Configuration of both the Puppet master and the agents (nodes) is done with the same configuration file, puppet.conf
. This file is located in different directories, which depend on the version of Puppet that you are running—the open source version, or the commercial version, Puppet Enterprise. The different locations are summarized in the following table:
Operating system |
Open source version |
Puppet Enterprise |
---|---|---|
Linux/Mac OS X |
|
|
Windows* |
|
*Windows 2003 has a different location.
You may also override the name and location of this file with the config_file_name
and config
options respectively. The puppet.conf
configuration file uses the INI-style syntax, which consists of multiple sections. The [main]
section is used for settings that apply to both the master and the agent modes of Puppet. The [master]
section is for the settings that only affect the master, while the [agent]
section is used to specify settings that are specific to the agent.
Here is a sample puppet.conf
file:
[main] logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig
There are many more configuration options available. Puppet provides a utility for viewing all the available configuration options. To view all the available configuration options, use puppet config print
. To view the options for a specific section, add --section [section]
to the command, as shown in the following example in the agent
section:
t@mylaptop ~ $ puppet config print --section agent |sort |head -10 agent_catalog_run_lockfile = /home/thomas/.puppet/var/state/agent_catalog_run.lock agent_disabled_lockfile = /home/thomas/.puppet/var/state/agent_disabled.lock allow_duplicate_certs = false allow_variables_with_dashes = false always_cache_features = false archive_file_server = puppet archive_files = false async_storeconfigs = false autoflush = true autosign = /home/thomas/.puppet/autosign.conf
The important configuration options on the agent (when trying to troubleshoot) are those that are associated with communication with the master. By default, a node will look for a master named puppet
. This is actually specified by the server
option in the agent section. You can verify this setting with the following command:
t@mylaptop ~ $ puppet config print server --section agent puppet
Another important option is the port from which one should contact the master. By default, it is port 8140, but you can change this with the masterport
option. It is also possible to specify another server for the certificate (SSL) signing. This is specified by using the ca_server
option.
As mentioned previously, the node will use the certname
option to specify its own name when communicating with the master. When troubleshooting, it can be useful to specify a different certname
option for a node in order to force the generation of a new certificate. You may also find it useful to specify the certname
option with an appended domain, which is generally known as the
fully qualified domain name (FQDN) of the node.
In summary, when you are troubleshooting the communication between the nodes and the master, the following options are important in determining the servers that will be contacted and the names that will be used in the communication:
server
: This is the name of the master serverca_server
: This is the name of the CA servercertname
: This is the name of the node that has to be used in the certificatemasterport
: This is port 8140 by default
If you are new to the Puppet environment that you are troubleshooting, it is also useful to know the values of the following options:
config_file_name
: This ispuppet.conf
; this is rarely overriddenconfdir
: This is the directory containing the configuration files of Puppetconfig
: This is a combination ofconfdir/config_file_name
vardir
: This is a directory that contains variable files, and it has a value of/var/lib/puppet
by defaultssldir
: This is the directory that contains the SSL certificates, and it has a value of$vardir/ssl
by default