Configure the console
After installing Puppet Enterprise (PE), you can change product settings to customize the PE console's behavior. You can configure many of these settings directly in the console.
Configure the PE console and console-services
You can configure the behavior of the console and the console-services
service.
You can set Password complexity parameters and a variety of
other Console and console-services parameters, such as rbac_token_maximum_lifetime
or display_local_time
.
Parameters are set in the PE console, with Hiera, or in pe.conf
.
To configure settings in the PE console:
Console and console-services
parameters
In the PE Console node group, these parameters customize the
behavior of the console and the console-services
service.
You can modify parameters that begin with
puppet_enterprise::profile
in the PE console.
puppet_enterprise::profile::console::classifier_synchronization_period
- An integer representing, in seconds, the classifier synchronization period. This controls how long the node classifier can take to retrieve classes from the primary server.
puppet_enterprise::profile::console::ldap_sync_period_seconds
- An integer specifying, in seconds, the interval at which LDAP user details and group membership associations are synchronized.
puppet_enterprise::profile::console::rbac_failed_attempts_lockout
- An integer specifying how many failed login attempts are allowed on an account before the account is revoked.
puppet_enterprise::profile::console::rbac_password_reset_expiration
- An integer representing the number of hours that password reset tokens are valid.
puppet_enterprise::profile::console::rbac_session_timeout
- An integer representing, in minutes, how long a user's session can last.
puppet_enterprise::profile::console::session_maximum_lifetime
- A string representing how long a console session can last.
puppet_enterprise::profile::console::rbac_token_auth_lifetime
- A string representing the default authentication lifetime for a token.
puppet_enterprise::profile::console::rbac_token_maximum_lifetime
- A string representing the maximum allowable lifetime for all tokens.
puppet_enterprise::profile::console::console_ssl_listen_port
- An integer representing the port that the console listens on.
puppet_enterprise::profile::console::ssl_listen_address
- A string containing an IP address repesenting the console's NGINX listen address.
puppet_enterprise::profile::console::classifier_prune_threshold
- An integer representing the number of days to wait before pruning the node
classifier database. The node classifier database contains node check-in
history if
classifier_node_check_in_storage
is enabled. puppet_enterprise::profile::console::classifier_node_check_in_storage
- A Boolean specifying whether to create records when nodes check in with the node classifier. These records describe how nodes match the node groups they're classified into.
puppet_enterprise::profile::console::display_local_time
- A Boolean indicating whether to show timestamps in the local time or UTC.
puppet_enterprise::profile::console::disclaimer_content_path
- Specifies the location of the
disclaimer.txt
file containing disclaimer content that can appear on the console login page if you Create a custom login disclaimer.
pe.conf
, not the console:puppet_enterprise::api_port
- An integer specifying the SSL port that the node classifier is served on.
puppet_enterprise::console_services::no_longer_reporting_cutoff
- Length of time, in seconds, before a node is considered unresponsive.
console_admin_password
- The password to log into the console as the admin.
Password complexity parameters
These parameters set complexity requirements for new passwords created by local users.
puppet_enterprise::profile::console::login_minimum_length
- An integer specifying the minimum number of characters required in a login (user name). For example, user names must be at least six characters.
puppet_enterprise::profile::console::password_minimum_length
- An integer specifying the minimum number of characters required in a password. For example, passwords must be at least eight characters.
puppet_enterprise::profile::console::letters_required
- An integer specifying the minimum number of letter characters required in a password. For example, passwords must have at least one letter.
puppet_enterprise::profile::console::lowercase_letters_required
- An integer specifying the minimum number of lowercase letter characters required in a password. For example, passwords must have at least one lowercase letter.
puppet_enterprise::profile::console::uppercase_letters_required
- An integer specifying the minimum number of capital letter characters required in a password. For example, passwords must have at least one capital letter.
puppet_enterprise::profile::console::numbers_required
- An integer specifying the minimum number of number characters required in a password. For example, passwords must have at least one number, 0 through 9.
puppet_enterprise::profile::console::special_characters_required
- An integer specifying the minimum number of special characters required
in a password, such as
@
,#
,$
, or!
. For example, passwords must have at least one special character. puppet_enterprise::profile::console::number_of_previous_passwords
- An integer specifying the number of previous passwords the system remembers so they can't be reused when a user changes their password. For example, a users new password can't be the same as any of the user's previous three passwords.
puppet_enterprise::profile::console::username_substring_match
- A Boolean specifying whether to compare logins (user names) and passwords for uniqueness.
puppet_enterprise::profile::console::substring_character_limit
- An integer specifying how many consecutive characters from the login (user name) can appear in the password. For example, passwords cannot include more than three consecutive characters from the login.
For RBAC-related parameters, such as rbac_failed_attempts_lockout
, refer to Console and console-services parameters and Configure RBAC and token-based authentication settings.
Manage the HTTPS redirect
By default, the Puppet Enterprise (PE) console redirects to HTTPS when you attempt to connect over HTTP. You can customize the redirect target URL or disable redirection.
Set the HTTPS redirect target URL
The default redirect target URL is your primary server's FQDN. You can customize the redirect URL.
Disable the HTTPS redirect
By default, the pe-nginx
webserver listens on port
80. If you need to run your own service on port 80, you can use Hiera to disable the HTTPS redirect.
Enable data editing in the console
In new Puppet Enterprise (PE) installations, you can, by default,
edit configuration data in the console. If you upgraded from an earlier PE version where you hadn't already enabled editing of
configuration data, you must use Hiera to manually enable Classifier Configuration Data
.
Add custom PQL queries to the console
Add your own Puppet Query Language (PQL) queries to the console to quickly access them when running jobs.