diff --git a/documentation/documentation/configref.page b/documentation/documentation/configref.page
index b3c36f33c..007965d9e 100644
--- a/documentation/documentation/configref.page
+++ b/documentation/documentation/configref.page
@@ -1,509 +1,507 @@
---
inMenu: true
title: Configuration Reference
orderInfo: 6
---
# Puppet Configuration Reference
Every Puppet executable (with the exception of ``puppetdoc``) accepts all of
these arguments, but not all of the arguments make sense for every executable.
Each argument has a section listed with it in parentheses; often, that section
will map to an executable (e.g., ``puppetd``), in which case it probably only
makes sense for that one executable. If ``puppet`` is listed as the section,
it is most likely an option that is valid for everyone.
This will not always be the case. I have tried to be as thorough as possible
in the descriptions of the arguments, so it should be obvious whether an
argument is appropriate or not.
These arguments can be supplied to the executables either as command-line
arugments or in the configuration file for the appropriate executable. For
instance, the command-line invocation below would set the configuration directory
to /private/puppet
- $ puppetd --confdir=/private/puppet
+ $ puppetd --confdir=/private/puppet
Note that boolean options are turned on and off with a slightly different syntax
on the command line:
- $ puppetd --storeconfigs
-
- $ puppetd --no-storeconfigs
+ $ puppetd --storeconfigs
+
+ $ puppetd --no-storeconfigs
The invocations above will enable and disable, respectively, the storage of
the client configuration.
As mentioned above, the configuration parameters can also be stored in a
configuration file located in the configuration directory (`/etc/puppet`
by default). The file is named for the executable it is intended for, for
example `/etc/puppetd.conf` is the configuration file for `puppetd`.
The file, which follows INI-style formatting, should contain a bracketed
heading named for the executable, followed by pairs of parameters with their
values. Here is an example of a very simple `puppetd.conf` file:
- [puppetd]
- confdir = /private/puppet
- storeconfigs = true
+ [puppetd]
+ confdir = /private/puppet
+ storeconfigs = true
Note that boolean parameters must be explicitly specified as `true` or
`false` as seen above.
If you're starting out with a fresh configuration, you may wish to let
the executable generate a template configuration file for you by invoking
the executable in question with the `--genconfig` command. The executable
will print a template configuration to standard output, which can be
redirected to a file like so:
- $ puppetd --genconfig > /etc/puppet/puppetd.conf
+ $ puppetd --genconfig > /etc/puppet/puppetd.conf
Note that this invocation will "clobber" (throw away) the contents of any
pre-existing `puppetd.conf` file, so make a backup of your present config
if it contains valuable information.
Like the `--genconfig` argument, the executables also accept a `--genmanifest`
argument, which will generate a manifest that can be used to manage all of
Puppet's directories and files and prints it to standard output. This can
likewise be redirected to a file:
- $ puppetd --genmanifest > /etc/puppet/manifests/site.pp
+ $ puppetd --genmanifest > /etc/puppet/manifests/site.pp
Puppet can also create user and group accounts for itself (one `puppet` group
and one `puppet` user) if it is invoked as `root` with the `--mkusers` argument:
- $ puppetd --mkusers
+ $ puppetd --mkusers
-
-
Any default values are in ``block type`` at the end of the description.
#### authconfig (puppet)
The configuration file that defines the rights to the different namespaces and methods. This can be used as a coarse-grained authorization system for both ``puppetd`` and ``puppetmasterd``. ``/etc/puppet/namespaceauth.conf``
#### autosign (ca)
Whether to enable autosign. Valid values are true (which autosigns any key request, and is a very bad idea), false (which never autosigns any key request), and the path to a file, which uses that configuration file to determine which keys to sign. ``/etc/puppet/autosign.conf``
#### bucketdir (filebucket)
Where FileBucket files are stored. ``/var/puppet/bucket``
#### ca_days (ca)
How long a certificate should be valid. This parameter is deprecated, use ca_ttl instead
#### ca_md (ca)
The type of hash used in certificates. ``md5``
#### ca_ttl (ca)
The default TTL for new certificates; valid values must be an integer, optionally followed by one of the units 'y' (years of 365 days), 'd' (days), 'h' (hours), or 's' (seconds). The unit defaults to seconds. If this parameter is set, ca_days is ignored. Examples are '3600' (one hour) and '1825d', which is the same as '5y' (5 years) ``5y``
#### cacert (ca)
The CA certificate. ``/etc/puppet/ssl/ca/ca_crt.pem``
#### cacrl (ca)
The certificate revocation list (CRL) for the CA. Set this to 'none' if you do not want to use a CRL. ``/etc/puppet/ssl/ca/ca_crl.pem``
#### cadir (ca)
The root directory for the certificate authority. ``/etc/puppet/ssl/ca``
#### cakey (ca)
The CA private key. ``/etc/puppet/ssl/ca/ca_key.pem``
#### capass (ca)
Where the CA stores the password for the private key ``/etc/puppet/ssl/ca/private/ca.pass``
#### caprivatedir (ca)
Where the CA stores private certificate information. ``/etc/puppet/ssl/ca/private``
#### capub (ca)
The CA public key. ``/etc/puppet/ssl/ca/ca_pub.pem``
#### certdir (certificates)
The certificate directory. ``/etc/puppet/ssl/certs``
#### classfile (puppetd)
The file in which puppetd stores a list of the classes associated with the retrieved configuratiion. Can be loaded in the separate ``puppet`` executable using the ``--loadclasses`` option. ``/etc/puppet/classes.txt``
#### color (puppet)
Whether to use ANSI colors when logging to the console. ``true``
#### confdir (puppet)
The main Puppet configuration directory. ``/etc/puppet``
#### config (puppetdoc)
The configuration file for puppetdoc. ``/etc/puppet/puppetdoc.conf``
#### configprint (puppet)
Print the value of a specific configuration parameter. If a parameter is provided for this, then the value is printed and puppet exits. Comma-separate multiple values. For a list of all values, specify 'all'. This feature is only available in Puppet versions higher than 0.18.4.
#### csrdir (ca)
Where the CA stores certificate requests ``/etc/puppet/ssl/ca/requests``
#### dbadapter (puppetmaster)
The type of database to use. ``sqlite3``
#### dblocation (puppetmaster)
The database cache for client configurations. Used for querying within the language. ``/var/puppet/state/clientconfigs.sqlite3``
#### dbname (puppetmaster)
The name of the database to use. ``puppet``
#### dbpassword (puppetmaster)
The database password for Client caching. Only used when networked databases are used. ``puppet``
#### dbserver (puppetmaster)
The database server for Client caching. Only used when networked databases are used. ``puppet``
#### dbuser (puppetmaster)
The database user for Client caching. Only used when networked databases are used. ``puppet``
#### factdest (puppet)
Where Puppet should store facts that it pulls down from the central server. ``/var/puppet/facts``
#### factpath (puppet)
Where Puppet should look for facts. Multiple directories should be colon-separated, like normal PATH variables. ``/var/puppet/facts``
#### factsignore (puppet)
What files to ignore when pulling down facts. ``.svn CVS``
#### factsource (puppet)
From where to retrieve facts. The standard Puppet ``file`` type is used for retrieval, so anything that is a valid file source can be used here. ``puppet://puppet/facts``
#### factsync (puppet)
Whether facts should be synced with the central server.
#### fileserverconfig (fileserver)
Where the fileserver configuration is stored. ``/etc/puppet/fileserver.conf``
#### filetimeout (puppet)
The minimum time to wait between checking for updates in configuration files. ``15``
#### genconfig (puppet)
Whether to just print a configuration to stdout and exit. Only makes sense when used interactively. Takes into account arguments specified on the CLI.
#### genmanifest (puppet)
Whether to just print a manifest to stdout and exit. Only makes sense when used interactively. Takes into account arguments specified on the CLI.
#### group (puppetmasterd)
The group puppetmasterd should run as. ``puppet``
#### hostcert (certificates)
-Where individual hosts store and look for their certificates. ``/etc/puppet/ssl/certs/roxanne..pem``
+Where individual hosts store and look for their certificates. ``/etc/puppet/ssl/certs/culain.madstop.com.pem``
#### hostprivkey (certificates)
-Where individual hosts store and look for their private key. ``/etc/puppet/ssl/private_keys/roxanne..pem``
+Where individual hosts store and look for their private key. ``/etc/puppet/ssl/private_keys/culain.madstop.com.pem``
#### hostpubkey (certificates)
-Where individual hosts store and look for their public key. ``/etc/puppet/ssl/public_keys/roxanne..pem``
+Where individual hosts store and look for their public key. ``/etc/puppet/ssl/public_keys/culain.madstop.com.pem``
#### httplog (puppetd)
Where the puppetd web server logs. ``/var/puppet/log/http.log``
#### ignoreschedules (puppetd)
Boolean; whether puppetd should ignore schedules. This is useful for initial puppetd runs.
#### keylength (ca)
The bit length of keys. ``1024``
#### ldapattrs (ldap)
The LDAP attributes to use to define Puppet classes. Values should be comma-separated. ``puppetclass``
#### ldapbase (ldap)
The search base for LDAP searches. It's impossible to provide a meaningful default here, although the LDAP libraries might have one already set. Generally, it should be the 'ou=Hosts' branch under your main directory.
#### ldapnodes (ldap)
Whether to search for node configurations in LDAP.
#### ldapparentattr (ldap)
The attribute to use to define the parent node. ``parentnode``
#### ldappassword (ldap)
The password to use to connect to LDAP.
#### ldapport (ldap)
The LDAP port. Only used if ``ldapnodes`` is enabled. ``389``
#### ldapserver (ldap)
The LDAP server. Only used if ``ldapnodes`` is enabled. ``ldap``
#### ldapssl (ldap)
Whether SSL should be used when searching for nodes. Defaults to false because SSL usually requires certificates to be set up on the client side.
#### ldapstring (ldap)
The search string used to find an LDAP node. ``(&(objectclass=puppetClient)(cn=%s))``
#### ldaptls (ldap)
Whether TLS should be used when searching for nodes. Defaults to false because TLS usually requires certificates to be set up on the client side.
#### ldapuser (ldap)
The user to use to connect to LDAP. Must be specified as a full DN.
#### lexical (puppet)
Whether to use lexical scoping (vs. dynamic).
#### listen (puppetd)
Whether puppetd should listen for connections. If this is true, then by default only the ``runner`` server is started, which allows remote authorized and authenticated nodes to connect and trigger ``puppetd`` runs.
#### localcacert (certificates)
Where each client stores the CA certificate. ``/etc/puppet/ssl/certs/ca.pem``
#### localconfig (puppetd)
Where puppetd caches the local configuration. An extension indicating the cache format is added automatically. ``/etc/puppet/localconfig``
#### lockdir (puppet)
Where lock files are kept. ``/var/puppet/locks``
#### logdir (puppet)
The Puppet log directory. ``/var/puppet/log``
#### manifest (puppetmasterd)
The entry-point manifest for puppetmasterd. ``/etc/puppet/manifests/site.pp``
#### manifestdir (puppetmasterd)
Where puppetmasterd looks for its manifests. ``/etc/puppet/manifests``
#### masterhttplog (puppetmasterd)
Where the puppetmasterd web server logs. ``/var/puppet/log/masterhttp.log``
#### masterlog (puppetmasterd)
Where puppetmasterd logs. This is generally not used, since syslog is the default log destination. ``/var/puppet/log/puppetmaster.log``
#### masterport (puppetmasterd)
Which port puppetmasterd listens on. ``8140``
#### mkusers (puppet)
Whether to create the necessary user and group that puppetd will run as.
#### node_name (puppetmasterd)
How the puppetmaster determines the client's identity and sets the 'hostname' fact for use in the manifest, in particular for determining which 'node' statement applies to the client. Possible values are 'cert' (use the subject's CN in the client's certificate) and 'facter' (use the hostname that the client reported in its facts) ``cert``
#### noop (puppetd)
Whether puppetd should be run in noop mode.
#### paramcheck (ast)
Whether to validate parameters during parsing. ``true``
#### parseonly (puppetmasterd)
Just check the syntax of the manifests.
#### passfile (certificates)
Where puppetd stores the password for its private key. Generally unused. ``/etc/puppet/ssl/private/password``
#### plugindest (puppet)
Where Puppet should store plugins that it pulls down from the central server. ``/var/puppet/plugins``
#### pluginpath (puppet)
Where Puppet should look for plugins. Multiple directories should be colon-separated, like normal PATH variables. ``/var/puppet/plugins``
#### pluginsignore (puppet)
What files to ignore when pulling down plugins. ``.svn CVS``
#### pluginsource (puppet)
From where to retrieve plugins. The standard Puppet ``file`` type is used for retrieval, so anything that is a valid file source can be used here. ``puppet://puppet/plugins``
#### pluginsync (puppet)
Whether plugins should be synced with the central server.
#### privatedir (certificates)
Where the client stores private certificate information. ``/etc/puppet/ssl/private``
#### privatekeydir (certificates)
The private key directory. ``/etc/puppet/ssl/private_keys``
#### publickeydir (certificates)
The public key directory. ``/etc/puppet/ssl/public_keys``
#### puppetdlockfile (puppetd)
A lock file to temporarily stop puppetd from doing anything. ``/var/puppet/state/puppetdlock``
#### puppetdlog (puppetd)
The log file for puppetd. This is generally not used. ``/var/puppet/log/puppetd.log``
#### puppetport (puppetd)
Which port puppetd listens on. ``8139``
#### railslog (puppetmaster)
Where Rails-specific logs are sent ``/var/puppet/log/puppetrails.log``
#### report (puppetd)
Whether to send reports after every transaction.
#### reportdirectory (reporting)
The directory in which to store reports received from the client. Each client gets a separate subdirectory. ``/var/puppet/reports``
#### reports (reporting)
The list of reports to generate. All reports are looked for in puppet/reports/.rb, and multiple report names should be comma-separated (whitespace is okay). ``none``
#### reportserver (puppetd)
The server to which to send transaction reports. ``puppet``
#### req_bits (ca)
The bit length of the certificates. ``2048``
#### rrddir (metrics)
The directory where RRD database files are stored. ``/var/puppet/rrd``
#### rrdgraph (metrics)
Whether RRD information should be graphed.
#### rundir (puppet)
Where Puppet PID files are kept. ``/var/puppet/run``
#### runinterval (puppetd)
How often puppetd applies the client configuration; in seconds ``1800``
#### serial (ca)
Where the serial number for certificates is stored. ``/etc/puppet/ssl/ca/serial``
#### server (puppetd)
The server to which server puppetd should connect ``puppet``
#### setpidfile (puppet)
Whether to store a PID file for the daemon. ``true``
#### signeddir (ca)
Where the CA stores signed certificates. ``/etc/puppet/ssl/ca/signed``
#### ssldir (puppet)
Where SSL certificates are kept. ``/etc/puppet/ssl``
#### statedir (puppet)
The directory where Puppet state is stored. Generally, this directory can be removed without causing harm (although it might result in spurious service restarts). ``/var/puppet/state``
#### statefile (puppet)
Where puppetd and puppetmasterd store state associated with the running configuration. In the case of puppetmasterd, this file reflects the state discovered through interacting with clients. ``/var/puppet/state/state.yaml``
#### storeconfigs (puppetmaster)
Whether to store each client's configuration. This requires ActiveRecord from Ruby on Rails.
#### tags (transaction)
Tags to use to find objects. If this is set, then only objects tagged with the specified tags will be applied. Values must be comma-separated.
#### templatedir (puppet)
Where Puppet looks for template files. ``/var/puppet/templates``
#### trace (puppet)
Whether to print stack traces on some errors
#### typecheck (ast)
Whether to validate types during parsing. ``true``
#### usecacheonfailure (puppetd)
Whether to use the cached configuration when the remote configuration will not compile. This option is useful for testing new configurations, where you want to fix the broken configuration rather than reverting to a known-good one. ``true``
#### user (puppetmasterd)
The user puppetmasterd should run as. ``puppet``
#### vardir (puppet)
Where Puppet stores dynamic and growing data. ``/var/puppet``
----------------
-*This page autogenerated on Mon Sep 25 14:59:45 EDT 2006*
+*This page autogenerated on Mon Sep 25 14:05:16 CDT 2006*