Settings for primary servers

Many of these settings are also important for standalone Puppet apply nodes, because they act as their own primary server. These settings go in the [server] section, unless you’re using Puppet apply in production, in which case put them in the [main] section instead.

Basics

  • dns_alt_names — A list of hostnames the server is allowed to use when acting as a primary server. The hostname your agents use in their server setting must be included in either this setting or the primary server’s certname setting. Note that this setting is only used when initially generating the primary server’s certificate — if you need to change the DNS names, you must:

    1. Run:

      Copy 
      sudo puppetserver ca clean --certname <SERVER'S_CERTNAME>
    2. Turn off the Puppet Server service.

    3. Run:

      Copy 
      sudo puppetserver ca generate --certname <SERVER'S_CERTNAME> --subject-alt-names <ALT_NAME_1>,<ALT_NAME_2>,...

    4. Re-start the Puppet Server service.

  • environment_timeout — For better performance, you can set this to unlimited and make refreshing the primary server a part of your standard code deployment process.

  • environmentpath — Controls where Puppet finds directory environments. For more information on environments, see Creating environments.

  • basemodulepath — A list of directories containing Puppet modules that can be used in all environments. See modulepath for details.

  • reports — Which report handlers to use. For a list of available report handlers, see the report reference. You can also write your own report handlers. Note that the report handlers might require settings of their own.

  • digest_algorithm — To accept requests from older agents when using a remote filebucket, Puppet Server needs to specify digest_algorithm=md5.

Puppet Server related settings

Puppet Server has its own configuration files; consequently, there are several settings in puppet.conf that Puppet Server ignores.

  • puppet-admin — Settings to control which authorized clients can use the admin interface.

  • jruby-puppet — Provides details on tuning JRuby for better performance.

  • JAVA_ARGS — Instructions on tuning the Puppet Server memory allocation.

Extensions

These features configure add-ons and optional features:

  • node_terminus and external_nodes — The ENC settings. If you’re using an ENC, set these to exec and the path to your ENC script, respectively.

  • storeconfigs and storeconfigs_backend — Used for setting up PuppetDB. See the PuppetDB docs for details.

  • catalog_terminus — This can enable the optional static compiler. If you have lots of file resources in your manifests, the static compiler lets you sacrifice some extra CPU work on your primary server to gain faster configuration and reduced HTTPS traffic on your agents. See the indirection reference for details.

CA settings

  • ca_ttl — How long newly signed certificates are valid. Deprecated.

  • autosign — Whether and how to autosign certificates. See Autosigning for detailed information.

For more information on these settings, see the configuration reference.