1 <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> |
|
2 <!-- |
|
3 CDDL HEADER START |
|
4 |
|
5 The contents of this file are subject to the terms of the |
|
6 Common Development and Distribution License (the "License"). |
|
7 You may not use this file except in compliance with the License. |
|
8 |
|
9 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
10 or http://www.opensolaris.org/os/licensing. |
|
11 See the License for the specific language governing permissions |
|
12 and limitations under the License. |
|
13 |
|
14 When distributing Covered Code, include this CDDL HEADER in each |
|
15 file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
16 If applicable, add the following below this CDDL HEADER, with the |
|
17 fields enclosed by brackets "[]" replaced with your own identifying |
|
18 information: Portions Copyright [yyyy] [name of copyright owner] |
|
19 |
|
20 CDDL HEADER END |
|
21 |
|
22 Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved. |
|
23 |
|
24 NOTE: This service manifest is not editable; its contents will |
|
25 be overwritten by package or patch operations, including |
|
26 operating system upgrade. Make customizations in a different |
|
27 file. |
|
28 --> |
|
29 <service_bundle type="manifest" name="puppet"> |
|
30 <service name="application/puppet" type="service" version="1"> |
|
31 <dependency name="filesystem" grouping="require_all" restart_on="error" type="service"> |
|
32 <service_fmri value="svc:/system/filesystem/minimal"/> |
|
33 </dependency> |
|
34 <dependency name="network" grouping="require_all" restart_on="error" type="service"> |
|
35 <service_fmri value="svc:/milestone/network"/> |
|
36 </dependency> |
|
37 <dependency name="identity" grouping="require_all" restart_on="error" type="service"> |
|
38 <service_fmri value="svc:/system/identity:node"/> |
|
39 </dependency> |
|
40 <exec_method type="method" name="start" exec=":true" timeout_seconds="60"/> |
|
41 <exec_method type="method" name="stop" exec=":kill" timeout_seconds="60"/> |
|
42 <exec_method type="method" name="refresh" exec=":true" timeout_seconds="0"/> |
|
43 <property_group name="general" type="framework"> |
|
44 <!-- to start stop puppet --> |
|
45 <propval name="action_authorization" type="astring" value="solaris.smf.manage.puppet"/> |
|
46 <!-- to change puppet properties --> |
|
47 <propval name="value_authorization" type="astring" value="solaris.smf.value.puppet"/> |
|
48 </property_group> |
|
49 <property_group name="puppet_stencil" type="configfile"> |
|
50 <propval name="path" type="astring" value="/etc/puppet/puppet.conf"/> |
|
51 <propval name="stencil" type="astring" value="puppet.stencil"/> |
|
52 <propval name="mode" type="astring" value="0444"/> |
|
53 </property_group> |
|
54 <instance name="master" enabled="false"> |
|
55 <exec_method type="method" name="start" exec="/usr/sbin/puppet master --logdest %{config/logdest}" timeout_seconds="600"/> |
|
56 <property_group name="config" type="application"> |
|
57 <propval name="logdest" type="astring" value="/var/log/puppet/puppet-master.log"/> |
|
58 </property_group> |
|
59 </instance> |
|
60 <instance name="agent" enabled="false"> |
|
61 <exec_method type="method" name="start" exec="/usr/sbin/puppet agent --logdest %{config/logdest}" timeout_seconds="600"/> |
|
62 <property_group name="config" type="application"> |
|
63 <propval name="logdest" type="astring" value="/var/log/puppet/puppet-agent.log"/> |
|
64 </property_group> |
|
65 </instance> |
|
66 <stability value="Unstable"/> |
|
67 <template> |
|
68 <common_name> |
|
69 <loctext xml:lang="C">Puppet version 3.8.6</loctext> |
|
70 </common_name> |
|
71 <documentation> |
|
72 <manpage title="puppet-master" section="8" manpath="/usr/share/man"/> |
|
73 </documentation> |
|
74 <pg_pattern required="false" type="application" name="config"> |
|
75 <prop_pattern required="false" type="astring" name="agent_catalog_run_lockfile"> |
|
76 <description> |
|
77 <loctext xml:lang="C"> |
|
78 A lock file to indicate that a puppet agent catalog run is currently in progress. |
|
79 The file contains the pid of the process that holds the lock on the catalog run. |
|
80 </loctext> |
|
81 </description> |
|
82 </prop_pattern> |
|
83 <prop_pattern required="false" type="astring" name="agent_disabled_lockfile"> |
|
84 <description> |
|
85 <loctext xml:lang="C"> |
|
86 A lock file to indicate that puppet agent runs have been administratively |
|
87 disabled. File contains a JSON object with state information. |
|
88 </loctext> |
|
89 </description> |
|
90 </prop_pattern> |
|
91 <prop_pattern required="false" type="boolean" name="allow_duplicate_certs"> |
|
92 <description> |
|
93 <loctext xml:lang="C"> |
|
94 Whether to allow a new certificate |
|
95 request to overwrite an existing certificate. |
|
96 </loctext> |
|
97 </description> |
|
98 </prop_pattern> |
|
99 <prop_pattern required="false" type="boolean" name="allow_variables_with_dashes"> |
|
100 <description> |
|
101 <loctext xml:lang="C"> |
|
102 Permit hyphens (`-`) in variable names and issue deprecation warnings about |
|
103 them. This setting **should always be `false`;** setting it to `true` |
|
104 will cause subtle and wide-ranging bugs. It will be removed in a future version. |
|
105 |
|
106 Hyphenated variables caused major problems in the language, but were allowed |
|
107 between Puppet 2.7.3 and 2.7.14. If you used them during this window, we |
|
108 apologize for the inconvenience --- you can temporarily set this to `true` |
|
109 in order to upgrade, and can rename your variables at your leisure. Please |
|
110 revert it to `false` after you have renamed all affected variables. |
|
111 </loctext> |
|
112 </description> |
|
113 </prop_pattern> |
|
114 <prop_pattern required="false" type="boolean" name="always_cache_features"> |
|
115 <description> |
|
116 <loctext xml:lang="C"> |
|
117 Affects how we cache attempts to load Puppet 'features'. If false, then |
|
118 calls to `Puppet.features.<feature>?` will always attempt to load the |
|
119 feature (which can be an expensive operation) unless it has already been |
|
120 loaded successfully. This makes it possible for a single agent run to, |
|
121 e.g., install a package that provides the underlying capabilities for |
|
122 a feature, and then later load that feature during the same run (even if |
|
123 the feature had been tested earlier and had not been available). |
|
124 |
|
125 If this setting is set to true, then features will only be checked once, |
|
126 and if they are not available, the negative result is cached and returned |
|
127 for all subsequent attempts to load the feature. This behavior is almost |
|
128 always appropriate for the server, and can result in a significant performance |
|
129 improvement for features that are checked frequently. |
|
130 </loctext> |
|
131 </description> |
|
132 </prop_pattern> |
|
133 <prop_pattern required="false" type="host" name="archive_file_server"> |
|
134 <description> |
|
135 <loctext xml:lang="C"> |
|
136 During an inspect run, the file bucket server to archive files to if archive_files is set. |
|
137 </loctext> |
|
138 </description> |
|
139 </prop_pattern> |
|
140 <prop_pattern required="false" type="boolean" name="archive_files"> |
|
141 <description> |
|
142 <loctext xml:lang="C"> |
|
143 During an inspect run, whether to archive files whose contents are audited to a file bucket. |
|
144 </loctext> |
|
145 </description> |
|
146 </prop_pattern> |
|
147 <prop_pattern required="false" type="boolean" name="async_storeconfigs"> |
|
148 <description> |
|
149 <loctext xml:lang="C"> |
|
150 Whether to use a queueing system to provide asynchronous database integration. |
|
151 Requires that `puppet queue` be running. |
|
152 </loctext> |
|
153 </description> |
|
154 </prop_pattern> |
|
155 <prop_pattern required="false" type="boolean" name="autoflush"> |
|
156 <description> |
|
157 <loctext xml:lang="C"> |
|
158 Whether log files should always flush to disk. |
|
159 </loctext> |
|
160 </description> |
|
161 </prop_pattern> |
|
162 <prop_pattern required="false" type="astring" name="autosign"> |
|
163 <description> |
|
164 <loctext xml:lang="C"> |
|
165 Whether (and how) to autosign certificate requests. This setting |
|
166 is only relevant on a puppet master acting as a certificate authority (CA). |
|
167 |
|
168 Valid values are true (autosigns all certificate requests; not recommended), |
|
169 false (disables autosigning certificates), or the absolute path to a file. |
|
170 |
|
171 The file specified in this setting may be either a **configuration file** |
|
172 or a **custom policy executable.** Puppet will automatically determine |
|
173 what it is: If the Puppet user (see the `user` setting) can execute the |
|
174 file, it will be treated as a policy executable; otherwise, it will be |
|
175 treated as a config file. |
|
176 |
|
177 If a custom policy executable is configured, the CA puppet master will run it |
|
178 every time it receives a CSR. The executable will be passed the subject CN of the |
|
179 request _as a command line argument,_ and the contents of the CSR in PEM format |
|
180 _on stdin._ It should exit with a status of 0 if the cert should be autosigned |
|
181 and non-zero if the cert should not be autosigned. |
|
182 |
|
183 If a certificate request is not autosigned, it will persist for review. An admin |
|
184 user can use the `puppet cert sign` command to manually sign it, or can delete |
|
185 the request. |
|
186 |
|
187 For info on autosign configuration files, see |
|
188 [the guide to Puppet's config files](http://docs.puppetlabs.com/guides/configuring.html). |
|
189 </loctext> |
|
190 </description> |
|
191 </prop_pattern> |
|
192 <prop_pattern required="false" type="astring" name="basemodulepath"> |
|
193 <description> |
|
194 <loctext xml:lang="C"> |
|
195 The search path for **global** modules. Should be specified as a |
|
196 list of directories separated by the system path separator character. (The |
|
197 POSIX path separator is ':', and the Windows path separator is ';'.) |
|
198 |
|
199 If you are using directory environments, these are the modules that will |
|
200 be used by _all_ environments. Note that the `modules` directory of the active |
|
201 environment will have priority over any global directories. For more info, see |
|
202 http://docs.puppetlabs.com/puppet/latest/reference/environments.html |
|
203 |
|
204 This setting also provides the default value for the deprecated `modulepath` |
|
205 setting, which is used when directory environments are disabled. |
|
206 </loctext> |
|
207 </description> |
|
208 </prop_pattern> |
|
209 <prop_pattern required="false" type="net_address" name="bindaddress"> |
|
210 <description> |
|
211 <loctext xml:lang="C"> |
|
212 The address a listening server should bind to. |
|
213 </loctext> |
|
214 </description> |
|
215 </prop_pattern> |
|
216 <prop_pattern required="false" type="boolean" name="binder"> |
|
217 <description> |
|
218 <loctext xml:lang="C"> |
|
219 Turns the binding system on or off. This includes bindings in modules. |
|
220 The binding system aggregates data from modules and other locations and makes them available for lookup. |
|
221 The binding system is experimental and any or all of it may change. |
|
222 </loctext> |
|
223 </description> |
|
224 </prop_pattern> |
|
225 <prop_pattern required="false" type="astring" name="binder_config"> |
|
226 <description> |
|
227 <loctext xml:lang="C"> |
|
228 The binder configuration file. Puppet reads this file on each request to configure the bindings system. |
|
229 If set to nil (the default), a $confdir/binder_config.yaml is optionally loaded. If it does not exists, a default configuration |
|
230 is used. If the setting :binding_config is specified, it must reference a valid and existing yaml file. |
|
231 </loctext> |
|
232 </description> |
|
233 </prop_pattern> |
|
234 <prop_pattern required="false" type="astring" name="bucketdir"> |
|
235 <description> |
|
236 <loctext xml:lang="C"> |
|
237 Where FileBucket files are stored. |
|
238 </loctext> |
|
239 </description> |
|
240 </prop_pattern> |
|
241 <prop_pattern required="false" type="boolean" name="ca"> |
|
242 <description> |
|
243 <loctext xml:lang="C"> |
|
244 Whether the master should function as a certificate authority. |
|
245 </loctext> |
|
246 </description> |
|
247 </prop_pattern> |
|
248 <prop_pattern required="false" type="astring" name="ca_name"> |
|
249 <description> |
|
250 <loctext xml:lang="C"> |
|
251 The name to use the Certificate Authority certificate. |
|
252 </loctext> |
|
253 </description> |
|
254 </prop_pattern> |
|
255 <prop_pattern required="false" type="integer" name="ca_port"> |
|
256 <description> |
|
257 <loctext xml:lang="C"> |
|
258 The port to use for the certificate authority. |
|
259 </loctext> |
|
260 </description> |
|
261 </prop_pattern> |
|
262 <prop_pattern required="false" type="host" name="ca_server"> |
|
263 <description> |
|
264 <loctext xml:lang="C"> |
|
265 The server to use for certificate |
|
266 authority requests. It's a separate server because it cannot |
|
267 and does not need to horizontally scale. |
|
268 </loctext> |
|
269 </description> |
|
270 </prop_pattern> |
|
271 <prop_pattern required="false" type="integer" name="ca_ttl"> |
|
272 <description> |
|
273 <loctext xml:lang="C"> |
|
274 The default TTL for new certificates. |
|
275 This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
276 </loctext> |
|
277 </description> |
|
278 </prop_pattern> |
|
279 <prop_pattern required="false" type="astring" name="cacert"> |
|
280 <description> |
|
281 <loctext xml:lang="C"> |
|
282 The CA certificate. |
|
283 </loctext> |
|
284 </description> |
|
285 </prop_pattern> |
|
286 <prop_pattern required="false" type="astring" name="cacrl"> |
|
287 <description> |
|
288 <loctext xml:lang="C"> |
|
289 The certificate revocation list (CRL) for the CA. Will be used if present but otherwise ignored. |
|
290 </loctext> |
|
291 </description> |
|
292 </prop_pattern> |
|
293 <prop_pattern required="false" type="astring" name="cadir"> |
|
294 <description> |
|
295 <loctext xml:lang="C"> |
|
296 The root directory for the certificate authority. |
|
297 </loctext> |
|
298 </description> |
|
299 </prop_pattern> |
|
300 <prop_pattern required="false" type="astring" name="cakey"> |
|
301 <description> |
|
302 <loctext xml:lang="C"> |
|
303 The CA private key. |
|
304 </loctext> |
|
305 </description> |
|
306 </prop_pattern> |
|
307 <prop_pattern required="false" type="astring" name="capass"> |
|
308 <description> |
|
309 <loctext xml:lang="C"> |
|
310 Where the CA stores the password for the private key. |
|
311 </loctext> |
|
312 </description> |
|
313 </prop_pattern> |
|
314 <prop_pattern required="false" type="astring" name="caprivatedir"> |
|
315 <description> |
|
316 <loctext xml:lang="C"> |
|
317 Where the CA stores private certificate information. |
|
318 </loctext> |
|
319 </description> |
|
320 </prop_pattern> |
|
321 <prop_pattern required="false" type="astring" name="capub"> |
|
322 <description> |
|
323 <loctext xml:lang="C"> |
|
324 The CA public key. |
|
325 </loctext> |
|
326 </description> |
|
327 </prop_pattern> |
|
328 <prop_pattern required="false" type="astring" name="catalog_cache_terminus"> |
|
329 <description> |
|
330 <loctext xml:lang="C"> |
|
331 How to store cached catalogs. Valid values are 'json', 'msgpack' and 'yaml'. The agent application defaults to 'json'. |
|
332 </loctext> |
|
333 </description> |
|
334 </prop_pattern> |
|
335 <prop_pattern required="false" type="astring" name="catalog_format"> |
|
336 <description> |
|
337 <loctext xml:lang="C"> |
|
338 (Deprecated for 'preferred_serialization_format') What format to |
|
339 use to dump the catalog. Only supports 'marshal' and 'yaml'. Only |
|
340 matters on the client, since it asks the server for a specific format. |
|
341 </loctext> |
|
342 </description> |
|
343 </prop_pattern> |
|
344 <prop_pattern required="false" type="astring" name="catalog_terminus"> |
|
345 <description> |
|
346 <loctext xml:lang="C"> |
|
347 Where to get node catalogs. This is useful to change if, for instance, |
|
348 you'd like to pre-compile catalogs and store them in memcached or some other easily-accessed store. |
|
349 </loctext> |
|
350 </description> |
|
351 </prop_pattern> |
|
352 <prop_pattern required="false" type="astring" name="cert_inventory"> |
|
353 <description> |
|
354 <loctext xml:lang="C"> |
|
355 The inventory file. This is a text file to which the CA writes a |
|
356 complete listing of all certificates. |
|
357 </loctext> |
|
358 </description> |
|
359 </prop_pattern> |
|
360 <prop_pattern required="false" type="astring" name="certdir"> |
|
361 <description> |
|
362 <loctext xml:lang="C"> |
|
363 The certificate directory. |
|
364 </loctext> |
|
365 </description> |
|
366 </prop_pattern> |
|
367 <prop_pattern required="false" type="astring" name="certdnsnames"> |
|
368 <description> |
|
369 <loctext xml:lang="C"> |
|
370 The `certdnsnames` setting is no longer functional, |
|
371 after CVE-2011-3872. We ignore the value completely. |
|
372 |
|
373 For your own certificate request you can set `dns_alt_names` in the |
|
374 configuration and it will apply locally. There is no configuration option to |
|
375 set DNS alt names, or any other `subjectAltName` value, for another nodes |
|
376 certificate. |
|
377 |
|
378 Alternately you can use the `--dns_alt_names` command line option to set the |
|
379 labels added while generating your own CSR. |
|
380 </loctext> |
|
381 </description> |
|
382 </prop_pattern> |
|
383 <prop_pattern required="false" type="integer" name="certificate_expire_warning"> |
|
384 <description> |
|
385 <loctext xml:lang="C"> |
|
386 The window of time leading up to a certificate's expiration that a notification |
|
387 will be logged. This applies to CA, master, and agent certificates. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
388 </loctext> |
|
389 </description> |
|
390 </prop_pattern> |
|
391 <prop_pattern required="false" type="boolean" name="certificate_revocation"> |
|
392 <description> |
|
393 <loctext xml:lang="C"> |
|
394 Whether certificate revocation should be supported by downloading a |
|
395 Certificate Revocation List (CRL) |
|
396 to all clients. If enabled, CA chaining will almost definitely not work. |
|
397 </loctext> |
|
398 </description> |
|
399 </prop_pattern> |
|
400 <prop_pattern required="false" type="hostname" name="certname"> |
|
401 <description> |
|
402 <loctext xml:lang="C"> |
|
403 The name to use when handling certificates. When a node |
|
404 requests a certificate from the CA puppet master, it uses the value of the |
|
405 `certname` setting as its requested Subject CN. |
|
406 |
|
407 This is the name used when managing a node's permissions in |
|
408 [auth.conf](http://docs.puppetlabs.com/puppet/latest/reference/config_file_auth.html). |
|
409 In most cases, it is also used as the node's name when matching |
|
410 [node definitions](http://docs.puppetlabs.com/puppet/latest/reference/lang_node_definitions.html) |
|
411 and requesting data from an ENC. (This can be changed with the `node_name_value` |
|
412 and `node_name_fact` settings, although you should only do so if you have |
|
413 a compelling reason.) |
|
414 |
|
415 A node's certname is available in Puppet manifests as `$trusted['certname']`. (See |
|
416 [Facts and Built-In Variables](http://docs.puppetlabs.com/puppet/latest/reference/lang_facts_and_builtin_vars.html) |
|
417 for more details.) |
|
418 |
|
419 * For best compatibility, you should limit the value of `certname` to |
|
420 only use letters, numbers, periods, underscores, and dashes. (That is, |
|
421 it should match `/A[a-z0-9._-]+Z/`.) |
|
422 * The special value `ca` is reserved, and can't be used as the certname |
|
423 for a normal node. |
|
424 |
|
425 Defaults to the node's fully qualified domain name. |
|
426 </loctext> |
|
427 </description> |
|
428 </prop_pattern> |
|
429 <prop_pattern required="false" type="boolean" name="cfacter"> |
|
430 <description> |
|
431 <loctext xml:lang="C"> |
|
432 Whether or not to use the native facter (cfacter) implementation instead of the Ruby one (facter). Defaults to false. |
|
433 </loctext> |
|
434 </description> |
|
435 </prop_pattern> |
|
436 <prop_pattern required="false" type="astring" name="classfile"> |
|
437 <description> |
|
438 <loctext xml:lang="C"> |
|
439 The file in which puppet agent stores a list of the classes |
|
440 associated with the retrieved configuration. Can be loaded in |
|
441 the separate `puppet` executable using the `--loadclasses` |
|
442 option. |
|
443 </loctext> |
|
444 </description> |
|
445 </prop_pattern> |
|
446 <prop_pattern required="false" type="astring" name="client_datadir"> |
|
447 <description> |
|
448 <loctext xml:lang="C"> |
|
449 The directory in which serialized data is stored on the client. |
|
450 </loctext> |
|
451 </description> |
|
452 </prop_pattern> |
|
453 <prop_pattern required="false" type="astring" name="clientbucketdir"> |
|
454 <description> |
|
455 <loctext xml:lang="C"> |
|
456 Where FileBucket files are stored locally. |
|
457 </loctext> |
|
458 </description> |
|
459 </prop_pattern> |
|
460 <prop_pattern required="false" type="astring" name="clientyamldir"> |
|
461 <description> |
|
462 <loctext xml:lang="C"> |
|
463 The directory in which client-side YAML data is stored. |
|
464 </loctext> |
|
465 </description> |
|
466 </prop_pattern> |
|
467 <prop_pattern required="false" type="astring" name="code"> |
|
468 <description> |
|
469 <loctext xml:lang="C"> |
|
470 Code to parse directly. This is essentially only used |
|
471 by `puppet`, and should only be set if you're writing your own Puppet |
|
472 executable. |
|
473 </loctext> |
|
474 </description> |
|
475 </prop_pattern> |
|
476 <prop_pattern required="false" type="astring" name="color"> |
|
477 <description> |
|
478 <loctext xml:lang="C"> |
|
479 Whether to use colors when logging to the console. Valid values are |
|
480 `ansi` (equivalent to `true`), `html`, and `false`, which produces no color. |
|
481 Defaults to false on Windows, as its console does not support ansi colors. |
|
482 </loctext> |
|
483 </description> |
|
484 </prop_pattern> |
|
485 <prop_pattern required="false" type="astring" name="confdir"> |
|
486 <description> |
|
487 <loctext xml:lang="C"> |
|
488 The main Puppet configuration directory. The default for this setting |
|
489 is calculated based on the user. If the process is running as root or |
|
490 the user that Puppet is supposed to run as, it defaults to a system |
|
491 directory, but if it's running as any other user, it defaults to being |
|
492 in the user's home directory. |
|
493 </loctext> |
|
494 </description> |
|
495 </prop_pattern> |
|
496 <prop_pattern required="false" type="astring" name="config"> |
|
497 <description> |
|
498 <loctext xml:lang="C"> |
|
499 The configuration file for the current puppet application. |
|
500 </loctext> |
|
501 </description> |
|
502 </prop_pattern> |
|
503 <prop_pattern required="false" type="astring" name="config_file_name"> |
|
504 <description> |
|
505 <loctext xml:lang="C"> |
|
506 The name of the puppet config file. |
|
507 </loctext> |
|
508 </description> |
|
509 </prop_pattern> |
|
510 <prop_pattern required="false" type="astring" name="config_version"> |
|
511 <description> |
|
512 <loctext xml:lang="C"> |
|
513 How to determine the configuration version. By default, it will be the |
|
514 time that the configuration is parsed, but you can provide a shell script to override how the |
|
515 version is determined. The output of this script will be added to every log message in the |
|
516 reports, allowing you to correlate changes on your hosts to the source version on the server. |
|
517 |
|
518 Setting a global value for config_version in puppet.conf is deprecated. Please set a |
|
519 per-environment value in environment.conf instead. For more info, see |
|
520 http://docs.puppetlabs.com/puppet/latest/reference/environments.html |
|
521 </loctext> |
|
522 </description> |
|
523 </prop_pattern> |
|
524 <prop_pattern required="false" type="astring" name="configprint"> |
|
525 <description> |
|
526 <loctext xml:lang="C"> |
|
527 Print the value of a specific configuration setting. If the name of a |
|
528 setting is provided for this, then the value is printed and puppet |
|
529 exits. Comma-separate multiple values. For a list of all values, |
|
530 specify 'all'. |
|
531 </loctext> |
|
532 </description> |
|
533 </prop_pattern> |
|
534 <prop_pattern required="false" type="integer" name="configtimeout"> |
|
535 <description> |
|
536 <loctext xml:lang="C"> |
|
537 How long the client should wait for the configuration to be retrieved |
|
538 before considering it a failure. This can help reduce flapping if too |
|
539 many clients contact the server at one time. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
540 </loctext> |
|
541 </description> |
|
542 </prop_pattern> |
|
543 <prop_pattern required="false" type="uri" name="couchdb_url"> |
|
544 <description> |
|
545 <loctext xml:lang="C"> |
|
546 The url where the puppet couchdb database will be created. |
|
547 Only used when `facts_terminus` is set to `couch`. |
|
548 </loctext> |
|
549 </description> |
|
550 </prop_pattern> |
|
551 <prop_pattern required="false" type="astring" name="csr_attributes"> |
|
552 <description> |
|
553 <loctext xml:lang="C"> |
|
554 An optional file containing custom attributes to add to certificate signing |
|
555 requests (CSRs). You should ensure that this file does not exist on your CA |
|
556 puppet master; if it does, unwanted certificate extensions may leak into |
|
557 certificates created with the `puppet cert generate` command. |
|
558 |
|
559 If present, this file must be a YAML hash containing a `custom_attributes` key |
|
560 and/or an `extension_requests` key. The value of each key must be a hash, where |
|
561 each key is a valid OID and each value is an object that can be cast to a string. |
|
562 |
|
563 Custom attributes can be used by the CA when deciding whether to sign the |
|
564 certificate, but are then discarded. Attribute OIDs can be any OID value except |
|
565 the standard CSR attributes (i.e. attributes described in RFC 2985 section 5.4). |
|
566 This is useful for embedding a pre-shared key for autosigning policy executables |
|
567 (see the `autosign` setting), often by using the `1.2.840.113549.1.9.7` |
|
568 ("challenge password") OID. |
|
569 |
|
570 Extension requests will be permanently embedded in the final certificate. |
|
571 Extension OIDs must be in the "ppRegCertExt" (`1.3.6.1.4.1.34380.1.1`) or |
|
572 "ppPrivCertExt" (`1.3.6.1.4.1.34380.1.2`) OID arcs. The ppRegCertExt arc is |
|
573 reserved for four of the most common pieces of data to embed: `pp_uuid` (`.1`), |
|
574 `pp_instance_id` (`.2`), `pp_image_name` (`.3`), and `pp_preshared_key` (`.4`) |
|
575 --- in the YAML file, these can be referred to by their short descriptive names |
|
576 instead of their full OID. The ppPrivCertExt arc is unregulated, and can be used |
|
577 for site-specific extensions. |
|
578 </loctext> |
|
579 </description> |
|
580 </prop_pattern> |
|
581 <prop_pattern required="false" type="astring" name="csrdir"> |
|
582 <description> |
|
583 <loctext xml:lang="C"> |
|
584 Where the CA stores certificate requests |
|
585 </loctext> |
|
586 </description> |
|
587 </prop_pattern> |
|
588 <prop_pattern required="false" type="boolean" name="daemonize"> |
|
589 <description> |
|
590 <loctext xml:lang="C"> |
|
591 Whether to send the process into the background. This defaults |
|
592 to true on POSIX systems, and to false on Windows (where Puppet |
|
593 currently cannot daemonize). |
|
594 </loctext> |
|
595 </description> |
|
596 </prop_pattern> |
|
597 <prop_pattern required="false" type="astring" name="data_binding_terminus"> |
|
598 <description> |
|
599 <loctext xml:lang="C"> |
|
600 Where to retrive information about data. |
|
601 </loctext> |
|
602 </description> |
|
603 </prop_pattern> |
|
604 <prop_pattern required="false" type="astring" name="dbadapter"> |
|
605 <description> |
|
606 <loctext xml:lang="C"> |
|
607 The type of database to use. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
608 </loctext> |
|
609 </description> |
|
610 </prop_pattern> |
|
611 <prop_pattern required="false" type="astring" name="dbconnections"> |
|
612 <description> |
|
613 <loctext xml:lang="C"> |
|
614 The number of database connections for networked |
|
615 databases. Will be ignored unless the value is a positive integer. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
616 </loctext> |
|
617 </description> |
|
618 </prop_pattern> |
|
619 <prop_pattern required="false" type="astring" name="dblocation"> |
|
620 <description> |
|
621 <loctext xml:lang="C"> |
|
622 The sqlite database file. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
623 </loctext> |
|
624 </description> |
|
625 </prop_pattern> |
|
626 <prop_pattern required="false" type="boolean" name="dbmigrate"> |
|
627 <description> |
|
628 <loctext xml:lang="C"> |
|
629 Whether to automatically migrate the database. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
630 </loctext> |
|
631 </description> |
|
632 </prop_pattern> |
|
633 <prop_pattern required="false" type="astring" name="dbname"> |
|
634 <description> |
|
635 <loctext xml:lang="C"> |
|
636 The name of the database to use. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
637 </loctext> |
|
638 </description> |
|
639 </prop_pattern> |
|
640 <prop_pattern required="false" type="astring" name="dbpassword"> |
|
641 <description> |
|
642 <loctext xml:lang="C"> |
|
643 The database password for caching. Only |
|
644 used when networked databases are used. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
645 </loctext> |
|
646 </description> |
|
647 </prop_pattern> |
|
648 <prop_pattern required="false" type="astring" name="dbport"> |
|
649 <description> |
|
650 <loctext xml:lang="C"> |
|
651 The database password for caching. Only |
|
652 used when networked databases are used. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
653 </loctext> |
|
654 </description> |
|
655 </prop_pattern> |
|
656 <prop_pattern required="false" type="host" name="dbserver"> |
|
657 <description> |
|
658 <loctext xml:lang="C"> |
|
659 The database server for caching. Only |
|
660 used when networked databases are used. |
|
661 </loctext> |
|
662 </description> |
|
663 </prop_pattern> |
|
664 <prop_pattern required="false" type="astring" name="dbsocket"> |
|
665 <description> |
|
666 <loctext xml:lang="C"> |
|
667 The database socket location. Only used when networked |
|
668 databases are used. Will be ignored if the value is an empty string. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
669 </loctext> |
|
670 </description> |
|
671 </prop_pattern> |
|
672 <prop_pattern required="false" type="astring" name="dbuser"> |
|
673 <description> |
|
674 <loctext xml:lang="C"> |
|
675 The database user for caching. Only |
|
676 used when networked databases are used. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
677 </loctext> |
|
678 </description> |
|
679 </prop_pattern> |
|
680 <prop_pattern required="false" type="astring" name="default_file_terminus"> |
|
681 <description> |
|
682 <loctext xml:lang="C"> |
|
683 The default source for files if no server is given in a |
|
684 uri, e.g. puppet:///file. The default of `rest` causes the file to be |
|
685 retrieved using the `server` setting. When running `apply` the default |
|
686 is `file_server`, causing requests to be filled locally. |
|
687 </loctext> |
|
688 </description> |
|
689 </prop_pattern> |
|
690 <prop_pattern required="false" type="astring" name="default_manifest"> |
|
691 <description> |
|
692 <loctext xml:lang="C"> |
|
693 The default main manifest for directory environments. Any environment that |
|
694 doesn't set the `manifest` setting in its `environment.conf` file will use |
|
695 this manifest. |
|
696 |
|
697 This setting's value can be an absolute or relative path. An absolute path |
|
698 will make all environments default to the same main manifest; a relative |
|
699 path will allow each environment to use its own manifest, and Puppet will |
|
700 resolve the path relative to each environment's main directory. |
|
701 |
|
702 In either case, the path can point to a single file or to a directory of |
|
703 manifests to be evaluated in alphabetical order. |
|
704 </loctext> |
|
705 </description> |
|
706 </prop_pattern> |
|
707 <prop_pattern required="false" type="boolean" name="default_schedules"> |
|
708 <description> |
|
709 <loctext xml:lang="C"> |
|
710 Boolean; whether to generate the default schedule resources. Setting this to |
|
711 false is useful for keeping external report processors clean of skipped schedule resources. |
|
712 </loctext> |
|
713 </description> |
|
714 </prop_pattern> |
|
715 <prop_pattern required="false" type="astring" name="deviceconfig"> |
|
716 <description> |
|
717 <loctext xml:lang="C"> |
|
718 Path to the device config file for puppet device. |
|
719 </loctext> |
|
720 </description> |
|
721 </prop_pattern> |
|
722 <prop_pattern required="false" type="astring" name="devicedir"> |
|
723 <description> |
|
724 <loctext xml:lang="C"> |
|
725 The root directory of devices' $vardir. |
|
726 </loctext> |
|
727 </description> |
|
728 </prop_pattern> |
|
729 <prop_pattern required="false" type="astring" name="diff"> |
|
730 <description> |
|
731 <loctext xml:lang="C"> |
|
732 Which diff command to use when printing differences between files. This setting |
|
733 has no default value on Windows, as standard `diff` is not available, but Puppet can use many |
|
734 third-party diff tools. |
|
735 </loctext> |
|
736 </description> |
|
737 </prop_pattern> |
|
738 <prop_pattern required="false" type="astring" name="diff_args"> |
|
739 <description> |
|
740 <loctext xml:lang="C"> |
|
741 Which arguments to pass to the diff command when printing differences between |
|
742 files. The command to use can be chosen with the `diff` setting. |
|
743 </loctext> |
|
744 </description> |
|
745 </prop_pattern> |
|
746 <prop_pattern required="false" type="astring" name="digest_algorithm"> |
|
747 <description> |
|
748 <loctext xml:lang="C"> |
|
749 Which digest algorithm to use for file resources and the filebucket. |
|
750 Valid values are md5, sha256. Default is md5. |
|
751 </loctext> |
|
752 </description> |
|
753 </prop_pattern> |
|
754 <prop_pattern required="false" type="boolean" name="disable_per_environment_manifest"> |
|
755 <description> |
|
756 <loctext xml:lang="C"> |
|
757 Whether to disallow an environment-specific main manifest. When set |
|
758 to `true`, Puppet will use the manifest specified in the `default_manifest` setting |
|
759 for all environments. If an environment specifies a different main manifest in its |
|
760 `environment.conf` file, catalog requests for that environment will fail with an error. |
|
761 |
|
762 This setting requires `default_manifest` to be set to an absolute path. |
|
763 </loctext> |
|
764 </description> |
|
765 </prop_pattern> |
|
766 <prop_pattern required="false" type="astring" name="disable_warnings"> |
|
767 <description> |
|
768 <loctext xml:lang="C"> |
|
769 A comma-separated list of warning types to suppress. If large numbers |
|
770 of warnings are making Puppet's logs too large or difficult to use, you |
|
771 can temporarily silence them with this setting. |
|
772 |
|
773 If you are preparing to upgrade Puppet to a new major version, you |
|
774 should re-enable all warnings for a while. |
|
775 |
|
776 Valid values for this setting are: |
|
777 |
|
778 * `deprecations` --- disables deprecation warnings. |
|
779 </loctext> |
|
780 </description> |
|
781 </prop_pattern> |
|
782 <prop_pattern required="false" type="host" name="dns_alt_names"> |
|
783 <description> |
|
784 <loctext xml:lang="C"> |
|
785 The comma-separated list of alternative DNS names to use for the local host. |
|
786 |
|
787 When the node generates a CSR for itself, these are added to the request |
|
788 as the desired `subjectAltName` in the certificate: additional DNS labels |
|
789 that the certificate is also valid answering as. |
|
790 |
|
791 This is generally required if you use a non-hostname `certname`, or if you |
|
792 want to use `puppet kick` or `puppet resource -H` and the primary certname |
|
793 does not match the DNS name you use to communicate with the host. |
|
794 |
|
795 This is unnecessary for agents, unless you intend to use them as a server for |
|
796 `puppet kick` or remote `puppet resource` management. |
|
797 |
|
798 It is rarely necessary for servers; it is usually helpful only if you need to |
|
799 have a pool of multiple load balanced masters, or for the same master to |
|
800 respond on two physically separate networks under different names. |
|
801 </loctext> |
|
802 </description> |
|
803 </prop_pattern> |
|
804 <prop_pattern required="false" type="boolean" name="document_all"> |
|
805 <description> |
|
806 <loctext xml:lang="C"> |
|
807 Whether to document all resources when using `puppet doc` to |
|
808 generate manifest documentation. |
|
809 </loctext> |
|
810 </description> |
|
811 </prop_pattern> |
|
812 <prop_pattern required="false" type="astring" name="dynamicfacts"> |
|
813 <description> |
|
814 <loctext xml:lang="C"> |
|
815 (Deprecated) Facts that are dynamic; these facts will be ignored when deciding whether |
|
816 changed facts should result in a recompile. Multiple facts should be |
|
817 comma-separated. |
|
818 </loctext> |
|
819 </description> |
|
820 </prop_pattern> |
|
821 <prop_pattern required="false" type="astring" name="environment"> |
|
822 <description> |
|
823 <loctext xml:lang="C"> |
|
824 The environment Puppet is running in. For clients |
|
825 (e.g., `puppet agent`) this determines the environment itself, which |
|
826 is used to find modules and much more. For servers (i.e., `puppet master`) |
|
827 this provides the default environment for nodes we know nothing about. |
|
828 </loctext> |
|
829 </description> |
|
830 </prop_pattern> |
|
831 <prop_pattern required="false" type="integer" name="environment_timeout"> |
|
832 <description> |
|
833 <loctext xml:lang="C"> |
|
834 How long the Puppet master should cache data it loads from an |
|
835 environment. |
|
836 This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
837 A value of `0` will disable caching. This setting can also be set to |
|
838 `unlimited`, which will cache environments until the master is restarted |
|
839 or told to refresh the cache. |
|
840 |
|
841 You should change this setting once your Puppet deployment is doing |
|
842 non-trivial work. We chose the default value of `0` because it lets new |
|
843 users update their code without any extra steps, but it lowers the |
|
844 performance of your Puppet master. |
|
845 |
|
846 We recommend setting this to `unlimited` and explicitly refreshing your |
|
847 Puppet master as part of your code deployment process. |
|
848 |
|
849 * With Puppet Server, you should refresh environments by calling the |
|
850 `environment-cache` API endpoint. See the docs for the Puppet Server |
|
851 administrative API. |
|
852 * With a Rack Puppet master, you should restart the web server or the |
|
853 application server. Passenger lets you touch a `restart.txt` file to |
|
854 refresh an application without restarting Apache; see the Passenger docs |
|
855 for details. |
|
856 |
|
857 We don't recommend using any value other than `0` or `unlimited`, since |
|
858 most Puppet masters use a pool of Ruby interpreters which all have their |
|
859 own cache timers. When these timers drift out of sync, agents can be served |
|
860 inconsistent catalogs. |
|
861 </loctext> |
|
862 </description> |
|
863 </prop_pattern> |
|
864 <prop_pattern required="false" type="astring" name="environmentpath"> |
|
865 <description> |
|
866 <loctext xml:lang="C"> |
|
867 A search path for directory environments, as a list of directories |
|
868 separated by the system path separator character. (The POSIX path separator |
|
869 is ':', and the Windows path separator is ';'.) |
|
870 |
|
871 This setting must have a value set to enable **directory environments.** The |
|
872 recommended value is `$confdir/environments`. For more details, see |
|
873 http://docs.puppetlabs.com/puppet/latest/reference/environments.html |
|
874 </loctext> |
|
875 </description> |
|
876 </prop_pattern> |
|
877 <prop_pattern required="false" type="boolean" name="evaltrace"> |
|
878 <description> |
|
879 <loctext xml:lang="C"> |
|
880 Whether each resource should log when it is |
|
881 being evaluated. This allows you to interactively see exactly |
|
882 what is being done. |
|
883 </loctext> |
|
884 </description> |
|
885 </prop_pattern> |
|
886 <prop_pattern required="false" type="astring" name="external_nodes"> |
|
887 <description> |
|
888 <loctext xml:lang="C"> |
|
889 An external command that can produce node information. The command's output |
|
890 must be a YAML dump of a hash, and that hash must have a `classes` key and/or |
|
891 a `parameters` key, where `classes` is an array or hash and |
|
892 `parameters` is a hash. For unknown nodes, the command should |
|
893 exit with a non-zero exit code. |
|
894 |
|
895 This command makes it straightforward to store your node mapping |
|
896 information in other data sources like databases. |
|
897 </loctext> |
|
898 </description> |
|
899 </prop_pattern> |
|
900 <prop_pattern required="false" type="astring" name="factpath"> |
|
901 <description> |
|
902 <loctext xml:lang="C"> |
|
903 Where Puppet should look for facts. Multiple directories should |
|
904 be separated by the system path separator character. (The POSIX path |
|
905 separator is ':', and the Windows path separator is ';'.) |
|
906 </loctext> |
|
907 </description> |
|
908 </prop_pattern> |
|
909 <prop_pattern required="false" type="astring" name="facts_terminus"> |
|
910 <description> |
|
911 <loctext xml:lang="C"> |
|
912 The node facts terminus. |
|
913 </loctext> |
|
914 </description> |
|
915 </prop_pattern> |
|
916 <prop_pattern required="false" type="astring" name="fileserverconfig"> |
|
917 <description> |
|
918 <loctext xml:lang="C"> |
|
919 Where the fileserver configuration is stored. |
|
920 </loctext> |
|
921 </description> |
|
922 </prop_pattern> |
|
923 <prop_pattern required="false" type="integer" name="filetimeout"> |
|
924 <description> |
|
925 <loctext xml:lang="C"> |
|
926 The minimum time to wait between checking for updates in |
|
927 configuration files. This timeout determines how quickly Puppet checks whether |
|
928 a file (such as manifests or templates) has changed on disk. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
929 </loctext> |
|
930 </description> |
|
931 </prop_pattern> |
|
932 <prop_pattern required="false" type="astring" name="forge_authorization"> |
|
933 <description> |
|
934 <loctext xml:lang="C"> |
|
935 The authorization key to connect to the Puppet Forge. Leave blank for unauthorized or license based connections |
|
936 </loctext> |
|
937 </description> |
|
938 </prop_pattern> |
|
939 <prop_pattern required="false" type="boolean" name="freeze_main"> |
|
940 <description> |
|
941 <loctext xml:lang="C"> |
|
942 Freezes the 'main' class, disallowing any code to be added to it. This |
|
943 essentially means that you can't have any code outside of a node, |
|
944 class, or definition other than in the site manifest. |
|
945 </loctext> |
|
946 </description> |
|
947 </prop_pattern> |
|
948 <prop_pattern required="false" type="boolean" name="genmanifest"> |
|
949 <description> |
|
950 <loctext xml:lang="C"> |
|
951 Whether to just print a manifest to stdout and exit. Only makes |
|
952 sense when specified on the command line as `--genmanifest`. Takes into account arguments specified |
|
953 on the CLI. |
|
954 </loctext> |
|
955 </description> |
|
956 </prop_pattern> |
|
957 <prop_pattern required="false" type="boolean" name="graph"> |
|
958 <description> |
|
959 <loctext xml:lang="C"> |
|
960 Whether to create dot graph files for the different |
|
961 configuration graphs. These dot files can be interpreted by tools |
|
962 like OmniGraffle or dot (which is part of ImageMagick). |
|
963 </loctext> |
|
964 </description> |
|
965 </prop_pattern> |
|
966 <prop_pattern required="false" type="astring" name="graphdir"> |
|
967 <description> |
|
968 <loctext xml:lang="C"> |
|
969 Where to store dot-outputted graphs. |
|
970 </loctext> |
|
971 </description> |
|
972 </prop_pattern> |
|
973 <prop_pattern required="false" type="astring" name="group"> |
|
974 <description> |
|
975 <loctext xml:lang="C"> |
|
976 The group puppet master should run as. |
|
977 </loctext> |
|
978 </description> |
|
979 </prop_pattern> |
|
980 <prop_pattern required="false" type="astring" name="hiera_config"> |
|
981 <description> |
|
982 <loctext xml:lang="C"> |
|
983 The hiera configuration file. Puppet only reads this file on startup, so you must restart the puppet master every time you edit it. |
|
984 </loctext> |
|
985 </description> |
|
986 </prop_pattern> |
|
987 <prop_pattern required="false" type="astring" name="hostcert"> |
|
988 <description> |
|
989 <loctext xml:lang="C"> |
|
990 Where individual hosts store and look for their certificates. |
|
991 </loctext> |
|
992 </description> |
|
993 </prop_pattern> |
|
994 <prop_pattern required="false" type="astring" name="hostcrl"> |
|
995 <description> |
|
996 <loctext xml:lang="C"> |
|
997 Where the host's certificate revocation list can be found. |
|
998 This is distinct from the certificate authority's CRL. |
|
999 </loctext> |
|
1000 </description> |
|
1001 </prop_pattern> |
|
1002 <prop_pattern required="false" type="astring" name="hostcsr"> |
|
1003 <description> |
|
1004 <loctext xml:lang="C"> |
|
1005 Where individual hosts store and look for their certificate requests. |
|
1006 </loctext> |
|
1007 </description> |
|
1008 </prop_pattern> |
|
1009 <prop_pattern required="false" type="astring" name="hostprivkey"> |
|
1010 <description> |
|
1011 <loctext xml:lang="C"> |
|
1012 Where individual hosts store and look for their private key. |
|
1013 </loctext> |
|
1014 </description> |
|
1015 </prop_pattern> |
|
1016 <prop_pattern required="false" type="astring" name="hostpubkey"> |
|
1017 <description> |
|
1018 <loctext xml:lang="C"> |
|
1019 Where individual hosts store and look for their public key. |
|
1020 </loctext> |
|
1021 </description> |
|
1022 </prop_pattern> |
|
1023 <prop_pattern required="false" type="boolean" name="http_compression"> |
|
1024 <description> |
|
1025 <loctext xml:lang="C"> |
|
1026 Allow http compression in REST communication with the master. |
|
1027 This setting might improve performance for agent -> master |
|
1028 communications over slow WANs. Your puppet master needs to support |
|
1029 compression (usually by activating some settings in a reverse-proxy in |
|
1030 front of the puppet master, which rules out webrick). It is harmless to |
|
1031 activate this settings if your master doesn't support compression, but |
|
1032 if it supports it, this setting might reduce performance on high-speed LANs. |
|
1033 </loctext> |
|
1034 </description> |
|
1035 </prop_pattern> |
|
1036 <prop_pattern required="false" type="boolean" name="http_debug"> |
|
1037 <description> |
|
1038 <loctext xml:lang="C"> |
|
1039 Whether to write HTTP request and responses to stderr. This should never be used in a production environment. |
|
1040 </loctext> |
|
1041 </description> |
|
1042 </prop_pattern> |
|
1043 <prop_pattern required="false" type="integer" name="http_keepalive_timeout"> |
|
1044 <description> |
|
1045 <loctext xml:lang="C"> |
|
1046 The maximum amount of time a persistent HTTP connection can remain idle in the connection pool, before it is closed. This timeout should be shorter than the keepalive timeout used on the HTTP server, e.g. Apache KeepAliveTimeout directive. |
|
1047 This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
1048 </loctext> |
|
1049 </description> |
|
1050 </prop_pattern> |
|
1051 <prop_pattern required="false" type="host" name="http_proxy_host"> |
|
1052 <description> |
|
1053 <loctext xml:lang="C"> |
|
1054 The HTTP proxy host to use for outgoing connections. Note: You |
|
1055 may need to use a FQDN for the server hostname when using a proxy. Environment variable |
|
1056 http_proxy or HTTP_PROXY will override this value |
|
1057 </loctext> |
|
1058 </description> |
|
1059 </prop_pattern> |
|
1060 <prop_pattern required="false" type="astring" name="http_proxy_password"> |
|
1061 <description> |
|
1062 <loctext xml:lang="C"> |
|
1063 The password for the user of an authenticated HTTP proxy. |
|
1064 Requires the `http_proxy_user` setting. |
|
1065 |
|
1066 Note that passwords must be valid when used as part of a URL. If a password |
|
1067 contains any characters with special meanings in URLs (as specified by RFC 3986 |
|
1068 ` would become `%23`.) |
|
1069 </loctext> |
|
1070 </description> |
|
1071 </prop_pattern> |
|
1072 <prop_pattern required="false" type="integer" name="http_proxy_port"> |
|
1073 <description> |
|
1074 <loctext xml:lang="C"> |
|
1075 The HTTP proxy port to use for outgoing connections |
|
1076 </loctext> |
|
1077 </description> |
|
1078 </prop_pattern> |
|
1079 <prop_pattern required="false" type="astring" name="http_proxy_user"> |
|
1080 <description> |
|
1081 <loctext xml:lang="C"> |
|
1082 The user name for an authenticated HTTP proxy. Requires the `http_proxy_host` setting. |
|
1083 </loctext> |
|
1084 </description> |
|
1085 </prop_pattern> |
|
1086 <prop_pattern required="false" type="astring" name="httplog"> |
|
1087 <description> |
|
1088 <loctext xml:lang="C"> |
|
1089 Where the puppet agent web server logs. |
|
1090 </loctext> |
|
1091 </description> |
|
1092 </prop_pattern> |
|
1093 <prop_pattern required="false" type="boolean" name="ignorecache"> |
|
1094 <description> |
|
1095 <loctext xml:lang="C"> |
|
1096 Ignore cache and always recompile the configuration. This is |
|
1097 useful for testing new configurations, where the local cache may in |
|
1098 fact be stale even if the timestamps are up to date - if the facts |
|
1099 change or if the server changes. |
|
1100 </loctext> |
|
1101 </description> |
|
1102 </prop_pattern> |
|
1103 <prop_pattern required="false" type="boolean" name="ignoreimport"> |
|
1104 <description> |
|
1105 <loctext xml:lang="C"> |
|
1106 If true, allows the parser to continue without requiring |
|
1107 all files referenced with `import` statements to exist. This setting was primarily |
|
1108 designed for use with commit hooks for parse-checking. |
|
1109 </loctext> |
|
1110 </description> |
|
1111 </prop_pattern> |
|
1112 <prop_pattern required="false" type="boolean" name="ignoremissingtypes"> |
|
1113 <description> |
|
1114 <loctext xml:lang="C"> |
|
1115 Skip searching for classes and definitions that were missing during a |
|
1116 prior compilation. The list of missing objects is maintained per-environment and |
|
1117 persists until the environment is cleared or the master is restarted. |
|
1118 </loctext> |
|
1119 </description> |
|
1120 </prop_pattern> |
|
1121 <prop_pattern required="false" type="boolean" name="ignoreschedules"> |
|
1122 <description> |
|
1123 <loctext xml:lang="C"> |
|
1124 Boolean; whether puppet agent should ignore schedules. This is useful |
|
1125 for initial puppet agent runs. |
|
1126 </loctext> |
|
1127 </description> |
|
1128 </prop_pattern> |
|
1129 <prop_pattern required="false" type="boolean" name="immutable_node_data"> |
|
1130 <description> |
|
1131 <loctext xml:lang="C"> |
|
1132 When true, also prevents $trusted and $facts from being overridden in any scope |
|
1133 </loctext> |
|
1134 </description> |
|
1135 </prop_pattern> |
|
1136 <prop_pattern required="false" type="integer" name="inventory_port"> |
|
1137 <description> |
|
1138 <loctext xml:lang="C"> |
|
1139 The port to communicate with the inventory_server. |
|
1140 </loctext> |
|
1141 </description> |
|
1142 </prop_pattern> |
|
1143 <prop_pattern required="false" type="host" name="inventory_server"> |
|
1144 <description> |
|
1145 <loctext xml:lang="C"> |
|
1146 The server to send facts to. |
|
1147 </loctext> |
|
1148 </description> |
|
1149 </prop_pattern> |
|
1150 <prop_pattern required="false" type="astring" name="inventory_terminus"> |
|
1151 <description> |
|
1152 <loctext xml:lang="C"> |
|
1153 Should usually be the same as the facts terminus |
|
1154 </loctext> |
|
1155 </description> |
|
1156 </prop_pattern> |
|
1157 <prop_pattern required="false" type="integer" name="keylength"> |
|
1158 <description> |
|
1159 <loctext xml:lang="C"> |
|
1160 The bit length of keys. |
|
1161 </loctext> |
|
1162 </description> |
|
1163 </prop_pattern> |
|
1164 <prop_pattern required="false" type="astring" name="lastrunfile"> |
|
1165 <description> |
|
1166 <loctext xml:lang="C"> |
|
1167 Where puppet agent stores the last run report summary in yaml format. |
|
1168 </loctext> |
|
1169 </description> |
|
1170 </prop_pattern> |
|
1171 <prop_pattern required="false" type="astring" name="lastrunreport"> |
|
1172 <description> |
|
1173 <loctext xml:lang="C"> |
|
1174 Where puppet agent stores the last run report in yaml format. |
|
1175 </loctext> |
|
1176 </description> |
|
1177 </prop_pattern> |
|
1178 <prop_pattern required="false" type="astring" name="ldapattrs"> |
|
1179 <description> |
|
1180 <loctext xml:lang="C"> |
|
1181 The LDAP attributes to include when querying LDAP for nodes. All |
|
1182 returned attributes are set as variables in the top-level scope. |
|
1183 Multiple values should be comma-separated. The value 'all' returns |
|
1184 all attributes. |
|
1185 </loctext> |
|
1186 </description> |
|
1187 </prop_pattern> |
|
1188 <prop_pattern required="false" type="astring" name="ldapbase"> |
|
1189 <description> |
|
1190 <loctext xml:lang="C"> |
|
1191 The search base for LDAP searches. It's impossible to provide |
|
1192 a meaningful default here, although the LDAP libraries might |
|
1193 have one already set. Generally, it should be the 'ou=Hosts' |
|
1194 branch under your main directory. |
|
1195 </loctext> |
|
1196 </description> |
|
1197 </prop_pattern> |
|
1198 <prop_pattern required="false" type="astring" name="ldapclassattrs"> |
|
1199 <description> |
|
1200 <loctext xml:lang="C"> |
|
1201 The LDAP attributes to use to define Puppet classes. Values |
|
1202 should be comma-separated. |
|
1203 </loctext> |
|
1204 </description> |
|
1205 </prop_pattern> |
|
1206 <prop_pattern required="false" type="astring" name="ldapparentattr"> |
|
1207 <description> |
|
1208 <loctext xml:lang="C"> |
|
1209 The attribute to use to define the parent node. |
|
1210 </loctext> |
|
1211 </description> |
|
1212 </prop_pattern> |
|
1213 <prop_pattern required="false" type="astring" name="ldappassword"> |
|
1214 <description> |
|
1215 <loctext xml:lang="C"> |
|
1216 The password to use to connect to LDAP. |
|
1217 </loctext> |
|
1218 </description> |
|
1219 </prop_pattern> |
|
1220 <prop_pattern required="false" type="integer" name="ldapport"> |
|
1221 <description> |
|
1222 <loctext xml:lang="C"> |
|
1223 The LDAP port. Only used if `node_terminus` is set to `ldap`. |
|
1224 </loctext> |
|
1225 </description> |
|
1226 </prop_pattern> |
|
1227 <prop_pattern required="false" type="host" name="ldapserver"> |
|
1228 <description> |
|
1229 <loctext xml:lang="C"> |
|
1230 The LDAP server. Only used if `node_terminus` is set to `ldap`. |
|
1231 </loctext> |
|
1232 </description> |
|
1233 </prop_pattern> |
|
1234 <prop_pattern required="false" type="boolean" name="ldapssl"> |
|
1235 <description> |
|
1236 <loctext xml:lang="C"> |
|
1237 Whether SSL should be used when searching for nodes. |
|
1238 Defaults to false because SSL usually requires certificates |
|
1239 to be set up on the client side. |
|
1240 </loctext> |
|
1241 </description> |
|
1242 </prop_pattern> |
|
1243 <prop_pattern required="false" type="astring" name="ldapstackedattrs"> |
|
1244 <description> |
|
1245 <loctext xml:lang="C"> |
|
1246 The LDAP attributes that should be stacked to arrays by adding |
|
1247 the values in all hierarchy elements of the tree. Values |
|
1248 should be comma-separated. |
|
1249 </loctext> |
|
1250 </description> |
|
1251 </prop_pattern> |
|
1252 <prop_pattern required="false" type="astring" name="ldapstring"> |
|
1253 <description> |
|
1254 <loctext xml:lang="C"> |
|
1255 The search string used to find an LDAP node. |
|
1256 </loctext> |
|
1257 </description> |
|
1258 </prop_pattern> |
|
1259 <prop_pattern required="false" type="boolean" name="ldaptls"> |
|
1260 <description> |
|
1261 <loctext xml:lang="C"> |
|
1262 Whether TLS should be used when searching for nodes. |
|
1263 Defaults to false because TLS usually requires certificates |
|
1264 to be set up on the client side. |
|
1265 </loctext> |
|
1266 </description> |
|
1267 </prop_pattern> |
|
1268 <prop_pattern required="false" type="hostname" name="ldapuser"> |
|
1269 <description> |
|
1270 <loctext xml:lang="C"> |
|
1271 The user to use to connect to LDAP. Must be specified as a |
|
1272 full DN. |
|
1273 </loctext> |
|
1274 </description> |
|
1275 </prop_pattern> |
|
1276 <prop_pattern required="false" type="boolean" name="legacy_query_parameter_serialization"> |
|
1277 <description> |
|
1278 <loctext xml:lang="C"> |
|
1279 The serialization format to use when sending file_metadata |
|
1280 query parameters. Older versions of puppet master expect certain query |
|
1281 parameters to be serialized as yaml, which is deprecated. |
|
1282 |
|
1283 This should almost always be false. It can be temporarily set to true |
|
1284 to let agents using this Puppet version connect to a puppet master |
|
1285 running Puppet 3.0.0 through 3.2.x. |
|
1286 |
|
1287 Note that this is set to true automatically if the agent detects an |
|
1288 older master, so should never need to be set explicitly. |
|
1289 </loctext> |
|
1290 </description> |
|
1291 </prop_pattern> |
|
1292 <prop_pattern required="false" type="astring" name="libdir"> |
|
1293 <description> |
|
1294 <loctext xml:lang="C"> |
|
1295 An extra search path for Puppet. This is only useful |
|
1296 for those files that Puppet will load on demand, and is only |
|
1297 guaranteed to work for those cases. In fact, the autoload |
|
1298 mechanism is responsible for making sure this directory |
|
1299 is in Ruby's search path |
|
1300 </loctext> |
|
1301 </description> |
|
1302 </prop_pattern> |
|
1303 <prop_pattern required="false" type="boolean" name="listen"> |
|
1304 <description> |
|
1305 <loctext xml:lang="C"> |
|
1306 Whether puppet agent should listen for |
|
1307 connections. If this is true, then puppet agent will accept incoming |
|
1308 REST API requests, subject to the default ACLs and the ACLs set in |
|
1309 the `rest_authconfig` file. Puppet agent can respond usefully to |
|
1310 requests on the `run`, `facts`, `certificate`, and `resource` endpoints. |
|
1311 </loctext> |
|
1312 </description> |
|
1313 </prop_pattern> |
|
1314 <prop_pattern required="false" type="astring" name="localcacert"> |
|
1315 <description> |
|
1316 <loctext xml:lang="C"> |
|
1317 Where each client stores the CA certificate. |
|
1318 </loctext> |
|
1319 </description> |
|
1320 </prop_pattern> |
|
1321 <prop_pattern required="false" type="astring" name="localconfig"> |
|
1322 <description> |
|
1323 <loctext xml:lang="C"> |
|
1324 Where puppet agent caches the local configuration. An |
|
1325 extension indicating the cache format is added automatically. |
|
1326 </loctext> |
|
1327 </description> |
|
1328 </prop_pattern> |
|
1329 <prop_pattern required="false" type="astring" name="log_level"> |
|
1330 <description> |
|
1331 <loctext xml:lang="C"> |
|
1332 Default logging level for messages from Puppet. Allowed values are: |
|
1333 |
|
1334 * debug |
|
1335 * info |
|
1336 * notice |
|
1337 * warning |
|
1338 * err |
|
1339 * alert |
|
1340 * emerg |
|
1341 * crit |
|
1342 </loctext> |
|
1343 </description> |
|
1344 </prop_pattern> |
|
1345 <prop_pattern required="false" type="astring" name="logdir"> |
|
1346 <description> |
|
1347 <loctext xml:lang="C"> |
|
1348 The directory in which to store log files |
|
1349 </loctext> |
|
1350 </description> |
|
1351 </prop_pattern> |
|
1352 <prop_pattern required="false" type="boolean" name="manage_internal_file_permissions"> |
|
1353 <description> |
|
1354 <loctext xml:lang="C"> |
|
1355 Whether Puppet should manage the owner, group, and mode of files it uses internally |
|
1356 </loctext> |
|
1357 </description> |
|
1358 </prop_pattern> |
|
1359 <prop_pattern required="false" type="astring" name="manifest"> |
|
1360 <description> |
|
1361 <loctext xml:lang="C"> |
|
1362 The entry-point manifest for puppet master. This can be one file |
|
1363 or a directory of manifests to be evaluated in alphabetical order. Puppet manages |
|
1364 this path as a directory if one exists or if the path ends with a / or \. |
|
1365 |
|
1366 Setting a global value for `manifest` in puppet.conf is deprecated. Please use |
|
1367 directory environments instead. If you need to use something other than the |
|
1368 environment's `manifests` directory as the main manifest, you can set |
|
1369 `manifest` in environment.conf. For more info, see |
|
1370 http://docs.puppetlabs.com/puppet/latest/reference/environments.html |
|
1371 </loctext> |
|
1372 </description> |
|
1373 </prop_pattern> |
|
1374 <prop_pattern required="false" type="astring" name="manifestdir"> |
|
1375 <description> |
|
1376 <loctext xml:lang="C"> |
|
1377 Used to build the default value of the `manifest` setting. Has no other purpose. |
|
1378 |
|
1379 This setting is deprecated. |
|
1380 </loctext> |
|
1381 </description> |
|
1382 </prop_pattern> |
|
1383 <prop_pattern required="false" type="astring" name="masterhttplog"> |
|
1384 <description> |
|
1385 <loctext xml:lang="C"> |
|
1386 Where the puppet master web server saves its access log. This is |
|
1387 only used when running a WEBrick puppet master. When puppet master is |
|
1388 running under a Rack server like Passenger, that web server will have |
|
1389 its own logging behavior. |
|
1390 </loctext> |
|
1391 </description> |
|
1392 </prop_pattern> |
|
1393 <prop_pattern required="false" type="astring" name="masterlog"> |
|
1394 <description> |
|
1395 <loctext xml:lang="C"> |
|
1396 This file is literally never used, although Puppet may create it |
|
1397 as an empty file. For more context, see the `puppetdlog` setting and |
|
1398 puppet master's `--logdest` command line option. |
|
1399 |
|
1400 This setting is deprecated and will be removed in a future version of Puppet. |
|
1401 </loctext> |
|
1402 </description> |
|
1403 </prop_pattern> |
|
1404 <prop_pattern required="false" type="integer" name="masterport"> |
|
1405 <description> |
|
1406 <loctext xml:lang="C"> |
|
1407 The port for puppet master traffic. For puppet master, |
|
1408 this is the port to listen on; for puppet agent, this is the port |
|
1409 to make requests on. Both applications use this setting to get the port. |
|
1410 </loctext> |
|
1411 </description> |
|
1412 </prop_pattern> |
|
1413 <prop_pattern required="false" type="integer" name="max_deprecations"> |
|
1414 <description> |
|
1415 <loctext xml:lang="C"> |
|
1416 Sets the max number of logged/displayed parser validation deprecation |
|
1417 warnings in case multiple deprecation warnings have been detected. A value of 0 |
|
1418 blocks the logging of deprecation warnings. The count is per manifest. |
|
1419 </loctext> |
|
1420 </description> |
|
1421 </prop_pattern> |
|
1422 <prop_pattern required="false" type="integer" name="max_errors"> |
|
1423 <description> |
|
1424 <loctext xml:lang="C"> |
|
1425 Sets the max number of logged/displayed parser validation errors in case |
|
1426 multiple errors have been detected. A value of 0 is the same as a value of 1; a |
|
1427 minimum of one error is always raised. The count is per manifest. |
|
1428 </loctext> |
|
1429 </description> |
|
1430 </prop_pattern> |
|
1431 <prop_pattern required="false" type="integer" name="max_warnings"> |
|
1432 <description> |
|
1433 <loctext xml:lang="C"> |
|
1434 Sets the max number of logged/displayed parser validation warnings in |
|
1435 case multiple warnings have been detected. A value of 0 blocks logging of |
|
1436 warnings. The count is per manifest. |
|
1437 </loctext> |
|
1438 </description> |
|
1439 </prop_pattern> |
|
1440 <prop_pattern required="false" type="integer" name="maximum_uid"> |
|
1441 <description> |
|
1442 <loctext xml:lang="C"> |
|
1443 The maximum allowed UID. Some platforms use negative UIDs |
|
1444 but then ship with tools that do not know how to handle signed ints, |
|
1445 so the UIDs show up as huge numbers that can then not be fed back into |
|
1446 the system. This is a hackish way to fail in a slightly more useful |
|
1447 way when that happens. |
|
1448 </loctext> |
|
1449 </description> |
|
1450 </prop_pattern> |
|
1451 <prop_pattern required="false" type="boolean" name="mkusers"> |
|
1452 <description> |
|
1453 <loctext xml:lang="C"> |
|
1454 Whether to create the necessary user and group that puppet agent will run as. |
|
1455 </loctext> |
|
1456 </description> |
|
1457 </prop_pattern> |
|
1458 <prop_pattern required="false" type="astring" name="module_groups"> |
|
1459 <description> |
|
1460 <loctext xml:lang="C"> |
|
1461 Extra module groups to request from the Puppet Forge |
|
1462 </loctext> |
|
1463 </description> |
|
1464 </prop_pattern> |
|
1465 <prop_pattern required="false" type="uri" name="module_repository"> |
|
1466 <description> |
|
1467 <loctext xml:lang="C"> |
|
1468 The module repository |
|
1469 </loctext> |
|
1470 </description> |
|
1471 </prop_pattern> |
|
1472 <prop_pattern required="false" type="astring" name="module_skeleton_dir"> |
|
1473 <description> |
|
1474 <loctext xml:lang="C"> |
|
1475 The directory which the skeleton for module tool generate is stored. |
|
1476 </loctext> |
|
1477 </description> |
|
1478 </prop_pattern> |
|
1479 <prop_pattern required="false" type="astring" name="module_working_dir"> |
|
1480 <description> |
|
1481 <loctext xml:lang="C"> |
|
1482 The directory into which module tool data is stored |
|
1483 </loctext> |
|
1484 </description> |
|
1485 </prop_pattern> |
|
1486 <prop_pattern required="false" type="astring" name="modulepath"> |
|
1487 <description> |
|
1488 <loctext xml:lang="C"> |
|
1489 The search path for modules, as a list of directories separated by the system |
|
1490 path separator character. (The POSIX path separator is ':', and the |
|
1491 Windows path separator is ';'.) |
|
1492 |
|
1493 Setting a global value for `modulepath` in puppet.conf is deprecated. Please use |
|
1494 directory environments instead. If you need to use something other than the |
|
1495 default modulepath of `<ACTIVE ENVIRONMENT'S MODULES DIR>:$basemodulepath`, |
|
1496 you can set `modulepath` in environment.conf. For more info, see |
|
1497 http://docs.puppetlabs.com/puppet/latest/reference/environments.html |
|
1498 </loctext> |
|
1499 </description> |
|
1500 </prop_pattern> |
|
1501 <prop_pattern required="false" type="astring" name="name"> |
|
1502 <description> |
|
1503 <loctext xml:lang="C"> |
|
1504 The name of the application, if we are running as one. The |
|
1505 default is essentially $0 without the path or `.rb`. |
|
1506 </loctext> |
|
1507 </description> |
|
1508 </prop_pattern> |
|
1509 <prop_pattern required="false" type="astring" name="node_cache_terminus"> |
|
1510 <description> |
|
1511 <loctext xml:lang="C"> |
|
1512 How to store cached nodes. |
|
1513 Valid values are (none), 'json', 'msgpack', 'yaml' or write only yaml ('write_only_yaml'). |
|
1514 The master application defaults to 'write_only_yaml', all others to none. |
|
1515 </loctext> |
|
1516 </description> |
|
1517 </prop_pattern> |
|
1518 <prop_pattern required="false" type="astring" name="node_name"> |
|
1519 <description> |
|
1520 <loctext xml:lang="C"> |
|
1521 How the puppet master determines the client's identity |
|
1522 and sets the 'hostname', 'fqdn' and 'domain' facts for use in the manifest, |
|
1523 in particular for determining which 'node' statement applies to the client. |
|
1524 Possible values are 'cert' (use the subject's CN in the client's |
|
1525 certificate) and 'facter' (use the hostname that the client |
|
1526 reported in its facts) |
|
1527 </loctext> |
|
1528 </description> |
|
1529 </prop_pattern> |
|
1530 <prop_pattern required="false" type="astring" name="node_name_fact"> |
|
1531 <description> |
|
1532 <loctext xml:lang="C"> |
|
1533 The fact name used to determine the node name used for all requests the agent |
|
1534 makes to the master. WARNING: This setting is mutually exclusive with |
|
1535 node_name_value. Changing this setting also requires changes to the default |
|
1536 auth.conf configuration on the Puppet Master. Please see |
|
1537 http://links.puppetlabs.com/node_name_fact for more information. |
|
1538 </loctext> |
|
1539 </description> |
|
1540 </prop_pattern> |
|
1541 <prop_pattern required="false" type="astring" name="node_name_value"> |
|
1542 <description> |
|
1543 <loctext xml:lang="C"> |
|
1544 The explicit value used for the node name for all requests the agent |
|
1545 makes to the master. WARNING: This setting is mutually exclusive with |
|
1546 node_name_fact. Changing this setting also requires changes to the default |
|
1547 auth.conf configuration on the Puppet Master. Please see |
|
1548 http://links.puppetlabs.com/node_name_value for more information. |
|
1549 </loctext> |
|
1550 </description> |
|
1551 </prop_pattern> |
|
1552 <prop_pattern required="false" type="astring" name="node_terminus"> |
|
1553 <description> |
|
1554 <loctext xml:lang="C"> |
|
1555 Where to find information about nodes. |
|
1556 </loctext> |
|
1557 </description> |
|
1558 </prop_pattern> |
|
1559 <prop_pattern required="false" type="boolean" name="noop"> |
|
1560 <description> |
|
1561 <loctext xml:lang="C"> |
|
1562 Whether to apply catalogs in noop mode, which allows Puppet to |
|
1563 partially simulate a normal run. This setting affects puppet agent and |
|
1564 puppet apply. |
|
1565 |
|
1566 When running in noop mode, Puppet will check whether each resource is in sync, |
|
1567 like it does when running normally. However, if a resource attribute is not in |
|
1568 the desired state (as declared in the catalog), Puppet will take no |
|
1569 action, and will instead report the changes it _would_ have made. These |
|
1570 simulated changes will appear in the report sent to the puppet master, or |
|
1571 be shown on the console if running puppet agent or puppet apply in the |
|
1572 foreground. The simulated changes will not send refresh events to any |
|
1573 subscribing or notified resources, although Puppet will log that a refresh |
|
1574 event _would_ have been sent. |
|
1575 |
|
1576 **Important note:** |
|
1577 noop) |
|
1578 allows you to apply individual resources in noop mode, and will override |
|
1579 the global value of the `noop` setting. This means a resource with |
|
1580 `noop => false` _will_ be changed if necessary, even when running puppet |
|
1581 agent with `noop = true` or `--noop`. (Conversely, a resource with |
|
1582 `noop => true` will only be simulated, even when noop mode is globally disabled.) |
|
1583 </loctext> |
|
1584 </description> |
|
1585 </prop_pattern> |
|
1586 <prop_pattern required="false" type="boolean" name="onetime"> |
|
1587 <description> |
|
1588 <loctext xml:lang="C"> |
|
1589 Perform one configuration run and exit, rather than spawning a long-running |
|
1590 daemon. This is useful for interactively running puppet agent, or |
|
1591 running puppet agent from cron. |
|
1592 </loctext> |
|
1593 </description> |
|
1594 </prop_pattern> |
|
1595 <prop_pattern required="false" type="astring" name="ordering"> |
|
1596 <description> |
|
1597 <loctext xml:lang="C"> |
|
1598 How unrelated resources should be ordered when applying a catalog. |
|
1599 Allowed values are `title-hash`, `manifest`, and `random`. This |
|
1600 setting affects puppet agent and puppet apply, but not puppet master. |
|
1601 |
|
1602 * `title-hash` (the default) will order resources randomly, but will use |
|
1603 the same order across runs and across nodes. |
|
1604 * `manifest` will use the order in which the resources were declared in |
|
1605 their manifest files. |
|
1606 * `random` will order resources randomly and change their order with each |
|
1607 run. This can work like a fuzzer for shaking out undeclared dependencies. |
|
1608 |
|
1609 Regardless of this setting's value, Puppet will always obey explicit |
|
1610 dependencies set with the before/require/notify/subscribe metaparameters |
|
1611 and the `->`/`~>` chaining arrows; this setting only affects the relative |
|
1612 ordering of _unrelated_ resources. |
|
1613 </loctext> |
|
1614 </description> |
|
1615 </prop_pattern> |
|
1616 <prop_pattern required="false" type="astring" name="parser"> |
|
1617 <description> |
|
1618 <loctext xml:lang="C"> |
|
1619 Selects the parser to use for parsing puppet manifests (in puppet DSL |
|
1620 language/'.pp' files). Available choices are `current` (the default) |
|
1621 and `future`. |
|
1622 |
|
1623 The `current` parser means that the released version of the parser should |
|
1624 be used. |
|
1625 |
|
1626 The `future` parser is a "time travel to the future" allowing early |
|
1627 exposure to new language features. What these features are will vary from |
|
1628 release to release and they may be invididually configurable. |
|
1629 |
|
1630 Available Since Puppet 3.2. |
|
1631 </loctext> |
|
1632 </description> |
|
1633 </prop_pattern> |
|
1634 <prop_pattern required="false" type="astring" name="passfile"> |
|
1635 <description> |
|
1636 <loctext xml:lang="C"> |
|
1637 Where puppet agent stores the password for its private key. |
|
1638 Generally unused. |
|
1639 </loctext> |
|
1640 </description> |
|
1641 </prop_pattern> |
|
1642 <prop_pattern required="false" type="astring" name="path"> |
|
1643 <description> |
|
1644 <loctext xml:lang="C"> |
|
1645 The shell search path. Defaults to whatever is inherited |
|
1646 from the parent process. |
|
1647 </loctext> |
|
1648 </description> |
|
1649 </prop_pattern> |
|
1650 <prop_pattern required="false" type="astring" name="pidfile"> |
|
1651 <description> |
|
1652 <loctext xml:lang="C"> |
|
1653 The file containing the PID of a running process. |
|
1654 This file is intended to be used by service management frameworks |
|
1655 and monitoring systems to determine if a puppet process is still in |
|
1656 the process table. |
|
1657 </loctext> |
|
1658 </description> |
|
1659 </prop_pattern> |
|
1660 <prop_pattern required="false" type="astring" name="plugindest"> |
|
1661 <description> |
|
1662 <loctext xml:lang="C"> |
|
1663 Where Puppet should store plugins that it pulls down from the central |
|
1664 server. |
|
1665 </loctext> |
|
1666 </description> |
|
1667 </prop_pattern> |
|
1668 <prop_pattern required="false" type="astring" name="pluginfactdest"> |
|
1669 <description> |
|
1670 <loctext xml:lang="C"> |
|
1671 Where Puppet should store external facts that are being handled by pluginsync |
|
1672 </loctext> |
|
1673 </description> |
|
1674 </prop_pattern> |
|
1675 <prop_pattern required="false" type="astring" name="pluginfactsource"> |
|
1676 <description> |
|
1677 <loctext xml:lang="C"> |
|
1678 Where to retrieve external facts for pluginsync |
|
1679 </loctext> |
|
1680 </description> |
|
1681 </prop_pattern> |
|
1682 <prop_pattern required="false" type="astring" name="pluginsignore"> |
|
1683 <description> |
|
1684 <loctext xml:lang="C"> |
|
1685 What files to ignore when pulling down plugins. |
|
1686 </loctext> |
|
1687 </description> |
|
1688 </prop_pattern> |
|
1689 <prop_pattern required="false" type="astring" name="pluginsource"> |
|
1690 <description> |
|
1691 <loctext xml:lang="C"> |
|
1692 From where to retrieve plugins. The standard Puppet `file` type |
|
1693 is used for retrieval, so anything that is a valid file source can |
|
1694 be used here. |
|
1695 </loctext> |
|
1696 </description> |
|
1697 </prop_pattern> |
|
1698 <prop_pattern required="false" type="boolean" name="pluginsync"> |
|
1699 <description> |
|
1700 <loctext xml:lang="C"> |
|
1701 Whether plugins should be synced with the central server. |
|
1702 </loctext> |
|
1703 </description> |
|
1704 </prop_pattern> |
|
1705 <prop_pattern required="false" type="astring" name="postrun_command"> |
|
1706 <description> |
|
1707 <loctext xml:lang="C"> |
|
1708 A command to run after every agent run. If this command returns a non-zero |
|
1709 return code, the entire Puppet run will be considered to have failed, even though it might have |
|
1710 performed work during the normal run. |
|
1711 </loctext> |
|
1712 </description> |
|
1713 </prop_pattern> |
|
1714 <prop_pattern required="false" type="astring" name="preferred_serialization_format"> |
|
1715 <description> |
|
1716 <loctext xml:lang="C"> |
|
1717 The preferred means of serializing |
|
1718 ruby instances for passing over the wire. This won't guarantee that all |
|
1719 instances will be serialized using this method, since not all classes |
|
1720 can be guaranteed to support this format, but it will be used for all |
|
1721 classes that support it. |
|
1722 </loctext> |
|
1723 </description> |
|
1724 </prop_pattern> |
|
1725 <prop_pattern required="false" type="astring" name="prerun_command"> |
|
1726 <description> |
|
1727 <loctext xml:lang="C"> |
|
1728 A command to run before every agent run. If this command returns a non-zero |
|
1729 return code, the entire Puppet run will fail. |
|
1730 </loctext> |
|
1731 </description> |
|
1732 </prop_pattern> |
|
1733 <prop_pattern required="false" type="astring" name="preview_outputdir"> |
|
1734 <description> |
|
1735 <loctext xml:lang="C"> |
|
1736 The directory where catalog previews per node are generated. |
|
1737 </loctext> |
|
1738 </description> |
|
1739 </prop_pattern> |
|
1740 <prop_pattern required="false" type="astring" name="priority"> |
|
1741 <description> |
|
1742 <loctext xml:lang="C"> |
|
1743 The scheduling priority of the process. Valid values are 'high', |
|
1744 'normal', 'low', or 'idle', which are mapped to platform-specific |
|
1745 values. The priority can also be specified as an integer value and |
|
1746 will be passed as is, e.g. -5. Puppet must be running as a privileged |
|
1747 user in order to increase scheduling priority. |
|
1748 </loctext> |
|
1749 </description> |
|
1750 </prop_pattern> |
|
1751 <prop_pattern required="false" type="astring" name="privatedir"> |
|
1752 <description> |
|
1753 <loctext xml:lang="C"> |
|
1754 Where the client stores private certificate information. |
|
1755 </loctext> |
|
1756 </description> |
|
1757 </prop_pattern> |
|
1758 <prop_pattern required="false" type="astring" name="privatekeydir"> |
|
1759 <description> |
|
1760 <loctext xml:lang="C"> |
|
1761 The private key directory. |
|
1762 </loctext> |
|
1763 </description> |
|
1764 </prop_pattern> |
|
1765 <prop_pattern required="false" type="boolean" name="profile"> |
|
1766 <description> |
|
1767 <loctext xml:lang="C"> |
|
1768 Whether to enable experimental performance profiling |
|
1769 </loctext> |
|
1770 </description> |
|
1771 </prop_pattern> |
|
1772 <prop_pattern required="false" type="astring" name="publickeydir"> |
|
1773 <description> |
|
1774 <loctext xml:lang="C"> |
|
1775 The public key directory. |
|
1776 </loctext> |
|
1777 </description> |
|
1778 </prop_pattern> |
|
1779 <prop_pattern required="false" type="astring" name="puppetdlog"> |
|
1780 <description> |
|
1781 <loctext xml:lang="C"> |
|
1782 The fallback log file. This is only used when the `--logdest` option |
|
1783 is not specified AND Puppet is running on an operating system where both |
|
1784 the POSIX syslog service and the Windows Event Log are unavailable. (Currently, |
|
1785 no supported operating systems match that description.) |
|
1786 |
|
1787 Despite the name, both puppet agent and puppet master will use this file |
|
1788 as the fallback logging destination. |
|
1789 |
|
1790 For control over logging destinations, see the `--logdest` command line |
|
1791 option in the manual pages for puppet master, puppet agent, and puppet |
|
1792 apply. You can see man pages by running `puppet <SUBCOMMAND> --help`, |
|
1793 or read them online at http://docs.puppetlabs.com/references/latest/man/. |
|
1794 </loctext> |
|
1795 </description> |
|
1796 </prop_pattern> |
|
1797 <prop_pattern required="false" type="integer" name="puppetport"> |
|
1798 <description> |
|
1799 <loctext xml:lang="C"> |
|
1800 Which port puppet agent listens on. |
|
1801 </loctext> |
|
1802 </description> |
|
1803 </prop_pattern> |
|
1804 <prop_pattern required="false" type="uri" name="queue_source"> |
|
1805 <description> |
|
1806 <loctext xml:lang="C"> |
|
1807 Which type of queue to use for asynchronous processing. If your stomp server requires |
|
1808 authentication, you can include it in the URI as long as your stomp client library is at least 1.1.1 |
|
1809 </loctext> |
|
1810 </description> |
|
1811 </prop_pattern> |
|
1812 <prop_pattern required="false" type="astring" name="queue_type"> |
|
1813 <description> |
|
1814 <loctext xml:lang="C"> |
|
1815 Which type of queue to use for asynchronous processing. |
|
1816 </loctext> |
|
1817 </description> |
|
1818 </prop_pattern> |
|
1819 <prop_pattern required="false" type="astring" name="rails_loglevel"> |
|
1820 <description> |
|
1821 <loctext xml:lang="C"> |
|
1822 The log level for Rails connections. The value must be |
|
1823 a valid log level within Rails. Production environments normally use `info` |
|
1824 and other environments normally use `debug`. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
1825 </loctext> |
|
1826 </description> |
|
1827 </prop_pattern> |
|
1828 <prop_pattern required="false" type="astring" name="railslog"> |
|
1829 <description> |
|
1830 <loctext xml:lang="C"> |
|
1831 Where Rails-specific logs are sent. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
1832 </loctext> |
|
1833 </description> |
|
1834 </prop_pattern> |
|
1835 <prop_pattern required="false" type="boolean" name="report"> |
|
1836 <description> |
|
1837 <loctext xml:lang="C"> |
|
1838 Whether to send reports after every transaction. |
|
1839 </loctext> |
|
1840 </description> |
|
1841 </prop_pattern> |
|
1842 <prop_pattern required="false" type="integer" name="report_port"> |
|
1843 <description> |
|
1844 <loctext xml:lang="C"> |
|
1845 The port to communicate with the report_server. |
|
1846 </loctext> |
|
1847 </description> |
|
1848 </prop_pattern> |
|
1849 <prop_pattern required="false" type="astring" name="report_serialization_format"> |
|
1850 <description> |
|
1851 <loctext xml:lang="C"> |
|
1852 The serialization format to use when sending reports to the |
|
1853 `report_server`. Possible values are `pson` and `yaml`. This setting |
|
1854 affects puppet agent, but not puppet apply (which processes its own |
|
1855 reports). |
|
1856 |
|
1857 This should almost always be set to `pson`. It can be temporarily set to |
|
1858 `yaml` to let agents using this Puppet version connect to a puppet master |
|
1859 running Puppet 3.0.0 through 3.2.x. |
|
1860 |
|
1861 Note that this is set to 'yaml' automatically if the agent detects an |
|
1862 older master, so should never need to be set explicitly. |
|
1863 </loctext> |
|
1864 </description> |
|
1865 </prop_pattern> |
|
1866 <prop_pattern required="false" type="host" name="report_server"> |
|
1867 <description> |
|
1868 <loctext xml:lang="C"> |
|
1869 The server to send transaction reports to. |
|
1870 </loctext> |
|
1871 </description> |
|
1872 </prop_pattern> |
|
1873 <prop_pattern required="false" type="astring" name="reportdir"> |
|
1874 <description> |
|
1875 <loctext xml:lang="C"> |
|
1876 The directory in which to store reports. Each node gets |
|
1877 a separate subdirectory in this directory. This setting is only |
|
1878 used when the `store` report processor is enabled (see the |
|
1879 `reports` setting). |
|
1880 </loctext> |
|
1881 </description> |
|
1882 </prop_pattern> |
|
1883 <prop_pattern required="false" type="astring" name="reportfrom"> |
|
1884 <description> |
|
1885 <loctext xml:lang="C"> |
|
1886 The 'from' email address for the reports. |
|
1887 </loctext> |
|
1888 </description> |
|
1889 </prop_pattern> |
|
1890 <prop_pattern required="false" type="astring" name="reports"> |
|
1891 <description> |
|
1892 <loctext xml:lang="C"> |
|
1893 The list of report handlers to use. When using multiple report handlers, |
|
1894 their names should be comma-separated, with whitespace allowed. (For example, |
|
1895 `reports = http, tagmail`.) |
|
1896 |
|
1897 This setting is relevant to puppet master and puppet apply. The puppet |
|
1898 master will call these report handlers with the reports it receives from |
|
1899 agent nodes, and puppet apply will call them with its own report. (In |
|
1900 all cases, the node applying the catalog must have `report = true`.) |
|
1901 |
|
1902 See the report reference for information on the built-in report |
|
1903 handlers; custom report handlers can also be loaded from modules. |
|
1904 (Report handlers are loaded from the lib directory, at |
|
1905 `puppet/reports/NAME.rb`.) |
|
1906 </loctext> |
|
1907 </description> |
|
1908 </prop_pattern> |
|
1909 <prop_pattern required="false" type="uri" name="reporturl"> |
|
1910 <description> |
|
1911 <loctext xml:lang="C"> |
|
1912 The URL that reports should be forwarded to. This setting |
|
1913 is only used when the `http` report processor is enabled (see the |
|
1914 `reports` setting). |
|
1915 </loctext> |
|
1916 </description> |
|
1917 </prop_pattern> |
|
1918 <prop_pattern required="false" type="integer" name="req_bits"> |
|
1919 <description> |
|
1920 <loctext xml:lang="C"> |
|
1921 The bit length of the certificates. |
|
1922 </loctext> |
|
1923 </description> |
|
1924 </prop_pattern> |
|
1925 <prop_pattern required="false" type="astring" name="requestdir"> |
|
1926 <description> |
|
1927 <loctext xml:lang="C"> |
|
1928 Where host certificate requests are stored. |
|
1929 </loctext> |
|
1930 </description> |
|
1931 </prop_pattern> |
|
1932 <prop_pattern required="false" type="astring" name="resourcefile"> |
|
1933 <description> |
|
1934 <loctext xml:lang="C"> |
|
1935 The file in which puppet agent stores a list of the resources |
|
1936 associated with the retrieved configuration. |
|
1937 </loctext> |
|
1938 </description> |
|
1939 </prop_pattern> |
|
1940 <prop_pattern required="false" type="astring" name="rest_authconfig"> |
|
1941 <description> |
|
1942 <loctext xml:lang="C"> |
|
1943 The configuration file that defines the rights to the different |
|
1944 rest indirections. This can be used as a fine-grained |
|
1945 authorization system for `puppet master`. |
|
1946 </loctext> |
|
1947 </description> |
|
1948 </prop_pattern> |
|
1949 <prop_pattern required="false" type="astring" name="route_file"> |
|
1950 <description> |
|
1951 <loctext xml:lang="C"> |
|
1952 The YAML file containing indirector route configuration. |
|
1953 </loctext> |
|
1954 </description> |
|
1955 </prop_pattern> |
|
1956 <prop_pattern required="false" type="astring" name="rrddir"> |
|
1957 <description> |
|
1958 <loctext xml:lang="C"> |
|
1959 The directory where RRD database files are stored. |
|
1960 Directories for each reporting host will be created under |
|
1961 this directory. |
|
1962 </loctext> |
|
1963 </description> |
|
1964 </prop_pattern> |
|
1965 <prop_pattern required="false" type="integer" name="rrdinterval"> |
|
1966 <description> |
|
1967 <loctext xml:lang="C"> |
|
1968 How often RRD should expect data. |
|
1969 This should match how often the hosts report back to the server. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
1970 </loctext> |
|
1971 </description> |
|
1972 </prop_pattern> |
|
1973 <prop_pattern required="false" type="astring" name="rundir"> |
|
1974 <description> |
|
1975 <loctext xml:lang="C"> |
|
1976 Where Puppet PID files are kept. |
|
1977 </loctext> |
|
1978 </description> |
|
1979 </prop_pattern> |
|
1980 <prop_pattern required="false" type="integer" name="runinterval"> |
|
1981 <description> |
|
1982 <loctext xml:lang="C"> |
|
1983 How often puppet agent applies the catalog. |
|
1984 Note that a runinterval of 0 means "run continuously" rather than |
|
1985 "never run." If you want puppet agent to never run, you should start |
|
1986 it with the `--no-client` option. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
1987 </loctext> |
|
1988 </description> |
|
1989 </prop_pattern> |
|
1990 <prop_pattern required="false" type="astring" name="sendmail"> |
|
1991 <description> |
|
1992 <loctext xml:lang="C"> |
|
1993 Where to find the sendmail binary with which to send email. |
|
1994 </loctext> |
|
1995 </description> |
|
1996 </prop_pattern> |
|
1997 <prop_pattern required="false" type="astring" name="serial"> |
|
1998 <description> |
|
1999 <loctext xml:lang="C"> |
|
2000 Where the serial number for certificates is stored. |
|
2001 </loctext> |
|
2002 </description> |
|
2003 </prop_pattern> |
|
2004 <prop_pattern required="false" type="host" name="server"> |
|
2005 <description> |
|
2006 <loctext xml:lang="C"> |
|
2007 The puppet master server to which the puppet agent should connect. |
|
2008 </loctext> |
|
2009 </description> |
|
2010 </prop_pattern> |
|
2011 <prop_pattern required="false" type="astring" name="server_datadir"> |
|
2012 <description> |
|
2013 <loctext xml:lang="C"> |
|
2014 The directory in which serialized data is stored, usually in a subdirectory. |
|
2015 </loctext> |
|
2016 </description> |
|
2017 </prop_pattern> |
|
2018 <prop_pattern required="false" type="boolean" name="show_diff"> |
|
2019 <description> |
|
2020 <loctext xml:lang="C"> |
|
2021 Whether to log and report a contextual diff when files are being replaced. |
|
2022 This causes partial file contents to pass through Puppet's normal |
|
2023 logging and reporting system, so this setting should be used with |
|
2024 caution if you are sending Puppet's reports to an insecure |
|
2025 destination. This feature currently requires the `diff/lcs` Ruby |
|
2026 library. |
|
2027 </loctext> |
|
2028 </description> |
|
2029 </prop_pattern> |
|
2030 <prop_pattern required="false" type="astring" name="signeddir"> |
|
2031 <description> |
|
2032 <loctext xml:lang="C"> |
|
2033 Where the CA stores signed certificates. |
|
2034 </loctext> |
|
2035 </description> |
|
2036 </prop_pattern> |
|
2037 <prop_pattern required="false" type="astring" name="smtphelo"> |
|
2038 <description> |
|
2039 <loctext xml:lang="C"> |
|
2040 The name by which we identify ourselves in SMTP HELO for reports. |
|
2041 If you send to a smtpserver which does strict HELO checking (as with Postfix's |
|
2042 `smtpd_helo_restrictions` access controls), you may need to ensure this resolves. |
|
2043 </loctext> |
|
2044 </description> |
|
2045 </prop_pattern> |
|
2046 <prop_pattern required="false" type="integer" name="smtpport"> |
|
2047 <description> |
|
2048 <loctext xml:lang="C"> |
|
2049 The TCP port through which to send email reports. |
|
2050 </loctext> |
|
2051 </description> |
|
2052 </prop_pattern> |
|
2053 <prop_pattern required="false" type="host" name="smtpserver"> |
|
2054 <description> |
|
2055 <loctext xml:lang="C"> |
|
2056 The server through which to send email reports. |
|
2057 </loctext> |
|
2058 </description> |
|
2059 </prop_pattern> |
|
2060 <prop_pattern required="false" type="boolean" name="splay"> |
|
2061 <description> |
|
2062 <loctext xml:lang="C"> |
|
2063 Whether to sleep for a pseudo-random (but consistent) amount of time before |
|
2064 a run. |
|
2065 </loctext> |
|
2066 </description> |
|
2067 </prop_pattern> |
|
2068 <prop_pattern required="false" type="integer" name="splaylimit"> |
|
2069 <description> |
|
2070 <loctext xml:lang="C"> |
|
2071 The maximum time to delay before runs. Defaults to being the same as the |
|
2072 run interval. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
2073 </loctext> |
|
2074 </description> |
|
2075 </prop_pattern> |
|
2076 <prop_pattern required="false" type="host" name="srv_domain"> |
|
2077 <description> |
|
2078 <loctext xml:lang="C"> |
|
2079 The domain which will be queried to find the SRV records of servers to use. |
|
2080 </loctext> |
|
2081 </description> |
|
2082 </prop_pattern> |
|
2083 <prop_pattern required="false" type="astring" name="ssl_client_ca_auth"> |
|
2084 <description> |
|
2085 <loctext xml:lang="C"> |
|
2086 Certificate authorities who issue server certificates. SSL servers will not be |
|
2087 considered authentic unless they possess a certificate issued by an authority |
|
2088 listed in this file. If this setting has no value then the Puppet master's CA |
|
2089 certificate (localcacert) will be used. |
|
2090 </loctext> |
|
2091 </description> |
|
2092 </prop_pattern> |
|
2093 <prop_pattern required="false" type="astring" name="ssl_client_header"> |
|
2094 <description> |
|
2095 <loctext xml:lang="C"> |
|
2096 The header containing an authenticated client's SSL DN. |
|
2097 This header must be set by the proxy to the authenticated client's SSL |
|
2098 DN (e.g., `/CN=puppet.puppetlabs.com`). Puppet will parse out the Common |
|
2099 Name (CN) from the Distinguished Name (DN) and use the value of the CN |
|
2100 field for authorization. |
|
2101 |
|
2102 Note that the name of the HTTP header gets munged by the web server |
|
2103 common gateway inteface: an `HTTP_` prefix is added, dashes are converted |
|
2104 to underscores, and all letters are uppercased. Thus, to use the |
|
2105 `X-Client-DN` header, this setting should be `HTTP_X_CLIENT_DN`. |
|
2106 </loctext> |
|
2107 </description> |
|
2108 </prop_pattern> |
|
2109 <prop_pattern required="false" type="astring" name="ssl_client_verify_header"> |
|
2110 <description> |
|
2111 <loctext xml:lang="C"> |
|
2112 The header containing the status message of the client |
|
2113 verification. This header must be set by the proxy to 'SUCCESS' if the |
|
2114 client successfully authenticated, and anything else otherwise. |
|
2115 |
|
2116 Note that the name of the HTTP header gets munged by the web server |
|
2117 common gateway inteface: an `HTTP_` prefix is added, dashes are converted |
|
2118 to underscores, and all letters are uppercased. Thus, to use the |
|
2119 `X-Client-Verify` header, this setting should be |
|
2120 `HTTP_X_CLIENT_VERIFY`. |
|
2121 </loctext> |
|
2122 </description> |
|
2123 </prop_pattern> |
|
2124 <prop_pattern required="false" type="astring" name="ssl_server_ca_auth"> |
|
2125 <description> |
|
2126 <loctext xml:lang="C"> |
|
2127 Certificate authorities who issue client certificates. SSL clients will not be |
|
2128 considered authentic unless they possess a certificate issued by an authority |
|
2129 listed in this file. If this setting has no value then the Puppet master's CA |
|
2130 certificate (localcacert) will be used. |
|
2131 </loctext> |
|
2132 </description> |
|
2133 </prop_pattern> |
|
2134 <prop_pattern required="false" type="astring" name="ssldir"> |
|
2135 <description> |
|
2136 <loctext xml:lang="C"> |
|
2137 Where SSL certificates are kept. |
|
2138 </loctext> |
|
2139 </description> |
|
2140 </prop_pattern> |
|
2141 <prop_pattern required="false" type="astring" name="statedir"> |
|
2142 <description> |
|
2143 <loctext xml:lang="C"> |
|
2144 The directory where Puppet state is stored. Generally, |
|
2145 this directory can be removed without causing harm (although it |
|
2146 might result in spurious service restarts). |
|
2147 </loctext> |
|
2148 </description> |
|
2149 </prop_pattern> |
|
2150 <prop_pattern required="false" type="astring" name="statefile"> |
|
2151 <description> |
|
2152 <loctext xml:lang="C"> |
|
2153 Where puppet agent and puppet master store state associated |
|
2154 with the running configuration. In the case of puppet master, |
|
2155 this file reflects the state discovered through interacting |
|
2156 with clients. |
|
2157 </loctext> |
|
2158 </description> |
|
2159 </prop_pattern> |
|
2160 <prop_pattern required="false" type="boolean" name="storeconfigs"> |
|
2161 <description> |
|
2162 <loctext xml:lang="C"> |
|
2163 Whether to store each client's configuration, including catalogs, facts, |
|
2164 and related data. This also enables the import and export of resources in |
|
2165 the Puppet language - a mechanism for exchange resources between nodes. |
|
2166 |
|
2167 By default this uses ActiveRecord and an SQL database to store and query |
|
2168 the data; this, in turn, will depend on Rails being available. |
|
2169 |
|
2170 You can adjust the backend using the storeconfigs_backend setting. |
|
2171 </loctext> |
|
2172 </description> |
|
2173 </prop_pattern> |
|
2174 <prop_pattern required="false" type="astring" name="storeconfigs_backend"> |
|
2175 <description> |
|
2176 <loctext xml:lang="C"> |
|
2177 Configure the backend terminus used for StoreConfigs. |
|
2178 By default, this uses the ActiveRecord store, which directly talks to the |
|
2179 database from within the Puppet Master process. |
|
2180 </loctext> |
|
2181 </description> |
|
2182 </prop_pattern> |
|
2183 <prop_pattern required="false" type="boolean" name="strict_hostname_checking"> |
|
2184 <description> |
|
2185 <loctext xml:lang="C"> |
|
2186 Whether to only search for the complete |
|
2187 hostname as it is in the certificate when searching for node information |
|
2188 in the catalogs. |
|
2189 </loctext> |
|
2190 </description> |
|
2191 </prop_pattern> |
|
2192 <prop_pattern required="false" type="boolean" name="strict_variables"> |
|
2193 <description> |
|
2194 <loctext xml:lang="C"> |
|
2195 Makes the parser raise errors when referencing unknown variables. (This does not affect |
|
2196 referencing variables that are explicitly set to undef). |
|
2197 </loctext> |
|
2198 </description> |
|
2199 </prop_pattern> |
|
2200 <prop_pattern required="false" type="boolean" name="stringify_facts"> |
|
2201 <description> |
|
2202 <loctext xml:lang="C"> |
|
2203 to_s. Means you can't have arrays or |
|
2204 hashes as fact values. (DEPRECATED) This option will be removed in Puppet 4.0. |
|
2205 </loctext> |
|
2206 </description> |
|
2207 </prop_pattern> |
|
2208 <prop_pattern required="false" type="boolean" name="summarize"> |
|
2209 <description> |
|
2210 <loctext xml:lang="C"> |
|
2211 Whether to print a transaction summary. |
|
2212 </loctext> |
|
2213 </description> |
|
2214 </prop_pattern> |
|
2215 <prop_pattern required="false" type="astring" name="syslogfacility"> |
|
2216 <description> |
|
2217 <loctext xml:lang="C"> |
|
2218 What syslog facility to use when logging to syslog. |
|
2219 Syslog has a fixed list of valid facilities, and you must |
|
2220 choose one of those; you cannot just make one up. |
|
2221 </loctext> |
|
2222 </description> |
|
2223 </prop_pattern> |
|
2224 <prop_pattern required="false" type="astring" name="tagmap"> |
|
2225 <description> |
|
2226 <loctext xml:lang="C"> |
|
2227 The mapping between reporting tags and email addresses. |
|
2228 </loctext> |
|
2229 </description> |
|
2230 </prop_pattern> |
|
2231 <prop_pattern required="false" type="astring" name="tags"> |
|
2232 <description> |
|
2233 <loctext xml:lang="C"> |
|
2234 Tags to use to find resources. If this is set, then |
|
2235 only resources tagged with the specified tags will be applied. |
|
2236 Values must be comma-separated. |
|
2237 </loctext> |
|
2238 </description> |
|
2239 </prop_pattern> |
|
2240 <prop_pattern required="false" type="astring" name="templatedir"> |
|
2241 <description> |
|
2242 <loctext xml:lang="C"> |
|
2243 Where Puppet looks for template files. Can be a list of colon-separated |
|
2244 directories. |
|
2245 |
|
2246 This setting is deprecated. Please put your templates in modules instead. |
|
2247 </loctext> |
|
2248 </description> |
|
2249 </prop_pattern> |
|
2250 <prop_pattern required="false" type="boolean" name="thin_storeconfigs"> |
|
2251 <description> |
|
2252 <loctext xml:lang="C"> |
|
2253 Boolean; whether Puppet should store only facts and exported resources in the storeconfigs |
|
2254 database. This will improve the performance of exported resources with the older |
|
2255 `active_record` backend, but will disable external tools that search the storeconfigs database. |
|
2256 Thinning catalogs is generally unnecessary when using PuppetDB to store catalogs. |
|
2257 </loctext> |
|
2258 </description> |
|
2259 </prop_pattern> |
|
2260 <prop_pattern required="false" type="boolean" name="trace"> |
|
2261 <description> |
|
2262 <loctext xml:lang="C"> |
|
2263 Whether to print stack traces on some errors |
|
2264 </loctext> |
|
2265 </description> |
|
2266 </prop_pattern> |
|
2267 <prop_pattern required="false" type="boolean" name="trusted_node_data"> |
|
2268 <description> |
|
2269 <loctext xml:lang="C"> |
|
2270 Stores trusted node data in a hash called $trusted. |
|
2271 When true also prevents $trusted from being overridden in any scope. |
|
2272 </loctext> |
|
2273 </description> |
|
2274 </prop_pattern> |
|
2275 <prop_pattern required="false" type="boolean" name="use_cached_catalog"> |
|
2276 <description> |
|
2277 <loctext xml:lang="C"> |
|
2278 Whether to only use the cached catalog rather than compiling a new catalog |
|
2279 on every run. Puppet can be run with this enabled by default and then selectively |
|
2280 disabled when a recompile is desired. |
|
2281 </loctext> |
|
2282 </description> |
|
2283 </prop_pattern> |
|
2284 <prop_pattern required="false" type="boolean" name="use_srv_records"> |
|
2285 <description> |
|
2286 <loctext xml:lang="C"> |
|
2287 Whether the server will search for SRV records in DNS for the current domain. |
|
2288 </loctext> |
|
2289 </description> |
|
2290 </prop_pattern> |
|
2291 <prop_pattern required="false" type="boolean" name="usecacheonfailure"> |
|
2292 <description> |
|
2293 <loctext xml:lang="C"> |
|
2294 Whether to use the cached configuration when the remote |
|
2295 configuration will not compile. This option is useful for testing |
|
2296 new configurations, where you want to fix the broken configuration |
|
2297 rather than reverting to a known-good one. |
|
2298 </loctext> |
|
2299 </description> |
|
2300 </prop_pattern> |
|
2301 <prop_pattern required="false" type="astring" name="user"> |
|
2302 <description> |
|
2303 <loctext xml:lang="C"> |
|
2304 The user puppet master should run as. |
|
2305 </loctext> |
|
2306 </description> |
|
2307 </prop_pattern> |
|
2308 <prop_pattern required="false" type="astring" name="vardir"> |
|
2309 <description> |
|
2310 <loctext xml:lang="C"> |
|
2311 Where Puppet stores dynamic and growing data. The default for this |
|
2312 setting is calculated specially, like `confdir`_. |
|
2313 </loctext> |
|
2314 </description> |
|
2315 </prop_pattern> |
|
2316 <prop_pattern required="false" type="integer" name="waitforcert"> |
|
2317 <description> |
|
2318 <loctext xml:lang="C"> |
|
2319 How frequently puppet agent should ask for a signed certificate. |
|
2320 |
|
2321 When starting for the first time, puppet agent will submit a certificate |
|
2322 signing request (CSR) to the server named in the `ca_server` setting |
|
2323 (usually the puppet master); this may be autosigned, or may need to be |
|
2324 approved by a human, depending on the CA server's configuration. |
|
2325 |
|
2326 Puppet agent cannot apply configurations until its approved certificate is |
|
2327 available. Since the certificate may or may not be available immediately, |
|
2328 puppet agent will repeatedly try to fetch it at this interval. You can |
|
2329 turn off waiting for certificates by specifying a time of 0, in which case |
|
2330 puppet agent will exit if it cannot get a cert. |
|
2331 This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
2332 </loctext> |
|
2333 </description> |
|
2334 </prop_pattern> |
|
2335 <prop_pattern required="false" type="astring" name="yamldir"> |
|
2336 <description> |
|
2337 <loctext xml:lang="C"> |
|
2338 The directory in which YAML data is stored, usually in a subdirectory. |
|
2339 </loctext> |
|
2340 </description> |
|
2341 </prop_pattern> |
|
2342 <prop_pattern required="false" type="boolean" name="zlib"> |
|
2343 <description> |
|
2344 <loctext xml:lang="C"> |
|
2345 Boolean; whether to use the zlib library |
|
2346 </loctext> |
|
2347 </description> |
|
2348 </prop_pattern> |
|
2349 </pg_pattern> |
|
2350 </template> |
|
2351 </service> |
|
2352 </service_bundle> |
|