|
1 <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> |
|
2 <!-- |
|
3 CDDL HEADER START |
|
4 |
|
5 The contents of this file are subject to the terms of the |
|
6 Common Development and Distribution License (the "License"). |
|
7 You may not use this file except in compliance with the License. |
|
8 |
|
9 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
10 or http://www.opensolaris.org/os/licensing. |
|
11 See the License for the specific language governing permissions |
|
12 and limitations under the License. |
|
13 |
|
14 When distributing Covered Code, include this CDDL HEADER in each |
|
15 file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
16 If applicable, add the following below this CDDL HEADER, with the |
|
17 fields enclosed by brackets "[]" replaced with your own identifying |
|
18 information: Portions Copyright [yyyy] [name of copyright owner] |
|
19 |
|
20 CDDL HEADER END |
|
21 |
|
22 Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved. |
|
23 |
|
24 NOTE: This service manifest is not editable; its contents will |
|
25 be overwritten by package or patch operations, including |
|
26 operating system upgrade. Make customizations in a different |
|
27 file. |
|
28 --> |
|
29 <service_bundle type="manifest" name="puppet"> |
|
30 <service name="application/puppet" type="service" version="1"> |
|
31 <dependency name="filesystem" grouping="require_all" restart_on="error" type="service"> |
|
32 <service_fmri value="svc:/system/filesystem/minimal"/> |
|
33 </dependency> |
|
34 <dependency name="network" grouping="require_all" restart_on="error" type="service"> |
|
35 <service_fmri value="svc:/milestone/network"/> |
|
36 </dependency> |
|
37 <dependency name="identity" grouping="require_all" restart_on="error" type="service"> |
|
38 <service_fmri value="svc:/system/identity:node"/> |
|
39 </dependency> |
|
40 <exec_method type="method" name="start" exec=":true" timeout_seconds="60"/> |
|
41 <exec_method type="method" name="stop" exec=":kill" timeout_seconds="60"/> |
|
42 <property_group name="general" type="framework"> |
|
43 <!-- to start stop puppet --> |
|
44 <propval name="action_authorization" type="astring" value="solaris.smf.manage.puppet"/> |
|
45 <!-- to change puppet properties --> |
|
46 <propval name="value_authorization" type="astring" value="solaris.smf.value.puppet"/> |
|
47 </property_group> |
|
48 <property_group name="puppet_stencil" type="configfile"> |
|
49 <propval name="path" type="astring" value="/etc/puppet/puppet.conf"/> |
|
50 <propval name="stencil" type="astring" value="puppet.stencil"/> |
|
51 <propval name="mode" type="astring" value="0444"/> |
|
52 </property_group> |
|
53 <instance name="master" enabled="false"> |
|
54 <exec_method type="method" name="start" exec="/usr/sbin/puppet master --logdest %{config/logdest}" timeout_seconds="600"/> |
|
55 <property_group name="config" type="application"> |
|
56 <propval name="logdest" type="astring" value="/var/log/puppet/puppet-master.log"/> |
|
57 </property_group> |
|
58 </instance> |
|
59 <instance name="agent" enabled="false"> |
|
60 <exec_method type="method" name="start" exec="/usr/sbin/puppet agent --logdest %{config/logdest}" timeout_seconds="600"/> |
|
61 <property_group name="config" type="application"> |
|
62 <propval name="logdest" type="astring" value="/var/log/puppet/puppet-agent.log"/> |
|
63 </property_group> |
|
64 </instance> |
|
65 <stability value="Unstable"/> |
|
66 <template> |
|
67 <common_name> |
|
68 <loctext xml:lang="C">Puppet version 3.6.2</loctext> |
|
69 </common_name> |
|
70 <documentation> |
|
71 <manpage title="puppet-master" section="8" manpath="/usr/share/man"/> |
|
72 </documentation> |
|
73 <pg_pattern required="false" type="application" name="config"> |
|
74 <prop_pattern required="false" type="astring" name="agent_catalog_run_lockfile"> |
|
75 <description> |
|
76 <loctext xml:lang="C"> |
|
77 A lock file to indicate that a puppet agent catalog run is currently in progress. |
|
78 The file contains the pid of the process that holds the lock on the catalog run. |
|
79 </loctext> |
|
80 </description> |
|
81 </prop_pattern> |
|
82 <prop_pattern required="false" type="astring" name="agent_disabled_lockfile"> |
|
83 <description> |
|
84 <loctext xml:lang="C"> |
|
85 A lock file to indicate that puppet agent runs have been administratively |
|
86 disabled. File contains a JSON object with state information. |
|
87 </loctext> |
|
88 </description> |
|
89 </prop_pattern> |
|
90 <prop_pattern required="false" type="boolean" name="allow_duplicate_certs"> |
|
91 <description> |
|
92 <loctext xml:lang="C"> |
|
93 Whether to allow a new certificate |
|
94 request to overwrite an existing certificate. |
|
95 </loctext> |
|
96 </description> |
|
97 </prop_pattern> |
|
98 <prop_pattern required="false" type="boolean" name="allow_variables_with_dashes"> |
|
99 <description> |
|
100 <loctext xml:lang="C"> |
|
101 Permit hyphens (`-`) in variable names and issue deprecation warnings about |
|
102 them. This setting **should always be `false`;** setting it to `true` |
|
103 will cause subtle and wide-ranging bugs. It will be removed in a future version. |
|
104 |
|
105 Hyphenated variables caused major problems in the language, but were allowed |
|
106 between Puppet 2.7.3 and 2.7.14. If you used them during this window, we |
|
107 apologize for the inconvenience --- you can temporarily set this to `true` |
|
108 in order to upgrade, and can rename your variables at your leisure. Please |
|
109 revert it to `false` after you have renamed all affected variables. |
|
110 </loctext> |
|
111 </description> |
|
112 </prop_pattern> |
|
113 <prop_pattern required="false" type="host" name="archive_file_server"> |
|
114 <description> |
|
115 <loctext xml:lang="C"> |
|
116 During an inspect run, the file bucket server to archive files to if archive_files is set. |
|
117 </loctext> |
|
118 </description> |
|
119 </prop_pattern> |
|
120 <prop_pattern required="false" type="boolean" name="archive_files"> |
|
121 <description> |
|
122 <loctext xml:lang="C"> |
|
123 During an inspect run, whether to archive files whose contents are audited to a file bucket. |
|
124 </loctext> |
|
125 </description> |
|
126 </prop_pattern> |
|
127 <prop_pattern required="false" type="boolean" name="async_storeconfigs"> |
|
128 <description> |
|
129 <loctext xml:lang="C"> |
|
130 Whether to use a queueing system to provide asynchronous database integration. |
|
131 Requires that `puppet queue` be running. |
|
132 </loctext> |
|
133 </description> |
|
134 </prop_pattern> |
|
135 <prop_pattern required="false" type="boolean" name="autoflush"> |
|
136 <description> |
|
137 <loctext xml:lang="C"> |
|
138 Whether log files should always flush to disk. |
|
139 </loctext> |
|
140 </description> |
|
141 </prop_pattern> |
|
142 <prop_pattern required="false" type="astring" name="autosign"> |
|
143 <description> |
|
144 <loctext xml:lang="C"> |
|
145 Whether (and how) to autosign certificate requests. This setting |
|
146 is only relevant on a puppet master acting as a certificate authority (CA). |
|
147 |
|
148 Valid values are true (autosigns all certificate requests; not recommended), |
|
149 false (disables autosigning certificates), or the absolute path to a file. |
|
150 |
|
151 The file specified in this setting may be either a **configuration file** |
|
152 or a **custom policy executable.** Puppet will automatically determine |
|
153 what it is: If the Puppet user (see the `user` setting) can execute the |
|
154 file, it will be treated as a policy executable; otherwise, it will be |
|
155 treated as a config file. |
|
156 |
|
157 If a custom policy executable is configured, the CA puppet master will run it |
|
158 every time it receives a CSR. The executable will be passed the subject CN of the |
|
159 request _as a command line argument,_ and the contents of the CSR in PEM format |
|
160 _on stdin._ It should exit with a status of 0 if the cert should be autosigned |
|
161 and non-zero if the cert should not be autosigned. |
|
162 |
|
163 If a certificate request is not autosigned, it will persist for review. An admin |
|
164 user can use the `puppet cert sign` command to manually sign it, or can delete |
|
165 the request. |
|
166 |
|
167 For info on autosign configuration files, see |
|
168 [the guide to Puppet's config files](http://docs.puppetlabs.com/guides/configuring.html). |
|
169 </loctext> |
|
170 </description> |
|
171 </prop_pattern> |
|
172 <prop_pattern required="false" type="astring" name="basemodulepath"> |
|
173 <description> |
|
174 <loctext xml:lang="C"> |
|
175 The search path for **global** modules. Should be specified as a |
|
176 list of directories separated by the system path separator character. (The |
|
177 POSIX path separator is ':', and the Windows path separator is ';'.) |
|
178 |
|
179 If you are using directory environments, these are the modules that will |
|
180 be used by _all_ environments. Note that the `modules` directory of the active |
|
181 environment will have priority over any global directories. For more info, see |
|
182 http://docs.puppetlabs.com/puppet/latest/reference/environments.html |
|
183 |
|
184 This setting also provides the default value for the deprecated `modulepath` |
|
185 setting, which is used when directory environments are disabled. |
|
186 </loctext> |
|
187 </description> |
|
188 </prop_pattern> |
|
189 <prop_pattern required="false" type="boolean" name="biff"> |
|
190 <description> |
|
191 <loctext xml:lang="C"> |
|
192 Turns on Biff the catalog builder, future parser, and future evaluator. |
|
193 This is an experimental feature - and this setting may go away before |
|
194 release of Pupet 3.6. |
|
195 </loctext> |
|
196 </description> |
|
197 </prop_pattern> |
|
198 <prop_pattern required="false" type="net_address" name="bindaddress"> |
|
199 <description> |
|
200 <loctext xml:lang="C"> |
|
201 The address a listening server should bind to. |
|
202 </loctext> |
|
203 </description> |
|
204 </prop_pattern> |
|
205 <prop_pattern required="false" type="boolean" name="binder"> |
|
206 <description> |
|
207 <loctext xml:lang="C"> |
|
208 Turns the binding system on or off. This includes bindings in modules. |
|
209 The binding system aggregates data from modules and other locations and makes them available for lookup. |
|
210 The binding system is experimental and any or all of it may change. |
|
211 </loctext> |
|
212 </description> |
|
213 </prop_pattern> |
|
214 <prop_pattern required="false" type="astring" name="binder_config"> |
|
215 <description> |
|
216 <loctext xml:lang="C"> |
|
217 The binder configuration file. Puppet reads this file on each request to configure the bindings system. |
|
218 If set to nil (the default), a $confdir/binder_config.yaml is optionally loaded. If it does not exists, a default configuration |
|
219 is used. If the setting :binding_config is specified, it must reference a valid and existing yaml file. |
|
220 </loctext> |
|
221 </description> |
|
222 </prop_pattern> |
|
223 <prop_pattern required="false" type="astring" name="bucketdir"> |
|
224 <description> |
|
225 <loctext xml:lang="C"> |
|
226 Where FileBucket files are stored. |
|
227 </loctext> |
|
228 </description> |
|
229 </prop_pattern> |
|
230 <prop_pattern required="false" type="boolean" name="ca"> |
|
231 <description> |
|
232 <loctext xml:lang="C"> |
|
233 Whether the master should function as a certificate authority. |
|
234 </loctext> |
|
235 </description> |
|
236 </prop_pattern> |
|
237 <prop_pattern required="false" type="astring" name="ca_name"> |
|
238 <description> |
|
239 <loctext xml:lang="C"> |
|
240 The name to use the Certificate Authority certificate. |
|
241 </loctext> |
|
242 </description> |
|
243 </prop_pattern> |
|
244 <prop_pattern required="false" type="integer" name="ca_port"> |
|
245 <description> |
|
246 <loctext xml:lang="C"> |
|
247 The port to use for the certificate authority. |
|
248 </loctext> |
|
249 </description> |
|
250 </prop_pattern> |
|
251 <prop_pattern required="false" type="host" name="ca_server"> |
|
252 <description> |
|
253 <loctext xml:lang="C"> |
|
254 The server to use for certificate |
|
255 authority requests. It's a separate server because it cannot |
|
256 and does not need to horizontally scale. |
|
257 </loctext> |
|
258 </description> |
|
259 </prop_pattern> |
|
260 <prop_pattern required="false" type="integer" name="ca_ttl"> |
|
261 <description> |
|
262 <loctext xml:lang="C"> |
|
263 The default TTL for new certificates. |
|
264 This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
265 </loctext> |
|
266 </description> |
|
267 </prop_pattern> |
|
268 <prop_pattern required="false" type="astring" name="cacert"> |
|
269 <description> |
|
270 <loctext xml:lang="C"> |
|
271 The CA certificate. |
|
272 </loctext> |
|
273 </description> |
|
274 </prop_pattern> |
|
275 <prop_pattern required="false" type="astring" name="cacrl"> |
|
276 <description> |
|
277 <loctext xml:lang="C"> |
|
278 The certificate revocation list (CRL) for the CA. Will be used if present but otherwise ignored. |
|
279 </loctext> |
|
280 </description> |
|
281 </prop_pattern> |
|
282 <prop_pattern required="false" type="astring" name="cadir"> |
|
283 <description> |
|
284 <loctext xml:lang="C"> |
|
285 The root directory for the certificate authority. |
|
286 </loctext> |
|
287 </description> |
|
288 </prop_pattern> |
|
289 <prop_pattern required="false" type="astring" name="cakey"> |
|
290 <description> |
|
291 <loctext xml:lang="C"> |
|
292 The CA private key. |
|
293 </loctext> |
|
294 </description> |
|
295 </prop_pattern> |
|
296 <prop_pattern required="false" type="astring" name="capass"> |
|
297 <description> |
|
298 <loctext xml:lang="C"> |
|
299 Where the CA stores the password for the private key. |
|
300 </loctext> |
|
301 </description> |
|
302 </prop_pattern> |
|
303 <prop_pattern required="false" type="astring" name="caprivatedir"> |
|
304 <description> |
|
305 <loctext xml:lang="C"> |
|
306 Where the CA stores private certificate information. |
|
307 </loctext> |
|
308 </description> |
|
309 </prop_pattern> |
|
310 <prop_pattern required="false" type="astring" name="capub"> |
|
311 <description> |
|
312 <loctext xml:lang="C"> |
|
313 The CA public key. |
|
314 </loctext> |
|
315 </description> |
|
316 </prop_pattern> |
|
317 <prop_pattern required="false" type="astring" name="catalog_cache_terminus"> |
|
318 <description> |
|
319 <loctext xml:lang="C"> |
|
320 How to store cached catalogs. Valid values are 'json', 'msgpack' and 'yaml'. The agent application defaults to 'json'. |
|
321 </loctext> |
|
322 </description> |
|
323 </prop_pattern> |
|
324 <prop_pattern required="false" type="astring" name="catalog_format"> |
|
325 <description> |
|
326 <loctext xml:lang="C"> |
|
327 (Deprecated for 'preferred_serialization_format') What format to |
|
328 use to dump the catalog. Only supports 'marshal' and 'yaml'. Only |
|
329 matters on the client, since it asks the server for a specific format. |
|
330 </loctext> |
|
331 </description> |
|
332 </prop_pattern> |
|
333 <prop_pattern required="false" type="astring" name="catalog_terminus"> |
|
334 <description> |
|
335 <loctext xml:lang="C"> |
|
336 Where to get node catalogs. This is useful to change if, for instance, |
|
337 you'd like to pre-compile catalogs and store them in memcached or some other easily-accessed store. |
|
338 </loctext> |
|
339 </description> |
|
340 </prop_pattern> |
|
341 <prop_pattern required="false" type="astring" name="cert_inventory"> |
|
342 <description> |
|
343 <loctext xml:lang="C"> |
|
344 The inventory file. This is a text file to which the CA writes a |
|
345 complete listing of all certificates. |
|
346 </loctext> |
|
347 </description> |
|
348 </prop_pattern> |
|
349 <prop_pattern required="false" type="astring" name="certdir"> |
|
350 <description> |
|
351 <loctext xml:lang="C"> |
|
352 The certificate directory. |
|
353 </loctext> |
|
354 </description> |
|
355 </prop_pattern> |
|
356 <prop_pattern required="false" type="astring" name="certdnsnames"> |
|
357 <description> |
|
358 <loctext xml:lang="C"> |
|
359 The `certdnsnames` setting is no longer functional, |
|
360 after CVE-2011-3872. We ignore the value completely. |
|
361 |
|
362 For your own certificate request you can set `dns_alt_names` in the |
|
363 configuration and it will apply locally. There is no configuration option to |
|
364 set DNS alt names, or any other `subjectAltName` value, for another nodes |
|
365 certificate. |
|
366 |
|
367 Alternately you can use the `--dns_alt_names` command line option to set the |
|
368 labels added while generating your own CSR. |
|
369 </loctext> |
|
370 </description> |
|
371 </prop_pattern> |
|
372 <prop_pattern required="false" type="integer" name="certificate_expire_warning"> |
|
373 <description> |
|
374 <loctext xml:lang="C"> |
|
375 The window of time leading up to a certificate's expiration that a notification |
|
376 will be logged. This applies to CA, master, and agent certificates. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
377 </loctext> |
|
378 </description> |
|
379 </prop_pattern> |
|
380 <prop_pattern required="false" type="boolean" name="certificate_revocation"> |
|
381 <description> |
|
382 <loctext xml:lang="C"> |
|
383 Whether certificate revocation should be supported by downloading a |
|
384 Certificate Revocation List (CRL) |
|
385 to all clients. If enabled, CA chaining will almost definitely not work. |
|
386 </loctext> |
|
387 </description> |
|
388 </prop_pattern> |
|
389 <prop_pattern required="false" type="hostname" name="certname"> |
|
390 <description> |
|
391 <loctext xml:lang="C"> |
|
392 The name to use when handling certificates. Defaults |
|
393 to the fully qualified domain name. |
|
394 </loctext> |
|
395 </description> |
|
396 </prop_pattern> |
|
397 <prop_pattern required="false" type="astring" name="classfile"> |
|
398 <description> |
|
399 <loctext xml:lang="C"> |
|
400 The file in which puppet agent stores a list of the classes |
|
401 associated with the retrieved configuration. Can be loaded in |
|
402 the separate `puppet` executable using the `--loadclasses` |
|
403 option. |
|
404 </loctext> |
|
405 </description> |
|
406 </prop_pattern> |
|
407 <prop_pattern required="false" type="astring" name="client_datadir"> |
|
408 <description> |
|
409 <loctext xml:lang="C"> |
|
410 The directory in which serialized data is stored on the client. |
|
411 </loctext> |
|
412 </description> |
|
413 </prop_pattern> |
|
414 <prop_pattern required="false" type="astring" name="clientbucketdir"> |
|
415 <description> |
|
416 <loctext xml:lang="C"> |
|
417 Where FileBucket files are stored locally. |
|
418 </loctext> |
|
419 </description> |
|
420 </prop_pattern> |
|
421 <prop_pattern required="false" type="astring" name="clientyamldir"> |
|
422 <description> |
|
423 <loctext xml:lang="C"> |
|
424 The directory in which client-side YAML data is stored. |
|
425 </loctext> |
|
426 </description> |
|
427 </prop_pattern> |
|
428 <prop_pattern required="false" type="astring" name="code"> |
|
429 <description> |
|
430 <loctext xml:lang="C"> |
|
431 Code to parse directly. This is essentially only used |
|
432 by `puppet`, and should only be set if you're writing your own Puppet |
|
433 executable. |
|
434 </loctext> |
|
435 </description> |
|
436 </prop_pattern> |
|
437 <prop_pattern required="false" type="astring" name="color"> |
|
438 <description> |
|
439 <loctext xml:lang="C"> |
|
440 Whether to use colors when logging to the console. Valid values are |
|
441 `ansi` (equivalent to `true`), `html`, and `false`, which produces no color. |
|
442 Defaults to false on Windows, as its console does not support ansi colors. |
|
443 </loctext> |
|
444 </description> |
|
445 </prop_pattern> |
|
446 <prop_pattern required="false" type="astring" name="confdir"> |
|
447 <description> |
|
448 <loctext xml:lang="C"> |
|
449 The main Puppet configuration directory. The default for this setting |
|
450 is calculated based on the user. If the process is running as root or |
|
451 the user that Puppet is supposed to run as, it defaults to a system |
|
452 directory, but if it's running as any other user, it defaults to being |
|
453 in the user's home directory. |
|
454 </loctext> |
|
455 </description> |
|
456 </prop_pattern> |
|
457 <prop_pattern required="false" type="astring" name="config"> |
|
458 <description> |
|
459 <loctext xml:lang="C"> |
|
460 The configuration file for the current puppet application. |
|
461 </loctext> |
|
462 </description> |
|
463 </prop_pattern> |
|
464 <prop_pattern required="false" type="astring" name="config_file_name"> |
|
465 <description> |
|
466 <loctext xml:lang="C"> |
|
467 The name of the puppet config file. |
|
468 </loctext> |
|
469 </description> |
|
470 </prop_pattern> |
|
471 <prop_pattern required="false" type="astring" name="config_version"> |
|
472 <description> |
|
473 <loctext xml:lang="C"> |
|
474 How to determine the configuration version. By default, it will be the |
|
475 time that the configuration is parsed, but you can provide a shell script to override how the |
|
476 version is determined. The output of this script will be added to every log message in the |
|
477 reports, allowing you to correlate changes on your hosts to the source version on the server. |
|
478 |
|
479 Setting a global value for config_version in puppet.conf is deprecated. Please set a |
|
480 per-environment value in environment.conf instead. For more info, see |
|
481 http://docs.puppetlabs.com/puppet/latest/reference/environments.html |
|
482 </loctext> |
|
483 </description> |
|
484 </prop_pattern> |
|
485 <prop_pattern required="false" type="astring" name="configprint"> |
|
486 <description> |
|
487 <loctext xml:lang="C"> |
|
488 Print the value of a specific configuration setting. If the name of a |
|
489 setting is provided for this, then the value is printed and puppet |
|
490 exits. Comma-separate multiple values. For a list of all values, |
|
491 specify 'all'. |
|
492 </loctext> |
|
493 </description> |
|
494 </prop_pattern> |
|
495 <prop_pattern required="false" type="integer" name="configtimeout"> |
|
496 <description> |
|
497 <loctext xml:lang="C"> |
|
498 How long the client should wait for the configuration to be retrieved |
|
499 before considering it a failure. This can help reduce flapping if too |
|
500 many clients contact the server at one time. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
501 </loctext> |
|
502 </description> |
|
503 </prop_pattern> |
|
504 <prop_pattern required="false" type="uri" name="couchdb_url"> |
|
505 <description> |
|
506 <loctext xml:lang="C"> |
|
507 The url where the puppet couchdb database will be created. |
|
508 Only used when `facts_terminus` is set to `couch`. |
|
509 </loctext> |
|
510 </description> |
|
511 </prop_pattern> |
|
512 <prop_pattern required="false" type="astring" name="csr_attributes"> |
|
513 <description> |
|
514 <loctext xml:lang="C"> |
|
515 An optional file containing custom attributes to add to certificate signing |
|
516 requests (CSRs). You should ensure that this file does not exist on your CA |
|
517 puppet master; if it does, unwanted certificate extensions may leak into |
|
518 certificates created with the `puppet cert generate` command. |
|
519 |
|
520 If present, this file must be a YAML hash containing a `custom_attributes` key |
|
521 and/or an `extension_requests` key. The value of each key must be a hash, where |
|
522 each key is a valid OID and each value is an object that can be cast to a string. |
|
523 |
|
524 Custom attributes can be used by the CA when deciding whether to sign the |
|
525 certificate, but are then discarded. Attribute OIDs can be any OID value except |
|
526 the standard CSR attributes (i.e. attributes described in RFC 2985 section 5.4). |
|
527 This is useful for embedding a pre-shared key for autosigning policy executables |
|
528 (see the `autosign` setting), often by using the `1.2.840.113549.1.9.7` |
|
529 ("challenge password") OID. |
|
530 |
|
531 Extension requests will be permanently embedded in the final certificate. |
|
532 Extension OIDs must be in the "ppRegCertExt" (`1.3.6.1.4.1.34380.1.1`) or |
|
533 "ppPrivCertExt" (`1.3.6.1.4.1.34380.1.2`) OID arcs. The ppRegCertExt arc is |
|
534 reserved for four of the most common pieces of data to embed: `pp_uuid` (`.1`), |
|
535 `pp_instance_id` (`.2`), `pp_image_name` (`.3`), and `pp_preshared_key` (`.4`) |
|
536 --- in the YAML file, these can be referred to by their short descriptive names |
|
537 instead of their full OID. The ppPrivCertExt arc is unregulated, and can be used |
|
538 for site-specific extensions. |
|
539 </loctext> |
|
540 </description> |
|
541 </prop_pattern> |
|
542 <prop_pattern required="false" type="astring" name="csrdir"> |
|
543 <description> |
|
544 <loctext xml:lang="C"> |
|
545 Where the CA stores certificate requests |
|
546 </loctext> |
|
547 </description> |
|
548 </prop_pattern> |
|
549 <prop_pattern required="false" type="boolean" name="daemonize"> |
|
550 <description> |
|
551 <loctext xml:lang="C"> |
|
552 Whether to send the process into the background. This defaults |
|
553 to true on POSIX systems, and to false on Windows (where Puppet |
|
554 currently cannot daemonize). |
|
555 </loctext> |
|
556 </description> |
|
557 </prop_pattern> |
|
558 <prop_pattern required="false" type="astring" name="data_binding_terminus"> |
|
559 <description> |
|
560 <loctext xml:lang="C"> |
|
561 Where to retrive information about data. |
|
562 </loctext> |
|
563 </description> |
|
564 </prop_pattern> |
|
565 <prop_pattern required="false" type="astring" name="dbadapter"> |
|
566 <description> |
|
567 <loctext xml:lang="C"> |
|
568 The type of database to use. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
569 </loctext> |
|
570 </description> |
|
571 </prop_pattern> |
|
572 <prop_pattern required="false" type="astring" name="dbconnections"> |
|
573 <description> |
|
574 <loctext xml:lang="C"> |
|
575 The number of database connections for networked |
|
576 databases. Will be ignored unless the value is a positive integer. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
577 </loctext> |
|
578 </description> |
|
579 </prop_pattern> |
|
580 <prop_pattern required="false" type="astring" name="dblocation"> |
|
581 <description> |
|
582 <loctext xml:lang="C"> |
|
583 The sqlite database file. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
584 </loctext> |
|
585 </description> |
|
586 </prop_pattern> |
|
587 <prop_pattern required="false" type="boolean" name="dbmigrate"> |
|
588 <description> |
|
589 <loctext xml:lang="C"> |
|
590 Whether to automatically migrate the database. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
591 </loctext> |
|
592 </description> |
|
593 </prop_pattern> |
|
594 <prop_pattern required="false" type="astring" name="dbname"> |
|
595 <description> |
|
596 <loctext xml:lang="C"> |
|
597 The name of the database to use. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
598 </loctext> |
|
599 </description> |
|
600 </prop_pattern> |
|
601 <prop_pattern required="false" type="astring" name="dbpassword"> |
|
602 <description> |
|
603 <loctext xml:lang="C"> |
|
604 The database password for caching. Only |
|
605 used when networked databases are used. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
606 </loctext> |
|
607 </description> |
|
608 </prop_pattern> |
|
609 <prop_pattern required="false" type="astring" name="dbport"> |
|
610 <description> |
|
611 <loctext xml:lang="C"> |
|
612 The database password for caching. Only |
|
613 used when networked databases are used. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
614 </loctext> |
|
615 </description> |
|
616 </prop_pattern> |
|
617 <prop_pattern required="false" type="host" name="dbserver"> |
|
618 <description> |
|
619 <loctext xml:lang="C"> |
|
620 The database server for caching. Only |
|
621 used when networked databases are used. |
|
622 </loctext> |
|
623 </description> |
|
624 </prop_pattern> |
|
625 <prop_pattern required="false" type="astring" name="dbsocket"> |
|
626 <description> |
|
627 <loctext xml:lang="C"> |
|
628 The database socket location. Only used when networked |
|
629 databases are used. Will be ignored if the value is an empty string. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
630 </loctext> |
|
631 </description> |
|
632 </prop_pattern> |
|
633 <prop_pattern required="false" type="astring" name="dbuser"> |
|
634 <description> |
|
635 <loctext xml:lang="C"> |
|
636 The database user for caching. Only |
|
637 used when networked databases are used. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
638 </loctext> |
|
639 </description> |
|
640 </prop_pattern> |
|
641 <prop_pattern required="false" type="astring" name="default_file_terminus"> |
|
642 <description> |
|
643 <loctext xml:lang="C"> |
|
644 The default source for files if no server is given in a |
|
645 uri, e.g. puppet:///file. The default of `rest` causes the file to be |
|
646 retrieved using the `server` setting. When running `apply` the default |
|
647 is `file_server`, causing requests to be filled locally. |
|
648 </loctext> |
|
649 </description> |
|
650 </prop_pattern> |
|
651 <prop_pattern required="false" type="boolean" name="default_schedules"> |
|
652 <description> |
|
653 <loctext xml:lang="C"> |
|
654 Boolean; whether to generate the default schedule resources. Setting this to |
|
655 false is useful for keeping external report processors clean of skipped schedule resources. |
|
656 </loctext> |
|
657 </description> |
|
658 </prop_pattern> |
|
659 <prop_pattern required="false" type="astring" name="deviceconfig"> |
|
660 <description> |
|
661 <loctext xml:lang="C"> |
|
662 Path to the device config file for puppet device. |
|
663 </loctext> |
|
664 </description> |
|
665 </prop_pattern> |
|
666 <prop_pattern required="false" type="astring" name="devicedir"> |
|
667 <description> |
|
668 <loctext xml:lang="C"> |
|
669 The root directory of devices' $vardir. |
|
670 </loctext> |
|
671 </description> |
|
672 </prop_pattern> |
|
673 <prop_pattern required="false" type="astring" name="diff"> |
|
674 <description> |
|
675 <loctext xml:lang="C"> |
|
676 Which diff command to use when printing differences between files. This setting |
|
677 has no default value on Windows, as standard `diff` is not available, but Puppet can use many |
|
678 third-party diff tools. |
|
679 </loctext> |
|
680 </description> |
|
681 </prop_pattern> |
|
682 <prop_pattern required="false" type="astring" name="diff_args"> |
|
683 <description> |
|
684 <loctext xml:lang="C"> |
|
685 Which arguments to pass to the diff command when printing differences between |
|
686 files. The command to use can be chosen with the `diff` setting. |
|
687 </loctext> |
|
688 </description> |
|
689 </prop_pattern> |
|
690 <prop_pattern required="false" type="astring" name="digest_algorithm"> |
|
691 <description> |
|
692 <loctext xml:lang="C"> |
|
693 Which digest algorithm to use for file resources and the filebucket. |
|
694 Valid values are md5, sha256. Default is md5. |
|
695 </loctext> |
|
696 </description> |
|
697 </prop_pattern> |
|
698 <prop_pattern required="false" type="astring" name="disable_warnings"> |
|
699 <description> |
|
700 <loctext xml:lang="C"> |
|
701 A list of warning types to disable. Currently the only warning type that can be |
|
702 disabled are deprecations, but more warning types may be added later. |
|
703 </loctext> |
|
704 </description> |
|
705 </prop_pattern> |
|
706 <prop_pattern required="false" type="host" name="dns_alt_names"> |
|
707 <description> |
|
708 <loctext xml:lang="C"> |
|
709 The comma-separated list of alternative DNS names to use for the local host. |
|
710 |
|
711 When the node generates a CSR for itself, these are added to the request |
|
712 as the desired `subjectAltName` in the certificate: additional DNS labels |
|
713 that the certificate is also valid answering as. |
|
714 |
|
715 This is generally required if you use a non-hostname `certname`, or if you |
|
716 want to use `puppet kick` or `puppet resource -H` and the primary certname |
|
717 does not match the DNS name you use to communicate with the host. |
|
718 |
|
719 This is unnecessary for agents, unless you intend to use them as a server for |
|
720 `puppet kick` or remote `puppet resource` management. |
|
721 |
|
722 It is rarely necessary for servers; it is usually helpful only if you need to |
|
723 have a pool of multiple load balanced masters, or for the same master to |
|
724 respond on two physically separate networks under different names. |
|
725 </loctext> |
|
726 </description> |
|
727 </prop_pattern> |
|
728 <prop_pattern required="false" type="boolean" name="document_all"> |
|
729 <description> |
|
730 <loctext xml:lang="C"> |
|
731 Whether to document all resources when using `puppet doc` to |
|
732 generate manifest documentation. |
|
733 </loctext> |
|
734 </description> |
|
735 </prop_pattern> |
|
736 <prop_pattern required="false" type="astring" name="dynamicfacts"> |
|
737 <description> |
|
738 <loctext xml:lang="C"> |
|
739 (Deprecated) Facts that are dynamic; these facts will be ignored when deciding whether |
|
740 changed facts should result in a recompile. Multiple facts should be |
|
741 comma-separated. |
|
742 </loctext> |
|
743 </description> |
|
744 </prop_pattern> |
|
745 <prop_pattern required="false" type="astring" name="environment"> |
|
746 <description> |
|
747 <loctext xml:lang="C"> |
|
748 The environment Puppet is running in. For clients |
|
749 (e.g., `puppet agent`) this determines the environment itself, which |
|
750 is used to find modules and much more. For servers (i.e., `puppet master`) |
|
751 this provides the default environment for nodes we know nothing about. |
|
752 </loctext> |
|
753 </description> |
|
754 </prop_pattern> |
|
755 <prop_pattern required="false" type="integer" name="environment_timeout"> |
|
756 <description> |
|
757 <loctext xml:lang="C"> |
|
758 The time to live for a cached environment. The time is either given This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)., or |
|
759 the word 'unlimited' which causes the environment to be cached until the master is restarted. |
|
760 </loctext> |
|
761 </description> |
|
762 </prop_pattern> |
|
763 <prop_pattern required="false" type="astring" name="environmentpath"> |
|
764 <description> |
|
765 <loctext xml:lang="C"> |
|
766 A search path for directory environments, as a list of directories |
|
767 separated by the system path separator character. (The POSIX path separator |
|
768 is ':', and the Windows path separator is ';'.) |
|
769 |
|
770 This setting must have a value set to enable **directory environments.** The |
|
771 recommended value is `$confdir/environments`. For more details, see |
|
772 http://docs.puppetlabs.com/puppet/latest/reference/environments.html |
|
773 </loctext> |
|
774 </description> |
|
775 </prop_pattern> |
|
776 <prop_pattern required="false" type="boolean" name="evaltrace"> |
|
777 <description> |
|
778 <loctext xml:lang="C"> |
|
779 Whether each resource should log when it is |
|
780 being evaluated. This allows you to interactively see exactly |
|
781 what is being done. |
|
782 </loctext> |
|
783 </description> |
|
784 </prop_pattern> |
|
785 <prop_pattern required="false" type="astring" name="evaluator"> |
|
786 <description> |
|
787 <loctext xml:lang="C"> |
|
788 Which evaluator to use when compiling Puppet manifests. Valid values |
|
789 are `current` and `future` (the default). |
|
790 |
|
791 **Note:** This setting is only used when `parser = future`. It allows |
|
792 testers to turn off the `future` evaluator when doing detailed tests and |
|
793 comparisons of the new compilation system. |
|
794 |
|
795 Evaluation is the second stage of catalog compilation. After the parser |
|
796 converts a manifest to a model of expressions, the evaluator processes |
|
797 each expression. (For example, a resource declaration signals the |
|
798 evaluator to add a resource to the catalog). |
|
799 |
|
800 The `future` parser and evaluator are slated to become default in Puppet |
|
801 4. Their purpose is to add new features and improve consistency |
|
802 and reliability. |
|
803 |
|
804 Available Since Puppet 3.5. |
|
805 </loctext> |
|
806 </description> |
|
807 </prop_pattern> |
|
808 <prop_pattern required="false" type="astring" name="external_nodes"> |
|
809 <description> |
|
810 <loctext xml:lang="C"> |
|
811 An external command that can produce node information. The command's output |
|
812 must be a YAML dump of a hash, and that hash must have a `classes` key and/or |
|
813 a `parameters` key, where `classes` is an array or hash and |
|
814 `parameters` is a hash. For unknown nodes, the command should |
|
815 exit with a non-zero exit code. |
|
816 |
|
817 This command makes it straightforward to store your node mapping |
|
818 information in other data sources like databases. |
|
819 </loctext> |
|
820 </description> |
|
821 </prop_pattern> |
|
822 <prop_pattern required="false" type="astring" name="factpath"> |
|
823 <description> |
|
824 <loctext xml:lang="C"> |
|
825 Where Puppet should look for facts. Multiple directories should |
|
826 be separated by the system path separator character. (The POSIX path |
|
827 separator is ':', and the Windows path separator is ';'.) |
|
828 </loctext> |
|
829 </description> |
|
830 </prop_pattern> |
|
831 <prop_pattern required="false" type="astring" name="facts_terminus"> |
|
832 <description> |
|
833 <loctext xml:lang="C"> |
|
834 The node facts terminus. |
|
835 </loctext> |
|
836 </description> |
|
837 </prop_pattern> |
|
838 <prop_pattern required="false" type="astring" name="fileserverconfig"> |
|
839 <description> |
|
840 <loctext xml:lang="C"> |
|
841 Where the fileserver configuration is stored. |
|
842 </loctext> |
|
843 </description> |
|
844 </prop_pattern> |
|
845 <prop_pattern required="false" type="integer" name="filetimeout"> |
|
846 <description> |
|
847 <loctext xml:lang="C"> |
|
848 The minimum time to wait between checking for updates in |
|
849 configuration files. This timeout determines how quickly Puppet checks whether |
|
850 a file (such as manifests or templates) has changed on disk. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
851 </loctext> |
|
852 </description> |
|
853 </prop_pattern> |
|
854 <prop_pattern required="false" type="boolean" name="freeze_main"> |
|
855 <description> |
|
856 <loctext xml:lang="C"> |
|
857 Freezes the 'main' class, disallowing any code to be added to it. This |
|
858 essentially means that you can't have any code outside of a node, |
|
859 class, or definition other than in the site manifest. |
|
860 </loctext> |
|
861 </description> |
|
862 </prop_pattern> |
|
863 <prop_pattern required="false" type="boolean" name="genmanifest"> |
|
864 <description> |
|
865 <loctext xml:lang="C"> |
|
866 Whether to just print a manifest to stdout and exit. Only makes |
|
867 sense when specified on the command line as `--genmanifest`. Takes into account arguments specified |
|
868 on the CLI. |
|
869 </loctext> |
|
870 </description> |
|
871 </prop_pattern> |
|
872 <prop_pattern required="false" type="boolean" name="graph"> |
|
873 <description> |
|
874 <loctext xml:lang="C"> |
|
875 Whether to create dot graph files for the different |
|
876 configuration graphs. These dot files can be interpreted by tools |
|
877 like OmniGraffle or dot (which is part of ImageMagick). |
|
878 </loctext> |
|
879 </description> |
|
880 </prop_pattern> |
|
881 <prop_pattern required="false" type="astring" name="graphdir"> |
|
882 <description> |
|
883 <loctext xml:lang="C"> |
|
884 Where to store dot-outputted graphs. |
|
885 </loctext> |
|
886 </description> |
|
887 </prop_pattern> |
|
888 <prop_pattern required="false" type="astring" name="group"> |
|
889 <description> |
|
890 <loctext xml:lang="C"> |
|
891 The group puppet master should run as. |
|
892 </loctext> |
|
893 </description> |
|
894 </prop_pattern> |
|
895 <prop_pattern required="false" type="astring" name="hiera_config"> |
|
896 <description> |
|
897 <loctext xml:lang="C"> |
|
898 The hiera configuration file. Puppet only reads this file on startup, so you must restart the puppet master every time you edit it. |
|
899 </loctext> |
|
900 </description> |
|
901 </prop_pattern> |
|
902 <prop_pattern required="false" type="astring" name="hostcert"> |
|
903 <description> |
|
904 <loctext xml:lang="C"> |
|
905 Where individual hosts store and look for their certificates. |
|
906 </loctext> |
|
907 </description> |
|
908 </prop_pattern> |
|
909 <prop_pattern required="false" type="astring" name="hostcrl"> |
|
910 <description> |
|
911 <loctext xml:lang="C"> |
|
912 Where the host's certificate revocation list can be found. |
|
913 This is distinct from the certificate authority's CRL. |
|
914 </loctext> |
|
915 </description> |
|
916 </prop_pattern> |
|
917 <prop_pattern required="false" type="astring" name="hostcsr"> |
|
918 <description> |
|
919 <loctext xml:lang="C"> |
|
920 Where individual hosts store and look for their certificate requests. |
|
921 </loctext> |
|
922 </description> |
|
923 </prop_pattern> |
|
924 <prop_pattern required="false" type="astring" name="hostprivkey"> |
|
925 <description> |
|
926 <loctext xml:lang="C"> |
|
927 Where individual hosts store and look for their private key. |
|
928 </loctext> |
|
929 </description> |
|
930 </prop_pattern> |
|
931 <prop_pattern required="false" type="astring" name="hostpubkey"> |
|
932 <description> |
|
933 <loctext xml:lang="C"> |
|
934 Where individual hosts store and look for their public key. |
|
935 </loctext> |
|
936 </description> |
|
937 </prop_pattern> |
|
938 <prop_pattern required="false" type="boolean" name="http_compression"> |
|
939 <description> |
|
940 <loctext xml:lang="C"> |
|
941 Allow http compression in REST communication with the master. |
|
942 This setting might improve performance for agent -> master |
|
943 communications over slow WANs. Your puppet master needs to support |
|
944 compression (usually by activating some settings in a reverse-proxy in |
|
945 front of the puppet master, which rules out webrick). It is harmless to |
|
946 activate this settings if your master doesn't support compression, but |
|
947 if it supports it, this setting might reduce performance on high-speed LANs. |
|
948 </loctext> |
|
949 </description> |
|
950 </prop_pattern> |
|
951 <prop_pattern required="false" type="host" name="http_proxy_host"> |
|
952 <description> |
|
953 <loctext xml:lang="C"> |
|
954 The HTTP proxy host to use for outgoing connections. Note: You |
|
955 may need to use a FQDN for the server hostname when using a proxy. |
|
956 </loctext> |
|
957 </description> |
|
958 </prop_pattern> |
|
959 <prop_pattern required="false" type="integer" name="http_proxy_port"> |
|
960 <description> |
|
961 <loctext xml:lang="C"> |
|
962 The HTTP proxy port to use for outgoing connections |
|
963 </loctext> |
|
964 </description> |
|
965 </prop_pattern> |
|
966 <prop_pattern required="false" type="astring" name="httplog"> |
|
967 <description> |
|
968 <loctext xml:lang="C"> |
|
969 Where the puppet agent web server logs. |
|
970 </loctext> |
|
971 </description> |
|
972 </prop_pattern> |
|
973 <prop_pattern required="false" type="boolean" name="ignorecache"> |
|
974 <description> |
|
975 <loctext xml:lang="C"> |
|
976 Ignore cache and always recompile the configuration. This is |
|
977 useful for testing new configurations, where the local cache may in |
|
978 fact be stale even if the timestamps are up to date - if the facts |
|
979 change or if the server changes. |
|
980 </loctext> |
|
981 </description> |
|
982 </prop_pattern> |
|
983 <prop_pattern required="false" type="boolean" name="ignoreimport"> |
|
984 <description> |
|
985 <loctext xml:lang="C"> |
|
986 If true, allows the parser to continue without requiring |
|
987 all files referenced with `import` statements to exist. This setting was primarily |
|
988 designed for use with commit hooks for parse-checking. |
|
989 </loctext> |
|
990 </description> |
|
991 </prop_pattern> |
|
992 <prop_pattern required="false" type="boolean" name="ignoremissingtypes"> |
|
993 <description> |
|
994 <loctext xml:lang="C"> |
|
995 Skip searching for classes and definitions that were missing during a |
|
996 prior compilation. The list of missing objects is maintained per-environment and |
|
997 persists until the environment is cleared or the master is restarted. |
|
998 </loctext> |
|
999 </description> |
|
1000 </prop_pattern> |
|
1001 <prop_pattern required="false" type="boolean" name="ignoreschedules"> |
|
1002 <description> |
|
1003 <loctext xml:lang="C"> |
|
1004 Boolean; whether puppet agent should ignore schedules. This is useful |
|
1005 for initial puppet agent runs. |
|
1006 </loctext> |
|
1007 </description> |
|
1008 </prop_pattern> |
|
1009 <prop_pattern required="false" type="boolean" name="immutable_node_data"> |
|
1010 <description> |
|
1011 <loctext xml:lang="C"> |
|
1012 When true, also prevents $trusted and $facts from being overridden in any scope |
|
1013 </loctext> |
|
1014 </description> |
|
1015 </prop_pattern> |
|
1016 <prop_pattern required="false" type="integer" name="inventory_port"> |
|
1017 <description> |
|
1018 <loctext xml:lang="C"> |
|
1019 The port to communicate with the inventory_server. |
|
1020 </loctext> |
|
1021 </description> |
|
1022 </prop_pattern> |
|
1023 <prop_pattern required="false" type="host" name="inventory_server"> |
|
1024 <description> |
|
1025 <loctext xml:lang="C"> |
|
1026 The server to send facts to. |
|
1027 </loctext> |
|
1028 </description> |
|
1029 </prop_pattern> |
|
1030 <prop_pattern required="false" type="astring" name="inventory_terminus"> |
|
1031 <description> |
|
1032 <loctext xml:lang="C"> |
|
1033 Should usually be the same as the facts terminus |
|
1034 </loctext> |
|
1035 </description> |
|
1036 </prop_pattern> |
|
1037 <prop_pattern required="false" type="integer" name="keylength"> |
|
1038 <description> |
|
1039 <loctext xml:lang="C"> |
|
1040 The bit length of keys. |
|
1041 </loctext> |
|
1042 </description> |
|
1043 </prop_pattern> |
|
1044 <prop_pattern required="false" type="astring" name="lastrunfile"> |
|
1045 <description> |
|
1046 <loctext xml:lang="C"> |
|
1047 Where puppet agent stores the last run report summary in yaml format. |
|
1048 </loctext> |
|
1049 </description> |
|
1050 </prop_pattern> |
|
1051 <prop_pattern required="false" type="astring" name="lastrunreport"> |
|
1052 <description> |
|
1053 <loctext xml:lang="C"> |
|
1054 Where puppet agent stores the last run report in yaml format. |
|
1055 </loctext> |
|
1056 </description> |
|
1057 </prop_pattern> |
|
1058 <prop_pattern required="false" type="astring" name="ldapattrs"> |
|
1059 <description> |
|
1060 <loctext xml:lang="C"> |
|
1061 The LDAP attributes to include when querying LDAP for nodes. All |
|
1062 returned attributes are set as variables in the top-level scope. |
|
1063 Multiple values should be comma-separated. The value 'all' returns |
|
1064 all attributes. |
|
1065 </loctext> |
|
1066 </description> |
|
1067 </prop_pattern> |
|
1068 <prop_pattern required="false" type="astring" name="ldapbase"> |
|
1069 <description> |
|
1070 <loctext xml:lang="C"> |
|
1071 The search base for LDAP searches. It's impossible to provide |
|
1072 a meaningful default here, although the LDAP libraries might |
|
1073 have one already set. Generally, it should be the 'ou=Hosts' |
|
1074 branch under your main directory. |
|
1075 </loctext> |
|
1076 </description> |
|
1077 </prop_pattern> |
|
1078 <prop_pattern required="false" type="astring" name="ldapclassattrs"> |
|
1079 <description> |
|
1080 <loctext xml:lang="C"> |
|
1081 The LDAP attributes to use to define Puppet classes. Values |
|
1082 should be comma-separated. |
|
1083 </loctext> |
|
1084 </description> |
|
1085 </prop_pattern> |
|
1086 <prop_pattern required="false" type="astring" name="ldapparentattr"> |
|
1087 <description> |
|
1088 <loctext xml:lang="C"> |
|
1089 The attribute to use to define the parent node. |
|
1090 </loctext> |
|
1091 </description> |
|
1092 </prop_pattern> |
|
1093 <prop_pattern required="false" type="astring" name="ldappassword"> |
|
1094 <description> |
|
1095 <loctext xml:lang="C"> |
|
1096 The password to use to connect to LDAP. |
|
1097 </loctext> |
|
1098 </description> |
|
1099 </prop_pattern> |
|
1100 <prop_pattern required="false" type="integer" name="ldapport"> |
|
1101 <description> |
|
1102 <loctext xml:lang="C"> |
|
1103 The LDAP port. Only used if `node_terminus` is set to `ldap`. |
|
1104 </loctext> |
|
1105 </description> |
|
1106 </prop_pattern> |
|
1107 <prop_pattern required="false" type="host" name="ldapserver"> |
|
1108 <description> |
|
1109 <loctext xml:lang="C"> |
|
1110 The LDAP server. Only used if `node_terminus` is set to `ldap`. |
|
1111 </loctext> |
|
1112 </description> |
|
1113 </prop_pattern> |
|
1114 <prop_pattern required="false" type="boolean" name="ldapssl"> |
|
1115 <description> |
|
1116 <loctext xml:lang="C"> |
|
1117 Whether SSL should be used when searching for nodes. |
|
1118 Defaults to false because SSL usually requires certificates |
|
1119 to be set up on the client side. |
|
1120 </loctext> |
|
1121 </description> |
|
1122 </prop_pattern> |
|
1123 <prop_pattern required="false" type="astring" name="ldapstackedattrs"> |
|
1124 <description> |
|
1125 <loctext xml:lang="C"> |
|
1126 The LDAP attributes that should be stacked to arrays by adding |
|
1127 the values in all hierarchy elements of the tree. Values |
|
1128 should be comma-separated. |
|
1129 </loctext> |
|
1130 </description> |
|
1131 </prop_pattern> |
|
1132 <prop_pattern required="false" type="astring" name="ldapstring"> |
|
1133 <description> |
|
1134 <loctext xml:lang="C"> |
|
1135 The search string used to find an LDAP node. |
|
1136 </loctext> |
|
1137 </description> |
|
1138 </prop_pattern> |
|
1139 <prop_pattern required="false" type="boolean" name="ldaptls"> |
|
1140 <description> |
|
1141 <loctext xml:lang="C"> |
|
1142 Whether TLS should be used when searching for nodes. |
|
1143 Defaults to false because TLS usually requires certificates |
|
1144 to be set up on the client side. |
|
1145 </loctext> |
|
1146 </description> |
|
1147 </prop_pattern> |
|
1148 <prop_pattern required="false" type="hostname" name="ldapuser"> |
|
1149 <description> |
|
1150 <loctext xml:lang="C"> |
|
1151 The user to use to connect to LDAP. Must be specified as a |
|
1152 full DN. |
|
1153 </loctext> |
|
1154 </description> |
|
1155 </prop_pattern> |
|
1156 <prop_pattern required="false" type="boolean" name="legacy_query_parameter_serialization"> |
|
1157 <description> |
|
1158 <loctext xml:lang="C"> |
|
1159 The serialization format to use when sending file_metadata |
|
1160 query parameters. Older versions of puppet master expect certain query |
|
1161 parameters to be serialized as yaml, which is deprecated. |
|
1162 |
|
1163 This should almost always be false. It can be temporarily set to true |
|
1164 to let agents using this Puppet version connect to a puppet master |
|
1165 running Puppet 3.0.0 through 3.2.x. |
|
1166 |
|
1167 Note that this is set to true automatically if the agent detects an |
|
1168 older master, so should never need to be set explicitly. |
|
1169 </loctext> |
|
1170 </description> |
|
1171 </prop_pattern> |
|
1172 <prop_pattern required="false" type="astring" name="libdir"> |
|
1173 <description> |
|
1174 <loctext xml:lang="C"> |
|
1175 An extra search path for Puppet. This is only useful |
|
1176 for those files that Puppet will load on demand, and is only |
|
1177 guaranteed to work for those cases. In fact, the autoload |
|
1178 mechanism is responsible for making sure this directory |
|
1179 is in Ruby's search path |
|
1180 </loctext> |
|
1181 </description> |
|
1182 </prop_pattern> |
|
1183 <prop_pattern required="false" type="boolean" name="listen"> |
|
1184 <description> |
|
1185 <loctext xml:lang="C"> |
|
1186 Whether puppet agent should listen for |
|
1187 connections. If this is true, then puppet agent will accept incoming |
|
1188 REST API requests, subject to the default ACLs and the ACLs set in |
|
1189 the `rest_authconfig` file. Puppet agent can respond usefully to |
|
1190 requests on the `run`, `facts`, `certificate`, and `resource` endpoints. |
|
1191 </loctext> |
|
1192 </description> |
|
1193 </prop_pattern> |
|
1194 <prop_pattern required="false" type="astring" name="localcacert"> |
|
1195 <description> |
|
1196 <loctext xml:lang="C"> |
|
1197 Where each client stores the CA certificate. |
|
1198 </loctext> |
|
1199 </description> |
|
1200 </prop_pattern> |
|
1201 <prop_pattern required="false" type="astring" name="localconfig"> |
|
1202 <description> |
|
1203 <loctext xml:lang="C"> |
|
1204 Where puppet agent caches the local configuration. An |
|
1205 extension indicating the cache format is added automatically. |
|
1206 </loctext> |
|
1207 </description> |
|
1208 </prop_pattern> |
|
1209 <prop_pattern required="false" type="astring" name="log_level"> |
|
1210 <description> |
|
1211 <loctext xml:lang="C"> |
|
1212 Default logging level |
|
1213 </loctext> |
|
1214 </description> |
|
1215 </prop_pattern> |
|
1216 <prop_pattern required="false" type="astring" name="logdir"> |
|
1217 <description> |
|
1218 <loctext xml:lang="C"> |
|
1219 The directory in which to store log files |
|
1220 </loctext> |
|
1221 </description> |
|
1222 </prop_pattern> |
|
1223 <prop_pattern required="false" type="boolean" name="manage_internal_file_permissions"> |
|
1224 <description> |
|
1225 <loctext xml:lang="C"> |
|
1226 Whether Puppet should manage the owner, group, and mode of files it uses internally |
|
1227 </loctext> |
|
1228 </description> |
|
1229 </prop_pattern> |
|
1230 <prop_pattern required="false" type="astring" name="manifest"> |
|
1231 <description> |
|
1232 <loctext xml:lang="C"> |
|
1233 The entry-point manifest for puppet master. This can be one file |
|
1234 or a directory of manifests to be evaluated in alphabetical order. Puppet manages |
|
1235 this path as a directory if one exists or if the path ends with a / or \. |
|
1236 |
|
1237 Setting a global value for `manifest` in puppet.conf is deprecated. Please use |
|
1238 directory environments instead. If you need to use something other than the |
|
1239 environment's `manifests` directory as the main manifest, you can set |
|
1240 `manifest` in environment.conf. For more info, see |
|
1241 http://docs.puppetlabs.com/puppet/latest/reference/environments.html |
|
1242 </loctext> |
|
1243 </description> |
|
1244 </prop_pattern> |
|
1245 <prop_pattern required="false" type="astring" name="manifestdir"> |
|
1246 <description> |
|
1247 <loctext xml:lang="C"> |
|
1248 Used to build the default value of the `manifest` setting. Has no other purpose. |
|
1249 |
|
1250 This setting is deprecated. |
|
1251 </loctext> |
|
1252 </description> |
|
1253 </prop_pattern> |
|
1254 <prop_pattern required="false" type="astring" name="masterhttplog"> |
|
1255 <description> |
|
1256 <loctext xml:lang="C"> |
|
1257 Where the puppet master web server logs. |
|
1258 </loctext> |
|
1259 </description> |
|
1260 </prop_pattern> |
|
1261 <prop_pattern required="false" type="astring" name="masterlog"> |
|
1262 <description> |
|
1263 <loctext xml:lang="C"> |
|
1264 Where puppet master logs. This is generally not used, |
|
1265 since syslog is the default log destination. |
|
1266 </loctext> |
|
1267 </description> |
|
1268 </prop_pattern> |
|
1269 <prop_pattern required="false" type="integer" name="masterport"> |
|
1270 <description> |
|
1271 <loctext xml:lang="C"> |
|
1272 The port for puppet master traffic. For puppet master, |
|
1273 this is the port to listen on; for puppet agent, this is the port |
|
1274 to make requests on. Both applications use this setting to get the port. |
|
1275 </loctext> |
|
1276 </description> |
|
1277 </prop_pattern> |
|
1278 <prop_pattern required="false" type="integer" name="max_deprecations"> |
|
1279 <description> |
|
1280 <loctext xml:lang="C"> |
|
1281 Sets the max number of logged/displayed parser validation deprecation |
|
1282 warnings in case multiple errors have been detected. A value of 0 is the |
|
1283 same as value 1. The count is per manifest. |
|
1284 </loctext> |
|
1285 </description> |
|
1286 </prop_pattern> |
|
1287 <prop_pattern required="false" type="integer" name="max_errors"> |
|
1288 <description> |
|
1289 <loctext xml:lang="C"> |
|
1290 Sets the max number of logged/displayed parser validation errors in case |
|
1291 multiple errors have been detected. A value of 0 is the same as value 1. |
|
1292 The count is per manifest. |
|
1293 </loctext> |
|
1294 </description> |
|
1295 </prop_pattern> |
|
1296 <prop_pattern required="false" type="integer" name="max_warnings"> |
|
1297 <description> |
|
1298 <loctext xml:lang="C"> |
|
1299 Sets the max number of logged/displayed parser validation warnings in |
|
1300 case multiple errors have been detected. A value of 0 is the same as |
|
1301 value 1. The count is per manifest. |
|
1302 </loctext> |
|
1303 </description> |
|
1304 </prop_pattern> |
|
1305 <prop_pattern required="false" type="integer" name="maximum_uid"> |
|
1306 <description> |
|
1307 <loctext xml:lang="C"> |
|
1308 The maximum allowed UID. Some platforms use negative UIDs |
|
1309 but then ship with tools that do not know how to handle signed ints, |
|
1310 so the UIDs show up as huge numbers that can then not be fed back into |
|
1311 the system. This is a hackish way to fail in a slightly more useful |
|
1312 way when that happens. |
|
1313 </loctext> |
|
1314 </description> |
|
1315 </prop_pattern> |
|
1316 <prop_pattern required="false" type="boolean" name="mkusers"> |
|
1317 <description> |
|
1318 <loctext xml:lang="C"> |
|
1319 Whether to create the necessary user and group that puppet agent will run as. |
|
1320 </loctext> |
|
1321 </description> |
|
1322 </prop_pattern> |
|
1323 <prop_pattern required="false" type="uri" name="module_repository"> |
|
1324 <description> |
|
1325 <loctext xml:lang="C"> |
|
1326 The module repository |
|
1327 </loctext> |
|
1328 </description> |
|
1329 </prop_pattern> |
|
1330 <prop_pattern required="false" type="astring" name="module_skeleton_dir"> |
|
1331 <description> |
|
1332 <loctext xml:lang="C"> |
|
1333 The directory which the skeleton for module tool generate is stored. |
|
1334 </loctext> |
|
1335 </description> |
|
1336 </prop_pattern> |
|
1337 <prop_pattern required="false" type="astring" name="module_working_dir"> |
|
1338 <description> |
|
1339 <loctext xml:lang="C"> |
|
1340 The directory into which module tool data is stored |
|
1341 </loctext> |
|
1342 </description> |
|
1343 </prop_pattern> |
|
1344 <prop_pattern required="false" type="astring" name="modulepath"> |
|
1345 <description> |
|
1346 <loctext xml:lang="C"> |
|
1347 The search path for modules, as a list of directories separated by the system |
|
1348 path separator character. (The POSIX path separator is ':', and the |
|
1349 Windows path separator is ';'.) |
|
1350 |
|
1351 Setting a global value for `modulepath` in puppet.conf is deprecated. Please use |
|
1352 directory environments instead. If you need to use something other than the |
|
1353 default modulepath of `<ACTIVE ENVIRONMENT'S MODULES DIR>:$basemodulepath`, |
|
1354 you can set `modulepath` in environment.conf. For more info, see |
|
1355 http://docs.puppetlabs.com/puppet/latest/reference/environments.html |
|
1356 </loctext> |
|
1357 </description> |
|
1358 </prop_pattern> |
|
1359 <prop_pattern required="false" type="astring" name="name"> |
|
1360 <description> |
|
1361 <loctext xml:lang="C"> |
|
1362 The name of the application, if we are running as one. The |
|
1363 default is essentially $0 without the path or `.rb`. |
|
1364 </loctext> |
|
1365 </description> |
|
1366 </prop_pattern> |
|
1367 <prop_pattern required="false" type="astring" name="node_cache_terminus"> |
|
1368 <description> |
|
1369 <loctext xml:lang="C"> |
|
1370 How to store cached nodes. |
|
1371 Valid values are (none), 'json', 'msgpack', 'yaml' or write only yaml ('write_only_yaml'). |
|
1372 The master application defaults to 'write_only_yaml', all others to none. |
|
1373 </loctext> |
|
1374 </description> |
|
1375 </prop_pattern> |
|
1376 <prop_pattern required="false" type="astring" name="node_name"> |
|
1377 <description> |
|
1378 <loctext xml:lang="C"> |
|
1379 How the puppet master determines the client's identity |
|
1380 and sets the 'hostname', 'fqdn' and 'domain' facts for use in the manifest, |
|
1381 in particular for determining which 'node' statement applies to the client. |
|
1382 Possible values are 'cert' (use the subject's CN in the client's |
|
1383 certificate) and 'facter' (use the hostname that the client |
|
1384 reported in its facts) |
|
1385 </loctext> |
|
1386 </description> |
|
1387 </prop_pattern> |
|
1388 <prop_pattern required="false" type="astring" name="node_name_fact"> |
|
1389 <description> |
|
1390 <loctext xml:lang="C"> |
|
1391 The fact name used to determine the node name used for all requests the agent |
|
1392 makes to the master. WARNING: This setting is mutually exclusive with |
|
1393 node_name_value. Changing this setting also requires changes to the default |
|
1394 auth.conf configuration on the Puppet Master. Please see |
|
1395 http://links.puppetlabs.com/node_name_fact for more information. |
|
1396 </loctext> |
|
1397 </description> |
|
1398 </prop_pattern> |
|
1399 <prop_pattern required="false" type="astring" name="node_name_value"> |
|
1400 <description> |
|
1401 <loctext xml:lang="C"> |
|
1402 The explicit value used for the node name for all requests the agent |
|
1403 makes to the master. WARNING: This setting is mutually exclusive with |
|
1404 node_name_fact. Changing this setting also requires changes to the default |
|
1405 auth.conf configuration on the Puppet Master. Please see |
|
1406 http://links.puppetlabs.com/node_name_value for more information. |
|
1407 </loctext> |
|
1408 </description> |
|
1409 </prop_pattern> |
|
1410 <prop_pattern required="false" type="astring" name="node_terminus"> |
|
1411 <description> |
|
1412 <loctext xml:lang="C"> |
|
1413 Where to find information about nodes. |
|
1414 </loctext> |
|
1415 </description> |
|
1416 </prop_pattern> |
|
1417 <prop_pattern required="false" type="boolean" name="noop"> |
|
1418 <description> |
|
1419 <loctext xml:lang="C"> |
|
1420 Whether to apply catalogs in noop mode, which allows Puppet to |
|
1421 partially simulate a normal run. This setting affects puppet agent and |
|
1422 puppet apply. |
|
1423 |
|
1424 When running in noop mode, Puppet will check whether each resource is in sync, |
|
1425 like it does when running normally. However, if a resource attribute is not in |
|
1426 the desired state (as declared in the catalog), Puppet will take no |
|
1427 action, and will instead report the changes it _would_ have made. These |
|
1428 simulated changes will appear in the report sent to the puppet master, or |
|
1429 be shown on the console if running puppet agent or puppet apply in the |
|
1430 foreground. The simulated changes will not send refresh events to any |
|
1431 subscribing or notified resources, although Puppet will log that a refresh |
|
1432 event _would_ have been sent. |
|
1433 |
|
1434 **Important note:** |
|
1435 noop) |
|
1436 allows you to apply individual resources in noop mode, and will override |
|
1437 the global value of the `noop` setting. This means a resource with |
|
1438 `noop => false` _will_ be changed if necessary, even when running puppet |
|
1439 agent with `noop = true` or `--noop`. (Conversely, a resource with |
|
1440 `noop => true` will only be simulated, even when noop mode is globally disabled.) |
|
1441 </loctext> |
|
1442 </description> |
|
1443 </prop_pattern> |
|
1444 <prop_pattern required="false" type="boolean" name="onetime"> |
|
1445 <description> |
|
1446 <loctext xml:lang="C"> |
|
1447 Perform one configuration run and exit, rather than spawning a long-running |
|
1448 daemon. This is useful for interactively running puppet agent, or |
|
1449 running puppet agent from cron. |
|
1450 </loctext> |
|
1451 </description> |
|
1452 </prop_pattern> |
|
1453 <prop_pattern required="false" type="astring" name="ordering"> |
|
1454 <description> |
|
1455 <loctext xml:lang="C"> |
|
1456 How unrelated resources should be ordered when applying a catalog. |
|
1457 Allowed values are `title-hash`, `manifest`, and `random`. This |
|
1458 setting affects puppet agent and puppet apply, but not puppet master. |
|
1459 |
|
1460 * `title-hash` (the default) will order resources randomly, but will use |
|
1461 the same order across runs and across nodes. |
|
1462 * `manifest` will use the order in which the resources were declared in |
|
1463 their manifest files. |
|
1464 * `random` will order resources randomly and change their order with each |
|
1465 run. This can work like a fuzzer for shaking out undeclared dependencies. |
|
1466 |
|
1467 Regardless of this setting's value, Puppet will always obey explicit |
|
1468 dependencies set with the before/require/notify/subscribe metaparameters |
|
1469 and the `->`/`~>` chaining arrows; this setting only affects the relative |
|
1470 ordering of _unrelated_ resources. |
|
1471 </loctext> |
|
1472 </description> |
|
1473 </prop_pattern> |
|
1474 <prop_pattern required="false" type="astring" name="parser"> |
|
1475 <description> |
|
1476 <loctext xml:lang="C"> |
|
1477 Selects the parser to use for parsing puppet manifests (in puppet DSL |
|
1478 language/'.pp' files). Available choices are `current` (the default) |
|
1479 and `future`. |
|
1480 |
|
1481 The `curent` parser means that the released version of the parser should |
|
1482 be used. |
|
1483 |
|
1484 The `future` parser is a "time travel to the future" allowing early |
|
1485 exposure to new language features. What these features are will vary from |
|
1486 release to release and they may be invididually configurable. |
|
1487 |
|
1488 Available Since Puppet 3.2. |
|
1489 </loctext> |
|
1490 </description> |
|
1491 </prop_pattern> |
|
1492 <prop_pattern required="false" type="astring" name="passfile"> |
|
1493 <description> |
|
1494 <loctext xml:lang="C"> |
|
1495 Where puppet agent stores the password for its private key. |
|
1496 Generally unused. |
|
1497 </loctext> |
|
1498 </description> |
|
1499 </prop_pattern> |
|
1500 <prop_pattern required="false" type="astring" name="path"> |
|
1501 <description> |
|
1502 <loctext xml:lang="C"> |
|
1503 The shell search path. Defaults to whatever is inherited |
|
1504 from the parent process. |
|
1505 </loctext> |
|
1506 </description> |
|
1507 </prop_pattern> |
|
1508 <prop_pattern required="false" type="astring" name="pidfile"> |
|
1509 <description> |
|
1510 <loctext xml:lang="C"> |
|
1511 The file containing the PID of a running process. |
|
1512 This file is intended to be used by service management frameworks |
|
1513 and monitoring systems to determine if a puppet process is still in |
|
1514 the process table. |
|
1515 </loctext> |
|
1516 </description> |
|
1517 </prop_pattern> |
|
1518 <prop_pattern required="false" type="astring" name="plugindest"> |
|
1519 <description> |
|
1520 <loctext xml:lang="C"> |
|
1521 Where Puppet should store plugins that it pulls down from the central |
|
1522 server. |
|
1523 </loctext> |
|
1524 </description> |
|
1525 </prop_pattern> |
|
1526 <prop_pattern required="false" type="astring" name="pluginfactdest"> |
|
1527 <description> |
|
1528 <loctext xml:lang="C"> |
|
1529 Where Puppet should store external facts that are being handled by pluginsync |
|
1530 </loctext> |
|
1531 </description> |
|
1532 </prop_pattern> |
|
1533 <prop_pattern required="false" type="astring" name="pluginfactsource"> |
|
1534 <description> |
|
1535 <loctext xml:lang="C"> |
|
1536 Where to retrieve external facts for pluginsync |
|
1537 </loctext> |
|
1538 </description> |
|
1539 </prop_pattern> |
|
1540 <prop_pattern required="false" type="astring" name="pluginsignore"> |
|
1541 <description> |
|
1542 <loctext xml:lang="C"> |
|
1543 What files to ignore when pulling down plugins. |
|
1544 </loctext> |
|
1545 </description> |
|
1546 </prop_pattern> |
|
1547 <prop_pattern required="false" type="astring" name="pluginsource"> |
|
1548 <description> |
|
1549 <loctext xml:lang="C"> |
|
1550 From where to retrieve plugins. The standard Puppet `file` type |
|
1551 is used for retrieval, so anything that is a valid file source can |
|
1552 be used here. |
|
1553 </loctext> |
|
1554 </description> |
|
1555 </prop_pattern> |
|
1556 <prop_pattern required="false" type="boolean" name="pluginsync"> |
|
1557 <description> |
|
1558 <loctext xml:lang="C"> |
|
1559 Whether plugins should be synced with the central server. |
|
1560 </loctext> |
|
1561 </description> |
|
1562 </prop_pattern> |
|
1563 <prop_pattern required="false" type="astring" name="postrun_command"> |
|
1564 <description> |
|
1565 <loctext xml:lang="C"> |
|
1566 A command to run after every agent run. If this command returns a non-zero |
|
1567 return code, the entire Puppet run will be considered to have failed, even though it might have |
|
1568 performed work during the normal run. |
|
1569 </loctext> |
|
1570 </description> |
|
1571 </prop_pattern> |
|
1572 <prop_pattern required="false" type="astring" name="preferred_serialization_format"> |
|
1573 <description> |
|
1574 <loctext xml:lang="C"> |
|
1575 The preferred means of serializing |
|
1576 ruby instances for passing over the wire. This won't guarantee that all |
|
1577 instances will be serialized using this method, since not all classes |
|
1578 can be guaranteed to support this format, but it will be used for all |
|
1579 classes that support it. |
|
1580 </loctext> |
|
1581 </description> |
|
1582 </prop_pattern> |
|
1583 <prop_pattern required="false" type="astring" name="prerun_command"> |
|
1584 <description> |
|
1585 <loctext xml:lang="C"> |
|
1586 A command to run before every agent run. If this command returns a non-zero |
|
1587 return code, the entire Puppet run will fail. |
|
1588 </loctext> |
|
1589 </description> |
|
1590 </prop_pattern> |
|
1591 <prop_pattern required="false" type="astring" name="priority"> |
|
1592 <description> |
|
1593 <loctext xml:lang="C"> |
|
1594 The scheduling priority of the process. Valid values are 'high', |
|
1595 'normal', 'low', or 'idle', which are mapped to platform-specific |
|
1596 values. The priority can also be specified as an integer value and |
|
1597 will be passed as is, e.g. -5. Puppet must be running as a privileged |
|
1598 user in order to increase scheduling priority. |
|
1599 </loctext> |
|
1600 </description> |
|
1601 </prop_pattern> |
|
1602 <prop_pattern required="false" type="astring" name="privatedir"> |
|
1603 <description> |
|
1604 <loctext xml:lang="C"> |
|
1605 Where the client stores private certificate information. |
|
1606 </loctext> |
|
1607 </description> |
|
1608 </prop_pattern> |
|
1609 <prop_pattern required="false" type="astring" name="privatekeydir"> |
|
1610 <description> |
|
1611 <loctext xml:lang="C"> |
|
1612 The private key directory. |
|
1613 </loctext> |
|
1614 </description> |
|
1615 </prop_pattern> |
|
1616 <prop_pattern required="false" type="boolean" name="profile"> |
|
1617 <description> |
|
1618 <loctext xml:lang="C"> |
|
1619 Whether to enable experimental performance profiling |
|
1620 </loctext> |
|
1621 </description> |
|
1622 </prop_pattern> |
|
1623 <prop_pattern required="false" type="astring" name="publickeydir"> |
|
1624 <description> |
|
1625 <loctext xml:lang="C"> |
|
1626 The public key directory. |
|
1627 </loctext> |
|
1628 </description> |
|
1629 </prop_pattern> |
|
1630 <prop_pattern required="false" type="astring" name="puppetdlog"> |
|
1631 <description> |
|
1632 <loctext xml:lang="C"> |
|
1633 The log file for puppet agent. This is generally not used. |
|
1634 </loctext> |
|
1635 </description> |
|
1636 </prop_pattern> |
|
1637 <prop_pattern required="false" type="integer" name="puppetport"> |
|
1638 <description> |
|
1639 <loctext xml:lang="C"> |
|
1640 Which port puppet agent listens on. |
|
1641 </loctext> |
|
1642 </description> |
|
1643 </prop_pattern> |
|
1644 <prop_pattern required="false" type="uri" name="queue_source"> |
|
1645 <description> |
|
1646 <loctext xml:lang="C"> |
|
1647 Which type of queue to use for asynchronous processing. If your stomp server requires |
|
1648 authentication, you can include it in the URI as long as your stomp client library is at least 1.1.1 |
|
1649 </loctext> |
|
1650 </description> |
|
1651 </prop_pattern> |
|
1652 <prop_pattern required="false" type="astring" name="queue_type"> |
|
1653 <description> |
|
1654 <loctext xml:lang="C"> |
|
1655 Which type of queue to use for asynchronous processing. |
|
1656 </loctext> |
|
1657 </description> |
|
1658 </prop_pattern> |
|
1659 <prop_pattern required="false" type="astring" name="rails_loglevel"> |
|
1660 <description> |
|
1661 <loctext xml:lang="C"> |
|
1662 The log level for Rails connections. The value must be |
|
1663 a valid log level within Rails. Production environments normally use `info` |
|
1664 and other environments normally use `debug`. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
1665 </loctext> |
|
1666 </description> |
|
1667 </prop_pattern> |
|
1668 <prop_pattern required="false" type="astring" name="railslog"> |
|
1669 <description> |
|
1670 <loctext xml:lang="C"> |
|
1671 Where Rails-specific logs are sent. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
1672 </loctext> |
|
1673 </description> |
|
1674 </prop_pattern> |
|
1675 <prop_pattern required="false" type="boolean" name="report"> |
|
1676 <description> |
|
1677 <loctext xml:lang="C"> |
|
1678 Whether to send reports after every transaction. |
|
1679 </loctext> |
|
1680 </description> |
|
1681 </prop_pattern> |
|
1682 <prop_pattern required="false" type="integer" name="report_port"> |
|
1683 <description> |
|
1684 <loctext xml:lang="C"> |
|
1685 The port to communicate with the report_server. |
|
1686 </loctext> |
|
1687 </description> |
|
1688 </prop_pattern> |
|
1689 <prop_pattern required="false" type="astring" name="report_serialization_format"> |
|
1690 <description> |
|
1691 <loctext xml:lang="C"> |
|
1692 The serialization format to use when sending reports to the |
|
1693 `report_server`. Possible values are `pson` and `yaml`. This setting |
|
1694 affects puppet agent, but not puppet apply (which processes its own |
|
1695 reports). |
|
1696 |
|
1697 This should almost always be set to `pson`. It can be temporarily set to |
|
1698 `yaml` to let agents using this Puppet version connect to a puppet master |
|
1699 running Puppet 3.0.0 through 3.2.x. |
|
1700 |
|
1701 Note that this is set to 'yaml' automatically if the agent detects an |
|
1702 older master, so should never need to be set explicitly. |
|
1703 </loctext> |
|
1704 </description> |
|
1705 </prop_pattern> |
|
1706 <prop_pattern required="false" type="host" name="report_server"> |
|
1707 <description> |
|
1708 <loctext xml:lang="C"> |
|
1709 The server to send transaction reports to. |
|
1710 </loctext> |
|
1711 </description> |
|
1712 </prop_pattern> |
|
1713 <prop_pattern required="false" type="astring" name="reportdir"> |
|
1714 <description> |
|
1715 <loctext xml:lang="C"> |
|
1716 The directory in which to store reports. Each node gets |
|
1717 a separate subdirectory in this directory. This setting is only |
|
1718 used when the `store` report processor is enabled (see the |
|
1719 `reports` setting). |
|
1720 </loctext> |
|
1721 </description> |
|
1722 </prop_pattern> |
|
1723 <prop_pattern required="false" type="astring" name="reportfrom"> |
|
1724 <description> |
|
1725 <loctext xml:lang="C"> |
|
1726 The 'from' email address for the reports. |
|
1727 </loctext> |
|
1728 </description> |
|
1729 </prop_pattern> |
|
1730 <prop_pattern required="false" type="astring" name="reports"> |
|
1731 <description> |
|
1732 <loctext xml:lang="C"> |
|
1733 The list of report handlers to use. When using multiple report handlers, |
|
1734 their names should be comma-separated, with whitespace allowed. (For example, |
|
1735 `reports = http, tagmail`.) |
|
1736 |
|
1737 This setting is relevant to puppet master and puppet apply. The puppet |
|
1738 master will call these report handlers with the reports it receives from |
|
1739 agent nodes, and puppet apply will call them with its own report. (In |
|
1740 all cases, the node applying the catalog must have `report = true`.) |
|
1741 |
|
1742 See the report reference for information on the built-in report |
|
1743 handlers; custom report handlers can also be loaded from modules. |
|
1744 (Report handlers are loaded from the lib directory, at |
|
1745 `puppet/reports/NAME.rb`.) |
|
1746 </loctext> |
|
1747 </description> |
|
1748 </prop_pattern> |
|
1749 <prop_pattern required="false" type="uri" name="reporturl"> |
|
1750 <description> |
|
1751 <loctext xml:lang="C"> |
|
1752 The URL that reports should be forwarded to. This setting |
|
1753 is only used when the `http` report processor is enabled (see the |
|
1754 `reports` setting). |
|
1755 </loctext> |
|
1756 </description> |
|
1757 </prop_pattern> |
|
1758 <prop_pattern required="false" type="integer" name="req_bits"> |
|
1759 <description> |
|
1760 <loctext xml:lang="C"> |
|
1761 The bit length of the certificates. |
|
1762 </loctext> |
|
1763 </description> |
|
1764 </prop_pattern> |
|
1765 <prop_pattern required="false" type="astring" name="requestdir"> |
|
1766 <description> |
|
1767 <loctext xml:lang="C"> |
|
1768 Where host certificate requests are stored. |
|
1769 </loctext> |
|
1770 </description> |
|
1771 </prop_pattern> |
|
1772 <prop_pattern required="false" type="astring" name="resourcefile"> |
|
1773 <description> |
|
1774 <loctext xml:lang="C"> |
|
1775 The file in which puppet agent stores a list of the resources |
|
1776 associated with the retrieved configuration. |
|
1777 </loctext> |
|
1778 </description> |
|
1779 </prop_pattern> |
|
1780 <prop_pattern required="false" type="astring" name="rest_authconfig"> |
|
1781 <description> |
|
1782 <loctext xml:lang="C"> |
|
1783 The configuration file that defines the rights to the different |
|
1784 rest indirections. This can be used as a fine-grained |
|
1785 authorization system for `puppet master`. |
|
1786 </loctext> |
|
1787 </description> |
|
1788 </prop_pattern> |
|
1789 <prop_pattern required="false" type="astring" name="route_file"> |
|
1790 <description> |
|
1791 <loctext xml:lang="C"> |
|
1792 The YAML file containing indirector route configuration. |
|
1793 </loctext> |
|
1794 </description> |
|
1795 </prop_pattern> |
|
1796 <prop_pattern required="false" type="astring" name="rrddir"> |
|
1797 <description> |
|
1798 <loctext xml:lang="C"> |
|
1799 The directory where RRD database files are stored. |
|
1800 Directories for each reporting host will be created under |
|
1801 this directory. |
|
1802 </loctext> |
|
1803 </description> |
|
1804 </prop_pattern> |
|
1805 <prop_pattern required="false" type="integer" name="rrdinterval"> |
|
1806 <description> |
|
1807 <loctext xml:lang="C"> |
|
1808 How often RRD should expect data. |
|
1809 This should match how often the hosts report back to the server. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
1810 </loctext> |
|
1811 </description> |
|
1812 </prop_pattern> |
|
1813 <prop_pattern required="false" type="astring" name="rundir"> |
|
1814 <description> |
|
1815 <loctext xml:lang="C"> |
|
1816 Where Puppet PID files are kept. |
|
1817 </loctext> |
|
1818 </description> |
|
1819 </prop_pattern> |
|
1820 <prop_pattern required="false" type="integer" name="runinterval"> |
|
1821 <description> |
|
1822 <loctext xml:lang="C"> |
|
1823 How often puppet agent applies the catalog. |
|
1824 Note that a runinterval of 0 means "run continuously" rather than |
|
1825 "never run." If you want puppet agent to never run, you should start |
|
1826 it with the `--no-client` option. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
1827 </loctext> |
|
1828 </description> |
|
1829 </prop_pattern> |
|
1830 <prop_pattern required="false" type="astring" name="sendmail"> |
|
1831 <description> |
|
1832 <loctext xml:lang="C"> |
|
1833 Where to find the sendmail binary with which to send email. |
|
1834 </loctext> |
|
1835 </description> |
|
1836 </prop_pattern> |
|
1837 <prop_pattern required="false" type="astring" name="serial"> |
|
1838 <description> |
|
1839 <loctext xml:lang="C"> |
|
1840 Where the serial number for certificates is stored. |
|
1841 </loctext> |
|
1842 </description> |
|
1843 </prop_pattern> |
|
1844 <prop_pattern required="false" type="host" name="server"> |
|
1845 <description> |
|
1846 <loctext xml:lang="C"> |
|
1847 The puppet master server to which the puppet agent should connect. |
|
1848 </loctext> |
|
1849 </description> |
|
1850 </prop_pattern> |
|
1851 <prop_pattern required="false" type="astring" name="server_datadir"> |
|
1852 <description> |
|
1853 <loctext xml:lang="C"> |
|
1854 The directory in which serialized data is stored, usually in a subdirectory. |
|
1855 </loctext> |
|
1856 </description> |
|
1857 </prop_pattern> |
|
1858 <prop_pattern required="false" type="boolean" name="show_diff"> |
|
1859 <description> |
|
1860 <loctext xml:lang="C"> |
|
1861 Whether to log and report a contextual diff when files are being replaced. |
|
1862 This causes partial file contents to pass through Puppet's normal |
|
1863 logging and reporting system, so this setting should be used with |
|
1864 caution if you are sending Puppet's reports to an insecure |
|
1865 destination. This feature currently requires the `diff/lcs` Ruby |
|
1866 library. |
|
1867 </loctext> |
|
1868 </description> |
|
1869 </prop_pattern> |
|
1870 <prop_pattern required="false" type="astring" name="signeddir"> |
|
1871 <description> |
|
1872 <loctext xml:lang="C"> |
|
1873 Where the CA stores signed certificates. |
|
1874 </loctext> |
|
1875 </description> |
|
1876 </prop_pattern> |
|
1877 <prop_pattern required="false" type="astring" name="smtphelo"> |
|
1878 <description> |
|
1879 <loctext xml:lang="C"> |
|
1880 The name by which we identify ourselves in SMTP HELO for reports. |
|
1881 If you send to a smtpserver which does strict HELO checking (as with Postfix's |
|
1882 `smtpd_helo_restrictions` access controls), you may need to ensure this resolves. |
|
1883 </loctext> |
|
1884 </description> |
|
1885 </prop_pattern> |
|
1886 <prop_pattern required="false" type="integer" name="smtpport"> |
|
1887 <description> |
|
1888 <loctext xml:lang="C"> |
|
1889 The TCP port through which to send email reports. |
|
1890 </loctext> |
|
1891 </description> |
|
1892 </prop_pattern> |
|
1893 <prop_pattern required="false" type="host" name="smtpserver"> |
|
1894 <description> |
|
1895 <loctext xml:lang="C"> |
|
1896 The server through which to send email reports. |
|
1897 </loctext> |
|
1898 </description> |
|
1899 </prop_pattern> |
|
1900 <prop_pattern required="false" type="boolean" name="splay"> |
|
1901 <description> |
|
1902 <loctext xml:lang="C"> |
|
1903 Whether to sleep for a pseudo-random (but consistent) amount of time before |
|
1904 a run. |
|
1905 </loctext> |
|
1906 </description> |
|
1907 </prop_pattern> |
|
1908 <prop_pattern required="false" type="integer" name="splaylimit"> |
|
1909 <description> |
|
1910 <loctext xml:lang="C"> |
|
1911 The maximum time to delay before runs. Defaults to being the same as the |
|
1912 run interval. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
1913 </loctext> |
|
1914 </description> |
|
1915 </prop_pattern> |
|
1916 <prop_pattern required="false" type="host" name="srv_domain"> |
|
1917 <description> |
|
1918 <loctext xml:lang="C"> |
|
1919 The domain which will be queried to find the SRV records of servers to use. |
|
1920 </loctext> |
|
1921 </description> |
|
1922 </prop_pattern> |
|
1923 <prop_pattern required="false" type="astring" name="ssl_client_ca_auth"> |
|
1924 <description> |
|
1925 <loctext xml:lang="C"> |
|
1926 Certificate authorities who issue server certificates. SSL servers will not be |
|
1927 considered authentic unless they possess a certificate issued by an authority |
|
1928 listed in this file. If this setting has no value then the Puppet master's CA |
|
1929 certificate (localcacert) will be used. |
|
1930 </loctext> |
|
1931 </description> |
|
1932 </prop_pattern> |
|
1933 <prop_pattern required="false" type="astring" name="ssl_client_header"> |
|
1934 <description> |
|
1935 <loctext xml:lang="C"> |
|
1936 The header containing an authenticated client's SSL DN. |
|
1937 This header must be set by the proxy to the authenticated client's SSL |
|
1938 DN (e.g., `/CN=puppet.puppetlabs.com`). Puppet will parse out the Common |
|
1939 Name (CN) from the Distinguished Name (DN) and use the value of the CN |
|
1940 field for authorization. |
|
1941 |
|
1942 Note that the name of the HTTP header gets munged by the web server |
|
1943 common gateway inteface: an `HTTP_` prefix is added, dashes are converted |
|
1944 to underscores, and all letters are uppercased. Thus, to use the |
|
1945 `X-Client-DN` header, this setting should be `HTTP_X_CLIENT_DN`. |
|
1946 </loctext> |
|
1947 </description> |
|
1948 </prop_pattern> |
|
1949 <prop_pattern required="false" type="astring" name="ssl_client_verify_header"> |
|
1950 <description> |
|
1951 <loctext xml:lang="C"> |
|
1952 The header containing the status message of the client |
|
1953 verification. This header must be set by the proxy to 'SUCCESS' if the |
|
1954 client successfully authenticated, and anything else otherwise. |
|
1955 |
|
1956 Note that the name of the HTTP header gets munged by the web server |
|
1957 common gateway inteface: an `HTTP_` prefix is added, dashes are converted |
|
1958 to underscores, and all letters are uppercased. Thus, to use the |
|
1959 `X-Client-Verify` header, this setting should be |
|
1960 `HTTP_X_CLIENT_VERIFY`. |
|
1961 </loctext> |
|
1962 </description> |
|
1963 </prop_pattern> |
|
1964 <prop_pattern required="false" type="astring" name="ssl_server_ca_auth"> |
|
1965 <description> |
|
1966 <loctext xml:lang="C"> |
|
1967 Certificate authorities who issue client certificates. SSL clients will not be |
|
1968 considered authentic unless they possess a certificate issued by an authority |
|
1969 listed in this file. If this setting has no value then the Puppet master's CA |
|
1970 certificate (localcacert) will be used. |
|
1971 </loctext> |
|
1972 </description> |
|
1973 </prop_pattern> |
|
1974 <prop_pattern required="false" type="astring" name="ssldir"> |
|
1975 <description> |
|
1976 <loctext xml:lang="C"> |
|
1977 Where SSL certificates are kept. |
|
1978 </loctext> |
|
1979 </description> |
|
1980 </prop_pattern> |
|
1981 <prop_pattern required="false" type="astring" name="statedir"> |
|
1982 <description> |
|
1983 <loctext xml:lang="C"> |
|
1984 The directory where Puppet state is stored. Generally, |
|
1985 this directory can be removed without causing harm (although it |
|
1986 might result in spurious service restarts). |
|
1987 </loctext> |
|
1988 </description> |
|
1989 </prop_pattern> |
|
1990 <prop_pattern required="false" type="astring" name="statefile"> |
|
1991 <description> |
|
1992 <loctext xml:lang="C"> |
|
1993 Where puppet agent and puppet master store state associated |
|
1994 with the running configuration. In the case of puppet master, |
|
1995 this file reflects the state discovered through interacting |
|
1996 with clients. |
|
1997 </loctext> |
|
1998 </description> |
|
1999 </prop_pattern> |
|
2000 <prop_pattern required="false" type="boolean" name="storeconfigs"> |
|
2001 <description> |
|
2002 <loctext xml:lang="C"> |
|
2003 Whether to store each client's configuration, including catalogs, facts, |
|
2004 and related data. This also enables the import and export of resources in |
|
2005 the Puppet language - a mechanism for exchange resources between nodes. |
|
2006 |
|
2007 By default this uses ActiveRecord and an SQL database to store and query |
|
2008 the data; this, in turn, will depend on Rails being available. |
|
2009 |
|
2010 You can adjust the backend using the storeconfigs_backend setting. |
|
2011 </loctext> |
|
2012 </description> |
|
2013 </prop_pattern> |
|
2014 <prop_pattern required="false" type="astring" name="storeconfigs_backend"> |
|
2015 <description> |
|
2016 <loctext xml:lang="C"> |
|
2017 Configure the backend terminus used for StoreConfigs. |
|
2018 By default, this uses the ActiveRecord store, which directly talks to the |
|
2019 database from within the Puppet Master process. |
|
2020 </loctext> |
|
2021 </description> |
|
2022 </prop_pattern> |
|
2023 <prop_pattern required="false" type="boolean" name="strict_hostname_checking"> |
|
2024 <description> |
|
2025 <loctext xml:lang="C"> |
|
2026 Whether to only search for the complete |
|
2027 hostname as it is in the certificate when searching for node information |
|
2028 in the catalogs. |
|
2029 </loctext> |
|
2030 </description> |
|
2031 </prop_pattern> |
|
2032 <prop_pattern required="false" type="boolean" name="strict_variables"> |
|
2033 <description> |
|
2034 <loctext xml:lang="C"> |
|
2035 Makes the parser raise errors when referencing unknown variables. (This does not affect |
|
2036 referencing variables that are explicitly set to undef). |
|
2037 </loctext> |
|
2038 </description> |
|
2039 </prop_pattern> |
|
2040 <prop_pattern required="false" type="boolean" name="stringify_facts"> |
|
2041 <description> |
|
2042 <loctext xml:lang="C"> |
|
2043 to_s. Means you can't have arrays or |
|
2044 hashes as fact values. |
|
2045 </loctext> |
|
2046 </description> |
|
2047 </prop_pattern> |
|
2048 <prop_pattern required="false" type="boolean" name="summarize"> |
|
2049 <description> |
|
2050 <loctext xml:lang="C"> |
|
2051 Whether to print a transaction summary. |
|
2052 </loctext> |
|
2053 </description> |
|
2054 </prop_pattern> |
|
2055 <prop_pattern required="false" type="astring" name="syslogfacility"> |
|
2056 <description> |
|
2057 <loctext xml:lang="C"> |
|
2058 What syslog facility to use when logging to syslog. |
|
2059 Syslog has a fixed list of valid facilities, and you must |
|
2060 choose one of those; you cannot just make one up. |
|
2061 </loctext> |
|
2062 </description> |
|
2063 </prop_pattern> |
|
2064 <prop_pattern required="false" type="astring" name="tagmap"> |
|
2065 <description> |
|
2066 <loctext xml:lang="C"> |
|
2067 The mapping between reporting tags and email addresses. |
|
2068 </loctext> |
|
2069 </description> |
|
2070 </prop_pattern> |
|
2071 <prop_pattern required="false" type="astring" name="tags"> |
|
2072 <description> |
|
2073 <loctext xml:lang="C"> |
|
2074 Tags to use to find resources. If this is set, then |
|
2075 only resources tagged with the specified tags will be applied. |
|
2076 Values must be comma-separated. |
|
2077 </loctext> |
|
2078 </description> |
|
2079 </prop_pattern> |
|
2080 <prop_pattern required="false" type="astring" name="templatedir"> |
|
2081 <description> |
|
2082 <loctext xml:lang="C"> |
|
2083 Where Puppet looks for template files. Can be a list of colon-separated |
|
2084 directories. |
|
2085 |
|
2086 This setting is deprecated. Please put your templates in modules instead. |
|
2087 </loctext> |
|
2088 </description> |
|
2089 </prop_pattern> |
|
2090 <prop_pattern required="false" type="boolean" name="thin_storeconfigs"> |
|
2091 <description> |
|
2092 <loctext xml:lang="C"> |
|
2093 Boolean; whether Puppet should store only facts and exported resources in the storeconfigs |
|
2094 database. This will improve the performance of exported resources with the older |
|
2095 `active_record` backend, but will disable external tools that search the storeconfigs database. |
|
2096 Thinning catalogs is generally unnecessary when using PuppetDB to store catalogs. |
|
2097 </loctext> |
|
2098 </description> |
|
2099 </prop_pattern> |
|
2100 <prop_pattern required="false" type="boolean" name="trace"> |
|
2101 <description> |
|
2102 <loctext xml:lang="C"> |
|
2103 Whether to print stack traces on some errors |
|
2104 </loctext> |
|
2105 </description> |
|
2106 </prop_pattern> |
|
2107 <prop_pattern required="false" type="boolean" name="trusted_node_data"> |
|
2108 <description> |
|
2109 <loctext xml:lang="C"> |
|
2110 Stores trusted node data in a hash called $trusted. |
|
2111 When true also prevents $trusted from being overridden in any scope. |
|
2112 </loctext> |
|
2113 </description> |
|
2114 </prop_pattern> |
|
2115 <prop_pattern required="false" type="boolean" name="use_cached_catalog"> |
|
2116 <description> |
|
2117 <loctext xml:lang="C"> |
|
2118 Whether to only use the cached catalog rather than compiling a new catalog |
|
2119 on every run. Puppet can be run with this enabled by default and then selectively |
|
2120 disabled when a recompile is desired. |
|
2121 </loctext> |
|
2122 </description> |
|
2123 </prop_pattern> |
|
2124 <prop_pattern required="false" type="boolean" name="use_srv_records"> |
|
2125 <description> |
|
2126 <loctext xml:lang="C"> |
|
2127 Whether the server will search for SRV records in DNS for the current domain. |
|
2128 </loctext> |
|
2129 </description> |
|
2130 </prop_pattern> |
|
2131 <prop_pattern required="false" type="boolean" name="usecacheonfailure"> |
|
2132 <description> |
|
2133 <loctext xml:lang="C"> |
|
2134 Whether to use the cached configuration when the remote |
|
2135 configuration will not compile. This option is useful for testing |
|
2136 new configurations, where you want to fix the broken configuration |
|
2137 rather than reverting to a known-good one. |
|
2138 </loctext> |
|
2139 </description> |
|
2140 </prop_pattern> |
|
2141 <prop_pattern required="false" type="astring" name="user"> |
|
2142 <description> |
|
2143 <loctext xml:lang="C"> |
|
2144 The user puppet master should run as. |
|
2145 </loctext> |
|
2146 </description> |
|
2147 </prop_pattern> |
|
2148 <prop_pattern required="false" type="astring" name="vardir"> |
|
2149 <description> |
|
2150 <loctext xml:lang="C"> |
|
2151 Where Puppet stores dynamic and growing data. The default for this |
|
2152 setting is calculated specially, like `confdir`_. |
|
2153 </loctext> |
|
2154 </description> |
|
2155 </prop_pattern> |
|
2156 <prop_pattern required="false" type="integer" name="waitforcert"> |
|
2157 <description> |
|
2158 <loctext xml:lang="C"> |
|
2159 How frequently puppet agent should ask for a signed certificate. |
|
2160 |
|
2161 When starting for the first time, puppet agent will submit a certificate |
|
2162 signing request (CSR) to the server named in the `ca_server` setting |
|
2163 (usually the puppet master); this may be autosigned, or may need to be |
|
2164 approved by a human, depending on the CA server's configuration. |
|
2165 |
|
2166 Puppet agent cannot apply configurations until its approved certificate is |
|
2167 available. Since the certificate may or may not be available immediately, |
|
2168 puppet agent will repeatedly try to fetch it at this interval. You can |
|
2169 turn off waiting for certificates by specifying a time of 0, in which case |
|
2170 puppet agent will exit if it cannot get a cert. |
|
2171 This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
2172 </loctext> |
|
2173 </description> |
|
2174 </prop_pattern> |
|
2175 <prop_pattern required="false" type="astring" name="yamldir"> |
|
2176 <description> |
|
2177 <loctext xml:lang="C"> |
|
2178 The directory in which YAML data is stored, usually in a subdirectory. |
|
2179 </loctext> |
|
2180 </description> |
|
2181 </prop_pattern> |
|
2182 <prop_pattern required="false" type="boolean" name="zlib"> |
|
2183 <description> |
|
2184 <loctext xml:lang="C"> |
|
2185 Boolean; whether to use the zlib library |
|
2186 </loctext> |
|
2187 </description> |
|
2188 </prop_pattern> |
|
2189 </pg_pattern> |
|
2190 </template> |
|
2191 </service> |
|
2192 </service_bundle> |