forked from puppetlabs/puppetserver
/
puppet-server.conf.sample
117 lines (97 loc) · 4.43 KB
/
puppet-server.conf.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
global: {
logging-config: ./dev/logback-dev.xml
}
product: {
update-server-url: "http://localhost/"
name: {group-id: puppetlabs.dev
artifact-id: puppet-server}
}
webserver: {
access-log-config: ./dev/request-logging-dev.xml
client-auth: want
# ssl-host controls what networks the server will accept connections from.
# The default value below is '0.0.0.0', so will accept connections from
# any client. For better security, you might wish to set this to 'localhost'.
ssl-host: 0.0.0.0
#ssl-host: localhost
ssl-port: 8140
}
# configure the mount points for the web apps
web-router-service: {
# These two should not be modified because the Puppet 4.x agent expects
# them to be mounted at these specific paths
"puppetlabs.services.ca.certificate-authority-service/certificate-authority-service": "/puppet-ca"
"puppetlabs.services.master.master-service/master-service": "/puppet"
# This controls the mount point for the puppet admin API.
"puppetlabs.services.puppet-admin.puppet-admin-service/puppet-admin-service": "/puppet-admin-api"
# 3.x agent compatibility routes. The legacy routes are only mounted if the
# puppetlabs.services.legacy-routes.legacy-routes-service/legacy-routes-service
# service is in the bootstrap.cfg
"puppetlabs.services.legacy-routes.legacy-routes-service/legacy-routes-service": ""
}
# configuration for the JRuby interpreters
jruby-puppet: {
# Where the puppet-agent dependency places puppet, facter, etc...
# Puppet server expects to load Puppet from this location
ruby-load-path: [./ruby/puppet/lib, ./ruby/facter/lib, ./ruby/hiera/lib]
# This setting determines where JRuby will look for gems. It is also
# used by the `puppetserver gem` command line tool.
gem-home: ./target/jruby-gems
# (optional) path to puppet conf dir; if not specified, will use the puppet default
master-conf-dir: ./target/master-conf-dir
# (optional) path to puppet code dir; if not specified, will use the puppet default
master-code-dir: ./target/master-code-dir
# (optional) path to puppet var dir; if not specified, will use the puppet default
master-var-dir: ./target/master-var-dir
# (optional) path to puppet run dir; if not specified, will use the puppet default
master-run-dir: ./target/master-run-dir
# (optional) path to puppet log dir; if not specified, will use the puppet default
master-log-dir: ./target/master-log-dir
# (optional) maximum number of JRuby instances to allow
max-active-instances: 1
# (optional) Authorize access to Puppet master endpoints via rules specified
# in the legacy Puppet auth.conf file (if true or not specified) or via rules
# specified in the Puppet Server HOCON-formatted auth.conf (if false).
use-legacy-auth-conf: false
}
# settings related to HTTP client requests made by Puppet Server
http-client: {
# A list of acceptable protocols for making HTTP requests
#ssl-protocols: [TLSv1, TLSv1.1, TLSv1.2]
# A list of acceptable cipher suites for making HTTP requests
#cipher-suites: [TLS_RSA_WITH_AES_256_CBC_SHA256,
# TLS_RSA_WITH_AES_256_CBC_SHA,
# TLS_RSA_WITH_AES_128_CBC_SHA256,
# TLS_RSA_WITH_AES_128_CBC_SHA]
# The amount of time, in milliseconds, that an outbound HTTP connection
# will wait for data to be available before closing the socket. If not
# defined, defaults to 20 minutes. If 0, the timeout is infinite and if
# negative, the value is undefined by the application and governed by the
# system default behavior.
#idle-timeout-milliseconds: 1200000
# The amount of time, in milliseconds, that an outbound HTTP connection will
# wait to connect before giving up. Defaults to 2 minutes if not set. If 0,
# the timeout is infinite and if negative, the value is undefined in the
# application and governed by the system default behavior.
#connect-timeout-milliseconds: 120000
}
# settings related to profiling the puppet Ruby code
profiler: {
# enable or disable profiling for the Ruby code; defaults to 'false'.
enabled: true
}
# authorization rules for web service endpoints
authorization: {
version: 1
rules: [
{
match-request: {
path: "/"
type: "path"
}
allow-unauthenticated: true
sort-order: 1
name: "allow all"
}
]
}