Configuration Reference

This document lists all options for the inmanta server and inmanta agent.

The options are listed per config section.

agent_rest_transport

host
Type:str
Default:localhost

IP address or hostname of the server

port
Type:int
Default:8888

Server port

request-timeout
Type:int
Default:120

The time before a request times out in seconds

ssl
Type:bool

Connect using SSL?

ssl-ca-cert-file
Type:optional str

CA cert file used to validate the server certificate against

token
Type:optional str

The bearer token to use to connect to the API

client_rest_transport

host
Type:str
Default:localhost

IP address or hostname of the server

port
Type:int
Default:8888

Server port

request-timeout
Type:int
Default:120

The time before a request times out in seconds

ssl
Type:bool

Connect using SSL?

ssl-ca-cert-file
Type:optional str

CA cert file used to validate the server certificate against

token
Type:optional str

The bearer token to use to connect to the API

cmdline_rest_transport

host
Type:str
Default:localhost

IP address or hostname of the server

port
Type:int
Default:8888

Server port

request-timeout
Type:int
Default:120

The time before a request times out in seconds

ssl
Type:bool

Connect using SSL?

ssl-ca-cert-file
Type:optional str

CA cert file used to validate the server certificate against

token
Type:optional str

The bearer token to use to connect to the API

compiler_rest_transport

host
Type:str
Default:localhost

IP address or hostname of the server

port
Type:int
Default:8888

Server port

request-timeout
Type:int
Default:120

The time before a request times out in seconds

ssl
Type:bool

Connect using SSL?

ssl-ca-cert-file
Type:optional str

CA cert file used to validate the server certificate against

token
Type:optional str

The bearer token to use to connect to the API

config

agent-deploy-interval
Type:time

The number of seconds between two (incremental) deployment runs of the agent.

agent-deploy-splay-time
Type:time
Default:600

The splaytime added to the agent-deploy-interval. Set this to 0 to disable the splaytime. At startup the agent will choose a random number between 0 and agent-deploy-splay-time. It will wait this number of second before performing the first deployment run. Each subsequent repair deployment will start agent-deploy-interval seconds after the previous one.

agent-interval
Type:time
Default:600

[DEPRECATED] The run interval of the agent. Every run-interval seconds, the agent will check the current state of its resources against to desired state model

agent-map
Type:map

By default the agent assumes that all agent names map to the host on which the process is executed. With the agent map it can be mapped to other hosts. This value consists of a list of key/value pairs. The key is the name of the agent and the format of the value is described in std::AgentConfig example: iaas_openstack=localhost,vm1=192.16.13.2

agent-names
Type:str
Default:$node-name

Names of the agents this instance should deploy configuration for

agent-reconnect-delay
Type:int
Default:5

Time to wait after a failed heartbeat message. DO NOT SET TO 0

agent-repair-interval
Type:time
Default:600

The number of seconds between two repair runs (full deploy) of the agent. Set this to 0 to disable the scheduled repair runs.

agent-repair-splay-time
Type:time
Default:600

The splaytime added to the agent-repair-interval. Set this to 0 to disable the splaytime. At startup the agent will choose a random number between 0 and agent-repair-splay-time. It will wait this number of second before performing the first repair run. Each subsequent repair deployment will start agent-repair-interval seconds after the previous one.

agent-run-at-start
Type:bool

run the agent at startup, even if a splay time is set

agent-splay
Type:time
Default:600

[DEPRECATED] The splaytime added to the runinterval. Set this to 0 to disable splaytime. At startup the agent will choose a random number between 0 and “agent_splay. It will wait this number of second before performing the first deploy. Each subsequent deploy will start agent-interval seconds after the previous one.

environment
Type:optional uuid

The environment this model is associated with

export
Type:list

The list of exporters to use

log-dir
Type:str
Default:/var/log/inmanta

The directory where the server stores log file. Currently this is only for the output of embedded agents.

node-name
Type:str
Default:$ socket.gethostname()

Force the hostname of this machine to a specific value

server-timeout
Type:time
Default:125

Amount of time to wait for a response from the server before we try to reconnect, must be smaller than server.agent-hold

state-dir
Type:str
Default:/var/lib/inmanta

The directory where the server stores its state

dashboard

auth-url
Type:str

The auth url of the keycloak server to use.

client-id
Type:str

The client id configured in keycloak for this application.

enabled
Type:bool
Default:True

Determines whether the server should host the dashboard or not

lcm
Type:bool

Enable lifecycle manager in the dashboard

path
Type:str
Default:/usr/share/inmanta/dashboard

The path on the local file system where the dashboard can be found

realm
Type:str
Default:inmanta

The realm to use for keycloak authentication.

database

host
Type:str
Default:localhost

Hostname or IP of the mongo server

name
Type:str
Default:inmanta

The name of the database on the mongo server

port
Type:int
Default:27017

The port of the mongo server

server

agent-hold
Type:time
Default:$ server.agent-timeout*3/4

Maximal time the server will hold an agent heartbeat call

agent-timeout
Type:time
Default:30

Time before an agent is considered to be offline

auth
Type:bool

Enable authentication on the server API

auto-recompile-wait
Type:time
Default:10

The number of seconds to wait before the server may attempt to do a new recompile. Recompiles are triggered after facts updates for example.

available-versions-to-keep
Type:int
Default:10

On boot and at regular intervals the server will purge older versions. This is the number of most recent versions to keep available.

delete-currupt-files
Type:bool
Default:True

The server logs an error when it detects a file got corrupted. When set to true, the server will also delete the file, so on subsequent compiles the missing file will be recreated.

fact-expire
Type:time
Default:3600

After how many seconds will discovered facts/parameters expire

fact-renew
Type:time; < server.fact-expire
Default:$ server.fact-expire/3

After how many seconds will discovered facts/parameters be renewed? This value needs to be lower than fact-expire

fact-resource-block
Type:time
Default:60

Minimal time between subsequent requests for the same fact

purge-resource-action-logs-interval
Type:time
Default:3600

The number of seconds between resource-action log purging

purge-versions-interval
Type:time
Default:3600

The number of seconds between version purging, see server.available-versions-to-keep

resource-action-log-prefix
Type:optional str
Default:resource-actions-

File prefix in log-dir, containing the resource-action logs. The after the prefix the environment uuid and .log is added

server-address
Type:str
Default:localhost

The public ip address of the server. This is required for example to inject the inmanta agent in virtual machines at boot time.

ssl-ca-cert-file
Type:optional str

The CA cert file required to validate the server ssl cert. This setting is used by the serverto correctly configure the compiler and agents that the server starts itself. If not set and SSL is enabled, the server cert should be verifiable with the CAs installed in the OS.

ssl-cert-file
Type:optional str

SSL certificate file for the server key. Leave blank to disable SSL

ssl-key-file
Type:optional str

Server private key to use for this server Leave blank to disable SSL

wait-after-param
Type:time
Default:5

Time to wait before recompile after new paramters have been received

server_rest_transport

port
Type:str
Default:8888

The port on which the server listens for connections

service_api_rest_transport

host
Type:str
Default:localhost

IP address or hostname of the server

port
Type:int
Default:8889

Server port

request-timeout
Type:int
Default:120

The time before a request times out in seconds

ssl
Type:bool

Connect using SSL?

ssl-ca-cert-file
Type:optional str

CA cert file used to validate the server certificate against

token
Type:optional str

The bearer token to use to connect to the API

unknown_handler

default
Type:str
Default:prune-agent

default method to handle unknown values