolean" name="daemonize">
3160N/AWhether to send the process into the background. This defaults
3160N/Ato true on POSIX systems, and to false on Windows (where Puppet
3160N/Acurrently cannot daemonize).
3160N/A <
prop_pattern required="false" type="astring" name="data_binding_terminus">
3160N/AWhere to retrive information about data.
3160N/A <
prop_pattern required="false" type="astring" name="dbadapter">
3160N/AThe type of database to use. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated.
3160N/A <
prop_pattern required="false" type="astring" name="dbconnections">
3160N/AThe number of database connections for networked
3160N/Adatabases. Will be ignored unless the value is a positive integer. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated.
3160N/A <
prop_pattern required="false" type="astring" name="dblocation">
3160N/AThe sqlite database file. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated.
3160N/A <
prop_pattern required="false" type="boolean" name="dbmigrate">
3160N/AWhether to automatically migrate the database. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated.
3160N/A <
prop_pattern required="false" type="astring" name="dbname">
3160N/AThe name of the database to use. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated.
3160N/A <
prop_pattern required="false" type="astring" name="dbpassword">
3160N/AThe database password for caching. Only
3160N/Aused when networked databases are used. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated.
3160N/A <
prop_pattern required="false" type="astring" name="dbport">
3160N/AThe database password for caching. Only
3160N/Aused when networked databases are used. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated.
3160N/A <
prop_pattern required="false" type="host" name="dbserver">
3160N/AThe database server for caching. Only
3160N/Aused when networked databases are used.
3160N/A <
prop_pattern required="false" type="astring" name="dbsocket">
3160N/AThe database socket location. Only used when networked
3160N/Adatabases are used. Will be ignored if the value is an empty string. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated.
3160N/A <
prop_pattern required="false" type="astring" name="dbuser">
3160N/AThe database user for caching. Only
3160N/Aused when networked databases are used. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated.
3160N/A <
prop_pattern required="false" type="astring" name="default_file_terminus">
3160N/AThe default source for files if no server is given in a
3160N/Auri,
e.g. puppet:///file. The default of `rest` causes the file to be
3160N/Aretrieved using the `server` setting. When running `apply` the default
3160N/Ais `file_server`, causing requests to be filled locally.
5908N/A <
prop_pattern required="false" type="astring" name="default_manifest">
5908N/AThe default main manifest for directory environments. Any environment that
5908N/AThis setting's value can be an absolute or relative path. An absolute path
5908N/Awill make all environments default to the same main manifest; a relative
5908N/Apath will allow each environment to use its own manifest, and Puppet will
5908N/Aresolve the path relative to each environment's main directory.
5908N/AIn either case, the path can point to a single file or to a directory of
5908N/Amanifests to be evaluated in alphabetical order.
3160N/A <
prop_pattern required="false" type="boolean" name="default_schedules">
3160N/ABoolean; whether to generate the default schedule resources. Setting this to
3160N/Afalse is useful for keeping external report processors clean of skipped schedule resources.
3160N/A <
prop_pattern required="false" type="astring" name="deviceconfig">
3160N/APath to the device config file for puppet device.
3160N/A <
prop_pattern required="false" type="astring" name="devicedir">
3160N/AThe root directory of devices' $vardir.
3160N/A <
prop_pattern required="false" type="astring" name="diff">
3160N/AWhich diff command to use when printing differences between files. This setting
3160N/Ahas no default value on Windows, as standard `diff` is not available, but Puppet can use many
3160N/A <
prop_pattern required="false" type="astring" name="diff_args">
3160N/AWhich arguments to pass to the diff command when printing differences between
3160N/Afiles. The command to use can be chosen with the `diff` setting.
3160N/A <
prop_pattern required="false" type="astring" name="digest_algorithm">
3160N/AWhich digest algorithm to use for file resources and the filebucket.
3160N/AValid values are md5, sha256. Default is md5.
5908N/A <
prop_pattern required="false" type="boolean" name="disable_per_environment_manifest">
5908N/AWhether to disallow an environment-specific main manifest. When set
5908N/Ato `true`, Puppet will use the manifest specified in the `default_manifest` setting
5908N/Afor all environments. If an environment specifies a different main manifest in its
5908N/AThis setting requires `default_manifest` to be set to an absolute path.
3160N/A <
prop_pattern required="false" type="astring" name="disable_warnings">
5908N/AA comma-separated list of warning types to suppress. If large numbers
5908N/Aof warnings are making Puppet's logs too large or difficult to use, you
5908N/Acan temporarily silence them with this setting.
5908N/AIf you are preparing to upgrade Puppet to a new major version, you
5908N/Ashould re-enable all warnings for a while.
5908N/AValid values for this setting are:
5908N/A* `deprecations` --- disables deprecation warnings.
3160N/A <
prop_pattern required="false" type="host" name="dns_alt_names">
3160N/AThe comma-separated list of alternative DNS names to use for the local host.
3160N/AWhen the node generates a CSR for itself, these are added to the request
3160N/Aas the desired `subjectAltName` in the certificate: additional DNS labels
3160N/Athat the certificate is also valid answering as.
3160N/AThis is generally required if you use a non-hostname `certname`, or if you
3160N/Awant to use `puppet kick` or `puppet resource -H` and the primary certname
3160N/Adoes not match the DNS name you use to communicate with the host.
3160N/AThis is unnecessary for agents, unless you intend to use them as a server for
3160N/A`puppet kick` or remote `puppet resource` management.
3160N/AIt is rarely necessary for servers; it is usually helpful only if you need to
3160N/Ahave a pool of multiple load balanced masters, or for the same master to
3160N/Arespond on two physically separate networks under different names.
3160N/A <
prop_pattern required="false" type="boolean" name="document_all">
3160N/AWhether to document all resources when using `puppet doc` to
3160N/Agenerate manifest documentation.
3160N/A <
prop_pattern required="false" type="astring" name="dynamicfacts">
3160N/A(Deprecated) Facts that are dynamic; these facts will be ignored when deciding whether
3160N/Achanged facts should result in a recompile. Multiple facts should be
3160N/A <
prop_pattern required="false" type="astring" name="environment">
3160N/AThe environment Puppet is running in. For clients
3160N/A(
e.g., `puppet agent`) this determines the environment itself, which
3160N/Ais used to find modules and much more. For servers (
i.e., `puppet master`)
3160N/Athis provides the default environment for nodes we know nothing about.
3160N/A <
prop_pattern required="false" type="integer" name="environment_timeout">
5908N/AHow long the Puppet master should cache data it loads from an
5908N/AThis setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y).
5908N/AA value of `0` will disable caching. This setting can also be set to
5908N/A`unlimited`, which will cache environments until the master is restarted
5908N/Aor told to refresh the cache.
5908N/AYou should change this setting once your Puppet deployment is doing
5908N/Anon-trivial work. We chose the default value of `0` because it lets new
5908N/Ausers update their code without any extra steps, but it lowers the
5908N/Aperformance of your Puppet master.
5908N/AWe recommend setting this to `unlimited` and explicitly refreshing your
5908N/APuppet master as part of your code deployment process.
5908N/A* With Puppet Server, you should refresh environments by calling the
5908N/A `environment-cache` API endpoint. See the docs for the Puppet Server
5908N/A* With a Rack Puppet master, you should restart the web server or the
5908N/A refresh an application without restarting Apache; see the Passenger docs
5908N/AWe don't recommend using any value other than `0` or `unlimited`, since
5908N/Amost Puppet masters use a pool of Ruby interpreters which all have their
5908N/Aown cache timers. When these timers drift out of sync, agents can be served
3160N/A <
prop_pattern required="false" type="astring" name="environmentpath">
3160N/AA search path for directory environments, as a list of directories
3160N/Aseparated by the system path separator character. (The POSIX path separator
3160N/Ais ':', and the Windows path separator is ';'.)
3160N/AThis setting must have a value set to enable **directory environments.** The
3160N/A <
prop_pattern required="false" type="boolean" name="evaltrace">
3160N/AWhether each resource should log when it is
3160N/Abeing evaluated. This allows you to interactively see exactly
3160N/A <
prop_pattern required="false" type="astring" name="external_nodes">
3160N/AAn external command that can produce node information. The command's output
3160N/Amust be a YAML dump of a hash, and that hash must have a `classes` key
and/
or 3160N/Aa `parameters` key, where `classes` is an array or hash and
3160N/A`parameters` is a hash. For unknown nodes, the command should
3160N/Aexit with a non-zero exit code.
3160N/AThis command makes it straightforward to store your node mapping
3160N/Ainformation in other data sources like databases.
3160N/A <
prop_pattern required="false" type="astring" name="factpath">
3160N/AWhere Puppet should look for facts. Multiple directories should
3160N/Abe separated by the system path separator character. (The POSIX path
3160N/Aseparator is ':', and the Windows path separator is ';'.)
3160N/A <
prop_pattern required="false" type="astring" name="facts_terminus">
3160N/A <
prop_pattern required="false" type="astring" name="fileserverconfig">
3160N/AWhere the fileserver configuration is stored.
3160N/A <
prop_pattern required="false" type="integer" name="filetimeout">
3160N/AThe minimum time to wait between checking for updates in
3160N/Aconfiguration files. This timeout determines how quickly Puppet checks whether
3160N/Aa file (such as manifests or templates) has changed on disk. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y).
5908N/A <
prop_pattern required="false" type="astring" name="forge_authorization">
5908N/AThe authorization key to connect to the Puppet Forge. Leave blank for unauthorized or license based connections
3160N/A <
prop_pattern required="false" type="boolean" name="freeze_main">
3160N/AFreezes the 'main' class, disallowing any code to be added to it. This
3160N/Aessentially means that you can't have any code outside of a node,
3160N/Aclass, or definition other than in the site manifest.
3160N/A <
prop_pattern required="false" type="boolean" name="genmanifest">
3160N/AWhether to just print a manifest to stdout and exit. Only makes
3160N/Asense when specified on the command line as `--genmanifest`. Takes into account arguments specified
3160N/A <
prop_pattern required="false" type="boolean" name="graph">
3160N/AWhether to create dot graph files for the different
3160N/Aconfiguration graphs. These dot files can be interpreted by tools
3160N/Alike OmniGraffle or dot (which is part of ImageMagick).
3160N/A <
prop_pattern required="false" type="astring" name="graphdir">
3160N/AWhere to store dot-outputted graphs.
3160N/A <
prop_pattern required="false" type="astring" name="group">
3160N/AThe group puppet master should run as.
3160N/A <
prop_pattern required="false" type="astring" name="hiera_config">
3160N/AThe hiera configuration file. Puppet only reads this file on startup, so you must restart the puppet master every time you edit it.
3160N/A <
prop_pattern required="false" type="astring" name="hostcert">
3160N/AWhere individual hosts store and look for their certificates.
3160N/A <
prop_pattern required="false" type="astring" name="hostcrl">
3160N/AWhere the host's certificate revocation list can be found.
3160N/AThis is distinct from the certificate authority's CRL.
3160N/A <
prop_pattern required="false" type="astring" name="hostcsr">
3160N/AWhere individual hosts store and look for their certificate requests.
3160N/A <
prop_pattern required="false" type="astring" name="hostprivkey">
3160N/AWhere individual hosts store and look for their private key.
3160N/A <
prop_pattern required="false" type="astring" name="hostpubkey">
3160N/AWhere individual hosts store and look for their public key.
3160N/A <
prop_pattern required="false" type="boolean" name="http_compression">
3160N/AAllow http compression in REST communication with the master.
3160N/AThis setting might improve performance for agent -> master
3160N/Acommunications over slow WANs. Your puppet master needs to support
3160N/Acompression (usually by activating some settings in a reverse-proxy in
3160N/Afront of the puppet master, which rules out webrick). It is harmless to
3160N/Aactivate this settings if your master doesn't support compression, but
3160N/Aif it supports it, this setting might reduce performance on high-speed LANs.
5908N/A <
prop_pattern required="false" type="boolean" name="http_debug">
5908N/AWhether to write HTTP request and responses to stderr. This should never be used in a production environment.
5908N/A <
prop_pattern required="false" type="integer" name="http_keepalive_timeout">
5908N/AThe maximum amount of time a persistent HTTP connection can remain idle in the connection pool, before it is closed. This timeout should be shorter than the keepalive timeout used on the HTTP server,
e.g. Apache KeepAliveTimeout directive.
5908N/AThis setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y).
3160N/A <
prop_pattern required="false" type="host" name="http_proxy_host">
3160N/AThe HTTP proxy host to use for outgoing connections. Note: You
5908N/Amay need to use a FQDN for the server hostname when using a proxy. Environment variable
5908N/Ahttp_proxy or HTTP_PROXY will override this value
5908N/A <
prop_pattern required="false" type="astring" name="http_proxy_password">
5908N/AThe password for the user of an authenticated HTTP proxy.
5908N/ARequires the `http_proxy_user` setting.
5908N/ANote that passwords must be valid when used as part of a URL. If a password
5908N/Acontains any characters with special meanings in URLs (as specified by RFC 3986
3160N/A <
prop_pattern required="false" type="integer" name="http_proxy_port">
3160N/AThe HTTP proxy port to use for outgoing connections
5908N/A <
prop_pattern required="false" type="astring" name="http_proxy_user">
5908N/AThe user name for an authenticated HTTP proxy. Requires the `http_proxy_host` setting.
3160N/A <
prop_pattern required="false" type="astring" name="httplog">
3160N/AWhere the puppet agent web server logs.
3160N/A <
prop_pattern required="false" type="boolean" name="ignorecache">
3160N/AIgnore cache and always recompile the configuration. This is
3160N/Auseful for testing new configurations, where the local cache may in
3160N/Afact be stale even if the timestamps are up to date - if the facts
3160N/Achange or if the server changes.
3160N/A <
prop_pattern required="false" type="boolean" name="ignoreimport">
3160N/AIf true, allows the parser to continue without requiring
3160N/Aall files referenced with `import` statements to exist. This setting was primarily
3160N/Adesigned for use with commit hooks for parse-checking.
3160N/A <
prop_pattern required="false" type="boolean" name="ignoremissingtypes">
3160N/ASkip searching for classes and definitions that were missing during a
3160N/Aprior compilation. The list of missing objects is maintained per-environment and
3160N/Apersists until the environment is cleared or the master is restarted.
3160N/A <
prop_pattern required="false" type="boolean" name="ignoreschedules">
3160N/ABoolean; whether puppet agent should ignore schedules. This is useful
3160N/Afor initial puppet agent runs.
3160N/A <
prop_pattern required="false" type="boolean" name="immutable_node_data">
3160N/AWhen true, also prevents $trusted and $facts from being overridden in any scope
3160N/A <
prop_pattern required="false" type="integer" name="inventory_port">
3160N/AThe port to communicate with the inventory_server.
3160N/A <
prop_pattern required="false" type="host" name="inventory_server">
3160N/AThe server to send facts to.
3160N/A <
prop_pattern required="false" type="astring" name="inventory_terminus">
3160N/AShould usually be the same as the facts terminus
3160N/A <
prop_pattern required="false" type="integer" name="keylength">
3160N/A <
prop_pattern required="false" type="astring" name="lastrunfile">
3160N/AWhere puppet agent stores the last run report summary in yaml format.
3160N/A <
prop_pattern required="false" type="astring" name="lastrunreport">
3160N/AWhere puppet agent stores the last run report in yaml format.
3160N/A <
prop_pattern required="false" type="astring" name="ldapattrs">
3160N/AThe LDAP attributes to include when querying LDAP for nodes. All
3160N/Areturned attributes are set as variables in the top-level scope.
3160N/AMultiple values should be comma-separated. The value 'all' returns
3160N/A <
prop_pattern required="false" type="astring" name="ldapbase">
3160N/AThe search base for LDAP searches. It's impossible to provide
3160N/Aa meaningful default here, although the LDAP libraries might
3160N/Ahave one already set. Generally, it should be the 'ou=Hosts'
3160N/Abranch under your main directory.
3160N/A <
prop_pattern required="false" type="astring" name="ldapclassattrs">
3160N/AThe LDAP attributes to use to define Puppet classes. Values
3160N/A <
prop_pattern required="false" type="astring" name="ldapparentattr">
3160N/AThe attribute to use to define the parent node.
3160N/A <
prop_pattern required="false" type="astring" name="ldappassword">
3160N/AThe password to use to connect to LDAP.
3160N/A <
prop_pattern required="false" type="integer" name="ldapport">
3160N/AThe LDAP port. Only used if `node_terminus` is set to `ldap`.
3160N/A <
prop_pattern required="false" type="host" name="ldapserver">
3160N/AThe LDAP server. Only used if `node_terminus` is set to `ldap`.
3160N/A <
prop_pattern required="false" type="boolean" name="ldapssl">
3160N/AWhether SSL should be used when searching for nodes.
3160N/ADefaults to false because SSL usually requires certificates
3160N/Ato be set up on the client side.
3160N/A <
prop_pattern required="false" type="astring" name="ldapstackedattrs">
3160N/AThe LDAP attributes that should be stacked to arrays by adding
3160N/Athe values in all hierarchy elements of the tree. Values
3160N/A <
prop_pattern required="false" type="astring" name="ldapstring">
3160N/AThe search string used to find an LDAP node.
3160N/A <
prop_pattern required="false" type="boolean" name="ldaptls">
3160N/AWhether TLS should be used when searching for nodes.
3160N/ADefaults to false because TLS usually requires certificates
3160N/Ato be set up on the client side.
3160N/A <
prop_pattern required="false" type="hostname" name="ldapuser">
3160N/AThe user to use to connect to LDAP. Must be specified as a
3160N/A <
prop_pattern required="false" type="boolean" name="legacy_query_parameter_serialization">
3160N/AThe serialization format to use when sending file_metadata
3160N/Aquery parameters. Older versions of puppet master expect certain query
3160N/Aparameters to be serialized as yaml, which is deprecated.
3160N/AThis should almost always be false. It can be temporarily set to true
3160N/Ato let agents using this Puppet version connect to a puppet master
3160N/ANote that this is set to true automatically if the agent detects an
3160N/Aolder master, so should never need to be set explicitly.
3160N/A <
prop_pattern required="false" type="astring" name="libdir">
3160N/AAn extra search path for Puppet. This is only useful
3160N/Afor those files that Puppet will load on demand, and is only
3160N/Aguaranteed to work for those cases. In fact, the autoload
3160N/Amechanism is responsible for making sure this directory
3160N/A <
prop_pattern required="false" type="boolean" name="listen">
3160N/AWhether puppet agent should listen for
3160N/Aconnections. If this is true, then puppet agent will accept incoming
3160N/AREST API requests, subject to the default ACLs and the ACLs set in
3160N/Athe `rest_authconfig` file. Puppet agent can respond usefully to
3160N/Arequests on the `run`, `facts`, `certificate`, and `resource` endpoints.
3160N/A <
prop_pattern required="false" type="astring" name="localcacert">
3160N/AWhere each client stores the CA certificate.
3160N/A <
prop_pattern required="false" type="astring" name="localconfig">
3160N/AWhere puppet agent caches the local configuration. An
3160N/Aextension indicating the cache format is added automatically.
3160N/A <
prop_pattern required="false" type="astring" name="log_level">
5908N/ADefault logging level for messages from Puppet. Allowed values are:
3160N/A <
prop_pattern required="false" type="astring" name="logdir">
3160N/AThe directory in which to store log files
3160N/A <
prop_pattern required="false" type="boolean" name="manage_internal_file_permissions">
3160N/AWhether Puppet should manage the owner, group, and mode of files it uses internally
3160N/A <
prop_pattern required="false" type="astring" name="manifest">
3160N/AThe entry-point manifest for puppet master. This can be one file
3160N/Aor a directory of manifests to be evaluated in alphabetical order. Puppet manages
3160N/Athis path as a directory if one exists or if the path ends with a / or \.
3160N/Adirectory environments instead. If you need to use something other than the
3160N/Aenvironment's `manifests` directory as the main manifest, you can set
3160N/A <
prop_pattern required="false" type="astring" name="manifestdir">
3160N/AUsed to build the default value of the `manifest` setting. Has no other purpose.
3160N/A <
prop_pattern required="false" type="astring" name="masterhttplog">
5908N/AWhere the puppet master web server saves its access log. This is
5908N/Aonly used when running a WEBrick puppet master. When puppet master is
5908N/Arunning under a Rack server like Passenger, that web server will have
3160N/A <
prop_pattern required="false" type="astring" name="masterlog">
5908N/AThis file is literally never used, although Puppet may create it
5908N/Aas an empty file. For more context, see the `puppetdlog` setting and
5908N/Apuppet master's `--logdest` command line option.
5908N/AThis setting is deprecated and will be removed in a future version of Puppet.
3160N/A <
prop_pattern required="false" type="integer" name="masterport">
3160N/AThe port for puppet master traffic. For puppet master,
3160N/Athis is the port to listen on; for puppet agent, this is the port
3160N/Ato make requests on. Both applications use this setting to get the port.
3160N/A <
prop_pattern required="false" type="integer" name="max_deprecations">
5908N/Awarnings in case multiple deprecation warnings have been detected. A value of 0
5908N/Ablocks the logging of deprecation warnings. The count is per manifest.
3160N/A <
prop_pattern required="false" type="integer" name="max_errors">
5908N/Amultiple errors have been detected. A value of 0 is the same as a value of 1; a
5908N/Aminimum of one error is always raised. The count is per manifest.
3160N/A <
prop_pattern required="false" type="integer" name="max_warnings">
5908N/Acase multiple warnings have been detected. A value of 0 blocks logging of
5908N/Awarnings. The count is per manifest.
3160N/A <
prop_pattern required="false" type="integer" name="maximum_uid">
3160N/AThe maximum allowed UID. Some platforms use negative UIDs
3160N/Abut then ship with tools that do not know how to handle signed ints,
3160N/Aso the UIDs show up as huge numbers that can then not be fed back into
3160N/Athe system. This is a hackish way to fail in a slightly more useful
3160N/A <
prop_pattern required="false" type="boolean" name="mkusers">
3160N/AWhether to create the necessary user and group that puppet agent will run as.
5908N/A <
prop_pattern required="false" type="astring" name="module_groups">
5908N/AExtra module groups to request from the Puppet Forge
3160N/A <
prop_pattern required="false" type="uri" name="module_repository">
3160N/A <
prop_pattern required="false" type="astring" name="module_skeleton_dir">
3160N/AThe directory which the skeleton for module tool generate is stored.
3160N/A <
prop_pattern required="false" type="astring" name="module_working_dir">
3160N/AThe directory into which module tool data is stored
3160N/A <
prop_pattern required="false" type="astring" name="modulepath">
3160N/AThe search path for modules, as a list of directories separated by the system
3160N/Apath separator character. (The POSIX path separator is ':', and the
3160N/AWindows path separator is ';'.)
3160N/Adirectory environments instead. If you need to use something other than the
3160N/Adefault modulepath of `<ACTIVE ENVIRONMENT'S MODULES DIR>:$basemodulepath`,
3160N/A <
prop_pattern required="false" type="astring" name="name">
3160N/AThe name of the application, if we are running as one. The
3160N/Adefault is essentially $0 without the path or `.rb`.
3160N/A <
prop_pattern required="false" type="astring" name="node_cache_terminus">
3160N/AValid values are (none), 'json', 'msgpack', 'yaml' or write only yaml ('write_only_yaml').
3160N/AThe master application defaults to 'write_only_yaml', all others to none.
3160N/A <
prop_pattern required="false" type="astring" name="node_name">
3160N/AHow the puppet master determines the client's identity
3160N/Aand sets the 'hostname', 'fqdn' and 'domain' facts for use in the manifest,
3160N/Ain particular for determining which 'node' statement applies to the client.
3160N/APossible values are 'cert' (use the subject's CN in the client's
3160N/Acertificate) and 'facter' (use the hostname that the client
3160N/A <
prop_pattern required="false" type="astring" name="node_name_fact">
3160N/AThe fact name used to determine the node name used for all requests the agent
3160N/Amakes to the master. WARNING: This setting is mutually exclusive with
3160N/Anode_name_value. Changing this setting also requires changes to the default
3160N/A <
prop_pattern required="false" type="astring" name="node_name_value">
3160N/AThe explicit value used for the node name for all requests the agent
3160N/Amakes to the master. WARNING: This setting is mutually exclusive with
3160N/Anode_name_fact. Changing this setting also requires changes to the default
3160N/A <
prop_pattern required="false" type="astring" name="node_terminus">
3160N/AWhere to find information about nodes.
3160N/A <
prop_pattern required="false" type="boolean" name="noop">
3160N/AWhether to apply catalogs in noop mode, which allows Puppet to
3160N/Apartially simulate a normal run. This setting affects puppet agent and
3160N/AWhen running in noop mode, Puppet will check whether each resource is in sync,
3160N/Alike it does when running normally. However, if a resource attribute is not in
3160N/Athe desired state (as declared in the catalog), Puppet will take no
3160N/Aaction, and will instead report the changes it _would_ have made. These
3160N/Asimulated changes will appear in the report sent to the puppet master, or
3160N/Abe shown on the console if running puppet agent or puppet apply in the
3160N/Aforeground. The simulated changes will not send refresh events to any
3160N/Asubscribing or notified resources, although Puppet will log that a refresh
3160N/Aevent _would_ have been sent.
3160N/Aallows you to apply individual resources in noop mode, and will override
3160N/Athe global value of the `noop` setting. This means a resource with
3160N/A`noop => false` _will_ be changed if necessary, even when running puppet
3160N/Aagent with `noop = true` or `--noop`. (Conversely, a resource with
3160N/A`noop => true` will only be simulated, even when noop mode is globally disabled.)
3160N/A <
prop_pattern required="false" type="boolean" name="onetime">
3160N/APerform one configuration run and exit, rather than spawning a long-running
3160N/Adaemon. This is useful for interactively running puppet agent, or
3160N/Arunning puppet agent from cron.
3160N/A <
prop_pattern required="false" type="astring" name="ordering">
3160N/AHow unrelated resources should be ordered when applying a catalog.
3160N/AAllowed values are `title-hash`, `manifest`, and `random`. This
3160N/Asetting affects puppet agent and puppet apply, but not puppet master.
3160N/A* `title-hash` (the default) will order resources randomly, but will use
3160N/A the same order across runs and across nodes.
3160N/A* `manifest` will use the order in which the resources were declared in
3160N/A* `random` will order resources randomly and change their order with each
3160N/A run. This can work like a fuzzer for shaking out undeclared dependencies.
3160N/ARegardless of this setting's value, Puppet will always obey explicit
3160N/Aand the `->`/`~>` chaining arrows; this setting only affects the relative
3160N/Aordering of _unrelated_ resources.
3160N/A <
prop_pattern required="false" type="astring" name="parser">
3160N/ASelects the parser to use for parsing puppet manifests (in puppet DSL
3160N/Alanguage/'.pp' files). Available choices are `current` (the default)
5908N/AThe `current` parser means that the released version of the parser should
3160N/AThe `future` parser is a "time travel to the future" allowing early
3160N/Aexposure to new language features. What these features are will vary from
3160N/Arelease to release and they may be invididually configurable.
3160N/A <
prop_pattern required="false" type="astring" name="passfile">
3160N/AWhere puppet agent stores the password for its private key.
3160N/A <
prop_pattern required="false" type="astring" name="path">
3160N/AThe shell search path. Defaults to whatever is inherited
3160N/A <
prop_pattern required="false" type="astring" name="pidfile">
3160N/AThe file containing the PID of a running process.
3160N/AThis file is intended to be used by service management frameworks
3160N/Aand monitoring systems to determine if a puppet process is still in
3160N/A <
prop_pattern required="false" type="astring" name="plugindest">
3160N/AWhere Puppet should store plugins that it pulls down from the central
3160N/A <
prop_pattern required="false" type="astring" name="pluginfactdest">
3160N/AWhere Puppet should store external facts that are being handled by pluginsync
3160N/A <
prop_pattern required="false" type="astring" name="pluginfactsource">
3160N/AWhere to retrieve external facts for pluginsync
3160N/A <
prop_pattern required="false" type="astring" name="pluginsignore">
3160N/AWhat files to ignore when pulling down plugins.
3160N/A <
prop_pattern required="false" type="astring" name="pluginsource">
3160N/AFrom where to retrieve plugins. The standard Puppet `file` type
3160N/Ais used for retrieval, so anything that is a valid file source can
3160N/A <
prop_pattern required="false" type="boolean" name="pluginsync">
3160N/AWhether plugins should be synced with the central server.
3160N/A <
prop_pattern required="false" type="astring" name="postrun_command">
3160N/AA command to run after every agent run. If this command returns a non-zero
3160N/Areturn code, the entire Puppet run will be considered to have failed, even though it might have
3160N/Aperformed work during the normal run.
3160N/A <
prop_pattern required="false" type="astring" name="preferred_serialization_format">
3160N/AThe preferred means of serializing
3160N/Aruby instances for passing over the wire. This won't guarantee that all
3160N/Ainstances will be serialized using this method, since not all classes
3160N/Acan be guaranteed to support this format, but it will be used for all
3160N/A <
prop_pattern required="false" type="astring" name="prerun_command">
3160N/AA command to run before every agent run. If this command returns a non-zero
3160N/Areturn code, the entire Puppet run will fail.
5908N/A <
prop_pattern required="false" type="astring" name="preview_outputdir">
5908N/AThe directory where catalog previews per node are generated.
3160N/A <
prop_pattern required="false" type="astring" name="priority">
3160N/AThe scheduling priority of the process. Valid values are 'high',
3160N/A'normal', 'low', or 'idle', which are mapped to platform-specific
3160N/Avalues. The priority can also be specified as an integer value and
3160N/Awill be passed as is,
e.g. -5. Puppet must be running as a privileged
3160N/Auser in order to increase scheduling priority.
3160N/A <
prop_pattern required="false" type="astring" name="privatedir">
3160N/AWhere the client stores private certificate information.
3160N/A <
prop_pattern required="false" type="astring" name="privatekeydir">
3160N/A <
prop_pattern required="false" type="boolean" name="profile">
3160N/AWhether to enable experimental performance profiling
3160N/A <
prop_pattern required="false" type="astring" name="publickeydir">
3160N/A <
prop_pattern required="false" type="astring" name="puppetdlog">
5908N/AThe fallback log file. This is only used when the `--logdest` option
5908N/Ais not specified AND Puppet is running on an operating system where both
5908N/Athe POSIX syslog service and the Windows Event Log are unavailable. (Currently,
5908N/Ano supported operating systems match that description.)
5908N/ADespite the name, both puppet agent and puppet master will use this file
5908N/Aas the fallback logging destination.
5908N/AFor control over logging destinations, see the `--logdest` command line
5908N/Aoption in the manual pages for puppet master, puppet agent, and puppet
5908N/Aapply. You can see man pages by running `puppet <SUBCOMMAND> --help`,
3160N/A <
prop_pattern required="false" type="integer" name="puppetport">
3160N/AWhich port puppet agent listens on.
3160N/A <
prop_pattern required="false" type="uri" name="queue_source">
3160N/AWhich type of queue to use for asynchronous processing. If your stomp server requires
3160N/Aauthentication, you can include it in the URI as long as your stomp client library is at least 1.1.1
3160N/A <
prop_pattern required="false" type="astring" name="queue_type">
3160N/AWhich type of queue to use for asynchronous processing.
3160N/A <
prop_pattern required="false" type="astring" name="rails_loglevel">
3160N/AThe log level for Rails connections. The value must be
3160N/Aa valid log level within Rails. Production environments normally use `info`
3160N/Aand other environments normally use `debug`. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated.
3160N/A <
prop_pattern required="false" type="astring" name="railslog">
3160N/AWhere Rails-specific logs are sent. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated.
3160N/A <
prop_pattern required="false" type="boolean" name="report">
3160N/AWhether to send reports after every transaction.
3160N/A <
prop_pattern required="false" type="integer" name="report_port">
3160N/AThe port to communicate with the report_server.
3160N/A <
prop_pattern required="false" type="astring" name="report_serialization_format">
3160N/AThe serialization format to use when sending reports to the
3160N/A`report_server`. Possible values are `pson` and `yaml`. This setting
3160N/Aaffects puppet agent, but not puppet apply (which processes its own
3160N/AThis should almost always be set to `pson`. It can be temporarily set to
3160N/A`yaml` to let agents using this Puppet version connect to a puppet master
3160N/ANote that this is set to 'yaml' automatically if the agent detects an
3160N/Aolder master, so should never need to be set explicitly.
3160N/A <
prop_pattern required="false" type="host" name="report_server">
3160N/AThe server to send transaction reports to.
3160N/A <
prop_pattern required="false" type="astring" name="reportdir">
3160N/AThe directory in which to store reports. Each node gets
3160N/Aa separate subdirectory in this directory. This setting is only
3160N/Aused when the `store` report processor is enabled (see the
3160N/A <
prop_pattern required="false" type="astring" name="reportfrom">
3160N/AThe 'from' email address for the reports.
3160N/A <
prop_pattern required="false" type="astring" name="reports">
3160N/AThe list of report handlers to use. When using multiple report handlers,
3160N/Atheir names should be comma-separated, with whitespace allowed. (For example,
3160N/AThis setting is relevant to puppet master and puppet apply. The puppet
3160N/Amaster will call these report handlers with the reports it receives from
3160N/Aagent nodes, and puppet apply will call them with its own report. (In
3160N/Aall cases, the node applying the catalog must have `report = true`.)
3160N/ASee the report reference for information on the built-in report
3160N/Ahandlers; custom report handlers can also be loaded from modules.
3160N/A(Report handlers are loaded from the lib directory, at
3160N/A <
prop_pattern required="false" type="uri" name="reporturl">
3160N/AThe URL that reports should be forwarded to. This setting
3160N/Ais only used when the `http` report processor is enabled (see the
3160N/A <
prop_pattern required="false" type="integer" name="req_bits">
3160N/AThe bit length of the certificates.
3160N/A <
prop_pattern required="false" type="astring" name="requestdir">
3160N/AWhere host certificate requests are stored.
3160N/A <
prop_pattern required="false" type="astring" name="resourcefile">
3160N/AThe file in which puppet agent stores a list of the resources
3160N/Aassociated with the retrieved configuration.
3160N/A <
prop_pattern required="false" type="astring" name="rest_authconfig">
3160N/AThe configuration file that defines the rights to the different
3160N/Arest indirections. This can be used as a fine-grained
3160N/Aauthorization system for `puppet master`.
3160N/A <
prop_pattern required="false" type="astring" name="route_file">
3160N/AThe YAML file containing indirector route configuration.
3160N/A <
prop_pattern required="false" type="astring" name="rrddir">
3160N/AThe directory where RRD database files are stored.
3160N/ADirectories for each reporting host will be created under
3160N/A <
prop_pattern required="false" type="integer" name="rrdinterval">
3160N/AHow often RRD should expect data.
3160N/AThis should match how often the hosts report back to the server. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y).
3160N/A <
prop_pattern required="false" type="astring" name="rundir">
3160N/AWhere Puppet PID files are kept.
3160N/A <
prop_pattern required="false" type="integer" name="runinterval">
3160N/AHow often puppet agent applies the catalog.
3160N/ANote that a runinterval of 0 means "run continuously" rather than
3160N/A"never run." If you want puppet agent to never run, you should start
3160N/Ait with the `--no-client` option. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y).
3160N/A <
prop_pattern required="false" type="astring" name="sendmail">
3160N/AWhere to find the sendmail binary with which to send email.
3160N/A <
prop_pattern required="false" type="astring" name="serial">
3160N/AWhere the serial number for certificates is stored.
3160N/A <
prop_pattern required="false" type="host" name="server">
3160N/AThe puppet master server to which the puppet agent should connect.
3160N/A <
prop_pattern required="false" type="astring" name="server_datadir">
3160N/AThe directory in which serialized data is stored, usually in a subdirectory.
3160N/A <
prop_pattern required="false" type="boolean" name="show_diff">
3160N/AWhether to log and report a contextual diff when files are being replaced.
3160N/AThis causes partial file contents to pass through Puppet's normal
3160N/Alogging and reporting system, so this setting should be used with
3160N/Acaution if you are sending Puppet's reports to an insecure
3160N/Adestination. This feature currently requires the `
diff/
lcs` Ruby
3160N/A <
prop_pattern required="false" type="astring" name="signeddir">
3160N/AWhere the CA stores signed certificates.
3160N/A <
prop_pattern required="false" type="astring" name="smtphelo">
3160N/AThe name by which we identify ourselves in SMTP HELO for reports.
3160N/AIf you send to a smtpserver which does strict HELO checking (as with Postfix's
3160N/A`smtpd_helo_restrictions` access controls), you may need to ensure this resolves.
3160N/A <
prop_pattern required="false" type="integer" name="smtpport">
3160N/AThe TCP port through which to send email reports.
3160N/A <
prop_pattern required="false" type="host" name="smtpserver">
3160N/AThe server through which to send email reports.
3160N/A <
prop_pattern required="false" type="boolean" name="splay">
3160N/AWhether to sleep for a pseudo-random (but consistent) amount of time before
3160N/A <
prop_pattern required="false" type="integer" name="splaylimit">
3160N/AThe maximum time to delay before runs. Defaults to being the same as the
3160N/Arun interval. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y).
3160N/A <
prop_pattern required="false" type="host" name="srv_domain">
3160N/AThe domain which will be queried to find the SRV records of servers to use.
3160N/A <
prop_pattern required="false" type="astring" name="ssl_client_ca_auth">
3160N/ACertificate authorities who issue server certificates. SSL servers will not be
3160N/Aconsidered authentic unless they possess a certificate issued by an authority
3160N/Alisted in this file. If this setting has no value then the Puppet master's CA
3160N/Acertificate (localcacert) will be used.
3160N/A <
prop_pattern required="false" type="astring" name="ssl_client_header">
3160N/AThe header containing an authenticated client's SSL DN.
3160N/AThis header must be set by the proxy to the authenticated client's SSL
3160N/AName (CN) from the Distinguished Name (DN) and use the value of the CN
3160N/ANote that the name of the HTTP header gets munged by the web server
3160N/Acommon gateway inteface: an `HTTP_` prefix is added, dashes are converted
3160N/Ato underscores, and all letters are uppercased. Thus, to use the
3160N/A`X-Client-DN` header, this setting should be `HTTP_X_CLIENT_DN`.
3160N/A <
prop_pattern required="false" type="astring" name="ssl_client_verify_header">
3160N/AThe header containing the status message of the client
3160N/Averification. This header must be set by the proxy to 'SUCCESS' if the
3160N/Aclient successfully authenticated, and anything else otherwise.
3160N/ANote that the name of the HTTP header gets munged by the web server
3160N/Acommon gateway inteface: an `HTTP_` prefix is added, dashes are converted
3160N/Ato underscores, and all letters are uppercased. Thus, to use the
3160N/A`X-Client-Verify` header, this setting should be
3160N/A <
prop_pattern required="false" type="astring" name="ssl_server_ca_auth">
3160N/ACertificate authorities who issue client certificates. SSL clients will not be
3160N/Aconsidered authentic unless they possess a certificate issued by an authority
3160N/Alisted in this file. If this setting has no value then the Puppet master's CA
3160N/Acertificate (localcacert) will be used.
3160N/A <
prop_pattern required="false" type="astring" name="ssldir">
3160N/AWhere SSL certificates are kept.
3160N/A <
prop_pattern required="false" type="astring" name="statedir">
3160N/AThe directory where Puppet state is stored. Generally,
3160N/Athis directory can be removed without causing harm (although it
3160N/Amight result in spurious service restarts).
3160N/A <
prop_pattern required="false" type="astring" name="statefile">
3160N/AWhere puppet agent and puppet master store state associated
3160N/Awith the running configuration. In the case of puppet master,
3160N/Athis file reflects the state discovered through interacting
3160N/A <
prop_pattern required="false" type="boolean" name="storeconfigs">
3160N/AWhether to store each client's configuration, including catalogs, facts,
3160N/Aand related data. This also enables the import and export of resources in
3160N/Athe Puppet language - a mechanism for exchange resources between nodes.
3160N/ABy default this uses ActiveRecord and an SQL database to store and query
3160N/Athe data; this, in turn, will depend on Rails being available.
3160N/AYou can adjust the backend using the storeconfigs_backend setting.
3160N/A <
prop_pattern required="false" type="astring" name="storeconfigs_backend">
3160N/AConfigure the backend terminus used for StoreConfigs.
3160N/ABy default, this uses the ActiveRecord store, which directly talks to the
3160N/Adatabase from within the Puppet Master process.
3160N/A <
prop_pattern required="false" type="boolean" name="strict_hostname_checking">
3160N/AWhether to only search for the complete
3160N/Ahostname as it is in the certificate when searching for node information
3160N/A <
prop_pattern required="false" type="boolean" name="strict_variables">
3160N/AMakes the parser raise errors when referencing unknown variables. (This does not affect
3160N/Areferencing variables that are explicitly set to undef).
3160N/A <
prop_pattern required="false" type="boolean" name="stringify_facts">
3160N/Ato_s. Means you can't have arrays or
5908N/Ahashes as fact values. (DEPRECATED) This option will be removed in Puppet 4.0.
3160N/A <
prop_pattern required="false" type="boolean" name="summarize">
3160N/AWhether to print a transaction summary.
3160N/A <
prop_pattern required="false" type="astring" name="syslogfacility">
3160N/AWhat syslog facility to use when logging to syslog.
3160N/ASyslog has a fixed list of valid facilities, and you must
3160N/Achoose one of those; you cannot just make one up.
3160N/A <
prop_pattern required="false" type="astring" name="tagmap">
3160N/AThe mapping between reporting tags and email addresses.
3160N/A <
prop_pattern required="false" type="astring" name="tags">
3160N/ATags to use to find resources. If this is set, then
3160N/Aonly resources tagged with the specified tags will be applied.
3160N/AValues must be comma-separated.
3160N/A <
prop_pattern required="false" type="astring" name="templatedir">
3160N/AWhere Puppet looks for template files. Can be a list of colon-separated
3160N/AThis setting is deprecated. Please put your templates in modules instead.
3160N/A <
prop_pattern required="false" type="boolean" name="thin_storeconfigs">
3160N/ABoolean; whether Puppet should store only facts and exported resources in the storeconfigs
3160N/Adatabase. This will improve the performance of exported resources with the older
3160N/A`active_record` backend, but will disable external tools that search the storeconfigs database.
3160N/AThinning catalogs is generally unnecessary when using PuppetDB to store catalogs.
3160N/A <
prop_pattern required="false" type="boolean" name="trace">
3160N/AWhether to print stack traces on some errors
3160N/A <
prop_pattern required="false" type="boolean" name="trusted_node_data">
3160N/AStores trusted node data in a hash called $trusted.
3160N/AWhen true also prevents $trusted from being overridden in any scope.
3160N/A <
prop_pattern required="false" type="boolean" name="use_cached_catalog">
3160N/AWhether to only use the cached catalog rather than compiling a new catalog
3160N/Aon every run. Puppet can be run with this enabled by default and then selectively
3160N/Adisabled when a recompile is desired.
3160N/A <
prop_pattern required="false" type="boolean" name="use_srv_records">
3160N/AWhether the server will search for SRV records in DNS for the current domain.
3160N/A <
prop_pattern required="false" type="boolean" name="usecacheonfailure">
3160N/AWhether to use the cached configuration when the remote
3160N/Aconfiguration will not compile. This option is useful for testing
3160N/Anew configurations, where you want to fix the broken configuration
3160N/Arather than reverting to a known-good one.
3160N/A <
prop_pattern required="false" type="astring" name="user">
3160N/AThe user puppet master should run as.
3160N/A <
prop_pattern required="false" type="astring" name="vardir">
3160N/AWhere Puppet stores dynamic and growing data. The default for this
3160N/Asetting is calculated specially, like `confdir`_.
3160N/A <
prop_pattern required="false" type="integer" name="waitforcert">
3160N/AHow frequently puppet agent should ask for a signed certificate.
3160N/AWhen starting for the first time, puppet agent will submit a certificate
3160N/Asigning request (CSR) to the server named in the `ca_server` setting
3160N/A(usually the puppet master); this may be autosigned, or may need to be
3160N/Aapproved by a human, depending on the CA server's configuration.
3160N/APuppet agent cannot apply configurations until its approved certificate is
3160N/Aavailable. Since the certificate may or may not be available immediately,
3160N/Apuppet agent will repeatedly try to fetch it at this interval. You can
3160N/Aturn off waiting for certificates by specifying a time of 0, in which case
3160N/Apuppet agent will exit if it cannot get a cert.
3160N/AThis setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y).
3160N/A <
prop_pattern required="false" type="astring" name="yamldir">
3160N/AThe directory in which YAML data is stored, usually in a subdirectory.
3160N/A <
prop_pattern required="false" type="boolean" name="zlib">
3160N/ABoolean; whether to use the zlib library