Documentation ¶
Index ¶
- func DNSFQDN() (string, error)
- func Mutate(c *Config, log *logrus.Entry)
- func MutatorNames() []string
- func RegisterMutator(name string, m Mutator)
- type BuildInfoProvider
- type ChoriaPluginConfig
- type Config
- func (c *Config) ApplyBuildSettings(b BuildInfoProvider)
- func (c *Config) ConfigKeys(re string) (found []string, err error)
- func (c *Config) DocForConfigKey(k string) *confkey.Doc
- func (c *Config) HasOption(option string) bool
- func (c *Config) Option(option string, deflt string) string
- func (c *Config) SetOption(option string, value string)
- type Mutator
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func MutatorNames ¶
func MutatorNames() []string
MutatorNames are the names of known configuration mutators
func RegisterMutator ¶
RegisterMutator registers a new configuration mutator
Types ¶
type BuildInfoProvider ¶
type BuildInfoProvider interface {
HasTLS() bool
}
BuildInfoProvider provides build time information
type ChoriaPluginConfig ¶
type ChoriaPluginConfig struct { PuppetServerHost string `confkey:"plugin.choria.puppetserver_host" default:"puppet"` // The hostname where your Puppet Server can be found PuppetServerPort int `confkey:"plugin.choria.puppetserver_port" default:"8140"` // The port your Puppet Server listens on PuppetCAHost string `confkey:"plugin.choria.puppetca_host" default:"puppet"` // The hostname where your Puppet Certificate Authority can be found PuppetCAPort int `confkey:"plugin.choria.puppetca_port" default:"8140"` // The port your Puppet Certificate Authority listens on PuppetDBHost string `confkey:"plugin.choria.puppetdb_host" default:"puppet"` // The host hosting your PuppetDB, used by the "choria" discovery plugin PuppetDBPort int `confkey:"plugin.choria.puppetdb_port" default:"8081"` // The port your PuppetDB listens on UseSRVRecords bool `confkey:"plugin.choria.use_srv" default:"true" url:"https://choria.io/docs/deployment/dns/"` // If SRV record lookups should be attempted to find Puppet, PuppetDB, Brokers etc SRVDomain string `confkey:"plugin.choria.srv_domain" url:"https://choria.io/docs/deployment/dns/"` // The domain to use for SRV records, defaults to the domain the server FQDN is in Provision bool `confkey:"plugin.choria.server.provision" default:"false" url:"https://github.com/choria-io/provisioning-agent"` // Specifically enable or disable provisioning // discovery proxy DiscoveryHost string `confkey:"plugin.choria.discovery_host" default:"puppet" deprecated:"1"` DiscoveryPort int `confkey:"plugin.choria.discovery_port" default:"8085" deprecated:"1"` DiscoveryProxy bool `confkey:"plugin.choria.discovery_proxy" default:"false" deprecated:"1"` FederationCollectives []string `` // List of known remote collectives accessible via Federation Brokers /* 142-byte string literal not displayed */ FederationMiddlewareHosts []string `confkey:"plugin.choria.federation_middleware_hosts" type:"comma_split" url:"https://choria.io/docs/federation/"` // Middleware brokers used by the Federation Broker, if unset uses SRV FederationCluster string `confkey:"plugin.choria.federation.cluster" default:"mcollective" url:"https://choria.io/docs/federation/"` // The cluster name a Federation Broker serves StatsListenAddress string `confkey:"plugin.choria.stats_address" default:"127.0.0.1"` // The address to listen on for statistics StatsPort int `confkey:"plugin.choria.stats_port" default:"0"` // The port to listen on for HTTP requests for statistics, setting to 0 disables it LegacyLifeCycleFormat bool `confkey:"plugin.choria.legacy_lifecycle_format" default:"0"` // When enabled will publish lifecycle events in the legacy format, else Cloud Events format is used NatsUser string `confkey:"plugin.nats.user" environment:"MCOLLECTIVE_NATS_USERNAME"` // The user to connect to the NATS server as. When unset no username is used. NatsPass string `confkey:"plugin.nats.pass" environment:"MCOLLECTIVE_NATS_PASSWORD"` // The password to use when connecting to the NATS server NatsCredentials string `confkey:"plugin.nats.credentials" environment:"MCOLLECTIVE_NATS_CREDENTIALS"` // The NATS 2.0 credentials to use, required for accessing NGS NatsNGS bool `confkey:"plugin.nats.ngs" environment:"MCOLLECTIVE_NATS_NGS"` // Uses NATS NGS global managed network as middleware, overrides broker names to "connect.ngs.global" MiddlewareHosts []string `confkey:"plugin.choria.middleware_hosts" type:"comma_split"` // Set specific middleware hosts in the format host:port, if unset uses SRV RandomizeMiddlewareHosts bool `confkey:"plugin.choria.randomize_middleware_hosts" default:"true"` // Shuffle middleware hosts before connecting to spread traffic of initial connections NetworkListenAddress string `confkey:"plugin.choria.network.listen_address" default:"::" url:"https://choria.io/docs/deployment/broker/"` // Address the Network Broker will listen on NetworkClientPort int `confkey:"plugin.choria.network.client_port" default:"4222" url:"https://choria.io/docs/deployment/broker/"` // Port the Network Broker will accept client connections on NetworkClientTLSForce bool `confkey:"plugin.choria.network.client_tls_force_required"` // Force requiring/not requiring TLS for all clients NetworkClientTLSAnon bool `confkey:"plugin.choria.network.client_anon_tls"` // Use anonymous TLS for client connections (disables verification) NetworkPeerPort int `confkey:"plugin.choria.network.peer_port" default:"5222" url:"https://choria.io/docs/deployment/broker/"` // Port used to communicate with other local cluster peers NetworkPeerUser string `confkey:"plugin.choria.network.peer_user"` // Username to use when connecting to cluster peers NetworkPeerPassword string `confkey:"plugin.choria.network.peer_password"` // Password to use when connecting to cluster peers NetworkPeers []string `confkey:"plugin.choria.network.peers" type:"comma_split" url:"https://choria.io/docs/deployment/broker/"` // List of cluster peers in host:port format NetworkLeafPort int `confkey:"plugin.choria.network.leafnode_port" default:"0"` // Port to listen on for Leafnode connections, disabled with 0 NetworkLeafRemotes []string `confkey:"plugin.choria.network.leafnode_remotes" type:"comma_split"` // Remote networks to connect to as a Leafnode NetworkGatewayPort int `confkey:"plugin.choria.network.gateway_port" default:"0"` // Port to listen on for Super Cluster connections NetworkGatewayName string `confkey:"plugin.choria.network.gateway_name" default:"CHORIA"` // Name for the Super Cluster NetworkGatewayRemotes []string `confkey:"plugin.choria.network.gateway_remotes" type:"comma_split"` // List of remote Super Clusters to connect to NetworkWriteDeadline time.Duration `confkey:"plugin.choria.network.write_deadline" type:"duration" default:"10s"` // How long to allow clients to process traffic before treating them as slow, increase this on large networks or slow networks NetworkAllowedClientHosts []string `confkey:"plugin.choria.network.client_hosts" type:"comma_split"` // CIDRs to limit client connections from, appropriate ACLs are added based on this NetworkDenyServers bool `confkey:"plugin.choria.network.deny_server_connections"` // Set ACLs denying server connections to this broker NetworkAccountOperator string `confkey:"plugin.choria.network.operator_account"` // NATS 2.0 Operator account NetworkSystemAccount string `confkey:"plugin.choria.network.system_account"` // NATS 2.0 System Account NetworkTLSTimeout int `confkey:"plugin.choria.network.tls_timeout" default:"2"` // Time to allow for TLS connections to establish, increase on slow or very large networks NetworkClientAdvertiseName string `confkey:"plugin.choria.network.public_url"` // Name to advertise to clients, useful when fronted by a proxy NetworkStreamStore string `confkey:"plugin.choria.network.stream.store" type:"path_string"` // Enables Streaming data persistence stored in this path NetworkEventStoreDuration time.Duration `confkey:"plugin.choria.network.stream.event_retention" type:"duration" default:"24h"` // When not zero enables retaining Lifecycle events in the Stream Store NetworkMachineStoreDuration time.Duration `confkey:"plugin.choria.network.stream.machine_retention" type:"duration" default:"24h"` // When not zero enables retaining Autonomous Agent events in the Stream Store NetworkStreamAdvisoryDuration time.Duration `confkey:"plugin.choria.network.stream.advisory_retention" type:"duration" default:"168h"` // When not zero enables retaining Stream advisories in the Stream Store BrokerNetwork bool `confkey:"plugin.choria.broker_network" default:"false" url:"https://choria.io/docs/deployment/broker/"` // Enables the Network Broker BrokerDiscovery bool `confkey:"plugin.choria.broker_discovery" default:"false" deprecated:"1"` BrokerFederation bool `confkey:"plugin.choria.broker_federation" default:"false" url:"https://choria.io/docs/federation/"` // Enables the Federation Broker FileContentRegistrationData string `confkey:"plugin.choria.registration.file_content.data" default:""` // YAML or JSON file to use as data source for registration FileContentRegistrationTarget string `confkey:"plugin.choria.registration.file_content.target" default:""` // NATS Subject to publish registration data to FileContentCompression bool `confkey:"plugin.choria.registration.file_content.compression" default:"true"` // Enables gzip compression of registration data RubyAgentShim string `confkey:"plugin.choria.agent_provider.mcorpc.agent_shim"` // Path to the helper used to call MCollective Ruby agents RubyAgentConfig string `confkey:"plugin.choria.agent_provider.mcorpc.config"` // Path to the MCollective configuration file used when running MCollective Ruby agents RubyLibdir []string `confkey:"plugin.choria.agent_provider.mcorpc.libdir" type:"path_split"` // Path to the libdir MCollective Ruby agents should have SSLDir string `confkey:"plugin.choria.ssldir" type:"path_string"` // The SSL directory, auto detected via Puppet, when specifically set Puppet will not be consulted PrivilegedUsers []string `` // Patterns of certificate names that would be considered privileged and able to set custom callers /* 175-byte string literal not displayed */ CertnameWhitelist []string `confkey:"plugin.choria.security.certname_whitelist" type:"comma_split" default:"\\.mcollective$,\\.choria$"` // Patterns of certificate names that are allowed to be clients Serializer string `confkey:"plugin.choria.security.serializer" validate:"enum=json,yaml" default:"json" deprecated:"1"` SecurityProvider string `confkey:"plugin.security.provider" default:"puppet" validate:"enum=puppet,file,pkcs11,certmanager"` // The Security Provider to use SecurityAlwaysOverwriteCache bool `confkey:"plugin.security.always_overwrite_cache" default:"false"` // Always store new Public Keys to the cache overwriting existing ones RemoteSignerTokenFile string `confkey:"plugin.choria.security.request_signer.token_file" type:"path_string" url:"https://github.com/choria-io/aaasvc"` // Path to the token used to access a Central Authenticator RemoteSignerTokenEnvironment string `confkey:"plugin.choria.security.request_signer.token_environment" url:"https://github.com/choria-io/aaasvc"` // Environment variable to store Central Authenticator tokens RemoteSignerSigningCert string `confkey:"plugin.choria.security.request_signing_certificate"` // The public certificate of the key used to sign the JWTs in the Signing Service RemoteSignerURL string `confkey:"plugin.choria.security.request_signer.url" url:"https://github.com/choria-io/aaasvc"` // URL to the Signing Service ClientAnonTLS bool `confkey:"plugin.security.client_anon_tls" default:"false"` // Use anonymous TLS to the Choria brokers from a client, also disables security provider verification - only when a remote signer is set FileSecurityCertificate string `confkey:"plugin.security.file.certificate" type:"path_string"` // When using file security provider, the path to the public certificate FileSecurityKey string `confkey:"plugin.security.file.key" type:"path_string"` // When using file security provider, the path to the private key FileSecurityCA string `confkey:"plugin.security.file.ca" type:"path_string"` // When using file security provider, the path to the Certificate Authority public certificate FileSecurityCache string `confkey:"plugin.security.file.cache" type:"path_string"` // When using file security provider, the path to the client cache CertManagerSecurityNamespace string `confkey:"plugin.security.certmanager.namespace" default:"choria"` // When using Cert Manager security provider, the namespace the issuer is in CertManagerSecurityIssuer string `confkey:"plugin.security.certmanager.issuer"` // When using Cert Manager security provider, the name of the issuer CertManagerSecurityReplaceCSR bool `confkey:"plugin.security.certmanager.replace" default:"true"` // when using Cert Manager security provider, replace existing CSRs with new ones CertManagerSecurityAltNames []string `confkey:"plugin.security.certmanager.alt_names" type:"comma_split"` // when using Cert Manager security provider, add these additional names to the CSR CipherSuites []string `confkey:"plugin.security.cipher_suites" type:"comma_split"` // List of allowed cipher suites ECCCurves []string `confkey:"plugin.security.ecc_curves" type:"comma_split"` // List of allowed ECC curves PKCS11DriverFile string `confkey:"plugin.security.pkcs11.driver_file" type:"path_string" url:"https://choria.io/blog/post/2019/09/09/pkcs11/"` // When using the pkcs11 security provider, the path to the PCS11 driver file PKCS11Slot int `confkey:"plugin.security.pkcs11.slot" url:"https://choria.io/blog/post/2019/09/09/pkcs11/"` // When using the pkcs11 security provider, the slot to use in the device Adapters []string `confkey:"plugin.choria.adapters" type:"comma_split" url:"https://choria.io/docs/adapters/"` // The list of Data Adapters to activate StatusFilePath string `confkey:"plugin.choria.status_file_path" type:"path_string"` // Path to a JSON file to write server health information to regularly StatusUpdateSeconds int `confkey:"plugin.choria.status_update_interval" default:"30"` // How frequently to write to the status_file_path MachineSourceDir string `confkey:"plugin.choria.machine.store" url:"https://choria.io/docs/autoagents/"` // Directory where Autonomous Agents are stored PrometheusTextFileDir string `confkey:"plugin.choria.prometheus_textfile_directory" type:"path_string"` // Directory where Prometheus Node Exporter textfile collector reads data ScoutOverrides string `confkey:"plugin.scout.overrides" type:"path_string"` // Path to a file holding overrides for Scout checks ScoutTags string `confkey:"plugin.scout.tags" type:"path_string"` // Path to a file holding tags for a Scout entity RequireClientFilter bool `confkey:"plugin.choria.require_client_filter" default:"false"` // If a client filter should always be required, only used in Go clients }
ChoriaPluginConfig settings
NOTE: When adding or updating doc strings please run `go generate` in the root of the repository
type Config ¶
type Config struct { // The plugins used when publishing Registration data, when this is unset or empty sending registration data is disabled Registration []string `confkey:"registration" type:"comma_split"` // The Sub Collective to publish registration data to RegistrationCollective string `confkey:"registration_collective"` // How often to publish registration data RegisterInterval int `confkey:"registerinterval" default:"300"` // When true delays initial registration publish by a random period up to registerinterval following registration publishes will be at registerinterval without further splay RegistrationSplay bool `confkey:"registration_splay" default:"false"` // The list of known Sub Collectives this node will join or communicate with, Servers will subscribe the node and each agent to each sub collective and Clients will publish to a chosen sub collective Collectives []string `confkey:"collectives" type:"comma_split" default:"mcollective"` // The Sub Collective where a Client will publish to when no specific Sub Collective is configured MainCollective string `confkey:"main_collective"` // The file to write logs to, when set to an empty string logging will be to the console LogFile string `confkey:"logfile" type:"path_string"` // The lowest level log to add to the logfile LogLevel string `confkey:"loglevel" default:"info" validate:"enum=debug,info,warn,error,fatal"` // The directory where Agents, DDLs and other plugins are found LibDir []string `confkey:"libdir" type:"path_split"` // The identity this machine is known as, when empty it's derived based on the operating system hostname or by calling facter fqdn Identity string `confkey:"identity"` // Enables the direct-to-node communications pattern, unused in the Go clients DirectAddressing bool `confkey:"direct_addressing" default:"true"` // Disables or enable CLI color, not well supported in Go based code Color bool `confkey:"color" default:"true"` // Used to select the security provider in Ruby clients, only sensible value is "choria" SecurityProvider string `confkey:"securityprovider" default:"choria" type:"title_string" deprecated:"1"` // Configures the network connector to use, only sensible value is "nats", unused in Go based code Connector string `confkey:"connector" default:"nats" type:"title_string"` // Path to a file listing configuration classes applied to a node, used in matches using Class filters ClassesFile string `confkey:"classesfile" default:"/opt/puppetlabs/puppet/cache/state/classes.txt" type:"path_string"` // How long to wait for responses while doing broadcast discovery DiscoveryTimeout int `confkey:"discovery_timeout" default:"2"` // Ruby clients use this to determine how long they will allow when publishing requests PublishTimeout int `confkey:"publish_timeout" default:"2"` // Ruby clients use this to determine how long they will try to connect, fails after timeout ConnectionTimeout int `confkey:"connection_timeout"` // When enabled uses rpcauditprovider to audit RPC requests processed by the server RPCAudit bool `confkey:"rpcaudit" default:"false" url:"https://choria.io/docs/configuration/aaa/"` // The audit provider to use, unused at present as there is only a "choria" one RPCAuditProvider string `confkey:"rpcauditprovider" type:"title_string" url:"https://choria.io/docs/configuration/aaa/"` // When enables authorization is performed on every RPC request based on rpcauthprovider RPCAuthorization bool `confkey:"rpcauthorization" default:"false" url:"https://choria.io/docs/configuration/aaa/"` // The Authorization system to use RPCAuthorizationProvider string `confkey:"rpcauthprovider" type:"title_string" default:"action_policy" url:"https://choria.io/docs/configuration/aaa/"` // When limiting nodes to a subset of discovered nodes this is the method to use, random is influenced by RPCLimitMethod string `confkey:"rpclimitmethod" default:"first" validate:"enum=first,random"` // The type of logging to use, unused in Go based programs LoggerType string `confkey:"logger_type" default:"file" validate:"enum=console,file,syslog"` // Enables multi threaded mode in the Ruby client, generally a bad idea Threaded bool `confkey:"threaded" default:"false"` // How long published messages are allowed to linger on the network, lower numbers have a higher reliance on clocks being in sync TTL int `confkey:"ttl" default:"60"` // Configurable options to always pass to the discovery subsystem DefaultDiscoveryOptions []string `confkey:"default_discovery_options"` // The default discovery plugin to use. The default "mc" uses a network broadcast and "choria" uses PuppetDB DefaultDiscoveryMethod string `confkey:"default_discovery_method" default:"mc"` // Where to look for YAML or JSON based facts FactSourceFile string `confkey:"plugin.yaml" default:"/etc/puppetlabs/mcollective/generated-facts.yaml" type:"path_string"` ActivateAgents bool `confkey:"activate_agents" default:"true" deprecated:"1"` Daemonize bool `confkey:"daemonize" default:"false" deprecated:"1"` DirectAddressingThreshold int `confkey:"direct_addressing_threshold" default:"10" deprecated:"1"` FactCacheTime int `confkey:"fact_cache_time" default:"300" deprecated:"1"` FactSource string `confkey:"factsource" default:"yaml" deprecated:"1"` KeepLogs int `confkey:"keeplogs" default:"5" deprecated:"1"` LogFacility string `confkey:"logfacility" default:"user" deprecated:"1"` MaxLogSize int `confkey:"max_log_size" default:"2097152" deprecated:"1"` SoftShutdown bool `confkey:"soft_shutdown" default:"true" deprecated:"1"` SoftShutdownTimeout int `confkey:"soft_shutdown_timeout" default:"2" deprecated:"1"` ConfigFile string Choria *ChoriaPluginConfig // DisableSecurityProviderVerify skips calling security provider Validate() DisableSecurityProviderVerify bool // DisableTLS turns off TLS and skips calling security provider Validate() DisableTLS bool // DisableTLSVerify turns off CA validation etc in TLS connections DisableTLSVerify bool // OverrideCertname sets a arbitrary certname and short circuits calling Puppet etc // this is mainly used by tests to adjust the certname on the fly OverrideCertname string // InitiatedByServer indicates to the framework that certain server specific // initialization steps - like Provisioning mode - should be performed. InitiatedByServer bool // Puppet provides access to puppet config data, settings and facts Puppet *puppet.Wrapper // CacheBatchedTransports should be true when a agent provider does batched // requests where effectively the same request can span many publishes often // long apart. The problem is that in these cases the security framework might // require frequent 2FA and users might be prompted for 2FA mid-batch. This // setting will hint to choria.Message to return the same transport message // repeatedly CacheBatchedTransports bool // contains filtered or unexported fields }
Config represents Choria configuration
NOTE: When adding or updating doc strings please run `go generate` in the root of the repository
func NewConfigForTests ¶
func NewConfigForTests() *Config
NewConfigForTests creates a configuration for use in testing tools
func NewDefaultConfig ¶
NewDefaultConfig creates a empty configuration
func (*Config) ApplyBuildSettings ¶
func (c *Config) ApplyBuildSettings(b BuildInfoProvider)
ApplyBuildSettings applies build time overrides to the configuration
func (*Config) ConfigKeys ¶
ConfigKeys retrieves all known configuration keys matching re
func (*Config) HasOption ¶
HasOption determines if a specific option was set from a config key. The option given would be something like `plugin.choria.use_srv` and true would indicate that it was set by config vs using defaults
func (*Config) Option ¶
Option retrieves the raw string representation of a given option from that was loaded from the configuration