我公司有一台 Puppet 服务器,几个月前我安装了它,它目前已完全投入生产并且运行良好。
我现在通过在线阅读有关最佳实践等的资料来加深对 Puppet 的了解。
在阅读时我遇到了以下命令:
puppet master --genconfig > puppet.conf
当我在命令完成时打开文件时,我发现文件中的指令比服务器中当前默认的指令多得多。
我的当前puppet.conf是(默认的):
[root@puppetmaster ~]# egrep -v '^ #|#' /etc/puppet/puppet.conf | sort | uniq
[agent]
autosign = $confdir/autosign.conf { mode = 664 }
basemodulepath = /etc/puppet/environments/common:/etc/puppet/modules:/usr/share/puppet/modules
ca = true
certname = puppetmaster.company.local
certname = puppetmaster.company.local
classfile = $statedir/classes.txt
configtimeout = 120
default_schedules = false
environmentpath = /etc/puppet/environments
environment = production
external_nodes = /etc/puppet/node.rb
hiera_config = $confdir/hiera.yaml
hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
listen = false
localconfig = $vardir/localconfig
logdir = /var/log/puppet
[main]
[master]
masterport = 8140
node_terminus = exec
noop = false
parser = current
pluginsync = true
privatekeydir = $ssldir/private_keys { group = service }
reports = foreman
report = true
rundir = /var/run/puppet
runinterval = 1800
server = puppetmaster.company.local
show_diff = false
splay = false
splaylimit = 1800
ssldir = /var/lib/puppet/ssl
ssldir = /var/lib/puppet/ssl
strict_variables = false
usecacheonfailure = true
vardir = /var/lib/puppet
新生成的puppet.conf文件为:
[master]
dblocation = /var/lib/puppet/state/clientconfigs.sqlite3
railslog = /var/log/puppet/rails.log
hostpubkey = /var/lib/puppet/ssl/public_keys/puppetmaster.company.local.pem
logdir = /var/log/puppet
requestdir = /var/lib/puppet/ssl/certificate_requests
pluginsource = puppet://puppet/plugins
facts_terminus = yaml
node_cache_terminus = write_only_yaml
immutable_node_data = false
filetimeout = 15
vardir = /var/lib/puppet
privatedir = /var/lib/puppet/ssl/private
pluginfactsource = puppet://puppet/pluginfacts
hiera_config = /etc/puppet/hiera.yaml
hostcrl = /var/lib/puppet/ssl/crl.pem
hostcsr = /var/lib/puppet/ssl/csr_puppetmaster.company.local.pem
default_file_terminus = rest
certdir = /var/lib/puppet/ssl/certs
certificate_expire_warning = 5184000
hostprivkey = /var/lib/puppet/ssl/private_keys/puppetmaster.company.local.pem
publickeydir = /var/lib/puppet/ssl/public_keys
libdir = /var/lib/puppet/lib
plugindest = /var/lib/puppet/lib
node_terminus = exec
statedir = /var/lib/puppet/state
localcacert = /var/lib/puppet/ssl/certs/ca.pem
confdir = /etc/puppet
privatekeydir = /var/lib/puppet/ssl/private_keys
pluginfactdest = /var/lib/puppet/facts.d
data_binding_terminus = hiera
preview_outputdir = /var/lib/puppet/preview
http_keepalive_timeout = 4
passfile = /var/lib/puppet/ssl/private/password
inventory_terminus = yaml
csr_attributes = /etc/puppet/csr_attributes.yaml
rundir = /var/run/puppet
name = master
hostcert = /var/lib/puppet/ssl/certs/puppetmaster.company.local.pem
environment_timeout = 0
factpath = /var/lib/puppet/lib/facter:/var/lib/puppet/facts
httplog = /var/log/puppet/http.log
environmentpath = /etc/puppet/environments
ssldir = /var/lib/puppet/ssl
catalog_terminus = compiler
external_nodes = /etc/puppet/node.rb
route_file = /etc/puppet/routes.yaml
devicedir = /var/lib/puppet/devices
deviceconfig = /etc/puppet/device.conf
agent_disabled_lockfile = /var/lib/puppet/state/agent_disabled.lock
runinterval = 1800
resourcefile = /var/lib/puppet/state/resources.txt
node_name_value = puppetmaster.company.local
configtimeout = 120
ca_port = 8140
localconfig = /var/lib/puppet/state/localconfig
report_port = 8140
clientyamldir = /var/lib/puppet/client_yaml
inventory_port = 8140
splaylimit = 1800
agent_catalog_run_lockfile = /var/lib/puppet/state/agent_catalog_run.lock
classfile = /var/lib/puppet/state/classes.txt
lastrunreport = /var/lib/puppet/state/last_run_report.yaml
clientbucketdir = /var/lib/puppet/clientbucket
puppetdlog = /var/log/puppet/puppetd.log
ca_server = puppet
graphdir = /var/lib/puppet/state/graphs
report_server = puppet
waitforcert = 120
statefile = /var/lib/puppet/state/state.yaml
inventory_server = puppet
client_datadir = /var/lib/puppet/client_data
lastrunfile = /var/lib/puppet/state/last_run_summary.yaml
rest_authconfig = /etc/puppet/auth.conf
manifestdir = /etc/puppet/manifests
server_datadir = /var/lib/puppet/server_data
masterhttplog = /var/log/puppet/masterhttp.log
reportdir = /var/lib/puppet/reports
storeconfigs_backend = active_record
bucketdir = /var/lib/puppet/bucket
modulepath = /etc/puppet/environments/common:/etc/puppet/modules:/usr/share/puppet/modules
route_file = /etc/puppet/routes.yaml
devicedir = /var/lib/puppet/devices
deviceconfig = /etc/puppet/device.conf
agent_disabled_lockfile = /var/lib/puppet/state/agent_disabled.lock
runinterval = 1800
resourcefile = /var/lib/puppet/state/resources.txt
node_name_value = puppetmaster.company.local
configtimeout = 120
ca_port = 8140
localconfig = /var/lib/puppet/state/localconfig
report_port = 8140
clientyamldir = /var/lib/puppet/client_yaml
inventory_port = 8140
splaylimit = 1800
agent_catalog_run_lockfile = /var/lib/puppet/state/agent_catalog_run.lock
classfile = /var/lib/puppet/state/classes.txt
lastrunreport = /var/lib/puppet/state/last_run_report.yaml
clientbucketdir = /var/lib/puppet/clientbucket
puppetdlog = /var/log/puppet/puppetd.log
ca_server = puppet
graphdir = /var/lib/puppet/state/graphs
report_server = puppet
waitforcert = 120
statefile = /var/lib/puppet/state/state.yaml
inventory_server = puppet
client_datadir = /var/lib/puppet/client_data
lastrunfile = /var/lib/puppet/state/last_run_summary.yaml
rest_authconfig = /etc/puppet/auth.conf
manifestdir = /etc/puppet/manifests
server_datadir = /var/lib/puppet/server_data
masterhttplog = /var/log/puppet/masterhttp.log
reportdir = /var/lib/puppet/reports
storeconfigs_backend = active_record
bucketdir = /var/lib/puppet/bucket
modulepath = /etc/puppet/environments/common:/etc/puppet/modules:/usr/share/puppet/modules
fileserverconfig = /etc/puppet/fileserver.conf
yamldir = /var/lib/puppet/yaml
manifest = /etc/puppet/manifests/site.pp
basemodulepath = /etc/puppet/environments/common:/etc/puppet/modules:/usr/share/puppet/modules
masterlog = /var/log/puppet/puppetmaster.log
reports = foreman
templatedir = /var/lib/puppet/templates
config = /etc/puppet/puppet.conf
pidfile = /var/run/puppet/master.pid
tagmap = /etc/puppet/tagmail.conf
module_working_dir = /var/lib/puppet/puppet-module
module_skeleton_dir = /var/lib/puppet/puppet-module/skeleton
signeddir = /var/lib/puppet/ssl/ca/signed
cadir = /var/lib/puppet/ssl/ca
serial = /var/lib/puppet/ssl/ca/serial
cakey = /var/lib/puppet/ssl/ca/ca_key.pem
autosign = /etc/puppet/autosign.conf
cacrl = /var/lib/puppet/ssl/ca/ca_crl.pem
cert_inventory = /var/lib/puppet/ssl/ca/inventory.txt
csrdir = /var/lib/puppet/ssl/ca/requests
ca_name = Puppet CA: puppetmaster.company.local
capass = /var/lib/puppet/ssl/ca/private/ca.pass
cacert = /var/lib/puppet/ssl/ca/ca_crt.pem
ca_ttl = 157680000
capub = /var/lib/puppet/ssl/ca/ca_pub.pem
caprivatedir = /var/lib/puppet/ssl/ca/private
rrddir = /var/lib/puppet/rrd
rrdinterval = 1800
archive_file_server = puppet
我的问题是:
如果当前配置文件中不存在所有这些指令,那么为什么一切仍然有效,以及命令--genconfig从哪里获取所有这些设置?