After installing Puppet Enterprise, you can change product settings to customize the console's behavior, adjust to your team's needs, and improve performance.
Configure the PE console and console-services
To configure the behavior of the console and console-services, you can modify profile-based parameters from the console.
- In the console, click Classification, and in the PE Infrastructure group, select the PE Console group.
- On the Configuration tab, locate the appropriate class, add parameters and values as needed, and commit changes.
- On the nodes hosting the master and console, run Puppet.
Console and console-services parameters
Use these parameters to customize the behavior of the console and console-services. Parameters that begin with
puppet_enterprise::profile can be modified from the console itself.
| ||Integer representing, in seconds, the classifier synchronization period, which controls how long it takes the node classifier to retrieve classes from the master.|| |
|Integer specifying how many failed login attempts are allowed on an account before that account is revoked.|
|Integer representing, in hours, how long a user's generated token is valid for. An administrator generates this token for a user so that they can reset their password.|
| ||Integer representing, in minutes, how long a user's session may last. The session length is the same for node classification, RBAC, and the console.|| |
| ||Integer representing the maximum allowable period that a console session may be valid. May be set to "0" to not expire before the maximum token lifetime. Supported units are "s" (seconds), "m" (minutes), "h" (hours), "d" (days), "y" (years). Units are specified as a single letter following an integer, for example "1d" (1 day). If no units are specified, the integer is treated as seconds.|| |
| ||Integer representing the port that the console is available on.|| |
| ||Nginx listen address for the console|| |
| ||Integer representing the number of days to wait before pruning the size of the classifier database. If you set the value to || |
| || || |
| || || |
| ||SSL port that the node classifier is served on.|| |
| ||Length of time, in seconds, before a node is considered unresponsive.|| |
Manage the HTTPS redirect
By default, the console redirects to HTTPS when you attempt to connect over HTTP. You can customize the redirect target URL or disable redirection.
Customize the HTTPS redirect target URL
By default, the redirect target URL is the same as the FQDN of your monolithic master, or in a split install, your console host. You can customize this redirect URL.
For example, to change the redirect target URL to
Disable the HTTPS redirect
The pe-nginx webserver listens on port 80 by default. If you need to run your own service on port 80, you can disable the HTTPS redirect.
- Edit your Hiera data file to disable HTTP redirect.
- Run Puppet on your master.
Tuning the PostgreSQL buffer pool size
If you are experiencing performance issues or instability with the console, adjust the buffer memory settings for PostgreSQL.
The most important PostgreSQL memory settings for PE are
- In the console, click Classification, and in the PE Infrastructure group, select the PE Database group.
- On the Configuration tab, specify parameters as needed and commit changes.
Parameter Value shared_buffers Set at about 25 percent of your hardware's RAM. work_mem In large or complex deployments, increase the value from the default 1MB.
- Restart the PostgreSQL server:
sudo /etc/init.d/pe-postgresql restart
Enable data editing in the console
The ability to edit configuration data in the console is enabled by default in new installations. If you upgrade from an earlier version and didn't previously have configuration data enabled, you must manually enable classifier configuration data, because enabling requires edits to your
hierarchy: - name: "Classifier Configuration Data" data_hash: classifier_data
Place any additional hierarchy entries, such as
hiera-eyaml under the same
hierarchy key, preferably below the
Classifier Configuration Data entry.
If your environment is configured for high availability, you must also update
hiera.yaml on your replica.