github.com/choria-io/go-choria@v0.28.1-0.20240416190746-b3bf9c7d5a45/docs/content/configuration/_index.md (about) 1 +++ 2 title = "Config Reference" 3 toc = true 4 weight = 40 5 pre = "<b>4. </b>" 6 +++ 7 8 This is a list of all known Configuration settings. This list is based on declared settings within the Choria Go code base and so will not cover 100% of settings - plugins can contribute their own settings which are note known at compile time. 9 10 {{% notice secondary "Version Hint" code-branch %}} 11 Built on *16 Mar 24 15:26 UTC* using version *0.28.0* 12 {{% /notice %}} 13 14 ### Run-time configuration 15 16 The run-time configuration can be inspected using `choria tool config --config /etc/choria/server.cfg`, this will show the active configuration. 17 18 ### Search and list directives 19 20 In addition to the full list below you can get configuration information for your version using the CLI: 21 22 ```nohighlight 23 % choria tool config security.provider 24 .... 25 Configuration item: plugin.security.provider 26 27 ║ Value: puppet 28 ║ Data Type: string 29 ║ Validation: enum=puppet,file,pkcs11,certmanager,choria 30 ║ Default: puppet 31 ║ 32 ║ The Security Provider to use 33 ╙─ 34 ``` 35 36 ### Data Types 37 38 A few special types are defined, the rest map to standard Go types 39 40 |Type|Description| 41 |----|-----------| 42 |comma_split|A comma separated list of strings, possibly with spaces between| 43 |duration|A duration such as `1h`, `300ms`, `-1.5h` or `2h45m`. Valid time units are `ns`, `ms`, `s`, `m`, `h`| 44 |path_split|A list of paths split by a OS specific PATH separator| 45 |path_string|A path that can include `~` for the users home directory| 46 |strings|A space separated list of strings| 47 |title_string|A string that will be stored as a `Title String`| 48 49 ### Index 50 51 | | | 52 |-|-| 53 |[classesfile](#classesfile)|[collectives](#collectives)| 54 |[color](#color)|[default_discovery_method](#default_discovery_method)| 55 |[default_discovery_options](#default_discovery_options)|[discovery_timeout](#discovery_timeout)| 56 |[identity](#identity)|[libdir](#libdir)| 57 |[logfile](#logfile)|[loglevel](#loglevel)| 58 |[main_collective](#main_collective)|[plugin.choria.adapters](#pluginchoriaadapters)| 59 |[plugin.choria.agent_provider.mcorpc.agent_shim](#pluginchoriaagent_providermcorpcagent_shim)|[plugin.choria.agent_provider.mcorpc.config](#pluginchoriaagent_providermcorpcconfig)| 60 |[plugin.choria.agent_provider.mcorpc.libdir](#pluginchoriaagent_providermcorpclibdir)|[plugin.choria.broker_federation](#pluginchoriabroker_federation)| 61 |[plugin.choria.broker_network](#pluginchoriabroker_network)|[plugin.choria.discovery.broadcast.windowed_timeout](#pluginchoriadiscoverybroadcastwindowed_timeout)| 62 |[plugin.choria.discovery.external.command](#pluginchoriadiscoveryexternalcommand)|[plugin.choria.discovery.inventory.source](#pluginchoriadiscoveryinventorysource)| 63 |[plugin.choria.federation.cluster](#pluginchoriafederationcluster)|[plugin.choria.federation.collectives](#pluginchoriafederationcollectives)| 64 |[plugin.choria.federation_middleware_hosts](#pluginchoriafederation_middleware_hosts)|[plugin.choria.legacy_lifecycle_format](#pluginchorialegacy_lifecycle_format)| 65 |[plugin.choria.machine.signing_key](#pluginchoriamachinesigning_key)|[plugin.choria.machine.store](#pluginchoriamachinestore)| 66 |[plugin.choria.middleware_hosts](#pluginchoriamiddleware_hosts)|[plugin.choria.network.client_hosts](#pluginchorianetworkclient_hosts)| 67 |[plugin.choria.network.client_port](#pluginchorianetworkclient_port)|[plugin.choria.network.client_signer_cert](#pluginchorianetworkclient_signer_cert)| 68 |[plugin.choria.network.client_tls_force_required](#pluginchorianetworkclient_tls_force_required)|[plugin.choria.network.deny_server_connections](#pluginchorianetworkdeny_server_connections)| 69 |[plugin.choria.network.gateway_name](#pluginchorianetworkgateway_name)|[plugin.choria.network.gateway_port](#pluginchorianetworkgateway_port)| 70 |[plugin.choria.network.gateway_remotes](#pluginchorianetworkgateway_remotes)|[plugin.choria.network.leafnode_port](#pluginchorianetworkleafnode_port)| 71 |[plugin.choria.network.leafnode_remotes](#pluginchorianetworkleafnode_remotes)|[plugin.choria.network.listen_address](#pluginchorianetworklisten_address)| 72 |[plugin.choria.network.mapping.names](#pluginchorianetworkmappingnames)|[plugin.choria.network.peer_password](#pluginchorianetworkpeer_password)| 73 |[plugin.choria.network.peer_port](#pluginchorianetworkpeer_port)|[plugin.choria.network.peer_user](#pluginchorianetworkpeer_user)| 74 |[plugin.choria.network.peers](#pluginchorianetworkpeers)|[plugin.choria.network.pprof_port](#pluginchorianetworkpprof_port)| 75 |[plugin.choria.network.provisioning.client_password](#pluginchorianetworkprovisioningclient_password)|[plugin.choria.network.provisioning.provisioner_without_token](#pluginchorianetworkprovisioningprovisioner_without_token)| 76 |[plugin.choria.network.provisioning.signer_cert](#pluginchorianetworkprovisioningsigner_cert)|[plugin.choria.network.public_url](#pluginchorianetworkpublic_url)| 77 |[plugin.choria.network.server_signer_cert](#pluginchorianetworkserver_signer_cert)|[plugin.choria.network.soft_shutdown_timeout](#pluginchorianetworksoft_shutdown_timeout)| 78 |[plugin.choria.network.stream.advisory_replicas](#pluginchorianetworkstreamadvisory_replicas)|[plugin.choria.network.stream.advisory_retention](#pluginchorianetworkstreamadvisory_retention)| 79 |[plugin.choria.network.stream.event_replicas](#pluginchorianetworkstreamevent_replicas)|[plugin.choria.network.stream.event_retention](#pluginchorianetworkstreamevent_retention)| 80 |[plugin.choria.network.stream.leader_election_replicas](#pluginchorianetworkstreamleader_election_replicas)|[plugin.choria.network.stream.leader_election_ttl](#pluginchorianetworkstreamleader_election_ttl)| 81 |[plugin.choria.network.stream.machine_replicas](#pluginchorianetworkstreammachine_replicas)|[plugin.choria.network.stream.machine_retention](#pluginchorianetworkstreammachine_retention)| 82 |[plugin.choria.network.stream.manage_streams](#pluginchorianetworkstreammanage_streams)|[plugin.choria.network.stream.store](#pluginchorianetworkstreamstore)| 83 |[plugin.choria.network.system.password](#pluginchorianetworksystempassword)|[plugin.choria.network.system.user](#pluginchorianetworksystemuser)| 84 |[plugin.choria.network.tls_timeout](#pluginchorianetworktls_timeout)|[plugin.choria.network.websocket_advertise](#pluginchorianetworkwebsocket_advertise)| 85 |[plugin.choria.network.websocket_port](#pluginchorianetworkwebsocket_port)|[plugin.choria.network.write_deadline](#pluginchorianetworkwrite_deadline)| 86 |[plugin.choria.prometheus_textfile_directory](#pluginchoriaprometheus_textfile_directory)|[plugin.choria.puppetca_host](#pluginchoriapuppetca_host)| 87 |[plugin.choria.puppetca_port](#pluginchoriapuppetca_port)|[plugin.choria.puppetdb_host](#pluginchoriapuppetdb_host)| 88 |[plugin.choria.puppetdb_port](#pluginchoriapuppetdb_port)|[plugin.choria.puppetserver_host](#pluginchoriapuppetserver_host)| 89 |[plugin.choria.puppetserver_port](#pluginchoriapuppetserver_port)|[plugin.choria.registration.file_content.compression](#pluginchoriaregistrationfile_contentcompression)| 90 |[plugin.choria.registration.file_content.data](#pluginchoriaregistrationfile_contentdata)|[plugin.choria.registration.file_content.target](#pluginchoriaregistrationfile_contenttarget)| 91 |[plugin.choria.registration.inventory_content.compression](#pluginchoriaregistrationinventory_contentcompression)|[plugin.choria.registration.inventory_content.target](#pluginchoriaregistrationinventory_contenttarget)| 92 |[plugin.choria.require_client_filter](#pluginchoriarequire_client_filter)|[plugin.choria.security.certname_whitelist](#pluginchoriasecuritycertname_whitelist)| 93 |[plugin.choria.security.privileged_users](#pluginchoriasecurityprivileged_users)|[plugin.choria.security.request_signer.seed_file](#pluginchoriasecurityrequest_signerseed_file)| 94 |[plugin.choria.security.request_signer.service](#pluginchoriasecurityrequest_signerservice)|[plugin.choria.security.request_signer.token_file](#pluginchoriasecurityrequest_signertoken_file)| 95 |[plugin.choria.security.request_signer.url](#pluginchoriasecurityrequest_signerurl)|[plugin.choria.security.server.seed_file](#pluginchoriasecurityserverseed_file)| 96 |[plugin.choria.security.server.token_file](#pluginchoriasecurityservertoken_file)|[plugin.choria.server.provision](#pluginchoriaserverprovision)| 97 |[plugin.choria.server.provision.allow_update](#pluginchoriaserverprovisionallow_update)|[plugin.choria.services.registry.cache](#pluginchoriaservicesregistrycache)| 98 |[plugin.choria.services.registry.store](#pluginchoriaservicesregistrystore)|[plugin.choria.srv_domain](#pluginchoriasrv_domain)| 99 |[plugin.choria.ssldir](#pluginchoriassldir)|[plugin.choria.stats_address](#pluginchoriastats_address)| 100 |[plugin.choria.stats_port](#pluginchoriastats_port)|[plugin.choria.status_file_path](#pluginchoriastatus_file_path)| 101 |[plugin.choria.status_update_interval](#pluginchoriastatus_update_interval)|[plugin.choria.submission.max_spool_size](#pluginchoriasubmissionmax_spool_size)| 102 |[plugin.choria.submission.spool](#pluginchoriasubmissionspool)|[plugin.choria.use_srv](#pluginchoriause_srv)| 103 |[plugin.login.aaasvc.login.url](#pluginloginaaasvcloginurl)|[plugin.machines.bucket](#pluginmachinesbucket)| 104 |[plugin.machines.check_interval](#pluginmachinescheck_interval)|[plugin.machines.download](#pluginmachinesdownload)| 105 |[plugin.machines.key](#pluginmachineskey)|[plugin.machines.poll_interval](#pluginmachinespoll_interval)| 106 |[plugin.machines.purge](#pluginmachinespurge)|[plugin.machines.signing_key](#pluginmachinessigning_key)| 107 |[plugin.nats.credentials](#pluginnatscredentials)|[plugin.nats.pass](#pluginnatspass)| 108 |[plugin.nats.user](#pluginnatsuser)|[plugin.rpcaudit.logfile](#pluginrpcauditlogfile)| 109 |[plugin.rpcaudit.logfile.group](#pluginrpcauditlogfilegroup)|[plugin.rpcaudit.logfile.mode](#pluginrpcauditlogfilemode)| 110 |[plugin.scout.agent_disabled](#pluginscoutagent_disabled)|[plugin.scout.goss.denied_local_resources](#pluginscoutgossdenied_local_resources)| 111 |[plugin.scout.goss.denied_remote_resources](#pluginscoutgossdenied_remote_resources)|[plugin.scout.overrides](#pluginscoutoverrides)| 112 |[plugin.scout.tags](#pluginscouttags)|[plugin.security.certmanager.alt_names](#pluginsecuritycertmanageralt_names)| 113 |[plugin.security.certmanager.api_version](#pluginsecuritycertmanagerapi_version)|[plugin.security.certmanager.issuer](#pluginsecuritycertmanagerissuer)| 114 |[plugin.security.certmanager.namespace](#pluginsecuritycertmanagernamespace)|[plugin.security.certmanager.replace](#pluginsecuritycertmanagerreplace)| 115 |[plugin.security.choria.ca](#pluginsecuritychoriaca)|[plugin.security.choria.certificate](#pluginsecuritychoriacertificate)| 116 |[plugin.security.choria.key](#pluginsecuritychoriakey)|[plugin.security.choria.seed_file](#pluginsecuritychoriaseed_file)| 117 |[plugin.security.choria.sign_replies](#pluginsecuritychoriasign_replies)|[plugin.security.choria.token_file](#pluginsecuritychoriatoken_file)| 118 |[plugin.security.choria.trusted_signers](#pluginsecuritychoriatrusted_signers)|[plugin.security.cipher_suites](#pluginsecuritycipher_suites)| 119 |[plugin.security.client_anon_tls](#pluginsecurityclient_anon_tls)|[plugin.security.ecc_curves](#pluginsecurityecc_curves)| 120 |[plugin.security.file.ca](#pluginsecurityfileca)|[plugin.security.file.certificate](#pluginsecurityfilecertificate)| 121 |[plugin.security.file.key](#pluginsecurityfilekey)|[plugin.security.issuer.names](#pluginsecurityissuernames)| 122 |[plugin.security.pkcs11.driver_file](#pluginsecuritypkcs11driver_file)|[plugin.security.pkcs11.slot](#pluginsecuritypkcs11slot)| 123 |[plugin.security.provider](#pluginsecurityprovider)|[plugin.security.server_anon_tls](#pluginsecurityserver_anon_tls)| 124 |[plugin.security.support_legacy_certificates](#pluginsecuritysupport_legacy_certificates)|[plugin.yaml](#pluginyaml)| 125 |[registerinterval](#registerinterval)|[registration](#registration)| 126 |[registration_collective](#registration_collective)|[registration_splay](#registration_splay)| 127 |[rpcaudit](#rpcaudit)|[rpcauthorization](#rpcauthorization)| 128 |[rpcauthprovider](#rpcauthprovider)|[rpclimitmethod](#rpclimitmethod)| 129 |[soft_shutdown_timeout](#soft_shutdown_timeout)|[ttl](#ttl)| 130 131 132 ### classesfile 133 134 * **Type:** path_string 135 * **Default Value:** /opt/puppetlabs/puppet/cache/state/classes.txt 136 137 Path to a file listing configuration classes applied to a node, used in matches using Class filters 138 139 ### collectives 140 141 * **Type:** comma_split 142 143 The list of known Sub Collectives this node will join or communicate with, Servers will subscribe the node and each agent to each sub collective and Clients will publish to a chosen sub collective. Defaults to the build settin build.DefaultCollectives 144 145 ### color 146 147 * **Type:** boolean 148 * **Default Value:** true 149 150 Disables or enable CLI color 151 152 ### default_discovery_method 153 154 * **Type:** string 155 * **Validation:** enum=mc,broadcast,puppetdb,choria,external,inventory 156 * **Default Value:** mc 157 158 The default discovery plugin to use. The default "mc" uses a network broadcast, "choria" uses PuppetDB, external calls external commands 159 160 ### default_discovery_options 161 162 * **Type:** strings 163 164 Default options to pass to the discovery plugin 165 166 ### discovery_timeout 167 168 * **Type:** integer 169 * **Default Value:** 2 170 171 How long to wait for responses while doing broadcast discovery 172 173 ### identity 174 175 * **Type:** string 176 177 The identity this machine is known as, when empty it's derived based on the operating system hostname or by calling facter fqdn 178 179 ### libdir 180 181 * **Type:** path_split 182 183 The directory where Agents, DDLs and other plugins are found 184 185 ### logfile 186 187 * **Type:** path_string 188 * **Default Value:** stdout 189 190 The file to write logs to, when set to 'discard' logging will be disabled. Also supports 'stdout' and 'stderr' as special log destinations. 191 192 ### loglevel 193 194 * **Type:** string 195 * **Validation:** enum=debug,info,warn,error,fatal 196 * **Default Value:** info 197 198 The lowest level log to add to the logfile 199 200 ### main_collective 201 202 * **Type:** string 203 204 The Sub Collective where a Client will publish to when no specific Sub Collective is configured 205 206 ### plugin.choria.adapters 207 208 * **Type:** comma_split 209 * **Additional Information:** https://choria.io/docs/adapters/ 210 211 The list of Data Adapters to activate 212 213 ### plugin.choria.agent_provider.mcorpc.agent_shim 214 215 * **Type:** string 216 217 Path to the helper used to call MCollective Ruby agents 218 219 ### plugin.choria.agent_provider.mcorpc.config 220 221 * **Type:** string 222 223 Path to the MCollective configuration file used when running MCollective Ruby agents 224 225 ### plugin.choria.agent_provider.mcorpc.libdir 226 227 * **Type:** path_split 228 229 Path to the libdir MCollective Ruby agents should have 230 231 ### plugin.choria.broker_federation 232 233 * **Type:** boolean 234 * **Additional Information:** https://choria.io/docs/federation/ 235 * **Default Value:** false 236 237 Enables the Federation Broker 238 239 ### plugin.choria.broker_network 240 241 * **Type:** boolean 242 * **Additional Information:** https://choria.io/docs/deployment/broker/ 243 * **Default Value:** false 244 245 Enables the Network Broker 246 247 ### plugin.choria.discovery.broadcast.windowed_timeout 248 249 * **Type:** boolean 250 251 Enables the experimental dynamic timeout for choria/mc discovery 252 253 ### plugin.choria.discovery.external.command 254 255 * **Type:** path_string 256 257 The command to use for external discovery 258 259 ### plugin.choria.discovery.inventory.source 260 261 * **Type:** path_string 262 263 The file to read for inventory discovery 264 265 ### plugin.choria.federation.cluster 266 267 * **Type:** string 268 * **Additional Information:** https://choria.io/docs/federation/ 269 * **Default Value:** mcollective 270 271 The cluster name a Federation Broker serves 272 273 ### plugin.choria.federation.collectives 274 275 * **Type:** comma_split 276 * **Additional Information:** https://choria.io/docs/federation/ 277 * **Environment Variable:** CHORIA_FED_COLLECTIVE 278 279 List of known remote collectives accessible via Federation Brokers 280 281 ### plugin.choria.federation_middleware_hosts 282 283 * **Type:** comma_split 284 * **Additional Information:** https://choria.io/docs/federation/ 285 286 Middleware brokers used by the Federation Broker, if unset uses SRV 287 288 ### plugin.choria.legacy_lifecycle_format 289 290 * **Type:** boolean 291 * **Default Value:** 0 292 293 When enabled will publish lifecycle events in the legacy format, else Cloud Events format is used 294 295 ### plugin.choria.machine.signing_key 296 297 * **Type:** string 298 299 Public key used to sign data for watchers like machines watcher. Will override the value compiled in or in the watcher definitions if set here. This is primarily to allow development environments to use different private keys. 300 301 ### plugin.choria.machine.store 302 303 * **Type:** string 304 * **Additional Information:** https://choria.io/docs/autoagents/ 305 306 Directory where Autonomous Agents are stored 307 308 ### plugin.choria.middleware_hosts 309 310 * **Type:** comma_split 311 312 Set specific middleware hosts in the format host:port, if unset uses SRV 313 314 ### plugin.choria.network.client_hosts 315 316 * **Type:** comma_split 317 318 CIDRs to limit client connections from, appropriate ACLs are added based on this 319 320 ### plugin.choria.network.client_port 321 322 * **Type:** integer 323 * **Additional Information:** https://choria.io/docs/deployment/broker/ 324 * **Default Value:** 4222 325 326 Port the Network Broker will accept client connections on 327 328 ### plugin.choria.network.client_signer_cert 329 330 * **Type:** comma_split 331 332 Fully qualified paths to the public certificates used by the AAA Service to sign client JWT tokens. This enables users with signed JWTs to use unverified TLS to connect. Can also be a list of ed25519 public keys. 333 334 ### plugin.choria.network.client_tls_force_required 335 336 * **Type:** boolean 337 338 Force requiring/not requiring TLS for all clients 339 340 ### plugin.choria.network.deny_server_connections 341 342 * **Type:** boolean 343 344 Set ACLs denying server connections to this broker 345 346 ### plugin.choria.network.gateway_name 347 348 * **Type:** string 349 * **Default Value:** CHORIA 350 351 Name for the Super Cluster 352 353 ### plugin.choria.network.gateway_port 354 355 * **Type:** integer 356 * **Default Value:** 0 357 358 Port to listen on for Super Cluster connections 359 360 ### plugin.choria.network.gateway_remotes 361 362 * **Type:** comma_split 363 364 List of remote Super Clusters to connect to 365 366 ### plugin.choria.network.leafnode_port 367 368 * **Type:** integer 369 * **Default Value:** 0 370 371 Port to listen on for Leafnode connections, disabled with 0 372 373 ### plugin.choria.network.leafnode_remotes 374 375 * **Type:** comma_split 376 377 Remote networks to connect to as a Leafnode 378 379 ### plugin.choria.network.listen_address 380 381 * **Type:** string 382 * **Additional Information:** https://choria.io/docs/deployment/broker/ 383 * **Default Value:** :: 384 385 Address the Network Broker will listen on 386 387 ### plugin.choria.network.mapping.names 388 389 * **Type:** comma_split 390 391 List of subject remappings to apply 392 393 ### plugin.choria.network.peer_password 394 395 * **Type:** string 396 397 Password to use when connecting to cluster peers 398 399 ### plugin.choria.network.peer_port 400 401 * **Type:** integer 402 * **Additional Information:** https://choria.io/docs/deployment/broker/ 403 404 Port used to communicate with other local cluster peers 405 406 ### plugin.choria.network.peer_user 407 408 * **Type:** string 409 410 Username to use when connecting to cluster peers 411 412 ### plugin.choria.network.peers 413 414 * **Type:** comma_split 415 * **Additional Information:** https://choria.io/docs/deployment/broker/ 416 417 List of cluster peers in host:port format 418 419 ### plugin.choria.network.pprof_port 420 421 * **Type:** integer 422 * **Default Value:** 0 423 424 The port the network broker will listen on for pprof requests 425 426 ### plugin.choria.network.provisioning.client_password 427 428 * **Type:** string 429 430 Password the provisioned clients should use to connect 431 432 ### plugin.choria.network.provisioning.provisioner_without_token 433 434 * **Type:** boolean 435 436 Allows a provisioner without a token to connect over TLS using username and password. This facilitates v1 provisioning on an Issuer based network 437 438 ### plugin.choria.network.provisioning.signer_cert 439 440 * **Type:** path_string 441 442 Path to the public cert that signs provisioning tokens, enables accepting provisioning connections into the provisioning account 443 444 ### plugin.choria.network.public_url 445 446 * **Type:** string 447 448 Name:Port to advertise to clients, useful when fronted by a proxy 449 450 ### plugin.choria.network.server_signer_cert 451 452 * **Type:** comma_split 453 454 Fully qualified Paths to the public certificates used by the Provisioner Service to sign server JWT tokens. This enables servers with signed JWTs to use unverified TLS to connect. Can also be a list of ed25519 public keys. 455 456 ### plugin.choria.network.soft_shutdown_timeout 457 458 * **Type:** integer 459 * **Default Value:** 60 460 461 The amount of time to allow the broker to exit, after this memory and thread dumps will be performed and a force exit will be done 462 463 ### plugin.choria.network.stream.advisory_replicas 464 465 * **Type:** integer 466 * **Default Value:** -1 467 468 When configuring Stream advisories storage ensure data is replicated in the cluster over this many servers, -1 means count of peers 469 470 ### plugin.choria.network.stream.advisory_retention 471 472 * **Type:** duration 473 * **Default Value:** 168h 474 475 When not zero enables retaining Stream advisories in the Stream Store 476 477 ### plugin.choria.network.stream.event_replicas 478 479 * **Type:** integer 480 * **Default Value:** -1 481 482 When configuring LifeCycle events ensure data is replicated in the cluster over this many servers, -1 means count of peers 483 484 ### plugin.choria.network.stream.event_retention 485 486 * **Type:** duration 487 * **Default Value:** 24h 488 489 When not zero enables retaining Lifecycle events in the Stream Store 490 491 ### plugin.choria.network.stream.leader_election_replicas 492 493 * **Type:** integer 494 * **Default Value:** -1 495 496 When configuring Stream based Leader Election storage ensure data is replicated in the cluster over this many servers, -1 means count of peers 497 498 ### plugin.choria.network.stream.leader_election_ttl 499 500 * **Type:** duration 501 * **Default Value:** 1m 502 503 The TTL for leader election, leaders must vote at least this frequently to remain leader 504 505 ### plugin.choria.network.stream.machine_replicas 506 507 * **Type:** integer 508 * **Default Value:** -1 509 510 When configuring Autonomous Agent event storage ensure data is replicated in the cluster over this many servers, -1 means count of peers 511 512 ### plugin.choria.network.stream.machine_retention 513 514 * **Type:** duration 515 * **Default Value:** 24h 516 517 When not zero enables retaining Autonomous Agent events in the Stream Store 518 519 ### plugin.choria.network.stream.manage_streams 520 521 * **Type:** boolean 522 * **Default Value:** 1 523 524 When set to zero will disable managing the standard streams on this node 525 526 ### plugin.choria.network.stream.store 527 528 * **Type:** path_string 529 530 Enables Streaming data persistence stored in this path 531 532 ### plugin.choria.network.system.password 533 534 * **Type:** string 535 536 Password used to access the Choria system account 537 538 ### plugin.choria.network.system.user 539 540 * **Type:** string 541 542 Username used to access the Choria system account 543 544 ### plugin.choria.network.tls_timeout 545 546 * **Type:** integer 547 * **Default Value:** 2 548 549 Time to allow for TLS connections to establish, increase on slow or very large networks 550 551 ### plugin.choria.network.websocket_advertise 552 553 * **Type:** string 554 * **Additional Information:** https://choria.io/docs/deployment/broker/ 555 556 The URL to advertise for websocket connections 557 558 ### plugin.choria.network.websocket_port 559 560 * **Type:** integer 561 * **Additional Information:** https://choria.io/docs/deployment/broker/ 562 563 Port to listen on for websocket connections 564 565 ### plugin.choria.network.write_deadline 566 567 * **Type:** duration 568 * **Default Value:** 10s 569 570 How long to allow clients to process traffic before treating them as slow, increase this on large networks or slow networks 571 572 ### plugin.choria.prometheus_textfile_directory 573 574 * **Type:** path_string 575 576 Directory where Prometheus Node Exporter textfile collector reads data 577 578 ### plugin.choria.puppetca_host 579 580 * **Type:** string 581 * **Default Value:** puppet 582 583 The hostname where your Puppet Certificate Authority can be found 584 585 ### plugin.choria.puppetca_port 586 587 * **Type:** integer 588 * **Default Value:** 8140 589 590 The port your Puppet Certificate Authority listens on 591 592 ### plugin.choria.puppetdb_host 593 594 * **Type:** string 595 596 The host hosting your PuppetDB, used by the "choria" discovery plugin 597 598 ### plugin.choria.puppetdb_port 599 600 * **Type:** integer 601 * **Default Value:** 8081 602 603 The port your PuppetDB listens on 604 605 ### plugin.choria.puppetserver_host 606 607 * **Type:** string 608 * **Default Value:** puppet 609 610 The hostname where your Puppet Server can be found 611 612 ### plugin.choria.puppetserver_port 613 614 * **Type:** integer 615 * **Default Value:** 8140 616 617 The port your Puppet Server listens on 618 619 ### plugin.choria.registration.file_content.compression 620 621 * **Type:** boolean 622 * **Default Value:** true 623 624 Enables gzip compression of registration data 625 626 ### plugin.choria.registration.file_content.data 627 628 * **Type:** string 629 630 YAML or JSON file to use as data source for registration 631 632 ### plugin.choria.registration.file_content.target 633 634 * **Type:** string 635 636 NATS Subject to publish registration data to 637 638 ### plugin.choria.registration.inventory_content.compression 639 640 * **Type:** boolean 641 * **Default Value:** true 642 643 Enables gzip compression of registration data 644 645 ### plugin.choria.registration.inventory_content.target 646 647 * **Type:** string 648 649 NATS Subject to publish registration data to 650 651 ### plugin.choria.require_client_filter 652 653 * **Type:** boolean 654 * **Default Value:** false 655 656 If a client filter should always be required, only used in Go clients 657 658 ### plugin.choria.security.certname_whitelist 659 660 * **Type:** comma_split 661 * **Default Value:** \.mcollective$,\.choria$ 662 663 Patterns of certificate names that are allowed to be clients 664 665 ### plugin.choria.security.privileged_users 666 667 * **Type:** comma_split 668 * **Additional Information:** https://choria.io/docs/configuration/aaa/ 669 * **Default Value:** \.privileged.mcollective$,\.privileged.choria$ 670 671 Patterns of certificate names that would be considered privileged and able to set custom callers 672 673 ### plugin.choria.security.request_signer.seed_file 674 675 * **Type:** path_string 676 * **Additional Information:** https://github.com/choria-io/aaasvc 677 678 Path to the seed file used to access a Central Authenticator 679 680 ### plugin.choria.security.request_signer.service 681 682 * **Type:** boolean 683 * **Additional Information:** https://choria-io.github.io/aaasvc/ 684 685 Enables signing requests via Choria RPC requests 686 687 ### plugin.choria.security.request_signer.token_file 688 689 * **Type:** path_string 690 * **Additional Information:** https://github.com/choria-io/aaasvc 691 692 Path to the token used to access a Central Authenticator 693 694 ### plugin.choria.security.request_signer.url 695 696 * **Type:** string 697 * **Additional Information:** https://choria-io.github.io/aaasvc/ 698 699 URL to the Signing Service 700 701 ### plugin.choria.security.server.seed_file 702 703 * **Type:** path_string 704 705 The server token seed to use for authentication, defaults to server.seed in the same location as server.conf 706 707 ### plugin.choria.security.server.token_file 708 709 * **Type:** path_string 710 711 The server token file to use for authentication, defaults to serer.jwt in the same location as server.conf 712 713 ### plugin.choria.server.provision 714 715 * **Type:** boolean 716 * **Additional Information:** https://choria-io.github.io/provisioner/ 717 * **Default Value:** false 718 719 Specifically enable or disable provisioning 720 721 ### plugin.choria.server.provision.allow_update 722 723 * **Type:** boolean 724 * **Additional Information:** https://choria-io.github.io/provisioner/ 725 * **Default Value:** false 726 727 Allows the provisioner to perform in-place version updates 728 729 ### plugin.choria.services.registry.cache 730 731 * **Type:** path_string 732 * **Environment Variable:** CHORIA_REGISTRY 733 734 Directory where the Registry client stores DDLs found in the registry 735 736 ### plugin.choria.services.registry.store 737 738 * **Type:** path_string 739 740 Directory where the Registry service finds DDLs to read 741 742 ### plugin.choria.srv_domain 743 744 * **Type:** string 745 * **Additional Information:** https://choria.io/docs/deployment/dns/ 746 * **Environment Variable:** CHORIA_SRV_DOMAIN 747 748 The domain to use for SRV records, defaults to the domain the server FQDN is in 749 750 ### plugin.choria.ssldir 751 752 * **Type:** path_string 753 754 The SSL directory, auto detected via Puppet, when specifically set Puppet will not be consulted 755 756 ### plugin.choria.stats_address 757 758 * **Type:** string 759 * **Default Value:** 127.0.0.1 760 761 The address to listen on for statistics 762 763 ### plugin.choria.stats_port 764 765 * **Type:** integer 766 * **Default Value:** 0 767 768 The port to listen on for HTTP requests for statistics, setting to 0 disables it 769 770 ### plugin.choria.status_file_path 771 772 * **Type:** path_string 773 774 Path to a JSON file to write server health information to regularly 775 776 ### plugin.choria.status_update_interval 777 778 * **Type:** integer 779 * **Default Value:** 30 780 781 How frequently to write to the status_file_path 782 783 ### plugin.choria.submission.max_spool_size 784 785 * **Type:** integer 786 * **Default Value:** 500 787 788 Maximum amount of messages allowed into each priority 789 790 ### plugin.choria.submission.spool 791 792 * **Type:** path_string 793 794 Path to a directory holding messages to submit to the middleware 795 796 ### plugin.choria.use_srv 797 798 * **Type:** boolean 799 * **Additional Information:** https://choria.io/docs/deployment/dns/ 800 * **Default Value:** true 801 802 If SRV record lookups should be attempted to find Puppet, PuppetDB, Brokers etc 803 804 ### plugin.login.aaasvc.login.url 805 806 * **Type:** comma_split 807 * **Additional Information:** https://choria-io.github.io/aaasvc/ 808 809 List of URLs to attempt to login against when the remote signer is enabled 810 811 ### plugin.machines.bucket 812 813 * **Type:** string 814 * **Default Value:** CHORIA_PLUGINS 815 816 The KV bucket to query for plugins to install 817 818 ### plugin.machines.check_interval 819 820 * **Type:** string 821 * **Default Value:** 30s 822 823 How frequently to integrity check deployed autonomous agents 824 825 ### plugin.machines.download 826 827 * **Type:** boolean 828 829 Activate run-time installation of Autonomous Agents 830 831 ### plugin.machines.key 832 833 * **Type:** string 834 * **Default Value:** machines 835 836 The Key to query in KV bucket for plugins to install 837 838 ### plugin.machines.poll_interval 839 840 * **Type:** string 841 * **Default Value:** 1m 842 843 How frequently to poll the KV bucket for updates 844 845 ### plugin.machines.purge 846 847 * **Type:** boolean 848 * **Default Value:** true 849 850 Purge autonomous agents installed using other methods 851 852 ### plugin.machines.signing_key 853 854 * **Type:** string 855 856 The public key to validate the plugins manifest with 857 858 ### plugin.nats.credentials 859 860 * **Type:** string 861 * **Environment Variable:** MCOLLECTIVE_NATS_CREDENTIALS 862 863 The NATS 2.0 credentials to use, required for accessing NGS 864 865 ### plugin.nats.pass 866 867 * **Type:** string 868 * **Environment Variable:** MCOLLECTIVE_NATS_PASSWORD 869 870 The password to use when connecting to the NATS server 871 872 ### plugin.nats.user 873 874 * **Type:** string 875 * **Environment Variable:** MCOLLECTIVE_NATS_USERNAME 876 877 The user to connect to the NATS server as. When unset no username is used. 878 879 ### plugin.rpcaudit.logfile 880 881 * **Type:** path_string 882 883 Path to the RPC audit log 884 885 ### plugin.rpcaudit.logfile.group 886 887 * **Type:** string 888 889 User group to set file ownership to 890 891 ### plugin.rpcaudit.logfile.mode 892 893 * **Type:** string 894 * **Default Value:** 0600 895 896 File mode to apply to the file 897 898 ### plugin.scout.agent_disabled 899 900 * **Type:** boolean 901 902 Disables the scout agent 903 904 ### plugin.scout.goss.denied_local_resources 905 906 * **Type:** comma_split 907 908 List of resource types to deny for Goss manifests loaded from local disk 909 910 ### plugin.scout.goss.denied_remote_resources 911 912 * **Type:** comma_split 913 * **Default Value:** command 914 915 List of resource types to deny when Goss manifests or variables were received over rpc 916 917 ### plugin.scout.overrides 918 919 * **Type:** path_string 920 921 Path to a file holding overrides for Scout checks 922 923 ### plugin.scout.tags 924 925 * **Type:** path_string 926 927 Path to a file holding tags for a Scout entity 928 929 ### plugin.security.certmanager.alt_names 930 931 * **Type:** comma_split 932 933 when using Cert Manager security provider, add these additional names to the CSR 934 935 ### plugin.security.certmanager.api_version 936 937 * **Type:** string 938 * **Default Value:** v1 939 940 the API version to call in cert manager 941 942 ### plugin.security.certmanager.issuer 943 944 * **Type:** string 945 946 When using Cert Manager security provider, the name of the issuer 947 948 ### plugin.security.certmanager.namespace 949 950 * **Type:** string 951 * **Default Value:** choria 952 953 When using Cert Manager security provider, the namespace the issuer is in 954 955 ### plugin.security.certmanager.replace 956 957 * **Type:** boolean 958 * **Default Value:** true 959 960 when using Cert Manager security provider, replace existing CSRs with new ones 961 962 ### plugin.security.choria.ca 963 964 * **Type:** path_string 965 966 When using choria security provider, the path to the optional Certificate Authority public certificate 967 968 ### plugin.security.choria.certificate 969 970 * **Type:** path_string 971 972 When using choria security provider, the path to the optional public certificate 973 974 ### plugin.security.choria.key 975 976 * **Type:** path_string 977 978 When using choria security provider, the path to the optional private key 979 980 ### plugin.security.choria.seed_file 981 982 * **Type:** path_string 983 984 The path to the seed file 985 986 ### plugin.security.choria.sign_replies 987 988 * **Type:** boolean 989 * **Default Value:** true 990 991 Disables signing replies which would significantly trim down the size of replies but would remove the ability to verify signatures or verify message origin 992 993 ### plugin.security.choria.token_file 994 995 * **Type:** path_string 996 997 The path to the JWT token file 998 999 ### plugin.security.choria.trusted_signers 1000 1001 * **Type:** comma_split 1002 1003 Ed25119 public keys of entities allowed to sign client and server JWT tokens in hex encoded format 1004 1005 ### plugin.security.cipher_suites 1006 1007 * **Type:** comma_split 1008 1009 List of allowed cipher suites 1010 1011 ### plugin.security.client_anon_tls 1012 1013 * **Type:** boolean 1014 * **Default Value:** false 1015 1016 Use anonymous TLS to the Choria brokers from a client, also disables security provider verification - only when a remote signer is set 1017 1018 ### plugin.security.ecc_curves 1019 1020 * **Type:** comma_split 1021 1022 List of allowed ECC curves 1023 1024 ### plugin.security.file.ca 1025 1026 * **Type:** path_string 1027 1028 When using file security provider, the path to the Certificate Authority public certificate 1029 1030 ### plugin.security.file.certificate 1031 1032 * **Type:** path_string 1033 1034 When using file security provider, the path to the public certificate 1035 1036 ### plugin.security.file.key 1037 1038 * **Type:** path_string 1039 1040 When using file security provider, the path to the private key 1041 1042 ### plugin.security.issuer.names 1043 1044 * **Type:** comma_split 1045 1046 List of names of valid issuers this server will accept, set indvidiaul issuer data using plugin.security.issuer.<name>.public 1047 1048 ### plugin.security.pkcs11.driver_file 1049 1050 * **Type:** path_string 1051 * **Additional Information:** https://choria.io/blog/post/2019/09/09/pkcs11/ 1052 1053 When using the pkcs11 security provider, the path to the PCS11 driver file 1054 1055 ### plugin.security.pkcs11.slot 1056 1057 * **Type:** integer 1058 * **Additional Information:** https://choria.io/blog/post/2019/09/09/pkcs11/ 1059 1060 When using the pkcs11 security provider, the slot to use in the device 1061 1062 ### plugin.security.provider 1063 1064 * **Type:** string 1065 * **Validation:** enum=puppet,file,pkcs11,certmanager,choria 1066 * **Default Value:** puppet 1067 1068 The Security Provider to use 1069 1070 ### plugin.security.server_anon_tls 1071 1072 * **Type:** boolean 1073 * **Default Value:** false 1074 1075 Use anonymous TLS to the Choria brokers from a server 1076 1077 ### plugin.security.support_legacy_certificates 1078 1079 * **Type:** boolean 1080 * **Default Value:** false 1081 1082 Allow certificates without SANs to be used 1083 1084 ### plugin.yaml 1085 1086 * **Type:** path_string 1087 1088 Where to look for YAML or JSON based facts 1089 1090 ### registerinterval 1091 1092 * **Type:** integer 1093 * **Default Value:** 300 1094 1095 How often to publish registration data 1096 1097 ### registration 1098 1099 * **Type:** comma_split 1100 1101 The plugins used when publishing Registration data, when this is unset or empty sending registration data is disabled 1102 1103 ### registration_collective 1104 1105 * **Type:** string 1106 1107 The Sub Collective to publish registration data to 1108 1109 ### registration_splay 1110 1111 * **Type:** boolean 1112 * **Default Value:** true 1113 1114 When true delays initial registration publish by a random period up to registerinterval following registration publishes will be at registerinterval without further splay 1115 1116 ### rpcaudit 1117 1118 * **Type:** boolean 1119 * **Additional Information:** https://choria.io/docs/configuration/aaa/ 1120 * **Default Value:** false 1121 1122 When enabled uses rpcauditprovider to audit RPC requests processed by the server 1123 1124 ### rpcauthorization 1125 1126 * **Type:** boolean 1127 * **Additional Information:** https://choria.io/docs/configuration/aaa/ 1128 * **Default Value:** true 1129 1130 When enables authorization is performed on every RPC request based on rpcauthprovider 1131 1132 ### rpcauthprovider 1133 1134 * **Type:** title_string 1135 * **Additional Information:** https://choria.io/docs/configuration/aaa/ 1136 * **Default Value:** action_policy 1137 1138 The Authorization system to use 1139 1140 ### rpclimitmethod 1141 1142 * **Type:** string 1143 * **Validation:** enum=first,random 1144 * **Default Value:** first 1145 1146 When limiting nodes to a subset of discovered nodes this is the method to use, random is influenced by 1147 1148 ### soft_shutdown_timeout 1149 1150 * **Type:** integer 1151 * **Default Value:** 2 1152 1153 The amount of time to allow the server to exit, after this memory and thread dumps will be performed and a force exit will be done 1154 1155 ### ttl 1156 1157 * **Type:** integer 1158 * **Default Value:** 60 1159 1160 How long published messages are allowed to linger on the network, lower numbers have a higher reliance on clocks being in sync 1161