Console and console-services parameters

In the PE Console node group, these parameters customize the behavior of the console and the console-services service.

You can modify parameters that begin with puppet_enterprise::profile in the PE console.

puppet_enterprise::profile::console::activity_purge_interval

This configures the interval between purge operations in milliseconds.

Default: 1800000 (30 minutes).

puppet_enterprise::profile::console::activity_purge_limit

This configures the max number of activity entries each individual purge operation will attempt to delete.

Default: 200,000 (rows).

puppet_enterprise::profile::console::activity_purge_after

This configures the number of days after which data will start to be deleted.

Default: 395 (13 months).

puppet_enterprise::profile::console::classifier_synchronization_period

An integer representing, in seconds, the classifier synchronization period. This controls how long the node classifier can take to retrieve classes from the primary server.

Default: 600

puppet_enterprise::profile::console::ldap_sync_period_seconds

An integer specifying, in seconds, the interval at which LDAP user details and group membership associations are synchronized.

The default value is 1800 (30 minutes).

This synchronization refreshes the user details and group membership for every LDAP user in the system, regardless of the last time the user logged in. If a user is no longer present in LDAP, all user-group associations are removed from the user and all of the user's known tokens are revoked.

To disable automatic synchronization, set the value to 0 or a negative integer. When disabled, user details and group membership only refresh when the user logs in.

When enabled, various entries are recorded to console-services.log that indicate whether the service is enabled and when each synchronization event has completed.

puppet_enterprise::profile::console::ldap_cipher_suites

An array specifying the ciphers to use when establishing connections to configured LDAP servers.

Default: $puppet_enterprise::ssl_cipher_suites. This default value captures the array of ciphers specified by the puppet_enterprise::ssl_cipher_suites parameter. For information on ciphers you can use for console services, see Compatible ciphers.

puppet_enterprise::profile::console::rbac_failed_attempts_lockout

An integer specifying how many failed login attempts are allowed on an account before the account is revoked.

Default: 10

puppet_enterprise::profile::console::rbac_password_reset_expiration

An integer representing the number of hours that password reset tokens are valid.

An administrator generates these token for users to reset their passwords.

Default: 24

puppet_enterprise::profile::console::rbac_session_timeout

An integer representing, in minutes, how long a user's session can last.

The session length is the same for node classification, RBAC, and the console.

Default: 60

puppet_enterprise::profile::console::session_maximum_lifetime

A string representing how long a console session can last.

The value is formatted as a string consisting of a number and an optional suffix representing a unit of time: s (seconds), m (minutes), h (hours), d (days), or y (years).

Example: "1d" (one day)

If the suffix is omitted, the default unit of time is seconds.

A value of "0" sets an unlimited console session time.

To prevent console sessions from expiring before the maximum RBAC token lifetime, set this parameter to "0".

puppet_enterprise::profile::console::session_timeout_warning_seconds

An integer specifying, in seconds, the interval after the timeout warning message appears until the console session expires due to inactivity.

Default: 120

puppet_enterprise::profile::console::session_timeout_polling_frequency_seconds

An integer specifying, in seconds, the interval at which the UI polls the server to determine whether the user is active.

Default: 60

puppet_enterprise::profile::console::rbac_token_auth_lifetime

A string representing the default authentication lifetime for a token.

The value is formatted as a string consisting of a number followed by a suffix representing a unit of time: y (years), d (days), h (hours), m (minutes), or s (seconds).

This value cannot exceed the rbac_token_maximum_lifetime.

Default: "1h" (one hour)

puppet_enterprise::profile::console::rbac_token_maximum_lifetime

A string representing the maximum allowable lifetime for all tokens.

The value is formatted as a string consisting of a number followed by a suffix representing a unit of time: y (years), d (days), h (hours), m (minutes), or s (seconds).

Default: 10y (10 years)

puppet_enterprise::profile::console::console_ssl_listen_port

An integer representing the port that the console listens on.

Default: 443

puppet_enterprise::profile::console::ssl_listen_address

A string containing an IP address repesenting the console's NGINX listen address.

Default: "0.0.0.0"

puppet_enterprise::profile::console::classifier_prune_threshold

An integer representing the number of days to wait before pruning the node classifier database. The node classifier database contains node check-in history if classifier_node_check_in_storage is enabled.

Set the value to 0 to never prune the node classifier database.

Default: 7 (days), but only has data to prune if classifier_node_check_in_storage is true.

puppet_enterprise::profile::console::classifier_node_check_in_storage

A Boolean specifying whether to create records when nodes check in with the node classifier. These records describe how nodes match the node groups they're classified into.

Set to true to enable node check-in storage. Enabling this parameter is required to use Nodes check-in history endpoints.

Set to false to disable node check-in storage.

Default: false

puppet_enterprise::profile::console::display_local_time

A Boolean indicating whether to show timestamps in the local time or UTC.

Set to true to display timestamps in local time with hover text showing the equivalent UTC time.

Set to false to show timestamps in UTC time with no hover text.

Default: false

puppet_enterprise::profile::console::disclaimer_content_path

Specifies the location of the disclaimer.txt file containing disclaimer content that can appear on the console login page if you Create a custom login disclaimer.

Default: "/etc/puppetlabs/console-services"

You can also use the RBAC API Disclaimer endpoints to configure the disclaimer without needing to reference a specific file location on disk.

The parameters must be set in Hiera or pe.conf, not the console:

puppet_enterprise::api_port

An integer specifying the SSL port that the node classifier is served on.

Default: 4433

puppet_enterprise::console_services::no_longer_reporting_cutoff

Length of time, in seconds, before a node is considered unresponsive.

Default: 3600 (seconds)

For more information, refer to Node run statuses .

console_admin_password

The password to log into the console as the admin.

Example: "myconsolepassword"

Default: Specified during installation.

You can also Reset the console administrator password from the command line.

Related information