1 <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> |
|
2 <!-- |
|
3 CDDL HEADER START |
|
4 |
|
5 The contents of this file are subject to the terms of the |
|
6 Common Development and Distribution License (the "License"). |
|
7 You may not use this file except in compliance with the License. |
|
8 |
|
9 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
10 or http://www.opensolaris.org/os/licensing. |
|
11 See the License for the specific language governing permissions |
|
12 and limitations under the License. |
|
13 |
|
14 When distributing Covered Code, include this CDDL HEADER in each |
|
15 file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
16 If applicable, add the following below this CDDL HEADER, with the |
|
17 fields enclosed by brackets "[]" replaced with your own identifying |
|
18 information: Portions Copyright [yyyy] [name of copyright owner] |
|
19 |
|
20 CDDL HEADER END |
|
21 |
|
22 Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. |
|
23 |
|
24 NOTE: This service manifest is not editable; its contents will |
|
25 be overwritten by package or patch operations, including |
|
26 operating system upgrade. Make customizations in a different |
|
27 file. |
|
28 --> |
|
29 <service_bundle type="manifest" name="puppet"> |
|
30 <service name="application/puppet" type="service" version="1"> |
|
31 <dependency name="filesystem" grouping="require_all" restart_on="error" type="service"> |
|
32 <service_fmri value="svc:/system/filesystem/minimal"/> |
|
33 </dependency> |
|
34 <dependency name="network" grouping="require_all" restart_on="error" type="service"> |
|
35 <service_fmri value="svc:/milestone/network"/> |
|
36 </dependency> |
|
37 <dependency name="identity" grouping="require_all" restart_on="error" type="service"> |
|
38 <service_fmri value="svc:/system/identity:node"/> |
|
39 </dependency> |
|
40 <exec_method type="method" name="start" exec=":true" timeout_seconds="60"/> |
|
41 <exec_method type="method" name="stop" exec=":kill" timeout_seconds="60"/> |
|
42 <exec_method type="method" name="refresh" exec=":true" timeout_seconds="0"/> |
|
43 <property_group name="general" type="framework"> |
|
44 <!-- to start stop puppet --> |
|
45 <propval name="action_authorization" type="astring" value="solaris.smf.manage.puppet"/> |
|
46 <!-- to change puppet properties --> |
|
47 <propval name="value_authorization" type="astring" value="solaris.smf.value.puppet"/> |
|
48 </property_group> |
|
49 <property_group name="puppet_stencil" type="configfile"> |
|
50 <propval name="path" type="astring" value="/etc/puppet/puppet.conf"/> |
|
51 <propval name="stencil" type="astring" value="puppet.stencil"/> |
|
52 <propval name="mode" type="astring" value="0444"/> |
|
53 </property_group> |
|
54 <instance name="master" enabled="false"> |
|
55 <exec_method type="method" name="start" exec="/usr/sbin/puppet master --logdest %{config/logdest}" timeout_seconds="600"/> |
|
56 <property_group name="config" type="application"> |
|
57 <propval name="logdest" type="astring" value="/var/log/puppet/puppet-master.log"/> |
|
58 </property_group> |
|
59 </instance> |
|
60 <instance name="agent" enabled="false"> |
|
61 <exec_method type="method" name="start" exec="/usr/sbin/puppet agent --logdest %{config/logdest}" timeout_seconds="600"/> |
|
62 <property_group name="config" type="application"> |
|
63 <propval name="logdest" type="astring" value="/var/log/puppet/puppet-agent.log"/> |
|
64 </property_group> |
|
65 </instance> |
|
66 <stability value="Unstable"/> |
|
67 <template> |
|
68 <common_name> |
|
69 <loctext xml:lang="C">Puppet version 3.6.2</loctext> |
|
70 </common_name> |
|
71 <documentation> |
|
72 <manpage title="puppet-master" section="8" manpath="/usr/share/man"/> |
|
73 </documentation> |
|
74 <pg_pattern required="false" type="application" name="config"> |
|
75 <prop_pattern required="false" type="astring" name="agent_catalog_run_lockfile"> |
|
76 <description> |
|
77 <loctext xml:lang="C"> |
|
78 A lock file to indicate that a puppet agent catalog run is currently in progress. |
|
79 The file contains the pid of the process that holds the lock on the catalog run. |
|
80 </loctext> |
|
81 </description> |
|
82 </prop_pattern> |
|
83 <prop_pattern required="false" type="astring" name="agent_disabled_lockfile"> |
|
84 <description> |
|
85 <loctext xml:lang="C"> |
|
86 A lock file to indicate that puppet agent runs have been administratively |
|
87 disabled. File contains a JSON object with state information. |
|
88 </loctext> |
|
89 </description> |
|
90 </prop_pattern> |
|
91 <prop_pattern required="false" type="boolean" name="allow_duplicate_certs"> |
|
92 <description> |
|
93 <loctext xml:lang="C"> |
|
94 Whether to allow a new certificate |
|
95 request to overwrite an existing certificate. |
|
96 </loctext> |
|
97 </description> |
|
98 </prop_pattern> |
|
99 <prop_pattern required="false" type="boolean" name="allow_variables_with_dashes"> |
|
100 <description> |
|
101 <loctext xml:lang="C"> |
|
102 Permit hyphens (`-`) in variable names and issue deprecation warnings about |
|
103 them. This setting **should always be `false`;** setting it to `true` |
|
104 will cause subtle and wide-ranging bugs. It will be removed in a future version. |
|
105 |
|
106 Hyphenated variables caused major problems in the language, but were allowed |
|
107 between Puppet 2.7.3 and 2.7.14. If you used them during this window, we |
|
108 apologize for the inconvenience --- you can temporarily set this to `true` |
|
109 in order to upgrade, and can rename your variables at your leisure. Please |
|
110 revert it to `false` after you have renamed all affected variables. |
|
111 </loctext> |
|
112 </description> |
|
113 </prop_pattern> |
|
114 <prop_pattern required="false" type="host" name="archive_file_server"> |
|
115 <description> |
|
116 <loctext xml:lang="C"> |
|
117 During an inspect run, the file bucket server to archive files to if archive_files is set. |
|
118 </loctext> |
|
119 </description> |
|
120 </prop_pattern> |
|
121 <prop_pattern required="false" type="boolean" name="archive_files"> |
|
122 <description> |
|
123 <loctext xml:lang="C"> |
|
124 During an inspect run, whether to archive files whose contents are audited to a file bucket. |
|
125 </loctext> |
|
126 </description> |
|
127 </prop_pattern> |
|
128 <prop_pattern required="false" type="boolean" name="async_storeconfigs"> |
|
129 <description> |
|
130 <loctext xml:lang="C"> |
|
131 Whether to use a queueing system to provide asynchronous database integration. |
|
132 Requires that `puppet queue` be running. |
|
133 </loctext> |
|
134 </description> |
|
135 </prop_pattern> |
|
136 <prop_pattern required="false" type="boolean" name="autoflush"> |
|
137 <description> |
|
138 <loctext xml:lang="C"> |
|
139 Whether log files should always flush to disk. |
|
140 </loctext> |
|
141 </description> |
|
142 </prop_pattern> |
|
143 <prop_pattern required="false" type="astring" name="autosign"> |
|
144 <description> |
|
145 <loctext xml:lang="C"> |
|
146 Whether (and how) to autosign certificate requests. This setting |
|
147 is only relevant on a puppet master acting as a certificate authority (CA). |
|
148 |
|
149 Valid values are true (autosigns all certificate requests; not recommended), |
|
150 false (disables autosigning certificates), or the absolute path to a file. |
|
151 |
|
152 The file specified in this setting may be either a **configuration file** |
|
153 or a **custom policy executable.** Puppet will automatically determine |
|
154 what it is: If the Puppet user (see the `user` setting) can execute the |
|
155 file, it will be treated as a policy executable; otherwise, it will be |
|
156 treated as a config file. |
|
157 |
|
158 If a custom policy executable is configured, the CA puppet master will run it |
|
159 every time it receives a CSR. The executable will be passed the subject CN of the |
|
160 request _as a command line argument,_ and the contents of the CSR in PEM format |
|
161 _on stdin._ It should exit with a status of 0 if the cert should be autosigned |
|
162 and non-zero if the cert should not be autosigned. |
|
163 |
|
164 If a certificate request is not autosigned, it will persist for review. An admin |
|
165 user can use the `puppet cert sign` command to manually sign it, or can delete |
|
166 the request. |
|
167 |
|
168 For info on autosign configuration files, see |
|
169 [the guide to Puppet's config files](http://docs.puppetlabs.com/guides/configuring.html). |
|
170 </loctext> |
|
171 </description> |
|
172 </prop_pattern> |
|
173 <prop_pattern required="false" type="astring" name="basemodulepath"> |
|
174 <description> |
|
175 <loctext xml:lang="C"> |
|
176 The search path for **global** modules. Should be specified as a |
|
177 list of directories separated by the system path separator character. (The |
|
178 POSIX path separator is ':', and the Windows path separator is ';'.) |
|
179 |
|
180 If you are using directory environments, these are the modules that will |
|
181 be used by _all_ environments. Note that the `modules` directory of the active |
|
182 environment will have priority over any global directories. For more info, see |
|
183 http://docs.puppetlabs.com/puppet/latest/reference/environments.html |
|
184 |
|
185 This setting also provides the default value for the deprecated `modulepath` |
|
186 setting, which is used when directory environments are disabled. |
|
187 </loctext> |
|
188 </description> |
|
189 </prop_pattern> |
|
190 <prop_pattern required="false" type="boolean" name="biff"> |
|
191 <description> |
|
192 <loctext xml:lang="C"> |
|
193 Turns on Biff the catalog builder, future parser, and future evaluator. |
|
194 This is an experimental feature - and this setting may go away before |
|
195 release of Pupet 3.6. |
|
196 </loctext> |
|
197 </description> |
|
198 </prop_pattern> |
|
199 <prop_pattern required="false" type="net_address" name="bindaddress"> |
|
200 <description> |
|
201 <loctext xml:lang="C"> |
|
202 The address a listening server should bind to. |
|
203 </loctext> |
|
204 </description> |
|
205 </prop_pattern> |
|
206 <prop_pattern required="false" type="boolean" name="binder"> |
|
207 <description> |
|
208 <loctext xml:lang="C"> |
|
209 Turns the binding system on or off. This includes bindings in modules. |
|
210 The binding system aggregates data from modules and other locations and makes them available for lookup. |
|
211 The binding system is experimental and any or all of it may change. |
|
212 </loctext> |
|
213 </description> |
|
214 </prop_pattern> |
|
215 <prop_pattern required="false" type="astring" name="binder_config"> |
|
216 <description> |
|
217 <loctext xml:lang="C"> |
|
218 The binder configuration file. Puppet reads this file on each request to configure the bindings system. |
|
219 If set to nil (the default), a $confdir/binder_config.yaml is optionally loaded. If it does not exists, a default configuration |
|
220 is used. If the setting :binding_config is specified, it must reference a valid and existing yaml file. |
|
221 </loctext> |
|
222 </description> |
|
223 </prop_pattern> |
|
224 <prop_pattern required="false" type="astring" name="bucketdir"> |
|
225 <description> |
|
226 <loctext xml:lang="C"> |
|
227 Where FileBucket files are stored. |
|
228 </loctext> |
|
229 </description> |
|
230 </prop_pattern> |
|
231 <prop_pattern required="false" type="boolean" name="ca"> |
|
232 <description> |
|
233 <loctext xml:lang="C"> |
|
234 Whether the master should function as a certificate authority. |
|
235 </loctext> |
|
236 </description> |
|
237 </prop_pattern> |
|
238 <prop_pattern required="false" type="astring" name="ca_name"> |
|
239 <description> |
|
240 <loctext xml:lang="C"> |
|
241 The name to use the Certificate Authority certificate. |
|
242 </loctext> |
|
243 </description> |
|
244 </prop_pattern> |
|
245 <prop_pattern required="false" type="integer" name="ca_port"> |
|
246 <description> |
|
247 <loctext xml:lang="C"> |
|
248 The port to use for the certificate authority. |
|
249 </loctext> |
|
250 </description> |
|
251 </prop_pattern> |
|
252 <prop_pattern required="false" type="host" name="ca_server"> |
|
253 <description> |
|
254 <loctext xml:lang="C"> |
|
255 The server to use for certificate |
|
256 authority requests. It's a separate server because it cannot |
|
257 and does not need to horizontally scale. |
|
258 </loctext> |
|
259 </description> |
|
260 </prop_pattern> |
|
261 <prop_pattern required="false" type="integer" name="ca_ttl"> |
|
262 <description> |
|
263 <loctext xml:lang="C"> |
|
264 The default TTL for new certificates. |
|
265 This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
266 </loctext> |
|
267 </description> |
|
268 </prop_pattern> |
|
269 <prop_pattern required="false" type="astring" name="cacert"> |
|
270 <description> |
|
271 <loctext xml:lang="C"> |
|
272 The CA certificate. |
|
273 </loctext> |
|
274 </description> |
|
275 </prop_pattern> |
|
276 <prop_pattern required="false" type="astring" name="cacrl"> |
|
277 <description> |
|
278 <loctext xml:lang="C"> |
|
279 The certificate revocation list (CRL) for the CA. Will be used if present but otherwise ignored. |
|
280 </loctext> |
|
281 </description> |
|
282 </prop_pattern> |
|
283 <prop_pattern required="false" type="astring" name="cadir"> |
|
284 <description> |
|
285 <loctext xml:lang="C"> |
|
286 The root directory for the certificate authority. |
|
287 </loctext> |
|
288 </description> |
|
289 </prop_pattern> |
|
290 <prop_pattern required="false" type="astring" name="cakey"> |
|
291 <description> |
|
292 <loctext xml:lang="C"> |
|
293 The CA private key. |
|
294 </loctext> |
|
295 </description> |
|
296 </prop_pattern> |
|
297 <prop_pattern required="false" type="astring" name="capass"> |
|
298 <description> |
|
299 <loctext xml:lang="C"> |
|
300 Where the CA stores the password for the private key. |
|
301 </loctext> |
|
302 </description> |
|
303 </prop_pattern> |
|
304 <prop_pattern required="false" type="astring" name="caprivatedir"> |
|
305 <description> |
|
306 <loctext xml:lang="C"> |
|
307 Where the CA stores private certificate information. |
|
308 </loctext> |
|
309 </description> |
|
310 </prop_pattern> |
|
311 <prop_pattern required="false" type="astring" name="capub"> |
|
312 <description> |
|
313 <loctext xml:lang="C"> |
|
314 The CA public key. |
|
315 </loctext> |
|
316 </description> |
|
317 </prop_pattern> |
|
318 <prop_pattern required="false" type="astring" name="catalog_cache_terminus"> |
|
319 <description> |
|
320 <loctext xml:lang="C"> |
|
321 How to store cached catalogs. Valid values are 'json', 'msgpack' and 'yaml'. The agent application defaults to 'json'. |
|
322 </loctext> |
|
323 </description> |
|
324 </prop_pattern> |
|
325 <prop_pattern required="false" type="astring" name="catalog_format"> |
|
326 <description> |
|
327 <loctext xml:lang="C"> |
|
328 (Deprecated for 'preferred_serialization_format') What format to |
|
329 use to dump the catalog. Only supports 'marshal' and 'yaml'. Only |
|
330 matters on the client, since it asks the server for a specific format. |
|
331 </loctext> |
|
332 </description> |
|
333 </prop_pattern> |
|
334 <prop_pattern required="false" type="astring" name="catalog_terminus"> |
|
335 <description> |
|
336 <loctext xml:lang="C"> |
|
337 Where to get node catalogs. This is useful to change if, for instance, |
|
338 you'd like to pre-compile catalogs and store them in memcached or some other easily-accessed store. |
|
339 </loctext> |
|
340 </description> |
|
341 </prop_pattern> |
|
342 <prop_pattern required="false" type="astring" name="cert_inventory"> |
|
343 <description> |
|
344 <loctext xml:lang="C"> |
|
345 The inventory file. This is a text file to which the CA writes a |
|
346 complete listing of all certificates. |
|
347 </loctext> |
|
348 </description> |
|
349 </prop_pattern> |
|
350 <prop_pattern required="false" type="astring" name="certdir"> |
|
351 <description> |
|
352 <loctext xml:lang="C"> |
|
353 The certificate directory. |
|
354 </loctext> |
|
355 </description> |
|
356 </prop_pattern> |
|
357 <prop_pattern required="false" type="astring" name="certdnsnames"> |
|
358 <description> |
|
359 <loctext xml:lang="C"> |
|
360 The `certdnsnames` setting is no longer functional, |
|
361 after CVE-2011-3872. We ignore the value completely. |
|
362 |
|
363 For your own certificate request you can set `dns_alt_names` in the |
|
364 configuration and it will apply locally. There is no configuration option to |
|
365 set DNS alt names, or any other `subjectAltName` value, for another nodes |
|
366 certificate. |
|
367 |
|
368 Alternately you can use the `--dns_alt_names` command line option to set the |
|
369 labels added while generating your own CSR. |
|
370 </loctext> |
|
371 </description> |
|
372 </prop_pattern> |
|
373 <prop_pattern required="false" type="integer" name="certificate_expire_warning"> |
|
374 <description> |
|
375 <loctext xml:lang="C"> |
|
376 The window of time leading up to a certificate's expiration that a notification |
|
377 will be logged. This applies to CA, master, and agent certificates. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
378 </loctext> |
|
379 </description> |
|
380 </prop_pattern> |
|
381 <prop_pattern required="false" type="boolean" name="certificate_revocation"> |
|
382 <description> |
|
383 <loctext xml:lang="C"> |
|
384 Whether certificate revocation should be supported by downloading a |
|
385 Certificate Revocation List (CRL) |
|
386 to all clients. If enabled, CA chaining will almost definitely not work. |
|
387 </loctext> |
|
388 </description> |
|
389 </prop_pattern> |
|
390 <prop_pattern required="false" type="hostname" name="certname"> |
|
391 <description> |
|
392 <loctext xml:lang="C"> |
|
393 The name to use when handling certificates. Defaults |
|
394 to the fully qualified domain name. |
|
395 </loctext> |
|
396 </description> |
|
397 </prop_pattern> |
|
398 <prop_pattern required="false" type="astring" name="classfile"> |
|
399 <description> |
|
400 <loctext xml:lang="C"> |
|
401 The file in which puppet agent stores a list of the classes |
|
402 associated with the retrieved configuration. Can be loaded in |
|
403 the separate `puppet` executable using the `--loadclasses` |
|
404 option. |
|
405 </loctext> |
|
406 </description> |
|
407 </prop_pattern> |
|
408 <prop_pattern required="false" type="astring" name="client_datadir"> |
|
409 <description> |
|
410 <loctext xml:lang="C"> |
|
411 The directory in which serialized data is stored on the client. |
|
412 </loctext> |
|
413 </description> |
|
414 </prop_pattern> |
|
415 <prop_pattern required="false" type="astring" name="clientbucketdir"> |
|
416 <description> |
|
417 <loctext xml:lang="C"> |
|
418 Where FileBucket files are stored locally. |
|
419 </loctext> |
|
420 </description> |
|
421 </prop_pattern> |
|
422 <prop_pattern required="false" type="astring" name="clientyamldir"> |
|
423 <description> |
|
424 <loctext xml:lang="C"> |
|
425 The directory in which client-side YAML data is stored. |
|
426 </loctext> |
|
427 </description> |
|
428 </prop_pattern> |
|
429 <prop_pattern required="false" type="astring" name="code"> |
|
430 <description> |
|
431 <loctext xml:lang="C"> |
|
432 Code to parse directly. This is essentially only used |
|
433 by `puppet`, and should only be set if you're writing your own Puppet |
|
434 executable. |
|
435 </loctext> |
|
436 </description> |
|
437 </prop_pattern> |
|
438 <prop_pattern required="false" type="astring" name="color"> |
|
439 <description> |
|
440 <loctext xml:lang="C"> |
|
441 Whether to use colors when logging to the console. Valid values are |
|
442 `ansi` (equivalent to `true`), `html`, and `false`, which produces no color. |
|
443 Defaults to false on Windows, as its console does not support ansi colors. |
|
444 </loctext> |
|
445 </description> |
|
446 </prop_pattern> |
|
447 <prop_pattern required="false" type="astring" name="confdir"> |
|
448 <description> |
|
449 <loctext xml:lang="C"> |
|
450 The main Puppet configuration directory. The default for this setting |
|
451 is calculated based on the user. If the process is running as root or |
|
452 the user that Puppet is supposed to run as, it defaults to a system |
|
453 directory, but if it's running as any other user, it defaults to being |
|
454 in the user's home directory. |
|
455 </loctext> |
|
456 </description> |
|
457 </prop_pattern> |
|
458 <prop_pattern required="false" type="astring" name="config"> |
|
459 <description> |
|
460 <loctext xml:lang="C"> |
|
461 The configuration file for the current puppet application. |
|
462 </loctext> |
|
463 </description> |
|
464 </prop_pattern> |
|
465 <prop_pattern required="false" type="astring" name="config_file_name"> |
|
466 <description> |
|
467 <loctext xml:lang="C"> |
|
468 The name of the puppet config file. |
|
469 </loctext> |
|
470 </description> |
|
471 </prop_pattern> |
|
472 <prop_pattern required="false" type="astring" name="config_version"> |
|
473 <description> |
|
474 <loctext xml:lang="C"> |
|
475 How to determine the configuration version. By default, it will be the |
|
476 time that the configuration is parsed, but you can provide a shell script to override how the |
|
477 version is determined. The output of this script will be added to every log message in the |
|
478 reports, allowing you to correlate changes on your hosts to the source version on the server. |
|
479 |
|
480 Setting a global value for config_version in puppet.conf is deprecated. Please set a |
|
481 per-environment value in environment.conf instead. For more info, see |
|
482 http://docs.puppetlabs.com/puppet/latest/reference/environments.html |
|
483 </loctext> |
|
484 </description> |
|
485 </prop_pattern> |
|
486 <prop_pattern required="false" type="astring" name="configprint"> |
|
487 <description> |
|
488 <loctext xml:lang="C"> |
|
489 Print the value of a specific configuration setting. If the name of a |
|
490 setting is provided for this, then the value is printed and puppet |
|
491 exits. Comma-separate multiple values. For a list of all values, |
|
492 specify 'all'. |
|
493 </loctext> |
|
494 </description> |
|
495 </prop_pattern> |
|
496 <prop_pattern required="false" type="integer" name="configtimeout"> |
|
497 <description> |
|
498 <loctext xml:lang="C"> |
|
499 How long the client should wait for the configuration to be retrieved |
|
500 before considering it a failure. This can help reduce flapping if too |
|
501 many clients contact the server at one time. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
502 </loctext> |
|
503 </description> |
|
504 </prop_pattern> |
|
505 <prop_pattern required="false" type="uri" name="couchdb_url"> |
|
506 <description> |
|
507 <loctext xml:lang="C"> |
|
508 The url where the puppet couchdb database will be created. |
|
509 Only used when `facts_terminus` is set to `couch`. |
|
510 </loctext> |
|
511 </description> |
|
512 </prop_pattern> |
|
513 <prop_pattern required="false" type="astring" name="csr_attributes"> |
|
514 <description> |
|
515 <loctext xml:lang="C"> |
|
516 An optional file containing custom attributes to add to certificate signing |
|
517 requests (CSRs). You should ensure that this file does not exist on your CA |
|
518 puppet master; if it does, unwanted certificate extensions may leak into |
|
519 certificates created with the `puppet cert generate` command. |
|
520 |
|
521 If present, this file must be a YAML hash containing a `custom_attributes` key |
|
522 and/or an `extension_requests` key. The value of each key must be a hash, where |
|
523 each key is a valid OID and each value is an object that can be cast to a string. |
|
524 |
|
525 Custom attributes can be used by the CA when deciding whether to sign the |
|
526 certificate, but are then discarded. Attribute OIDs can be any OID value except |
|
527 the standard CSR attributes (i.e. attributes described in RFC 2985 section 5.4). |
|
528 This is useful for embedding a pre-shared key for autosigning policy executables |
|
529 (see the `autosign` setting), often by using the `1.2.840.113549.1.9.7` |
|
530 ("challenge password") OID. |
|
531 |
|
532 Extension requests will be permanently embedded in the final certificate. |
|
533 Extension OIDs must be in the "ppRegCertExt" (`1.3.6.1.4.1.34380.1.1`) or |
|
534 "ppPrivCertExt" (`1.3.6.1.4.1.34380.1.2`) OID arcs. The ppRegCertExt arc is |
|
535 reserved for four of the most common pieces of data to embed: `pp_uuid` (`.1`), |
|
536 `pp_instance_id` (`.2`), `pp_image_name` (`.3`), and `pp_preshared_key` (`.4`) |
|
537 --- in the YAML file, these can be referred to by their short descriptive names |
|
538 instead of their full OID. The ppPrivCertExt arc is unregulated, and can be used |
|
539 for site-specific extensions. |
|
540 </loctext> |
|
541 </description> |
|
542 </prop_pattern> |
|
543 <prop_pattern required="false" type="astring" name="csrdir"> |
|
544 <description> |
|
545 <loctext xml:lang="C"> |
|
546 Where the CA stores certificate requests |
|
547 </loctext> |
|
548 </description> |
|
549 </prop_pattern> |
|
550 <prop_pattern required="false" type="boolean" name="daemonize"> |
|
551 <description> |
|
552 <loctext xml:lang="C"> |
|
553 Whether to send the process into the background. This defaults |
|
554 to true on POSIX systems, and to false on Windows (where Puppet |
|
555 currently cannot daemonize). |
|
556 </loctext> |
|
557 </description> |
|
558 </prop_pattern> |
|
559 <prop_pattern required="false" type="astring" name="data_binding_terminus"> |
|
560 <description> |
|
561 <loctext xml:lang="C"> |
|
562 Where to retrive information about data. |
|
563 </loctext> |
|
564 </description> |
|
565 </prop_pattern> |
|
566 <prop_pattern required="false" type="astring" name="dbadapter"> |
|
567 <description> |
|
568 <loctext xml:lang="C"> |
|
569 The type of database to use. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
570 </loctext> |
|
571 </description> |
|
572 </prop_pattern> |
|
573 <prop_pattern required="false" type="astring" name="dbconnections"> |
|
574 <description> |
|
575 <loctext xml:lang="C"> |
|
576 The number of database connections for networked |
|
577 databases. Will be ignored unless the value is a positive integer. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
578 </loctext> |
|
579 </description> |
|
580 </prop_pattern> |
|
581 <prop_pattern required="false" type="astring" name="dblocation"> |
|
582 <description> |
|
583 <loctext xml:lang="C"> |
|
584 The sqlite database file. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
585 </loctext> |
|
586 </description> |
|
587 </prop_pattern> |
|
588 <prop_pattern required="false" type="boolean" name="dbmigrate"> |
|
589 <description> |
|
590 <loctext xml:lang="C"> |
|
591 Whether to automatically migrate the database. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
592 </loctext> |
|
593 </description> |
|
594 </prop_pattern> |
|
595 <prop_pattern required="false" type="astring" name="dbname"> |
|
596 <description> |
|
597 <loctext xml:lang="C"> |
|
598 The name of the database to use. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
599 </loctext> |
|
600 </description> |
|
601 </prop_pattern> |
|
602 <prop_pattern required="false" type="astring" name="dbpassword"> |
|
603 <description> |
|
604 <loctext xml:lang="C"> |
|
605 The database password for caching. Only |
|
606 used when networked databases are used. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
607 </loctext> |
|
608 </description> |
|
609 </prop_pattern> |
|
610 <prop_pattern required="false" type="astring" name="dbport"> |
|
611 <description> |
|
612 <loctext xml:lang="C"> |
|
613 The database password for caching. Only |
|
614 used when networked databases are used. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
615 </loctext> |
|
616 </description> |
|
617 </prop_pattern> |
|
618 <prop_pattern required="false" type="host" name="dbserver"> |
|
619 <description> |
|
620 <loctext xml:lang="C"> |
|
621 The database server for caching. Only |
|
622 used when networked databases are used. |
|
623 </loctext> |
|
624 </description> |
|
625 </prop_pattern> |
|
626 <prop_pattern required="false" type="astring" name="dbsocket"> |
|
627 <description> |
|
628 <loctext xml:lang="C"> |
|
629 The database socket location. Only used when networked |
|
630 databases are used. Will be ignored if the value is an empty string. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
631 </loctext> |
|
632 </description> |
|
633 </prop_pattern> |
|
634 <prop_pattern required="false" type="astring" name="dbuser"> |
|
635 <description> |
|
636 <loctext xml:lang="C"> |
|
637 The database user for caching. Only |
|
638 used when networked databases are used. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
639 </loctext> |
|
640 </description> |
|
641 </prop_pattern> |
|
642 <prop_pattern required="false" type="astring" name="default_file_terminus"> |
|
643 <description> |
|
644 <loctext xml:lang="C"> |
|
645 The default source for files if no server is given in a |
|
646 uri, e.g. puppet:///file. The default of `rest` causes the file to be |
|
647 retrieved using the `server` setting. When running `apply` the default |
|
648 is `file_server`, causing requests to be filled locally. |
|
649 </loctext> |
|
650 </description> |
|
651 </prop_pattern> |
|
652 <prop_pattern required="false" type="boolean" name="default_schedules"> |
|
653 <description> |
|
654 <loctext xml:lang="C"> |
|
655 Boolean; whether to generate the default schedule resources. Setting this to |
|
656 false is useful for keeping external report processors clean of skipped schedule resources. |
|
657 </loctext> |
|
658 </description> |
|
659 </prop_pattern> |
|
660 <prop_pattern required="false" type="astring" name="deviceconfig"> |
|
661 <description> |
|
662 <loctext xml:lang="C"> |
|
663 Path to the device config file for puppet device. |
|
664 </loctext> |
|
665 </description> |
|
666 </prop_pattern> |
|
667 <prop_pattern required="false" type="astring" name="devicedir"> |
|
668 <description> |
|
669 <loctext xml:lang="C"> |
|
670 The root directory of devices' $vardir. |
|
671 </loctext> |
|
672 </description> |
|
673 </prop_pattern> |
|
674 <prop_pattern required="false" type="astring" name="diff"> |
|
675 <description> |
|
676 <loctext xml:lang="C"> |
|
677 Which diff command to use when printing differences between files. This setting |
|
678 has no default value on Windows, as standard `diff` is not available, but Puppet can use many |
|
679 third-party diff tools. |
|
680 </loctext> |
|
681 </description> |
|
682 </prop_pattern> |
|
683 <prop_pattern required="false" type="astring" name="diff_args"> |
|
684 <description> |
|
685 <loctext xml:lang="C"> |
|
686 Which arguments to pass to the diff command when printing differences between |
|
687 files. The command to use can be chosen with the `diff` setting. |
|
688 </loctext> |
|
689 </description> |
|
690 </prop_pattern> |
|
691 <prop_pattern required="false" type="astring" name="digest_algorithm"> |
|
692 <description> |
|
693 <loctext xml:lang="C"> |
|
694 Which digest algorithm to use for file resources and the filebucket. |
|
695 Valid values are md5, sha256. Default is md5. |
|
696 </loctext> |
|
697 </description> |
|
698 </prop_pattern> |
|
699 <prop_pattern required="false" type="astring" name="disable_warnings"> |
|
700 <description> |
|
701 <loctext xml:lang="C"> |
|
702 A list of warning types to disable. Currently the only warning type that can be |
|
703 disabled are deprecations, but more warning types may be added later. |
|
704 </loctext> |
|
705 </description> |
|
706 </prop_pattern> |
|
707 <prop_pattern required="false" type="host" name="dns_alt_names"> |
|
708 <description> |
|
709 <loctext xml:lang="C"> |
|
710 The comma-separated list of alternative DNS names to use for the local host. |
|
711 |
|
712 When the node generates a CSR for itself, these are added to the request |
|
713 as the desired `subjectAltName` in the certificate: additional DNS labels |
|
714 that the certificate is also valid answering as. |
|
715 |
|
716 This is generally required if you use a non-hostname `certname`, or if you |
|
717 want to use `puppet kick` or `puppet resource -H` and the primary certname |
|
718 does not match the DNS name you use to communicate with the host. |
|
719 |
|
720 This is unnecessary for agents, unless you intend to use them as a server for |
|
721 `puppet kick` or remote `puppet resource` management. |
|
722 |
|
723 It is rarely necessary for servers; it is usually helpful only if you need to |
|
724 have a pool of multiple load balanced masters, or for the same master to |
|
725 respond on two physically separate networks under different names. |
|
726 </loctext> |
|
727 </description> |
|
728 </prop_pattern> |
|
729 <prop_pattern required="false" type="boolean" name="document_all"> |
|
730 <description> |
|
731 <loctext xml:lang="C"> |
|
732 Whether to document all resources when using `puppet doc` to |
|
733 generate manifest documentation. |
|
734 </loctext> |
|
735 </description> |
|
736 </prop_pattern> |
|
737 <prop_pattern required="false" type="astring" name="dynamicfacts"> |
|
738 <description> |
|
739 <loctext xml:lang="C"> |
|
740 (Deprecated) Facts that are dynamic; these facts will be ignored when deciding whether |
|
741 changed facts should result in a recompile. Multiple facts should be |
|
742 comma-separated. |
|
743 </loctext> |
|
744 </description> |
|
745 </prop_pattern> |
|
746 <prop_pattern required="false" type="astring" name="environment"> |
|
747 <description> |
|
748 <loctext xml:lang="C"> |
|
749 The environment Puppet is running in. For clients |
|
750 (e.g., `puppet agent`) this determines the environment itself, which |
|
751 is used to find modules and much more. For servers (i.e., `puppet master`) |
|
752 this provides the default environment for nodes we know nothing about. |
|
753 </loctext> |
|
754 </description> |
|
755 </prop_pattern> |
|
756 <prop_pattern required="false" type="integer" name="environment_timeout"> |
|
757 <description> |
|
758 <loctext xml:lang="C"> |
|
759 The time to live for a cached environment. The time is either given This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)., or |
|
760 the word 'unlimited' which causes the environment to be cached until the master is restarted. |
|
761 </loctext> |
|
762 </description> |
|
763 </prop_pattern> |
|
764 <prop_pattern required="false" type="astring" name="environmentpath"> |
|
765 <description> |
|
766 <loctext xml:lang="C"> |
|
767 A search path for directory environments, as a list of directories |
|
768 separated by the system path separator character. (The POSIX path separator |
|
769 is ':', and the Windows path separator is ';'.) |
|
770 |
|
771 This setting must have a value set to enable **directory environments.** The |
|
772 recommended value is `$confdir/environments`. For more details, see |
|
773 http://docs.puppetlabs.com/puppet/latest/reference/environments.html |
|
774 </loctext> |
|
775 </description> |
|
776 </prop_pattern> |
|
777 <prop_pattern required="false" type="boolean" name="evaltrace"> |
|
778 <description> |
|
779 <loctext xml:lang="C"> |
|
780 Whether each resource should log when it is |
|
781 being evaluated. This allows you to interactively see exactly |
|
782 what is being done. |
|
783 </loctext> |
|
784 </description> |
|
785 </prop_pattern> |
|
786 <prop_pattern required="false" type="astring" name="evaluator"> |
|
787 <description> |
|
788 <loctext xml:lang="C"> |
|
789 Which evaluator to use when compiling Puppet manifests. Valid values |
|
790 are `current` and `future` (the default). |
|
791 |
|
792 **Note:** This setting is only used when `parser = future`. It allows |
|
793 testers to turn off the `future` evaluator when doing detailed tests and |
|
794 comparisons of the new compilation system. |
|
795 |
|
796 Evaluation is the second stage of catalog compilation. After the parser |
|
797 converts a manifest to a model of expressions, the evaluator processes |
|
798 each expression. (For example, a resource declaration signals the |
|
799 evaluator to add a resource to the catalog). |
|
800 |
|
801 The `future` parser and evaluator are slated to become default in Puppet |
|
802 4. Their purpose is to add new features and improve consistency |
|
803 and reliability. |
|
804 |
|
805 Available Since Puppet 3.5. |
|
806 </loctext> |
|
807 </description> |
|
808 </prop_pattern> |
|
809 <prop_pattern required="false" type="astring" name="external_nodes"> |
|
810 <description> |
|
811 <loctext xml:lang="C"> |
|
812 An external command that can produce node information. The command's output |
|
813 must be a YAML dump of a hash, and that hash must have a `classes` key and/or |
|
814 a `parameters` key, where `classes` is an array or hash and |
|
815 `parameters` is a hash. For unknown nodes, the command should |
|
816 exit with a non-zero exit code. |
|
817 |
|
818 This command makes it straightforward to store your node mapping |
|
819 information in other data sources like databases. |
|
820 </loctext> |
|
821 </description> |
|
822 </prop_pattern> |
|
823 <prop_pattern required="false" type="astring" name="factpath"> |
|
824 <description> |
|
825 <loctext xml:lang="C"> |
|
826 Where Puppet should look for facts. Multiple directories should |
|
827 be separated by the system path separator character. (The POSIX path |
|
828 separator is ':', and the Windows path separator is ';'.) |
|
829 </loctext> |
|
830 </description> |
|
831 </prop_pattern> |
|
832 <prop_pattern required="false" type="astring" name="facts_terminus"> |
|
833 <description> |
|
834 <loctext xml:lang="C"> |
|
835 The node facts terminus. |
|
836 </loctext> |
|
837 </description> |
|
838 </prop_pattern> |
|
839 <prop_pattern required="false" type="astring" name="fileserverconfig"> |
|
840 <description> |
|
841 <loctext xml:lang="C"> |
|
842 Where the fileserver configuration is stored. |
|
843 </loctext> |
|
844 </description> |
|
845 </prop_pattern> |
|
846 <prop_pattern required="false" type="integer" name="filetimeout"> |
|
847 <description> |
|
848 <loctext xml:lang="C"> |
|
849 The minimum time to wait between checking for updates in |
|
850 configuration files. This timeout determines how quickly Puppet checks whether |
|
851 a file (such as manifests or templates) has changed on disk. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
852 </loctext> |
|
853 </description> |
|
854 </prop_pattern> |
|
855 <prop_pattern required="false" type="boolean" name="freeze_main"> |
|
856 <description> |
|
857 <loctext xml:lang="C"> |
|
858 Freezes the 'main' class, disallowing any code to be added to it. This |
|
859 essentially means that you can't have any code outside of a node, |
|
860 class, or definition other than in the site manifest. |
|
861 </loctext> |
|
862 </description> |
|
863 </prop_pattern> |
|
864 <prop_pattern required="false" type="boolean" name="genmanifest"> |
|
865 <description> |
|
866 <loctext xml:lang="C"> |
|
867 Whether to just print a manifest to stdout and exit. Only makes |
|
868 sense when specified on the command line as `--genmanifest`. Takes into account arguments specified |
|
869 on the CLI. |
|
870 </loctext> |
|
871 </description> |
|
872 </prop_pattern> |
|
873 <prop_pattern required="false" type="boolean" name="graph"> |
|
874 <description> |
|
875 <loctext xml:lang="C"> |
|
876 Whether to create dot graph files for the different |
|
877 configuration graphs. These dot files can be interpreted by tools |
|
878 like OmniGraffle or dot (which is part of ImageMagick). |
|
879 </loctext> |
|
880 </description> |
|
881 </prop_pattern> |
|
882 <prop_pattern required="false" type="astring" name="graphdir"> |
|
883 <description> |
|
884 <loctext xml:lang="C"> |
|
885 Where to store dot-outputted graphs. |
|
886 </loctext> |
|
887 </description> |
|
888 </prop_pattern> |
|
889 <prop_pattern required="false" type="astring" name="group"> |
|
890 <description> |
|
891 <loctext xml:lang="C"> |
|
892 The group puppet master should run as. |
|
893 </loctext> |
|
894 </description> |
|
895 </prop_pattern> |
|
896 <prop_pattern required="false" type="astring" name="hiera_config"> |
|
897 <description> |
|
898 <loctext xml:lang="C"> |
|
899 The hiera configuration file. Puppet only reads this file on startup, so you must restart the puppet master every time you edit it. |
|
900 </loctext> |
|
901 </description> |
|
902 </prop_pattern> |
|
903 <prop_pattern required="false" type="astring" name="hostcert"> |
|
904 <description> |
|
905 <loctext xml:lang="C"> |
|
906 Where individual hosts store and look for their certificates. |
|
907 </loctext> |
|
908 </description> |
|
909 </prop_pattern> |
|
910 <prop_pattern required="false" type="astring" name="hostcrl"> |
|
911 <description> |
|
912 <loctext xml:lang="C"> |
|
913 Where the host's certificate revocation list can be found. |
|
914 This is distinct from the certificate authority's CRL. |
|
915 </loctext> |
|
916 </description> |
|
917 </prop_pattern> |
|
918 <prop_pattern required="false" type="astring" name="hostcsr"> |
|
919 <description> |
|
920 <loctext xml:lang="C"> |
|
921 Where individual hosts store and look for their certificate requests. |
|
922 </loctext> |
|
923 </description> |
|
924 </prop_pattern> |
|
925 <prop_pattern required="false" type="astring" name="hostprivkey"> |
|
926 <description> |
|
927 <loctext xml:lang="C"> |
|
928 Where individual hosts store and look for their private key. |
|
929 </loctext> |
|
930 </description> |
|
931 </prop_pattern> |
|
932 <prop_pattern required="false" type="astring" name="hostpubkey"> |
|
933 <description> |
|
934 <loctext xml:lang="C"> |
|
935 Where individual hosts store and look for their public key. |
|
936 </loctext> |
|
937 </description> |
|
938 </prop_pattern> |
|
939 <prop_pattern required="false" type="boolean" name="http_compression"> |
|
940 <description> |
|
941 <loctext xml:lang="C"> |
|
942 Allow http compression in REST communication with the master. |
|
943 This setting might improve performance for agent -> master |
|
944 communications over slow WANs. Your puppet master needs to support |
|
945 compression (usually by activating some settings in a reverse-proxy in |
|
946 front of the puppet master, which rules out webrick). It is harmless to |
|
947 activate this settings if your master doesn't support compression, but |
|
948 if it supports it, this setting might reduce performance on high-speed LANs. |
|
949 </loctext> |
|
950 </description> |
|
951 </prop_pattern> |
|
952 <prop_pattern required="false" type="host" name="http_proxy_host"> |
|
953 <description> |
|
954 <loctext xml:lang="C"> |
|
955 The HTTP proxy host to use for outgoing connections. Note: You |
|
956 may need to use a FQDN for the server hostname when using a proxy. |
|
957 </loctext> |
|
958 </description> |
|
959 </prop_pattern> |
|
960 <prop_pattern required="false" type="integer" name="http_proxy_port"> |
|
961 <description> |
|
962 <loctext xml:lang="C"> |
|
963 The HTTP proxy port to use for outgoing connections |
|
964 </loctext> |
|
965 </description> |
|
966 </prop_pattern> |
|
967 <prop_pattern required="false" type="astring" name="httplog"> |
|
968 <description> |
|
969 <loctext xml:lang="C"> |
|
970 Where the puppet agent web server logs. |
|
971 </loctext> |
|
972 </description> |
|
973 </prop_pattern> |
|
974 <prop_pattern required="false" type="boolean" name="ignorecache"> |
|
975 <description> |
|
976 <loctext xml:lang="C"> |
|
977 Ignore cache and always recompile the configuration. This is |
|
978 useful for testing new configurations, where the local cache may in |
|
979 fact be stale even if the timestamps are up to date - if the facts |
|
980 change or if the server changes. |
|
981 </loctext> |
|
982 </description> |
|
983 </prop_pattern> |
|
984 <prop_pattern required="false" type="boolean" name="ignoreimport"> |
|
985 <description> |
|
986 <loctext xml:lang="C"> |
|
987 If true, allows the parser to continue without requiring |
|
988 all files referenced with `import` statements to exist. This setting was primarily |
|
989 designed for use with commit hooks for parse-checking. |
|
990 </loctext> |
|
991 </description> |
|
992 </prop_pattern> |
|
993 <prop_pattern required="false" type="boolean" name="ignoremissingtypes"> |
|
994 <description> |
|
995 <loctext xml:lang="C"> |
|
996 Skip searching for classes and definitions that were missing during a |
|
997 prior compilation. The list of missing objects is maintained per-environment and |
|
998 persists until the environment is cleared or the master is restarted. |
|
999 </loctext> |
|
1000 </description> |
|
1001 </prop_pattern> |
|
1002 <prop_pattern required="false" type="boolean" name="ignoreschedules"> |
|
1003 <description> |
|
1004 <loctext xml:lang="C"> |
|
1005 Boolean; whether puppet agent should ignore schedules. This is useful |
|
1006 for initial puppet agent runs. |
|
1007 </loctext> |
|
1008 </description> |
|
1009 </prop_pattern> |
|
1010 <prop_pattern required="false" type="boolean" name="immutable_node_data"> |
|
1011 <description> |
|
1012 <loctext xml:lang="C"> |
|
1013 When true, also prevents $trusted and $facts from being overridden in any scope |
|
1014 </loctext> |
|
1015 </description> |
|
1016 </prop_pattern> |
|
1017 <prop_pattern required="false" type="integer" name="inventory_port"> |
|
1018 <description> |
|
1019 <loctext xml:lang="C"> |
|
1020 The port to communicate with the inventory_server. |
|
1021 </loctext> |
|
1022 </description> |
|
1023 </prop_pattern> |
|
1024 <prop_pattern required="false" type="host" name="inventory_server"> |
|
1025 <description> |
|
1026 <loctext xml:lang="C"> |
|
1027 The server to send facts to. |
|
1028 </loctext> |
|
1029 </description> |
|
1030 </prop_pattern> |
|
1031 <prop_pattern required="false" type="astring" name="inventory_terminus"> |
|
1032 <description> |
|
1033 <loctext xml:lang="C"> |
|
1034 Should usually be the same as the facts terminus |
|
1035 </loctext> |
|
1036 </description> |
|
1037 </prop_pattern> |
|
1038 <prop_pattern required="false" type="integer" name="keylength"> |
|
1039 <description> |
|
1040 <loctext xml:lang="C"> |
|
1041 The bit length of keys. |
|
1042 </loctext> |
|
1043 </description> |
|
1044 </prop_pattern> |
|
1045 <prop_pattern required="false" type="astring" name="lastrunfile"> |
|
1046 <description> |
|
1047 <loctext xml:lang="C"> |
|
1048 Where puppet agent stores the last run report summary in yaml format. |
|
1049 </loctext> |
|
1050 </description> |
|
1051 </prop_pattern> |
|
1052 <prop_pattern required="false" type="astring" name="lastrunreport"> |
|
1053 <description> |
|
1054 <loctext xml:lang="C"> |
|
1055 Where puppet agent stores the last run report in yaml format. |
|
1056 </loctext> |
|
1057 </description> |
|
1058 </prop_pattern> |
|
1059 <prop_pattern required="false" type="astring" name="ldapattrs"> |
|
1060 <description> |
|
1061 <loctext xml:lang="C"> |
|
1062 The LDAP attributes to include when querying LDAP for nodes. All |
|
1063 returned attributes are set as variables in the top-level scope. |
|
1064 Multiple values should be comma-separated. The value 'all' returns |
|
1065 all attributes. |
|
1066 </loctext> |
|
1067 </description> |
|
1068 </prop_pattern> |
|
1069 <prop_pattern required="false" type="astring" name="ldapbase"> |
|
1070 <description> |
|
1071 <loctext xml:lang="C"> |
|
1072 The search base for LDAP searches. It's impossible to provide |
|
1073 a meaningful default here, although the LDAP libraries might |
|
1074 have one already set. Generally, it should be the 'ou=Hosts' |
|
1075 branch under your main directory. |
|
1076 </loctext> |
|
1077 </description> |
|
1078 </prop_pattern> |
|
1079 <prop_pattern required="false" type="astring" name="ldapclassattrs"> |
|
1080 <description> |
|
1081 <loctext xml:lang="C"> |
|
1082 The LDAP attributes to use to define Puppet classes. Values |
|
1083 should be comma-separated. |
|
1084 </loctext> |
|
1085 </description> |
|
1086 </prop_pattern> |
|
1087 <prop_pattern required="false" type="astring" name="ldapparentattr"> |
|
1088 <description> |
|
1089 <loctext xml:lang="C"> |
|
1090 The attribute to use to define the parent node. |
|
1091 </loctext> |
|
1092 </description> |
|
1093 </prop_pattern> |
|
1094 <prop_pattern required="false" type="astring" name="ldappassword"> |
|
1095 <description> |
|
1096 <loctext xml:lang="C"> |
|
1097 The password to use to connect to LDAP. |
|
1098 </loctext> |
|
1099 </description> |
|
1100 </prop_pattern> |
|
1101 <prop_pattern required="false" type="integer" name="ldapport"> |
|
1102 <description> |
|
1103 <loctext xml:lang="C"> |
|
1104 The LDAP port. Only used if `node_terminus` is set to `ldap`. |
|
1105 </loctext> |
|
1106 </description> |
|
1107 </prop_pattern> |
|
1108 <prop_pattern required="false" type="host" name="ldapserver"> |
|
1109 <description> |
|
1110 <loctext xml:lang="C"> |
|
1111 The LDAP server. Only used if `node_terminus` is set to `ldap`. |
|
1112 </loctext> |
|
1113 </description> |
|
1114 </prop_pattern> |
|
1115 <prop_pattern required="false" type="boolean" name="ldapssl"> |
|
1116 <description> |
|
1117 <loctext xml:lang="C"> |
|
1118 Whether SSL should be used when searching for nodes. |
|
1119 Defaults to false because SSL usually requires certificates |
|
1120 to be set up on the client side. |
|
1121 </loctext> |
|
1122 </description> |
|
1123 </prop_pattern> |
|
1124 <prop_pattern required="false" type="astring" name="ldapstackedattrs"> |
|
1125 <description> |
|
1126 <loctext xml:lang="C"> |
|
1127 The LDAP attributes that should be stacked to arrays by adding |
|
1128 the values in all hierarchy elements of the tree. Values |
|
1129 should be comma-separated. |
|
1130 </loctext> |
|
1131 </description> |
|
1132 </prop_pattern> |
|
1133 <prop_pattern required="false" type="astring" name="ldapstring"> |
|
1134 <description> |
|
1135 <loctext xml:lang="C"> |
|
1136 The search string used to find an LDAP node. |
|
1137 </loctext> |
|
1138 </description> |
|
1139 </prop_pattern> |
|
1140 <prop_pattern required="false" type="boolean" name="ldaptls"> |
|
1141 <description> |
|
1142 <loctext xml:lang="C"> |
|
1143 Whether TLS should be used when searching for nodes. |
|
1144 Defaults to false because TLS usually requires certificates |
|
1145 to be set up on the client side. |
|
1146 </loctext> |
|
1147 </description> |
|
1148 </prop_pattern> |
|
1149 <prop_pattern required="false" type="hostname" name="ldapuser"> |
|
1150 <description> |
|
1151 <loctext xml:lang="C"> |
|
1152 The user to use to connect to LDAP. Must be specified as a |
|
1153 full DN. |
|
1154 </loctext> |
|
1155 </description> |
|
1156 </prop_pattern> |
|
1157 <prop_pattern required="false" type="boolean" name="legacy_query_parameter_serialization"> |
|
1158 <description> |
|
1159 <loctext xml:lang="C"> |
|
1160 The serialization format to use when sending file_metadata |
|
1161 query parameters. Older versions of puppet master expect certain query |
|
1162 parameters to be serialized as yaml, which is deprecated. |
|
1163 |
|
1164 This should almost always be false. It can be temporarily set to true |
|
1165 to let agents using this Puppet version connect to a puppet master |
|
1166 running Puppet 3.0.0 through 3.2.x. |
|
1167 |
|
1168 Note that this is set to true automatically if the agent detects an |
|
1169 older master, so should never need to be set explicitly. |
|
1170 </loctext> |
|
1171 </description> |
|
1172 </prop_pattern> |
|
1173 <prop_pattern required="false" type="astring" name="libdir"> |
|
1174 <description> |
|
1175 <loctext xml:lang="C"> |
|
1176 An extra search path for Puppet. This is only useful |
|
1177 for those files that Puppet will load on demand, and is only |
|
1178 guaranteed to work for those cases. In fact, the autoload |
|
1179 mechanism is responsible for making sure this directory |
|
1180 is in Ruby's search path |
|
1181 </loctext> |
|
1182 </description> |
|
1183 </prop_pattern> |
|
1184 <prop_pattern required="false" type="boolean" name="listen"> |
|
1185 <description> |
|
1186 <loctext xml:lang="C"> |
|
1187 Whether puppet agent should listen for |
|
1188 connections. If this is true, then puppet agent will accept incoming |
|
1189 REST API requests, subject to the default ACLs and the ACLs set in |
|
1190 the `rest_authconfig` file. Puppet agent can respond usefully to |
|
1191 requests on the `run`, `facts`, `certificate`, and `resource` endpoints. |
|
1192 </loctext> |
|
1193 </description> |
|
1194 </prop_pattern> |
|
1195 <prop_pattern required="false" type="astring" name="localcacert"> |
|
1196 <description> |
|
1197 <loctext xml:lang="C"> |
|
1198 Where each client stores the CA certificate. |
|
1199 </loctext> |
|
1200 </description> |
|
1201 </prop_pattern> |
|
1202 <prop_pattern required="false" type="astring" name="localconfig"> |
|
1203 <description> |
|
1204 <loctext xml:lang="C"> |
|
1205 Where puppet agent caches the local configuration. An |
|
1206 extension indicating the cache format is added automatically. |
|
1207 </loctext> |
|
1208 </description> |
|
1209 </prop_pattern> |
|
1210 <prop_pattern required="false" type="astring" name="log_level"> |
|
1211 <description> |
|
1212 <loctext xml:lang="C"> |
|
1213 Default logging level |
|
1214 </loctext> |
|
1215 </description> |
|
1216 </prop_pattern> |
|
1217 <prop_pattern required="false" type="astring" name="logdir"> |
|
1218 <description> |
|
1219 <loctext xml:lang="C"> |
|
1220 The directory in which to store log files |
|
1221 </loctext> |
|
1222 </description> |
|
1223 </prop_pattern> |
|
1224 <prop_pattern required="false" type="boolean" name="manage_internal_file_permissions"> |
|
1225 <description> |
|
1226 <loctext xml:lang="C"> |
|
1227 Whether Puppet should manage the owner, group, and mode of files it uses internally |
|
1228 </loctext> |
|
1229 </description> |
|
1230 </prop_pattern> |
|
1231 <prop_pattern required="false" type="astring" name="manifest"> |
|
1232 <description> |
|
1233 <loctext xml:lang="C"> |
|
1234 The entry-point manifest for puppet master. This can be one file |
|
1235 or a directory of manifests to be evaluated in alphabetical order. Puppet manages |
|
1236 this path as a directory if one exists or if the path ends with a / or \. |
|
1237 |
|
1238 Setting a global value for `manifest` in puppet.conf is deprecated. Please use |
|
1239 directory environments instead. If you need to use something other than the |
|
1240 environment's `manifests` directory as the main manifest, you can set |
|
1241 `manifest` in environment.conf. For more info, see |
|
1242 http://docs.puppetlabs.com/puppet/latest/reference/environments.html |
|
1243 </loctext> |
|
1244 </description> |
|
1245 </prop_pattern> |
|
1246 <prop_pattern required="false" type="astring" name="manifestdir"> |
|
1247 <description> |
|
1248 <loctext xml:lang="C"> |
|
1249 Used to build the default value of the `manifest` setting. Has no other purpose. |
|
1250 |
|
1251 This setting is deprecated. |
|
1252 </loctext> |
|
1253 </description> |
|
1254 </prop_pattern> |
|
1255 <prop_pattern required="false" type="astring" name="masterhttplog"> |
|
1256 <description> |
|
1257 <loctext xml:lang="C"> |
|
1258 Where the puppet master web server logs. |
|
1259 </loctext> |
|
1260 </description> |
|
1261 </prop_pattern> |
|
1262 <prop_pattern required="false" type="astring" name="masterlog"> |
|
1263 <description> |
|
1264 <loctext xml:lang="C"> |
|
1265 Where puppet master logs. This is generally not used, |
|
1266 since syslog is the default log destination. |
|
1267 </loctext> |
|
1268 </description> |
|
1269 </prop_pattern> |
|
1270 <prop_pattern required="false" type="integer" name="masterport"> |
|
1271 <description> |
|
1272 <loctext xml:lang="C"> |
|
1273 The port for puppet master traffic. For puppet master, |
|
1274 this is the port to listen on; for puppet agent, this is the port |
|
1275 to make requests on. Both applications use this setting to get the port. |
|
1276 </loctext> |
|
1277 </description> |
|
1278 </prop_pattern> |
|
1279 <prop_pattern required="false" type="integer" name="max_deprecations"> |
|
1280 <description> |
|
1281 <loctext xml:lang="C"> |
|
1282 Sets the max number of logged/displayed parser validation deprecation |
|
1283 warnings in case multiple errors have been detected. A value of 0 is the |
|
1284 same as value 1. The count is per manifest. |
|
1285 </loctext> |
|
1286 </description> |
|
1287 </prop_pattern> |
|
1288 <prop_pattern required="false" type="integer" name="max_errors"> |
|
1289 <description> |
|
1290 <loctext xml:lang="C"> |
|
1291 Sets the max number of logged/displayed parser validation errors in case |
|
1292 multiple errors have been detected. A value of 0 is the same as value 1. |
|
1293 The count is per manifest. |
|
1294 </loctext> |
|
1295 </description> |
|
1296 </prop_pattern> |
|
1297 <prop_pattern required="false" type="integer" name="max_warnings"> |
|
1298 <description> |
|
1299 <loctext xml:lang="C"> |
|
1300 Sets the max number of logged/displayed parser validation warnings in |
|
1301 case multiple errors have been detected. A value of 0 is the same as |
|
1302 value 1. The count is per manifest. |
|
1303 </loctext> |
|
1304 </description> |
|
1305 </prop_pattern> |
|
1306 <prop_pattern required="false" type="integer" name="maximum_uid"> |
|
1307 <description> |
|
1308 <loctext xml:lang="C"> |
|
1309 The maximum allowed UID. Some platforms use negative UIDs |
|
1310 but then ship with tools that do not know how to handle signed ints, |
|
1311 so the UIDs show up as huge numbers that can then not be fed back into |
|
1312 the system. This is a hackish way to fail in a slightly more useful |
|
1313 way when that happens. |
|
1314 </loctext> |
|
1315 </description> |
|
1316 </prop_pattern> |
|
1317 <prop_pattern required="false" type="boolean" name="mkusers"> |
|
1318 <description> |
|
1319 <loctext xml:lang="C"> |
|
1320 Whether to create the necessary user and group that puppet agent will run as. |
|
1321 </loctext> |
|
1322 </description> |
|
1323 </prop_pattern> |
|
1324 <prop_pattern required="false" type="uri" name="module_repository"> |
|
1325 <description> |
|
1326 <loctext xml:lang="C"> |
|
1327 The module repository |
|
1328 </loctext> |
|
1329 </description> |
|
1330 </prop_pattern> |
|
1331 <prop_pattern required="false" type="astring" name="module_skeleton_dir"> |
|
1332 <description> |
|
1333 <loctext xml:lang="C"> |
|
1334 The directory which the skeleton for module tool generate is stored. |
|
1335 </loctext> |
|
1336 </description> |
|
1337 </prop_pattern> |
|
1338 <prop_pattern required="false" type="astring" name="module_working_dir"> |
|
1339 <description> |
|
1340 <loctext xml:lang="C"> |
|
1341 The directory into which module tool data is stored |
|
1342 </loctext> |
|
1343 </description> |
|
1344 </prop_pattern> |
|
1345 <prop_pattern required="false" type="astring" name="modulepath"> |
|
1346 <description> |
|
1347 <loctext xml:lang="C"> |
|
1348 The search path for modules, as a list of directories separated by the system |
|
1349 path separator character. (The POSIX path separator is ':', and the |
|
1350 Windows path separator is ';'.) |
|
1351 |
|
1352 Setting a global value for `modulepath` in puppet.conf is deprecated. Please use |
|
1353 directory environments instead. If you need to use something other than the |
|
1354 default modulepath of `<ACTIVE ENVIRONMENT'S MODULES DIR>:$basemodulepath`, |
|
1355 you can set `modulepath` in environment.conf. For more info, see |
|
1356 http://docs.puppetlabs.com/puppet/latest/reference/environments.html |
|
1357 </loctext> |
|
1358 </description> |
|
1359 </prop_pattern> |
|
1360 <prop_pattern required="false" type="astring" name="name"> |
|
1361 <description> |
|
1362 <loctext xml:lang="C"> |
|
1363 The name of the application, if we are running as one. The |
|
1364 default is essentially $0 without the path or `.rb`. |
|
1365 </loctext> |
|
1366 </description> |
|
1367 </prop_pattern> |
|
1368 <prop_pattern required="false" type="astring" name="node_cache_terminus"> |
|
1369 <description> |
|
1370 <loctext xml:lang="C"> |
|
1371 How to store cached nodes. |
|
1372 Valid values are (none), 'json', 'msgpack', 'yaml' or write only yaml ('write_only_yaml'). |
|
1373 The master application defaults to 'write_only_yaml', all others to none. |
|
1374 </loctext> |
|
1375 </description> |
|
1376 </prop_pattern> |
|
1377 <prop_pattern required="false" type="astring" name="node_name"> |
|
1378 <description> |
|
1379 <loctext xml:lang="C"> |
|
1380 How the puppet master determines the client's identity |
|
1381 and sets the 'hostname', 'fqdn' and 'domain' facts for use in the manifest, |
|
1382 in particular for determining which 'node' statement applies to the client. |
|
1383 Possible values are 'cert' (use the subject's CN in the client's |
|
1384 certificate) and 'facter' (use the hostname that the client |
|
1385 reported in its facts) |
|
1386 </loctext> |
|
1387 </description> |
|
1388 </prop_pattern> |
|
1389 <prop_pattern required="false" type="astring" name="node_name_fact"> |
|
1390 <description> |
|
1391 <loctext xml:lang="C"> |
|
1392 The fact name used to determine the node name used for all requests the agent |
|
1393 makes to the master. WARNING: This setting is mutually exclusive with |
|
1394 node_name_value. Changing this setting also requires changes to the default |
|
1395 auth.conf configuration on the Puppet Master. Please see |
|
1396 http://links.puppetlabs.com/node_name_fact for more information. |
|
1397 </loctext> |
|
1398 </description> |
|
1399 </prop_pattern> |
|
1400 <prop_pattern required="false" type="astring" name="node_name_value"> |
|
1401 <description> |
|
1402 <loctext xml:lang="C"> |
|
1403 The explicit value used for the node name for all requests the agent |
|
1404 makes to the master. WARNING: This setting is mutually exclusive with |
|
1405 node_name_fact. Changing this setting also requires changes to the default |
|
1406 auth.conf configuration on the Puppet Master. Please see |
|
1407 http://links.puppetlabs.com/node_name_value for more information. |
|
1408 </loctext> |
|
1409 </description> |
|
1410 </prop_pattern> |
|
1411 <prop_pattern required="false" type="astring" name="node_terminus"> |
|
1412 <description> |
|
1413 <loctext xml:lang="C"> |
|
1414 Where to find information about nodes. |
|
1415 </loctext> |
|
1416 </description> |
|
1417 </prop_pattern> |
|
1418 <prop_pattern required="false" type="boolean" name="noop"> |
|
1419 <description> |
|
1420 <loctext xml:lang="C"> |
|
1421 Whether to apply catalogs in noop mode, which allows Puppet to |
|
1422 partially simulate a normal run. This setting affects puppet agent and |
|
1423 puppet apply. |
|
1424 |
|
1425 When running in noop mode, Puppet will check whether each resource is in sync, |
|
1426 like it does when running normally. However, if a resource attribute is not in |
|
1427 the desired state (as declared in the catalog), Puppet will take no |
|
1428 action, and will instead report the changes it _would_ have made. These |
|
1429 simulated changes will appear in the report sent to the puppet master, or |
|
1430 be shown on the console if running puppet agent or puppet apply in the |
|
1431 foreground. The simulated changes will not send refresh events to any |
|
1432 subscribing or notified resources, although Puppet will log that a refresh |
|
1433 event _would_ have been sent. |
|
1434 |
|
1435 **Important note:** |
|
1436 noop) |
|
1437 allows you to apply individual resources in noop mode, and will override |
|
1438 the global value of the `noop` setting. This means a resource with |
|
1439 `noop => false` _will_ be changed if necessary, even when running puppet |
|
1440 agent with `noop = true` or `--noop`. (Conversely, a resource with |
|
1441 `noop => true` will only be simulated, even when noop mode is globally disabled.) |
|
1442 </loctext> |
|
1443 </description> |
|
1444 </prop_pattern> |
|
1445 <prop_pattern required="false" type="boolean" name="onetime"> |
|
1446 <description> |
|
1447 <loctext xml:lang="C"> |
|
1448 Perform one configuration run and exit, rather than spawning a long-running |
|
1449 daemon. This is useful for interactively running puppet agent, or |
|
1450 running puppet agent from cron. |
|
1451 </loctext> |
|
1452 </description> |
|
1453 </prop_pattern> |
|
1454 <prop_pattern required="false" type="astring" name="ordering"> |
|
1455 <description> |
|
1456 <loctext xml:lang="C"> |
|
1457 How unrelated resources should be ordered when applying a catalog. |
|
1458 Allowed values are `title-hash`, `manifest`, and `random`. This |
|
1459 setting affects puppet agent and puppet apply, but not puppet master. |
|
1460 |
|
1461 * `title-hash` (the default) will order resources randomly, but will use |
|
1462 the same order across runs and across nodes. |
|
1463 * `manifest` will use the order in which the resources were declared in |
|
1464 their manifest files. |
|
1465 * `random` will order resources randomly and change their order with each |
|
1466 run. This can work like a fuzzer for shaking out undeclared dependencies. |
|
1467 |
|
1468 Regardless of this setting's value, Puppet will always obey explicit |
|
1469 dependencies set with the before/require/notify/subscribe metaparameters |
|
1470 and the `->`/`~>` chaining arrows; this setting only affects the relative |
|
1471 ordering of _unrelated_ resources. |
|
1472 </loctext> |
|
1473 </description> |
|
1474 </prop_pattern> |
|
1475 <prop_pattern required="false" type="astring" name="parser"> |
|
1476 <description> |
|
1477 <loctext xml:lang="C"> |
|
1478 Selects the parser to use for parsing puppet manifests (in puppet DSL |
|
1479 language/'.pp' files). Available choices are `current` (the default) |
|
1480 and `future`. |
|
1481 |
|
1482 The `curent` parser means that the released version of the parser should |
|
1483 be used. |
|
1484 |
|
1485 The `future` parser is a "time travel to the future" allowing early |
|
1486 exposure to new language features. What these features are will vary from |
|
1487 release to release and they may be invididually configurable. |
|
1488 |
|
1489 Available Since Puppet 3.2. |
|
1490 </loctext> |
|
1491 </description> |
|
1492 </prop_pattern> |
|
1493 <prop_pattern required="false" type="astring" name="passfile"> |
|
1494 <description> |
|
1495 <loctext xml:lang="C"> |
|
1496 Where puppet agent stores the password for its private key. |
|
1497 Generally unused. |
|
1498 </loctext> |
|
1499 </description> |
|
1500 </prop_pattern> |
|
1501 <prop_pattern required="false" type="astring" name="path"> |
|
1502 <description> |
|
1503 <loctext xml:lang="C"> |
|
1504 The shell search path. Defaults to whatever is inherited |
|
1505 from the parent process. |
|
1506 </loctext> |
|
1507 </description> |
|
1508 </prop_pattern> |
|
1509 <prop_pattern required="false" type="astring" name="pidfile"> |
|
1510 <description> |
|
1511 <loctext xml:lang="C"> |
|
1512 The file containing the PID of a running process. |
|
1513 This file is intended to be used by service management frameworks |
|
1514 and monitoring systems to determine if a puppet process is still in |
|
1515 the process table. |
|
1516 </loctext> |
|
1517 </description> |
|
1518 </prop_pattern> |
|
1519 <prop_pattern required="false" type="astring" name="plugindest"> |
|
1520 <description> |
|
1521 <loctext xml:lang="C"> |
|
1522 Where Puppet should store plugins that it pulls down from the central |
|
1523 server. |
|
1524 </loctext> |
|
1525 </description> |
|
1526 </prop_pattern> |
|
1527 <prop_pattern required="false" type="astring" name="pluginfactdest"> |
|
1528 <description> |
|
1529 <loctext xml:lang="C"> |
|
1530 Where Puppet should store external facts that are being handled by pluginsync |
|
1531 </loctext> |
|
1532 </description> |
|
1533 </prop_pattern> |
|
1534 <prop_pattern required="false" type="astring" name="pluginfactsource"> |
|
1535 <description> |
|
1536 <loctext xml:lang="C"> |
|
1537 Where to retrieve external facts for pluginsync |
|
1538 </loctext> |
|
1539 </description> |
|
1540 </prop_pattern> |
|
1541 <prop_pattern required="false" type="astring" name="pluginsignore"> |
|
1542 <description> |
|
1543 <loctext xml:lang="C"> |
|
1544 What files to ignore when pulling down plugins. |
|
1545 </loctext> |
|
1546 </description> |
|
1547 </prop_pattern> |
|
1548 <prop_pattern required="false" type="astring" name="pluginsource"> |
|
1549 <description> |
|
1550 <loctext xml:lang="C"> |
|
1551 From where to retrieve plugins. The standard Puppet `file` type |
|
1552 is used for retrieval, so anything that is a valid file source can |
|
1553 be used here. |
|
1554 </loctext> |
|
1555 </description> |
|
1556 </prop_pattern> |
|
1557 <prop_pattern required="false" type="boolean" name="pluginsync"> |
|
1558 <description> |
|
1559 <loctext xml:lang="C"> |
|
1560 Whether plugins should be synced with the central server. |
|
1561 </loctext> |
|
1562 </description> |
|
1563 </prop_pattern> |
|
1564 <prop_pattern required="false" type="astring" name="postrun_command"> |
|
1565 <description> |
|
1566 <loctext xml:lang="C"> |
|
1567 A command to run after every agent run. If this command returns a non-zero |
|
1568 return code, the entire Puppet run will be considered to have failed, even though it might have |
|
1569 performed work during the normal run. |
|
1570 </loctext> |
|
1571 </description> |
|
1572 </prop_pattern> |
|
1573 <prop_pattern required="false" type="astring" name="preferred_serialization_format"> |
|
1574 <description> |
|
1575 <loctext xml:lang="C"> |
|
1576 The preferred means of serializing |
|
1577 ruby instances for passing over the wire. This won't guarantee that all |
|
1578 instances will be serialized using this method, since not all classes |
|
1579 can be guaranteed to support this format, but it will be used for all |
|
1580 classes that support it. |
|
1581 </loctext> |
|
1582 </description> |
|
1583 </prop_pattern> |
|
1584 <prop_pattern required="false" type="astring" name="prerun_command"> |
|
1585 <description> |
|
1586 <loctext xml:lang="C"> |
|
1587 A command to run before every agent run. If this command returns a non-zero |
|
1588 return code, the entire Puppet run will fail. |
|
1589 </loctext> |
|
1590 </description> |
|
1591 </prop_pattern> |
|
1592 <prop_pattern required="false" type="astring" name="priority"> |
|
1593 <description> |
|
1594 <loctext xml:lang="C"> |
|
1595 The scheduling priority of the process. Valid values are 'high', |
|
1596 'normal', 'low', or 'idle', which are mapped to platform-specific |
|
1597 values. The priority can also be specified as an integer value and |
|
1598 will be passed as is, e.g. -5. Puppet must be running as a privileged |
|
1599 user in order to increase scheduling priority. |
|
1600 </loctext> |
|
1601 </description> |
|
1602 </prop_pattern> |
|
1603 <prop_pattern required="false" type="astring" name="privatedir"> |
|
1604 <description> |
|
1605 <loctext xml:lang="C"> |
|
1606 Where the client stores private certificate information. |
|
1607 </loctext> |
|
1608 </description> |
|
1609 </prop_pattern> |
|
1610 <prop_pattern required="false" type="astring" name="privatekeydir"> |
|
1611 <description> |
|
1612 <loctext xml:lang="C"> |
|
1613 The private key directory. |
|
1614 </loctext> |
|
1615 </description> |
|
1616 </prop_pattern> |
|
1617 <prop_pattern required="false" type="boolean" name="profile"> |
|
1618 <description> |
|
1619 <loctext xml:lang="C"> |
|
1620 Whether to enable experimental performance profiling |
|
1621 </loctext> |
|
1622 </description> |
|
1623 </prop_pattern> |
|
1624 <prop_pattern required="false" type="astring" name="publickeydir"> |
|
1625 <description> |
|
1626 <loctext xml:lang="C"> |
|
1627 The public key directory. |
|
1628 </loctext> |
|
1629 </description> |
|
1630 </prop_pattern> |
|
1631 <prop_pattern required="false" type="astring" name="puppetdlog"> |
|
1632 <description> |
|
1633 <loctext xml:lang="C"> |
|
1634 The log file for puppet agent. This is generally not used. |
|
1635 </loctext> |
|
1636 </description> |
|
1637 </prop_pattern> |
|
1638 <prop_pattern required="false" type="integer" name="puppetport"> |
|
1639 <description> |
|
1640 <loctext xml:lang="C"> |
|
1641 Which port puppet agent listens on. |
|
1642 </loctext> |
|
1643 </description> |
|
1644 </prop_pattern> |
|
1645 <prop_pattern required="false" type="uri" name="queue_source"> |
|
1646 <description> |
|
1647 <loctext xml:lang="C"> |
|
1648 Which type of queue to use for asynchronous processing. If your stomp server requires |
|
1649 authentication, you can include it in the URI as long as your stomp client library is at least 1.1.1 |
|
1650 </loctext> |
|
1651 </description> |
|
1652 </prop_pattern> |
|
1653 <prop_pattern required="false" type="astring" name="queue_type"> |
|
1654 <description> |
|
1655 <loctext xml:lang="C"> |
|
1656 Which type of queue to use for asynchronous processing. |
|
1657 </loctext> |
|
1658 </description> |
|
1659 </prop_pattern> |
|
1660 <prop_pattern required="false" type="astring" name="rails_loglevel"> |
|
1661 <description> |
|
1662 <loctext xml:lang="C"> |
|
1663 The log level for Rails connections. The value must be |
|
1664 a valid log level within Rails. Production environments normally use `info` |
|
1665 and other environments normally use `debug`. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
1666 </loctext> |
|
1667 </description> |
|
1668 </prop_pattern> |
|
1669 <prop_pattern required="false" type="astring" name="railslog"> |
|
1670 <description> |
|
1671 <loctext xml:lang="C"> |
|
1672 Where Rails-specific logs are sent. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated. |
|
1673 </loctext> |
|
1674 </description> |
|
1675 </prop_pattern> |
|
1676 <prop_pattern required="false" type="boolean" name="report"> |
|
1677 <description> |
|
1678 <loctext xml:lang="C"> |
|
1679 Whether to send reports after every transaction. |
|
1680 </loctext> |
|
1681 </description> |
|
1682 </prop_pattern> |
|
1683 <prop_pattern required="false" type="integer" name="report_port"> |
|
1684 <description> |
|
1685 <loctext xml:lang="C"> |
|
1686 The port to communicate with the report_server. |
|
1687 </loctext> |
|
1688 </description> |
|
1689 </prop_pattern> |
|
1690 <prop_pattern required="false" type="astring" name="report_serialization_format"> |
|
1691 <description> |
|
1692 <loctext xml:lang="C"> |
|
1693 The serialization format to use when sending reports to the |
|
1694 `report_server`. Possible values are `pson` and `yaml`. This setting |
|
1695 affects puppet agent, but not puppet apply (which processes its own |
|
1696 reports). |
|
1697 |
|
1698 This should almost always be set to `pson`. It can be temporarily set to |
|
1699 `yaml` to let agents using this Puppet version connect to a puppet master |
|
1700 running Puppet 3.0.0 through 3.2.x. |
|
1701 |
|
1702 Note that this is set to 'yaml' automatically if the agent detects an |
|
1703 older master, so should never need to be set explicitly. |
|
1704 </loctext> |
|
1705 </description> |
|
1706 </prop_pattern> |
|
1707 <prop_pattern required="false" type="host" name="report_server"> |
|
1708 <description> |
|
1709 <loctext xml:lang="C"> |
|
1710 The server to send transaction reports to. |
|
1711 </loctext> |
|
1712 </description> |
|
1713 </prop_pattern> |
|
1714 <prop_pattern required="false" type="astring" name="reportdir"> |
|
1715 <description> |
|
1716 <loctext xml:lang="C"> |
|
1717 The directory in which to store reports. Each node gets |
|
1718 a separate subdirectory in this directory. This setting is only |
|
1719 used when the `store` report processor is enabled (see the |
|
1720 `reports` setting). |
|
1721 </loctext> |
|
1722 </description> |
|
1723 </prop_pattern> |
|
1724 <prop_pattern required="false" type="astring" name="reportfrom"> |
|
1725 <description> |
|
1726 <loctext xml:lang="C"> |
|
1727 The 'from' email address for the reports. |
|
1728 </loctext> |
|
1729 </description> |
|
1730 </prop_pattern> |
|
1731 <prop_pattern required="false" type="astring" name="reports"> |
|
1732 <description> |
|
1733 <loctext xml:lang="C"> |
|
1734 The list of report handlers to use. When using multiple report handlers, |
|
1735 their names should be comma-separated, with whitespace allowed. (For example, |
|
1736 `reports = http, tagmail`.) |
|
1737 |
|
1738 This setting is relevant to puppet master and puppet apply. The puppet |
|
1739 master will call these report handlers with the reports it receives from |
|
1740 agent nodes, and puppet apply will call them with its own report. (In |
|
1741 all cases, the node applying the catalog must have `report = true`.) |
|
1742 |
|
1743 See the report reference for information on the built-in report |
|
1744 handlers; custom report handlers can also be loaded from modules. |
|
1745 (Report handlers are loaded from the lib directory, at |
|
1746 `puppet/reports/NAME.rb`.) |
|
1747 </loctext> |
|
1748 </description> |
|
1749 </prop_pattern> |
|
1750 <prop_pattern required="false" type="uri" name="reporturl"> |
|
1751 <description> |
|
1752 <loctext xml:lang="C"> |
|
1753 The URL that reports should be forwarded to. This setting |
|
1754 is only used when the `http` report processor is enabled (see the |
|
1755 `reports` setting). |
|
1756 </loctext> |
|
1757 </description> |
|
1758 </prop_pattern> |
|
1759 <prop_pattern required="false" type="integer" name="req_bits"> |
|
1760 <description> |
|
1761 <loctext xml:lang="C"> |
|
1762 The bit length of the certificates. |
|
1763 </loctext> |
|
1764 </description> |
|
1765 </prop_pattern> |
|
1766 <prop_pattern required="false" type="astring" name="requestdir"> |
|
1767 <description> |
|
1768 <loctext xml:lang="C"> |
|
1769 Where host certificate requests are stored. |
|
1770 </loctext> |
|
1771 </description> |
|
1772 </prop_pattern> |
|
1773 <prop_pattern required="false" type="astring" name="resourcefile"> |
|
1774 <description> |
|
1775 <loctext xml:lang="C"> |
|
1776 The file in which puppet agent stores a list of the resources |
|
1777 associated with the retrieved configuration. |
|
1778 </loctext> |
|
1779 </description> |
|
1780 </prop_pattern> |
|
1781 <prop_pattern required="false" type="astring" name="rest_authconfig"> |
|
1782 <description> |
|
1783 <loctext xml:lang="C"> |
|
1784 The configuration file that defines the rights to the different |
|
1785 rest indirections. This can be used as a fine-grained |
|
1786 authorization system for `puppet master`. |
|
1787 </loctext> |
|
1788 </description> |
|
1789 </prop_pattern> |
|
1790 <prop_pattern required="false" type="astring" name="route_file"> |
|
1791 <description> |
|
1792 <loctext xml:lang="C"> |
|
1793 The YAML file containing indirector route configuration. |
|
1794 </loctext> |
|
1795 </description> |
|
1796 </prop_pattern> |
|
1797 <prop_pattern required="false" type="astring" name="rrddir"> |
|
1798 <description> |
|
1799 <loctext xml:lang="C"> |
|
1800 The directory where RRD database files are stored. |
|
1801 Directories for each reporting host will be created under |
|
1802 this directory. |
|
1803 </loctext> |
|
1804 </description> |
|
1805 </prop_pattern> |
|
1806 <prop_pattern required="false" type="integer" name="rrdinterval"> |
|
1807 <description> |
|
1808 <loctext xml:lang="C"> |
|
1809 How often RRD should expect data. |
|
1810 This should match how often the hosts report back to the server. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
1811 </loctext> |
|
1812 </description> |
|
1813 </prop_pattern> |
|
1814 <prop_pattern required="false" type="astring" name="rundir"> |
|
1815 <description> |
|
1816 <loctext xml:lang="C"> |
|
1817 Where Puppet PID files are kept. |
|
1818 </loctext> |
|
1819 </description> |
|
1820 </prop_pattern> |
|
1821 <prop_pattern required="false" type="integer" name="runinterval"> |
|
1822 <description> |
|
1823 <loctext xml:lang="C"> |
|
1824 How often puppet agent applies the catalog. |
|
1825 Note that a runinterval of 0 means "run continuously" rather than |
|
1826 "never run." If you want puppet agent to never run, you should start |
|
1827 it with the `--no-client` option. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
1828 </loctext> |
|
1829 </description> |
|
1830 </prop_pattern> |
|
1831 <prop_pattern required="false" type="astring" name="sendmail"> |
|
1832 <description> |
|
1833 <loctext xml:lang="C"> |
|
1834 Where to find the sendmail binary with which to send email. |
|
1835 </loctext> |
|
1836 </description> |
|
1837 </prop_pattern> |
|
1838 <prop_pattern required="false" type="astring" name="serial"> |
|
1839 <description> |
|
1840 <loctext xml:lang="C"> |
|
1841 Where the serial number for certificates is stored. |
|
1842 </loctext> |
|
1843 </description> |
|
1844 </prop_pattern> |
|
1845 <prop_pattern required="false" type="host" name="server"> |
|
1846 <description> |
|
1847 <loctext xml:lang="C"> |
|
1848 The puppet master server to which the puppet agent should connect. |
|
1849 </loctext> |
|
1850 </description> |
|
1851 </prop_pattern> |
|
1852 <prop_pattern required="false" type="astring" name="server_datadir"> |
|
1853 <description> |
|
1854 <loctext xml:lang="C"> |
|
1855 The directory in which serialized data is stored, usually in a subdirectory. |
|
1856 </loctext> |
|
1857 </description> |
|
1858 </prop_pattern> |
|
1859 <prop_pattern required="false" type="boolean" name="show_diff"> |
|
1860 <description> |
|
1861 <loctext xml:lang="C"> |
|
1862 Whether to log and report a contextual diff when files are being replaced. |
|
1863 This causes partial file contents to pass through Puppet's normal |
|
1864 logging and reporting system, so this setting should be used with |
|
1865 caution if you are sending Puppet's reports to an insecure |
|
1866 destination. This feature currently requires the `diff/lcs` Ruby |
|
1867 library. |
|
1868 </loctext> |
|
1869 </description> |
|
1870 </prop_pattern> |
|
1871 <prop_pattern required="false" type="astring" name="signeddir"> |
|
1872 <description> |
|
1873 <loctext xml:lang="C"> |
|
1874 Where the CA stores signed certificates. |
|
1875 </loctext> |
|
1876 </description> |
|
1877 </prop_pattern> |
|
1878 <prop_pattern required="false" type="astring" name="smtphelo"> |
|
1879 <description> |
|
1880 <loctext xml:lang="C"> |
|
1881 The name by which we identify ourselves in SMTP HELO for reports. |
|
1882 If you send to a smtpserver which does strict HELO checking (as with Postfix's |
|
1883 `smtpd_helo_restrictions` access controls), you may need to ensure this resolves. |
|
1884 </loctext> |
|
1885 </description> |
|
1886 </prop_pattern> |
|
1887 <prop_pattern required="false" type="integer" name="smtpport"> |
|
1888 <description> |
|
1889 <loctext xml:lang="C"> |
|
1890 The TCP port through which to send email reports. |
|
1891 </loctext> |
|
1892 </description> |
|
1893 </prop_pattern> |
|
1894 <prop_pattern required="false" type="host" name="smtpserver"> |
|
1895 <description> |
|
1896 <loctext xml:lang="C"> |
|
1897 The server through which to send email reports. |
|
1898 </loctext> |
|
1899 </description> |
|
1900 </prop_pattern> |
|
1901 <prop_pattern required="false" type="boolean" name="splay"> |
|
1902 <description> |
|
1903 <loctext xml:lang="C"> |
|
1904 Whether to sleep for a pseudo-random (but consistent) amount of time before |
|
1905 a run. |
|
1906 </loctext> |
|
1907 </description> |
|
1908 </prop_pattern> |
|
1909 <prop_pattern required="false" type="integer" name="splaylimit"> |
|
1910 <description> |
|
1911 <loctext xml:lang="C"> |
|
1912 The maximum time to delay before runs. Defaults to being the same as the |
|
1913 run interval. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
1914 </loctext> |
|
1915 </description> |
|
1916 </prop_pattern> |
|
1917 <prop_pattern required="false" type="host" name="srv_domain"> |
|
1918 <description> |
|
1919 <loctext xml:lang="C"> |
|
1920 The domain which will be queried to find the SRV records of servers to use. |
|
1921 </loctext> |
|
1922 </description> |
|
1923 </prop_pattern> |
|
1924 <prop_pattern required="false" type="astring" name="ssl_client_ca_auth"> |
|
1925 <description> |
|
1926 <loctext xml:lang="C"> |
|
1927 Certificate authorities who issue server certificates. SSL servers will not be |
|
1928 considered authentic unless they possess a certificate issued by an authority |
|
1929 listed in this file. If this setting has no value then the Puppet master's CA |
|
1930 certificate (localcacert) will be used. |
|
1931 </loctext> |
|
1932 </description> |
|
1933 </prop_pattern> |
|
1934 <prop_pattern required="false" type="astring" name="ssl_client_header"> |
|
1935 <description> |
|
1936 <loctext xml:lang="C"> |
|
1937 The header containing an authenticated client's SSL DN. |
|
1938 This header must be set by the proxy to the authenticated client's SSL |
|
1939 DN (e.g., `/CN=puppet.puppetlabs.com`). Puppet will parse out the Common |
|
1940 Name (CN) from the Distinguished Name (DN) and use the value of the CN |
|
1941 field for authorization. |
|
1942 |
|
1943 Note that the name of the HTTP header gets munged by the web server |
|
1944 common gateway inteface: an `HTTP_` prefix is added, dashes are converted |
|
1945 to underscores, and all letters are uppercased. Thus, to use the |
|
1946 `X-Client-DN` header, this setting should be `HTTP_X_CLIENT_DN`. |
|
1947 </loctext> |
|
1948 </description> |
|
1949 </prop_pattern> |
|
1950 <prop_pattern required="false" type="astring" name="ssl_client_verify_header"> |
|
1951 <description> |
|
1952 <loctext xml:lang="C"> |
|
1953 The header containing the status message of the client |
|
1954 verification. This header must be set by the proxy to 'SUCCESS' if the |
|
1955 client successfully authenticated, and anything else otherwise. |
|
1956 |
|
1957 Note that the name of the HTTP header gets munged by the web server |
|
1958 common gateway inteface: an `HTTP_` prefix is added, dashes are converted |
|
1959 to underscores, and all letters are uppercased. Thus, to use the |
|
1960 `X-Client-Verify` header, this setting should be |
|
1961 `HTTP_X_CLIENT_VERIFY`. |
|
1962 </loctext> |
|
1963 </description> |
|
1964 </prop_pattern> |
|
1965 <prop_pattern required="false" type="astring" name="ssl_server_ca_auth"> |
|
1966 <description> |
|
1967 <loctext xml:lang="C"> |
|
1968 Certificate authorities who issue client certificates. SSL clients will not be |
|
1969 considered authentic unless they possess a certificate issued by an authority |
|
1970 listed in this file. If this setting has no value then the Puppet master's CA |
|
1971 certificate (localcacert) will be used. |
|
1972 </loctext> |
|
1973 </description> |
|
1974 </prop_pattern> |
|
1975 <prop_pattern required="false" type="astring" name="ssldir"> |
|
1976 <description> |
|
1977 <loctext xml:lang="C"> |
|
1978 Where SSL certificates are kept. |
|
1979 </loctext> |
|
1980 </description> |
|
1981 </prop_pattern> |
|
1982 <prop_pattern required="false" type="astring" name="statedir"> |
|
1983 <description> |
|
1984 <loctext xml:lang="C"> |
|
1985 The directory where Puppet state is stored. Generally, |
|
1986 this directory can be removed without causing harm (although it |
|
1987 might result in spurious service restarts). |
|
1988 </loctext> |
|
1989 </description> |
|
1990 </prop_pattern> |
|
1991 <prop_pattern required="false" type="astring" name="statefile"> |
|
1992 <description> |
|
1993 <loctext xml:lang="C"> |
|
1994 Where puppet agent and puppet master store state associated |
|
1995 with the running configuration. In the case of puppet master, |
|
1996 this file reflects the state discovered through interacting |
|
1997 with clients. |
|
1998 </loctext> |
|
1999 </description> |
|
2000 </prop_pattern> |
|
2001 <prop_pattern required="false" type="boolean" name="storeconfigs"> |
|
2002 <description> |
|
2003 <loctext xml:lang="C"> |
|
2004 Whether to store each client's configuration, including catalogs, facts, |
|
2005 and related data. This also enables the import and export of resources in |
|
2006 the Puppet language - a mechanism for exchange resources between nodes. |
|
2007 |
|
2008 By default this uses ActiveRecord and an SQL database to store and query |
|
2009 the data; this, in turn, will depend on Rails being available. |
|
2010 |
|
2011 You can adjust the backend using the storeconfigs_backend setting. |
|
2012 </loctext> |
|
2013 </description> |
|
2014 </prop_pattern> |
|
2015 <prop_pattern required="false" type="astring" name="storeconfigs_backend"> |
|
2016 <description> |
|
2017 <loctext xml:lang="C"> |
|
2018 Configure the backend terminus used for StoreConfigs. |
|
2019 By default, this uses the ActiveRecord store, which directly talks to the |
|
2020 database from within the Puppet Master process. |
|
2021 </loctext> |
|
2022 </description> |
|
2023 </prop_pattern> |
|
2024 <prop_pattern required="false" type="boolean" name="strict_hostname_checking"> |
|
2025 <description> |
|
2026 <loctext xml:lang="C"> |
|
2027 Whether to only search for the complete |
|
2028 hostname as it is in the certificate when searching for node information |
|
2029 in the catalogs. |
|
2030 </loctext> |
|
2031 </description> |
|
2032 </prop_pattern> |
|
2033 <prop_pattern required="false" type="boolean" name="strict_variables"> |
|
2034 <description> |
|
2035 <loctext xml:lang="C"> |
|
2036 Makes the parser raise errors when referencing unknown variables. (This does not affect |
|
2037 referencing variables that are explicitly set to undef). |
|
2038 </loctext> |
|
2039 </description> |
|
2040 </prop_pattern> |
|
2041 <prop_pattern required="false" type="boolean" name="stringify_facts"> |
|
2042 <description> |
|
2043 <loctext xml:lang="C"> |
|
2044 to_s. Means you can't have arrays or |
|
2045 hashes as fact values. |
|
2046 </loctext> |
|
2047 </description> |
|
2048 </prop_pattern> |
|
2049 <prop_pattern required="false" type="boolean" name="summarize"> |
|
2050 <description> |
|
2051 <loctext xml:lang="C"> |
|
2052 Whether to print a transaction summary. |
|
2053 </loctext> |
|
2054 </description> |
|
2055 </prop_pattern> |
|
2056 <prop_pattern required="false" type="astring" name="syslogfacility"> |
|
2057 <description> |
|
2058 <loctext xml:lang="C"> |
|
2059 What syslog facility to use when logging to syslog. |
|
2060 Syslog has a fixed list of valid facilities, and you must |
|
2061 choose one of those; you cannot just make one up. |
|
2062 </loctext> |
|
2063 </description> |
|
2064 </prop_pattern> |
|
2065 <prop_pattern required="false" type="astring" name="tagmap"> |
|
2066 <description> |
|
2067 <loctext xml:lang="C"> |
|
2068 The mapping between reporting tags and email addresses. |
|
2069 </loctext> |
|
2070 </description> |
|
2071 </prop_pattern> |
|
2072 <prop_pattern required="false" type="astring" name="tags"> |
|
2073 <description> |
|
2074 <loctext xml:lang="C"> |
|
2075 Tags to use to find resources. If this is set, then |
|
2076 only resources tagged with the specified tags will be applied. |
|
2077 Values must be comma-separated. |
|
2078 </loctext> |
|
2079 </description> |
|
2080 </prop_pattern> |
|
2081 <prop_pattern required="false" type="astring" name="templatedir"> |
|
2082 <description> |
|
2083 <loctext xml:lang="C"> |
|
2084 Where Puppet looks for template files. Can be a list of colon-separated |
|
2085 directories. |
|
2086 |
|
2087 This setting is deprecated. Please put your templates in modules instead. |
|
2088 </loctext> |
|
2089 </description> |
|
2090 </prop_pattern> |
|
2091 <prop_pattern required="false" type="boolean" name="thin_storeconfigs"> |
|
2092 <description> |
|
2093 <loctext xml:lang="C"> |
|
2094 Boolean; whether Puppet should store only facts and exported resources in the storeconfigs |
|
2095 database. This will improve the performance of exported resources with the older |
|
2096 `active_record` backend, but will disable external tools that search the storeconfigs database. |
|
2097 Thinning catalogs is generally unnecessary when using PuppetDB to store catalogs. |
|
2098 </loctext> |
|
2099 </description> |
|
2100 </prop_pattern> |
|
2101 <prop_pattern required="false" type="boolean" name="trace"> |
|
2102 <description> |
|
2103 <loctext xml:lang="C"> |
|
2104 Whether to print stack traces on some errors |
|
2105 </loctext> |
|
2106 </description> |
|
2107 </prop_pattern> |
|
2108 <prop_pattern required="false" type="boolean" name="trusted_node_data"> |
|
2109 <description> |
|
2110 <loctext xml:lang="C"> |
|
2111 Stores trusted node data in a hash called $trusted. |
|
2112 When true also prevents $trusted from being overridden in any scope. |
|
2113 </loctext> |
|
2114 </description> |
|
2115 </prop_pattern> |
|
2116 <prop_pattern required="false" type="boolean" name="use_cached_catalog"> |
|
2117 <description> |
|
2118 <loctext xml:lang="C"> |
|
2119 Whether to only use the cached catalog rather than compiling a new catalog |
|
2120 on every run. Puppet can be run with this enabled by default and then selectively |
|
2121 disabled when a recompile is desired. |
|
2122 </loctext> |
|
2123 </description> |
|
2124 </prop_pattern> |
|
2125 <prop_pattern required="false" type="boolean" name="use_srv_records"> |
|
2126 <description> |
|
2127 <loctext xml:lang="C"> |
|
2128 Whether the server will search for SRV records in DNS for the current domain. |
|
2129 </loctext> |
|
2130 </description> |
|
2131 </prop_pattern> |
|
2132 <prop_pattern required="false" type="boolean" name="usecacheonfailure"> |
|
2133 <description> |
|
2134 <loctext xml:lang="C"> |
|
2135 Whether to use the cached configuration when the remote |
|
2136 configuration will not compile. This option is useful for testing |
|
2137 new configurations, where you want to fix the broken configuration |
|
2138 rather than reverting to a known-good one. |
|
2139 </loctext> |
|
2140 </description> |
|
2141 </prop_pattern> |
|
2142 <prop_pattern required="false" type="astring" name="user"> |
|
2143 <description> |
|
2144 <loctext xml:lang="C"> |
|
2145 The user puppet master should run as. |
|
2146 </loctext> |
|
2147 </description> |
|
2148 </prop_pattern> |
|
2149 <prop_pattern required="false" type="astring" name="vardir"> |
|
2150 <description> |
|
2151 <loctext xml:lang="C"> |
|
2152 Where Puppet stores dynamic and growing data. The default for this |
|
2153 setting is calculated specially, like `confdir`_. |
|
2154 </loctext> |
|
2155 </description> |
|
2156 </prop_pattern> |
|
2157 <prop_pattern required="false" type="integer" name="waitforcert"> |
|
2158 <description> |
|
2159 <loctext xml:lang="C"> |
|
2160 How frequently puppet agent should ask for a signed certificate. |
|
2161 |
|
2162 When starting for the first time, puppet agent will submit a certificate |
|
2163 signing request (CSR) to the server named in the `ca_server` setting |
|
2164 (usually the puppet master); this may be autosigned, or may need to be |
|
2165 approved by a human, depending on the CA server's configuration. |
|
2166 |
|
2167 Puppet agent cannot apply configurations until its approved certificate is |
|
2168 available. Since the certificate may or may not be available immediately, |
|
2169 puppet agent will repeatedly try to fetch it at this interval. You can |
|
2170 turn off waiting for certificates by specifying a time of 0, in which case |
|
2171 puppet agent will exit if it cannot get a cert. |
|
2172 This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). |
|
2173 </loctext> |
|
2174 </description> |
|
2175 </prop_pattern> |
|
2176 <prop_pattern required="false" type="astring" name="yamldir"> |
|
2177 <description> |
|
2178 <loctext xml:lang="C"> |
|
2179 The directory in which YAML data is stored, usually in a subdirectory. |
|
2180 </loctext> |
|
2181 </description> |
|
2182 </prop_pattern> |
|
2183 <prop_pattern required="false" type="boolean" name="zlib"> |
|
2184 <description> |
|
2185 <loctext xml:lang="C"> |
|
2186 Boolean; whether to use the zlib library |
|
2187 </loctext> |
|
2188 </description> |
|
2189 </prop_pattern> |
|
2190 </pg_pattern> |
|
2191 </template> |
|
2192 </service> |
|
2193 </service_bundle> |
|