Puppet settings

Customize Puppet settings in the main configuration file, called puppet.conf.

When Puppet documentation mentions “settings,” it usually means the main settings. These are the settings that are listed in the configuration reference. They are valid in puppet.conf and available for use on the command line. These settings configure nearly all of Puppet’s core features.

However, there are also several additional configuration files — such as auth.conf and puppetdb.conf. These files exist for several reasons:

  • The main settings support only a few types of values. Some things just can’t be configured without complex data structures, so they needed separate files. (Authorization rules and custom CSR attributes are in this category.)

  • Puppet doesn’t allow extensions to add new settings to puppet.conf. This means some settings that are supposed to be main settings (such as the PuppetDB server) can’t be.

Puppet Server configuration

Puppet Server honors almost all settings in puppet.conf and picks them up automatically. However, for some tasks, such as configuring the webserver or an external Certificate Authority, there are Puppet Server-specific configuration files and settings.

For more information, see Puppet Server: Configuration.

Settings are loaded on startup

When a Puppet command or service starts up, it gets values for all of its settings. Any of these settings can change the way that command or service behaves.

A command or service reads its settings only one time. If you need to reconfigured it, you must restart the service or run the command again after changing the setting.

Settings on the command line

Settings specified on the command line have top priority and always override settings from the config file. When a command or service is started, you can specify any setting as a command line option.

Settings require two hyphens and the name of the setting on the command line: 

$ sudo puppet agent --test --noop --certname temporary-name.example.com

Basic settings

For most settings, you specify the option and follow it with a value. An equals sign between the two (=) is optional, and you can optionally put values in quotes.

All three of these are equivalent to setting certname = temporary-name.example.com in puppet.conf.

--certname=temporary-name.example.com
--certname temporary-name.example.com
--certname "temporary-name.example.com"

Boolean settings

Settings whose only valid values are true and false, use a shorter format. Specifying the option alone sets the setting to true. Prefixing the option with no- sets it to false.

This means:

  • --noop is equivalent to setting noop = true in puppet.conf.

  • --no-noop is equivalent to setting noop = false in puppet.conf.

Default values

If a setting isn’t specified on the command line or in puppet.conf, it falls back to a default value. Default values for all settings are listed in the configuration reference.

Some default values are based on other settings — when this is the case, the default is shown using the other setting as a variable (similar to $ssldir/certs).