Command Reference

All inmanta commands and services are started by the inmanta command. This page provides an overview of all subcommands available:

inmanta

usage: inmanta [-h] [-p] [-c CONFIG_FILE] [--config-dir CONFIG_DIR]
               [--log-file LOG_FILE] [--logging-config LOGGING_CONFIG]
               [--log-file-level {0,1,2,3,4,ERROR,WARNING,INFO,DEBUG,TRACE}]
               [--timed-logs] [-v] [--warnings {warn,ignore,error}] [-X]
               [--version] [--keep-logger-names]
               {server,scheduler,compile,list-commands,help,modules,module,project,deploy,export,print-default-logging-config}
               ...

Named Arguments

-p

Profile this run of the program

Default: False

-c, --config

Use this config file

--config-dir

The directory containing the Inmanta configuration files

Default: '/etc/inmanta/inmanta.d'

--log-file

Path to the logfile

--logging-config

The path to the configuration file for the logging framework. This is a YAML file that follows the dictionary-schema accepted by logging.config.dictConfig(). All other log-related configuration arguments will be ignored when this argument is provided.

--log-file-level

Possible choices: 0, 1, 2, 3, 4, ERROR, WARNING, INFO, DEBUG, TRACE

Log level for messages going to the logfile: 0=ERROR, 1=WARNING, 2=INFO, 3=DEBUG

Default: 'INFO'

--timed-logs

Add timestamps to logs

Default: False

-v, --verbose

Log level for messages going to the console. Default is warnings only. When used in combination with a logging config file, it will force a cli logger to be added to the config.-v warning, -vv info, -vvv debug and -vvvv trace

Default: 0

--warnings

Possible choices: warn, ignore, error

The warning behaviour. Must be one of ‘warn’, ‘ignore’, ‘error’

Default: 'warn'

-X, --extended-errors

Show stack traces for errors

Default: False

--version

Show the version of the installed Inmanta product and the version of its subcomponents

Default: False

--keep-logger-names

Display the log messages using the name of the logger that created the log messages when running the compiler.

Default: False

Sub-commands

server

Start the inmanta server

inmanta server [-h] [-v] [--db-wait-time DB_WAIT_TIME]
Named Arguments
-v, --verbose

Log level for messages going to the console. Default is warnings,-v warning, -vv info, -vvv debug and -vvvv trace

--db-wait-time

Maximum time in seconds the server will wait for the database to be up before starting. A value of 0 means the server will not wait. If set to a negative value, the server will wait indefinitely.

scheduler

Start the resource scheduler

inmanta scheduler [-h] [-v]
Named Arguments
-v, --verbose

Log level for messages going to the console. Default is warnings,-v warning, -vv info, -vvv debug and -vvvv trace

compile

Compile the project to a configuration model

inmanta compile [-h] [-v] [-e ENVIRONMENT] [-X] [--server_address SERVER]
                [--server_port PORT] [--username USER] [--password PASSWORD]
                [--ssl] [--ssl-ca-cert CA_CERT] [--export-compile-data]
                [--export-compile-data-file EXPORT_COMPILE_DATA_FILE]
                [--no-cache] [--experimental-data-trace]
                [--experimental-dataflow-graphic] [-f MAIN_FILE]
                [--no-strict-deps-check] [--strict-deps-check]
Named Arguments
-v, --verbose

Log level for messages going to the console. Default is warnings,-v warning, -vv info, -vvv debug and -vvvv trace

-e

The environment to compile this model for

-X, --extended-errors

Show stack traces for compile errors

--server_address

The address of the server hosting the environment

--server_port

The port of the server hosting the environment

--username

The username of the server

--password

The password of the server

--ssl

Enable SSL

Default: False

--ssl-ca-cert

Certificate authority for SSL

--export-compile-data

Export structured json containing compile data such as occurred errors.

Default: False

--export-compile-data-file

File to export compile data to. If omitted compile_data.json is used.

--no-cache

Disable caching of compiled CF files

Default: True

--experimental-data-trace

Experimental data trace tool useful for debugging

Default: False

--experimental-dataflow-graphic

Experimental graphic data flow visualization

Default: False

-f

Main file

Default: 'main.cf'

--no-strict-deps-check

When this option is enabled, only version conflicts in the direct dependencies will result in an error. All other version conflicts will result in a warning. This option is mutually exclusive with the --strict-deps-check option.

Default: False

--strict-deps-check

When this option is enabled, a version conflict in any (transitive) dependency will results in an error. This option is mutually exclusive with the --no-strict-deps-check option.

Default: False

list-commands

Print out an overview of all commands

inmanta list-commands [-h]

help

show a help message and exit

inmanta help [-h] [subcommand]
Positional Arguments
subcommand

Output help for a particular subcommand

modules (module)

Subcommand to manage modules

inmanta modules [-h] [-v] [-m [MODULE]]
                {add,list,install,status,push,verify,create,freeze,build,v1tov2,release}
                ...
Named Arguments
-v, --verbose

Log level for messages going to the console. Default is warnings,-v warning, -vv info, -vvv debug and -vvvv trace

-m, --module

Module to apply this command to

subcommand
cmd

Possible choices: add, list, install, status, push, verify, create, freeze, build, v1tov2, release

Sub-commands
add

Add a module dependency to an Inmanta module or project. When executed on a project, the module is installed as well. Either --v1 or --v2 has to be set.

inmanta modules add [-h] [-v] [--v1] [--v2] [--override] module_req
Positional Arguments
module_req

The name of the module, optionally with a version constraint.

Named Arguments
-v, --verbose

Log level for messages going to the console. Default is warnings,-v warning, -vv info, -vvv debug and -vvvv trace

--v1

Add the given module as a v1 module

Default: False

--v2

Add the given module as a V2 module

Default: False

--override

Override the version constraint when the given module dependency already exists.

Default: False

list

List all modules used in this project in a table

inmanta modules list [-h] [-v]
Named Arguments
-v, --verbose

Log level for messages going to the console. Default is warnings,-v warning, -vv info, -vvv debug and -vvvv trace

install

The ‘inmanta module install’ command is no longer supported. Instead, use one of the following approaches:

  1. To install a module in editable mode, use ‘pip install -e .’.

  2. For a non-editable installation, first run ‘inmanta module build’ followed by ‘pip install ./dist/<dist-package>’.

inmanta modules install [-h] [-v] [-e] [path]
Positional Arguments
path

The path to the module.

Named Arguments
-v, --verbose

Log level for messages going to the console. Default is warnings,-v warning, -vv info, -vvv debug and -vvvv trace

-e, --editable

Install in editable mode.

Default: False

status

Run a git status on all modules and report

inmanta modules status [-h] [-v]
Named Arguments
-v, --verbose

Log level for messages going to the console. Default is warnings,-v warning, -vv info, -vvv debug and -vvvv trace

push

Run a git push on all modules and report

inmanta modules push [-h] [-v]
Named Arguments
-v, --verbose

Log level for messages going to the console. Default is warnings,-v warning, -vv info, -vvv debug and -vvvv trace

verify

Verify dependencies and frozen module versions

inmanta modules verify [-h] [-v]
Named Arguments
-v, --verbose

Log level for messages going to the console. Default is warnings,-v warning, -vv info, -vvv debug and -vvvv trace

create

Create a new module

inmanta modules create [-h] [-v] [--v1] name
Positional Arguments
name

The name of the module

Named Arguments
-v, --verbose

Log level for messages going to the console. Default is warnings,-v warning, -vv info, -vvv debug and -vvvv trace

--v1

Create a v1 module. By default a v2 module is created.

Default: False

freeze

Freeze all version numbers in module.yml. This command is only supported on v1 modules. On v2 modules use the pip freeze command instead.

inmanta modules freeze [-h] [-v] [-o OUTFILE] [-r] [--operator {==,~=,>=}]
Named Arguments
-v, --verbose

Log level for messages going to the console. Default is warnings,-v warning, -vv info, -vvv debug and -vvvv trace

-o, --outfile

File in which to put the new module.yml, default is the existing module.yml. Use - to write to stdout.

-r, --recursive

Freeze dependencies recursively. If not set, freeze_recursive option in module.yml is used, which defaults to False

--operator

Possible choices: ==, ~=, >=

Comparison operator used to freeze versions, If not set, the freeze_operator option in module.yml is used which defaults to ~=

build

Build a Python package from a V2 module.

inmanta modules build [-h] [-v] [-o OUTPUT_DIR] [--dev] [-b] [path]
Positional Arguments
path

The path to the module that should be built. By default, the current working directory is used.

Named Arguments
-v, --verbose

Log level for messages going to the console. Default is warnings,-v warning, -vv info, -vvv debug and -vvvv trace

-o, --output-dir

The directory where the Python package will be stored. Default: <module_root>/dist

--dev

Perform a development build of the module. This adds the build tag .dev<timestamp> to the package name. The timestamp has the form %Y%m%d%H%M%S.

Default: False

-b, --byte-code

Produce a module wheel that contains only python bytecode for the plugins.

Default: False

v1tov2

Convert a V1 module to a V2 module in place

inmanta modules v1tov2 [-h] [-v]
Named Arguments
-v, --verbose

Log level for messages going to the console. Default is warnings,-v warning, -vv info, -vvv debug and -vvvv trace

release

When a stable release is done, this command:

  • Does a commit that changes the current version to a stable version.

  • Adds Git release tag.

  • Does a commit that changes the current version to a development version that is one patch increment ahead of the released version.

When a development release is done using the --dev option, this command:

  • Does a commit that updates the current version of the module to a development version that is a patch, minor or major version ahead of the previous stable release. The size of the increment is determined by the --revision, --patch, --minor or --major argument (--patch is the default). When a CHANGELOG.md file is present in the root of the module directory then the version number in the changelog is also updated accordingly. The changelog file is always populated with the associated stable version and not a development version.

inmanta modules release [-h] [-v] [--dev] [--major] [--minor] [--patch]
                        [--revision] [-m MESSAGE] [-c CHANGELOG_MESSAGE] [-a]
Named Arguments
-v, --verbose

Log level for messages going to the console. Default is warnings,-v warning, -vv info, -vvv debug and -vvvv trace

--dev

Create a development version. The new version number will have the .dev0 build tag.

Default: False

--major

Do a major version bump compared to the previous stable release.

Default: False

--minor

Do a minor version bump compared to the previous stable release.

Default: False

--patch

Do a patch version bump compared to the previous stable release.

Default: False

--revision

Do a revision version bump compared to the previous stable release (only with 4 digits version).

Default: False

-m, --message

Commit message

-c, --changelog-message

This changelog message will be written to the changelog file. If the -m option is not provided, this message will also be used as the commit message.

-a, --all

Use commit -a

Default: False

project

Subcommand to manage the project

inmanta project [-h] [-v] {freeze,init,install,update} ...
Named Arguments
-v, --verbose

Log level for messages going to the console. Default is warnings,-v warning, -vv info, -vvv debug and -vvvv trace

subcommand
cmd

Possible choices: freeze, init, install, update

Sub-commands
freeze

Set all version numbers in project.yml

inmanta project freeze [-h] [-v] [-o OUTFILE] [-r] [--operator {==,~=,>=}]
Named Arguments
-v, --verbose

Log level for messages going to the console. Default is warnings,-v warning, -vv info, -vvv debug and -vvvv trace

-o, --outfile

File in which to put the new project.yml, default is the existing project.yml. Use - to write to stdout.

-r, --recursive

Freeze dependencies recursively. If not set, freeze_recursive option in project.yml is used,which defaults to False

--operator

Possible choices: ==, ~=, >=

Comparison operator used to freeze versions, If not set, the freeze_operator option in project.yml is used which defaults to ~=

init

Initialize directory structure for a project

inmanta project init [-h] [-v] --name NAME [--output-dir OUTPUT_DIR]
                     [--default]
Named Arguments
-v, --verbose

Log level for messages going to the console. Default is warnings,-v warning, -vv info, -vvv debug and -vvvv trace

--name, -n

The name of the new project

--output-dir, -o

Output directory path

Default: './'

--default

Use default parameters for the project generation

Default: False

install

Install all modules required for this project.

This command installs missing modules in the development venv, but doesn’t update already installed modules if that’s not required to satisfy the module version constraints. Use inmanta project update instead if the already installed modules need to be updated to the latest compatible version.

This command might reinstall Python packages in the development venv if the currently installed versions are not compatible with the dependencies specified by the different Inmanta modules.

inmanta project install [-h] [-v] [--no-strict-deps-check]
                        [--strict-deps-check]
Named Arguments
-v, --verbose

Log level for messages going to the console. Default is warnings,-v warning, -vv info, -vvv debug and -vvvv trace

--no-strict-deps-check

When this option is enabled, only version conflicts in the direct dependencies will result in an error. All other version conflicts will result in a warning. This option is mutually exclusive with the --strict-deps-check option.

Default: False

--strict-deps-check

When this option is enabled, a version conflict in any (transitive) dependency will results in an error. This option is mutually exclusive with the --no-strict-deps-check option.

Default: False

update

Update all modules to the latest version compatible with the module version constraints and install missing modules.

This command might reinstall Python packages in the development venv if the currently installed versions are not the latest compatible with the dependencies specified by the updated modules.

inmanta project update [-h] [-v] [--no-strict-deps-check]
                       [--strict-deps-check]
Named Arguments
-v, --verbose

Log level for messages going to the console. Default is warnings,-v warning, -vv info, -vvv debug and -vvvv trace

--no-strict-deps-check

When this option is enabled, only version conflicts in the direct dependencies will result in an error. All other version conflicts will result in a warning. This option is mutually exclusive with the --strict-deps-check option.

Default: False

--strict-deps-check

When this option is enabled, a version conflict in any (transitive) dependency will results in an error. This option is mutually exclusive with the --no-strict-deps-check option.

Default: False

deploy

Deploy with a inmanta all-in-one setup

inmanta deploy [-h] [-v] [--dry-run] [-f MAIN_FILE]
Named Arguments
-v, --verbose

Log level for messages going to the console. Default is warnings,-v warning, -vv info, -vvv debug and -vvvv trace

--dry-run

Only report changes

Default: False

-f

Main file

Default: 'main.cf'

export

Export the configuration

inmanta export [-h] [-v] [-g] [-j JSON] [-e ENVIRONMENT] [-d] [--full] [-m]
               [--server_address SERVER] [--server_port PORT] [--token TOKEN]
               [--ssl | --no-ssl] [--ssl-ca-cert CA_CERT] [-X] [-f MAIN_FILE]
               [--metadata METADATA] [--model-export]
               [--export-plugin EXPORT_PLUGIN] [--export-compile-data]
               [--export-compile-data-file EXPORT_COMPILE_DATA_FILE]
               [--no-cache] [--partial]
               [--delete-resource-set DELETE_RESOURCE_SET] [--soft-delete]
               [--no-strict-deps-check] [--strict-deps-check]
Named Arguments
-v, --verbose

Log level for messages going to the console. Default is warnings,-v warning, -vv info, -vvv debug and -vvvv trace

-g

Dump the dependency graph

Default: False

-j

Do not submit to the server but only store the json that would have been submitted in the supplied file

-e

The environment to compile this model for

-d

Trigger a deploy for the exported version

Default: False

--full

Make the agents execute a full deploy instead of an incremental deploy. Should be used together with the -d option

Default: False

-m

Also export the complete model

Default: False

--server_address

The address of the server to submit the model to

--server_port

The port of the server to submit the model to

--token

The token to auth to the server

--ssl, --no-ssl

Enable SSL

--ssl-ca-cert

Certificate authority for SSL

-X, --extended-errors

Show stack traces for compile errors

-f

Main file

Default: 'main.cf'

--metadata

JSON metadata why this compile happened. If a non-json string is passed it is used as the ‘message’ attribute in the metadata.

--model-export

Export the configuration model to the server as metadata.

Default: False

--export-plugin

Only use this export plugin. This option also disables the execution of the plugins listed in the configuration file in the export setting.

--export-compile-data

Export structured json containing compile data such as occurred errors.

Default: False

--export-compile-data-file

File to export compile data to. If omitted compile_data.json is used.

--no-cache

Disable caching of compiled CF files

Default: True

--partial

Execute a partial export. Does not upload new Python code to the server: it is assumed to be unchanged since the last full export. Multiple partial exports for disjunct resource sets may be performed concurrently but not concurrent with a full export. When used in combination with the --json option, 0 is used as a placeholder for the model version.

Default: False

--delete-resource-set

Remove a resource set as part of a partial compile. This option can be provided multiple times and should always be used together with the –partial option. Sets can also be marked for deletion via the INMANTA_REMOVED_SET_ID env variable as a space separated list of set ids to remove.

--soft-delete

This flag prevents the deletion of resource sets (marked for deletion via the --delete-resource-set clioption or the INMANTA_REMOVED_SET_ID env variable) that contain resources that are currently being exported.

Default: False

--no-strict-deps-check

When this option is enabled, only version conflicts in the direct dependencies will result in an error. All other version conflicts will result in a warning. This option is mutually exclusive with the --strict-deps-check option.

Default: False

--strict-deps-check

When this option is enabled, a version conflict in any (transitive) dependency will results in an error. This option is mutually exclusive with the --no-strict-deps-check option.

Default: False

inmanta-cli

The inmanta-cli command can be used to interact with the inmanta server and agents, including managing projects, environments, parameters and more. The following reference explains the available subcommands.

inmanta-cli

Base command

inmanta-cli [OPTIONS] COMMAND [ARGS]...

Options

--host <host>

The server hostname to connect to

--port <port>

The server port to connect to

action-log

Subcommand to view the resource action log

inmanta-cli action-log [OPTIONS] COMMAND [ARGS]...
list

List the resource action log for a specific Resource.

inmanta-cli action-log list [OPTIONS]

Options

-e, --environment <environment>

Required The ID or name of the environment to use

--rvid <rvid>

Required The resource version ID of the resource

--action <action>

Only list this resource action

Options:

store | push | pull | deploy | dryrun | getfact | other

show-messages

Show the log messages for a specific entry in the resource action log.

inmanta-cli action-log show-messages [OPTIONS]

Options

-e, --environment <environment>

Required The ID or name of the environment to use

--rvid <rvid>

Required The resource version ID of the resource

--action-id <action_id>

Required The ID of the resource action record

agent

Subcommand to manage agents

inmanta-cli agent [OPTIONS] COMMAND [ARGS]...
list

List agents in an environment

inmanta-cli agent list [OPTIONS]

Options

-e, --environment <environment>

Required The environment to use

pause

Pause a specific agent or all agents in a given environment. A paused agent cannot execute deploy operations.

inmanta-cli agent pause [OPTIONS]

Options

-e, --environment <environment>

Required The environment to use

--agent <agent>

The name of the agent to pause.

--all

Pause all agents in the given environment

unpause

Unpause a specific agent or all agents in a given environment. A unpaused agent will be able to execute deploy operations.

inmanta-cli agent unpause [OPTIONS]

Options

-e, --environment <environment>

Required The environment to use

--agent <agent>

The name of the agent to unpause.

--all

Unpause all agents in the given environment

environment

Subcommand to manage environments

inmanta-cli environment [OPTIONS] COMMAND [ARGS]...
create

Create a new environment

inmanta-cli environment create [OPTIONS]

Options

-n, --name <name>

Required The name of the new environment. The name should be unique for each project.

-p, --project <project>

Required The id of the project this environment belongs to

-r, --repo-url <repo_url>

The url of the repository that contains the configuration model

-b, --branch <branch>

The branch in the repository that contains the configuration model

-s, --save

Save the ID of the environment and the server to the .inmanta config file

delete

Delete an existing environment

ENVIRONMENT: ID or name of the environment to delete

inmanta-cli environment delete [OPTIONS] ENVIRONMENT

Arguments

ENVIRONMENT

Required argument

list

List all environments

inmanta-cli environment list [OPTIONS]
modify

Modify an existing environment

ENVIRONMENT: ID or name of the environment to modify

inmanta-cli environment modify [OPTIONS] ENVIRONMENT

Options

-n, --name <name>

Required The name of the new environment

-r, --repo-url <repo_url>

The url of the repository that contains the configuration model

-b, --branch <branch>

The branch in the repository that contains the configuration model

Arguments

ENVIRONMENT

Required argument

recompile

Request the server to recompile the model of this environment.

ENVIRONMENT: ID or name of the environment to trigger the recompile for

inmanta-cli environment recompile [OPTIONS] ENVIRONMENT

Options

-u, --update

Update the model and its dependencies before recompiling

Default:

False

Arguments

ENVIRONMENT

Required argument

save

Save the ID of the environment and the server to the .inmanta config file

ENVIRONMENT: ID or name of the environment to write the config for

inmanta-cli environment save [OPTIONS] ENVIRONMENT

Arguments

ENVIRONMENT

Required argument

setting

Subcommand to manage environment settings

inmanta-cli environment setting [OPTIONS] COMMAND [ARGS]...
delete

Delete an environment setting

inmanta-cli environment setting delete [OPTIONS]

Options

-e, --environment <environment>

Required The environment to use

-k, --key <key>

Required The key to delete

get

Get an environment setting

inmanta-cli environment setting get [OPTIONS]

Options

-e, --environment <environment>

Required The environment to use

-k, --key <key>

Required The key to get

list

List settings of an environment

inmanta-cli environment setting list [OPTIONS]

Options

-e, --environment <environment>

Required The environment to use

set

Adjust an environment setting

inmanta-cli environment setting set [OPTIONS]

Options

-e, --environment <environment>

Required The environment to use

-k, --key <key>

Required The key to set

-o, --value <value>

Required The value to set

show

Show details of an environment

ENVIRONMENT: ID or name of the environment to show

inmanta-cli environment show [OPTIONS] ENVIRONMENT

Options

--format <format_string>

Instead of outputting a table, use the supplied format string. Accepts Python format syntax. Supported fields are ‘id’, ‘name’, ‘project’, ‘repo_url’, ‘repo_branch’

Arguments

ENVIRONMENT

Required argument

monitor

Monitor the deployment process of the configuration model in an environment, receiving continuous updates on the deployment status

inmanta-cli monitor [OPTIONS]

Options

-e, --environment <environment>

Required The environment to use

param

Subcommand to manage parameters

inmanta-cli param [OPTIONS] COMMAND [ARGS]...
get

Get a parameter from an environment

inmanta-cli param get [OPTIONS]

Options

-e, --environment <environment>

Required The environment to use

--name <name>

Required The name of the parameter

--resource <resource>

The resource id of the parameter

list

List parameters in an environment

inmanta-cli param list [OPTIONS]

Options

-e, --environment <environment>

Required The environment to use

set

Set a parameter in an environment

inmanta-cli param set [OPTIONS]

Options

-e, --environment <environment>

Required The environment to use

--name <name>

Required The name of the parameter

--value <value>

Required The value of the parameter

project

Subcommand to manage projects

inmanta-cli project [OPTIONS] COMMAND [ARGS]...
create

Create a new project on the server

inmanta-cli project create [OPTIONS]

Options

-n, --name <name>

Required The name of the new project

delete

Delete an existing project.

PROJECT: The id or name of the project to delete

inmanta-cli project delete [OPTIONS] PROJECT

Arguments

PROJECT

Required argument

list

List all projects

inmanta-cli project list [OPTIONS]
modify

Modify an existing project.

PROJECT: The id or name of the project to modify

inmanta-cli project modify [OPTIONS] PROJECT

Options

-n, --name <name>

Required The new name of the project

Arguments

PROJECT

Required argument

show

Show the details of a single project

PROJECT: The id or name of the project to show

inmanta-cli project show [OPTIONS] PROJECT

Arguments

PROJECT

Required argument

token

Subcommand to manage access tokens

inmanta-cli token [OPTIONS] COMMAND [ARGS]...
bootstrap

Generate a bootstrap token that provides access to everything. This token is only valid for 3600 seconds.

inmanta-cli token bootstrap [OPTIONS]
create

Create a new token for an environment for the specified client types

inmanta-cli token create [OPTIONS]

Options

-e, --environment <environment>

Required The environment to use.

--api

Add client_type api to the token.

--compiler

Add client_type compiler to the token.

--agent

Add client_type agent to the token.

version

Subcommand to manage versions

inmanta-cli version [OPTIONS] COMMAND [ARGS]...
list

List versions in an environment

inmanta-cli version list [OPTIONS]

Options

-e, --environment <environment>

Required The environment to use

release

Release the specified version of the configuration model for deployment.

VERSION: Version of the model to release

inmanta-cli version release [OPTIONS] VERSION

Options

-e, --environment <environment>

Required The environment to use

-p, --push

[Deprecated] will be ignored

--full

[Deprecated] will be ignored

Arguments

VERSION

Required argument

report

Get a report about a version, describing the involved resources, agents and actions

inmanta-cli version report [OPTIONS]

Options

-e, --environment <environment>

Required The environment to use

-i, --version <version>

Required The version to create a report from

-l

Show a detailed version of the report