Config directory (confdir)

Puppet’s confdir is the main directory for the Puppet configuration. It contains configuration files and the SSL data.

Location

The confdir is located in one of the following locations:
  • *nix root users: /etc/puppetlabs/puppet

  • Non-root users: ~/.puppetlabs/etc/puppet

  • Windows: %PROGRAMDATA%\PuppetLabs\puppet\etc (usually C:\ProgramData\PuppetLabs\puppet\etc)

When Puppet is running as root, a Windows user with administrator privileges, or the puppet user, it uses a system-wide confdir. When running as a non-root user, it uses a confdir in that user's home directory.

When running Puppet commands and services as root or puppet, usually you want to use the system codedir. To use the same codedir as the Puppet agent or the primary Puppet server, run admin commands with sudo.

Puppet’s confdir can’t be set in the puppet.conf, because Puppet needs the confdir to locate that config file. Instead, run commands with the --confdir parameter to specify the confdir. If --confdir isn’t specified when a Puppet application is started, the command uses the default confdir location.

Puppet Server uses the jruby-puppet.server-conf-dir setting in puppetserver.conf to configure its confdir. If you are using a non-default confdir, you must specify --confdir when you run commands like puppet module to ensure they use the same directories as Puppet Server.

Interpolation of $confdir

The value of the confdir is discovered before other settings, so you can reference it, using the $confdir variable, in the value of any other setting in puppet.conf.

If you need to set nonstandard values for some settings, using the $confdir variable allows you to avoid absolute paths and keep your Puppet-related files together.

Contents

The confdir contains several config files and the SSL data. You can change their locations, but unless you have a technical reason that prevents it, use the default structure. Click the links to see documentation for the files and directories in the codedir.

On all nodes, agent and primary server, the confdir contains the following directories and config files:
  • ssl directory: contains each node’s certificate infrastructure.
  • puppet.conf: Puppet’s main config file.
  • csr_attributes.yaml: Optional data to be inserted into new certificate requests.
On primary server nodes, and sometimes standalone nodes that run Puppet apply, the confdir also contains:
  • auth.conf: Access control rules for the primary server's network services.
  • fileserver.conf: Configuration for additional fileserver mount points.
  • hiera.yaml: The global configuration for Hiera data lookup. Environments and modules can also have their own hiera.yaml files.
    Note: To provide backward compatibility for some existing Puppet 4 installations, if a hiera.yaml file exists in the codedir, it takes precedence over hiera.yaml in the confdir. To ensure that Puppet honors the configuration in the confdir, remove any hiera.yaml file that is present in the codedir.
  • routes.yaml : Advanced configuration of indirector behavior.
On certificate authority servers, the confdir also contains:
On nodes that are acting as a proxy for configuring network devices, the confdir also contains:
  • device.conf: Configuration for network devices managed by the puppet device command.