Config directory (confdir)
Puppet’s confdir
is the main directory for the Puppet configuration. It contains config
files and the SSL data.
Location
-
*nix root users:
/etc/puppetlabs/puppet
-
Non-root users:
~/.puppetlabs/etc/puppet
-
Windows:
%PROGRAMDATA%\PuppetLabs\puppet\etc
(usuallyC:\ProgramData\PuppetLabs\puppet\etc
)
When Puppet
is running as root
,
a Windows user with administrator
privileges, or the puppet
user, it uses a system-wide confdir. When running as a non-root
user, it uses a confdir in that user's home directory.
When running Puppet commands and
services as root
or puppet
,
usually you want to use the system codedir. To use the same codedir as the Puppet agent or Puppet master, run admin commands, such
as puppet
cert
, with sudo
.
config.ru
file must explicitly set --confdir
to the system
confdir. The example config.ru
file provided with the Puppet source does this.Puppet’s confdir can’t be set in the puppet.conf
, because Puppet needs the confdir to locate that
config file. Instead, run commands with the --confdir
parameter to specify the confdir.
If --confdir
isn’t specified when a Puppet application is started,
the command will use the default confdir location.
Puppet Server uses the jruby-puppet.master-conf-dir
setting in
puppetserver.conf
to configure its confdir. If you are using a non-default confdir, you must
specify --confdir
when you run commands like puppet
module
or puppet cert
to ensure they use the same directories
as Puppet Server.
Interpolation of $confdir
The value of the confdir is discovered before
other settings, so you can reference it, using the $confdir
variable, in the value of
any other setting in puppet.conf
.
If you need to set nonstandard
values for some settings, using the $confdir
variable allows you to avoid absolute paths and
keep your Puppet-related files
together.
Contents
The confdir contains several config files and the SSL data. You can change their locations, but unless you have a technical reason that prevents it, use the default structure. Click the links to see documentation for the files and directories in the codedir.
-
ssl
directory: contains each node’s certificate infrastructure. -
puppet.conf
: Puppet’s main config file. -
csr_attributes.yaml
: Optional data to be inserted into new certificate requests.
-
auth.conf
: Access control rules for the master’s network services. -
fileserver.conf
: Configuration for additional fileserver mount points. -
hiera.yaml
: The global configuration for Hiera data lookup. Environments and modules can also have their ownhiera.yaml
files.Note: To provide backward compatibility for Puppet versions 4.0 to 4.4, if ahiera.yaml
file exists in the global codedir, it takes precedence over thehiera.yaml
in the global confdir. For Puppet to honor thehiera.yaml
in the confdir, there must be nohiera.yaml
file in the codedir. -
routes.yaml
: Advanced configuration of indirector behavior.
-
autosign.conf
: List of pre-approved certificate requests.
-
device.conf
: Configuration for network devices managed by thepuppet device
command.