confdir is the main directory for the Puppet configuration. It contains config files and the SSL data.
*nix root users:
When Puppet is running as
root, a Windows user with administrator privileges, or the
puppet user, it uses a system-wide confdir. When running as a non-root user, it uses a confdir in that user's home directory.
When running Puppet commands and services as
puppet, usually you want to use the system codedir. To use the same codedir as the Puppet agent or Puppet master, run admin commands, such as
puppet cert, with
config.rufile must explicitly set
--confdirto the system confdir. The example
config.rufile provided with the Puppet source does this.
Puppet’s confdir can’t be set in the
puppet.conf, because Puppet needs the confdir to locate that config file. Instead, run commands with the
--confdir parameter to specify the confdir. If
--confdir isn’t specified when a Puppet application is started, the command will use the default confdir location.
Puppet Server uses the
jruby-puppet.master-conf-dir setting in
puppetserver.conf to configure its confdir. If you are using a non-default confdir, you must specify
--confdir when you run commands like
puppet module or
puppet cert to ensure they use the same directories as Puppet Server.
The value of the confdir is discovered before other settings, so you can reference it, using the
$confdir variable, in the value of any other setting in
If you need to set nonstandard values for some settings, using the
$confdir variable allows you to avoid absolute paths and keep your Puppet-related files together.
The confdir contains several config files and the SSL data. You can change their locations, but unless you have a technical reason that prevents it, use the default structure. Click the links to see documentation for the files and directories in the codedir.
auth.conf: Access control rules for the master’s network services.
fileserver.conf: Configuration for additional fileserver mount points.
hiera.yaml: The global configuration for Hiera data lookup. Environments and modules can also have their own
hiera.yamlfiles.Note: To provide backward compatibility for Puppet versions 4.0 to 4.4, if a
hiera.yamlfile exists in the global codedir, it takes precedence over the
hiera.yamlin the global confdir. For Puppet to honor the
hiera.yamlin the confdir, there must be no
hiera.yamlfile in the codedir.
routes.yaml: Advanced configuration of indirector behavior.
autosign.conf: List of pre-approved certificate requests.
device.conf: Configuration for network devices managed by the