Configure puppet-access
The puppet-access command allows users to generate and manage
authentication tokens from the command line of any workstation (Puppet-managed or not), without the need to SSH into the primary
server. If you want to use puppet-access, ensure it is
configured correctly before using it to generate authentication tokens.
The configuration file for puppet-access allows you to define default
settings so that you can generate tokens from the CLI without having to pass additional
flags.
Whether you are running puppet-access on a PE-managed server or installing it on a separate work station, you need a global
configuration file and a user-specified configuration file.
Global configuration file
The global configuration file is located at:
- On *nix systems:
/etc/puppetlabs/client-tools/puppet-access.conf - On Windows systems:
C:/ProgramData/PuppetLabs/client-tools/puppet-access.conf
On machines managed by Puppet Enterprise (PE), the global configuration file is created for you. The configuration file is formatted in JSON. For example:
{
"service-url": "https://<CONSOLE_HOSTNAME>:4433/rbac-api",
"token-file": "~/.puppetlabs/token",
"certificate-file": "/etc/puppetlabs/puppet/ssl/certs/ca.pem"
}service-url setting.If you're running puppet-access from a workstation not managed by PE, you must create the global file and populate it with
the required configuration file settings.
User-specified configuration file
The user-specified configuration file is located at
~/.puppetlabs/client-tools/puppet-access.conf for both *nix and Windows
systems.
The user-specified configuration file always takes precedence over the global
configuration file. For example, if the two files have contradictory settings for the
token-file, the user-specified setting prevails.
You must create the user-specified file and populate it with the configuration file settings. A list of configuration file settings is found in Configuration file settings for puppet-access.
