puppet 4.10.9-universal-darwin → 4.10.10-universal-darwin

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (104) hide show
  1. checksums.yaml +4 -4
  2. data/lib/puppet/agent.rb +22 -2
  3. data/lib/puppet/application.rb +18 -1
  4. data/lib/puppet/application/agent.rb +9 -2
  5. data/lib/puppet/application/apply.rb +1 -1
  6. data/lib/puppet/application/config.rb +1 -0
  7. data/lib/puppet/application/device.rb +1 -2
  8. data/lib/puppet/application/filebucket.rb +22 -5
  9. data/lib/puppet/application/help.rb +1 -0
  10. data/lib/puppet/application/inspect.rb +2 -0
  11. data/lib/puppet/application/lookup.rb +1 -3
  12. data/lib/puppet/application_support.rb +6 -1
  13. data/lib/puppet/defaults.rb +33 -4
  14. data/lib/puppet/face/config.rb +13 -0
  15. data/lib/puppet/functions/each.rb +10 -4
  16. data/lib/puppet/functions/lookup.rb +2 -2
  17. data/lib/puppet/functions/map.rb +12 -2
  18. data/lib/puppet/functions/reduce.rb +45 -2
  19. data/lib/puppet/interface.rb +1 -0
  20. data/lib/puppet/module_tool/tar/mini.rb +57 -4
  21. data/lib/puppet/network/http/factory.rb +9 -0
  22. data/lib/puppet/network/http/webrick.rb +1 -3
  23. data/lib/puppet/node.rb +10 -0
  24. data/lib/puppet/node/facts.rb +9 -0
  25. data/lib/puppet/parser/functions/sprintf.rb +17 -3
  26. data/lib/puppet/pops/loader/static_loader.rb +2 -2
  27. data/lib/puppet/pops/lookup/hiera_config.rb +2 -2
  28. data/lib/puppet/pops/merge_strategy.rb +16 -1
  29. data/lib/puppet/pops/types/iterable.rb +2 -0
  30. data/lib/puppet/pops/types/type_factory.rb +1 -1
  31. data/lib/puppet/pops/types/type_mismatch_describer.rb +15 -5
  32. data/lib/puppet/pops/types/types.rb +4 -2
  33. data/lib/puppet/provider/service/smf.rb +2 -2
  34. data/lib/puppet/provider/service/systemd.rb +1 -0
  35. data/lib/puppet/provider/service/upstart.rb +1 -1
  36. data/lib/puppet/settings/environment_conf.rb +10 -2
  37. data/lib/puppet/transaction.rb +3 -0
  38. data/lib/puppet/transaction/report.rb +8 -1
  39. data/lib/puppet/type.rb +1 -9
  40. data/lib/puppet/type/user.rb +9 -3
  41. data/lib/puppet/util/http_proxy.rb +14 -6
  42. data/lib/puppet/version.rb +1 -1
  43. data/locales/puppet.pot +29 -13
  44. data/man/man5/puppet.conf.5 +276 -55
  45. data/man/man8/extlookup2hiera.8 +2 -2
  46. data/man/man8/puppet-agent.8 +32 -10
  47. data/man/man8/puppet-apply.8 +21 -6
  48. data/man/man8/puppet-ca.8 +48 -34
  49. data/man/man8/puppet-catalog.8 +4 -4
  50. data/man/man8/puppet-cert.8 +23 -6
  51. data/man/man8/puppet-certificate.8 +44 -28
  52. data/man/man8/puppet-certificate_request.8 +4 -4
  53. data/man/man8/puppet-certificate_revocation_list.8 +4 -4
  54. data/man/man8/puppet-config.8 +5 -5
  55. data/man/man8/puppet-describe.8 +3 -3
  56. data/man/man8/puppet-device.8 +23 -13
  57. data/man/man8/puppet-doc.8 +5 -5
  58. data/man/man8/puppet-epp.8 +16 -10
  59. data/man/man8/puppet-facts.8 +4 -4
  60. data/man/man8/puppet-file.8 +4 -4
  61. data/man/man8/puppet-filebucket.8 +63 -6
  62. data/man/man8/puppet-generate.8 +84 -0
  63. data/man/man8/puppet-help.8 +4 -4
  64. data/man/man8/puppet-inspect.8 +8 -5
  65. data/man/man8/puppet-key.8 +4 -4
  66. data/man/man8/puppet-lookup.8 +87 -0
  67. data/man/man8/puppet-man.8 +5 -5
  68. data/man/man8/puppet-master.8 +5 -5
  69. data/man/man8/puppet-module.8 +22 -13
  70. data/man/man8/puppet-node.8 +4 -4
  71. data/man/man8/puppet-parser.8 +4 -4
  72. data/man/man8/puppet-plugin.8 +4 -4
  73. data/man/man8/puppet-report.8 +4 -4
  74. data/man/man8/puppet-resource.8 +4 -8
  75. data/man/man8/puppet-resource_type.8 +4 -4
  76. data/man/man8/puppet-status.8 +5 -5
  77. data/man/man8/puppet.8 +12 -3
  78. data/spec/fixtures/unit/application/environments/production/data/common.yaml +2 -0
  79. data/spec/integration/agent/logging_spec.rb +2 -0
  80. data/spec/integration/provider/cron/crontab_spec.rb +1 -0
  81. data/spec/unit/agent_spec.rb +33 -0
  82. data/spec/unit/application/config_spec.rb +4 -0
  83. data/spec/unit/application/inspect_spec.rb +11 -0
  84. data/spec/unit/application/lookup_spec.rb +30 -0
  85. data/spec/unit/application_spec.rb +18 -0
  86. data/spec/unit/environments_spec.rb +15 -0
  87. data/spec/unit/face/config_spec.rb +1 -2
  88. data/spec/unit/functions/break_spec.rb +108 -49
  89. data/spec/unit/functions/defined_spec.rb +2 -2
  90. data/spec/unit/functions/lookup_spec.rb +88 -3
  91. data/spec/unit/interface_spec.rb +12 -0
  92. data/spec/unit/module_tool/tar/mini_spec.rb +34 -5
  93. data/spec/unit/network/http/factory_spec.rb +22 -0
  94. data/spec/unit/network/http/webrick_spec.rb +30 -29
  95. data/spec/unit/parser/functions/sprintf_spec.rb +26 -0
  96. data/spec/unit/pops/loaders/static_loader_spec.rb +1 -1
  97. data/spec/unit/pops/types/type_calculator_spec.rb +21 -0
  98. data/spec/unit/pops/types/type_mismatch_describer_spec.rb +9 -0
  99. data/spec/unit/provider/service/smf_spec.rb +2 -4
  100. data/spec/unit/provider/service/systemd_spec.rb +14 -0
  101. data/spec/unit/resource/catalog_spec.rb +10 -0
  102. data/spec/unit/transaction/report_spec.rb +19 -0
  103. data/spec/unit/util/http_proxy_spec.rb +37 -0
  104. metadata +4 -2
@@ -367,9 +367,15 @@ module Puppet
367
367
  end
368
368
 
369
369
  newparam(:managehome, :boolean => true, :parent => Puppet::Parameter::Boolean) do
370
- desc "Whether to manage the home directory when managing the user.
371
- This will create the home directory when `ensure => present`, and
372
- delete the home directory when `ensure => absent`. Defaults to `false`."
370
+ desc "Whether to manage the home directory when Puppet creates or removes the user.
371
+ This creates the home directory if Puppet also creates the user account, and deletes the
372
+ home directory if Puppet also removes the user account. Defaults to `false`.
373
+
374
+ This parameter has no effect unless Puppet is also creating or removing the user in the
375
+ resource at the same time. For instance, Puppet creates a home directory for a managed
376
+ user if `ensure => present` and the user does not exist at the time of the Puppet run.
377
+ If the home directory is then deleted manually, Puppet will not recreate it on the next
378
+ run."
373
379
 
374
380
  defaultto false
375
381
 
@@ -1,5 +1,6 @@
1
1
  require 'uri'
2
2
  require 'openssl'
3
+ require 'puppet/network/http'
3
4
 
4
5
  module Puppet::Util::HttpProxy
5
6
  def self.proxy(uri)
@@ -172,7 +173,13 @@ module Puppet::Util::HttpProxy
172
173
 
173
174
  0.upto(redirect_limit) do |redirection|
174
175
  proxy = get_http_object(current_uri)
175
- response = proxy.send(:head, current_uri.path)
176
+
177
+ headers = { 'Accept' => '*/*', 'User-Agent' => Puppet[:http_user_agent] }
178
+ if Puppet.features.zlib?
179
+ headers.merge!({"Accept-Encoding" => Puppet::Network::HTTP::Compression::ACCEPT_ENCODING})
180
+ end
181
+
182
+ response = proxy.send(:head, current_uri.path, headers)
176
183
 
177
184
  if [301, 302, 307].include?(response.code.to_i)
178
185
  # handle the redirection
@@ -180,11 +187,12 @@ module Puppet::Util::HttpProxy
180
187
  next
181
188
  end
182
189
 
183
- if block_given?
184
- headers = {'Accept' => 'binary', 'accept-encoding' => 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3'}
185
- response = proxy.send("request_#{method}".to_sym, current_uri.path, headers, &block)
186
- else
187
- response = proxy.send(method, current_uri.path)
190
+ if method != :head
191
+ if block_given?
192
+ response = proxy.send("request_#{method}".to_sym, current_uri.path, headers, &block)
193
+ else
194
+ response = proxy.send(method, current_uri.path, headers)
195
+ end
188
196
  end
189
197
 
190
198
  Puppet.debug("HTTP #{method.to_s.upcase} request to #{current_uri} returned #{response.code} #{response.message}")
@@ -6,7 +6,7 @@
6
6
  # Raketasks and such to set the version based on the output of `git describe`
7
7
 
8
8
  module Puppet
9
- PUPPETVERSION = '4.10.9'
9
+ PUPPETVERSION = '4.10.10'
10
10
 
11
11
  ##
12
12
  # version is a public API method intended to always provide a fast and
@@ -1,16 +1,16 @@
1
1
  # SOME DESCRIPTIVE TITLE.
2
- # Copyright (C) 2017 Puppet, Inc.
2
+ # Copyright (C) 2018 Puppet, Inc.
3
3
  # This file is distributed under the same license as the Puppet automation framework package.
4
- # FIRST AUTHOR <EMAIL@ADDRESS>, 2017.
4
+ # FIRST AUTHOR <EMAIL@ADDRESS>, 2018.
5
5
  #
6
6
  #, fuzzy
7
7
  msgid ""
8
8
  msgstr ""
9
- "Project-Id-Version: Puppet automation framework 4.10.8-31-gb1fa1dd\n"
9
+ "Project-Id-Version: Puppet automation framework 4.10.9-68-gf02ce86\n"
10
10
  "\n"
11
11
  "Report-Msgid-Bugs-To: https://tickets.puppetlabs.com\n"
12
- "POT-Creation-Date: 2017-10-10 16:45+0000\n"
13
- "PO-Revision-Date: 2017-10-10 16:45+0000\n"
12
+ "POT-Creation-Date: 2018-01-03 19:17+0000\n"
13
+ "PO-Revision-Date: 2018-01-03 19:17+0000\n"
14
14
  "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
15
15
  "Language-Team: LANGUAGE <LL@li.org>\n"
16
16
  "Language: \n"
@@ -19,18 +19,38 @@ msgstr ""
19
19
  "Content-Transfer-Encoding: 8bit\n"
20
20
  "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
21
21
 
22
- #: ../lib/puppet/application.rb:353
22
+ #: ../lib/puppet/agent.rb:65
23
+ msgid "Execution of %{client_class} did not complete within %{runtimeout} seconds and was terminated."
24
+ msgstr ""
25
+
26
+ #: ../lib/puppet/application.rb:291
27
+ msgid "Invalid environment mode '%{mode_name}'"
28
+ msgstr ""
29
+
30
+ #: ../lib/puppet/application.rb:370
23
31
  msgid "`puppet %{name}` is deprecated and will be removed in a future release."
24
32
  msgstr ""
25
33
 
26
- #: ../lib/puppet/defaults.rb:1720
34
+ #: ../lib/puppet/defaults.rb:1749
27
35
  msgid "Setting 'archive_files' is deprecated. It will be removed in a future release along with the `inspect` command."
28
36
  msgstr ""
29
37
 
30
- #: ../lib/puppet/defaults.rb:1729
38
+ #: ../lib/puppet/defaults.rb:1758
31
39
  msgid "Setting 'archive_file_server' is deprecated. It will be removed in a future release along with the `inspect` command."
32
40
  msgstr ""
33
41
 
42
+ #: ../lib/puppet/face/config.rb:110
43
+ msgid ""
44
+ "The environment should be set in either the `[user]`, `[agent]`, or `[master]`\n"
45
+ "section. Variables set in the `[agent]` section are used when running\n"
46
+ "`puppet agent`. Variables set in the `[user]` section are used when running\n"
47
+ "various other puppet subcommands, like `puppet apply` and `puppet module`; these\n"
48
+ "require the defined environment directory to exist locally. Set the config\n"
49
+ "section by using the `--section` flag. For example,\n"
50
+ "`puppet config --section user set environment foo`. For more information, see\n"
51
+ "https://puppet.com/docs/puppet/latest/configuration.html#environment\n"
52
+ msgstr ""
53
+
34
54
  #: ../lib/puppet/face/help.rb:9
35
55
  msgid "Apache 2 license; see COPYING"
36
56
  msgstr ""
@@ -95,7 +115,7 @@ msgid ""
95
115
  msgstr ""
96
116
 
97
117
  #: ../lib/puppet/face/help.rb:108
98
- msgid "\"Unable to load action #{actionname} from #{face}\""
118
+ msgid "Unable to load action #{actionname} from #{face}"
99
119
  msgstr ""
100
120
 
101
121
  #: ../lib/puppet/face/help.rb:150
@@ -146,10 +166,6 @@ msgstr ""
146
166
  msgid "No Puppet Type found for %{type_name}"
147
167
  msgstr ""
148
168
 
149
- #: ../lib/puppet/type.rb:1324
150
- msgid "The `audit` metaparameter is deprecated and will be ignored in a future release."
151
- msgstr ""
152
-
153
169
  #: ../lib/puppet/util/character_encoding.rb:22
154
170
  msgid "%{value} is already labeled as UTF-8 but this encoding is invalid. It cannot be transcoded by Puppet."
155
171
  msgstr ""
@@ -1,8 +1,8 @@
1
1
  .\" generated with Ronn/v0.7.3
2
- .\" https://github.com/rtomayko/ronn/tree/0.7.3
2
+ .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPETCONF" "5" "May 2015" "Puppet Labs, LLC" "Puppet manual"
5
- \fBThis page is autogenerated; any changes will get overwritten\fR \fI(last generated on 2015\-05\-18 10:15:47 \-0700)\fR
4
+ .TH "PUPPETCONF" "5" "January 2018" "Puppet Labs, LLC" "Puppet manual"
5
+ \fBThis page is autogenerated; any changes will get overwritten\fR \fI(last generated on 2018\-01\-12 16:59:36 \-0600)\fR
6
6
  .
7
7
  .SH "Configuration Settings"
8
8
  .
@@ -30,7 +30,7 @@ The Puppet executables will ignore any setting that isn\'t relevant to their fun
30
30
  .IP "" 0
31
31
  .
32
32
  .P
33
- See the configuration guide \fIhttps://docs\.puppetlabs\.com/guides/configuring\.html\fR for more details\.
33
+ See the configuration guide \fIhttp://docs\.puppetlabs\.com/puppet/latest/reference/config_about_settings\.html\fR for more details\.
34
34
  .
35
35
  .SS "agent_catalog_run_lockfile"
36
36
  A lock file to indicate that a puppet agent catalog run is currently in progress\. The file contains the pid of the process that holds the lock on the catalog run\.
@@ -57,6 +57,9 @@ Whether to allow a new certificate request to overwrite an existing certificate\
57
57
  .IP "" 0
58
58
  .
59
59
  .SS "always_cache_features"
60
+ This setting is deprecated and has been replaced by always_retry_plugins\.
61
+ .
62
+ .P
60
63
  Affects how we cache attempts to load Puppet \'features\'\. If false, then calls to \fBPuppet\.features\.<feature>?\fR will always attempt to load the feature (which can be an expensive operation) unless it has already been loaded successfully\. This makes it possible for a single agent run to, e\.g\., install a package that provides the underlying capabilities for a feature, and then later load that feature during the same run (even if the feature had been tested earlier and had not been available)\.
61
64
  .
62
65
  .P
@@ -67,8 +70,27 @@ If this setting is set to true, then features will only be checked once, and if
67
70
  .
68
71
  .IP "" 0
69
72
  .
73
+ .SS "always_retry_plugins"
74
+ Affects how we cache attempts to load Puppet resource types and features\. If true, then calls to \fBPuppet\.type\.<type>?\fR \fBPuppet\.feature\.<feature>?\fR will always attempt to load the type or feature (which can be an expensive operation) unless it has already been loaded successfully\. This makes it possible for a single agent run to, e\.g\., install a package that provides the underlying capabilities for a type or feature, and then later load that type or feature during the same run (even if the type or feature had been tested earlier and had not been available)\.
75
+ .
76
+ .P
77
+ If this setting is set to false, then types and features will only be checked once, and if they are not available, the negative result is cached and returned for all subsequent attempts to load the type or feature\. This behavior is almost always appropriate for the server, and can result in a significant performance improvement for types and features that are checked frequently\.
78
+ .
79
+ .IP "\(bu" 4
80
+ \fIDefault\fR: true
81
+ .
82
+ .IP "" 0
83
+ .
84
+ .SS "app_management"
85
+ Whether the application management feature is on or off\. You must restart Puppet Server after changing this setting\.
86
+ .
87
+ .IP "\(bu" 4
88
+ \fIDefault\fR: false
89
+ .
90
+ .IP "" 0
91
+ .
70
92
  .SS "archive_file_server"
71
- During an inspect run, the file bucket server to archive files to if archive_files is set\.
93
+ During an inspect run, the file bucket server to archive files to if archive_files is set\. Note that the \fBinspect\fR command is deprecated\.
72
94
  .
73
95
  .IP "\(bu" 4
74
96
  \fIDefault\fR: $server
@@ -76,7 +98,7 @@ During an inspect run, the file bucket server to archive files to if archive_fil
76
98
  .IP "" 0
77
99
  .
78
100
  .SS "archive_files"
79
- During an inspect run, whether to archive files whose contents are audited to a file bucket\.
101
+ During an inspect run, whether to archive files whose contents are audited to a file bucket\. Note that the \fBinspect\fR command is deprecated\.
80
102
  .
81
103
  .IP "\(bu" 4
82
104
  \fIDefault\fR: false
@@ -107,7 +129,7 @@ If a custom policy executable is configured, the CA puppet master will run it ev
107
129
  If a certificate request is not autosigned, it will persist for review\. An admin user can use the \fBpuppet cert sign\fR command to manually sign it, or can delete the request\.
108
130
  .
109
131
  .P
110
- For info on autosign configuration files, see the guide to Puppet\'s config files \fIhttps://docs\.puppetlabs\.com/guides/configuring\.html\fR\.
132
+ For info on autosign configuration files, see the guide to Puppet\'s config files \fIhttp://docs\.puppetlabs\.com/puppet/latest/reference/config_about_settings\.html\fR\.
111
133
  .
112
134
  .IP "\(bu" 4
113
135
  \fIDefault\fR: $confdir/autosign\.conf
@@ -118,7 +140,7 @@ For info on autosign configuration files, see the guide to Puppet\'s config file
118
140
  The search path for \fBglobal\fR modules\. Should be specified as a list of directories separated by the system path separator character\. (The POSIX path separator is \':\', and the Windows path separator is \';\'\.)
119
141
  .
120
142
  .P
121
- These are the modules that will be used by \fIall\fR environments\. Note that the \fBmodules\fR directory of the active environment will have priority over any global directories\. For more info, see https://docs\.puppetlabs\.com/puppet/latest/reference/environments\.html
143
+ These are the modules that will be used by \fIall\fR environments\. Note that the \fBmodules\fR directory of the active environment will have priority over any global directories\. For more info, see \fIhttps://docs\.puppet\.com/puppet/latest/reference/environments\.html\fR
122
144
  .
123
145
  .IP "\(bu" 4
124
146
  \fIDefault\fR: $codedir/modules:/opt/puppetlabs/puppet/modules
@@ -304,12 +326,12 @@ The special value \fBca\fR is reserved, and can\'t be used as the certname for a
304
326
  Defaults to the node\'s fully qualified domain name\.
305
327
  .
306
328
  .IP "\(bu" 4
307
- \fIDefault\fR: rll\.corp\.puppetlabs\.net
329
+ \fIDefault\fR: jories\-macbook\-air\.local
308
330
  .
309
331
  .IP "" 0
310
332
  .
311
333
  .SS "cfacter"
312
- Whether or not to use the native facter (cfacter) implementation instead of the Ruby one (facter)\. Defaults to false\.
334
+ Whether to enable a pre\-Facter 3\.0 release of native Facter (distributed as the "cfacter" package)\. This is not necessary if Facter 3\.0 or later is installed\. This setting is deprecated, as Facter 3 is now the default in puppet\-agent\.
313
335
  .
314
336
  .IP "\(bu" 4
315
337
  \fIDefault\fR: false
@@ -354,9 +376,10 @@ Code to parse directly\. This is essentially only used by \fBpuppet\fR, and shou
354
376
  .SS "codedir"
355
377
  The main Puppet code directory\. The default for this setting is calculated based on the user\. If the process is running as root or the user that Puppet is supposed to run as, it defaults to a system directory, but if it\'s running as any other user, it defaults to being in the user\'s home directory\.
356
378
  .
357
- .TP
358
- \fIDefault\fR:
359
-
379
+ .IP "\(bu" 4
380
+ \fIDefault\fR: Unix/Linux: /etc/puppetlabs/code \-\- Windows: C:\eProgramData\ePuppetLabs\ecode \-\- Non\-root user: ~/\.puppetlabs/etc/code
381
+ .
382
+ .IP "" 0
360
383
  .
361
384
  .SS "color"
362
385
  Whether to use colors when logging to the console\. Valid values are \fBansi\fR (equivalent to \fBtrue\fR), \fBhtml\fR, and \fBfalse\fR, which produces no color\. Defaults to false on Windows, as its console does not support ansi colors\.
@@ -370,7 +393,7 @@ Whether to use colors when logging to the console\. Valid values are \fBansi\fR
370
393
  The main Puppet configuration directory\. The default for this setting is calculated based on the user\. If the process is running as root or the user that Puppet is supposed to run as, it defaults to a system directory, but if it\'s running as any other user, it defaults to being in the user\'s home directory\.
371
394
  .
372
395
  .IP "\(bu" 4
373
- \fIDefault\fR: /etc/puppetlabs/puppet
396
+ \fIDefault\fR: Unix/Linux: /etc/puppetlabs/puppet \-\- Windows: C:\eProgramData\ePuppetLabs\epuppet\eetc \-\- Non\-root user: ~/\.puppetlabs/etc/puppet
374
397
  .
375
398
  .IP "" 0
376
399
  .
@@ -394,7 +417,7 @@ The name of the puppet config file\.
394
417
  How to determine the configuration version\. By default, it will be the time that the configuration is parsed, but you can provide a shell script to override how the version is determined\. The output of this script will be added to every log message in the reports, allowing you to correlate changes on your hosts to the source version on the server\.
395
418
  .
396
419
  .P
397
- Setting a global value for config_version in puppet\.conf is not allowed (but it can be overridden from the commandline)\. Please set a per\-environment value in environment\.conf instead\. For more info, see https://docs\.puppetlabs\.com/puppet/latest/reference/environments\.html
420
+ Setting a global value for config_version in puppet\.conf is not allowed (but it can be overridden from the commandline)\. Please set a per\-environment value in environment\.conf instead\. For more info, see \fIhttps://docs\.puppet\.com/puppet/latest/reference/environments\.html\fR
398
421
  .
399
422
  .SS "configprint"
400
423
  Print the value of a specific configuration setting\. If the name of a setting is provided for this, then the value is printed and puppet exits\. Comma\-separate multiple values\. For a list of all values, specify \'all\'\.
@@ -441,7 +464,7 @@ Whether to send the process into the background\. This defaults to true on POSIX
441
464
  .IP "" 0
442
465
  .
443
466
  .SS "data_binding_terminus"
444
- Where to retrive information about data\.
467
+ This setting has been deprecated\. Use of any value other than \'hiera\' should instead be configured in a version 5 hiera\.yaml\. Until this setting is removed, it controls which data binding terminus to use for global automatic data binding (across all environments)\. By default this value is \'hiera\'\. A value of \'none\' turns off the global binding\.
445
468
  .
446
469
  .IP "\(bu" 4
447
470
  \fIDefault\fR: hiera
@@ -542,24 +565,50 @@ Valid values for this setting are:
542
565
  \fBdeprecations\fR \-\-\- disables deprecation warnings\.
543
566
  .
544
567
  .IP "\(bu" 4
568
+ \fBundefined_variables\fR \-\-\- disables warnings about non existing variables\.
569
+ .
570
+ .IP "\(bu" 4
571
+ \fBundefined_resources\fR \-\-\- disables warnings about non existing resources\.
572
+ .
573
+ .IP "\(bu" 4
545
574
  \fIDefault\fR: []
546
575
  .
547
576
  .IP "" 0
548
577
  .
549
578
  .SS "dns_alt_names"
550
- The comma\-separated list of alternative DNS names to use for the local host\.
579
+ A comma\-separated list of alternate DNS names for Puppet Server\. These are extra hostnames (in addition to its \fBcertname\fR) that the server is allowed to use when serving agents\. Puppet checks this setting when automatically requesting a certificate for Puppet agent or Puppet Server, and when manually generating a certificate with \fBpuppet cert generate\fR\.
551
580
  .
552
581
  .P
553
- When the node generates a CSR for itself, these are added to the request as the desired \fBsubjectAltName\fR in the certificate: additional DNS labels that the certificate is also valid answering as\.
582
+ In order to handle agent requests at a given hostname (like "puppet\.example\.com"), Puppet Server needs a certificate that proves it\'s allowed to use that name; if a server shows a certificate that doesn\'t include its hostname, Puppet agents will refuse to trust it\. If you use a single hostname for Puppet traffic but load\-balance it to multiple Puppet Servers, each of those servers needs to include the official hostname in its list of extra names\.
554
583
  .
555
584
  .P
556
- This is generally required if you use a non\-hostname \fBcertname\fR, or if you want to use \fBpuppet kick\fR or \fBpuppet resource \-H\fR and the primary certname does not match the DNS name you use to communicate with the host\.
585
+ \fBNote:\fR The list of alternate names is locked in when the server\'s certificate is signed\. If you need to change the list later, you can\'t just change this setting; you also need to:
557
586
  .
558
- .P
559
- This is unnecessary for agents, unless you intend to use them as a server for \fBpuppet kick\fR or remote \fBpuppet resource\fR management\.
587
+ .IP "\(bu" 4
588
+ On the server: Stop Puppet Server\.
589
+ .
590
+ .IP "\(bu" 4
591
+ On the CA server: Revoke and clean the server\'s old certificate\. (\fBpuppet cert clean <NAME>\fR)
592
+ .
593
+ .IP "\(bu" 4
594
+ On the server: Delete the old certificate (and any old certificate signing requests) from the ssldir \fIhttps://docs\.puppetlabs\.com/puppet/latest/reference/dirs_ssldir\.html\fR\.
595
+ .
596
+ .IP "\(bu" 4
597
+ On the server: Run \fBpuppet agent \-t \-\-ca_server <CA HOSTNAME>\fR to request a new certificate
598
+ .
599
+ .IP "\(bu" 4
600
+ On the CA server: Sign the certificate request, explicitly allowing alternate names (\fBpuppet cert sign \-\-allow\-dns\-alt\-names <NAME>\fR)\.
601
+ .
602
+ .IP "\(bu" 4
603
+ On the server: Run \fBpuppet agent \-t \-\-ca_server <CA HOSTNAME>\fR to retrieve the cert\.
604
+ .
605
+ .IP "\(bu" 4
606
+ On the server: Start Puppet Server again\.
607
+ .
608
+ .IP "" 0
560
609
  .
561
610
  .P
562
- It is rarely necessary for servers; it is usually helpful only if you need to have a pool of multiple load balanced masters, or for the same master to respond on two physically separate networks under different names\.
611
+ To see all the alternate names your servers are using, log into your CA server and run \fBpuppet cert list \-a\fR, then check the output for \fB(alt names: \.\.\.)\fR\. Most agent nodes should NOT have alternate names; the only certs that should have them are Puppet Server nodes that you want other agents to trust\.
563
612
  .
564
613
  .SS "document_all"
565
614
  Whether to document all resources when using \fBpuppet doc\fR to generate manifest documentation\.
@@ -570,7 +619,16 @@ Whether to document all resources when using \fBpuppet doc\fR to generate manife
570
619
  .IP "" 0
571
620
  .
572
621
  .SS "environment"
573
- The environment Puppet is running in\. For clients (e\.g\., \fBpuppet agent\fR) this determines the environment itself, which is used to find modules and much more\. For servers (i\.e\., \fBpuppet master\fR) this provides the default environment for nodes we know nothing about\.
622
+ The environment in which Puppet is running\. For clients, such as \fBpuppet agent\fR, this determines the environment itself, which Puppet uses to find modules and much more\. For servers, such as \fBpuppet master\fR, this provides the default environment for nodes that Puppet knows nothing about\.
623
+ .
624
+ .P
625
+ When defining an environment in the \fB[agent]\fR section, this refers to the environment that the agent requests from the master\. The environment doesn\'t have to exist on the local filesystem because the agent fetches it from the master\. This definition is used when running \fBpuppet agent\fR\.
626
+ .
627
+ .P
628
+ When defined in the \fB[user]\fR section, the environment refers to the path that Puppet uses to search for code and modules related to its execution\. This requires the environment to exist locally on the filesystem where puppet is being executed\. Puppet subcommands, including \fBpuppet module\fR and \fBpuppet apply\fR, use this definition\.
629
+ .
630
+ .P
631
+ Given that the context and effects vary depending on the config section \fIhttps://puppet\.com/docs/puppet/latest/config_file_main\.html#config\-sections\fR in which the \fBenvironment\fR setting is defined, do not set it globally\.
574
632
  .
575
633
  .IP "\(bu" 4
576
634
  \fIDefault\fR: production
@@ -578,12 +636,11 @@ The environment Puppet is running in\. For clients (e\.g\., \fBpuppet agent\fR)
578
636
  .IP "" 0
579
637
  .
580
638
  .SS "environment_data_provider"
581
- The name of a registered environment data provider\. The two built in and registered providers are \'none\' (no environment specific data), and \'function\' (environment specific data obtained by calling the function \'environment::data()\')\. Other environment data providers may be registered in modules on the module path\. For such custom data providers see the respective module documentation\.
582
- .
583
- .IP "\(bu" 4
584
- \fIDefault\fR: none
639
+ The name of a registered environment data provider used when obtaining environment specific data\. The three built in and registered providers are \'none\' (no data), \'function\' (data obtained by calling the function \'environment::data()\') and \'hiera\' (data obtained using a data provider configured using a hiera\.yaml file in root of the environment)\. Other environment data providers may be registered in modules on the module path\. For such custom data providers see the respective module documentation\. This setting is deprecated\.
585
640
  .
586
- .IP "" 0
641
+ .TP
642
+ \fIDefault\fR:
643
+
587
644
  .
588
645
  .SS "environment_timeout"
589
646
  How long the Puppet master should cache data it loads from an environment\. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)\. A value of \fB0\fR will disable caching\. This setting can also be set to \fBunlimited\fR, which will cache environments until the master is restarted or told to refresh the cache\.
@@ -614,7 +671,7 @@ We don\'t recommend using any value other than \fB0\fR or \fBunlimited\fR, since
614
671
  A search path for directory environments, as a list of directories separated by the system path separator character\. (The POSIX path separator is \':\', and the Windows path separator is \';\'\.)
615
672
  .
616
673
  .P
617
- This setting must have a value set to enable \fBdirectory environments\.\fR The recommended value is \fB$codedir/environments\fR\. For more details, see https://docs\.puppetlabs\.com/puppet/latest/reference/environments\.html
674
+ This setting must have a value set to enable \fBdirectory environments\.\fR The recommended value is \fB$codedir/environments\fR\. For more details, see \fIhttps://docs\.puppet\.com/puppet/latest/reference/environments\.html\fR
618
675
  .
619
676
  .IP "\(bu" 4
620
677
  \fIDefault\fR: $codedir/environments
@@ -630,10 +687,41 @@ Whether each resource should log when it is being evaluated\. This allows you to
630
687
  .IP "" 0
631
688
  .
632
689
  .SS "external_nodes"
633
- An external command that can produce node information\. The command\'s output must be a YAML dump of a hash, and that hash must have a \fBclasses\fR key and/or a \fBparameters\fR key, where \fBclasses\fR is an array or hash and \fBparameters\fR is a hash\. For unknown nodes, the command should exit with a non\-zero exit code\.
690
+ The external node classifier (ENC) script to use for node data\. Puppet combines this data with the main manifest to produce node catalogs\.
691
+ .
692
+ .P
693
+ To enable this setting, set the \fBnode_terminus\fR setting to \fBexec\fR\.
694
+ .
695
+ .P
696
+ This setting\'s value must be the path to an executable command that can produce node information\. The command must:
697
+ .
698
+ .IP "\(bu" 4
699
+ Take the name of a node as a command\-line argument\.
700
+ .
701
+ .IP "\(bu" 4
702
+ .
703
+ .IP "\(bu" 4
704
+ \fBclasses\fR \-\-\- A list of classes, as an array or hash\.
705
+ .
706
+ .IP "\(bu" 4
707
+ \fBenvironment\fR \-\-\- A string\.
708
+ .
709
+ .IP "\(bu" 4
710
+ \fBparameters\fR \-\-\- A list of top\-scope variables to set, as a hash\.
711
+ .
712
+ .IP "" 0
713
+
714
+ .
715
+ .IP "\(bu" 4
716
+ For unknown nodes, exit with a non\-zero exit code\.
717
+ .
718
+ .IP "" 0
719
+ .
720
+ .P
721
+ Generally, an ENC script makes requests to an external data source\.
634
722
  .
635
723
  .P
636
- This command makes it straightforward to store your node mapping information in other data sources like databases\.
724
+ For more info, see the ENC documentation \fIhttps://docs\.puppet\.com/puppet/latest/nodes_external\.html\fR\.
637
725
  .
638
726
  .IP "\(bu" 4
639
727
  \fIDefault\fR: none
@@ -740,7 +828,7 @@ The group puppet master should run as\.
740
828
  The hiera configuration file\. Puppet only reads this file on startup, so you must restart the puppet master every time you edit it\.
741
829
  .
742
830
  .IP "\(bu" 4
743
- \fIDefault\fR: $codedir/hiera\.yaml
831
+ \fIDefault\fR: $confdir/hiera\.yaml\. However, if a file exists at $codedir/hiera\.yaml, Puppet uses that instead\.
744
832
  .
745
833
  .IP "" 0
746
834
  .
@@ -849,9 +937,17 @@ The time to wait for one block to be read from an HTTP connection\. If nothing i
849
937
  .TP
850
938
  \fIDefault\fR:
851
939
 
940
+ .
941
+ .SS "http_user_agent"
942
+ The HTTP User\-Agent string to send when making network requests\.
943
+ .
944
+ .IP "\(bu" 4
945
+ \fIDefault\fR: Puppet/4\.10\.9 Ruby/2\.3\.1\-p112 (x86_64\-darwin15)
946
+ .
947
+ .IP "" 0
852
948
  .
853
949
  .SS "ignorecache"
854
- Ignore cache and always recompile the configuration\. This is useful for testing new configurations, where the local cache may in fact be stale even if the timestamps are up to date \- if the facts change or if the server changes\.
950
+ This setting has no effect and will be removed in a future Puppet version\.
855
951
  .
856
952
  .IP "\(bu" 4
857
953
  \fIDefault\fR: false
@@ -1030,9 +1126,10 @@ crit
1030
1126
  .SS "logdir"
1031
1127
  The directory in which to store log files
1032
1128
  .
1033
- .TP
1034
- \fIDefault\fR:
1035
-
1129
+ .IP "\(bu" 4
1130
+ \fIDefault\fR: Unix/Linux: /var/log/puppetlabs/puppet \-\- Windows: C:\eProgramData\ePuppetLabs\epuppet\evar\elog \-\- Non\-root user: ~/\.puppetlabs/var/log
1131
+ .
1132
+ .IP "" 0
1036
1133
  .
1037
1134
  .SS "manage_internal_file_permissions"
1038
1135
  Whether Puppet should manage the owner, group, and mode of files it uses internally
@@ -1046,7 +1143,7 @@ Whether Puppet should manage the owner, group, and mode of files it uses interna
1046
1143
  The entry\-point manifest for puppet master\. This can be one file or a directory of manifests to be evaluated in alphabetical order\. Puppet manages this path as a directory if one exists or if the path ends with a / or \.
1047
1144
  .
1048
1145
  .P
1049
- Setting a global value for \fBmanifest\fR in puppet\.conf is not allowed (but it can be overridden from them commandline)\. Please use directory environments instead\. If you need to use something other than the environment\'s \fBmanifests\fR directory as the main manifest, you can set \fBmanifest\fR in environment\.conf\. For more info, see https://docs\.puppetlabs\.com/puppet/latest/reference/environments\.html
1146
+ Setting a global value for \fBmanifest\fR in puppet\.conf is not allowed (but it can be overridden from the commandline)\. Please use directory environments instead\. If you need to use something other than the environment\'s \fBmanifests\fR directory as the main manifest, you can set \fBmanifest\fR in environment\.conf\. For more info, see \fIhttps://docs\.puppet\.com/puppet/latest/reference/environments\.html\fR
1050
1147
  .
1051
1148
  .TP
1052
1149
  \fIDefault\fR:
@@ -1109,7 +1206,7 @@ Whether to create the necessary user and group that puppet agent will run as\.
1109
1206
  .IP "" 0
1110
1207
  .
1111
1208
  .SS "module_groups"
1112
- Extra module groups to request from the Puppet Forge
1209
+ Extra module groups to request from the Puppet Forge\. This is an internal setting, and users should never change it\.
1113
1210
  .
1114
1211
  .TP
1115
1212
  \fIDefault\fR:
@@ -1119,7 +1216,7 @@ Extra module groups to request from the Puppet Forge
1119
1216
  The module repository
1120
1217
  .
1121
1218
  .IP "\(bu" 4
1122
- \fIDefault\fR: https://forgeapi\.puppetlabs\.com
1219
+ \fIDefault\fR: https://forgeapi\.puppet\.com
1123
1220
  .
1124
1221
  .IP "" 0
1125
1222
  .
@@ -1143,7 +1240,7 @@ The directory into which module tool data is stored
1143
1240
  The search path for modules, as a list of directories separated by the system path separator character\. (The POSIX path separator is \':\', and the Windows path separator is \';\'\.)
1144
1241
  .
1145
1242
  .P
1146
- Setting a global value for \fBmodulepath\fR in puppet\.conf is not allowed (but it can be overridden from the commandline)\. Please use directory environments instead\. If you need to use something other than the default modulepath of \fB<ACTIVE ENVIRONMENT\'S MODULES DIR>:$basemodulepath\fR, you can set \fBmodulepath\fR in environment\.conf\. For more info, see https://docs\.puppetlabs\.com/puppet/latest/reference/environments\.html
1243
+ Setting a global value for \fBmodulepath\fR in puppet\.conf is not allowed (but it can be overridden from the commandline)\. Please use directory environments instead\. If you need to use something other than the default modulepath of \fB<ACTIVE ENVIRONMENT\'S MODULES DIR>:$basemodulepath\fR, you can set \fBmodulepath\fR in environment\.conf\. For more info, see \fIhttps://docs\.puppet\.com/puppet/latest/reference/environments\.html\fR
1147
1244
  .
1148
1245
  .SS "name"
1149
1246
  The name of the application, if we are running as one\. The default is essentially $0 without the path or \fB\.rb\fR\.
@@ -1179,7 +1276,33 @@ The explicit value used for the node name for all requests the agent makes to th
1179
1276
  .IP "" 0
1180
1277
  .
1181
1278
  .SS "node_terminus"
1182
- Where to find information about nodes\.
1279
+ Which node data plugin to use when compiling node catalogs\.
1280
+ .
1281
+ .P
1282
+ When Puppet compiles a catalog, it combines two primary sources of info: the main manifest, and a node data plugin (often called a "node terminus," for historical reasons)\. Node data plugins provide three things for a given node name:
1283
+ .
1284
+ .IP "1." 4
1285
+ A list of classes to add to that node\'s catalog (and, optionally, values for their parameters)\.
1286
+ .
1287
+ .IP "2." 4
1288
+ Which Puppet environment the node should use\.
1289
+ .
1290
+ .IP "3." 4
1291
+ A list of additional top\-scope variables to set\.
1292
+ .
1293
+ .IP "" 0
1294
+ .
1295
+ .P
1296
+ The three main node data plugins are:
1297
+ .
1298
+ .IP "\(bu" 4
1299
+ \fBplain\fR \-\-\- Returns no data, so that the main manifest controls all node configuration\.
1300
+ .
1301
+ .IP "\(bu" 4
1302
+ \fBexec\fR \-\-\- Uses an external node classifier (ENC) \fIhttps://docs\.puppet\.com/puppet/latest/nodes_external\.html\fR, configured by the \fBexternal_nodes\fR setting\. This lets you pull a list of Puppet classes from any external system, using a small glue script to perform the request and format the result as YAML\.
1303
+ .
1304
+ .IP "\(bu" 4
1305
+ \fBclassifier\fR (formerly \fBconsole\fR) \-\-\- Specific to Puppet Enterprise\. Uses the PE console for node data\."
1183
1306
  .
1184
1307
  .IP "\(bu" 4
1185
1308
  \fIDefault\fR: plain
@@ -1193,7 +1316,7 @@ Whether to apply catalogs in noop mode, which allows Puppet to partially simulat
1193
1316
  When running in noop mode, Puppet will check whether each resource is in sync, like it does when running normally\. However, if a resource attribute is not in the desired state (as declared in the catalog), Puppet will take no action, and will instead report the changes it \fIwould\fR have made\. These simulated changes will appear in the report sent to the puppet master, or be shown on the console if running puppet agent or puppet apply in the foreground\. The simulated changes will not send refresh events to any subscribing or notified resources, although Puppet will log that a refresh event \fIwould\fR have been sent\.
1194
1317
  .
1195
1318
  .P
1196
- \fBImportant note:\fR The \fBnoop\fR metaparameter \fIhttps://docs\.puppetlabs\.com/references/latest/metaparameter\.html#noop\fR allows you to apply individual resources in noop mode, and will override the global value of the \fBnoop\fR setting\. This means a resource with \fBnoop => false\fR \fIwill\fR be changed if necessary, even when running puppet agent with \fBnoop = true\fR or \fB\-\-noop\fR\. (Conversely, a resource with \fBnoop => true\fR will only be simulated, even when noop mode is globally disabled\.)
1319
+ \fBImportant note:\fR The \fBnoop\fR metaparameter \fIhttps://docs\.puppetlabs\.com/puppet/latest/reference/metaparameter\.html#noop\fR allows you to apply individual resources in noop mode, and will override the global value of the \fBnoop\fR setting\. This means a resource with \fBnoop => false\fR \fIwill\fR be changed if necessary, even when running puppet agent with \fBnoop = true\fR or \fB\-\-noop\fR\. (Conversely, a resource with \fBnoop => true\fR will only be simulated, even when noop mode is globally disabled\.)
1197
1320
  .
1198
1321
  .IP "\(bu" 4
1199
1322
  \fIDefault\fR: false
@@ -1298,7 +1421,7 @@ From where to retrieve plugins\. The standard Puppet \fBfile\fR type is used for
1298
1421
  .IP "" 0
1299
1422
  .
1300
1423
  .SS "pluginsync"
1301
- Whether plugins should be synced with the central server\.
1424
+ Whether plugins should be synced with the central server\. This setting is deprecated\.
1302
1425
  .
1303
1426
  .IP "\(bu" 4
1304
1427
  \fIDefault\fR: true
@@ -1373,7 +1496,7 @@ The fallback log file\. This is only used when the \fB\-\-logdest\fR option is n
1373
1496
  Despite the name, both puppet agent and puppet master will use this file as the fallback logging destination\.
1374
1497
  .
1375
1498
  .P
1376
- For control over logging destinations, see the \fB\-\-logdest\fR command line option in the manual pages for puppet master, puppet agent, and puppet apply\. You can see man pages by running \fBpuppet <SUBCOMMAND> \-\-help\fR, or read them online at https://docs\.puppetlabs\.com/references/latest/man/\.
1499
+ For control over logging destinations, see the \fB\-\-logdest\fR command line option in the manual pages for puppet master, puppet agent, and puppet apply\. You can see man pages by running \fBpuppet <SUBCOMMAND> \-\-help\fR, or read them online at https://docs\.puppetlabs\.com/puppet/latest/reference/man/\.
1377
1500
  .
1378
1501
  .IP "\(bu" 4
1379
1502
  \fIDefault\fR: $logdir/puppetd\.log
@@ -1435,7 +1558,7 @@ The URL that reports should be forwarded to\. This setting is only used when the
1435
1558
  .IP "" 0
1436
1559
  .
1437
1560
  .SS "req_bits"
1438
- The bit length of the certificates\.
1561
+ This setting has no effect and will be removed in a future Puppet version\.
1439
1562
  .
1440
1563
  .IP "\(bu" 4
1441
1564
  \fIDefault\fR: 4096
@@ -1466,6 +1589,14 @@ The configuration file that defines the rights to the different rest indirection
1466
1589
  .
1467
1590
  .IP "" 0
1468
1591
  .
1592
+ .SS "rich_data"
1593
+ Enables having extended data in the catalog by storing them as a hash with the special key \fB__pcore_type__\fR\. When enabled, resource containing values of the data types \fBBinary\fR, \fBRegexp\fR, \fBSemVer\fR, \fBSemVerRange\fR, \fBTimespan\fR and \fBTimestamp\fR, as well as instances of types derived from \fBObject\fR retain their data type\.
1594
+ .
1595
+ .IP "\(bu" 4
1596
+ \fIDefault\fR: false
1597
+ .
1598
+ .IP "" 0
1599
+ .
1469
1600
  .SS "route_file"
1470
1601
  The YAML file containing indirector route configuration\.
1471
1602
  .
@@ -1477,9 +1608,10 @@ The YAML file containing indirector route configuration\.
1477
1608
  .SS "rundir"
1478
1609
  Where Puppet PID files are kept\.
1479
1610
  .
1480
- .TP
1481
- \fIDefault\fR:
1482
-
1611
+ .IP "\(bu" 4
1612
+ \fIDefault\fR: Unix/Linux: /var/run/puppetlabs \-\- Windows: C:\eProgramData\ePuppetLabs\epuppet\evar\erun \-\- Non\-root user: ~/\.puppetlabs/var/run
1613
+ .
1614
+ .IP "" 0
1483
1615
  .
1484
1616
  .SS "runinterval"
1485
1617
  How often puppet agent applies the catalog\. Note that a runinterval of 0 means "run continuously" rather than "never run\." If you want puppet agent to never run, you should start it with the \fB\-\-no\-client\fR option\. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)\.
@@ -1489,6 +1621,14 @@ How often puppet agent applies the catalog\. Note that a runinterval of 0 means
1489
1621
  .
1490
1622
  .IP "" 0
1491
1623
  .
1624
+ .SS "runtimeout"
1625
+ The maximum amount of time an agent run is allowed to take\. A Puppet agent run that exceeds this timeout will be aborted\. Defaults to 0, which is unlimited\. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)\.
1626
+ .
1627
+ .IP "\(bu" 4
1628
+ \fIDefault\fR: 0
1629
+ .
1630
+ .IP "" 0
1631
+ .
1492
1632
  .SS "serial"
1493
1633
  Where the serial number for certificates is stored\.
1494
1634
  .
@@ -1513,6 +1653,14 @@ The directory in which serialized data is stored, usually in a subdirectory\.
1513
1653
  .
1514
1654
  .IP "" 0
1515
1655
  .
1656
+ .SS "server_list"
1657
+ The list of puppet master servers to which the puppet agent should connect, in the order that they will be tried\.
1658
+ .
1659
+ .IP "\(bu" 4
1660
+ \fIDefault\fR: []
1661
+ .
1662
+ .IP "" 0
1663
+ .
1516
1664
  .SS "show_diff"
1517
1665
  Whether to log and report a contextual diff when files are being replaced\. This causes partial file contents to pass through Puppet\'s normal logging and reporting system, so this setting should be used with caution if you are sending Puppet\'s reports to an insecure destination\. This feature currently requires the \fBdiff/lcs\fR Ruby library\.
1518
1666
  .
@@ -1528,10 +1676,23 @@ Where the CA stores signed certificates\.
1528
1676
  \fIDefault\fR: $cadir/signed
1529
1677
  .
1530
1678
  .IP "" 0
1679
+ .
1680
+ .SS "skip_tags"
1681
+ Tags to use to filter resources\. If this is set, then only resources not tagged with the specified tags will be applied\. Values must be comma\-separated\.
1682
+ .
1683
+ .SS "sourceaddress"
1684
+ The address the agent should use to initiate requests\.
1685
+ .
1686
+ .TP
1687
+ \fIDefault\fR:
1688
+
1531
1689
  .
1532
1690
  .SS "splay"
1533
1691
  Whether to sleep for a pseudo\-random (but consistent) amount of time before a run\.
1534
1692
  .
1693
+ .P
1694
+ For example, without \fBsplay\fR enabled, your agent checks in every 30 minutes at :01 and :31 past the hour\. After enabling \fBsplay\fR, the agent will wait the pseudorandom sleep time, say eight minutes, and then check in every 30 minutes, at :09 and :39 after the hour\. If you restart the same agent at 12:45 PM, it will wait its eight minutes, and check in at 12:52 PM, and every 30 minutes after that, at 1:22 PM, 1:52 PM, and so on\. Other agents will have different sleep times, and so will check in at different times even if they are all restarted at the same time\.
1695
+ .
1535
1696
  .IP "\(bu" 4
1536
1697
  \fIDefault\fR: false
1537
1698
  .
@@ -1549,7 +1710,7 @@ The maximum time to delay before runs\. Defaults to being the same as the run in
1549
1710
  The domain which will be queried to find the SRV records of servers to use\.
1550
1711
  .
1551
1712
  .IP "\(bu" 4
1552
- \fIDefault\fR: corp\.puppetlabs\.net
1713
+ \fIDefault\fR: local
1553
1714
  .
1554
1715
  .IP "" 0
1555
1716
  .
@@ -1564,7 +1725,7 @@ Certificate authorities who issue server certificates\. SSL servers will not be
1564
1725
  The header containing an authenticated client\'s SSL DN\. This header must be set by the proxy to the authenticated client\'s SSL DN (e\.g\., \fB/CN=puppet\.puppetlabs\.com\fR)\. Puppet will parse out the Common Name (CN) from the Distinguished Name (DN) and use the value of the CN field for authorization\.
1565
1726
  .
1566
1727
  .P
1567
- Note that the name of the HTTP header gets munged by the web server common gateway inteface: an \fBHTTP_\fR prefix is added, dashes are converted to underscores, and all letters are uppercased\. Thus, to use the \fBX\-Client\-DN\fR header, this setting should be \fBHTTP_X_CLIENT_DN\fR\.
1728
+ Note that the name of the HTTP header gets munged by the web server common gateway interface: an \fBHTTP_\fR prefix is added, dashes are converted to underscores, and all letters are uppercased\. Thus, to use the \fBX\-Client\-DN\fR header, this setting should be \fBHTTP_X_CLIENT_DN\fR\.
1568
1729
  .
1569
1730
  .IP "\(bu" 4
1570
1731
  \fIDefault\fR: HTTP_X_CLIENT_DN
@@ -1575,7 +1736,7 @@ Note that the name of the HTTP header gets munged by the web server common gatew
1575
1736
  The header containing the status message of the client verification\. This header must be set by the proxy to \'SUCCESS\' if the client successfully authenticated, and anything else otherwise\.
1576
1737
  .
1577
1738
  .P
1578
- Note that the name of the HTTP header gets munged by the web server common gateway inteface: an \fBHTTP_\fR prefix is added, dashes are converted to underscores, and all letters are uppercased\. Thus, to use the \fBX\-Client\-Verify\fR header, this setting should be \fBHTTP_X_CLIENT_VERIFY\fR\.
1739
+ Note that the name of the HTTP header gets munged by the web server common gateway interface: an \fBHTTP_\fR prefix is added, dashes are converted to underscores, and all letters are uppercased\. Thus, to use the \fBX\-Client\-Verify\fR header, this setting should be \fBHTTP_X_CLIENT_VERIFY\fR\.
1579
1740
  .
1580
1741
  .IP "\(bu" 4
1581
1742
  \fIDefault\fR: HTTP_X_CLIENT_VERIFY
@@ -1613,6 +1774,14 @@ Where puppet agent and puppet master store state associated with the running con
1613
1774
  .
1614
1775
  .IP "" 0
1615
1776
  .
1777
+ .SS "static_catalogs"
1778
+ Whether to compile a static catalog\.
1779
+ .
1780
+ .IP "\(bu" 4
1781
+ \fIDefault\fR: true
1782
+ .
1783
+ .IP "" 0
1784
+ .
1616
1785
  .SS "storeconfigs"
1617
1786
  Whether to store each client\'s configuration, including catalogs, facts, and related data\. This also enables the import and export of resources in the Puppet language \- a mechanism for exchange resources between nodes\.
1618
1787
  .
@@ -1635,6 +1804,39 @@ Configure the backend terminus used for StoreConfigs\. By default, this uses the
1635
1804
  .
1636
1805
  .IP "" 0
1637
1806
  .
1807
+ .SS "strict"
1808
+ The strictness level of puppet\. Allowed values are:
1809
+ .
1810
+ .IP "\(bu" 4
1811
+ off \- do not perform extra validation, do not report
1812
+ .
1813
+ .IP "\(bu" 4
1814
+ warning \- perform extra validation, report as warning (default)
1815
+ .
1816
+ .IP "\(bu" 4
1817
+ error \- perform extra validation, fail with error
1818
+ .
1819
+ .IP "" 0
1820
+ .
1821
+ .P
1822
+ The strictness level is for both language semantics and runtime evaluation validation\. In addition to controlling the behavior with this master switch some individual warnings may also be controlled by the disable_warnings setting\.
1823
+ .
1824
+ .P
1825
+ No new validations will be added to a micro (x\.y\.z) release, but may be added in minor releases (x\.y\.0)\. In major releases it expected that most (if not all) strictness validation become standard behavior\.
1826
+ .
1827
+ .IP "\(bu" 4
1828
+ \fIDefault\fR: warning
1829
+ .
1830
+ .IP "" 0
1831
+ .
1832
+ .SS "strict_environment_mode"
1833
+ Whether the agent specified environment should be considered authoritative, causing the run to fail if the retrieved catalog does not match it\.
1834
+ .
1835
+ .IP "\(bu" 4
1836
+ \fIDefault\fR: false
1837
+ .
1838
+ .IP "" 0
1839
+ .
1638
1840
  .SS "strict_hostname_checking"
1639
1841
  Whether to only search for the complete hostname as it is in the certificate when searching for node information in the catalogs\.
1640
1842
  .
@@ -1644,7 +1846,7 @@ Whether to only search for the complete hostname as it is in the certificate whe
1644
1846
  .IP "" 0
1645
1847
  .
1646
1848
  .SS "strict_variables"
1647
- Makes the parser raise errors when referencing unknown variables\. (This does not affect referencing variables that are explicitly set to undef)\.
1849
+ Causes an evaluation error when referencing unknown variables\. (This does not affect referencing variables that are explicitly set to undef)\.
1648
1850
  .
1649
1851
  .IP "\(bu" 4
1650
1852
  \fIDefault\fR: false
@@ -1659,6 +1861,14 @@ Whether to print a transaction summary\.
1659
1861
  .
1660
1862
  .IP "" 0
1661
1863
  .
1864
+ .SS "supported_checksum_types"
1865
+ Checksum types supported by this agent for use in file resources of a static catalog\. Values must be comma\-separated\. Valid types are md5, md5lite, sha256, sha256lite, sha1, sha1lite, mtime, ctime\.
1866
+ .
1867
+ .IP "\(bu" 4
1868
+ \fIDefault\fR: ["md5", "sha256"]
1869
+ .
1870
+ .IP "" 0
1871
+ .
1662
1872
  .SS "syslogfacility"
1663
1873
  What syslog facility to use when logging to syslog\. Syslog has a fixed list of valid facilities, and you must choose one of those; you cannot just make one up\.
1664
1874
  .
@@ -1678,6 +1888,14 @@ Whether to print stack traces on some errors
1678
1888
  .
1679
1889
  .IP "" 0
1680
1890
  .
1891
+ .SS "transactionstorefile"
1892
+ Transactional storage file for persisting data between transactions for the purposes of infering information (such as corrective_change) on new data received\.
1893
+ .
1894
+ .IP "\(bu" 4
1895
+ \fIDefault\fR: $statedir/transactionstore\.yaml
1896
+ .
1897
+ .IP "" 0
1898
+ .
1681
1899
  .SS "trusted_oid_mapping_file"
1682
1900
  File that provides mapping between custom SSL oids and user\-friendly names
1683
1901
  .
@@ -1687,7 +1905,10 @@ File that provides mapping between custom SSL oids and user\-friendly names
1687
1905
  .IP "" 0
1688
1906
  .
1689
1907
  .SS "trusted_server_facts"
1690
- Stores a trusted set of server\-side global variables in a hash called $server_facts, which cannot be cannot be overridden by client_facts or logic in manifests\. Makes it illegal to assign to the variable $server_facts in any scope\.
1908
+ When enabled, Puppet creates a protected top\-scope variable called $server_facts\. This variable name can\'t be re\-used in any local scope, and can\'t be overridden by agent\-provided facts\.
1909
+ .
1910
+ .P
1911
+ The $server_facts variable is a hash, containing server\-provided information like the current node\'s environment and the version of Puppet running on the server\.
1691
1912
  .
1692
1913
  .IP "\(bu" 4
1693
1914
  \fIDefault\fR: false
@@ -1730,7 +1951,7 @@ The user puppet master should run as\.
1730
1951
  Where Puppet stores dynamic and growing data\. The default for this setting is calculated specially, like \fBconfdir\fR_\.
1731
1952
  .
1732
1953
  .IP "\(bu" 4
1733
- \fIDefault\fR: /opt/puppetlabs/puppet/cache
1954
+ \fIDefault\fR: Unix/Linux: /opt/puppetlabs/puppet/cache \-\- Windows: C:\eProgramData\ePuppetLabs\epuppet\ecache \-\- Non\-root user: ~/\.puppetlabs/opt/puppet/cache
1734
1955
  .
1735
1956
  .IP "" 0
1736
1957
  .
@@ -1757,4 +1978,4 @@ The directory in which YAML data is stored, usually in a subdirectory\.
1757
1978
  .IP "" 0
1758
1979
  .
1759
1980
  .P
1760
- \fIThis page autogenerated on 2015\-05\-18 10:15:47 \-0700\fR
1981
+ \fIThis page autogenerated on 2018\-01\-12 16:59:36 \-0600\fR