Configuring and tuning PuppetDB
After you've installed Puppet Enterprise, optimize it for your environment by configuring and tuning PuppetDB configuration as needed.
Additional information about configuring PuppetDB is available in the PuppetDB configuration documentation. Be sure to check that the PuppetDB docs version you're looking at matches the one version of PuppetDB in your PE.
Configure agent run reports in the console
By default, every time Puppet runs, the master generates agent run reports and submits them to PuppetDB. These agent run reports can be enabled or disabled in the console.
- Click Classification, and in the PE Infrastructure group, select the PE Master group.
- On the Configuration tab, locate or add the
puppet_enterprise::profile::master::puppetdbclass, select the
report_processor_ensureparameter, and enter the value
presentto enable agent run reports or
absentto disable agent run reports.
- Click Add parameter, and commit changes.
Configure agent run reports in Hiera
By default, every time Puppet runs, the master generates agent run reports and submits them to PuppetDB. These agent run reports can be enabled or disabled in Hiera.
- Edit your
absent(disabled), as shown in the following code:
puppet_enterprise::profile::master::puppetdb::report_processor_ensure: <PRESENT or ABSENT>
Configure command processing threads
command_processing_threads setting defines how many command processing threads PuppetDB uses to sort incoming data. Each thread can process a single command at a time.
This setting defaults to half the number of cores in your system.
.yamlfile to add the following code:
puppet_enterprise::puppetdb::command_processing_threads: <NUMBER OF THREADS>
Use this parameter to set the "time-to-live" value before PE automatically deletes nodes that have been deactivated or expired. This also deletes all facts, catalogs, and reports for the relevant nodes.
.yamlfile and set the
To set time using other units, use the following suffixes:
Change the PuppetDB user password
The console uses a database user account to access its PostgreSQL database. Change it if it is compromised or to comply with security guidelines.
To change the password:
- Stop the
puppetservice by running
puppet resource service pe-puppetdb ensure=stopped
- On the database server (which might or might not be the same as PuppetDB, depending on your deployment's architecture) use the PostgreSQL administration tool of your choice to change the user's password. With the standard psql client, you can do this by running
ALTER USER console PASSWORD '<new password>';
/etc/puppetlabs/puppetdb/conf.d/database.inion the PuppetDB server and change the
production, depending on your configuration, to contain the new password.
- Start the
pe-puppetdbservice on the console server by running
puppet resource service pe-puppetdb ensure=running
Configure blacklisted facts
facts_blacklist to exclude facts from being stored in the PuppetDB database.
.yamlfile and set the
mountpointsfacts from being stored in PuppetDB:
puppet_enterprise::puppetdb::database_ini::facts_blacklist: - 'system_uptime' - 'mountpoints'