Provided by: puppet-common_3.8.5-2ubuntu0.1_all 
This page is autogenerated; any changes will get overwritten (last generated on Tue Jan 15 12:33:09 -0800 2013)
Configuration Settings
• Each of these settings can be specified in puppet.conf or on the command line.
• When using boolean settings on the command line, use --setting and --no-setting
instead of --setting (true|false).
• Settings can be interpolated as $variables in other settings; $environment is special,
in that puppet master will interpolate each agent node´s environment instead of its
own.
• Multiple values should be specified as comma-separated lists; multiple directories
should be separated with the system path separator (usually a colon).
• Settings that represent time intervals should be specified in duration format: an
integer immediately followed by one of the units ´y´ (years of 365 days), ´d´ (days),
´h´ (hours), ´m´ (minutes), or ´s´ (seconds). The unit cannot be combined with other
units, and defaults to seconds when omitted. Examples are ´3600´ which is equivalent
to ´1h´ (one hour), and ´1825d´ which is equivalent to ´5y´ (5 years).
• Settings that take a single file or directory can optionally set the owner, group, and
mode for their value: rundir = $vardir/run { owner = puppet, group = puppet, mode =
644 }
• The Puppet executables will ignore any setting that isn´t relevant to their function.
See the configuration guide http://docs.puppetlabs.com/guides/configuring.html for more
details.
agent_catalog_run_lockfile
A lock file to indicate that a puppet agent catalog run is currently in progress. The file
contains the pid of the process that holds the lock on the catalog run.
• Default: $statedir/agent_catalog_run.lock
agent_disabled_lockfile
A lock file to indicate that puppet agent runs have been administratively disabled. File
contains a JSON object with state information.
• Default: $statedir/agent_disabled.lock
allow_duplicate_certs
Whether to allow a new certificate request to overwrite an existing certificate.
• Default: false
allow_variables_with_dashes
Permit hyphens (-) in variable names and issue deprecation warnings about them. This
setting should always be false; setting it to true will cause subtle and wide-ranging
bugs. It will be removed in a future version. Hyphenated variables caused major problems
in the language, but were allowed between Puppet 2.7.3 and 2.7.14. If you used them during
this window, we apologize for the inconvenience --- you can temporarily set this to true
in order to upgrade, and can rename your variables at your leisure. Please revert it to
false after you have renamed all affected variables.
• Default: false
archive_file_server
During an inspect run, the file bucket server to archive files to if archive_files is set.
• Default: $server
archive_files
During an inspect run, whether to archive files whose contents are audited to a file
bucket.
• Default: false
async_storeconfigs
Whether to use a queueing system to provide asynchronous database integration. Requires
that puppet queue be running.
• Default: false
autoflush
Whether log files should always flush to disk.
• Default: true
autosign
Whether to enable autosign. Valid values are true (which autosigns any key request, and is
a very bad idea), false (which never autosigns any key request), and the path to a file,
which uses that configuration file to determine which keys to sign.
• Default: $confdir/autosign.conf
bindaddress
The address a listening server should bind to.
• Default: 0.0.0.0
bucketdir
Where FileBucket files are stored.
• Default: $vardir/bucket
ca
Whether the master should function as a certificate authority.
• Default: true
ca_name
The name to use the Certificate Authority certificate.
• Default: Puppet CA: $certname
ca_port
The port to use for the certificate authority.
• Default: $masterport
ca_server
The server to use for certificate authority requests. It´s a separate server because it
cannot and does not need to horizontally scale.
• Default: $server
ca_ttl
The default TTL for new certificates. If this setting is set, ca_days is ignored. Can be
specified as a duration.
• Default: 5y
cacert
The CA certificate.
• Default: $cadir/ca_crt.pem
cacrl
The certificate revocation list (CRL) for the CA. Will be used if present but otherwise
ignored.
• Default: $cadir/ca_crl.pem
cadir
The root directory for the certificate authority.
• Default: $ssldir/ca
cakey
The CA private key.
• Default: $cadir/ca_key.pem
capass
Where the CA stores the password for the private key
• Default: $caprivatedir/ca.pass
caprivatedir
Where the CA stores private certificate information.
• Default: $cadir/private
capub
The CA public key.
• Default: $cadir/ca_pub.pem
catalog_cache_terminus
How to store cached catalogs. Valid values are ´json´ and ´yaml´. The agent application
defaults to ´json´.
Default:
catalog_format
(Deprecated for ´preferred_serialization_format´) What format to use to dump the catalog.
Only supports ´marshal´ and ´yaml´. Only matters on the client, since it asks the server
for a specific format.
catalog_terminus
Where to get node catalogs. This is useful to change if, for instance, you´d like to
pre-compile catalogs and store them in memcached or some other easily-accessed store.
• Default: compiler
cert_inventory
A Complete listing of all certificates
• Default: $cadir/inventory.txt
certdir
The certificate directory.
• Default: $ssldir/certs
certdnsnames
The certdnsnames setting is no longer functional, after CVE-2011-3872. We ignore the value
completely. For your own certificate request you can set dns_alt_names in the
configuration and it will apply locally. There is no configuration option to set DNS alt
names, or any other subjectAltName value, for another nodes certificate. Alternately you
can use the --dns_alt_names command line option to set the labels added while generating
your own CSR.
certificate_expire_warning
The window of time leading up to a certificate´s expiration that a notification will be
logged. This applies to CA, master, and agent certificates. Can be specified as a
duration.
• Default: 60d
certificate_revocation
Whether certificate revocation should be supported by downloading a Certificate Revocation
List (CRL) to all clients. If enabled, CA chaining will almost definitely not work.
• Default: true
certname
The name to use when handling certificates. Defaults to the fully qualified domain name.
• Default: sirrus.puppetlabs.lan
classfile
The file in which puppet agent stores a list of the classes associated with the retrieved
configuration. Can be loaded in the separate puppet executable using the --loadclasses
option.
• Default: $statedir/classes.txt
client_datadir
The directory in which serialized data is stored on the client.
• Default: $vardir/client_data
clientbucketdir
Where FileBucket files are stored locally.
• Default: $vardir/clientbucket
clientyamldir
The directory in which client-side YAML data is stored.
• Default: $vardir/client_yaml
code
Code to parse directly. This is essentially only used by puppet, and should only be set if
you´re writing your own Puppet executable
color
Whether to use colors when logging to the console. Valid values are ansi (equivalent to
true), html, and false, which produces no color. Defaults to false on Windows, as its
console does not support ansi colors.
• Default: ansi
confdir
The main Puppet configuration directory. The default for this setting is calculated based
on the user. If the process is running as root or the user that Puppet is supposed to run
as, it defaults to a system directory, but if it´s running as any other user, it defaults
to being in the user´s home directory.
• Default: /etc/puppet
config
The configuration file for the current puppet application
• Default: $confdir/${config_file_name}
config_file_name
The name of the puppet config file.
• Default: puppet.conf
config_version
How to determine the configuration version. By default, it will be the time that the
configuration is parsed, but you can provide a shell script to override how the version is
determined. The output of this script will be added to every log message in the reports,
allowing you to correlate changes on your hosts to the source version on the server.
configprint
Print the value of a specific configuration setting. If the name of a setting is provided
for this, then the value is printed and puppet exits. Comma-separate multiple values. For
a list of all values, specify ´all´.
configtimeout
How long the client should wait for the configuration to be retrieved before considering
it a failure. This can help reduce flapping if too many clients contact the server at one
time. Can be specified as a duration.
• Default: 2m
couchdb_url
The url where the puppet couchdb database will be created
• Default: http://127.0.0.1:5984/puppet
csrdir
Where the CA stores certificate requests
• Default: $cadir/requests
daemonize
Whether to send the process into the background. This defaults to true on POSIX systems,
and to false on Windows (where Puppet currently cannot daemonize).
• Default: true
data_binding_terminus
Where to retrive information about data.
• Default: hiera
dbadapter
The type of database to use.
• Default: sqlite3
dbconnections
The number of database connections for networked databases. Will be ignored unless the
value is a positive integer.
dblocation
The database cache for client configurations. Used for querying within the language.
• Default: $statedir/clientconfigs.sqlite3
dbmigrate
Whether to automatically migrate the database.
• Default: false
dbname
The name of the database to use.
• Default: puppet
dbpassword
The database password for caching. Only used when networked databases are used.
• Default: puppet
dbport
The database password for caching. Only used when networked databases are used.
dbserver
The database server for caching. Only used when networked databases are used.
• Default: localhost
dbsocket
The database socket location. Only used when networked databases are used. Will be ignored
if the value is an empty string.
dbuser
The database user for caching. Only used when networked databases are used.
• Default: puppet
default_file_terminus
The default source for files if no server is given in a uri, e.g. puppet:///file. The
default of rest causes the file to be retrieved using the server setting. When running
apply the default is file_server, causing requests to be filled locally.
• Default: rest
deviceconfig
Path to the device config file for puppet device
• Default: $confdir/device.conf
devicedir
The root directory of devices´ $vardir
• Default: $vardir/devices
diff
Which diff command to use when printing differences between files. This setting has no
default value on Windows, as standard diff is not available, but Puppet can use many
third-party diff tools.
• Default: diff
diff_args
Which arguments to pass to the diff command when printing differences between files. The
command to use can be chosen with the diff setting.
• Default: -u
dns_alt_names
The comma-separated list of alternative DNS names to use for the local host. When the node
generates a CSR for itself, these are added to the request as the desired subjectAltName
in the certificate: additional DNS labels that the certificate is also valid answering as.
This is generally required if you use a non-hostname certname, or if you want to use
puppet kick or puppet resource -H and the primary certname does not match the DNS name you
use to communicate with the host. This is unnecessary for agents, unless you intend to use
them as a server for puppet kick or remote puppet resource management. It is rarely
necessary for servers; it is usually helpful only if you need to have a pool of multiple
load balanced masters, or for the same master to respond on two physically separate
networks under different names.
document_all
Document all resources
• Default: false
dynamicfacts
(Deprecated) Facts that are dynamic; these facts will be ignored when deciding whether
changed facts should result in a recompile. Multiple facts should be comma-separated.
• Default: memorysize,memoryfree,swapsize,swapfree
environment
The environment Puppet is running in. For clients (e.g., puppet agent) this determines the
environment itself, which is used to find modules and much more. For servers (i.e., puppet
master) this provides the default environment for nodes we know nothing about.
• Default: production
evaltrace
Whether each resource should log when it is being evaluated. This allows you to
interactively see exactly what is being done.
• Default: false
external_nodes
An external command that can produce node information. The command´s output must be a YAML
dump of a hash, and that hash must have a classes key and/or a parameters key, where
classes is an array or hash and parameters is a hash. For unknown nodes, the command
should exit with a non-zero exit code. This command makes it straightforward to store your
node mapping information in other data sources like databases.
• Default: none
factpath
Where Puppet should look for facts. Multiple directories should be separated by the system
path separator character. (The POSIX path separator is ´:´, and the Windows path separator
is ´;´.)
• Default: $vardir/lib/facter:$vardir/facts
facts_terminus
The node facts terminus.
• Default: facter
fileserverconfig
Where the fileserver configuration is stored.
• Default: $confdir/fileserver.conf
filetimeout
The minimum time to wait between checking for updates in configuration files. This timeout
determines how quickly Puppet checks whether a file (such as manifests or templates) has
changed on disk. Can be specified as a duration.
• Default: 15s
freeze_main
Freezes the ´main´ class, disallowing any code to be added to it. This essentially means
that you can´t have any code outside of a node, class, or definition other than in the
site manifest.
• Default: false
genconfig
Whether to just print a configuration to stdout and exit. Only makes sense when used
interactively. Takes into account arguments specified on the CLI.
• Default: false
genmanifest
Whether to just print a manifest to stdout and exit. Only makes sense when used
interactively. Takes into account arguments specified on the CLI.
• Default: false
graph
Whether to create dot graph files for the different configuration graphs. These dot files
can be interpreted by tools like OmniGraffle or dot (which is part of ImageMagick).
• Default: false
graphdir
Where to store dot-outputted graphs.
• Default: $statedir/graphs
group
The group puppet master should run as.
• Default: puppet
hiera_config
The hiera configuration file
• Default: $confdir/hiera.yaml
hostcert
Where individual hosts store and look for their certificates.
• Default: $certdir/$certname.pem
hostcrl
Where the host´s certificate revocation list can be found. This is distinct from the
certificate authority´s CRL.
• Default: $ssldir/crl.pem
hostcsr
Where individual hosts store and look for their certificate requests.
• Default: $ssldir/csr_$certname.pem
hostprivkey
Where individual hosts store and look for their private key.
• Default: $privatekeydir/$certname.pem
hostpubkey
Where individual hosts store and look for their public key.
• Default: $publickeydir/$certname.pem
http_compression
Allow http compression in REST communication with the master. This setting might improve
performance for agent -> master communications over slow WANs. Your puppet master needs to
support compression (usually by activating some settings in a reverse-proxy in front of
the puppet master, which rules out webrick). It is harmless to activate this settings if
your master doesn´t support compression, but if it supports it, this setting might reduce
performance on high-speed LANs.
• Default: false
http_proxy_host
The HTTP proxy host to use for outgoing connections. Note: You may need to use a FQDN for
the server hostname when using a proxy.
• Default: none
http_proxy_port
The HTTP proxy port to use for outgoing connections
• Default: 3128
httplog
Where the puppet agent web server logs.
• Default: $logdir/http.log
ignorecache
Ignore cache and always recompile the configuration. This is useful for testing new
configurations, where the local cache may in fact be stale even if the timestamps are up
to date - if the facts change or if the server changes.
• Default: false
ignoreimport
If true, allows the parser to continue without requiring all files referenced with import
statements to exist. This setting was primarily designed for use with commit hooks for
parse-checking.
• Default: false
ignoreschedules
Boolean; whether puppet agent should ignore schedules. This is useful for initial puppet
agent runs.
• Default: false
inventory_port
The port to communicate with the inventory_server.
• Default: $masterport
inventory_server
The server to send facts to.
• Default: $server
inventory_terminus
Should usually be the same as the facts terminus
• Default: $facts_terminus
keylength
The bit length of keys.
• Default: 4096
lastrunfile
Where puppet agent stores the last run report summary in yaml format.
• Default: $statedir/last_run_summary.yaml
lastrunreport
Where puppet agent stores the last run report in yaml format.
• Default: $statedir/last_run_report.yaml
ldapattrs
The LDAP attributes to include when querying LDAP for nodes. All returned attributes are
set as variables in the top-level scope. Multiple values should be comma-separated. The
value ´all´ returns all attributes.
• Default: all
ldapbase
The search base for LDAP searches. It´s impossible to provide a meaningful default here,
although the LDAP libraries might have one already set. Generally, it should be the
´ou=Hosts´ branch under your main directory.
ldapclassattrs
The LDAP attributes to use to define Puppet classes. Values should be comma-separated.
• Default: puppetclass
ldapparentattr
The attribute to use to define the parent node.
• Default: parentnode
ldappassword
The password to use to connect to LDAP.
ldapport
The LDAP port. Only used if node_terminus is set to ldap.
• Default: 389
ldapserver
The LDAP server. Only used if node_terminus is set to ldap.
• Default: ldap
ldapssl
Whether SSL should be used when searching for nodes. Defaults to false because SSL usually
requires certificates to be set up on the client side.
• Default: false
ldapstackedattrs
The LDAP attributes that should be stacked to arrays by adding the values in all hierarchy
elements of the tree. Values should be comma-separated.
• Default: puppetvar
ldapstring
The search string used to find an LDAP node.
• Default: (&(objectclass=puppetClient)(cn=%s))
ldaptls
Whether TLS should be used when searching for nodes. Defaults to false because TLS usually
requires certificates to be set up on the client side.
• Default: false
ldapuser
The user to use to connect to LDAP. Must be specified as a full DN.
libdir
An extra search path for Puppet. This is only useful for those files that Puppet will load
on demand, and is only guaranteed to work for those cases. In fact, the autoload mechanism
is responsible for making sure this directory is in Ruby´s search path
• Default: $vardir/lib
listen
Whether puppet agent should listen for connections. If this is true, then puppet agent
will accept incoming REST API requests, subject to the default ACLs and the ACLs set in
the rest_authconfig file. Puppet agent can respond usefully to requests on the run, facts,
certificate, and resource endpoints.
• Default: false
localcacert
Where each client stores the CA certificate.
• Default: $certdir/ca.pem
localconfig
Where puppet agent caches the local configuration. An extension indicating the cache
format is added automatically.
• Default: $statedir/localconfig
logdir
The directory in which to store log files
Default:
manage_internal_file_permissions
Whether Puppet should manage the owner, group, and mode of files it uses internally
• Default: true
manifest
The entry-point manifest for puppet master.
• Default: $manifestdir/site.pp
manifestdir
Where puppet master looks for its manifests.
• Default: $confdir/manifests
masterhttplog
Where the puppet master web server logs.
• Default: $logdir/masterhttp.log
masterlog
Where puppet master logs. This is generally not used, since syslog is the default log
destination.
• Default: $logdir/puppetmaster.log
masterport
Which port puppet master listens on.
• Default: 8140
maximum_uid
The maximum allowed UID. Some platforms use negative UIDs but then ship with tools that do
not know how to handle signed ints, so the UIDs show up as huge numbers that can then not
be fed back into the system. This is a hackish way to fail in a slightly more useful way
when that happens.
• Default: 4294967290
mkusers
Whether to create the necessary user and group that puppet agent will run as.
• Default: false
module_repository
The module repository
• Default: https://forge.puppetlabs.com
module_working_dir
The directory into which module tool data is stored
• Default: $vardir/puppet-module
modulepath
The search path for modules, as a list of directories separated by the system path
separator character. (The POSIX path separator is ´:´, and the Windows path separator is
´;´.)
• Default: $confdir/modules:/usr/share/puppet/modules
name
The name of the application, if we are running as one. The default is essentially $0
without the path or .rb.
Default:
node_cache_terminus
How to store cached nodes. Valid values are (none), ´json´, ´yaml´ or write only yaml
(´write_only_yaml´). The master application defaults to ´write_only_yaml´, all others to
none.
Default:
node_name
How the puppet master determines the client´s identity and sets the ´hostname´, ´fqdn´ and
´domain´ facts for use in the manifest, in particular for determining which ´node´
statement applies to the client. Possible values are ´cert´ (use the subject´s CN in the
client´s certificate) and ´facter´ (use the hostname that the client reported in its
facts)
• Default: cert
node_name_fact
The fact name used to determine the node name used for all requests the agent makes to the
master. WARNING: This setting is mutually exclusive with node_name_value. Changing this
setting also requires changes to the default auth.conf configuration on the Puppet Master.
Please see http://links.puppetlabs.com/node_name_fact for more information.
node_name_value
The explicit value used for the node name for all requests the agent makes to the master.
WARNING: This setting is mutually exclusive with node_name_fact. Changing this setting
also requires changes to the default auth.conf configuration on the Puppet Master. Please
see http://links.puppetlabs.com/node_name_value for more information.
• Default: $certname
node_terminus
Where to find information about nodes.
• Default: plain
noop
Whether puppet agent should be run in noop mode.
• Default: false
onetime
Run the configuration once, rather than as a long-running daemon. This is useful for
interactively running puppetd.
• Default: false
passfile
Where puppet agent stores the password for its private key. Generally unused.
• Default: $privatedir/password
path
The shell search path. Defaults to whatever is inherited from the parent process.
• Default: none
pidfile
The file containing the PID of a running process. This file is intended to be used by
service management frameworks and monitoring systems to determine if a puppet process is
still in the process table.
• Default: $rundir/${run_mode}.pid
plugindest
Where Puppet should store plugins that it pulls down from the central server.
• Default: $libdir
pluginsignore
What files to ignore when pulling down plugins.
• Default: .svn CVS .git
pluginsource
From where to retrieve plugins. The standard Puppet file type is used for retrieval, so
anything that is a valid file source can be used here.
• Default: puppet://$server/plugins
pluginsync
Whether plugins should be synced with the central server.
• Default: true
postrun_command
A command to run after every agent run. If this command returns a non-zero return code,
the entire Puppet run will be considered to have failed, even though it might have
performed work during the normal run.
preferred_serialization_format
The preferred means of serializing ruby instances for passing over the wire. This won´t
guarantee that all instances will be serialized using this method, since not all classes
can be guaranteed to support this format, but it will be used for all classes that support
it.
• Default: pson
prerun_command
A command to run before every agent run. If this command returns a non-zero return code,
the entire Puppet run will fail.
privatedir
Where the client stores private certificate information.
• Default: $ssldir/private
privatekeydir
The private key directory.
• Default: $ssldir/private_keys
publickeydir
The public key directory.
• Default: $ssldir/public_keys
puppetdlog
The log file for puppet agent. This is generally not used.
• Default: $logdir/puppetd.log
puppetport
Which port puppet agent listens on.
• Default: 8139
queue_source
Which type of queue to use for asynchronous processing. If your stomp server requires
authentication, you can include it in the URI as long as your stomp client library is at
least 1.1.1
• Default: stomp://localhost:61613/
queue_type
Which type of queue to use for asynchronous processing.
• Default: stomp
rails_loglevel
The log level for Rails connections. The value must be a valid log level within Rails.
Production environments normally use info and other environments normally use debug.
• Default: info
railslog
Where Rails-specific logs are sent
• Default: $logdir/rails.log
report
Whether to send reports after every transaction.
• Default: true
report_port
The port to communicate with the report_server.
• Default: $masterport
report_server
The server to send transaction reports to.
• Default: $server
reportdir
The directory in which to store reports received from the client. Each client gets a
separate subdirectory.
• Default: $vardir/reports
reportfrom
The ´from´ email address for the reports.
• Default: report@sirrus.puppetlabs.lan
reports
The list of reports to generate. All reports are looked for in puppet/reports/name.rb, and
multiple report names should be comma-separated (whitespace is okay).
• Default: store
reporturl
The URL used by the http reports processor to send reports
• Default: http://localhost:3000/reports/upload
req_bits
The bit length of the certificates.
• Default: 4096
requestdir
Where host certificate requests are stored.
• Default: $ssldir/certificate_requests
resourcefile
The file in which puppet agent stores a list of the resources associated with the
retrieved configuration.
• Default: $statedir/resources.txt
rest_authconfig
The configuration file that defines the rights to the different rest indirections. This
can be used as a fine-grained authorization system for puppet master.
• Default: $confdir/auth.conf
route_file
The YAML file containing indirector route configuration.
• Default: $confdir/routes.yaml
rrddir
The directory where RRD database files are stored. Directories for each reporting host
will be created under this directory.
• Default: $vardir/rrd
rrdinterval
How often RRD should expect data. This should match how often the hosts report back to the
server. Can be specified as a duration.
• Default: $runinterval
rundir
Where Puppet PID files are kept.
Default:
runinterval
How often puppet agent applies the client configuration; in seconds. Note that a
runinterval of 0 means "run continuously" rather than "never run." If you want puppet
agent to never run, you should start it with the --no-client option. Can be specified as a
duration.
• Default: 30m
sendmail
Where to find the sendmail binary with which to send email.
• Default: /usr/sbin/sendmail
serial
Where the serial number for certificates is stored.
• Default: $cadir/serial
server
The server to which the puppet agent should connect
• Default: puppet
server_datadir
The directory in which serialized data is stored, usually in a subdirectory.
• Default: $vardir/server_data
show_diff
Whether to log and report a contextual diff when files are being replaced. This causes
partial file contents to pass through Puppet´s normal logging and reporting system, so
this setting should be used with caution if you are sending Puppet´s reports to an
insecure destination. This feature currently requires the diff/lcs Ruby library.
• Default: false
signeddir
Where the CA stores signed certificates.
• Default: $cadir/signed
smtpserver
The server through which to send email reports.
• Default: none
splay
Whether to sleep for a pseudo-random (but consistent) amount of time before a run.
• Default: false
splaylimit
The maximum time to delay before runs. Defaults to being the same as the run interval. Can
be specified as a duration.
• Default: $runinterval
srv_domain
The domain which will be queried to find the SRV records of servers to use.
• Default: puppetlabs.lan
ssl_client_ca_auth
Certificate authorities who issue server certificates. SSL servers will not be considered
authentic unless they posses a certificate issued by an authority listed in this file. If
this setting has no value then the Puppet master´s CA certificate (localcacert) will be
used.
Default:
ssl_client_header
The header containing an authenticated client´s SSL DN. This header must be set by the
proxy to the authenticated client´s SSL DN (e.g., /CN=puppet.puppetlabs.com).
• Default: HTTP_X_CLIENT_DN
ssl_client_verify_header
The header containing the status message of the client verification. This header must be
set by the proxy to ´SUCCESS´ if the client successfully authenticated, and anything else
otherwise.
• Default: HTTP_X_CLIENT_VERIFY
ssl_server_ca_auth
Certificate authorities who issue client certificates. SSL clients will not be considered
authentic unless they posses a certificate issued by an authority listed in this file. If
this setting has no value then the Puppet master´s CA certificate (localcacert) will be
used.
Default:
ssldir
Where SSL certificates are kept.
• Default: $confdir/ssl
statedir
The directory where Puppet state is stored. Generally, this directory can be removed
without causing harm (although it might result in spurious service restarts).
• Default: $vardir/state
statefile
Where puppet agent and puppet master store state associated with the running
configuration. In the case of puppet master, this file reflects the state discovered
through interacting with clients.
• Default: $statedir/state.yaml
storeconfigs
Whether to store each client´s configuration, including catalogs, facts, and related data.
This also enables the import and export of resources in the Puppet language - a mechanism
for exchange resources between nodes. By default this uses ActiveRecord and an SQL
database to store and query the data; this, in turn, will depend on Rails being available.
You can adjust the backend using the storeconfigs_backend setting.
• Default: false
storeconfigs_backend
Configure the backend terminus used for StoreConfigs. By default, this uses the
ActiveRecord store, which directly talks to the database from within the Puppet Master
process.
• Default: active_record
strict_hostname_checking
Whether to only search for the complete hostname as it is in the certificate when
searching for node information in the catalogs.
• Default: false
summarize
Whether to print a transaction summary.
• Default: false
syslogfacility
What syslog facility to use when logging to syslog. Syslog has a fixed list of valid
facilities, and you must choose one of those; you cannot just make one up.
• Default: daemon
tagmap
The mapping between reporting tags and email addresses.
• Default: $confdir/tagmail.conf
tags
Tags to use to find resources. If this is set, then only resources tagged with the
specified tags will be applied. Values must be comma-separated.
templatedir
Where Puppet looks for template files. Can be a list of colon-separated directories.
• Default: $vardir/templates
thin_storeconfigs
Boolean; whether Puppet should store only facts and exported resources in the storeconfigs
database. This will improve the performance of exported resources with the older
active_record backend, but will disable external tools that search the storeconfigs
database. Thinning catalogs is generally unnecessary when using PuppetDB to store
catalogs.
• Default: false
trace
Whether to print stack traces on some errors
• Default: false
use_cached_catalog
Whether to only use the cached catalog rather than compiling a new catalog on every run.
Puppet can be run with this enabled by default and then selectively disabled when a
recompile is desired.
• Default: false
use_srv_records
Whether the server will search for SRV records in DNS for the current domain.
• Default: false
usecacheonfailure
Whether to use the cached configuration when the remote configuration will not compile.
This option is useful for testing new configurations, where you want to fix the broken
configuration rather than reverting to a known-good one.
• Default: true
user
The user puppet master should run as.
• Default: puppet
vardir
Where Puppet stores dynamic and growing data. The default for this setting is calculated
specially, like confdir_.
• Default: /var/lib/puppet
waitforcert
The time interval ´puppet agent´ should connect to the server and ask it to sign a
certificate request. This is useful for the initial setup of a puppet client. You can turn
off waiting for certificates by specifying a time of 0. Can be specified as a duration.
• Default: 2m
yamldir
The directory in which YAML data is stored, usually in a subdirectory.
• Default: $vardir/yaml
zlib
Boolean; whether to use the zlib library
• Default: true
This page autogenerated on Tue Jan 15 12:33:09 -0800 2013