Configuration Reference¶
This document lists all options for the inmanta server and inmanta agent.
The options are listed per config section.
agent¶
- cache-cleanup-tick-rate¶
- Type:
Time, the number of seconds represented as an integer value
- Default:
1
The rate (in seconds) at which the agent will periodically attempt to remove stale entries from the cache when idle.
- executor-cap¶
- Type:
int >= 1
- Default:
3
Maximum number of concurrent executors to keep per environment, per agent. If this limit is already reached when creating a new executor, the oldest one will be stopped first.
- executor-mode¶
- Type:
threaded | forking
- Default:
AgentExecutorMode.threaded
EXPERIMENTAL: set the agent to use threads or fork subprocesses to create workers.
- executor-retention-time¶
- Type:
Time, the number of seconds represented as an integer value
- Default:
60
Amount of time (in seconds) to wait before cleaning up inactive executors.
- executor-venv-retention-time¶
- Type:
int >= 60
- Default:
3600
This is the number of seconds to wait before unused Python virtual environments of an executor are removed from the inmanta server. Setting this option too low may result in a high load on the Inmanta server. Setting it too high may result in increased disk usage.
agent_rest_transport¶
- host¶
- Type:
str
- Default:
localhost
IP address or hostname of the server
- max-clients¶
- Type:
optional int
- Default:
None
The maximum number of simultaneous connections that can be open in parallel
- port¶
- Type:
int
- Default:
8888
Server port
- request-timeout¶
- Type:
int
- Default:
120
The time before a request times out in seconds
- ssl¶
- Type:
Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)
- Default:
False
Connect using SSL?
- ssl-ca-cert-file¶
- Type:
optional str
- Default:
None
CA cert file used to validate the server certificate against
- token¶
- Type:
optional str
- Default:
None
The bearer token to use to connect to the API
client_rest_transport¶
- host¶
- Type:
str
- Default:
localhost
IP address or hostname of the server
- max-clients¶
- Type:
optional int
- Default:
None
The maximum number of simultaneous connections that can be open in parallel
- port¶
- Type:
int
- Default:
8888
Server port
- request-timeout¶
- Type:
int
- Default:
120
The time before a request times out in seconds
- ssl¶
- Type:
Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)
- Default:
False
Connect using SSL?
- ssl-ca-cert-file¶
- Type:
optional str
- Default:
None
CA cert file used to validate the server certificate against
- token¶
- Type:
optional str
- Default:
None
The bearer token to use to connect to the API
cmdline_rest_transport¶
- host¶
- Type:
str
- Default:
localhost
IP address or hostname of the server
- max-clients¶
- Type:
optional int
- Default:
None
The maximum number of simultaneous connections that can be open in parallel
- port¶
- Type:
int
- Default:
8888
Server port
- request-timeout¶
- Type:
int
- Default:
120
The time before a request times out in seconds
- ssl¶
- Type:
Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)
- Default:
False
Connect using SSL?
- ssl-ca-cert-file¶
- Type:
optional str
- Default:
None
CA cert file used to validate the server certificate against
- token¶
- Type:
optional str
- Default:
None
The bearer token to use to connect to the API
compiler¶
- cache¶
- Type:
Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)
- Default:
True
Enables the caching of compiled files.
- dataflow-graphic-enable¶
- Type:
Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)
- Default:
False
Enables graphic visualization of the data flow in the model. Requires the datatrace_enable option. Requires graphviz.
- datatrace-enable¶
- Type:
Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)
- Default:
False
Enables the experimental datatrace application on top of the compiler. The application should help in identifying the cause of compilation errors during the development process.
- export-compile-data¶
- Type:
Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)
- Default:
False
Export structured json containing compile data such as occurred errors.
- export-compile-data-file¶
- Type:
str
- Default:
compile_data.json
File to export compile data to. If omitted compile_data.json is used.
compiler_rest_transport¶
- host¶
- Type:
str
- Default:
localhost
IP address or hostname of the server
- max-clients¶
- Type:
optional int
- Default:
None
The maximum number of simultaneous connections that can be open in parallel
- port¶
- Type:
int
- Default:
8888
Server port
- request-timeout¶
- Type:
int
- Default:
120
The time before a request times out in seconds
- ssl¶
- Type:
Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)
- Default:
False
Connect using SSL?
- ssl-ca-cert-file¶
- Type:
optional str
- Default:
None
CA cert file used to validate the server certificate against
- token¶
- Type:
optional str
- Default:
None
The bearer token to use to connect to the API
config¶
- agent-deploy-interval¶
- Type:
Time, the number of seconds represented as an integer value or a cron-like expression
- Default:
0
Either the number of seconds between two (incremental) deployment runs of the agent or a cron-like expression. If a cron-like expression is specified, a deploy will be run following a cron-like time-to-run specification, interpreted in UTC. The expected format is
[sec] min hour dom month dow [year](If only 6 values are provided, they are interpreted asmin hour dom month dow year). A deploy will be requested at the scheduled time. Note that if a cron expression is used theconfig.agent_deploy_splay_timesetting will be ignored. Set this to 0 to disable the scheduled deploy runs.
- agent-deploy-splay-time¶
- Type:
Time, the number of seconds represented as an integer value
- Default:
600
The splaytime added to the agent-deploy-interval. Set this to 0 to disable the splaytime. At startup the agent will choose a random number between 0 and agent-deploy-splay-time. It will wait this number of second before performing the first deployment run. Each subsequent repair deployment will start agent-deploy-interval seconds after the previous one.
- agent-get-resource-backoff¶
- Type:
float
- Default:
3
This is a load management feature. It ensures that the agent will not pull resources from the inmanta server <agent-get-resource-backoff>*<duration-last-pull-in-seconds> seconds after the last time the agent pulled resources from the server. Setting this option too low may result in a high load on the Inmanta server. Setting it too high may result in long deployment times.
- agent-interval¶
- Type:
Time, the number of seconds represented as an integer value
- Default:
600
[DEPRECATED] The run interval of the agent. Every run-interval seconds, the agent will check the current state of its resources against to desired state model
- agent-map¶
- Type:
List of comma-separated key=value pairs
- Default:
dict() -> new empty dictionary dict(mapping) -> new dictionary initialized from a mapping object’s (key, value) pairs dict(iterable) -> new dictionary initialized as if via: d = {} for k, v in iterable: d[k] = v dict(**kwargs) -> new dictionary initialized with the name=value pairs in the keyword argument list. For example: dict(one=1, two=2)
By default the agent assumes that all agent names map to the host on which the process is executed. With the agent map it can be mapped to other hosts. This value consists of a list of key/value pairs. The key is the name of the agent and the format of the value is described in
std::AgentConfig. When the configuration option config.use_autostart_agent_map is set to true, this option will be ignored. example: iaas_openstack=localhost,vm1=192.16.13.2
- agent-names¶
- Type:
List of comma-separated values
- Default:
None
Names of the agents this instance should deploy configuration for. When the configuration option config.use_autostart_agent_map is set to true, this option will be ignored.
- agent-reconnect-delay¶
- Type:
int
- Default:
5
Time to wait after a failed heartbeat message. DO NOT SET TO 0
- agent-repair-interval¶
- Type:
Time, the number of seconds represented as an integer value or a cron-like expression
- Default:
600
Either the number of seconds between two repair runs (full deploy) of the agent or a cron-like expression. If a cron-like expression is specified, a repair will be run following a cron-like time-to-run specification, interpreted in UTC. The expected format is [sec] min hour dom month dow [year] ( If only 6 values are provided, they are interpreted as min hour dom month dow year). A repair will be requested at the scheduled time. Note that if a cron expression is used the ‘agent_repair_splay_time’ setting will be ignored. Setting this to 0 to disable the scheduled repair runs.
- agent-repair-splay-time¶
- Type:
Time, the number of seconds represented as an integer value
- Default:
600
The splaytime added to the agent-repair-interval. Set this to 0 to disable the splaytime. At startup the agent will choose a random number between 0 and agent-repair-splay-time. It will wait this number of second before performing the first repair run. Each subsequent repair deployment will start agent-repair-interval seconds after the previous one. This option is ignored and a splay of 0 is used if ‘agent_repair_interval’ is a cron expression
- agent-splay¶
- Type:
Time, the number of seconds represented as an integer value
- Default:
600
[DEPRECATED] The splaytime added to the runinterval. Set this to 0 to disable splaytime. At startup the agent will choose a random number between 0 and “agent_splay. It will wait this number of second before performing the first deploy. Each subsequent deploy will start agent-interval seconds after the previous one.
- environment¶
- Type:
optional uuid
- Default:
None
The environment this model is associated with
- export¶
- Type:
List of comma-separated values
- Default:
The list of exporters to use. This option is ignored when the –export-plugin option is used.
- feature-file¶
- Type:
optional str
- Default:
None
The loacation of the inmanta feature file.
- log-dir¶
- Type:
str
- Default:
/var/log/inmanta
The directory where the resource action log is stored and the logs of auto-started agents.
- logging-config¶
- Type:
optional str
- Default:
None
The path to the configuration file for the logging framework. This is a YAML file that follows the dictionary-schema accepted by logging.config.dictConfig(). All other log-related configuration options will be ignored when this option is set.
- node-name¶
- Type:
str
- Default:
socket.gethostname()
Force the hostname of this machine to a specific value
- server-timeout¶
- Type:
Time, the number of seconds represented as an integer value
- Default:
125
Amount of time to wait for a response from the server before we try to reconnect, must be larger than server.agent-hold
- state-dir¶
- Type:
str
- Default:
/var/lib/inmanta
The directory where the server stores its state
- use-autostart-agent-map¶
- Type:
Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)
- Default:
False
If this option is set to true, the agent-map of this agent will be set to the autostart_agent_map configured on the server. The agent_map will be kept up-to-date automatically.
database¶
- connection-pool-max-size¶
- Type:
int
- Default:
70
Max number of connections in the pool
- connection-pool-min-size¶
- Type:
int
- Default:
10
Number of connections the pool will be initialized with
- connection-timeout¶
- Type:
float
- Default:
60
Connection timeout in seconds
- host¶
- Type:
str
- Default:
localhost
Hostname or IP of the postgresql server
- name¶
- Type:
str
- Default:
inmanta
The name of the database on the postgresql server
- password¶
- Type:
str
- Default:
None
The password that belong to the database user
- port¶
- Type:
int
- Default:
5432
The port of the postgresql server
- username¶
- Type:
str
- Default:
postgres
The username to access the database in the PostgreSQL server
- wait-time¶
- Type:
Time, the number of seconds represented as an integer value
- Default:
0
For how long the server should wait for the DB to be up before starting. If set to 0, the server won’t wait for the DB. If set to a negative value, the server will wait forever.
influxdb¶
- host¶
- Type:
str
- Default:
Hostname or IP of the influxdb server to send reports to
- interval¶
- Type:
int
- Default:
30
Interval with which to report to influxdb
- name¶
- Type:
str
- Default:
inmanta
The name of the database on the influxdb server
- password¶
- Type:
str
- Default:
None
The password that belong to the influxdb user
- port¶
- Type:
int
- Default:
8086
The port of the influxdb server
- tags¶
- Type:
List of comma-separated key=value pairs
- Default:
a dict of tags to attach to all influxdb records in the form tag=value,tag=value
- username¶
- Type:
str
- Default:
None
The username to access the database in the influxdb server
server¶
- access-control-allow-origin¶
- Type:
optional str
- Default:
None
Configures the Access-Control-Allow-Origin setting of the http server.Defaults to not sending an Access-Control-Allow-Origin header.
- agent-hold¶
- Type:
Time, the number of seconds represented as an integer value
- Default:
Maximal time the server will hold an agent heartbeat call
- agent-process-purge-interval¶
- Type:
Time, the number of seconds represented as an integer value
- Default:
3600
The number of seconds between two purges of old and expired agent processes. Set to zero to disable the cleanup. see
server.agent-processes-to-keep
- agent-processes-to-keep¶
- Type:
int
- Default:
5
Keep this amount of expired agent processes for a certain hostname
- agent-timeout¶
- Type:
Time, the number of seconds represented as an integer value
- Default:
30
Time before an agent is considered to be offline
- auth¶
- Type:
Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)
- Default:
False
Enable authentication on the server API
- auth-additional-header¶
- Type:
optional str
- Default:
None
An additional header to look for authentication tokens
- auth-method¶
- Type:
str
- Default:
oidc
The authentication method to use: oidc, database or jwt
- auto-recompile-wait¶
- Type:
Time, the number of seconds represented as an integer value
- Default:
10
DEPRECATED: The number of seconds to wait before the server may attempt to do a new recompile. Recompiles are triggered after facts updates for example.
- bind-address¶
- Type:
List of comma-separated values
- Default:
127.0.0.1
A list of addresses on which the server will listen for connections. If this option is set, the
server_rest_transport.portoption is ignored.
- bind-port¶
- Type:
int
- Default:
8888
The port on which the server will listen for connections. If this option is set, the
server_rest_transport.portoption is ignored.
- cleanup-compiler-reports-interval¶
- Type:
Time, the number of seconds represented as an integer value
- Default:
3600
Number of seconds between old compile report cleanups. see
server.compiler-report-retention
- compiler-report-retention¶
- Type:
Time, the number of seconds represented as an integer value
- Default:
604800
The server regularly cleans up old compiler reports. This options specifies the number of seconds to keep old compiler reports for. The default is seven days.
- enabled-extensions¶
- Type:
List of comma-separated values
- Default:
Built-in mutable sequence. If no argument is given, the constructor creates a new empty list. The argument must be an iterable if specified.
A list of extensions the server must load. Core is always loaded.If an extension listed in this list is not available, the server will refuse to start.
- fact-expire¶
- Type:
Time, the number of seconds represented as an integer value
- Default:
3600
After how many seconds will discovered facts/parameters expire.
- fact-renew¶
- Type:
time; <
server.fact-expire- Default:
After how many seconds will discovered facts/parameters be renewed? This value needs to be lower than fact-expire
- fact-resource-block¶
- Type:
Time, the number of seconds represented as an integer value
- Default:
60
Minimal time between subsequent requests for the same fact
- new-resource-scheduler¶
- Type:
Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)
- Default:
False
Enable the new Resource Scheduler component
- purge-resource-action-logs-interval¶
- Type:
Time, the number of seconds represented as an integer value
- Default:
3600
The number of seconds between resource-action log purging
- purge-versions-interval¶
- Type:
Time, the number of seconds represented as an integer value
- Default:
3600
The number of seconds between version purging, see
available_versions_to_keep.
- resource-action-log-prefix¶
- Type:
str
- Default:
resource-actions-
File prefix in log-dir, containing the resource-action logs. The after the prefix the environment uuid and .log is added
- server-address¶
- Type:
str
- Default:
localhost
The public ip address of the server. This is required for example to inject the inmanta agent in virtual machines at boot time.
- ssl-ca-cert-file¶
- Type:
optional str
- Default:
None
The CA cert file required to validate the server ssl cert. This setting is used by the serverto correctly configure the compiler and agents that the server starts itself. If not set and SSL is enabled, the server cert should be verifiable with the CAs installed in the OS.
- ssl-cert-file¶
- Type:
optional str
- Default:
None
SSL certificate file for the server key. Leave blank to disable SSL
- ssl-key-file¶
- Type:
optional str
- Default:
None
Server private key to use for this server Leave blank to disable SSL
- tz-aware-timestamps¶
- Type:
Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)
- Default:
True
Whether the server should return timezone aware timestamps. If False, the server will serialize timestamps in a time zone naive way (in implicit UTC). If True, timestamps are serialized as time zone aware objects.
- wait-after-param¶
- Type:
Time, the number of seconds represented as an integer value
- Default:
5
Time to wait before recompile after new paramters have been received
server_rest_transport¶
- port¶
- Type:
int
- Default:
8888
[DEPRECATED USE
server.bind-port] The port on which the server listens for connections
unknown_handler¶
- default¶
- Type:
str
- Default:
prune-agent
default method to handle unknown values
web-ui¶
- console-enabled¶
- Type:
Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)
- Default:
True
Whether the server should host the web-console or not
- console-path¶
- Type:
str
- Default:
/usr/share/inmanta/web-console
The path on the local file system where the web-console can be found
- features¶
- Type:
List of comma-separated values
- Default:
A list of features that should be enabled in the web console.
- oidc-auth-url¶
- Type:
str
- Default:
None
The auth url of the OpenID Connect server to use.
- oidc-client-id¶
- Type:
str
- Default:
None
The OpenID Connect client id configured for this application.
- oidc-realm¶
- Type:
str
- Default:
inmanta
The realm to use for OpenID Connect authentication.