Puppet Enterprise 2018.1

Puppet orchestrator has several internal settings to help tune and manage your orchestration service. Most of these do not need to be changed, but can be edited in Hiera if needed.

Orchestration services settings

global.conf: Global logging and SSL settings

/etc/puppetlabs/orchestration-services/conf.d/global.conf contains settings shared across the Puppet Enterprise (PE) orchestration services.

The file global.certs typically requires no changes and contains the following settings:
SettingDefinitionDefault
ssl-cert Certificate file path for the orchestrator host. /etc/puppetlabs/orchestration-services/ssl/<orchestrator-host-fqdn>.cert.pem
ssl-key Private key path for the orchestrator host. /etc/puppetlabs/orchestration-services/ssl/<orchestrator-host-fqdn>.private_key.pem
ssl-ca-cert CA file path /etc/puppetlabs/puppet/ssl/ca.pem
The file global.logging-config is a path to logback.xml file that configures logging for most of the orchestration services. See http://logback.qos.ch/manual/configuration.html for documentation on the structure of the logback.xml file. It configures the log location, rotation, and formatting for the following:
  • orchestration-services (appender section F1)
  • orchestration-services status (STATUS)
  • pcp-broker (PCP)
  • pcp-broker access (PCP_ACCESS)
  • aggregate-node-count (AGG_NODE_COUNT)

bootstrap.cfg: Allow list of trapperkeeper services to start

/etc/puppetlabs/orchestration-services/bootstrap.cfg is the list of trapperkeeper services from the orchestrator and pcp-broker projects that are loaded when the pe-orchestration-services system service starts.
  • To disable a service in this list, remove it or comment it with a # character and restart pe-orchestration-services
  • To enable an NREPL service for debugging, add puppetlabs.trapperkeeper.services.nrepl.nrepl-service/nrepl-service to this list and restart pe-orchestration-services.

webserver.conf and web-routes.conf: The pcp-broker and orchestrator HTTP services

/etc/puppetlabs/orchestration-services/conf.d/webserver.conf describes how and where to the run pcp-broker and orchestrator web services, which accept HTTP API requests from the rest of the PE installation and from external nodes and users.

The file webserver.orchestrator configures the orchestrator web service. Defaults are as follows:

SettingDefinitionDefault
access-log-config A logback XML file configuring logging for orchestrator access messages. /etc/puppetlabs/orchestration-services/request-logging.xml
client-auth Determines the mode that the server uses to validate the client's certificate for incoming SSL connections. want or need
default-server Allows multi-server configurations to run operations without specifying a server-id. Without a server-id, operations will run on the selected default. Optional. true
ssl-ca-cert Sets the path to the CA certificate PEM file used for client authentication. /etc/puppetlabs/puppet/ssl/certs/ca.pem
ssl-cert Sets the path to the server certificate PEM file used by the web service for HTTPS. /etc/puppetlabs/orchestration-services/ssl/<orchestrator-host-fqdn>.cert.pem
ssl-crl-path Describes a path to a Certificate Revocation List file. Optional. /etc/puppetlabs/puppet/ssl/crl.pem
ssl-host Sets the host name to listen on for encrypted HTTPS traffic. 0.0.0.0.
ssl-key Sets the path to the private key PEM file that corresponds with the ssl-cert /etc/puppetlabs/orchestration-services/ssl/<orchestrator-host-fqdn>.private_key.pem
ssl-port Sets the port to use for encrypted HTTPS traffic. 8143

The file webserver.pcp-broker configures the pcp-broker web service. Defaults are as follows:

SettingDefinitionDefault
client-auth Determines the mode that the server uses to validate the client's certificate for incoming SSL connections. want or need
ssl-ca-cert Sets the path to the CA certificate PEM file used for client authentication. /etc/puppetlabs/puppet/ssl/certs/ca.pem
ssl-cert Sets the path to the server certificate PEM file used by the web service for HTTPS. /etc/puppetlabs/orchestration-services/ssl/<orchestrator-host-fqdn>.cert.pem
ssl-crl-path Describes a path to a Certificate Revocation List file. Optional. /etc/puppetlabs/puppet/ssl/crl.pem
ssl-host Sets the host name to listen on for encrypted HTTPS traffic. 0.0.0.0.
ssl-key Sets the path to the private key PEM file that corresponds with the ssl-cert. /etc/puppetlabs/orchestration-services/ssl/<orchestrator-host-fqdn>.private_key.pem
ssl-port Sets the port to use for encrypted HTTPS traffic. 8142

/etc/puppetlabs/orchestration-services/conf.d/web-routes.conf describes how to route HTTP requests made to the API web servers, designating routes for interactions with other services. These should not be modified. See the configuration options at the trapperkeeper-webserver-jetty project's docs

analytics.conf: Analytics trapperkeeper service configuration

/etc/puppetlabs/orchestration-services/conf.d/analytics.conf contains the internal setting for the analytics trapperkeeper service.
SettingDefinitionDefault
analytics.url Specifies the API root. <puppetserver-host-url>:8140/analytics/v1

auth.conf: Authorization trapperkeeper service configuration

/etc/puppetlabs/orchestration-services/conf.d/auth.conf contains internal settings for the authorization trapperkeeper service. See configuration options in the trapperkeeper-authorization project's docs.

metrics.conf: JXM metrics trapperkeeper service configuration

/etc/puppetlabs/orchestration-services/conf.d/metrics.conf contains internal settings for the JMX metrics service built into orchestration-services. See the service configuration options in the trapperkeeper-metrics project's docs.

orchestrator.conf: Orchestrator trapperkeeper service configuration

/etc/puppetlabs/orchestration-services/conf.d/orchestrator.conf contains internal settings for the orchestrator project's trapperkeeper service.

pcp-broker.conf: PCP broker trapperkeeper service configuration

/etc/puppetlabs/orchestration-services/conf.d/pcp-broker.conf contains internal settings for the pcp-broker project's trapperkeeper service. See the service configuration options in the pcp-broker project's docs.

Back to top
The page rank or the 1 our of 5 rating a user has given the page.
The email address of the user submitting feedback.
The URL of the page being ranked/rated.