Provided by:
puppet-common_0.25.4-2ubuntu6_all 
NAME
Configuration Reference -
This page is autogenerated; any changes will get overwritten (last
generated on Mon Feb 08 23:57:07 +1100 2010)
Contents
· Specifying Configuration Parameters
· Signals
· Configuration Parameter Reference
SPECIFYING CONFIGURATION PARAMETERS
On The Command-Line
Every Puppet executable (with the exception of puppetdoc) accepts all
of the parameters below, but not all of the arguments make sense for
every executable.
I have tried to be as thorough as possible in the descriptions of the
arguments, so it should be obvious whether an argument is appropriate
or not.
These parameters can be supplied to the executables either as
command-line options or in the configuration file. For instance, the
command-line invocation below would set the configuration directory to
/private/puppet:
$ puppetd --confdir=/private/puppet
Note that boolean options are turned on and off with a slightly
different syntax on the command line:
$ puppetd --storeconfigs
$ puppetd --no-storeconfigs
The invocations above will enable and disable, respectively, the
storage of the client configuration.
Configuration Files
As mentioned above, the configuration parameters can also be stored in
a configuration file, located in the configuration directory. As root,
the default configuration directory is /etc/puppet, and as a regular
user, the default configuration directory is ~user/.puppet. As of
0.23.0, all executables look for puppet.conf in their configuration
directory (although they previously looked for separate files). For
example, puppet.conf is located at /etc/puppet/puppet.conf as root and
~user/.puppet/puppet.conf as a regular user by default.
All executables will set any parameters set within the main section,
while each executable will also look for a section named for the
executable and load those parameters. For example, puppetd will look
for a section named puppetd, and puppetmasterd looks for a section
named puppetmasterd. This allows you to use a single configuration
file to customize the settings for all of your executables.
File Format
The file follows INI-style formatting. Here is an example of a very
simple puppet.conf file:
[main]
confdir = /private/puppet
storeconfigs = true
Note that boolean parameters must be explicitly specified as true or
false as seen above.
If you need to change file parameters (e.g., reset the mode or owner),
do so within curly braces on the same line:
[main]
myfile = /tmp/whatever {owner = root, mode = 644}
If you're starting out with a fresh configuration, you may wish to let
the executable generate a template configuration file for you by
invoking the executable in question with the --genconfig command. The
executable will print a template configuration to standard output,
which can be redirected to a file like so:
$ puppetd --genconfig > /etc/puppet/puppet.conf
Note that this invocation will replace the contents of any pre-existing
puppet.conf file, so make a backup of your present config if it
contains valuable information.
Like the --genconfig argument, the executables also accept a
--genmanifest argument, which will generate a manifest that can be used
to manage all of Puppet's directories and files and prints it to
standard output. This can likewise be redirected to a file:
$ puppetd --genmanifest > /etc/puppet/manifests/site.pp
Puppet can also create user and group accounts for itself (one puppet
group and one puppet user) if it is invoked as root with the --mkusers
argument:
$ puppetd --mkusers
SIGNALS
The puppetd and puppetmasterd executables catch some signals for
special handling. Both daemons catch (SIGHUP), which forces the server
to restart tself. Predictably, interrupt and terminate (SIGINT and
SIGTERM) will shut down the server, whether it be an instance of
puppetd or puppetmasterd.
Sending the SIGUSR1 signal to an instance of puppetd will cause it to
immediately begin a new configuration transaction with the server.
This signal has no effect on puppetmasterd.
CONFIGURATION PARAMETER REFERENCE
Below is a list of all documented parameters. Not all of them are
valid with all Puppet executables, but the executables will ignore any
inappropriate values.
async_storeconfigs
Whether to use a queueing system to provide asynchronous database
integration. Requires that puppetqd be running and that 'PSON' support
for ruby be installed.
· Default: false
authconfig
The configuration file that defines the rights to the different
namespaces and methods. This can be used as a coarse-grained
authorization system for both puppetd and puppetmasterd.
· Default: $confdir/namespaceauth.conf
autoflush
Whether log files should always flush to disk.
· Default: false
autosign
Whether to enable autosign. Valid values are true (which autosigns any
key request, and is a very bad idea), false (which never autosigns any
key request), and the path to a file, which uses that configuration
file to determine which keys to sign.
· Default: $confdir/autosign.conf
bindaddress
The address a listening server should bind to. Mongrel servers default
to 127.0.0.1 and WEBrick defaults to 0.0.0.0.
bucketdir
Where FileBucket files are stored.
· Default: $vardir/bucket
ca
Wether the master should function as a certificate authority.
· Default: true
ca_days
How long a certificate should be valid. This parameter is deprecated,
use ca_ttl instead
ca_md
The type of hash used in certificates.
· Default: md5
ca_port
The port to use for the certificate authority.
· Default: $masterport
ca_server
The server to use for certificate authority requests. It's a separate
server because it cannot and does not need to horizontally scale.
· Default: $server
ca_ttl
The default TTL for new certificates; valid values must be an integer,
optionally followed by one of the units 'y' (years of 365 days), 'd'
(days), 'h' (hours), or 's' (seconds). The unit defaults to seconds. If
this parameter is set, ca_days is ignored. Examples are '3600' (one
hour) and '1825d', which is the same as '5y' (5 years)
· Default: 5y
cacert
The CA certificate.
· Default: $cadir/ca_crt.pem
cacrl
The certificate revocation list (CRL) for the CA. Will be used if
present but otherwise ignored.
· Default: $cadir/ca_crl.pem
cadir
The root directory for the certificate authority.
· Default: $ssldir/ca
cakey
The CA private key.
· Default: $cadir/ca_key.pem
capass
Where the CA stores the password for the private key
· Default: $caprivatedir/ca.pass
caprivatedir
Where the CA stores private certificate information.
· Default: $cadir/private
capub
The CA public key.
· Default: $cadir/ca_pub.pem
casesensitive
Whether matching in case statements and selectors should be
case-sensitive. Case insensitivity is handled by downcasing all values
before comparison.
· Default: false
catalog_format
(Deprecated for 'preferred_serialization_format') What format to use to
dump the catalog. Only supports 'marshal' and 'yaml'. Only matters on
the client, since it asks the server for a specific format.
cert_inventory
A Complete listing of all certificates
· Default: $cadir/inventory.txt
certdir
The certificate directory.
· Default: $ssldir/certs
certdnsnames
The DNS names on the Server certificate as a colon-separated list. If
it's anything other than an empty string, it will be used as an alias
in the created certificate. By default, only the server gets an alias
set up, and only for 'puppet'.
certname
The name to use when handling certificates. Defaults to the fully
qualified domain name.
· Default: absinthe.lovedthanlost.net
classfile
The file in which puppetd stores a list of the classes associated with
the retrieved configuration. Can be loaded in the separate puppet
executable using the --loadclasses option.
· Default: $statedir/classes.txt
clientbucketdir
Where FileBucket files are stored locally.
· Default: $vardir/clientbucket
clientyamldir
The directory in which client-side YAML data is stored.
· Default: $vardir/client_yaml
code
Code to parse directly. This is essentially only used by puppet, and
should only be set if you're writing your own Puppet executable
color
Whether to use colors when logging to the console. Valid values are
ansi (equivalent to true), html (mostly used during testing with
TextMate), and false, which produces no color.
· Default: ansi
confdir
The main Puppet configuration directory. The default for this
parameter is calculated based on the user. If the process is runnig as
root or the user that puppetmasterd is supposed to run as, it defaults
to a system directory, but if it's running as any other user, it
defaults to being in ~.
· Default: /etc/puppet
config
The configuration file for puppetdoc.
· Default: $confdir/puppet.conf
config_version
How to determine the configuration version. By default, it will be the
time that the configuration is parsed, but you can provide a shell
script to override how the version is determined. The output of this
script will be added to every log message in the reports, allowing you
to correlate changes on your hosts to the source version on the server.
configprint
Print the value of a specific configuration parameter. If a parameter
is provided for this, then the value is printed and puppet exits.
Comma-separate multiple values. For a list of all values, specify
'all'. This feature is only available in Puppet versions higher than
0.18.4.
configtimeout
How long the client should wait for the configuration to be retrieved
before considering it a failure. This can help reduce flapping if too
many clients contact the server at one time.
· Default: 120
csrdir
Where the CA stores certificate requests
· Default: $cadir/requests
daemonize
Send the process into the background. This is the default.
· Default: true
dbadapter
The type of database to use.
· Default: sqlite3
dblocation
The database cache for client configurations. Used for querying within
the language.
· Default: $statedir/clientconfigs.sqlite3
dbmigrate
Whether to automatically migrate the database.
· Default: false
dbname
The name of the database to use.
· Default: puppet
dbpassword
The database password for Client caching. Only used when networked
databases are used.
· Default: puppet
dbserver
The database server for Client caching. Only used when networked
databases are used.
· Default: localhost
dbsocket
The database socket location. Only used when networked databases are
used. Will be ignored if the value is an empty string.
dbuser
The database user for Client caching. Only used when networked
databases are used.
· Default: puppet
diff
Which diff command to use when printing differences between files.
· Default: diff
diff_args
Which arguments to pass to the diff command when printing differences
between files.
· Default: -u
downcasefacts
Whether facts should be made all lowercase when sent to the server.
· Default: false
dynamicfacts
Facts that are dynamic; these facts will be ignored when deciding
whether changed facts should result in a recompile. Multiple facts
should be comma-separated.
· Default: memorysize,memoryfree,swapsize,swapfree
environment
The environment Puppet is running in. For clients (e.g., puppetd) this
determines the environment itself, which is used to find modules and
much more. For servers (i.e., puppetmasterd) this provides the default
environment for nodes we know nothing about.
· Default: production
evaltrace
Whether each resource should log when it is being evaluated. This
allows you to interactively see exactly what is being done.
· Default: false
external_nodes
An external command that can produce node information. The output must
be a YAML dump of a hash, and that hash must have one or both of
classes and parameters, where classes is an array and parameters is a
hash. For unknown nodes, the commands should exit with a non-zero exit
code. This command makes it straightforward to store your node mapping
information in other data sources like databases.
· Default: none
factdest
Where Puppet should store facts that it pulls down from the central
server.
· Default: $vardir/facts/
factpath
Where Puppet should look for facts. Multiple directories should be
colon-separated, like normal PATH variables.
· Default: $vardir/facts/
factsignore
What files to ignore when pulling down facts.
· Default: .svn CVS
factsource
From where to retrieve facts. The standard Puppet file type is used
for retrieval, so anything that is a valid file source can be used
here.
· Default: puppet://$server/facts/
factsync
Whether facts should be synced with the central server.
· Default: false
fileserverconfig
Where the fileserver configuration is stored.
· Default: $confdir/fileserver.conf
filetimeout
The minimum time to wait (in seconds) between checking for updates in
configuration files. This timeout determines how quickly Puppet checks
whether a file (such as manifests or templates) has changed on disk.
· Default: 15
genconfig
Whether to just print a configuration to stdout and exit. Only makes
sense when used interactively. Takes into account arguments specified
on the CLI.
· Default: false
genmanifest
Whether to just print a manifest to stdout and exit. Only makes sense
when used interactively. Takes into account arguments specified on the
CLI.
· Default: false
graph
Whether to create dot graph files for the different configuration
graphs. These dot files can be interpreted by tools like OmniGraffle
or dot (which is part of ImageMagick).
· Default: false
graphdir
Where to store dot-outputted graphs.
· Default: $statedir/graphs
group
The group puppetmasterd should run as.
· Default: puppet
hostcert
Where individual hosts store and look for their certificates.
· Default: $certdir/$certname.pem
hostcrl
Where the host's certificate revocation list can be found. This is
distinct from the certificate authority's CRL.
· Default: $ssldir/crl.pem
hostcsr
Where individual hosts store and look for their certificate requests.
· Default: $ssldir/csr_$certname.pem
hostprivkey
Where individual hosts store and look for their private key.
· Default: $privatekeydir/$certname.pem
hostpubkey
Where individual hosts store and look for their public key.
· Default: $publickeydir/$certname.pem
http_proxy_host
The HTTP proxy host to use for outgoing connections. Note: You may
need to use a FQDN for the server hostname when using a proxy.
· Default: none
http_proxy_port
The HTTP proxy port to use for outgoing connections
· Default: 3128
httplog
Where the puppetd web server logs.
· Default: $logdir/http.log
ignorecache
Ignore cache and always recompile the configuration. This is useful
for testing new configurations, where the local cache may in fact be
stale even if the timestamps are up to date - if the facts change or if
the server changes.
· Default: false
ignoreimport
A parameter that can be used in commit hooks, since it enables you to
parse-check a single file rather than requiring that all files exist.
· Default: false
ignoreschedules
Boolean; whether puppetd should ignore schedules. This is useful for
initial puppetd runs.
· Default: false
keylength
The bit length of keys.
· Default: 1024
ldapattrs
The LDAP attributes to include when querying LDAP for nodes. All
returned attributes are set as variables in the top-level scope.
Multiple values should be comma-separated. The value 'all' returns all
attributes.
· Default: all
ldapbase
The search base for LDAP searches. It's impossible to provide a
meaningful default here, although the LDAP libraries might have one
already set. Generally, it should be the 'ou=Hosts' branch under your
main directory.
ldapclassattrs
The LDAP attributes to use to define Puppet classes. Values should be
comma-separated.
· Default: puppetclass
ldapnodes
Whether to search for node configurations in LDAP. See
http://reductivelabs.com/trac/puppet/wiki/LDAPNodes for more
information.
· Default: false
ldapparentattr
The attribute to use to define the parent node.
· Default: parentnode
ldappassword
The password to use to connect to LDAP.
ldapport
The LDAP port. Only used if ldapnodes is enabled.
· Default: 389
ldapserver
The LDAP server. Only used if ldapnodes is enabled.
· Default: ldap
ldapssl
Whether SSL should be used when searching for nodes. Defaults to false
because SSL usually requires certificates to be set up on the client
side.
· Default: false
ldapstackedattrs
The LDAP attributes that should be stacked to arrays by adding the
values in all hierarchy elements of the tree. Values should be
comma-separated.
· Default: puppetvar
ldapstring
The search string used to find an LDAP node.
· Default: (&(objectclass=puppetClient)(cn=%s))
ldaptls
Whether TLS should be used when searching for nodes. Defaults to false
because TLS usually requires certificates to be set up on the client
side.
· Default: false
ldapuser
The user to use to connect to LDAP. Must be specified as a full DN.
lexical
Whether to use lexical scoping (vs. dynamic).
· Default: false
libdir
An extra search path for Puppet. This is only useful for those files
that Puppet will load on demand, and is only guaranteed to work for
those cases. In fact, the autoload mechanism is responsible for making
sure this directory is in Ruby's search path
· Default: $vardir/lib
listen
Whether puppetd should listen for connections. If this is true, then
by default only the runner server is started, which allows remote
authorized and authenticated nodes to connect and trigger puppetd runs.
· Default: false
localcacert
Where each client stores the CA certificate.
· Default: $certdir/ca.pem
localconfig
Where puppetd caches the local configuration. An extension indicating
the cache format is added automatically.
· Default: $statedir/localconfig
logdir
The Puppet log directory.
· Default: $vardir/log
manage_internal_file_permissions
Whether Puppet should manage the owner, group, and mode of files it
uses internally
· Default: true
manifest
The entry-point manifest for puppetmasterd.
· Default: $manifestdir/site.pp
manifestdir
Where puppetmasterd looks for its manifests.
· Default: $confdir/manifests
masterhttplog
Where the puppetmasterd web server logs.
· Default: $logdir/masterhttp.log
masterlog
Where puppetmasterd logs. This is generally not used, since syslog is
the default log destination.
· Default: $logdir/puppetmaster.log
masterport
Which port puppetmasterd listens on.
· Default: 8140
maximum_uid
The maximum allowed UID. Some platforms use negative UIDs but then
ship with tools that do not know how to handle signed ints, so the UIDs
show up as huge numbers that can then not be fed back into the system.
This is a hackish way to fail in a slightly more useful way when that
happens.
· Default: 4294967290
mkusers
Whether to create the necessary user and group that puppetd will run
as.
· Default: false
modulepath
The search path for modules as a colon-separated list of directories.
· Default: $confdir/modules:/usr/share/puppet/modules
name
The name of the service, if we are running as one. The default is
essentially $0 without the path or .rb.
· Default: puppetdoc
node_name
How the puppetmaster determines the client's identity and sets the
'hostname', 'fqdn' and 'domain' facts for use in the manifest, in
particular for determining which 'node' statement applies to the
client. Possible values are 'cert' (use the subject's CN in the
client's certificate) and 'facter' (use the hostname that the client
reported in its facts)
· Default: cert
node_terminus
Where to find information about nodes.
· Default: plain
noop
Whether puppetd should be run in noop mode.
· Default: false
paramcheck
Whether to validate parameters during parsing.
· Default: true
parseonly
Just check the syntax of the manifests.
· Default: false
passfile
Where puppetd stores the password for its private key. Generally
unused.
· Default: $privatedir/password
path
The shell search path. Defaults to whatever is inherited from the
parent process.
· Default: none
pidfile
The pid file
· Default: $rundir/$name.pid
plugindest
Where Puppet should store plugins that it pulls down from the central
server.
· Default: $libdir
pluginsignore
What files to ignore when pulling down plugins.
· Default: .svn CVS .git
pluginsource
From where to retrieve plugins. The standard Puppet file type is used
for retrieval, so anything that is a valid file source can be used
here.
· Default: puppet://$server/plugins
pluginsync
Whether plugins should be synced with the central server.
· Default: false
postrun_command
A command to run after every agent run. If this command returns a
non-zero return code, the entire Puppet run will be considered to have
failed, even though it might have performed work during the normal run.
preferred_serialization_format
The preferred means of serializing ruby instances for passing over the
wire. This won't guarantee that all instances will be serialized using
this method, since not all classes can be guaranteed to support this
format, but it will be used for all classes that support it.
· Default: pson
prerun_command
A command to run before every agent run. If this command returns a
non-zero return code, the entire Puppet run will fail.
privatedir
Where the client stores private certificate information.
· Default: $ssldir/private
privatekeydir
The private key directory.
· Default: $ssldir/private_keys
publickeydir
The public key directory.
· Default: $ssldir/public_keys
puppetdlockfile
A lock file to temporarily stop puppetd from doing anything.
· Default: $statedir/puppetdlock
puppetdlog
The log file for puppetd. This is generally not used.
· Default: $logdir/puppetd.log
puppetport
Which port puppetd listens on.
· Default: 8139
queue_source
Which type of queue to use for asynchronous processing. If your stomp
server requires authentication, you can include it in the URI as long
as your stomp client library is at least 1.1.1
· Default: stomp://localhost:61613/
queue_type
Which type of queue to use for asynchronous processing.
· Default: stomp
rails_loglevel
The log level for Rails connections. The value must be a valid log
level within Rails. Production environments normally use info and
other environments normally use debug.
· Default: info
railslog
Where Rails-specific logs are sent
· Default: $logdir/rails.log
report
Whether to send reports after every transaction.
· Default: false
report_port
The port to communicate with the report_server.
· Default: $masterport
report_server
The server to which to send transaction reports.
· Default: $server
reportdir
The directory in which to store reports received from the client. Each
client gets a separate subdirectory.
· Default: $vardir/reports
reportfrom
The 'from' email address for the reports.
· Default: report@absinthe.lovedthanlost.net
reports
The list of reports to generate. All reports are looked for in
puppet/reports/<name>.rb, and multiple report names should be
comma-separated (whitespace is okay).
· Default: store
reportserver
(Deprecated for 'report_server') The server to which to send
transaction reports.
· Default: $server
req_bits
The bit length of the certificates.
· Default: 2048
requestdir
Where host certificate requests are stored.
· Default: $ssldir/certificate_requests
rest_authconfig
The configuration file that defines the rights to the different rest
indirections. This can be used as a fine-grained authorization system
for puppetmasterd.
· Default: $confdir/auth.conf
rrddir
The directory where RRD database files are stored. Directories for each
reporting host will be created under this directory.
· Default: $vardir/rrd
rrdinterval
How often RRD should expect data. This should match how often the hosts
report back to the server.
· Default: $runinterval
rundir
Where Puppet PID files are kept.
· Default: $vardir/run
runinterval
How often puppetd applies the client configuration; in seconds.
· Default: 1800
sendmail
Where to find the sendmail binary with which to send email.
· Default: /usr/sbin/sendmail
serial
Where the serial number for certificates is stored.
· Default: $cadir/serial
server
The server to which server puppetd should connect
· Default: puppet
servertype
The type of server to use. Currently supported options are webrick and
mongrel. If you use mongrel, you will need a proxy in front of the
process or processes, since Mongrel cannot speak SSL.
· Default: webrick
show_diff
Whether to print a contextual diff when files are being replaced. The
diff is printed on stdout, so this option is meaningless unless you are
running Puppet interactively. This feature currently requires the
diff/lcs Ruby library.
· Default: false
signeddir
Where the CA stores signed certificates.
· Default: $cadir/signed
smtpserver
The server through which to send email reports.
· Default: none
splay
Whether to sleep for a pseudo-random (but consistent) amount of time
before a run.
· Default: false
splaylimit
The maximum time to delay before runs. Defaults to being the same as
the run interval.
· Default: $runinterval
ssl_client_header
The header containing an authenticated client's SSL DN. Only used with
Mongrel. This header must be set by the proxy to the authenticated
client's SSL DN (e.g., /CN=puppet.reductivelabs.com). See
http://reductivelabs.com/puppet/trac/wiki/UsingMongrel for more
information.
· Default: HTTP_X_CLIENT_DN
ssl_client_verify_header
The header containing the status message of the client verification.
Only used with Mongrel. This header must be set by the proxy to
'SUCCESS' if the client successfully authenticated, and anything else
otherwise. See http://reductivelabs.com/puppet/trac/wiki/UsingMongrel
for more information.
· Default: HTTP_X_CLIENT_VERIFY
ssldir
Where SSL certificates are kept.
· Default: $confdir/ssl
statedir
The directory where Puppet state is stored. Generally, this directory
can be removed without causing harm (although it might result in
spurious service restarts).
· Default: $vardir/state
statefile
Where puppetd and puppetmasterd store state associated with the running
configuration. In the case of puppetmasterd, this file reflects the
state discovered through interacting with clients.
· Default: $statedir/state.yaml
storeconfigs
Whether to store each client's configuration. This requires
ActiveRecord from Ruby on Rails.
· Default: false
strict_hostname_checking
Whether to only search for the complete hostname as it is in the
certificate when searching for node information in the catalogs.
· Default: false
summarize
Whether to print a transaction summary.
· Default: false
syslogfacility
What syslog facility to use when logging to syslog. Syslog has a fixed
list of valid facilities, and you must choose one of those; you cannot
just make one up.
· Default: daemon
tagmap
The mapping between reporting tags and email addresses.
· Default: $confdir/tagmail.conf
tags
Tags to use to find resources. If this is set, then only resources
tagged with the specified tags will be applied. Values must be
comma-separated.
templatedir
Where Puppet looks for template files. Can be a list of
colon-seperated directories.
· Default: $vardir/templates
thin_storeconfigs
Boolean; wether storeconfigs store in the database only the facts and
exported resources. If true, then storeconfigs performance will be
higher and still allow exported/collected resources, but other usage
external to Puppet might not work
· Default: false
trace
Whether to print stack traces on some errors
· Default: false
typecheck
Whether to validate types during parsing.
· Default: true
usecacheonfailure
Whether to use the cached configuration when the remote configuration
will not compile. This option is useful for testing new
configurations, where you want to fix the broken configuration rather
than reverting to a known-good one.
· Default: true
user
The user puppetmasterd should run as.
· Default: puppet
vardir
Where Puppet stores dynamic and growing data. The default for this
parameter is calculated specially, like confdir.
· Default: /var/puppet
yamldir
The directory in which YAML data is stored, usually in a subdirectory.
· Default: $vardir/yaml
zlib
Boolean; whether to use the zlib library
· Default: true
----
This page autogenerated on Mon Feb 08 23:57:07 +1100 2010
CONFIGURATION(REFERENCE)