Puppet Enterprise 2016.5

pe.conf parameter reference

The following sections detail the parameters that are mandatory or optional in pe.conf when installing or upgrading.

A pe.conf file is a HOCON formatted file that declares parameters and values needed to install and configure PE.

The following are examples of valid paramater and value expressions:

Type Value
FQDNs "puppet_enterprise::puppet_master_host": "master.example.com"
Strings "console_admin_password": "mypassword"
Booleans "puppet_enterprise::profile::master::app_management": true
Valid Boolean values are true or false (case sensitive, no quotation marks). Do not use Yes (y), No (n), 1, or 0.
JSON hashes "puppet_enterprise::profile::orchestrator::java_args": {"Xmx": "256m", "Xms": "256m"}
Integer "puppet_enterprise::profile::console::rbac_session_timeout": "60"

Warning: Do not use single quotes on parameter values. Use double quotes as shown in the examples.

The example pe.conf packaged in the installer directory contains the mandatory parameters needed for a monolithic or split installation. You can use that example file without needing to create your own.

Parameters for monolithic installations

The following parameters are mandatory for a monolithic installation.

Parameter Value
console_admin_password The password used to log into the PE console. For example, "myconsolepassword"
puppet_enterprise::puppet_master_host The FQDN of the node hosting the Puppet master. For example, "PUPPET MASTER NODE FQDN"
(In a monolithic installation, you can leave this set to the "%{::trusted.certname}" value.)

Parameters for split installations

The following parameters are mandatory for a split installation.

Parameter Value
console_admin_password The password used to log into the PE console. For example, "myconsolepassword"
puppet_enterprise::puppet_master_host The FQDN of the node hosting the Puppet master. For example, "PUPPET MASTER NODE FQDN"
(In a split install,
do not use the "%{::trusted.certname}" value for the Puppet master.)
puppet_enterprise::console_host The FQDN of the node hosting the PE console. For example, "PE CONSOLE NODE FQDN"
puppet_enterprise::puppetdb_host The FQDN of the node hosting PuppetDB. For example, "PUPPETDB NODE FQDN"

Database configuration parameters

The following are default parameters and values supplied for the PE databases. These should not be changed or customized.

Parameter Value
puppet_enterprise::activity_database_name pe-activity (Default)
The name for the activity database.
puppet_enterprise::activity_database_read_user pe-activity-read(Default)
The name for the activity database user that can only perform read functions.
puppet_enterprise::activity_database_write_user pe-activity-write(Default)
The name for the activity database user that can only perform read and write functions.
puppet_enterprise::activity_database_super_user pe-activity(Default)
The name for the activity database superuser.
puppet_enterprise::activity_service_migration_db_user pe-activity(Default)
The database user the activity service will use for migrations.
puppet_enterprise::activity_service_regular_db_user pe-activity-write(Default)
The database user the activity service will use for normal operation.
puppet_enterprise::classifier_database_name pe-classifier(Default)
The name for the classifier database.
puppet_enterprise::classifier_database_read_user pe-classifier-read(Default)
The name for the classifier database user that can only perform read functions.
puppet_enterprise::classifier_database_write_user pe-classifier-write(Default)
The name for the classifier database user that can only perform read and write functions.
puppet_enterprise::classifier_database_super_user pe-classifier(Default)
The name for the classifier database superuser.
puppet_enterprise::classifier_service_migration_db_user pe-classifier(Default)
The database user the classifier service will use for migrations.
puppet_enterprise::classifier_service_regular_db_user pe-classifier-write(Default)
The database user the classifier service will use for normal operation.
puppet_enterprise::orchestrator_database_name pe-orchestrator(Default)
The name for the orchestrator database.
puppet_enterprise::orchestrator_database_read_user pe-orchestrator-read(Default)
The name for the orchestrator database user that can only perform read functions.
puppet_enterprise::orchestrator_database_write_user pe-orchestrator-write(Default)
The name for the orchestrator database user that can only perform read and write functions.
puppet_enterprise::orchestrator_database_super_user pe-orchestrator(Default)
The name for the orchestrator database superuser.
puppet_enterprise::orchestrator_service_migration_db_user pe-orchestrator(Default)
The database user the orchestrator service will use for migrations.
puppet_enterprise::orchestrator_service_regular_db_user pe-orchestrator-write(Default)
The database user the orchestrator service will use for normal operation.
puppet_enterprise::puppetdb_database_name pe-puppetdb(Default)
The name for the PuppetDB database.
puppet_enterprise::puppetdb_database_user pe-puppetdb(Default)
The name for the PuppetDB database user.
puppet_enterprise::rbac_database_name pe-rbac(Default)
The name for the RBAC database.
puppet_enterprise::rbac_database_read_user pe-rbac-read(Default)
The name for the RBAC database user that can only perform read functions.
puppet_enterprise::rbac_database_write_user pe-rbac-write(Default)
The name for the RBAC database user that can only perform read and write functions.
puppet_enterprise::rbac_database_super_user pe-rbac(Default)
The name for the RBAC database superuser.
puppet_enterprise::rbac_service_migration_db_user pe-rbac(Default)
The database user the RBAC service will use for migrations.
puppet_enterprise::rbac_service_regular_db_user pe-rbac-write(Default)
The database user the RBAC service will use for normal operation.

External PostgreSQL parameters

The following parameters are required if you’re installing an external postgreSQL. The password parameters can be added to standard installations if needed.

Parameter Value
puppet_enterprise::database_host The FQDN of the node hosting the database component.
puppet_enterprise::database_ssl "true" or "false" (Default is "false".)
Leave this value as is for external PostgreSQL.
puppet_enterprise::database_cert_auth "true" or "false"(Default is "false".)
Leave this value as is for external PostgreSQL.
puppet_enterprise::puppetdb_database_password The password for the PuppetDB database user. Must be a string, for example, "mypassword"
puppet_enterprise::classifier_database_password The password for the classifier database user. Must be a string, for example, "mypassword"
puppet_enterprise::classifier_service_regular_db_user "pe-classifier"(Default.)
The database user the classifier service will use for normal operation.
puppet_enterprise::classifier_service_migration_db_user "pe-classifier" (Default.)
The database user the classifier service will use for migrations.
puppet_enterprise::activity_database_password The password for the activity database user. Must be a string, for example, "mypassword"
puppet_enterprise::activity_service_regular_db_user "pe-activity" (Default.)
The database user the activity service will use for normal operation.
puppet_enterprise::activity_service_migration_db_user "pe-activity" (Default.)
The database user the activity service will use for migrations.
puppet_enterprise::rbac_database_password The password for the RBAC database user. Must be a string, for example, "mypassword"
puppet_enterprise::rbac_service_regular_db_user "pe-rbac" (Default.)
The database user the RBAC service will use for normal operation.
puppet_enterprise::rbac_service_migration_db_user "pe-rbac" (Default.)
The database user the RBAC service will use for migrations.
puppet_enterprise::orchestrator_database_password The password for the orchestrator database user. Must be a string, for example, "mypassword"
puppet_enterprise::orchestrator_service_regular_db_user "pe-orchestrator" (Default.)
The database user the orchestrator service will use for normal operation.
puppet_enterprise::orchestrator_service_migration_db_user "pe-orchestrator" (Default.)
The database user the orchestrator service will use for migrations.

Parameters for configuring and tuning Puppet Enterprise

You can use these parameters to configure and tune PE as needed.

Parameters for configuring and tuning the Puppet master

Parameter Value
pe_install::puppet_master_dnsaltnames Must be a string. DNS altnames to be added to the SSL certificate generated for the Puppet master node.
The default ["puppet"] is used if none are specified.
puppet_enterprise::profile::certificate_authority Include an array of additional certificates to be allowed access to the /certificate_status
API endpoint. This list is additive to the base PE certificate list. For example, "examplevm.puppet.com"
puppet_enterprise::profile::master::code_manager_auto_configure Set to true or false
Whether or not to automatically configure the code manager service.
puppet_enterprise::profile::master::r10k_remote Must be a string.
The git URL to be passed to the r10k.yaml file.
For example, "git@your.git.server.com:puppet/control.git".
This can be any URL that is supported by r10k (and normally git). This answer is only needed
if you want r10k configured when PE is installed.
puppet_enterprise::profile::master::r10k_private_key Must be a string.
The local filesystem path on the Puppet master where the SSH private key can be found and used by r10k.
For example, "/etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa").
This answer is only needed if you want r10k configured when PE is installed. This must be specified in conjunction with
puppet_enterprise::profile::master::r10k_remote.
puppet_enterprise::profile::master::check_for_updates Set to true or false (Default is true.)
Whether to check for updates whenever
the pe-puppetserver service restarts. Update checks are enabled (true) by default.
See Disabling update checkingfor more information.

Parameters for configuring and tuning the PE console and console services

Parameter Value
puppet_enterprise::profile::console::classifier_synchronization_period Must be an integer. Classifier synchronization period.
Controls how long it takes the node classifier (NC) to retrieve classes
from the Puppet master. Default is "600" seconds (10 minutes).
puppet_enterprise::api_port The SSL port PE serves the node classifier on. Defaults to "[4433]".
puppet_enterprise::profile::console::rbac_session_timeout Must be an integer. Specifies how long a user's session should last, in minutes. This session is the same across node classification, RBAC, and the console. The default value is "60".
puppet_enterprise::profile::console::session_maximum_lifetime Must be an integer. Specifies the maximum allowable period that a console session can be valid for. Supported units are "s" (seconds), "m" (minutes), "h" (hours), "d" (days), "y" (years). May be set to "0" to not expire before the maximum token lifetime.
Units are specified as a single letter following an integer, for example "1d" (1 day). If no units are specified, the integer is treated as seconds.
puppet_enterprise::profile::console::console_ssl_listen_port Must be an integer. The port the console is available on.
Default is "[443]".
puppet_enterprise::profile::console::ssl_listen_address PE's nginx listen address for the PE console.
Defaults to "0.0.0.0".
puppet_enterprise::profile::console::classifier_prune_threshold Must be an integer. The number of days to wait before pruning the size of the classifier database.
If you set the value to "0", the node classifier service will never prune the database.
puppet_enterprise::profile::console::pcp_timeout A Puppet agent needs to connect to the PCP broker in order to do Puppet runs via the Run Puppet button in the console. Set an integer to specify how much time should pass before the connection times out.
The Run Puppet button defaults to "5" seconds. If the agent can’t connect to the broker in that time frame, the run will timeout.

Parameters for configuring and tuning the orchestrator and orchestration services

Parameter Value
puppet_enterprise::profile::master::app_management Disable or enable application management. Set to true or false.
Enabled (true) by default.
puppet_enterprise::profile::orchestrator::run_service Disable or enable orchestration services. Set to true or false.
Enabled (true) by default.
puppet_enterprise::profile::agent::pxp_enabled Disable or enable the PXP service. Set to true or false.
If you disable this setting you can’t use the orchestrator or the Run Puppet button in the console.
Enabled (true) by default.
puppet_enterprise::profile::orchestrator::global_concurrent_compiles An integer that determines how many concurrent compile requests can be outstanding to the Puppet master, across all orchestrator jobs.
The default value is "8".
puppet_enterprise::profile::orchestrator::pcp_timeout A Puppet agent needs to connect to the PCP broker in order to do Puppet runs via the Puppet orchestrator. Set an integer to specify how much time should pass before the connection times out.
The Puppet orchestrator defaults to "30" seconds. If the agent can’t connect to the broker in that time frame, the run will timeout.
puppet_enterprise::profile::console::display_local_time By default, the console displays timestamps in UTC format (also known as Zulu time). If you prefer, you can change your console settings to display all timestamps in local time, with UTC time shown on hover. Set to true to display timestamps in local time, with hover text showing UTC time or false (default) to show timestamps in UTC time.

Parameters for configuring and tuning PuppetDB

Parameter Value
puppet_enterprise::puppetdb::command_processing_threads Must be an integer. Define how many command processing threads
PuppetDB uses to sort incoming data. Each thread can process a single command at a time.
This setting defaults to half the number of cores in your system. For example, "8".
puppet_enterprise::profile::master::puppetdb_report_processor_ensure The Puppet master generates agent run reports every time Puppet runs and submits
these to PuppetDB.
Set to present or absent. Default is set to present(enabled).
puppet_enterprise::puppetdb_port The SSL port PuppetDB listens on. Must be an integer in brackets.
For example, "[8081]".

Parameters for configuring and tuning Java arguments

Parameter Value
puppet_enterprise::profile::master::java_args The JVM (Java Virtual Machine) memory that is allocated to the Puppet Server service.
Set as a JSON hash. For example, {"Xmx": "4096m", "Xms": "4096m"}
puppet_enterprise::profile::puppetdb::java_args The JVM memory that is allocated to the PuppetDB service.
Set as a JSON hash. For example, {"Xmx": "512m", "Xms": "512m"}
puppet_enterprise::profile::console::java_args The JVM memory that is allocated to console services.
Set as a JSON hash. For example, {"Xmx": "512m", "Xms": "512m"}
puppet_enterprise::profile::orchestrator::java_args The JVM memory that is allocated to orchestrations services.
Set as a JSON hash. For example, {"Xmx": "256m", "Xms": "256m"}
Back to top