Puppet:默认的“puppet.conf”和“puppet master --genconfig”生成的“puppet.conf”有什么区别?

Puppet:默认的“puppet.conf”和“puppet master --genconfig”生成的“puppet.conf”有什么区别?

我公司有一台 Puppet 服务器,几个月前我安装了它,它目前已完全投入生产并且运行良好。

我现在通过在线阅读有关最佳实践等的资料来加深对 Puppet 的了解。

在阅读时我遇到了以下命令:

puppet master --genconfig > puppet.conf

当我在命令完成时打开文件时,我发现文件中的指令比服务器中当前默认的指令多得多。

我的当前puppet.conf是(默认的):

[root@puppetmaster ~]# egrep -v '^    #|#' /etc/puppet/puppet.conf  | sort | uniq
[agent]
   autosign       = $confdir/autosign.conf { mode = 664 }
   basemodulepath   = /etc/puppet/environments/common:/etc/puppet/modules:/usr/share/puppet/modules
   ca             = true 
   certname       = puppetmaster.company.local
   certname          = puppetmaster.company.local
   classfile = $statedir/classes.txt
   configtimeout     = 120
   default_schedules = false
   environmentpath  = /etc/puppet/environments
   environment       = production
   external_nodes = /etc/puppet/node.rb
   hiera_config = $confdir/hiera.yaml
   hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
   listen            = false
   localconfig = $vardir/localconfig
   logdir = /var/log/puppet
[main]
[master]
     masterport        = 8140
     node_terminus  = exec
     noop              = false
     parser         = current
     pluginsync        = true
     privatekeydir = $ssldir/private_keys { group = service }
     reports        = foreman
     report            = true
     rundir = /var/run/puppet
     runinterval       = 1800
     server            = puppetmaster.company.local
     show_diff     = false
     splay             = false
     splaylimit        = 1800
     ssldir = /var/lib/puppet/ssl
     ssldir         = /var/lib/puppet/ssl
     strict_variables = false
     usecacheonfailure = true
     vardir = /var/lib/puppet

新生成的puppet.conf文件为:

[master]
    dblocation = /var/lib/puppet/state/clientconfigs.sqlite3
    railslog = /var/log/puppet/rails.log
    hostpubkey = /var/lib/puppet/ssl/public_keys/puppetmaster.company.local.pem
    logdir = /var/log/puppet
    requestdir = /var/lib/puppet/ssl/certificate_requests
    pluginsource = puppet://puppet/plugins
    facts_terminus = yaml
    node_cache_terminus = write_only_yaml
    immutable_node_data = false
    filetimeout = 15
    vardir = /var/lib/puppet
    privatedir = /var/lib/puppet/ssl/private
    pluginfactsource = puppet://puppet/pluginfacts
    hiera_config = /etc/puppet/hiera.yaml
    hostcrl = /var/lib/puppet/ssl/crl.pem
    hostcsr = /var/lib/puppet/ssl/csr_puppetmaster.company.local.pem
    default_file_terminus = rest
    certdir = /var/lib/puppet/ssl/certs
    certificate_expire_warning = 5184000
    hostprivkey = /var/lib/puppet/ssl/private_keys/puppetmaster.company.local.pem
    publickeydir = /var/lib/puppet/ssl/public_keys
    libdir = /var/lib/puppet/lib
    plugindest = /var/lib/puppet/lib
    node_terminus = exec
    statedir = /var/lib/puppet/state
    localcacert = /var/lib/puppet/ssl/certs/ca.pem
    confdir = /etc/puppet
    privatekeydir = /var/lib/puppet/ssl/private_keys
    pluginfactdest = /var/lib/puppet/facts.d
    data_binding_terminus = hiera
    preview_outputdir = /var/lib/puppet/preview
    http_keepalive_timeout = 4
    passfile = /var/lib/puppet/ssl/private/password
    inventory_terminus = yaml
    csr_attributes = /etc/puppet/csr_attributes.yaml
    rundir = /var/run/puppet
    name = master
    hostcert = /var/lib/puppet/ssl/certs/puppetmaster.company.local.pem
    environment_timeout = 0
    factpath = /var/lib/puppet/lib/facter:/var/lib/puppet/facts
    httplog = /var/log/puppet/http.log
    environmentpath = /etc/puppet/environments
    ssldir = /var/lib/puppet/ssl
    catalog_terminus = compiler
    external_nodes = /etc/puppet/node.rb
    route_file = /etc/puppet/routes.yaml
    devicedir = /var/lib/puppet/devices
    deviceconfig = /etc/puppet/device.conf
    agent_disabled_lockfile = /var/lib/puppet/state/agent_disabled.lock
    runinterval = 1800
    resourcefile = /var/lib/puppet/state/resources.txt
    node_name_value = puppetmaster.company.local
    configtimeout = 120
    ca_port = 8140
    localconfig = /var/lib/puppet/state/localconfig
    report_port = 8140
    clientyamldir = /var/lib/puppet/client_yaml
    inventory_port = 8140
    splaylimit = 1800
    agent_catalog_run_lockfile = /var/lib/puppet/state/agent_catalog_run.lock
    classfile = /var/lib/puppet/state/classes.txt
    lastrunreport = /var/lib/puppet/state/last_run_report.yaml
    clientbucketdir = /var/lib/puppet/clientbucket
    puppetdlog = /var/log/puppet/puppetd.log
    ca_server = puppet
    graphdir = /var/lib/puppet/state/graphs
    report_server = puppet
    waitforcert = 120
    statefile = /var/lib/puppet/state/state.yaml
    inventory_server = puppet
    client_datadir = /var/lib/puppet/client_data
    lastrunfile = /var/lib/puppet/state/last_run_summary.yaml
    rest_authconfig = /etc/puppet/auth.conf
    manifestdir = /etc/puppet/manifests
    server_datadir = /var/lib/puppet/server_data
    masterhttplog = /var/log/puppet/masterhttp.log
    reportdir = /var/lib/puppet/reports
    storeconfigs_backend = active_record
    bucketdir = /var/lib/puppet/bucket
    modulepath = /etc/puppet/environments/common:/etc/puppet/modules:/usr/share/puppet/modules
   route_file = /etc/puppet/routes.yaml
   devicedir = /var/lib/puppet/devices
   deviceconfig = /etc/puppet/device.conf
   agent_disabled_lockfile = /var/lib/puppet/state/agent_disabled.lock
   runinterval = 1800
   resourcefile = /var/lib/puppet/state/resources.txt
   node_name_value = puppetmaster.company.local
   configtimeout = 120
   ca_port = 8140
   localconfig = /var/lib/puppet/state/localconfig
   report_port = 8140
   clientyamldir = /var/lib/puppet/client_yaml
   inventory_port = 8140
   splaylimit = 1800
   agent_catalog_run_lockfile = /var/lib/puppet/state/agent_catalog_run.lock
   classfile = /var/lib/puppet/state/classes.txt
   lastrunreport = /var/lib/puppet/state/last_run_report.yaml
   clientbucketdir = /var/lib/puppet/clientbucket
   puppetdlog = /var/log/puppet/puppetd.log
   ca_server = puppet
   graphdir = /var/lib/puppet/state/graphs
   report_server = puppet
   waitforcert = 120
   statefile = /var/lib/puppet/state/state.yaml
   inventory_server = puppet
   client_datadir = /var/lib/puppet/client_data
   lastrunfile = /var/lib/puppet/state/last_run_summary.yaml
   rest_authconfig = /etc/puppet/auth.conf
   manifestdir = /etc/puppet/manifests
   server_datadir = /var/lib/puppet/server_data
   masterhttplog = /var/log/puppet/masterhttp.log
   reportdir = /var/lib/puppet/reports
   storeconfigs_backend = active_record
   bucketdir = /var/lib/puppet/bucket
   modulepath = /etc/puppet/environments/common:/etc/puppet/modules:/usr/share/puppet/modules
   fileserverconfig = /etc/puppet/fileserver.conf
   yamldir = /var/lib/puppet/yaml
   manifest = /etc/puppet/manifests/site.pp
   basemodulepath = /etc/puppet/environments/common:/etc/puppet/modules:/usr/share/puppet/modules
   masterlog = /var/log/puppet/puppetmaster.log
   reports = foreman
   templatedir = /var/lib/puppet/templates
   config = /etc/puppet/puppet.conf
   pidfile = /var/run/puppet/master.pid
   tagmap = /etc/puppet/tagmail.conf
   module_working_dir = /var/lib/puppet/puppet-module
   module_skeleton_dir = /var/lib/puppet/puppet-module/skeleton
   signeddir = /var/lib/puppet/ssl/ca/signed
   cadir = /var/lib/puppet/ssl/ca
   serial = /var/lib/puppet/ssl/ca/serial
   cakey = /var/lib/puppet/ssl/ca/ca_key.pem
   autosign = /etc/puppet/autosign.conf
   cacrl = /var/lib/puppet/ssl/ca/ca_crl.pem
   cert_inventory = /var/lib/puppet/ssl/ca/inventory.txt
   csrdir = /var/lib/puppet/ssl/ca/requests
   ca_name = Puppet CA: puppetmaster.company.local
   capass = /var/lib/puppet/ssl/ca/private/ca.pass
   cacert = /var/lib/puppet/ssl/ca/ca_crt.pem
   ca_ttl = 157680000
   capub = /var/lib/puppet/ssl/ca/ca_pub.pem
   caprivatedir = /var/lib/puppet/ssl/ca/private
   rrddir = /var/lib/puppet/rrd
   rrdinterval = 1800
   archive_file_server = puppet

我的问题是:

如果当前配置文件中不存在所有这些指令,那么为什么一切仍然有效,以及命令--genconfig从哪里获取所有这些设置?

答案1

Puppet 有许多内置的默认设置。您可以在配置参考

例如,您生成的文件filetimeout = 15默认因为那是 15 秒。这个设置是多余的。通常你不需要设置默认的东西。

相关内容