PuppetDB 3.1 » Configuration » Using SSL with PostgreSQL
Included in Puppet Enterprise 2015.2. A newer version is available; see the version menu above for details.
The Puppet master makes HTTPS connections to PuppetDB to store catalogs, facts and new reports. It also uses PuppetDB to answer queries such those necessary to support exported resources. If the PuppetDB instance is down, depending on the configuration of the Puppet master, it could cause the Puppet run to fail. This document discusses configuration options for the
puppetdb.conf file, including settings to make the PuppetDB terminus more tolerant of failures.
puppetdb.conf file is always located at
$confdir/puppetdb.conf. Its location is not configurable.
The location of the
confdir varies; it depends on the OS, Puppet distribution, and user account. See the confdir documentation for details.
[main] server_urls = https://puppetdb.example.com:8081
puppetdb.conf file uses the same INI-like format as
puppet.conf, but only uses a
[main] section defines all of the PuppetDB terminus settings.
This setting specifies how the Puppet master should connect to PuppetDB. The configuration should look something like this example:
server_urls = https://puppetdb.example.com:8081
Puppet requires the use of PuppetDB’s secure, HTTPS port. You cannot use the unencrypted, plain HTTP port.
You can use a comma separated list of URLs if there are multiple PuppetDB instances available. A
server_urls config that supports two PuppetDBs would look like:
server_urls = https://puppetdb1.example.com:8081,https://puppetdb2.example.com:8081
The PuppetDB terminus will always attempt to connect to the first PuppetDB instance specified (listed above as puppetdb1). If a server-side exception occurs, or the request takes too long (see
server_url_timeout), the PuppetDB terminus will attempt the same operation on the next instance in the list.
The default value is https://puppetdb:8081
server_url_timeout setting sets the maximum amount of time (in seconds) the PuppetDB termini will wait for PuppetDB to respond to HTTP requests. If the user has specified multiple PuppetDB URLs and a timeout has occurred, it will attempt the same request on the next server in the list.
The default value is 30 seconds.
This setting can let the Puppet master stay partially available during a PuppetDB outage. If set to
true, Puppet can keep compiling and serving catalogs even if PuppetDB isn’t accessible for command submission. (However, any catalogs that need to query exported resources from PuppetDB will still fail.)
The default value is false.
server_urlsreplaces these setting. These settings will be removed in the future.
Hostname and port of the PuppetDB instance.
server_urls takes precedence if both are defined.