PE ACE server configuration
The PE ACE server is a service that allows for tasks and catalogs to run against remote targets that can't run a Puppet agent, such as network switches and firewalls.
Bolt vs ACE: Orchestrator uses both ACE and Bolt to run tasks and plans. While both can act on
agentless targets, the primary difference is that Bolt server works with agentless nodes over WinRM or SSH, whereas ACE works with
agentless devices, like network switches and firewalls, over other
transports.
The ACE server is a Puma application that runs as a standalone service.
The server is configured in /etc/puppetlabs/ace-server/conf.d/ace-server.conf and managed in the
puppet_enterprise::profile::ace_server class,
which includes the parameters described in the following table:
| Setting | Type | Description | Default |
|---|---|---|---|
service_loglevel
|
String | Bolt log level. Acceptable
values are debug, info,
notice, warn, or
error. |
notice
|
concurrency
|
Integer | Maximum number of server threads. | $puppet_enterprise::ace_server_concurrency
|
master_host
|
String | URI that ACE can access the primary server on. |
Default: |
master_port
|
Integer | Port that ACE can access the primary server on. | $puppet_enterprise::puppet_master_port
|
hostcrl
|
String | The host CRL path | $puppet_enterprise::params::hostcrl
|
ssl_cipher_suites
|
Array of strings | TLS cipher suites in order of preference. | $puppet_enterprise::params::secure_ciphers
|
ssl_listen_port
|
Integer | Port that ACE runs on. |
44633 ( |
allowlist
|
Array of strings | List of hosts that can connect to pe-ace-server. |
[$certname]
|
