Product SiteDocumentation Site

3.2. Configuration

In this section, we walk you through the initial configuration of a puppetmaster with the mongrel server type.

3.2.1. Configuring the Puppetmaster

The configuration file for puppet and puppetmaster is /etc/puppet/puppet.conf. It is a file in INI-like format with sections, keys and values. There's 4 sections of interest,
  • [main]
    Primarily file locations, directory settings and other globals applicable to both the puppet as well as the puppetmaster.
  • [puppetca]
    Puppet Certificate Authority (puppetca) settings.
  • [puppetd]
    Puppet client daemon settings.
  • [puppetmasterd]
    Puppetmaster daemon settings.

3.2.1.1. Relevant Settings

Relevant Settings For The First Run
For the first run of the puppetmaster, the following settings require configuration:
  • [main]
    The locations where puppet seeks it's configuration and puts it's transitional data. The most important setting is vardir, which should be set to /var/lib/puppet/. Further settings include:
    • logdir = /var/log/puppet/
    • rundir = /var/run/puppet/
    • ssldir = $vardir/ssl/

    Note

    If you used a package to install puppet, the defaults should work, but may not comply with your backup strategy. It is the upstream puppet package that cannot cater to each and every distribution or operating system it is available for, and therefore has a set of defaults that will work, but will need to be changed on most platforms.
  • [puppetmasterd]
    • certname
      The puppetmaster certificate's Common Name (CN), for which by default the system's hostname is used. The fully qualified domain name of the system is a pretty reasonable value. 
      $ hostname
    • certdnsnames
      A colon (:) seperated list of DNS names resolving to the puppetmaster. Include here:
      1. The short hostname of the system, using the output of: 
        # hostname -s
      2. puppet
      3. puppet, followed by the DNS domain name of the system, using the output of 
        # dnsdomainname
      4. Any other hostname or fully qualified domain name you want to use for the puppetmaster.
  • Another setting to check is whether or not this puppetmaster is going to be the Certificate Authority 
    [puppetmasterd]
ca = true
    The default is often set to true.
  • Whether or not to use autosigning of certificates, using 
    [puppetca]
autosign = false
    The default is to not use autosigning. Only applicable if puppetca is set to true.
Other Relevant Settings
The following settings require review before the puppetmaster is going in production.
  • A list of environments using a comma seperated list, in 
    [puppetmasterd]
environments = development,testing,production
    See also: Section 4.1, “Environments”
  • Whether or not to use reporting, and what reporting to use (tagmail, store, rrdgraph). To configure the types or reports that should be used by the puppetmaster, use a comma separated list without spaces, in: 
    [puppetmasterd]
reports = tagmail,store,rrdgraph
    See also: Section 5.1, “Tweaking Reporting”
  • The location of tagmail.conf, in order to map tags you give to resources to email addresses the reports should be sent to; 
    [main]
tagmap = /path/to/tagmail.conf
    for reporting changes applied to puppets, via email.
    See also: Section 5.1, “Tweaking Reporting”

3.2.1.2. Configuring the fileserver

para

3.2.1.3. Minimal site.pp

Create a minimal site.pp in /etc/puppet/manifests/site.pp for the puppetmaster to parse on it's initial startup. Below is an example. 
#
# Example site.pp
#

# The default node

node default {
}

3.2.1.4. Service Configuration

On Red Hat based systems, use /etc/sysconfig/puppetmaster to configure the service. It has three variables set, of which PUPPETMASTER_MANIFEST needs to point to the default manifest to use. Change the default only if you are not going to use environment specific