Config directory (confdir)

Puppet’s confdir is the main directory for the Puppet configuration. It contains config files and the SSL data.

Location

The confdir is located in one of the following locations:
  • *nix root users: /etc/puppetlabs/puppet

  • Non-root users: ~/.puppetlabs/etc/puppet

  • Windows%PROGRAMDATA%\PuppetLabs\puppet\etc (usually C:\ProgramData\PuppetLabs\puppet\etc)

When Puppet is running as root, a Windows user with administrator privileges, or the puppet user, it uses a system-wide confdir. When running as a non-root user, it uses a confdir in that user's home directory.

When running Puppet commands and services as root or puppet, usually you want to use the system codedir. To use the same codedir as the Puppet agent or Puppet master, run admin commands, such as puppet cert, with sudo.

Note: When Puppet master is running as a Rack application, the config.ru file must explicitly set --confdir to the system confdir. The example config.ru file provided with the Puppet source does this.

Puppet’s confdir can’t be set in the puppet.conf, because Puppet needs the confdir to locate that config file. Instead, run commands with the --confdir parameter to specify the confdir. If --confdir isn’t specified when a Puppet application is started, the command will use the default confdir location.

Puppet Server uses the jruby-puppet.master-conf-dir setting in puppetserver.conf to configure its confdir. If you are using a non-default confdir, you must specify --confdir when you run commands like puppet module or puppet cert to ensure they use the same directories as Puppet Server.

Interpolation of $confdir

The value of the confdir is discovered before other settings, so you can reference it, using the $confdir variable, in the value of any other setting in puppet.conf.

If you need to set nonstandard values for some settings, using the $confdir variable allows you to avoid absolute paths and keep your Puppet-related files together.

Contents

The confdir contains several config files and the SSL data. You can change their locations, but unless you have a technical reason that prevents it, use the default structure. Click the links to see documentation for the files and directories in the codedir.

On all nodes, agent and master, the confdir contains the following directories and config files:
On master nodes, and sometimes standalone nodes that run Puppet apply, the confdir also contains:
  • auth.conf : Access control rules for the master’s network services.
  • fileserver.conf : Configuration for additional fileserver mount points.
  • hiera.yaml : The global configuration for Hiera data lookup. Environments and modules can also have their own hiera.yaml files.
    Note: To provide backward compatibility for Puppet versions 4.0 to 4.4, if a hiera.yaml file exists in the global codedir, it takes precedence over the hiera.yaml in the global confdir. For Puppet to honor the hiera.yaml in the confdir, there must be no hiera.yaml file in the codedir.
  • routes.yaml : Advanced configuration of indirector behavior.
On certificate authority masters, the confdir also contains:
On nodes that are acting as a proxy for configuring network devices, the confdir also contains:
  • device.conf : Configuration for network devices managed by the puppet device command.