fileserver.conf file configures custom static mount points for Puppet’s file server. If custom mount points are present,
file resources can access them with their
When to use fileserver.conf
This file is only necessary if you are creating custom mount points.
Puppet automatically serves files from the
files directory of every module, and most users find this sufficient. (More info on serving files from modules.) However, custom mount points are useful for things that shouldn’t be stored in version control with your modules, like very large files and sensitive credentials.
fileserver.conf file is located at
$confdir/fileserver.conf by default. Its location is configurable with the
The location of the
confdir depends on your OS. See the confdir documentation for details.
# Files in the /path/to/files directory will be served # at puppet:///extra_files/. [extra_files] path /etc/puppetlabs/puppet/extra_files allow *
fileserver.conf file would create a new mount point named
Caution: You should always restrict write access to mounted directories. The file server will follow any symlinks in a file server mount, including links to files that agent nodes should not access (like SSL keys).
When following symlinks, the file server can access any files readable by Puppet Server’s user account.
fileserver.conf uses a one-off format that resembles an INI file without the equals (
=) signs. It is a series of mount-point stanzas, where each stanza consists of:
[mount_point_name]surrounded by square brackets. This will become the name used in
puppet:///URLs for files in this mount point.
path <PATH>directive, where
<PATH>is an absolute path on disk. This is where the mount point’s files are stored.
Deprecated security directives
fileserver.conf could use
deny directives to control which nodes can access various files. This feature is now deprecated, and will be removed in a future release of Puppet.
Instead, you can use
auth.conf to control access to mount points. The page on setting up mount points has details and examples.
The only security directive that should be present in
fileserver.conf is an
allow * directive for every mount point.