Puppet Enterprise 2016.5

The console is Puppet Enterprise’s web UI. Use it to:

  • Manage node requests to join the Puppet deployment.
  • Assign Puppet classes to nodes and groups.
  • View reports and activity graphs.
  • Browse and compare resources on your nodes.
  • View inventory data.
  • Manage console users and their access privileges.

Reaching the console

The console is served as a website over SSL, on whichever port you chose when installing the console component.

Let’s say your console server is console.domain.com. If you chose to use the default port of 443, you can omit the port from the URL and reach the console by navigating to:

https://console.domain.com

If you chose to use port 8443, you reach the console at:

https://console.domain.com:8443

Note the https protocol handler — you cannot reach the console over plain http.

Accepting the console’s certificate

The console uses an SSL certificate created by your own local Puppet certificate authority. Since this authority is specific to your site, web browsers won’t know it or trust it, and you’ll have to add a security exception in order to access the console.

This is safe to do. Your web browser will warn you that the console’s identity hasn’t been verified by one of the external authorities it knows of, but that doesn’t mean it’s untrustworthy. Since you or another administrator at your site is in full control of which certificates the Puppet certificate authority signs, the authority verifying the site is you.

Accepting the certificate in Google Chrome or Chromium

Step 1: When you receive a warning that the connection isn’t private, click Advanced.

Screenshot: Chrome showing an untrusted cert warning, with the 'Proceed anyway' button highlighted

Step 2: Click to proceed to the master.

Screenshot: Chrome showing an untrusted cert warning, with the 'Proceed to IP address' button highlighted

Accepting the certificate in Mozilla Firefox

Step 1: When you receive a warning that the connection is untrusted, click I Understand the Risks, then click Add Exception.

Screenshot: Firefox's untrusted cert warning, with two controls highlighted

Step 2: Click Confirm Security Exception.

Screenshot: Firefox's cert details dialog, with the confirm button highlighted

Accepting the certificate in Apple Safari

Click the Continue button on the warning dialog.

Screenshot: Safari's untrusted cert dialog, with the continue button highlighted

Note: Safari certificate handling may prevent console access.

Due to Apache bug 53193 and the way Safari handles certificates, Puppet recommends that you avoid using Safari to access the PE console.

If you need to use Safari, you may encounter the following dialog box the first time you attempt to access the console after installing/upgrading PE:

Safari Certificate Dialog

If this happens, click Cancel to access the console. (In some cases, you may need to click Cancel several times.)

Accepting the certificate in Microsoft Internet Explorer

Click the Continue to this website (not recommended) link on the warning page.

Screenshot: IE's untrusted cert page, with the continue link highlighted

Logging in

For security, accessing the console requires a username and password. If you are an administrator setting up the console or accessing it for the first time, use the username and password you chose when you installed the console. Otherwise, get credentials from your site’s administrator. See the user management information for more information on managing console user accounts.

Since the console is the main point of control for your infrastructure, you probably want to decline your browser’s offer to remember its password.

Note: Resetting the admin password for console access relies on a utility script that’s located in the installer tarball. See Troubleshooting admin and user access to the console for steps to reset the admin password.

Changing the length of a console session

By default, a console session times out after one hour. You can change the length of console sessions by creating a new configuration file, or by performing the following steps:

  1. In the console, click Nodes > Classification, and in the PE Infrastructure group, select the PE Console node group.

  2. On the Classes tab, in the puppet_enterprise::profile::console class, specify parameters:

    • Parameter – Select rbac_session_timeout.

    • Value - Enter the desired length of the console session in minutes. The default value is 60.

  3. Click Add parameter, and commit changes.

In order for this change to take effect, you must run Puppet on the Puppet master. This Puppet run causes pe-console-services to restart, which also restarts the console. You might need to refresh your browser once the console restarts.

Changing console timestamps to local time

By default, the console displays timestamps in UTC format (also known as Zulu time). Hover over the timestamp to view a conversion in local time, as determined by your web browser.

If you prefer, you can change your console settings to display all timestamps in local time, with UTC time shown on hover, by following these steps:

  1. In the console, click Nodes > Classification, and in the PE Infrastructure group, select the PE Console node group.

  2. On the Classes tab, in the puppet_enterprise::profile::console class, specify parameters:

    • Parameter – Select display_local_time.

    • Value – Enter true to display timestamps in local time, with hover text showing UTC time. The default value, false, shows timestamps in UTC time.

  3. Click Add parameter, and commit changes.

In order for this change to take effect, you must run Puppet on the Puppet master. This Puppet run causes pe-console-services to restart, which also restarts the console. You might need to refresh your browser once the console restarts.

Back to top