Once we have Puppet installed on the system, the next step is to configure it to perform certain initial operations.
To make the Puppet server manage the client’s server centrally, one needs to open a specified port on all the machines, i.e. 8140 can be used if it is not in use in any of the machines which we are trying to configure. We need to enable both TCP and UDP communication on all the machines.
The main configuration file for Puppet is etc/puppet/puppet.conf. All the configuration files get created in a package-based configuration of Puppet. Most of the configuration which is required to configure Puppet is kept in these files and once the Puppet run takes place, it picks up those configurations automatically. However, for some specific tasks such as configuring a web server or an external Certificate Authority (CA), Puppet has separate configuration for files and settings.
Server configuration files are located in conf.d directory which is also known as the Puppet master. These files are by default located under /etc/puppetlabs/puppetserver/conf.d path. These config files are in HOCON format, which keeps the basic structure of JSON but it is more readable. When the Puppet startup takes place it picks up all .cong files from conf.d directory and uses them for making any configurational changes. Any changes in these files only takes place when the server is restarted.
There are different configuration files in Puppet which are specific to each component in Puppet.
Puppet.conf file is Puppet’s main configuration file. Puppet uses the same configuration file to configure all the required Puppet command and services. All Puppet related settings such as the definition of Puppet master, Puppet agent, Puppet apply and certificates are defined in this file. Puppet can refer them as per requirement.
The config file resembles a standard ini file wherein the settings can go into the specific application section of the main section.
[main] certname = Test1.vipin.com server = TestingSrv environment = production runinterval = 1h
[main] certname = puppetmaster.vipin.com server = MasterSrv environment = production runinterval = 1h strict_variables = true [master] dns_alt_names = MasterSrv,brcleprod01.vipin.com,puppet,puppet.test.com reports = puppetdb storeconfigs_backend = puppetdb storeconfigs = true environment_timeout = unlimited
In Puppet configuration, the file which is going to be used has multiple configuration sections wherein each section has different kinds of multiple number of settings.
Puppet configuration file mainly consists of the following config sections.
Main − This is known as the global section which is used by all the commands and services in Puppet. One defines the default values in the main section which can be overridden by any section present in puppet.conf file.
Master − This section is referred by Puppet master service and Puppet cert command.
Agent − This section is referred by Puppet agent service.
User − It is mostly used by Puppet apply command as well as many of the less common commands.
[main] certname = PuppetTestmaster1.example.com
Following are the key components of Config file.
In Puppet, any comment line starts with (#) sign. This may intend with any amount of space. We can have a partial comment as well within the same line.
# This is a comment. Testing = true #this is also a comment in same line
Settings line must consist of −
In most of the cases, the value of settings will be a single word but in some special cases, there are few special values.
In configuration file settings, take a list of directories. While defining these directories, one should keep in mind that they should be separated by the system path separator character, which is (:) in *nix platforms and semicolons (;) on Windows.
# *nix version: environmentpath = $codedir/special_environments:$codedir/environments # Windows version: environmentpath = $codedir/environments;C:\ProgramData\PuppetLabs\code\environment
In the definition, the file directory which is listed first is scanned and then later moves to the other directory in the list, if it doesn’t find one.
All the settings that take a single file or directory can accept an optional hash of permissions. When the server is starting up, Puppet will enforce those files or directories in the list.
ssldir = $vardir/ssl {owner = service, mode = 0771}
In the above code, the allowed hash are owner, group, and mode. There are only two valid values of the owner and group keys.