Want to improve your security posture? The 2019 State of DevOps Report tells you how.
Get the report

fileserver.conf: Custom fileserver mount points

Open source Puppet 6.10

Expand menu Collapse menu
Open menu Close menu
  1. When to use fileserver.conf
  2. Location
  3. Example
  4. Format
  5. Deprecated security directives

The fileserver.conf file configures custom static mount points for Puppet’s file server. If custom mount points are present, file resources can access them with their source attributes.

When to use fileserver.conf

This file is necessary only if you are creating custom mount points.

Puppet automatically serves files from the files directory of every module, and most users find this sufficient. For more information, see Modules fundamentals. However, custom mount points are useful for things that you don’t store in version control with your modules, like very large files and sensitive credentials.

Location

The fileserver.conf file is located at $confdir/fileserver.conf by default. Its location is configurable with the fileserverconfig setting.

The location of the confdir depends on your operating system. See the confdir documentation for details.

Example

# Files in the /path/to/files directory are served
# at puppet:///extra_files/.
[extra_files]
    path /etc/puppetlabs/puppet/extra_files
    allow *

This fileserver.conf file would create a new mount point named extra_files.

CAUTION: Always restrict write access to mounted directories. The file server follows any symlinks in a file server mount, including links to files that agent nodes shouldn’t access (like SSL keys). When following symlinks, the file server can access any files readable by Puppet Server’s user account.

Format

fileserver.conf uses a one-off format that resembles an INI file without the equals (=) signs. It is a series of mount-point stanzas, where each stanza consists of:

  • A [mount_point_name] surrounded by square brackets. This becomes the name used in puppet:/// URLs for files in this mount point.

  • A path <PATH> directive, where <PATH> is an absolute path on disk. This is where the mount point’s files are stored.

  • An allow * directive.

Deprecated security directives

Before auth.conf existed, fileserver.conf could use allow and deny directives to control which nodes can access various files. This feature is now deprecated, and will be removed in a future release of Puppet.

Instead, you can use auth.conf to control access to mount points. See setting up mount points for more details and examples.

The only security directive present in fileserver.conf is an allow * directive for every mount point.

Back to top
The page rank or the 1 our of 5 rating a user has given the page.
The email address of the user submitting feedback.
The URL of the page being ranked/rated.