Pulling Strings With Puppet - James Turnbull [15]
Configuring puppetmasterd
The Puppet master daemon is initiated by the puppermasterd binary. This is the core of the Puppet client-server model; the server compiles and provides the compiled configuration to the nodes. In this section, we'll look at some of the command-line flags and configuration file options that can be used to configure the Puppet master daemon.
There are a number of command-line flags you can pass to the binary, and you can see a list of the most useful flags in Table 2-9.
Let's examine the flags in Table 2-9 in more detail. The --daemonize option tells the Puppet master daemon to daemonize the process and is the default behavior of the puppetmasterd binary when executed. The --no-daemonize option flag prevents the process being daemonized and leaving it running in the foreground. The --debug option causes the process to output debugging data. This is useful for troubleshooting. The -- logdest flag lets you tell the master daemon where to output logging data; you have the choice of specifying a file name, syslog output, or the console. It defaults to syslog output.
The --mkusers flag only needs to be run once when you first install Puppet. It creates the required puppet user and group for Puppet to run as (if they haven't already been created).
Lastly, the --verbose option outputs all logging messages to the command line. The -- help and --version options print the help text and version, respectively.
In the Puppet configuration file, there are also some useful options for the [puppetmasterd] namespace that you can use to configure the Puppet master daemon. You can see these options in Table 2-10.
The user and group options tell puppetmasterd what user and group to run as; this defaults to puppet in both cases. The manifestdir and manifest options specify the directory for storing manifests and the name of the site manifest file, which default to /etc/puppet/manifests and /etc/puppet/manifests/site.pp, respectively. The bindaddress and masterport options allow you to control what interface and port to bind the daemon to; these default to binding to all interfaces and to port 8140.
Configuring puppetd
The command-line operation of the Puppet client daemon is very similar to the operation of the master daemon. It can be configured both from the command line and via a configuration file, and in this section we'll look at the options that are typically specified for the daemon. In Table 2-11, you can see some of the common command-line flags you can use with puppetd.
The --daemonize option is the default action for the puppetd process; if executed without options, it will run in the background as a daemon. The --no-daemonize option flag prevents the process being daemonized and leaving it running in the foreground. The - -server option is used to specify the name of the Puppet master to connect to; it should be specified as a fully qualified domain name. The --waitforcert option only applies, as discussed in the "Starting the Puppet Client" section, for Puppet nodes without a certificate. It indicates the time in seconds in between certificate signing requests to a Puppet master. Once the node has a signed certificate, this option does nothing.
The --onetime option connects the client to the master, requests the node configuration, applies it, and then exits. The - - noop option allows dry runs of configuration without actually applying the configuration. This allows you to see what new configuration will do without actually making any changes to the node. Using this with the --verbose option will output logging messages with the proposed changes that you can verify for correctness. On the following line, you can see an example of typical noop output:
You can see that the notice indicates that the /etc/group file's permissions are 644, but the configuration would change that to 640.