Provided by: puppet-common_3.8.5-2ubuntu0.1_all 
This page is autogenerated; any changes will get overwritten (last generated on Tue Jan 15 12:33:09 -0800 2013)
Configuration Settings
• Each of these settings can be specified in puppet.conf or on the command line.
• When using boolean settings on the command line, use --setting and --no-setting instead of --setting
(true|false).
• Settings can be interpolated as $variables in other settings; $environment is special, in that puppet
master will interpolate each agent node´s environment instead of its own.
• Multiple values should be specified as comma-separated lists; multiple directories should be
separated with the system path separator (usually a colon).
• Settings that represent time intervals should be specified in duration format: an integer immediately
followed by one of the units ´y´ (years of 365 days), ´d´ (days), ´h´ (hours), ´m´ (minutes), or ´s´
(seconds). The unit cannot be combined with other units, and defaults to seconds when omitted.
Examples are ´3600´ which is equivalent to ´1h´ (one hour), and ´1825d´ which is equivalent to ´5y´
(5 years).
• Settings that take a single file or directory can optionally set the owner, group, and mode for their
value: rundir = $vardir/run { owner = puppet, group = puppet, mode = 644 }
• The Puppet executables will ignore any setting that isn´t relevant to their function.
See the configuration guide http://docs.puppetlabs.com/guides/configuring.html for more details.
agent_catalog_run_lockfile
A lock file to indicate that a puppet agent catalog run is currently in progress. The file contains the
pid of the process that holds the lock on the catalog run.
• Default: $statedir/agent_catalog_run.lock
agent_disabled_lockfile
A lock file to indicate that puppet agent runs have been administratively disabled. File contains a JSON
object with state information.
• Default: $statedir/agent_disabled.lock
allow_duplicate_certs
Whether to allow a new certificate request to overwrite an existing certificate.
• Default: false
allow_variables_with_dashes
Permit hyphens (-) in variable names and issue deprecation warnings about them. This setting should
always be false; setting it to true will cause subtle and wide-ranging bugs. It will be removed in a
future version. Hyphenated variables caused major problems in the language, but were allowed between
Puppet 2.7.3 and 2.7.14. If you used them during this window, we apologize for the inconvenience --- you
can temporarily set this to true in order to upgrade, and can rename your variables at your leisure.
Please revert it to false after you have renamed all affected variables.
• Default: false
archive_file_server
During an inspect run, the file bucket server to archive files to if archive_files is set.
• Default: $server
archive_files
During an inspect run, whether to archive files whose contents are audited to a file bucket.
• Default: false
async_storeconfigs
Whether to use a queueing system to provide asynchronous database integration. Requires that puppet queue
be running.
• Default: false
autoflush
Whether log files should always flush to disk.
• Default: true
autosign
Whether to enable autosign. Valid values are true (which autosigns any key request, and is a very bad
idea), false (which never autosigns any key request), and the path to a file, which uses that
configuration file to determine which keys to sign.
• Default: $confdir/autosign.conf
bindaddress
The address a listening server should bind to.
• Default: 0.0.0.0
bucketdir
Where FileBucket files are stored.
• Default: $vardir/bucket
ca
Whether the master should function as a certificate authority.
• Default: true
ca_name
The name to use the Certificate Authority certificate.
• Default: Puppet CA: $certname
ca_port
The port to use for the certificate authority.
• Default: $masterport
ca_server
The server to use for certificate authority requests. It´s a separate server because it cannot and does
not need to horizontally scale.
• Default: $server
ca_ttl
The default TTL for new certificates. If this setting is set, ca_days is ignored. Can be specified as a
duration.
• Default: 5y
cacert
The CA certificate.
• Default: $cadir/ca_crt.pem
cacrl
The certificate revocation list (CRL) for the CA. Will be used if present but otherwise ignored.
• Default: $cadir/ca_crl.pem
cadir
The root directory for the certificate authority.
• Default: $ssldir/ca
cakey
The CA private key.
• Default: $cadir/ca_key.pem
capass
Where the CA stores the password for the private key
• Default: $caprivatedir/ca.pass
caprivatedir
Where the CA stores private certificate information.
• Default: $cadir/private
capub
The CA public key.
• Default: $cadir/ca_pub.pem
catalog_cache_terminus
How to store cached catalogs. Valid values are ´json´ and ´yaml´. The agent application defaults to
´json´.
Default:
catalog_format
(Deprecated for ´preferred_serialization_format´) What format to use to dump the catalog. Only supports
´marshal´ and ´yaml´. Only matters on the client, since it asks the server for a specific format.
catalog_terminus
Where to get node catalogs. This is useful to change if, for instance, you´d like to pre-compile catalogs
and store them in memcached or some other easily-accessed store.
• Default: compiler
cert_inventory
A Complete listing of all certificates
• Default: $cadir/inventory.txt
certdir
The certificate directory.
• Default: $ssldir/certs
certdnsnames
The certdnsnames setting is no longer functional, after CVE-2011-3872. We ignore the value completely.
For your own certificate request you can set dns_alt_names in the configuration and it will apply
locally. There is no configuration option to set DNS alt names, or any other subjectAltName value, for
another nodes certificate. Alternately you can use the --dns_alt_names command line option to set the
labels added while generating your own CSR.
certificate_expire_warning
The window of time leading up to a certificate´s expiration that a notification will be logged. This
applies to CA, master, and agent certificates. Can be specified as a duration.
• Default: 60d
certificate_revocation
Whether certificate revocation should be supported by downloading a Certificate Revocation List (CRL) to
all clients. If enabled, CA chaining will almost definitely not work.
• Default: true
certname
The name to use when handling certificates. Defaults to the fully qualified domain name.
• Default: sirrus.puppetlabs.lan
classfile
The file in which puppet agent stores a list of the classes associated with the retrieved configuration.
Can be loaded in the separate puppet executable using the --loadclasses option.
• Default: $statedir/classes.txt
client_datadir
The directory in which serialized data is stored on the client.
• Default: $vardir/client_data
clientbucketdir
Where FileBucket files are stored locally.
• Default: $vardir/clientbucket
clientyamldir
The directory in which client-side YAML data is stored.
• Default: $vardir/client_yaml
code
Code to parse directly. This is essentially only used by puppet, and should only be set if you´re writing
your own Puppet executable
color
Whether to use colors when logging to the console. Valid values are ansi (equivalent to true), html, and
false, which produces no color. Defaults to false on Windows, as its console does not support ansi
colors.
• Default: ansi
confdir
The main Puppet configuration directory. The default for this setting is calculated based on the user. If
the process is running as root or the user that Puppet is supposed to run as, it defaults to a system
directory, but if it´s running as any other user, it defaults to being in the user´s home directory.
• Default: /etc/puppet
config
The configuration file for the current puppet application
• Default: $confdir/${config_file_name}
config_file_name
The name of the puppet config file.
• Default: puppet.conf
config_version
How to determine the configuration version. By default, it will be the time that the configuration is
parsed, but you can provide a shell script to override how the version is determined. The output of this
script will be added to every log message in the reports, allowing you to correlate changes on your hosts
to the source version on the server.
configprint
Print the value of a specific configuration setting. If the name of a setting is provided for this, then
the value is printed and puppet exits. Comma-separate multiple values. For a list of all values, specify
´all´.
configtimeout
How long the client should wait for the configuration to be retrieved before considering it a failure.
This can help reduce flapping if too many clients contact the server at one time. Can be specified as a
duration.
• Default: 2m
couchdb_url
The url where the puppet couchdb database will be created
• Default: http://127.0.0.1:5984/puppet
csrdir
Where the CA stores certificate requests
• Default: $cadir/requests
daemonize
Whether to send the process into the background. This defaults to true on POSIX systems, and to false on
Windows (where Puppet currently cannot daemonize).
• Default: true
data_binding_terminus
Where to retrive information about data.
• Default: hiera
dbadapter
The type of database to use.
• Default: sqlite3
dbconnections
The number of database connections for networked databases. Will be ignored unless the value is a
positive integer.
dblocation
The database cache for client configurations. Used for querying within the language.
• Default: $statedir/clientconfigs.sqlite3
dbmigrate
Whether to automatically migrate the database.
• Default: false
dbname
The name of the database to use.
• Default: puppet
dbpassword
The database password for caching. Only used when networked databases are used.
• Default: puppet
dbport
The database password for caching. Only used when networked databases are used.
dbserver
The database server for caching. Only used when networked databases are used.
• Default: localhost
dbsocket
The database socket location. Only used when networked databases are used. Will be ignored if the value
is an empty string.
dbuser
The database user for caching. Only used when networked databases are used.
• Default: puppet
default_file_terminus
The default source for files if no server is given in a uri, e.g. puppet:///file. The default of rest
causes the file to be retrieved using the server setting. When running apply the default is file_server,
causing requests to be filled locally.
• Default: rest
deviceconfig
Path to the device config file for puppet device
• Default: $confdir/device.conf
devicedir
The root directory of devices´ $vardir
• Default: $vardir/devices
diff
Which diff command to use when printing differences between files. This setting has no default value on
Windows, as standard diff is not available, but Puppet can use many third-party diff tools.
• Default: diff
diff_args
Which arguments to pass to the diff command when printing differences between files. The command to use
can be chosen with the diff setting.
• Default: -u
dns_alt_names
The comma-separated list of alternative DNS names to use for the local host. When the node generates a
CSR for itself, these are added to the request as the desired subjectAltName in the certificate:
additional DNS labels that the certificate is also valid answering as. This is generally required if you
use a non-hostname certname, or if you want to use puppet kick or puppet resource -H and the primary
certname does not match the DNS name you use to communicate with the host. This is unnecessary for
agents, unless you intend to use them as a server for puppet kick or remote puppet resource management.
It is rarely necessary for servers; it is usually helpful only if you need to have a pool of multiple
load balanced masters, or for the same master to respond on two physically separate networks under
different names.
document_all
Document all resources
• Default: false
dynamicfacts
(Deprecated) Facts that are dynamic; these facts will be ignored when deciding whether changed facts
should result in a recompile. Multiple facts should be comma-separated.
• Default: memorysize,memoryfree,swapsize,swapfree
environment
The environment Puppet is running in. For clients (e.g., puppet agent) this determines the environment
itself, which is used to find modules and much more. For servers (i.e., puppet master) this provides the
default environment for nodes we know nothing about.
• Default: production
evaltrace
Whether each resource should log when it is being evaluated. This allows you to interactively see exactly
what is being done.
• Default: false
external_nodes
An external command that can produce node information. The command´s output must be a YAML dump of a
hash, and that hash must have a classes key and/or a parameters key, where classes is an array or hash
and parameters is a hash. For unknown nodes, the command should exit with a non-zero exit code. This
command makes it straightforward to store your node mapping information in other data sources like
databases.
• Default: none
factpath
Where Puppet should look for facts. Multiple directories should be separated by the system path separator
character. (The POSIX path separator is ´:´, and the Windows path separator is ´;´.)
• Default: $vardir/lib/facter:$vardir/facts
facts_terminus
The node facts terminus.
• Default: facter
fileserverconfig
Where the fileserver configuration is stored.
• Default: $confdir/fileserver.conf
filetimeout
The minimum time to wait between checking for updates in configuration files. This timeout determines how
quickly Puppet checks whether a file (such as manifests or templates) has changed on disk. Can be
specified as a duration.
• Default: 15s
freeze_main
Freezes the ´main´ class, disallowing any code to be added to it. This essentially means that you can´t
have any code outside of a node, class, or definition other than in the site manifest.
• Default: false
genconfig
Whether to just print a configuration to stdout and exit. Only makes sense when used interactively. Takes
into account arguments specified on the CLI.
• Default: false
genmanifest
Whether to just print a manifest to stdout and exit. Only makes sense when used interactively. Takes into
account arguments specified on the CLI.
• Default: false
graph
Whether to create dot graph files for the different configuration graphs. These dot files can be
interpreted by tools like OmniGraffle or dot (which is part of ImageMagick).
• Default: false
graphdir
Where to store dot-outputted graphs.
• Default: $statedir/graphs
group
The group puppet master should run as.
• Default: puppet
hiera_config
The hiera configuration file
• Default: $confdir/hiera.yaml
hostcert
Where individual hosts store and look for their certificates.
• Default: $certdir/$certname.pem
hostcrl
Where the host´s certificate revocation list can be found. This is distinct from the certificate
authority´s CRL.
• Default: $ssldir/crl.pem
hostcsr
Where individual hosts store and look for their certificate requests.
• Default: $ssldir/csr_$certname.pem
hostprivkey
Where individual hosts store and look for their private key.
• Default: $privatekeydir/$certname.pem
hostpubkey
Where individual hosts store and look for their public key.
• Default: $publickeydir/$certname.pem
http_compression
Allow http compression in REST communication with the master. This setting might improve performance for
agent -> master communications over slow WANs. Your puppet master needs to support compression (usually
by activating some settings in a reverse-proxy in front of the puppet master, which rules out webrick).
It is harmless to activate this settings if your master doesn´t support compression, but if it supports
it, this setting might reduce performance on high-speed LANs.
• Default: false
http_proxy_host
The HTTP proxy host to use for outgoing connections. Note: You may need to use a FQDN for the server
hostname when using a proxy.
• Default: none
http_proxy_port
The HTTP proxy port to use for outgoing connections
• Default: 3128
httplog
Where the puppet agent web server logs.
• Default: $logdir/http.log
ignorecache
Ignore cache and always recompile the configuration. This is useful for testing new configurations, where
the local cache may in fact be stale even if the timestamps are up to date - if the facts change or if
the server changes.
• Default: false
ignoreimport
If true, allows the parser to continue without requiring all files referenced with import statements to
exist. This setting was primarily designed for use with commit hooks for parse-checking.
• Default: false
ignoreschedules
Boolean; whether puppet agent should ignore schedules. This is useful for initial puppet agent runs.
• Default: false
inventory_port
The port to communicate with the inventory_server.
• Default: $masterport
inventory_server
The server to send facts to.
• Default: $server
inventory_terminus
Should usually be the same as the facts terminus
• Default: $facts_terminus
keylength
The bit length of keys.
• Default: 4096
lastrunfile
Where puppet agent stores the last run report summary in yaml format.
• Default: $statedir/last_run_summary.yaml
lastrunreport
Where puppet agent stores the last run report in yaml format.
• Default: $statedir/last_run_report.yaml
ldapattrs
The LDAP attributes to include when querying LDAP for nodes. All returned attributes are set as variables
in the top-level scope. Multiple values should be comma-separated. The value ´all´ returns all
attributes.
• Default: all
ldapbase
The search base for LDAP searches. It´s impossible to provide a meaningful default here, although the
LDAP libraries might have one already set. Generally, it should be the ´ou=Hosts´ branch under your main
directory.
ldapclassattrs
The LDAP attributes to use to define Puppet classes. Values should be comma-separated.
• Default: puppetclass
ldapparentattr
The attribute to use to define the parent node.
• Default: parentnode
ldappassword
The password to use to connect to LDAP.
ldapport
The LDAP port. Only used if node_terminus is set to ldap.
• Default: 389
ldapserver
The LDAP server. Only used if node_terminus is set to ldap.
• Default: ldap
ldapssl
Whether SSL should be used when searching for nodes. Defaults to false because SSL usually requires
certificates to be set up on the client side.
• Default: false
ldapstackedattrs
The LDAP attributes that should be stacked to arrays by adding the values in all hierarchy elements of
the tree. Values should be comma-separated.
• Default: puppetvar
ldapstring
The search string used to find an LDAP node.
• Default: (&(objectclass=puppetClient)(cn=%s))
ldaptls
Whether TLS should be used when searching for nodes. Defaults to false because TLS usually requires
certificates to be set up on the client side.
• Default: false
ldapuser
The user to use to connect to LDAP. Must be specified as a full DN.
libdir
An extra search path for Puppet. This is only useful for those files that Puppet will load on demand, and
is only guaranteed to work for those cases. In fact, the autoload mechanism is responsible for making
sure this directory is in Ruby´s search path
• Default: $vardir/lib
listen
Whether puppet agent should listen for connections. If this is true, then puppet agent will accept
incoming REST API requests, subject to the default ACLs and the ACLs set in the rest_authconfig file.
Puppet agent can respond usefully to requests on the run, facts, certificate, and resource endpoints.
• Default: false
localcacert
Where each client stores the CA certificate.
• Default: $certdir/ca.pem
localconfig
Where puppet agent caches the local configuration. An extension indicating the cache format is added
automatically.
• Default: $statedir/localconfig
logdir
The directory in which to store log files
Default:
manage_internal_file_permissions
Whether Puppet should manage the owner, group, and mode of files it uses internally
• Default: true
manifest
The entry-point manifest for puppet master.
• Default: $manifestdir/site.pp
manifestdir
Where puppet master looks for its manifests.
• Default: $confdir/manifests
masterhttplog
Where the puppet master web server logs.
• Default: $logdir/masterhttp.log
masterlog
Where puppet master logs. This is generally not used, since syslog is the default log destination.
• Default: $logdir/puppetmaster.log
masterport
Which port puppet master listens on.
• Default: 8140
maximum_uid
The maximum allowed UID. Some platforms use negative UIDs but then ship with tools that do not know how
to handle signed ints, so the UIDs show up as huge numbers that can then not be fed back into the system.
This is a hackish way to fail in a slightly more useful way when that happens.
• Default: 4294967290
mkusers
Whether to create the necessary user and group that puppet agent will run as.
• Default: false
module_repository
The module repository
• Default: https://forge.puppetlabs.com
module_working_dir
The directory into which module tool data is stored
• Default: $vardir/puppet-module
modulepath
The search path for modules, as a list of directories separated by the system path separator character.
(The POSIX path separator is ´:´, and the Windows path separator is ´;´.)
• Default: $confdir/modules:/usr/share/puppet/modules
name
The name of the application, if we are running as one. The default is essentially $0 without the path or
.rb.
Default:
node_cache_terminus
How to store cached nodes. Valid values are (none), ´json´, ´yaml´ or write only yaml
(´write_only_yaml´). The master application defaults to ´write_only_yaml´, all others to none.
Default:
node_name
How the puppet master determines the client´s identity and sets the ´hostname´, ´fqdn´ and ´domain´ facts
for use in the manifest, in particular for determining which ´node´ statement applies to the client.
Possible values are ´cert´ (use the subject´s CN in the client´s certificate) and ´facter´ (use the
hostname that the client reported in its facts)
• Default: cert
node_name_fact
The fact name used to determine the node name used for all requests the agent makes to the master.
WARNING: This setting is mutually exclusive with node_name_value. Changing this setting also requires
changes to the default auth.conf configuration on the Puppet Master. Please see
http://links.puppetlabs.com/node_name_fact for more information.
node_name_value
The explicit value used for the node name for all requests the agent makes to the master. WARNING: This
setting is mutually exclusive with node_name_fact. Changing this setting also requires changes to the
default auth.conf configuration on the Puppet Master. Please see
http://links.puppetlabs.com/node_name_value for more information.
• Default: $certname
node_terminus
Where to find information about nodes.
• Default: plain
noop
Whether puppet agent should be run in noop mode.
• Default: false
onetime
Run the configuration once, rather than as a long-running daemon. This is useful for interactively
running puppetd.
• Default: false
passfile
Where puppet agent stores the password for its private key. Generally unused.
• Default: $privatedir/password
path
The shell search path. Defaults to whatever is inherited from the parent process.
• Default: none
pidfile
The file containing the PID of a running process. This file is intended to be used by service management
frameworks and monitoring systems to determine if a puppet process is still in the process table.
• Default: $rundir/${run_mode}.pid
plugindest
Where Puppet should store plugins that it pulls down from the central server.
• Default: $libdir
pluginsignore
What files to ignore when pulling down plugins.
• Default: .svn CVS .git
pluginsource
From where to retrieve plugins. The standard Puppet file type is used for retrieval, so anything that is
a valid file source can be used here.
• Default: puppet://$server/plugins
pluginsync
Whether plugins should be synced with the central server.
• Default: true
postrun_command
A command to run after every agent run. If this command returns a non-zero return code, the entire Puppet
run will be considered to have failed, even though it might have performed work during the normal run.
preferred_serialization_format
The preferred means of serializing ruby instances for passing over the wire. This won´t guarantee that
all instances will be serialized using this method, since not all classes can be guaranteed to support
this format, but it will be used for all classes that support it.
• Default: pson
prerun_command
A command to run before every agent run. If this command returns a non-zero return code, the entire
Puppet run will fail.
privatedir
Where the client stores private certificate information.
• Default: $ssldir/private
privatekeydir
The private key directory.
• Default: $ssldir/private_keys
publickeydir
The public key directory.
• Default: $ssldir/public_keys
puppetdlog
The log file for puppet agent. This is generally not used.
• Default: $logdir/puppetd.log
puppetport
Which port puppet agent listens on.
• Default: 8139
queue_source
Which type of queue to use for asynchronous processing. If your stomp server requires authentication, you
can include it in the URI as long as your stomp client library is at least 1.1.1
• Default: stomp://localhost:61613/
queue_type
Which type of queue to use for asynchronous processing.
• Default: stomp
rails_loglevel
The log level for Rails connections. The value must be a valid log level within Rails. Production
environments normally use info and other environments normally use debug.
• Default: info
railslog
Where Rails-specific logs are sent
• Default: $logdir/rails.log
report
Whether to send reports after every transaction.
• Default: true
report_port
The port to communicate with the report_server.
• Default: $masterport
report_server
The server to send transaction reports to.
• Default: $server
reportdir
The directory in which to store reports received from the client. Each client gets a separate
subdirectory.
• Default: $vardir/reports
reportfrom
The ´from´ email address for the reports.
• Default: report@sirrus.puppetlabs.lan
reports
The list of reports to generate. All reports are looked for in puppet/reports/name.rb, and multiple
report names should be comma-separated (whitespace is okay).
• Default: store
reporturl
The URL used by the http reports processor to send reports
• Default: http://localhost:3000/reports/upload
req_bits
The bit length of the certificates.
• Default: 4096
requestdir
Where host certificate requests are stored.
• Default: $ssldir/certificate_requests
resourcefile
The file in which puppet agent stores a list of the resources associated with the retrieved
configuration.
• Default: $statedir/resources.txt
rest_authconfig
The configuration file that defines the rights to the different rest indirections. This can be used as a
fine-grained authorization system for puppet master.
• Default: $confdir/auth.conf
route_file
The YAML file containing indirector route configuration.
• Default: $confdir/routes.yaml
rrddir
The directory where RRD database files are stored. Directories for each reporting host will be created
under this directory.
• Default: $vardir/rrd
rrdinterval
How often RRD should expect data. This should match how often the hosts report back to the server. Can be
specified as a duration.
• Default: $runinterval
rundir
Where Puppet PID files are kept.
Default:
runinterval
How often puppet agent applies the client configuration; in seconds. Note that a runinterval of 0 means
"run continuously" rather than "never run." If you want puppet agent to never run, you should start it
with the --no-client option. Can be specified as a duration.
• Default: 30m
sendmail
Where to find the sendmail binary with which to send email.
• Default: /usr/sbin/sendmail
serial
Where the serial number for certificates is stored.
• Default: $cadir/serial
server
The server to which the puppet agent should connect
• Default: puppet
server_datadir
The directory in which serialized data is stored, usually in a subdirectory.
• Default: $vardir/server_data
show_diff
Whether to log and report a contextual diff when files are being replaced. This causes partial file
contents to pass through Puppet´s normal logging and reporting system, so this setting should be used
with caution if you are sending Puppet´s reports to an insecure destination. This feature currently
requires the diff/lcs Ruby library.
• Default: false
signeddir
Where the CA stores signed certificates.
• Default: $cadir/signed
smtpserver
The server through which to send email reports.
• Default: none
splay
Whether to sleep for a pseudo-random (but consistent) amount of time before a run.
• Default: false
splaylimit
The maximum time to delay before runs. Defaults to being the same as the run interval. Can be specified
as a duration.
• Default: $runinterval
srv_domain
The domain which will be queried to find the SRV records of servers to use.
• Default: puppetlabs.lan
ssl_client_ca_auth
Certificate authorities who issue server certificates. SSL servers will not be considered authentic
unless they posses a certificate issued by an authority listed in this file. If this setting has no value
then the Puppet master´s CA certificate (localcacert) will be used.
Default:
ssl_client_header
The header containing an authenticated client´s SSL DN. This header must be set by the proxy to the
authenticated client´s SSL DN (e.g., /CN=puppet.puppetlabs.com).
• Default: HTTP_X_CLIENT_DN
ssl_client_verify_header
The header containing the status message of the client verification. This header must be set by the proxy
to ´SUCCESS´ if the client successfully authenticated, and anything else otherwise.
• Default: HTTP_X_CLIENT_VERIFY
ssl_server_ca_auth
Certificate authorities who issue client certificates. SSL clients will not be considered authentic
unless they posses a certificate issued by an authority listed in this file. If this setting has no value
then the Puppet master´s CA certificate (localcacert) will be used.
Default:
ssldir
Where SSL certificates are kept.
• Default: $confdir/ssl
statedir
The directory where Puppet state is stored. Generally, this directory can be removed without causing harm
(although it might result in spurious service restarts).
• Default: $vardir/state
statefile
Where puppet agent and puppet master store state associated with the running configuration. In the case
of puppet master, this file reflects the state discovered through interacting with clients.
• Default: $statedir/state.yaml
storeconfigs
Whether to store each client´s configuration, including catalogs, facts, and related data. This also
enables the import and export of resources in the Puppet language - a mechanism for exchange resources
between nodes. By default this uses ActiveRecord and an SQL database to store and query the data; this,
in turn, will depend on Rails being available. You can adjust the backend using the storeconfigs_backend
setting.
• Default: false
storeconfigs_backend
Configure the backend terminus used for StoreConfigs. By default, this uses the ActiveRecord store, which
directly talks to the database from within the Puppet Master process.
• Default: active_record
strict_hostname_checking
Whether to only search for the complete hostname as it is in the certificate when searching for node
information in the catalogs.
• Default: false
summarize
Whether to print a transaction summary.
• Default: false
syslogfacility
What syslog facility to use when logging to syslog. Syslog has a fixed list of valid facilities, and you
must choose one of those; you cannot just make one up.
• Default: daemon
tagmap
The mapping between reporting tags and email addresses.
• Default: $confdir/tagmail.conf
tags
Tags to use to find resources. If this is set, then only resources tagged with the specified tags will be
applied. Values must be comma-separated.
templatedir
Where Puppet looks for template files. Can be a list of colon-separated directories.
• Default: $vardir/templates
thin_storeconfigs
Boolean; whether Puppet should store only facts and exported resources in the storeconfigs database. This
will improve the performance of exported resources with the older active_record backend, but will disable
external tools that search the storeconfigs database. Thinning catalogs is generally unnecessary when
using PuppetDB to store catalogs.
• Default: false
trace
Whether to print stack traces on some errors
• Default: false
use_cached_catalog
Whether to only use the cached catalog rather than compiling a new catalog on every run. Puppet can be
run with this enabled by default and then selectively disabled when a recompile is desired.
• Default: false
use_srv_records
Whether the server will search for SRV records in DNS for the current domain.
• Default: false
usecacheonfailure
Whether to use the cached configuration when the remote configuration will not compile. This option is
useful for testing new configurations, where you want to fix the broken configuration rather than
reverting to a known-good one.
• Default: true
user
The user puppet master should run as.
• Default: puppet
vardir
Where Puppet stores dynamic and growing data. The default for this setting is calculated specially, like
confdir_.
• Default: /var/lib/puppet
waitforcert
The time interval ´puppet agent´ should connect to the server and ask it to sign a certificate request.
This is useful for the initial setup of a puppet client. You can turn off waiting for certificates by
specifying a time of 0. Can be specified as a duration.
• Default: 2m
yamldir
The directory in which YAML data is stored, usually in a subdirectory.
• Default: $vardir/yaml
zlib
Boolean; whether to use the zlib library
• Default: true
This page autogenerated on Tue Jan 15 12:33:09 -0800 2013