puppet: Puppet 5 installation modulepuppet::agent::bootstrap: Puppet bootstrap commandspuppet::agent::config: Configure Puppet Agent settingspuppet::agent::install: Puppet 5 agent installationpuppet::agent::ssl::clean: Remove Puppet cerificate and keys on the hostpuppet::config: Setup Puppet configuration file (puppet.conf)puppet::enc: Install ENC scriptpuppet::params: A short summary of the purpose of this classpuppet::profile::master: Puppet server installationpuppet::r10k::install: R10K installation on the serverpuppet::repo: Setup Puppet Platform repositorypuppet::server::ca::allow: Adjust Puppet auth.conf to allow 'puppetserver ca' commandpuppet::server::install: Puppet server package installationpuppet::server::setup: Puppet server environment setuppuppet::service: Puppet server service managementpuppet::setup: Puppet node environment setup (either agent or server host)
puppet::server::ca::clean: Puppet certificate cleanup callpuppet::server::ca::sign: Puppet certificate sign
puppet_auth_rule: Create or remove the rule.
puppet::agent5::cleanpuppet::agent5::installpuppet::bootstrappuppet::cert::clean: Clean node certificates on Puppet serverpuppet::cert::sign: Sign node certificates on Puppet serverpuppet::server::clean: Clean node certificates on Puppet controller nodepuppet::server::sign: Sign node certificates on Puppet controller node
puppet
Puppet 5 installation module
include puppetThe following parameters are available in the puppet class.
Data type: String
Data type: String
Data type: String
Data type: Optional[String]
Data type: Optional[Array[String]]
Data type: Optional[String]
Data type: Boolean
Data type: String
Data type: Boolean
Data type: String
Data type: String
Data type: Boolean
Data type: Boolean
Data type: String
Data type: String
Data type: Optional[Stdlib::Absolutepath]
Data type: Puppet::Strictness
Data type: Boolean
Data type: Boolean
Data type: Boolean
Data type: Optional[Puppet::TimeUnit]
Data type: Puppet::TimeUnit
Data type: Puppet::Ordering
Data type: Optional[Puppet::Priority]
Data type: Boolean
Data type: Optional[Puppet::Autosign]
Data type: Puppet::TimeUnit
Data type: Boolean
Data type: Boolean
Data type: Boolean
Data type: String
Data type: Optional[Stdlib::Absolutepath]
Data type: Boolean
Data type: String
Data type: String
Data type: Boolean
Data type: Boolean
Data type: String
Data type: String
Data type: Boolean
Data type: Boolean
Puppet bootstrap commands
include puppet::agent::bootstrapThe following parameters are available in the puppet::agent::bootstrap class.
Data type: Stdlib::Unixpath
Default value: $puppet::params::puppet_path
Data type: String
Default value: '--test'
Data type: Stdlib::Unixpath
Default value: $puppet::params::hostprivkey
Data type: Stdlib::Unixpath
Default value: $puppet::params::hostcert
Configure Puppet Agent settings
include puppet::agent::configThe following parameters are available in the puppet::agent::config class.
Data type: Stdlib::Fqdn
Default value: 'puppet'
Data type: String
Default value: 'production'
Data type: Boolean
Default value: true
Data type: Puppet::TimeUnit
Default value: '10m'
puppet::agent::install
Puppet 5 agent installation
include puppet::agent::installThe following parameters are available in the puppet::agent::install class.
Data type: String
Default value: $puppet::params::agent_package_name
Data type: String
Default value: $puppet::agent_version
Remove Puppet cerificate and keys on the host
include puppet::agent::ssl::cleanThe following parameters are available in the puppet::agent::ssl::clean class.
Data type: Stdlib::Unixpath
Default value: $puppet::params::hostprivkey
Data type: Stdlib::Unixpath
Default value: $puppet::params::hostpubkey
Data type: Stdlib::Unixpath
Default value: $puppet::params::hostcert
Data type: Stdlib::Unixpath
Default value: $puppet::params::hostreq
Data type: Stdlib::Unixpath
Default value: $puppet::params::localcacert
Setup Puppet configuration file (puppet.conf)
include puppet::configThe following parameters are available in the puppet::config class.
Data type: Optional[Stdlib::Absolutepath]
The search path for global modules. Should be specified as a list of directories separated by the system path separator character. (The POSIX path separator is ':', and the Windows path separator is ';'.) These are the modules that will be used by all environments. Note that the modules directory of the active environment will have priority over any global directories. For more info, see https://docs.puppet.com/puppet/latest/environments.html Default: $codedir/modules:/opt/puppetlabs/puppet/modules
Default value: $puppet::basemodulepath
Data type: String
String. Default is 'common'. Name of common environment which will consists global Hiera config (data/global.yaml) and glomal modules (see use_common_env and basemodulepath)
Default value: $puppet::common_envname
Data type: Boolean
If set to true then basemodulepath will set to "${environmentpath}/${common_envname}/modules" only if basemodulepath parameter (see above) is not defined.
Default value: $puppet::use_common_env
Data type: Optional[Array[String]]
Array of String or undef. A comma-separated list of alternate DNS names for Puppet Server. These are extra hostnames (in addition to its certname) that the server is allowed to use when serving agents. Puppet checks this setting when automatically requesting a certificate for Puppet agent or Puppet Server, and when manually generating a certificate with puppet cert generate. In order to handle agent requests at a given hostname (like "puppet.example.com"), Puppet Server needs a certificate that proves it’s allowed to use that name; if a server shows a certificate that doesn’t include its hostname, Puppet agents will refuse to trust it. If you use a single hostname for Puppet traffic but load-balance it to multiple Puppet Servers, each of those servers needs to include the official hostname in its list of extra names. Note: The list of alternate names is locked in when the server’s certificate is signed. If you need to change the list later, you can’t just change this setting; you also need to:
- On the server: Stop Puppet Server.
- On the CA server: Revoke and clean the server’s old certificate. (puppet cert clean )
- On the server: Delete the old certificate (and any old certificate signing requests) from the ssldir.
- On the server: Run puppet agent -t --ca_server to request a new certificate
- On the CA server: Sign the certificate request, explicitly allowing alternate names (puppet cert sign --allow-dns-alt-names ).
- On the server: Run puppet agent -t --ca_server to retrieve the cert.
- On the server: Start Puppet Server again. To see all the alternate names your servers are using, log into your CA server and run puppet cert list -a, then check the output for (alt names: ...). Most agent nodes should NOT have alternate names; the only certs that should have them are Puppet Server nodes that you want other agents to trust.
Default value: $puppet::dns_alt_names
Data type: Puppet::TimeUnit
Puppet::TimeUnit. Default - 0. How long the Puppet master should cache data it loads from an environment. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). A value of 0 will disable caching. This setting can also be set to unlimited, which will cache environments until the master is restarted or told to refresh the cache. You should change this setting once your Puppet deployment is doing non- trivial work. We chose the default value of 0 because it lets new users update their code without any extra steps, but it lowers the performance of your Puppet master. We recommend setting this to unlimited and explicitly refreshing your Puppet master as part of your code deployment process.
- With Puppet Server, you should refresh environments by calling the environment-cache API endpoint. See the docs for the Puppet Server administrative API.
- With a Rack Puppet master, you should restart the web server or the application server. Passenger lets you touch a restart.txt file to refresh an application without restarting Apache; see the Passenger docs for details. We don’t recommend using any value other than 0 or unlimited, since most Puppet masters use a pool of Ruby interpreters which all have their own cache timers. When these timers drift out of sync, agents can be served inconsistent catalogs. Default: 0
Default value: $puppet::environment_timeout
Data type: Boolean
Whether the master should function as a certificate authority. Default: true
Default value: $puppet::sameca
Data type: Boolean
Whether to allow a new certificate request to overwrite an existing certificate. Default: false
Default value: $puppet::allow_duplicate_certs
Data type: Boolean
When enabled, Puppet will use external nodes classifier script which defined in puppet::params::external_nodes variable
Default value: $puppet::use_enc
Data type: Boolean
Default value: $puppet::master
Data type: String
Default value: $puppet::server
Data type: Optional[String]
Default value: $puppet::ca_server
Data type: Puppet::Strictness
Default value: $puppet::strict
Data type: Boolean
Default value: $puppet::strict_variables
Data type: Boolean
Default value: $puppet::daemonize
Data type: Boolean
Default value: $puppet::onetime
Data type: Puppet::TimeUnit
Default value: $puppet::http_read_timeout
Data type: Puppet::Ordering
Default value: $puppet::ordering
Data type: Optional[Puppet::Priority]
Default value: $puppet::priority
Data type: Boolean
Default value: $puppet::usecacheonfailure
Data type: Optional[Puppet::Autosign]
Default value: $puppet::autosign
Data type: Boolean
Default value: $puppet::use_puppetdb
Data type: Stdlib::Absolutepath
Default value: $puppet::params::puppet_config
Data type: Stdlib::Absolutepath
Default value: $puppet::params::environmentpath
Data type: Stdlib::Absolutepath
Default value: $puppet::params::external_nodes
Data type: Optional[String]
Default value: undef
Data type: Optional[Puppet::TimeUnit]
Default value: $puppet::runtimeout
puppet::enc
Install ENC script
include puppet::encThe following parameters are available in the puppet::enc class.
Data type: String
Default value: $puppet::enc_template
Data type: Optional[Stdlib::Absolutepath]
Default value: $puppet::enc_data_source
Data type: String
Default value: $puppet::enc_envname
Data type: Stdlib::Absolutepath
Default value: $puppet::params::ruby_path
Data type: Stdlib::Absolutepath
Default value: $puppet::params::external_nodes
puppet::params
A description of what this class does
include puppet::paramsPuppet single host installation (Puppet Agent/Server/PuppetDB)
include puppet::profile::masterThe following parameters are available in the puppet::profile::master class.
Data type: Boolean
Boolean. Default is true. If set puppet.conf will be set to use PuppetDB for storeconfigs and reports storage. Also PuppetDB will be managed through puppetlabs-puppetdb module (including PostgreSQL database)
Default value: true
Data type: String
String. Default is 'puppet'. Server name for PuppetDB. Puppetdb::Master::Config class (from puppetlabs-puppetdb) use ::fqdn for check connection to PuppetDB server. As ::fqdn could be ot resolvable it is possible to set up server name via parameter puppetdb_server. Class '::puppet' by default set into /etc/hosts file record 127.0.0.1 puppet therefore hostname 'puppet' is resolvable. If you changed this behavior - you should properly set parameter puppetdb_server as well
Default value: 'puppet'
Data type: Boolean
Boolean. Default is false. If set then class Puppetdb::Master::Config will check puppet.conf (using Ini_setting resources) for proper setup of report/reports and storeconfigs/storeconfigs_backend directives. By default class Puppet generates Puppet config from template therefore we do not manage it inside class Puppetdb::Master::Config.
Default value: false
Data type: Boolean
Boolean. Default is true. If set then class Puppetdb will use puppetlabs/postgresql for Postgres database server management and PuppetDB database setup
Default value: true
Data type: Boolean
Boolean. Default is false. If set than class Puppetdb::Server will use puppetlabs/firewall for firewall rules setup, iptables/ip6tables services management
Default value: false
Data type: String
Default value: 'puppet'
Data type: String
Default value: 'puppetdb'
Data type: String
Default value: 'puppetdb'
Data type: String
Default value: 'puppetdb'
Data type: String
Default value: '/var/cache/r10k'
puppet::install::r10k
R10K installation on the server
include puppet::install::r10kThe following parameters are available in the puppet::r10k::install class.
Data type: String
Default value: $puppet::params::r10k_package_name
Data type: Stdlib::Absolutepath
Default value: $puppet::params::gem_path
Data type: Stdlib::Absolutepath
Default value: $puppet::params::r10k_path
puppet::repo
Setup Puppet Platform repository
include puppet::repoThe following parameters are available in the puppet::repo class.
Data type: String
Default value: $puppet::params::package_name
Data type: String
Default value: $puppet::params::package_filename
Data type: String
Default value: $puppet::params::package_provider
Data type: String
Default value: $puppet::params::platform_repository
Adjust Puppet auth.conf to allow 'puppetserver ca' command
include puppet::server::ca::allowThe following parameters are available in the puppet::server::ca::allow class.
Data type: Boolean
Default value: true
Data type: String
Default value: $puppet::server
Data type: Optional[String]
Default value: undef
puppet::install::server
Puppet server package installation
include puppet::install::serverThe following parameters are available in the puppet::server::install class.
Data type: String
puppetserver package version or one of puppet Package resource ensure parameter values (latest, installed, absent)
Default value: $puppet::server_version
Data type: String
Default value: $puppet::params::server_package_name
puppet::setup::server
This class setup dynamic environments using r10k invocation. If r10k is not configured, than it will setup it from template
include puppet::setup::serverThe following parameters are available in the puppet::server::setup class.
Data type: Boolean
Default value: $puppet::r10k_config_setup
Data type: String
Default value: $puppet::r10k_yaml_template
Data type: String
Default value: $puppet::production_remote
Data type: Boolean
Default value: $puppet::use_common_env
Data type: String
Default value: $puppet::common_remote
Data type: Boolean
Default value: $puppet::use_enc
Data type: String
Default value: $puppet::enc_remote
Data type: Stdlib::Absolutepath
Default value: $puppet::r10k_cachedir
Data type: Stdlib::Absolutepath
Default value: $puppet::params::r10k_config_file
Data type: Stdlib::Absolutepath
Default value: $puppet::params::r10k_path
Data type: Stdlib::Absolutepath
Default value: $puppet::params::environmentpath
Data type: Stdlib::Absolutepath
Default value: $puppet::params::eyaml_keys_path
Data type: String
Default value: $puppet::params::eyaml_public_key
Data type: String
Default value: $puppet::params::eyaml_private_key
Data type: Boolean
Default value: $puppet::environment_setup_on_each_run
puppet::service
Puppet server service management
include puppet::serviceThe following parameters are available in the puppet::service class.
Data type: String
Default value: $puppet::server_service_ensure
Data type: Boolean
Default value: $puppet::server_service_enable
Data type: String
Default value: $puppet::params::service_name
puppet::setup
Puppet node environment setup
include puppet::setupThe following parameters are available in the puppet::setup class.
Data type: Boolean
whether to setup directories for external facts see https://puppet.com/docs/puppet/6.18/external_facts.html
Default value: $puppet::external_facts_setup
Data type: String
Default value: $puppet::server
Data type: Boolean
Default value: $puppet::hosts_update
Data type: Optional[String]
Default value: $puppet::server_ipaddress
Data type: Optional[Array[String]]
Default value: $puppet::dns_alt_names
Puppet certificate cleanup call
puppet::server::ca::clean { 'namevar': }The following parameters are available in the puppet::server::ca::clean defined type.
Data type: String
Certificate name for which run puppetserver ca clean command
Default value: $name
Puppet certificate sign
puppet::server::ca::sign { 'namevar': }The following parameters are available in the puppet::server::ca::sign defined type.
Data type: String
Certificate name, for which run command puppetserver ca sign
Default value: $name
Create or remove the rule.
The following properties are available in the puppet_auth_rule type.
If the request's authenticated name matches the parameter's value, Puppet Server allows it.
Valid values: true, false
Enable domain (default)
Refuses the request if the authenticated name matches - even if the rule contains an allow value that also matches.
Valid values: present, absent
Create or remove the rule.
Default value: present
Valid values: get, post, put, delete, head
Puppet Server applies that rule only to requests that use its value's listed HTTP methods.
The parameter path can be a literal string or regular expression
Valid values: regex, path
Type of the perameter path. The parameter path can be a literal string or regular expression.
Valid values: %r{\d+}
Sets the order in which Puppet Server evaluates the rule by prioritizing it on a numeric value between 1 and 399 (to be evaluated before default Puppet rules) or 601 to 998 (to be evaluated after Puppet), with lower-numbered values evaluated first.
Default value: 500
The following parameters are available in the puppet_auth_rule type.
namevar
Unique string value identifies the rule to Puppet Server
The specific backend to use for this puppet_auth_rule resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
The Puppet::Autosign data type.
Alias of Variant[Boolean, Stdlib::Absolutepath]
The Puppet::Ordering data type.
Alias of Enum['manifest', 'title-hash', 'random']
The Puppet::Priority data type.
Alias of Variant[Enum['high', 'normal', 'low', 'idle'], Integer]
The Puppet::Strictness data type.
Alias of Enum['off', 'warning', 'error']
The Puppet::TimeUnit data type.
Alias of Variant[Integer, Pattern[/^[0-9]+[ydhms]?$/]]
The puppet::agent5::clean class.
The following parameters are available in the puppet::agent5::clean plan.
Data type: TargetSpec
The puppet::agent5::install class.
The following parameters are available in the puppet::agent5::install plan.
Data type: TargetSpec
The puppet::bootstrap class.
The following parameters are available in the puppet::bootstrap plan.
Data type: TargetSpec
Data type: Stdlib::Fqdn
Bolt plan which run puppetserver ca clean command for each node on Puppet controller node. The Bolt plan targets are Nodes
The following parameters are available in the puppet::cert::clean plan.
Data type: TargetSpec
Nodes for which certificate should be cleaned
Data type: Stdlib::Fqdn
Puppet controller server(s) on which certificate should be cleaned
Bolt plan which run puppetserver ca sign command for each node on Puppet controller node. The Bolt plan targets are Nodes
The following parameters are available in the puppet::cert::sign plan.
Data type: TargetSpec
Nodes for which certificate signing requests should be signed
Data type: Stdlib::Fqdn
Puppet controller server(s) on which certificate should be signed
Bolt plan which run puppetserver ca clean command for each node on Puppet controller node as Bolt plan target
The following parameters are available in the puppet::server::clean plan.
Data type: TargetSpec
Puppet server(s) where certificate should be cleaned
Data type: Array[Stdlib::Fqdn]
Nodes for which certificates should be cleaned
Bolt plan which run puppetserver ca sign command for each node on Puppet controller node as Bolt plan target
The following parameters are available in the puppet::server::sign plan.
Data type: TargetSpec
Puppet server(s) where certificate should be signed
Data type: Array[Stdlib::Fqdn]
Nodes for which certificate signing requesgts should be signed