Config files: fileserver.conf

The fileserver.conf file configures custom static mount points for Puppet’s file server. If custom mount points are present, file resources can access them with their source attributes.

When to use fileserver.conf

This file is only necessary if you are creating custom mount points.

Puppet automatically serves files from the files directory of every module, and most users find this sufficient. (More info on serving files from modules.) However, custom mount points are useful for things that shouldn’t be stored in version control with your modules, like very large files and sensitive credentials.

Location

The fileserver.conf file is located at $confdir/fileserver.conf by default. Its location is configurable with the fileserverconfig setting.

The location of the confdir depends on your OS. See the confdir documentation for details.

Example

# Files in the /path/to/files directory will be served
# at puppet:///extra_files/.
[extra_files]
    path /etc/puppetlabs/puppet/extra_files
    allow *

This fileserver.conf file would create a new mount point named extra_files.

Caution: You should always restrict write access to mounted directories. The file server will follow any symlinks in a file server mount, including links to files that agent nodes should not access (like SSL keys).

When following symlinks, the file server can access any files readable by Puppet Server’s user account.

Format

fileserver.conf uses a one-off format that resembles an INI file without the equals (=) signs. It is a series of mount-point stanzas, where each stanza consists of:

  • A [mount_point_name] surrounded by square brackets. This will become the name used in puppet:/// URLs for files in this mount point.
  • A path <PATH> directive, where <PATH> is an absolute path on disk. This is where the mount point’s files are stored.
  • An allow * directive.

Deprecated security directives

Before auth.conf existed, fileserver.conf could use allow and deny directives to control which nodes can access various files. This feature is now deprecated, and will be removed in a future release of Puppet.

Instead, you can use auth.conf to control access to mount points. The page on setting up mount points has details and examples.

The only security directive that should be present in fileserver.conf is an allow * directive for every mount point.