Configuration Reference

This document lists all configuration options for the inmanta application and extensions.

Setting a value for an option can be done via a config file or by setting the associated environment variable following the INMANTA_<section_name>_<option_name> naming scheme (In all caps and any hyphens replaced by underscores).

For example, setting the database connection timeout can be set either in a config file, e.g. adding the following snippet inside /etc/inmanta/inmanta.cfg:

[database]
connection-timeout=60

Or, equivalently, by setting the environment variable associated with this configuration option prior to starting the server:

export INMANTA_DATABASE_CONNECTION_TIMEOUT=60

If an option is set both via a config file and via an environment variable, the environment variable value will take precedence.

For more information about how to use the configuration framework and details about precedence rules, please visit the administrator documentation configuration page.

The options are listed per config section

agent_rest_transport

host
Type:

str

Default:

localhost

Environment Variable:

INMANTA_AGENT_REST_TRANSPORT_HOST

IP address or hostname of the server

max-clients
Type:

optional int

Default:

None

Environment Variable:

INMANTA_AGENT_REST_TRANSPORT_MAX_CLIENTS

The maximum number of simultaneous connections that can be open in parallel

port
Type:

int

Default:

8888

Environment Variable:

INMANTA_AGENT_REST_TRANSPORT_PORT

Server port

request-timeout
Type:

int

Default:

120

Environment Variable:

INMANTA_AGENT_REST_TRANSPORT_REQUEST_TIMEOUT

The time before a request times out in seconds

ssl
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Environment Variable:

INMANTA_AGENT_REST_TRANSPORT_SSL

Connect using SSL?

ssl-ca-cert-file
Type:

optional str

Default:

None

Environment Variable:

INMANTA_AGENT_REST_TRANSPORT_SSL_CA_CERT_FILE

CA cert file used to validate the server certificate against

token
Type:

optional str

Default:

None

Environment Variable:

INMANTA_AGENT_REST_TRANSPORT_TOKEN

The bearer token to use to connect to the API

client_rest_transport

host
Type:

str

Default:

localhost

Environment Variable:

INMANTA_CLIENT_REST_TRANSPORT_HOST

IP address or hostname of the server

max-clients
Type:

optional int

Default:

None

Environment Variable:

INMANTA_CLIENT_REST_TRANSPORT_MAX_CLIENTS

The maximum number of simultaneous connections that can be open in parallel

port
Type:

int

Default:

8888

Environment Variable:

INMANTA_CLIENT_REST_TRANSPORT_PORT

Server port

request-timeout
Type:

int

Default:

120

Environment Variable:

INMANTA_CLIENT_REST_TRANSPORT_REQUEST_TIMEOUT

The time before a request times out in seconds

ssl
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Environment Variable:

INMANTA_CLIENT_REST_TRANSPORT_SSL

Connect using SSL?

ssl-ca-cert-file
Type:

optional str

Default:

None

Environment Variable:

INMANTA_CLIENT_REST_TRANSPORT_SSL_CA_CERT_FILE

CA cert file used to validate the server certificate against

token
Type:

optional str

Default:

None

Environment Variable:

INMANTA_CLIENT_REST_TRANSPORT_TOKEN

The bearer token to use to connect to the API

cmdline_rest_transport

host
Type:

str

Default:

localhost

Environment Variable:

INMANTA_CMDLINE_REST_TRANSPORT_HOST

IP address or hostname of the server

max-clients
Type:

optional int

Default:

None

Environment Variable:

INMANTA_CMDLINE_REST_TRANSPORT_MAX_CLIENTS

The maximum number of simultaneous connections that can be open in parallel

port
Type:

int

Default:

8888

Environment Variable:

INMANTA_CMDLINE_REST_TRANSPORT_PORT

Server port

request-timeout
Type:

int

Default:

120

Environment Variable:

INMANTA_CMDLINE_REST_TRANSPORT_REQUEST_TIMEOUT

The time before a request times out in seconds

ssl
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Environment Variable:

INMANTA_CMDLINE_REST_TRANSPORT_SSL

Connect using SSL?

ssl-ca-cert-file
Type:

optional str

Default:

None

Environment Variable:

INMANTA_CMDLINE_REST_TRANSPORT_SSL_CA_CERT_FILE

CA cert file used to validate the server certificate against

token
Type:

optional str

Default:

None

Environment Variable:

INMANTA_CMDLINE_REST_TRANSPORT_TOKEN

The bearer token to use to connect to the API

compiler

cache
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

True

Environment Variable:

INMANTA_COMPILER_CACHE

Enables the caching of compiled files.

dataflow-graphic-enable
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Environment Variable:

INMANTA_COMPILER_DATAFLOW_GRAPHIC_ENABLE

Enables graphic visualization of the data flow in the model. Requires the datatrace_enable option. Requires graphviz.

datatrace-enable
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Environment Variable:

INMANTA_COMPILER_DATATRACE_ENABLE

Enables the experimental datatrace application on top of the compiler. The application should help in identifying the cause of compilation errors during the development process.

export-compile-data
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Environment Variable:

INMANTA_COMPILER_EXPORT_COMPILE_DATA

Export structured json containing compile data such as occurred errors.

export-compile-data-file
Type:

str

Default:

compile_data.json

Environment Variable:

INMANTA_COMPILER_EXPORT_COMPILE_DATA_FILE

File to export compile data to. If omitted compile_data.json is used.

compiler_rest_transport

host
Type:

str

Default:

localhost

Environment Variable:

INMANTA_COMPILER_REST_TRANSPORT_HOST

IP address or hostname of the server

max-clients
Type:

optional int

Default:

None

Environment Variable:

INMANTA_COMPILER_REST_TRANSPORT_MAX_CLIENTS

The maximum number of simultaneous connections that can be open in parallel

port
Type:

int

Default:

8888

Environment Variable:

INMANTA_COMPILER_REST_TRANSPORT_PORT

Server port

request-timeout
Type:

int

Default:

120

Environment Variable:

INMANTA_COMPILER_REST_TRANSPORT_REQUEST_TIMEOUT

The time before a request times out in seconds

ssl
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Environment Variable:

INMANTA_COMPILER_REST_TRANSPORT_SSL

Connect using SSL?

ssl-ca-cert-file
Type:

optional str

Default:

None

Environment Variable:

INMANTA_COMPILER_REST_TRANSPORT_SSL_CA_CERT_FILE

CA cert file used to validate the server certificate against

token
Type:

optional str

Default:

None

Environment Variable:

INMANTA_COMPILER_REST_TRANSPORT_TOKEN

The bearer token to use to connect to the API

config

agent-deploy-interval
Type:

Time, the number of seconds represented as an integer value or a cron-like expression

Default:

0

Environment Variable:

INMANTA_CONFIG_AGENT_DEPLOY_INTERVAL

Either the number of seconds between two (incremental) deployment runs of the agent or a cron-like expression. If a cron-like expression is specified, a deploy will be run following a cron-like time-to-run specification, interpreted in UTC. The expected format is [sec] min hour dom month dow [year] (If only 6 values are provided, they are interpreted as min hour dom month dow year). A deploy will be requested at the scheduled time. Note that if a cron expression is used the config.agent_deploy_splay_time setting will be ignored. Set this to 0 to disable the scheduled deploy runs.

agent-deploy-splay-time
Type:

Time, the number of seconds represented as an integer value

Default:

600

Environment Variable:

INMANTA_CONFIG_AGENT_DEPLOY_SPLAY_TIME

The splaytime added to the agent-deploy-interval. Set this to 0 to disable the splaytime. At startup the agent will choose a random number between 0 and agent-deploy-splay-time. It will wait this number of second before performing the first deployment run. Each subsequent repair deployment will start agent-deploy-interval seconds after the previous one.

agent-get-resource-backoff
Type:

float

Default:

3

Environment Variable:

INMANTA_CONFIG_AGENT_GET_RESOURCE_BACKOFF

This is a load management feature. It ensures that the agent will not pull resources from the inmanta server <agent-get-resource-backoff>*<duration-last-pull-in-seconds> seconds after the last time the agent pulled resources from the server. Setting this option too low may result in a high load on the Inmanta server. Setting it too high may result in long deployment times.

agent-interval
Type:

Time, the number of seconds represented as an integer value

Default:

600

Environment Variable:

INMANTA_CONFIG_AGENT_INTERVAL

[DEPRECATED] The run interval of the agent. Every run-interval seconds, the agent will check the current state of its resources against to desired state model

agent-map
Type:

List of comma-separated key=value pairs

Default:

None

Environment Variable:

INMANTA_CONFIG_AGENT_MAP

By default the agent assumes that all agent names map to the host on which the process is executed. With the agent map it can be mapped to other hosts. This value consists of a list of key/value pairs. The key is the name of the agent and the format of the value is described in std::AgentConfig. When the configuration option config.use_autostart_agent_map is set to true, this option will be ignored. example: iaas_openstack=localhost,vm1=192.16.13.2

agent-names
Type:

List of comma-separated values

Default:

$node-name

Environment Variable:

INMANTA_CONFIG_AGENT_NAMES

Names of the agents this instance should deploy configuration for. When the configuration option config.use_autostart_agent_map is set to true, this option will be ignored.

agent-reconnect-delay
Type:

int

Default:

5

Environment Variable:

INMANTA_CONFIG_AGENT_RECONNECT_DELAY

Time to wait after a failed heartbeat message. DO NOT SET TO 0

agent-repair-interval
Type:

Time, the number of seconds represented as an integer value or a cron-like expression

Default:

600

Environment Variable:

INMANTA_CONFIG_AGENT_REPAIR_INTERVAL

Either the number of seconds between two repair runs (full deploy) of the agent or a cron-like expression. If a cron-like expression is specified, a repair will be run following a cron-like time-to-run specification, interpreted in UTC. The expected format is [sec] min hour dom month dow [year] ( If only 6 values are provided, they are interpreted as min hour dom month dow year). A repair will be requested at the scheduled time. Note that if a cron expression is used the ‘agent_repair_splay_time’ setting will be ignored. Setting this to 0 to disable the scheduled repair runs.

agent-repair-splay-time
Type:

Time, the number of seconds represented as an integer value

Default:

600

Environment Variable:

INMANTA_CONFIG_AGENT_REPAIR_SPLAY_TIME

The splaytime added to the agent-repair-interval. Set this to 0 to disable the splaytime. At startup the agent will choose a random number between 0 and agent-repair-splay-time. It will wait this number of second before performing the first repair run. Each subsequent repair deployment will start agent-repair-interval seconds after the previous one. This option is ignored and a splay of 0 is used if ‘agent_repair_interval’ is a cron expression

agent-splay
Type:

Time, the number of seconds represented as an integer value

Default:

600

Environment Variable:

INMANTA_CONFIG_AGENT_SPLAY

[DEPRECATED] The splaytime added to the runinterval. Set this to 0 to disable splaytime. At startup the agent will choose a random number between 0 and “agent_splay. It will wait this number of second before performing the first deploy. Each subsequent deploy will start agent-interval seconds after the previous one.

environment
Type:

optional uuid

Default:

None

Environment Variable:

INMANTA_CONFIG_ENVIRONMENT

The environment this model is associated with

export
Type:

List of comma-separated values

Default:

Environment Variable:

INMANTA_CONFIG_EXPORT

The list of exporters to use. This option is ignored when the –export-plugin option is used.

feature-file
Type:

optional str

Default:

None

Environment Variable:

INMANTA_CONFIG_FEATURE_FILE

The loacation of the inmanta feature file.

log-dir
Type:

str

Default:

/var/log/inmanta

Environment Variable:

INMANTA_CONFIG_LOG_DIR

The directory where the resource action log is stored and the logs of auto-started agents.

node-name
Type:

str

Default:

socket.gethostname()

Environment Variable:

INMANTA_CONFIG_NODE_NAME

Force the hostname of this machine to a specific value

server-timeout
Type:

Time, the number of seconds represented as an integer value

Default:

125

Environment Variable:

INMANTA_CONFIG_SERVER_TIMEOUT

Amount of time to wait for a response from the server before we try to reconnect, must be larger than server.agent-hold

state-dir
Type:

str

Default:

/var/lib/inmanta

Environment Variable:

INMANTA_CONFIG_STATE_DIR

The directory where the server stores its state

use-autostart-agent-map
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Environment Variable:

INMANTA_CONFIG_USE_AUTOSTART_AGENT_MAP

If this option is set to true, the agent-map of this agent will be set the the autostart_agent_map configured on the server. The agent_map will be kept up-to-date automatically.

database

connection-pool-max-size
Type:

int

Default:

70

Environment Variable:

INMANTA_DATABASE_CONNECTION_POOL_MAX_SIZE

Max number of connections in the pool

connection-pool-min-size
Type:

int

Default:

10

Environment Variable:

INMANTA_DATABASE_CONNECTION_POOL_MIN_SIZE

Number of connections the pool will be initialized with

connection-timeout
Type:

float

Default:

60

Environment Variable:

INMANTA_DATABASE_CONNECTION_TIMEOUT

Connection timeout in seconds

host
Type:

str

Default:

localhost

Environment Variable:

INMANTA_DATABASE_HOST

Hostname or IP of the postgresql server

name
Type:

str

Default:

inmanta

Environment Variable:

INMANTA_DATABASE_NAME

The name of the database on the postgresql server

password
Type:

str

Default:

None

Environment Variable:

INMANTA_DATABASE_PASSWORD

The password that belong to the database user

port
Type:

int

Default:

5432

Environment Variable:

INMANTA_DATABASE_PORT

The port of the postgresql server

username
Type:

str

Default:

postgres

Environment Variable:

INMANTA_DATABASE_USERNAME

The username to access the database in the PostgreSQL server

wait-time
Type:

Time, the number of seconds represented as an integer value

Default:

0

Environment Variable:

INMANTA_DATABASE_WAIT_TIME

For how long the server should wait for the DB to be up before starting. If set to 0, the server won’t wait for the DB. If set to a negative value, the server will wait forever.

deploy

environment
Type:

optional str

Default:

deploy

Environment Variable:

INMANTA_DEPLOY_ENVIRONMENT

The environment name to use in the deploy

project
Type:

optional str

Default:

deploy

Environment Variable:

INMANTA_DEPLOY_PROJECT

The project name to use in the deploy

influxdb

host
Type:

str

Default:

Environment Variable:

INMANTA_INFLUXDB_HOST

Hostname or IP of the influxdb server to send reports to

interval
Type:

int

Default:

30

Environment Variable:

INMANTA_INFLUXDB_INTERVAL

Interval with which to report to influxdb

name
Type:

str

Default:

inmanta

Environment Variable:

INMANTA_INFLUXDB_NAME

The name of the database on the influxdb server

password
Type:

str

Default:

None

Environment Variable:

INMANTA_INFLUXDB_PASSWORD

The password that belong to the influxdb user

port
Type:

int

Default:

8086

Environment Variable:

INMANTA_INFLUXDB_PORT

The port of the influxdb server

tags
Type:

List of comma-separated key=value pairs

Default:

Environment Variable:

INMANTA_INFLUXDB_TAGS

a dict of tags to attach to all influxdb records in the form tag=value,tag=value

username
Type:

str

Default:

None

Environment Variable:

INMANTA_INFLUXDB_USERNAME

The username to access the database in the influxdb server

license

entitlement-file
Type:

str

Default:

/etc/inmanta/entitlement.jwe

Environment Variable:

INMANTA_LICENSE_ENTITLEMENT_FILE

The entitlement file to enable features in orchestrator.

license-key
Type:

str

Default:

/etc/inmanta/license.key

Environment Variable:

INMANTA_LICENSE_LICENSE_KEY

The license file to activate the orchestrator.

lsm.callback

logfile
Type:

str

Default:

callback.log

Environment Variable:

INMANTA_LSM.CALLBACK_LOGFILE

Log file for callbacks

timeout
Type:

float

Default:

30.0

Environment Variable:

INMANTA_LSM.CALLBACK_TIMEOUT

The request timeout for event notification callbacks in seconds

server

access-control-allow-origin
Type:

optional str

Default:

None

Environment Variable:

INMANTA_SERVER_ACCESS_CONTROL_ALLOW_ORIGIN

Configures the Access-Control-Allow-Origin setting of the http server.Defaults to not sending an Access-Control-Allow-Origin header.

agent-hold
Type:

Time, the number of seconds represented as an integer value

Default:

server.agent-timeout *3/4

Environment Variable:

INMANTA_SERVER_AGENT_HOLD

Maximal time the server will hold an agent heartbeat call

agent-process-purge-interval
Type:

Time, the number of seconds represented as an integer value

Default:

3600

Environment Variable:

INMANTA_SERVER_AGENT_PROCESS_PURGE_INTERVAL

The number of seconds between two purges of old and expired agent processes. Set to zero to disable the cleanup. see server.agent-processes-to-keep

agent-processes-to-keep
Type:

int

Default:

5

Environment Variable:

INMANTA_SERVER_AGENT_PROCESSES_TO_KEEP

Keep this amount of expired agent processes for a certain hostname

agent-timeout
Type:

Time, the number of seconds represented as an integer value

Default:

30

Environment Variable:

INMANTA_SERVER_AGENT_TIMEOUT

Time before an agent is considered to be offline

auth
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

False

Environment Variable:

INMANTA_SERVER_AUTH

Enable authentication on the server API

auth-additional-header
Type:

optional str

Default:

None

Environment Variable:

INMANTA_SERVER_AUTH_ADDITIONAL_HEADER

An additional header to look for authentication tokens

auth-method
Type:

str

Default:

oidc

Environment Variable:

INMANTA_SERVER_AUTH_METHOD

The authentication method to use: oidc, database or jwt

auto-recompile-wait
Type:

Time, the number of seconds represented as an integer value

Default:

10

Environment Variable:

INMANTA_SERVER_AUTO_RECOMPILE_WAIT

DEPRECATED: The number of seconds to wait before the server may attempt to do a new recompile. Recompiles are triggered after facts updates for example.

bind-address
Type:

List of comma-separated values

Default:

127.0.0.1

Environment Variable:

INMANTA_SERVER_BIND_ADDRESS

A list of addresses on which the server will listen for connections. If this option is set, the server_rest_transport.port option is ignored.

bind-port
Type:

int

Default:

8888

Environment Variable:

INMANTA_SERVER_BIND_PORT

The port on which the server will listen for connections. If this option is set, the server_rest_transport.port option is ignored.

cleanup-compiler-reports-interval
Type:

Time, the number of seconds represented as an integer value

Default:

3600

Environment Variable:

INMANTA_SERVER_CLEANUP_COMPILER_REPORTS_INTERVAL

Number of seconds between old compile report cleanups. see server.compiler-report-retention

compiler-report-retention
Type:

Time, the number of seconds represented as an integer value

Default:

604800

Environment Variable:

INMANTA_SERVER_COMPILER_REPORT_RETENTION

The server regularly cleans up old compiler reports. This options specifies the number of seconds to keep old compiler reports for. The default is seven days.

enabled-extensions
Type:

List of comma-separated values

Default:

Built-in mutable sequence. If no argument is given, the constructor creates a new empty list. The argument must be an iterable if specified.

Environment Variable:

INMANTA_SERVER_ENABLED_EXTENSIONS

A list of extensions the server must load. Core is always loaded.If an extension listed in this list is not available, the server will refuse to start.

fact-expire
Type:

Time, the number of seconds represented as an integer value

Default:

3600

Environment Variable:

INMANTA_SERVER_FACT_EXPIRE

After how many seconds will discovered facts/parameters expire.

fact-renew
Type:

time; < server.fact-expire

Default:

server.fact-expire /3

Environment Variable:

INMANTA_SERVER_FACT_RENEW

After how many seconds will discovered facts/parameters be renewed? This value needs to be lower than fact-expire

fact-resource-block
Type:

Time, the number of seconds represented as an integer value

Default:

60

Environment Variable:

INMANTA_SERVER_FACT_RESOURCE_BLOCK

Minimal time between subsequent requests for the same fact

purge-resource-action-logs-interval
Type:

Time, the number of seconds represented as an integer value

Default:

3600

Environment Variable:

INMANTA_SERVER_PURGE_RESOURCE_ACTION_LOGS_INTERVAL

The number of seconds between resource-action log purging

purge-versions-interval
Type:

Time, the number of seconds represented as an integer value

Default:

3600

Environment Variable:

INMANTA_SERVER_PURGE_VERSIONS_INTERVAL

The number of seconds between version purging, see available_versions_to_keep.

resource-action-log-prefix
Type:

str

Default:

resource-actions-

Environment Variable:

INMANTA_SERVER_RESOURCE_ACTION_LOG_PREFIX

File prefix in log-dir, containing the resource-action logs. The after the prefix the environment uuid and .log is added

server-address
Type:

str

Default:

localhost

Environment Variable:

INMANTA_SERVER_SERVER_ADDRESS

The public ip address of the server. This is required for example to inject the inmanta agent in virtual machines at boot time.

ssl-ca-cert-file
Type:

optional str

Default:

None

Environment Variable:

INMANTA_SERVER_SSL_CA_CERT_FILE

The CA cert file required to validate the server ssl cert. This setting is used by the serverto correctly configure the compiler and agents that the server starts itself. If not set and SSL is enabled, the server cert should be verifiable with the CAs installed in the OS.

ssl-cert-file
Type:

optional str

Default:

None

Environment Variable:

INMANTA_SERVER_SSL_CERT_FILE

SSL certificate file for the server key. Leave blank to disable SSL

ssl-key-file
Type:

optional str

Default:

None

Environment Variable:

INMANTA_SERVER_SSL_KEY_FILE

Server private key to use for this server Leave blank to disable SSL

tz-aware-timestamps
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

True

Environment Variable:

INMANTA_SERVER_TZ_AWARE_TIMESTAMPS

Whether the server should return timezone aware timestamps. If False, the server will serialize timestamps in a time zone naive way (in implicit UTC). If True, timestamps are serialized as time zone aware objects.

wait-after-param
Type:

Time, the number of seconds represented as an integer value

Default:

5

Environment Variable:

INMANTA_SERVER_WAIT_AFTER_PARAM

Time to wait before recompile after new paramters have been received

server_rest_transport

port
Type:

int

Default:

8888

Environment Variable:

INMANTA_SERVER_REST_TRANSPORT_PORT

[DEPRECATED USE server.bind-port] The port on which the server listens for connections

unknown_handler

default
Type:

str

Default:

prune-agent

Environment Variable:

INMANTA_UNKNOWN_HANDLER_DEFAULT

default method to handle unknown values

web-ui

console-enabled
Type:

Boolean value, represented as any of true, false, on, off, yes, no, 1, 0. (Case-insensitive)

Default:

True

Environment Variable:

INMANTA_WEB-UI_CONSOLE_ENABLED

Whether the server should host the web-console or not

console-path
Type:

str

Default:

/usr/share/inmanta/web-console

Environment Variable:

INMANTA_WEB-UI_CONSOLE_PATH

The path on the local file system where the web-console can be found

features
Type:

List of comma-separated values

Default:

Environment Variable:

INMANTA_WEB-UI_FEATURES

A list of features that should be enabled in the web console.

oidc-auth-url
Type:

str

Default:

None

Environment Variable:

INMANTA_WEB-UI_OIDC_AUTH_URL

The auth url of the OpenID Connect server to use.

oidc-client-id
Type:

str

Default:

None

Environment Variable:

INMANTA_WEB-UI_OIDC_CLIENT_ID

The OpenID Connect client id configured for this application.

oidc-realm
Type:

str

Default:

inmanta

Environment Variable:

INMANTA_WEB-UI_OIDC_REALM

The realm to use for OpenID Connect authentication.