lib/puppet/defaults.rb in puppet-3.3.2 vs lib/puppet/defaults.rb in puppet-3.4.0.rc1

- old
+ new

@@ -18,27 +18,31 @@ define_settings(:main, :confdir => { :default => nil, :type => :directory, - :desc => - "The main Puppet configuration directory. The default for this setting is calculated based on the user. If the process\n" + - "is running as root or the user that Puppet is supposed to run as, it defaults to a system directory, but if it's running as any other user,\n" + - "it defaults to being in the user's home directory.", + :desc => "The main Puppet configuration directory. The default for this setting + is calculated based on the user. If the process is running as root or + the user that Puppet is supposed to run as, it defaults to a system + directory, but if it's running as any other user, it defaults to being + in the user's home directory.", }, :vardir => { :default => nil, :type => :directory, - :desc => "Where Puppet stores dynamic and growing data. The default for this setting is calculated specially, like `confdir`_.", + :owner => "service", + :group => "service", + :desc => "Where Puppet stores dynamic and growing data. The default for this + setting is calculated specially, like `confdir`_.", }, ### NOTE: this setting is usually being set to a symbol value. We don't officially have a ### setting type for that yet, but we might want to consider creating one. :name => { :default => nil, - :desc => "The name of the application, if we are running as one. The\n" + - "default is essentially $0 without the path or `.rb`.", + :desc => "The name of the application, if we are running as one. The + default is essentially $0 without the path or `.rb`.", } ) define_settings(:main, :logdir => { @@ -50,10 +54,19 @@ :desc => "The directory in which to store log files", } ) define_settings(:main, + :priority => { + :default => nil, + :type => :priority, + :desc => "The scheduling priority of the process. Valid values are 'high', + 'normal', 'low', or 'idle', which are mapped to platform-specific + values. The priority can also be specified as an integer value and + will be passed as is, e.g. -5. Puppet must be running as a privileged + user in order to increase scheduling priority.", + }, :trace => { :default => false, :type => :boolean, :desc => "Whether to print stack traces on some errors", }, @@ -68,13 +81,13 @@ :desc => "Whether log files should always flush to disk.", :hook => proc { |value| Log.autoflush = value } }, :syslogfacility => { :default => "daemon", - :desc => "What syslog facility to use when logging to\n" + - "syslog. Syslog has a fixed list of valid facilities, and you must\n" + - "choose one of those; you cannot just make one up." + :desc => "What syslog facility to use when logging to syslog. + Syslog has a fixed list of valid facilities, and you must + choose one of those; you cannot just make one up." }, :statedir => { :default => "$vardir/state", :type => :directory, :mode => 01755, @@ -91,34 +104,37 @@ :desc => "Where Puppet PID files are kept." }, :genconfig => { :default => false, :type => :boolean, - :desc => "Whether to just print a configuration to stdout and exit. Only makes\n" + - "sense when used interactively. Takes into account arguments specified\n" + - "on the CLI.", + :desc => "When true, causes Puppet applications to print an example config file + to stdout and exit. The example will include descriptions of each + setting, and the current (or default) value of each setting, + incorporating any settings overridden on the CLI (with the exception + of `genconfig` itself). This setting only makes sense when specified + on the command line as `--genconfig`.", }, :genmanifest => { :default => false, :type => :boolean, - :desc => "Whether to just print a manifest to stdout and exit. Only makes\n" + - "sense when used interactively. Takes into account arguments specified\n" + - "on the CLI.", + :desc => "Whether to just print a manifest to stdout and exit. Only makes + sense when specified on the command line as `--genmanifest`. Takes into account arguments specified + on the CLI.", }, :configprint => { :default => "", - :desc => "Print the value of a specific configuration setting. If the name of a\n" + - "setting is provided for this, then the value is printed and puppet\n" + - "exits. Comma-separate multiple values. For a list of all values,\n" + - "specify 'all'.", + :desc => "Print the value of a specific configuration setting. If the name of a + setting is provided for this, then the value is printed and puppet + exits. Comma-separate multiple values. For a list of all values, + specify 'all'.", }, :color => { :default => "ansi", :type => :string, - :desc => "Whether to use colors when logging to the console. Valid values are\n" + - "`ansi` (equivalent to `true`), `html`, and `false`, which produces no color.\n" + - "Defaults to false on Windows, as its console does not support ansi colors.", + :desc => "Whether to use colors when logging to the console. Valid values are + `ansi` (equivalent to `true`), `html`, and `false`, which produces no color. + Defaults to false on Windows, as its console does not support ansi colors.", }, :mkusers => { :default => false, :type => :boolean, :desc => "Whether to create the necessary user and group that puppet agent will run as.", @@ -129,18 +145,19 @@ :desc => "Whether Puppet should manage the owner, group, and mode of files it uses internally", }, :onetime => { :default => false, :type => :boolean, - :desc => "Run the configuration once, rather than as a long-running\n" + - "daemon. This is useful for interactively running puppetd.", + :desc => "Perform one configuration run and exit, rather than spawning a long-running + daemon. This is useful for interactively running puppet agent, or + running puppet agent from cron.", :short => 'o', }, :path => { :default => "none", - :desc => "The shell search path. Defaults to whatever is inherited\n" + - "from the parent process.", + :desc => "The shell search path. Defaults to whatever is inherited + from the parent process.", :call_hook => :on_define_and_write, :hook => proc do |value| ENV["PATH"] = "" if ENV["PATH"].nil? ENV["PATH"] = value unless value == "none" paths = ENV["PATH"].split(File::PATH_SEPARATOR) @@ -151,73 +168,77 @@ end }, :libdir => { :type => :directory, :default => "$vardir/lib", - :desc => "An extra search path for Puppet. This is only useful\n" + - "for those files that Puppet will load on demand, and is only\n" + - "guaranteed to work for those cases. In fact, the autoload\n" + - "mechanism is responsible for making sure this directory\n" + - "is in Ruby's search path\n", + :desc => "An extra search path for Puppet. This is only useful + for those files that Puppet will load on demand, and is only + guaranteed to work for those cases. In fact, the autoload + mechanism is responsible for making sure this directory + is in Ruby's search path\n", :call_hook => :on_initialize_and_write, :hook => proc do |value| $LOAD_PATH.delete(@oldlibdir) if defined?(@oldlibdir) and $LOAD_PATH.include?(@oldlibdir) @oldlibdir = value $LOAD_PATH << value end }, :ignoreimport => { :default => false, :type => :boolean, - :desc => "If true, allows the parser to continue without requiring\n" + - "all files referenced with `import` statements to exist. This setting was primarily\n" + - "designed for use with commit hooks for parse-checking.", + :desc => "If true, allows the parser to continue without requiring + all files referenced with `import` statements to exist. This setting was primarily + designed for use with commit hooks for parse-checking.", }, :environment => { :default => "production", - :desc => "The environment Puppet is running in. For clients\n" + - "(e.g., `puppet agent`) this determines the environment itself, which\n" + - "is used to find modules and much more. For servers (i.e., `puppet master`)\n" + - "this provides the default environment for nodes we know nothing about." + :desc => "The environment Puppet is running in. For clients + (e.g., `puppet agent`) this determines the environment itself, which + is used to find modules and much more. For servers (i.e., `puppet master`) + this provides the default environment for nodes we know nothing about." }, :diff_args => { :default => default_diffargs, - :desc => "Which arguments to pass to the diff command when printing differences between\n" + - "files. The command to use can be chosen with the `diff` setting.", + :desc => "Which arguments to pass to the diff command when printing differences between + files. The command to use can be chosen with the `diff` setting.", }, :diff => { :default => (Puppet.features.microsoft_windows? ? "" : "diff"), - :desc => "Which diff command to use when printing differences between files. This setting\n" + - "has no default value on Windows, as standard `diff` is not available, but Puppet can use many\n" + - "third-party diff tools.", + :desc => "Which diff command to use when printing differences between files. This setting + has no default value on Windows, as standard `diff` is not available, but Puppet can use many + third-party diff tools.", }, :show_diff => { :type => :boolean, :default => false, - :desc => "Whether to log and report a contextual diff when files are being replaced. This causes\n" + - "partial file contents to pass through Puppet's normal logging and reporting system, so this setting\n" + - "should be used with caution if you are sending Puppet's reports to an insecure destination.\n" + - "This feature currently requires the `diff/lcs` Ruby library.", + :desc => "Whether to log and report a contextual diff when files are being replaced. + This causes partial file contents to pass through Puppet's normal + logging and reporting system, so this setting should be used with + caution if you are sending Puppet's reports to an insecure + destination. This feature currently requires the `diff/lcs` Ruby + library.", }, :daemonize => { :type => :boolean, :default => (Puppet.features.microsoft_windows? ? false : true), - :desc => "Whether to send the process into the background. This defaults to true on POSIX systems, - and to false on Windows (where Puppet currently cannot daemonize).", + :desc => "Whether to send the process into the background. This defaults + to true on POSIX systems, and to false on Windows (where Puppet + currently cannot daemonize).", :short => "D", :hook => proc do |value| if value and Puppet.features.microsoft_windows? raise "Cannot daemonize on Windows" end end }, :maximum_uid => { :default => 4294967290, - :desc => "The maximum allowed UID. Some platforms use negative UIDs\n" + - "but then ship with tools that do not know how to handle signed ints, so the UIDs show up as\n" + - "huge numbers that can then not be fed back into the system. This is a hackish way to fail in a\n" + - "slightly more useful way when that happens.", + :desc => "The maximum allowed UID. Some platforms use negative UIDs + but then ship with tools that do not know how to handle signed ints, + so the UIDs show up as huge numbers that can then not be fed back into + the system. This is a hackish way to fail in a slightly more useful + way when that happens.", }, :route_file => { :default => "$confdir/routes.yaml", :desc => "The YAML file containing indirector route configuration.", }, @@ -383,18 +404,25 @@ performed work during the normal run.", }, :freeze_main => { :default => false, :type => :boolean, - :desc => "Freezes the 'main' class, disallowing any code to be added to it. This\n" + - "essentially means that you can't have any code outside of a node, class, or definition other\n" + - "than in the site manifest.", + :desc => "Freezes the 'main' class, disallowing any code to be added to it. This + essentially means that you can't have any code outside of a node, + class, or definition other than in the site manifest.", }, :stringify_facts => { :default => true, :type => :boolean, - :desc => "Flatten fact values to strings using #to_s. Means you can't have arrays or hashes as fact values.", + :desc => "Flatten fact values to strings using #to_s. Means you can't have arrays or + hashes as fact values.", + }, + :trusted_node_data => { + :default => false, + :type => :boolean, + :desc => "Stores trusted node data in a hash called $trusted. + When true also prevents $trusted from being overridden in any scope.", } ) Puppet.define_settings(:module_tool, :module_repository => { :default => 'https://forge.puppetlabs.com', @@ -470,10 +498,40 @@ It is rarely necessary for servers; it is usually helpful only if you need to have a pool of multiple load balanced masters, or for the same master to respond on two physically separate networks under different names. EOT }, + :csr_attributes => { + :default => "$confdir/csr_attributes.yaml", + :type => :file, + :desc => <<EOT +An optional file containing custom attributes to add to certificate signing +requests (CSRs). You should ensure that this file does not exist on your CA +puppet master; if it does, unwanted certificate extensions may leak into +certificates created with the `puppet cert generate` command. + +If present, this file must be a YAML hash containing a `custom_attributes` key +and/or an `extension_requests` key. The value of each key must be a hash, where +each key is a valid OID and each value is an object that can be cast to a string. + +Custom attributes can be used by the CA when deciding whether to sign the +certificate, but are then discarded. Attribute OIDs can be any OID value except +the standard CSR attributes (i.e. attributes described in RFC 2985 section 5.4). +This is useful for embedding a pre-shared key for autosigning policy executables +(see the `autosign` setting), often by using the `1.2.840.113549.1.9.7` +("challenge password") OID. + +Extension requests will be permanently embedded in the final certificate. +Extension OIDs must be in the "ppRegCertExt" (`1.3.6.1.4.1.34380.1.1`) or +"ppPrivCertExt" (`1.3.6.1.4.1.34380.1.2`) OID arcs. The ppRegCertExt arc is +reserved for four of the most common pieces of data to embed: `pp_uuid` (`.1`), +`pp_instance_id` (`.2`), `pp_image_name` (`.3`), and `pp_preshared_key` (`.4`) +--- in the YAML file, these can be referred to by their short descriptive names +instead of their full OID. The ppPrivCertExt arc is unregulated, and can be used +for site-specific extensions. +EOT + }, :certdir => { :default => "$ssldir/certs", :type => :directory, :owner => "service", :desc => "The certificate directory." @@ -556,23 +614,23 @@ }, :ssl_client_ca_auth => { :type => :file, :mode => 0644, :owner => "service", - :desc => "Certificate authorities who issue server certificates. SSL servers will not be \n" << - "considered authentic unless they posses a certificate issued by an authority \n" << - "listed in this file. If this setting has no value then the Puppet master's CA \n" << - "certificate (localcacert) will be used." + :desc => "Certificate authorities who issue server certificates. SSL servers will not be + considered authentic unless they posses a certificate issued by an authority + listed in this file. If this setting has no value then the Puppet master's CA + certificate (localcacert) will be used." }, :ssl_server_ca_auth => { :type => :file, :mode => 0644, :owner => "service", - :desc => "Certificate authorities who issue client certificates. SSL clients will not be \n" << - "considered authentic unless they posses a certificate issued by an authority \n" << - "listed in this file. If this setting has no value then the Puppet master's CA \n" << - "certificate (localcacert) will be used." + :desc => "Certificate authorities who issue client certificates. SSL clients will not be + considered authentic unless they posses a certificate issued by an authority + listed in this file. If this setting has no value then the Puppet master's CA + certificate (localcacert) will be used." }, :hostcrl => { :default => "$ssldir/crl.pem", :type => :file, :mode => 0644, @@ -581,12 +639,13 @@ This is distinct from the certificate authority's CRL." }, :certificate_revocation => { :default => true, :type => :boolean, - :desc => "Whether certificate revocation should be supported by downloading a Certificate Revocation List (CRL) - to all clients. If enabled, CA chaining will almost definitely not work.", + :desc => "Whether certificate revocation should be supported by downloading a + Certificate Revocation List (CRL) + to all clients. If enabled, CA chaining will almost definitely not work.", }, :certificate_expire_warning => { :default => "60d", :type => :duration, :desc => "The window of time leading up to a certificate's expiration that a notification @@ -680,15 +739,40 @@ :desc => "Where the serial number for certificates is stored." }, :autosign => { :default => "$confdir/autosign.conf", :type => :file, - :mode => 0644, - :desc => "Whether to enable autosign. Valid values are true (which - autosigns any key request, and is a very bad idea), false (which - never autosigns any key request), and the path to a file, which - uses that configuration file to determine which keys to sign."}, + :desc => "Whether (and how) to autosign certificate requests. This setting + is only relevant on a puppet master acting as a certificate authority (CA). + + Valid values are true (autosigns all certificate requests; not recommended), + false (disables autosigning certificates), or the absolute path to a file. + + The file specified in this setting may be either a **configuration file** + or a **custom policy executable.** Puppet will automatically determine + what it is: If the Puppet user (see the `user` setting) can execute the + file, it will be treated as a policy executable; otherwise, it will be + treated as a config file. + + If a custom policy executable is configured, the CA puppet master will run it + every time it receives a CSR. The executable will be passed the subject CN of the + request _as a command line argument,_ and the contents of the CSR in PEM format + _on stdin._ It should exit with a status of 0 if the cert should be autosigned + and non-zero if the cert should not be autosigned. + + If a certificate request is not autosigned, it will persist for review. An admin + user can use the `puppet cert sign` command to manually sign it, or can delete + the request. + + For info on autosign configuration files, see + [the guide to Puppet's config files](http://docs.puppetlabs.com/guides/configuring.html).", + :hook => proc do |value| + unless [false, 'false', true, 'true'].include?(value) or Puppet::Util.absolute_path?(value) + raise ArgumentError, "The autosign parameter must be 'true'/'false' or an absolute path" + end + end + }, :allow_duplicate_certs => { :default => false, :type => :boolean, :desc => "Whether to allow a new certificate request to overwrite an existing certificate.", @@ -731,14 +815,14 @@ :desc => "The configuration file for the current puppet application", }, :pidfile => { :type => :file, :default => "$rundir/${run_mode}.pid", - :desc => "The file containing the PID of a running process. " << - "This file is intended to be used by service management " << - "frameworks and monitoring systems to determine if a " << - "puppet process is still in the process table.", + :desc => "The file containing the PID of a running process. + This file is intended to be used by service management frameworks + and monitoring systems to determine if a puppet process is still in + the process table.", }, :bindaddress => { :default => "0.0.0.0", :desc => "The address a listening server should bind to.", } @@ -823,12 +907,13 @@ :desc => "Whether the master should function as a certificate authority.", }, :modulepath => { :default => "$confdir/modules#{File::PATH_SEPARATOR}/usr/share/puppet/modules", :type => :path, - :desc => "The search path for modules, as a list of directories separated by the system path separator character. " + - "(The POSIX path separator is ':', and the Windows path separator is ';'.)", + :desc => "The search path for modules, as a list of directories separated by the system + path separator character. (The POSIX path separator is ':', and the + Windows path separator is ';'.)", }, :ssl_client_header => { :default => "HTTP_X_CLIENT_DN", :desc => "The header containing an authenticated client's SSL DN. This header must be set by the proxy to the authenticated client's SSL @@ -1023,10 +1108,16 @@ :default => false, :type => :boolean, :desc => "Boolean; whether puppet agent should ignore schedules. This is useful for initial puppet agent runs.", }, + :default_schedules => { + :default => true, + :type => :boolean, + :desc => "Boolean; whether to generate the default schedule resources. Setting this to + false is useful for keeping external report processors clean of skipped schedule resources.", + }, :puppetport => { :default => 8139, :desc => "Which port puppet agent listens on.", }, :noop => { @@ -1112,70 +1203,71 @@ older master, so should never need to be set explicitly." }, :agent_catalog_run_lockfile => { :default => "$statedir/agent_catalog_run.lock", :type => :string, # (#2888) Ensure this file is not added to the settings catalog. - :desc => "A lock file to indicate that a puppet agent catalog run is currently in progress. " + - "The file contains the pid of the process that holds the lock on the catalog run.", + :desc => "A lock file to indicate that a puppet agent catalog run is currently in progress. + The file contains the pid of the process that holds the lock on the catalog run.", }, :agent_disabled_lockfile => { :default => "$statedir/agent_disabled.lock", - :type => :file, - :desc => "A lock file to indicate that puppet agent runs have been administratively disabled. File contains a JSON object with state information.", + :type => :file, + :desc => "A lock file to indicate that puppet agent runs have been administratively + disabled. File contains a JSON object with state information.", }, :usecacheonfailure => { :default => true, :type => :boolean, :desc => "Whether to use the cached configuration when the remote - configuration will not compile. This option is useful for testing - new configurations, where you want to fix the broken configuration - rather than reverting to a known-good one.", + configuration will not compile. This option is useful for testing + new configurations, where you want to fix the broken configuration + rather than reverting to a known-good one.", }, :use_cached_catalog => { :default => false, :type => :boolean, :desc => "Whether to only use the cached catalog rather than compiling a new catalog - on every run. Puppet can be run with this enabled by default and then selectively - disabled when a recompile is desired.", + on every run. Puppet can be run with this enabled by default and then selectively + disabled when a recompile is desired.", }, :ignoremissingtypes => { :default => false, :type => :boolean, :desc => "Skip searching for classes and definitions that were missing during a - prior compilation. The list of missing objects is maintained per-environment and - persists until the environment is cleared or the master is restarted.", + prior compilation. The list of missing objects is maintained per-environment and + persists until the environment is cleared or the master is restarted.", }, :ignorecache => { :default => false, :type => :boolean, :desc => "Ignore cache and always recompile the configuration. This is - useful for testing new configurations, where the local cache may in - fact be stale even if the timestamps are up to date - if the facts - change or if the server changes.", + useful for testing new configurations, where the local cache may in + fact be stale even if the timestamps are up to date - if the facts + change or if the server changes.", }, :dynamicfacts => { :default => "memorysize,memoryfree,swapsize,swapfree", :desc => "(Deprecated) Facts that are dynamic; these facts will be ignored when deciding whether - changed facts should result in a recompile. Multiple facts should be - comma-separated.", + changed facts should result in a recompile. Multiple facts should be + comma-separated.", :hook => proc { |value| if value Puppet.deprecation_warning "The dynamicfacts setting is deprecated and will be ignored." end } }, :splaylimit => { :default => "$runinterval", :type => :duration, :desc => "The maximum time to delay before runs. Defaults to being the same as the - run interval. #{AS_DURATION}", + run interval. #{AS_DURATION}", }, :splay => { :default => false, :type => :boolean, :desc => "Whether to sleep for a pseudo-random (but consistent) amount of time before - a run.", + a run.", }, :clientbucketdir => { :default => "$vardir/clientbucket", :type => :directory, :mode => 0750, @@ -1183,12 +1275,12 @@ }, :configtimeout => { :default => "2m", :type => :duration, :desc => "How long the client should wait for the configuration to be retrieved - before considering it a failure. This can help reduce flapping if too - many clients contact the server at one time. #{AS_DURATION}", + before considering it a failure. This can help reduce flapping if too + many clients contact the server at one time. #{AS_DURATION}", }, :report_server => { :default => "$server", :desc => "The server to send transaction reports to.", }, @@ -1223,27 +1315,28 @@ }, :graph => { :default => false, :type => :boolean, :desc => "Whether to create dot graph files for the different - configuration graphs. These dot files can be interpreted by tools - like OmniGraffle or dot (which is part of ImageMagick).", + configuration graphs. These dot files can be interpreted by tools + like OmniGraffle or dot (which is part of ImageMagick).", }, :graphdir => { :default => "$statedir/graphs", :type => :directory, :desc => "Where to store dot-outputted graphs.", }, :http_compression => { :default => false, :type => :boolean, :desc => "Allow http compression in REST communication with the master. - This setting might improve performance for agent -> master communications over slow WANs. - Your puppet master needs to support compression (usually by activating some settings in a reverse-proxy - in front of the puppet master, which rules out webrick). - It is harmless to activate this settings if your master doesn't support - compression, but if it supports it, this setting might reduce performance on high-speed LANs.", + This setting might improve performance for agent -> master + communications over slow WANs. Your puppet master needs to support + compression (usually by activating some settings in a reverse-proxy in + front of the puppet master, which rules out webrick). It is harmless to + activate this settings if your master doesn't support compression, but + if it supports it, this setting might reduce performance on high-speed LANs.", }, :waitforcert => { :default => "2m", :type => :duration, :desc => "How frequently puppet agent should ask for a signed certificate. @@ -1308,10 +1401,19 @@ :default => "puppet://$server/plugins", :desc => "From where to retrieve plugins. The standard Puppet `file` type is used for retrieval, so anything that is a valid file source can be used here.", }, + :pluginfactdest => { + :type => :directory, + :default => "$vardir/facts.d", + :desc => "Where Puppet should store external facts that are being handled by pluginsync", + }, + :pluginfactsource => { + :default => "puppet://$server/pluginfacts", + :desc => "Where to retrieve external facts for pluginsync", + }, :pluginsync => { :default => true, :type => :boolean, :desc => "Whether plugins should be synced with the central server.", }, @@ -1328,11 +1430,12 @@ :main, :factpath => { :type => :path, :default => "$vardir/lib/facter#{File::PATH_SEPARATOR}$vardir/facts", :desc => "Where Puppet should look for facts. Multiple directories should - be separated by the system path separator character. (The POSIX path separator is ':', and the Windows path separator is ';'.)", + be separated by the system path separator character. (The POSIX path + separator is ':', and the Windows path separator is ';'.)", :call_hook => :on_initialize_and_write, # Call our hook with the default value, so we always get the value added to facter. :hook => proc { |value| Facter.search(value) if Facter.respond_to?(:search) }} ) @@ -1398,31 +1501,31 @@ used when networked databases are used.", }, :dbport => { :default => "", :desc => "The database password for caching. Only - used when networked databases are used. #{STORECONFIGS_ONLY}", + used when networked databases are used. #{STORECONFIGS_ONLY}", }, :dbuser => { :default => "puppet", :desc => "The database user for caching. Only - used when networked databases are used. #{STORECONFIGS_ONLY}", + used when networked databases are used. #{STORECONFIGS_ONLY}", }, :dbpassword => { :default => "puppet", :desc => "The database password for caching. Only - used when networked databases are used. #{STORECONFIGS_ONLY}", + used when networked databases are used. #{STORECONFIGS_ONLY}", }, :dbconnections => { :default => '', :desc => "The number of database connections for networked - databases. Will be ignored unless the value is a positive integer. #{STORECONFIGS_ONLY}", + databases. Will be ignored unless the value is a positive integer. #{STORECONFIGS_ONLY}", }, :dbsocket => { :default => "", :desc => "The database socket location. Only used when networked - databases are used. Will be ignored if the value is an empty string. #{STORECONFIGS_ONLY}", + databases are used. Will be ignored if the value is an empty string. #{STORECONFIGS_ONLY}", }, :railslog => { :default => "$logdir/rails.log", :type => :file, :mode => 0600, @@ -1432,39 +1535,39 @@ }, :rails_loglevel => { :default => "info", :desc => "The log level for Rails connections. The value must be - a valid log level within Rails. Production environments normally use `info` - and other environments normally use `debug`. #{STORECONFIGS_ONLY}", + a valid log level within Rails. Production environments normally use `info` + and other environments normally use `debug`. #{STORECONFIGS_ONLY}", } ) define_settings( :couchdb, :couchdb_url => { :default => "http://127.0.0.1:5984/puppet", :desc => "The url where the puppet couchdb database will be created. - Only used when `facts_terminus` is set to `couch`.", + Only used when `facts_terminus` is set to `couch`.", } ) define_settings( :transaction, :tags => { :default => "", :desc => "Tags to use to find resources. If this is set, then - only resources tagged with the specified tags will be applied. - Values must be comma-separated.", + only resources tagged with the specified tags will be applied. + Values must be comma-separated.", }, :evaltrace => { :default => false, :type => :boolean, :desc => "Whether each resource should log when it is - being evaluated. This allows you to interactively see exactly - what is being done.", + being evaluated. This allows you to interactively see exactly + what is being done.", }, :summarize => { :default => false, :type => :boolean, :desc => "Whether to print a transaction summary.", @@ -1474,35 +1577,35 @@ define_settings( :main, :external_nodes => { :default => "none", :desc => "An external command that can produce node information. The command's output - must be a YAML dump of a hash, and that hash must have a `classes` key and/or - a `parameters` key, where `classes` is an array or hash and - `parameters` is a hash. For unknown nodes, the command should - exit with a non-zero exit code. + must be a YAML dump of a hash, and that hash must have a `classes` key and/or + a `parameters` key, where `classes` is an array or hash and + `parameters` is a hash. For unknown nodes, the command should + exit with a non-zero exit code. - This command makes it straightforward to store your node mapping - information in other data sources like databases.", + This command makes it straightforward to store your node mapping + information in other data sources like databases.", } ) define_settings( :ldap, :ldapssl => { :default => false, :type => :boolean, :desc => "Whether SSL should be used when searching for nodes. - Defaults to false because SSL usually requires certificates - to be set up on the client side.", + Defaults to false because SSL usually requires certificates + to be set up on the client side.", }, :ldaptls => { :default => false, :type => :boolean, :desc => "Whether TLS should be used when searching for nodes. - Defaults to false because TLS usually requires certificates - to be set up on the client side.", + Defaults to false because TLS usually requires certificates + to be set up on the client side.", }, :ldapserver => { :default => "ldap", :desc => "The LDAP server. Only used if `node_terminus` is set to `ldap`.", }, @@ -1516,59 +1619,59 @@ :desc => "The search string used to find an LDAP node.", }, :ldapclassattrs => { :default => "puppetclass", :desc => "The LDAP attributes to use to define Puppet classes. Values - should be comma-separated.", + should be comma-separated.", }, :ldapstackedattrs => { :default => "puppetvar", :desc => "The LDAP attributes that should be stacked to arrays by adding - the values in all hierarchy elements of the tree. Values - should be comma-separated.", + the values in all hierarchy elements of the tree. Values + should be comma-separated.", }, :ldapattrs => { :default => "all", :desc => "The LDAP attributes to include when querying LDAP for nodes. All - returned attributes are set as variables in the top-level scope. - Multiple values should be comma-separated. The value 'all' returns - all attributes.", + returned attributes are set as variables in the top-level scope. + Multiple values should be comma-separated. The value 'all' returns + all attributes.", }, :ldapparentattr => { :default => "parentnode", :desc => "The attribute to use to define the parent node.", }, :ldapuser => { :default => "", :desc => "The user to use to connect to LDAP. Must be specified as a - full DN.", + full DN.", }, :ldappassword => { :default => "", :desc => "The password to use to connect to LDAP.", }, :ldapbase => { :default => "", :desc => "The search base for LDAP searches. It's impossible to provide - a meaningful default here, although the LDAP libraries might - have one already set. Generally, it should be the 'ou=Hosts' - branch under your main directory.", + a meaningful default here, although the LDAP libraries might + have one already set. Generally, it should be the 'ou=Hosts' + branch under your main directory.", } ) define_settings(:master, :storeconfigs => { :default => false, :type => :boolean, :desc => "Whether to store each client's configuration, including catalogs, facts, -and related data. This also enables the import and export of resources in -the Puppet language - a mechanism for exchange resources between nodes. + and related data. This also enables the import and export of resources in + the Puppet language - a mechanism for exchange resources between nodes. -By default this uses ActiveRecord and an SQL database to store and query -the data; this, in turn, will depend on Rails being available. + By default this uses ActiveRecord and an SQL database to store and query + the data; this, in turn, will depend on Rails being available. -You can adjust the backend using the storeconfigs_backend setting.", + You can adjust the backend using the storeconfigs_backend setting.", # Call our hook with the default value, so we always get the libdir set. :call_hook => :on_initialize_and_write, :hook => proc do |value| require 'puppet/node' require 'puppet/node/facts' @@ -1585,78 +1688,84 @@ }, :storeconfigs_backend => { :type => :terminus, :default => "active_record", :desc => "Configure the backend terminus used for StoreConfigs. -By default, this uses the ActiveRecord store, which directly talks to the -database from within the Puppet Master process." + By default, this uses the ActiveRecord store, which directly talks to the + database from within the Puppet Master process." } ) define_settings(:parser, :templatedir => { :default => "$vardir/templates", :type => :directory, :desc => "Where Puppet looks for template files. Can be a list of colon-separated - directories.", + directories.", }, :allow_variables_with_dashes => { :default => false, :desc => <<-'EOT' -Permit hyphens (`-`) in variable names and issue deprecation warnings about -them. This setting **should always be `false`;** setting it to `true` -will cause subtle and wide-ranging bugs. It will be removed in a future version. + Permit hyphens (`-`) in variable names and issue deprecation warnings about + them. This setting **should always be `false`;** setting it to `true` + will cause subtle and wide-ranging bugs. It will be removed in a future version. -Hyphenated variables caused major problems in the language, but were allowed -between Puppet 2.7.3 and 2.7.14. If you used them during this window, we -apologize for the inconvenience --- you can temporarily set this to `true` -in order to upgrade, and can rename your variables at your leisure. Please -revert it to `false` after you have renamed all affected variables. -EOT + Hyphenated variables caused major problems in the language, but were allowed + between Puppet 2.7.3 and 2.7.14. If you used them during this window, we + apologize for the inconvenience --- you can temporarily set this to `true` + in order to upgrade, and can rename your variables at your leisure. Please + revert it to `false` after you have renamed all affected variables. + EOT }, :parser => { :default => "current", :desc => <<-'EOT' -Selects the parser to use for parsing puppet manifests (in puppet DSL language/'.pp' files). -Available choices are 'current' (the default), and 'future'. + Selects the parser to use for parsing puppet manifests (in puppet DSL + language/'.pp' files). Available choices are `current` (the default), + and `future`. -The 'curent' parser means that the released version of the parser should be used. + The `curent` parser means that the released version of the parser should + be used. -The 'future' parser is a "time travel to the future" allowing early exposure to new language features. -What these fatures are will vary from release to release and they may be invididually configurable. + The `future` parser is a "time travel to the future" allowing early + exposure to new language features. What these fatures are will vary from + release to release and they may be invididually configurable. -Available Since Puppet 3.2. -EOT + Available Since Puppet 3.2. + EOT }, :max_errors => { :default => 10, :desc => <<-'EOT' -Sets the max number of logged/displayed parser validation errors in case multiple errors have been detected. -A value of 0 is the same as value 1. The count is per manifest. -EOT + Sets the max number of logged/displayed parser validation errors in case + multiple errors have been detected. A value of 0 is the same as value 1. + The count is per manifest. + EOT }, :max_warnings => { :default => 10, :desc => <<-'EOT' -Sets the max number of logged/displayed parser validation warnings in case multiple errors have been detected. -A value of 0 is the same as value 1. The count is per manifest. -EOT + Sets the max number of logged/displayed parser validation warnings in + case multiple errors have been detected. A value of 0 is the same as + value 1. The count is per manifest. + EOT }, :max_deprecations => { :default => 10, :desc => <<-'EOT' -Sets the max number of logged/displayed parser validation deprecation warnings in case multiple errors have been detected. -A value of 0 is the same as value 1. The count is per manifest. -EOT + Sets the max number of logged/displayed parser validation deprecation + warnings in case multiple errors have been detected. A value of 0 is the + same as value 1. The count is per manifest. + EOT } ) define_settings(:puppetdoc, :document_all => { :default => false, :type => :boolean, :desc => "Whether to document all resources when using `puppet doc` to - generate manifest documentation.", + generate manifest documentation.", } ) end