Configuration Reference#

This document lists all options for the inmanta server and inmanta agent.

The options are listed per config section.

agent_rest_transport#

host#
Type:

str

Default:

localhost

IP address or hostname of the server

max-clients#
Type:

optional int

Default:

None

The maximum number of simultaneous connections that can be open in parallel

port#
Type:

int

Default:

8888

Server port

request-timeout#
Type:

int

Default:

120

The time before a request times out in seconds

ssl#
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Connect using SSL?

ssl-ca-cert-file#
Type:

optional str

Default:

None

CA cert file used to validate the server certificate against

token#
Type:

optional str

Default:

None

The bearer token to use to connect to the API

client_rest_transport#

host#
Type:

str

Default:

localhost

IP address or hostname of the server

max-clients#
Type:

optional int

Default:

None

The maximum number of simultaneous connections that can be open in parallel

port#
Type:

int

Default:

8888

Server port

request-timeout#
Type:

int

Default:

120

The time before a request times out in seconds

ssl#
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Connect using SSL?

ssl-ca-cert-file#
Type:

optional str

Default:

None

CA cert file used to validate the server certificate against

token#
Type:

optional str

Default:

None

The bearer token to use to connect to the API

cmdline_rest_transport#

host#
Type:

str

Default:

localhost

IP address or hostname of the server

max-clients#
Type:

optional int

Default:

None

The maximum number of simultaneous connections that can be open in parallel

port#
Type:

int

Default:

8888

Server port

request-timeout#
Type:

int

Default:

120

The time before a request times out in seconds

ssl#
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Connect using SSL?

ssl-ca-cert-file#
Type:

optional str

Default:

None

CA cert file used to validate the server certificate against

token#
Type:

optional str

Default:

None

The bearer token to use to connect to the API

compiler#

cache#
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

True

Enables the caching of compiled files.

dataflow-graphic-enable#
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Enables graphic visualization of the data flow in the model. Requires the datatrace_enable option. Requires graphviz.

datatrace-enable#
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Enables the experimental datatrace application on top of the compiler. The application should help in identifying the cause of compilation errors during the development process.

export-compile-data#
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Export structured json containing compile data such as occurred errors.

export-compile-data-file#
Type:

str

Default:

compile_data.json

File to export compile data to. If omitted compile_data.json is used.

compiler_rest_transport#

host#
Type:

str

Default:

localhost

IP address or hostname of the server

max-clients#
Type:

optional int

Default:

None

The maximum number of simultaneous connections that can be open in parallel

port#
Type:

int

Default:

8888

Server port

request-timeout#
Type:

int

Default:

120

The time before a request times out in seconds

ssl#
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Connect using SSL?

ssl-ca-cert-file#
Type:

optional str

Default:

None

CA cert file used to validate the server certificate against

token#
Type:

optional str

Default:

None

The bearer token to use to connect to the API

config#

agent-deploy-interval#
Type:

Time, the number of seconds represented as an integer value or a cron-like expression

Default:

0

Either the number of seconds between two (incremental) deployment runs of the agent or a cron-like expression. If a cron-like expression is specified, a deploy will be run following a cron-like time-to-run specification, interpreted in UTC. The expected format is [sec] min hour dom month dow [year] ( If only 6 values are provided, they are interpreted as min hour dom month dow year). A deploy will be requested at the scheduled time. Note that if a cron expression is used the ‘agent_deploy_splay_time’ setting will be ignored. Set this to 0 to disable the scheduled deploy runs.

agent-deploy-splay-time#
Type:

Time, the number of seconds represented as an integer value

Default:

600

The splaytime added to the agent-deploy-interval. Set this to 0 to disable the splaytime. At startup the agent will choose a random number between 0 and agent-deploy-splay-time. It will wait this number of second before performing the first deployment run. Each subsequent repair deployment will start agent-deploy-interval seconds after the previous one.

agent-get-resource-backoff#
Type:

float

Default:

5

This is a load management feature. It ensures that the agent will not pull resources from the inmanta server <agent-get-resource-backoff>*<duration-last-pull-in-seconds> seconds after the last time the agent pulled resources from the server. Setting this option too low may result in a high load on the Inmanta server. Setting it too high may result in long deployment times.

agent-interval#
Type:

Time, the number of seconds represented as an integer value

Default:

600

[DEPRECATED] The run interval of the agent. Every run-interval seconds, the agent will check the current state of its resources against to desired state model

agent-map#
Type:

List of comma-separated key=value pairs

Default:

None

By default the agent assumes that all agent names map to the host on which the process is executed. With the agent map it can be mapped to other hosts. This value consists of a list of key/value pairs. The key is the name of the agent and the format of the value is described in std::AgentConfig. When the configuration option config.use_autostart_agent_map is set to true, this option will be ignored. example: iaas_openstack=localhost,vm1=192.16.13.2

agent-names#
Type:

List of comma-separated values

Default:

$node-name

Names of the agents this instance should deploy configuration for. When the configuration option config.use_autostart_agent_map is set to true, this option will be ignored.

agent-reconnect-delay#
Type:

int

Default:

5

Time to wait after a failed heartbeat message. DO NOT SET TO 0

agent-repair-interval#
Type:

Time, the number of seconds represented as an integer value or a cron-like expression

Default:

600

Either the number of seconds between two repair runs (full deploy) of the agent or a cron-like expression. If a cron-like expression is specified, a repair will be run following a cron-like time-to-run specification, interpreted in UTC. The expected format is [sec] min hour dom month dow [year] ( If only 6 values are provided, they are interpreted as min hour dom month dow year). A repair will be requested at the scheduled time. Note that if a cron expression is used the ‘agent_repair_splay_time’ setting will be ignored. Setting this to 0 to disable the scheduled repair runs.

agent-repair-splay-time#
Type:

Time, the number of seconds represented as an integer value

Default:

600

The splaytime added to the agent-repair-interval. Set this to 0 to disable the splaytime. At startup the agent will choose a random number between 0 and agent-repair-splay-time. It will wait this number of second before performing the first repair run. Each subsequent repair deployment will start agent-repair-interval seconds after the previous one. This option is ignored and a splay of 0 is used if ‘agent_repair_interval’ is a cron expression

agent-splay#
Type:

Time, the number of seconds represented as an integer value

Default:

600

[DEPRECATED] The splaytime added to the runinterval. Set this to 0 to disable splaytime. At startup the agent will choose a random number between 0 and “agent_splay. It will wait this number of second before performing the first deploy. Each subsequent deploy will start agent-interval seconds after the previous one.

environment#
Type:

optional uuid

Default:

None

The environment this model is associated with

export#
Type:

List of comma-separated values

Default:

The list of exporters to use. This option is ignored when the –export-plugin option is used.

feature-file#
Type:

optional str

Default:

None

The loacation of the inmanta feature file.

log-dir#
Type:

str

Default:

/var/log/inmanta

The directory where the resource action log is stored and the logs of auto-started agents.

node-name#
Type:

str

Default:

socket.gethostname()

Force the hostname of this machine to a specific value

server-timeout#
Type:

Time, the number of seconds represented as an integer value

Default:

125

Amount of time to wait for a response from the server before we try to reconnect, must be larger than server.agent-hold

state-dir#
Type:

str

Default:

/var/lib/inmanta

The directory where the server stores its state

use-autostart-agent-map#
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

If this option is set to true, the agent-map of this agent will be set the the autostart_agent_map configured on the server. The agent_map will be kept up-to-date automatically.

database#

connection-pool-max-size#
Type:

int

Default:

10

Max number of connections in the pool

connection-pool-min-size#
Type:

int

Default:

10

Number of connections the pool will be initialized with

connection-timeout#
Type:

float

Default:

60

Connection timeout in seconds

host#
Type:

str

Default:

localhost

Hostname or IP of the postgresql server

name#
Type:

str

Default:

inmanta

The name of the database on the postgresql server

password#
Type:

str

Default:

None

The password that belong to the database user

port#
Type:

int

Default:

5432

The port of the postgresql server

username#
Type:

str

Default:

postgres

The username to access the database in the PostgreSQL server

deploy#

environment#
Type:

optional str

Default:

deploy

The environment name to use in the deploy

project#
Type:

optional str

Default:

deploy

The project name to use in the deploy

influxdb#

host#
Type:

str

Default:

Hostname or IP of the influxdb server to send reports to

interval#
Type:

int

Default:

30

Interval with which to report to influxdb

name#
Type:

str

Default:

inmanta

The name of the database on the influxdb server

password#
Type:

str

Default:

None

The password that belong to the influxdb user

port#
Type:

int

Default:

8086

The port of the influxdb server

tags#
Type:

List of comma-separated key=value pairs

Default:

a dict of tags to attach to all influxdb records in the form tag=value,tag=value

username#
Type:

str

Default:

None

The username to access the database in the influxdb server

license#

entitlement-file#
Type:

str

Default:

/etc/inmanta/entitlement.jwe

The entitlement file to enable features in orchestrator.

license-key#
Type:

str

Default:

/etc/inmanta/license.key

The license file to activate the orchestrator.

lsm.callback#

logfile#
Type:

str

Default:

callback.log

Log file for callbacks

timeout#
Type:

float

Default:

30.0

The request timeout for event notification callbacks in seconds

server#

access-control-allow-origin#
Type:

optional str

Default:

None

Configures the Access-Control-Allow-Origin setting of the http server.Defaults to not sending an Access-Control-Allow-Origin header.

agent-hold#
Type:

Time, the number of seconds represented as an integer value

Default:

server.agent-timeout *3/4

Maximal time the server will hold an agent heartbeat call

agent-process-purge-interval#
Type:

Time, the number of seconds represented as an integer value

Default:

3600

The number of seconds between two purges of old and expired agent processes. Set to zero to disable the cleanup. see server.agent-processes-to-keep

agent-processes-to-keep#
Type:

int

Default:

5

Keep this amount of expired agent processes for a certain hostname

agent-timeout#
Type:

Time, the number of seconds represented as an integer value

Default:

30

Time before an agent is considered to be offline

auth#
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Enable authentication on the server API

auth-method#
Type:

optional str

Default:

None

The authentication method to use: oidc or database

auto-recompile-wait#
Type:

Time, the number of seconds represented as an integer value

Default:

10

DEPRECATED: The number of seconds to wait before the server may attempt to do a new recompile. Recompiles are triggered after facts updates for example.

bind-address#
Type:

List of comma-separated values

Default:

127.0.0.1

A list of addresses on which the server will listen for connections. If this option is set, the server_rest_transport.port option is ignored.

bind-port#
Type:

int

Default:

8888

The port on which the server will listen for connections. If this option is set, the server_rest_transport.port option is ignored.

cleanup-compiler-reports-interval#
Type:

Time, the number of seconds represented as an integer value

Default:

3600

Number of seconds between old compile report cleanups. see server.compiler-report-retention

compiler-report-retention#
Type:

Time, the number of seconds represented as an integer value

Default:

604800

The server regularly cleans up old compiler reports. This options specifies the number of seconds to keep old compiler reports for. The default is seven days.

delete-currupt-files#
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

True

The server logs an error when it detects a file got corrupted. When set to true, the server will also delete the file, so on subsequent compiles the missing file will be recreated.

enabled-extensions#
Type:

List of comma-separated values

Default:

A list of extensions the server must load. Core is always loaded.If an extension listed in this list is not available, the server will refuse to start.

fact-expire#
Type:

Time, the number of seconds represented as an integer value

Default:

3600

After how many seconds will discovered facts/parameters expire

fact-renew#
Type:

time; < server.fact-expire

Default:

server.fact-expire /3

After how many seconds will discovered facts/parameters be renewed? This value needs to be lower than fact-expire

fact-resource-block#
Type:

Time, the number of seconds represented as an integer value

Default:

60

Minimal time between subsequent requests for the same fact

purge-resource-action-logs-interval#
Type:

Time, the number of seconds represented as an integer value

Default:

3600

The number of seconds between resource-action log purging

purge-versions-interval#
Type:

Time, the number of seconds represented as an integer value

Default:

3600

The number of seconds between version purging, see available_versions_to_keep.

resource-action-log-prefix#
Type:

str

Default:

resource-actions-

File prefix in log-dir, containing the resource-action logs. The after the prefix the environment uuid and .log is added

server-address#
Type:

str

Default:

localhost

The public ip address of the server. This is required for example to inject the inmanta agent in virtual machines at boot time.

ssl-ca-cert-file#
Type:

optional str

Default:

None

The CA cert file required to validate the server ssl cert. This setting is used by the serverto correctly configure the compiler and agents that the server starts itself. If not set and SSL is enabled, the server cert should be verifiable with the CAs installed in the OS.

ssl-cert-file#
Type:

optional str

Default:

None

SSL certificate file for the server key. Leave blank to disable SSL

ssl-key-file#
Type:

optional str

Default:

None

Server private key to use for this server Leave blank to disable SSL

tz-aware-timestamps#
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Whether the server should return timezone aware timestamps. If False, the server will serialize timestamps in a time zone naive way (in implicit UTC). If True, timestamps are serialized as time zone aware objects.

wait-after-param#
Type:

Time, the number of seconds represented as an integer value

Default:

5

Time to wait before recompile after new paramters have been received

server_rest_transport#

port#
Type:

int

Default:

8888

[DEPRECATED USE server.bind-port] The port on which the server listens for connections

unknown_handler#

default#
Type:

str

Default:

prune-agent

default method to handle unknown values

web-ui#

console-enabled#
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

True

Whether the server should host the web-console or not

console-path#
Type:

str

Default:

/usr/share/inmanta/web-console

The path on the local file system where the web-console can be found

features#
Type:

List of comma-separated values

Default:

A list of features that should be enabled in the web console.

oidc-auth-url#
Type:

str

Default:

None

The auth url of the OpenID Connect server to use.

oidc-client-id#
Type:

str

Default:

None

The OpenID Connect client id configured for this application.

oidc-realm#
Type:

str

Default:

inmanta

The realm to use for OpenID Connect authentication.