Configuration Reference

This document lists all options for the inmanta server and inmanta agent.

The options are listed per config section.

agent_rest_transport

host
Type:

str

Default:

localhost

IP address or hostname of the server

max-clients
Type:

optional int

Default:

None

The maximum number of simultaneous connections that can be open in parallel

port
Type:

int

Default:

8888

Server port

request-timeout
Type:

int

Default:

120

The time before a request times out in seconds

ssl
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Connect using SSL?

ssl-ca-cert-file
Type:

optional str

Default:

None

CA cert file used to validate the server certificate against

token
Type:

optional str

Default:

None

The bearer token to use to connect to the API

client_rest_transport

host
Type:

str

Default:

localhost

IP address or hostname of the server

max-clients
Type:

optional int

Default:

None

The maximum number of simultaneous connections that can be open in parallel

port
Type:

int

Default:

8888

Server port

request-timeout
Type:

int

Default:

120

The time before a request times out in seconds

ssl
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Connect using SSL?

ssl-ca-cert-file
Type:

optional str

Default:

None

CA cert file used to validate the server certificate against

token
Type:

optional str

Default:

None

The bearer token to use to connect to the API

cmdline_rest_transport

host
Type:

str

Default:

localhost

IP address or hostname of the server

max-clients
Type:

optional int

Default:

None

The maximum number of simultaneous connections that can be open in parallel

port
Type:

int

Default:

8888

Server port

request-timeout
Type:

int

Default:

120

The time before a request times out in seconds

ssl
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Connect using SSL?

ssl-ca-cert-file
Type:

optional str

Default:

None

CA cert file used to validate the server certificate against

token
Type:

optional str

Default:

None

The bearer token to use to connect to the API

compiler

cache
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

True

Enables the caching of compiled files.

dataflow-graphic-enable
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Enables graphic visualization of the data flow in the model. Requires the datatrace_enable option. Requires graphviz.

datatrace-enable
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Enables the experimental datatrace application on top of the compiler. The application should help in identifying the cause of compilation errors during the development process.

export-compile-data
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Export structured json containing compile data such as occurred errors.

export-compile-data-file
Type:

str

Default:

compile_data.json

File to export compile data to. If omitted compile_data.json is used.

compiler_rest_transport

host
Type:

str

Default:

localhost

IP address or hostname of the server

max-clients
Type:

optional int

Default:

None

The maximum number of simultaneous connections that can be open in parallel

port
Type:

int

Default:

8888

Server port

request-timeout
Type:

int

Default:

120

The time before a request times out in seconds

ssl
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Connect using SSL?

ssl-ca-cert-file
Type:

optional str

Default:

None

CA cert file used to validate the server certificate against

token
Type:

optional str

Default:

None

The bearer token to use to connect to the API

config

agent-deploy-interval
Type:

Time, the number of seconds represented as an integer value or a cron-like expression

Default:

0

Either the number of seconds between two (incremental) deployment runs of the agent or a cron-like expression. If a cron-like expression is specified, a deploy will be run following a cron-like time-to-run specification, interpreted in UTC. The expected format is [sec] min hour dom month dow [year] (If only 6 values are provided, they are interpreted as min hour dom month dow year). A deploy will be requested at the scheduled time. Note that if a cron expression is used the config.agent_deploy_splay_time setting will be ignored. Set this to 0 to disable the scheduled deploy runs.

agent-deploy-splay-time
Type:

Time, the number of seconds represented as an integer value

Default:

600

The splaytime added to the agent-deploy-interval. Set this to 0 to disable the splaytime. At startup the agent will choose a random number between 0 and agent-deploy-splay-time. It will wait this number of second before performing the first deployment run. Each subsequent repair deployment will start agent-deploy-interval seconds after the previous one.

agent-get-resource-backoff
Type:

float

Default:

3

This is a load management feature. It ensures that the agent will not pull resources from the inmanta server <agent-get-resource-backoff>*<duration-last-pull-in-seconds> seconds after the last time the agent pulled resources from the server. Setting this option too low may result in a high load on the Inmanta server. Setting it too high may result in long deployment times.

agent-interval
Type:

Time, the number of seconds represented as an integer value

Default:

600

[DEPRECATED] The run interval of the agent. Every run-interval seconds, the agent will check the current state of its resources against to desired state model

agent-map
Type:

List of comma-separated key=value pairs

Default:

None

By default the agent assumes that all agent names map to the host on which the process is executed. With the agent map it can be mapped to other hosts. This value consists of a list of key/value pairs. The key is the name of the agent and the format of the value is described in std::AgentConfig. When the configuration option config.use_autostart_agent_map is set to true, this option will be ignored. example: iaas_openstack=localhost,vm1=192.16.13.2

agent-names
Type:

List of comma-separated values

Default:

$node-name

Names of the agents this instance should deploy configuration for. When the configuration option config.use_autostart_agent_map is set to true, this option will be ignored.

agent-reconnect-delay
Type:

int

Default:

5

Time to wait after a failed heartbeat message. DO NOT SET TO 0

agent-repair-interval
Type:

Time, the number of seconds represented as an integer value or a cron-like expression

Default:

600

Either the number of seconds between two repair runs (full deploy) of the agent or a cron-like expression. If a cron-like expression is specified, a repair will be run following a cron-like time-to-run specification, interpreted in UTC. The expected format is [sec] min hour dom month dow [year] ( If only 6 values are provided, they are interpreted as min hour dom month dow year). A repair will be requested at the scheduled time. Note that if a cron expression is used the ‘agent_repair_splay_time’ setting will be ignored. Setting this to 0 to disable the scheduled repair runs.

agent-repair-splay-time
Type:

Time, the number of seconds represented as an integer value

Default:

600

The splaytime added to the agent-repair-interval. Set this to 0 to disable the splaytime. At startup the agent will choose a random number between 0 and agent-repair-splay-time. It will wait this number of second before performing the first repair run. Each subsequent repair deployment will start agent-repair-interval seconds after the previous one. This option is ignored and a splay of 0 is used if ‘agent_repair_interval’ is a cron expression

agent-splay
Type:

Time, the number of seconds represented as an integer value

Default:

600

[DEPRECATED] The splaytime added to the runinterval. Set this to 0 to disable splaytime. At startup the agent will choose a random number between 0 and “agent_splay. It will wait this number of second before performing the first deploy. Each subsequent deploy will start agent-interval seconds after the previous one.

environment
Type:

optional uuid

Default:

None

The environment this model is associated with

export
Type:

List of comma-separated values

Default:

The list of exporters to use. This option is ignored when the –export-plugin option is used.

feature-file
Type:

optional str

Default:

None

The loacation of the inmanta feature file.

log-dir
Type:

str

Default:

/var/log/inmanta

The directory where the resource action log is stored and the logs of auto-started agents.

logging-config
Type:

optional str

Default:

None

The path to the configuration file for the logging framework. This is a YAML file that follows the dictionary-schema accepted by logging.config.dictConfig(). All other log-related configuration options will be ignored when this option is set.

node-name
Type:

str

Default:

socket.gethostname()

Force the hostname of this machine to a specific value

server-timeout
Type:

Time, the number of seconds represented as an integer value

Default:

125

Amount of time to wait for a response from the server before we try to reconnect, must be larger than server.agent-hold

state-dir
Type:

str

Default:

/var/lib/inmanta

The directory where the server stores its state

use-autostart-agent-map
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

If this option is set to true, the agent-map of this agent will be set the the autostart_agent_map configured on the server. The agent_map will be kept up-to-date automatically.

database

connection-pool-max-size
Type:

int

Default:

70

Max number of connections in the pool

connection-pool-min-size
Type:

int

Default:

10

Number of connections the pool will be initialized with

connection-timeout
Type:

float

Default:

60

Connection timeout in seconds

host
Type:

str

Default:

localhost

Hostname or IP of the postgresql server

name
Type:

str

Default:

inmanta

The name of the database on the postgresql server

password
Type:

str

Default:

None

The password that belong to the database user

port
Type:

int

Default:

5432

The port of the postgresql server

username
Type:

str

Default:

postgres

The username to access the database in the PostgreSQL server

wait-time
Type:

Time, the number of seconds represented as an integer value

Default:

0

For how long the server should wait for the DB to be up before starting. If set to 0, the server won’t wait for the DB. If set to a negative value, the server will wait forever.

deploy

environment
Type:

optional str

Default:

deploy

The environment name to use in the deploy

project
Type:

optional str

Default:

deploy

The project name to use in the deploy

influxdb

host
Type:

str

Default:

Hostname or IP of the influxdb server to send reports to

interval
Type:

int

Default:

30

Interval with which to report to influxdb

name
Type:

str

Default:

inmanta

The name of the database on the influxdb server

password
Type:

str

Default:

None

The password that belong to the influxdb user

port
Type:

int

Default:

8086

The port of the influxdb server

tags
Type:

List of comma-separated key=value pairs

Default:

a dict of tags to attach to all influxdb records in the form tag=value,tag=value

username
Type:

str

Default:

None

The username to access the database in the influxdb server

license

entitlement-file
Type:

str

Default:

/etc/inmanta/entitlement.jwe

The entitlement file to enable features in orchestrator.

license-key
Type:

str

Default:

/etc/inmanta/license.key

The license file to activate the orchestrator.

lsm.callback

logfile
Type:

str

Default:

callback.log

Log file for callbacks

timeout
Type:

float

Default:

30.0

The request timeout for event notification callbacks in seconds

server

access-control-allow-origin
Type:

optional str

Default:

None

Configures the Access-Control-Allow-Origin setting of the http server.Defaults to not sending an Access-Control-Allow-Origin header.

agent-hold
Type:

Time, the number of seconds represented as an integer value

Default:

server.agent-timeout *3/4

Maximal time the server will hold an agent heartbeat call

agent-process-purge-interval
Type:

Time, the number of seconds represented as an integer value

Default:

3600

The number of seconds between two purges of old and expired agent processes. Set to zero to disable the cleanup. see server.agent-processes-to-keep

agent-processes-to-keep
Type:

int

Default:

5

Keep this amount of expired agent processes for a certain hostname

agent-timeout
Type:

Time, the number of seconds represented as an integer value

Default:

30

Time before an agent is considered to be offline

auth
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Enable authentication on the server API

auth-additional-header
Type:

optional str

Default:

None

An additional header to look for authentication tokens

auth-method
Type:

str

Default:

oidc

The authentication method to use: oidc, database or jwt

auto-recompile-wait
Type:

Time, the number of seconds represented as an integer value

Default:

10

DEPRECATED: The number of seconds to wait before the server may attempt to do a new recompile. Recompiles are triggered after facts updates for example.

bind-address
Type:

List of comma-separated values

Default:

127.0.0.1

A list of addresses on which the server will listen for connections. If this option is set, the server_rest_transport.port option is ignored.

bind-port
Type:

int

Default:

8888

The port on which the server will listen for connections. If this option is set, the server_rest_transport.port option is ignored.

cleanup-compiler-reports-interval
Type:

Time, the number of seconds represented as an integer value

Default:

3600

Number of seconds between old compile report cleanups. see server.compiler-report-retention

compiler-report-retention
Type:

Time, the number of seconds represented as an integer value

Default:

604800

The server regularly cleans up old compiler reports. This options specifies the number of seconds to keep old compiler reports for. The default is seven days.

enabled-extensions
Type:

List of comma-separated values

Default:

Built-in mutable sequence. If no argument is given, the constructor creates a new empty list. The argument must be an iterable if specified.

A list of extensions the server must load. Core is always loaded.If an extension listed in this list is not available, the server will refuse to start.

fact-expire
Type:

Time, the number of seconds represented as an integer value

Default:

3600

After how many seconds will discovered facts/parameters expire.

fact-renew
Type:

time; < server.fact-expire

Default:

server.fact-expire /3

After how many seconds will discovered facts/parameters be renewed? This value needs to be lower than fact-expire

fact-resource-block
Type:

Time, the number of seconds represented as an integer value

Default:

60

Minimal time between subsequent requests for the same fact

purge-resource-action-logs-interval
Type:

Time, the number of seconds represented as an integer value

Default:

3600

The number of seconds between resource-action log purging

purge-versions-interval
Type:

Time, the number of seconds represented as an integer value

Default:

3600

The number of seconds between version purging, see available_versions_to_keep.

resource-action-log-prefix
Type:

str

Default:

resource-actions-

File prefix in log-dir, containing the resource-action logs. The after the prefix the environment uuid and .log is added

server-address
Type:

str

Default:

localhost

The public ip address of the server. This is required for example to inject the inmanta agent in virtual machines at boot time.

ssl-ca-cert-file
Type:

optional str

Default:

None

The CA cert file required to validate the server ssl cert. This setting is used by the serverto correctly configure the compiler and agents that the server starts itself. If not set and SSL is enabled, the server cert should be verifiable with the CAs installed in the OS.

ssl-cert-file
Type:

optional str

Default:

None

SSL certificate file for the server key. Leave blank to disable SSL

ssl-key-file
Type:

optional str

Default:

None

Server private key to use for this server Leave blank to disable SSL

tz-aware-timestamps
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

True

Whether the server should return timezone aware timestamps. If False, the server will serialize timestamps in a time zone naive way (in implicit UTC). If True, timestamps are serialized as time zone aware objects.

wait-after-param
Type:

Time, the number of seconds represented as an integer value

Default:

5

Time to wait before recompile after new paramters have been received

server_rest_transport

port
Type:

int

Default:

8888

[DEPRECATED USE server.bind-port] The port on which the server listens for connections

unknown_handler

default
Type:

str

Default:

prune-agent

default method to handle unknown values

web-ui

console-enabled
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

True

Whether the server should host the web-console or not

console-path
Type:

str

Default:

/usr/share/inmanta/web-console

The path on the local file system where the web-console can be found

features
Type:

List of comma-separated values

Default:

A list of features that should be enabled in the web console.

oidc-auth-url
Type:

str

Default:

None

The auth url of the OpenID Connect server to use.

oidc-client-id
Type:

str

Default:

None

The OpenID Connect client id configured for this application.

oidc-realm
Type:

str

Default:

inmanta

The realm to use for OpenID Connect authentication.