config

package
v0.18.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 25, 2020 License: Apache-2.0 Imports: 18 Imported by: 6

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DNSFQDN

func DNSFQDN() (string, error)

DNSFQDN attempts to find the FQDN using DNS resolution

func Mutate

func Mutate(c *Config, log *logrus.Entry)

Mutate calls all registered mutators on the given configuration

func MutatorNames

func MutatorNames() []string

MutatorNames are the names of known configuration mutators

func RegisterMutator

func RegisterMutator(name string, m Mutator)

RegisterMutator registers a new configuration mutator

Types

type BuildInfoProvider

type BuildInfoProvider interface {
	HasTLS() bool
}

BuildInfoProvider provides build time information

type ChoriaPluginConfig

type ChoriaPluginConfig struct {
	PuppetServerHost string `confkey:"plugin.choria.puppetserver_host" default:"puppet"`                                                     // The hostname where your Puppet Server can be found
	PuppetServerPort int    `confkey:"plugin.choria.puppetserver_port" default:"8140"`                                                       // The port your Puppet Server listens on
	PuppetCAHost     string `confkey:"plugin.choria.puppetca_host" default:"puppet"`                                                         // The hostname where your Puppet Certificate Authority can be found
	PuppetCAPort     int    `confkey:"plugin.choria.puppetca_port" default:"8140"`                                                           // The port your Puppet Certificate Authority listens on
	PuppetDBHost     string `confkey:"plugin.choria.puppetdb_host" default:"puppet"`                                                         // The host hosting your PuppetDB, used by the "choria" discovery plugin
	PuppetDBPort     int    `confkey:"plugin.choria.puppetdb_port" default:"8081"`                                                           // The port your PuppetDB listens on
	UseSRVRecords    bool   `confkey:"plugin.choria.use_srv" default:"true" url:"https://choria.io/docs/deployment/dns/"`                    // If SRV record lookups should be attempted to find Puppet, PuppetDB, Brokers etc
	SRVDomain        string `confkey:"plugin.choria.srv_domain" url:"https://choria.io/docs/deployment/dns/"`                                // The domain to use for SRV records, defaults to the domain the server FQDN is in
	Provision        bool   `confkey:"plugin.choria.server.provision" default:"false" url:"https://github.com/choria-io/provisioning-agent"` // Specifically enable or disable provisioning

	// discovery proxy
	DiscoveryHost  string `confkey:"plugin.choria.discovery_host" default:"puppet" deprecated:"1"`
	DiscoveryPort  int    `confkey:"plugin.choria.discovery_port" default:"8085" deprecated:"1"`
	DiscoveryProxy bool   `confkey:"plugin.choria.discovery_proxy" default:"false" deprecated:"1"`

	FederationCollectives []string `` // List of known remote collectives accessible via Federation Brokers
	/* 142-byte string literal not displayed */
	FederationMiddlewareHosts []string `confkey:"plugin.choria.federation_middleware_hosts" type:"comma_split" url:"https://choria.io/docs/federation/"` // Middleware brokers used by the Federation Broker, if unset uses SRV
	FederationCluster         string   `confkey:"plugin.choria.federation.cluster" default:"mcollective" url:"https://choria.io/docs/federation/"`       // The cluster name a Federation Broker serves

	StatsListenAddress    string `confkey:"plugin.choria.stats_address" default:"127.0.0.1"`   // The address to listen on for statistics
	StatsPort             int    `confkey:"plugin.choria.stats_port" default:"0"`              // The port to listen on for HTTP requests for statistics, setting to 0 disables it
	LegacyLifeCycleFormat bool   `confkey:"plugin.choria.legacy_lifecycle_format" default:"0"` // When enabled will publish lifecycle events in the legacy format, else Cloud Events format is used

	NatsUser                 string   `confkey:"plugin.nats.user" environment:"MCOLLECTIVE_NATS_USERNAME"`           // The user to connect to the NATS server as. When unset no username is used.
	NatsPass                 string   `confkey:"plugin.nats.pass" environment:"MCOLLECTIVE_NATS_PASSWORD"`           // The password to use when connecting to the NATS server
	NatsCredentials          string   `confkey:"plugin.nats.credentials" environment:"MCOLLECTIVE_NATS_CREDENTIALS"` // The NATS 2.0 credentials to use, required for accessing NGS
	NatsNGS                  bool     `confkey:"plugin.nats.ngs" environment:"MCOLLECTIVE_NATS_NGS"`                 // Uses NATS NGS global managed network as middleware, overrides broker names to "connect.ngs.global"
	MiddlewareHosts          []string `confkey:"plugin.choria.middleware_hosts" type:"comma_split"`                  // Set specific middleware hosts in the format host:port, if unset uses SRV
	RandomizeMiddlewareHosts bool     `confkey:"plugin.choria.randomize_middleware_hosts" default:"true"`            // Shuffle middleware hosts before connecting to spread traffic of initial connections

	NetworkListenAddress          string        `confkey:"plugin.choria.network.listen_address" default:"::" url:"https://choria.io/docs/deployment/broker/"` // Address the Network Broker will listen on
	NetworkClientPort             int           `confkey:"plugin.choria.network.client_port" default:"4222" url:"https://choria.io/docs/deployment/broker/"`  // Port the Network Broker will accept client connections on
	NetworkClientTLSForce         bool          `confkey:"plugin.choria.network.client_tls_force_required"`                                                   // Force requiring/not requiring TLS for all clients
	NetworkClientTLSAnon          bool          `confkey:"plugin.choria.network.client_anon_tls"`                                                             // Use anonymous TLS for client connections (disables verification)
	NetworkPeerPort               int           `confkey:"plugin.choria.network.peer_port" default:"5222" url:"https://choria.io/docs/deployment/broker/"`    // Port used to communicate with other local cluster peers
	NetworkPeerUser               string        `confkey:"plugin.choria.network.peer_user"`                                                                   // Username to use when connecting to cluster peers
	NetworkPeerPassword           string        `confkey:"plugin.choria.network.peer_password"`                                                               // Password to use when connecting to cluster peers
	NetworkPeers                  []string      `confkey:"plugin.choria.network.peers" type:"comma_split" url:"https://choria.io/docs/deployment/broker/"`    // List of cluster peers in host:port format
	NetworkLeafPort               int           `confkey:"plugin.choria.network.leafnode_port" default:"0"`                                                   // Port to listen on for Leafnode connections, disabled with 0
	NetworkLeafRemotes            []string      `confkey:"plugin.choria.network.leafnode_remotes" type:"comma_split"`                                         // Remote networks to connect to as a Leafnode
	NetworkGatewayPort            int           `confkey:"plugin.choria.network.gateway_port" default:"0"`                                                    // Port to listen on for Super Cluster connections
	NetworkGatewayName            string        `confkey:"plugin.choria.network.gateway_name" default:"CHORIA"`                                               // Name for the Super Cluster
	NetworkGatewayRemotes         []string      `confkey:"plugin.choria.network.gateway_remotes" type:"comma_split"`                                          // List of remote Super Clusters to connect to
	NetworkWriteDeadline          time.Duration `confkey:"plugin.choria.network.write_deadline" type:"duration" default:"10s"`                                // How long to allow clients to process traffic before treating them as slow, increase this on large networks or slow networks
	NetworkAllowedClientHosts     []string      `confkey:"plugin.choria.network.client_hosts" type:"comma_split"`                                             // CIDRs to limit client connections from, appropriate ACLs are added based on this
	NetworkDenyServers            bool          `confkey:"plugin.choria.network.deny_server_connections"`                                                     // Set ACLs denying server connections to this broker
	NetworkAccountOperator        string        `confkey:"plugin.choria.network.operator_account"`                                                            // NATS 2.0 Operator account
	NetworkSystemAccount          string        `confkey:"plugin.choria.network.system_account"`                                                              // NATS 2.0 System Account
	NetworkTLSTimeout             int           `confkey:"plugin.choria.network.tls_timeout" default:"2"`                                                     // Time to allow for TLS connections to establish, increase on slow or very large networks
	NetworkClientAdvertiseName    string        `confkey:"plugin.choria.network.public_url"`                                                                  // Name to advertise to clients, useful when fronted by a proxy
	NetworkStreamStore            string        `confkey:"plugin.choria.network.stream.store" type:"path_string"`                                             // Enables Streaming data persistence stored in this path
	NetworkEventStoreDuration     time.Duration `confkey:"plugin.choria.network.stream.event_retention" type:"duration" default:"24h"`                        // When not zero enables retaining Lifecycle events in the Stream Store
	NetworkMachineStoreDuration   time.Duration `confkey:"plugin.choria.network.stream.machine_retention" type:"duration" default:"24h"`                      // When not zero enables retaining Autonomous Agent events in the Stream Store
	NetworkStreamAdvisoryDuration time.Duration `confkey:"plugin.choria.network.stream.advisory_retention" type:"duration" default:"168h"`                    // When not zero enables retaining Stream advisories in the Stream Store

	BrokerNetwork    bool `confkey:"plugin.choria.broker_network" default:"false" url:"https://choria.io/docs/deployment/broker/"` // Enables the Network Broker
	BrokerDiscovery  bool `confkey:"plugin.choria.broker_discovery" default:"false" deprecated:"1"`
	BrokerFederation bool `confkey:"plugin.choria.broker_federation" default:"false" url:"https://choria.io/docs/federation/"` // Enables the Federation Broker

	FileContentRegistrationData   string `confkey:"plugin.choria.registration.file_content.data" default:""`            // YAML or JSON file to use as data source for registration
	FileContentRegistrationTarget string `confkey:"plugin.choria.registration.file_content.target" default:""`          // NATS Subject to publish registration data to
	FileContentCompression        bool   `confkey:"plugin.choria.registration.file_content.compression" default:"true"` // Enables gzip compression of registration data

	RubyAgentShim   string   `confkey:"plugin.choria.agent_provider.mcorpc.agent_shim"`               // Path to the helper used to call MCollective Ruby agents
	RubyAgentConfig string   `confkey:"plugin.choria.agent_provider.mcorpc.config"`                   // Path to the MCollective configuration file used when running MCollective Ruby agents
	RubyLibdir      []string `confkey:"plugin.choria.agent_provider.mcorpc.libdir" type:"path_split"` // Path to the libdir MCollective Ruby agents should have

	SSLDir          string   `confkey:"plugin.choria.ssldir" type:"path_string"` // The SSL directory, auto detected via Puppet, when specifically set Puppet will not be consulted
	PrivilegedUsers []string ``                                                  // Patterns of certificate names that would be considered privileged and able to set custom callers
	/* 175-byte string literal not displayed */
	CertnameWhitelist            []string `confkey:"plugin.choria.security.certname_whitelist" type:"comma_split" default:"\\.mcollective$,\\.choria$"` // Patterns of certificate names that are allowed to be clients
	Serializer                   string   `confkey:"plugin.choria.security.serializer" validate:"enum=json,yaml" default:"json" deprecated:"1"`
	SecurityProvider             string   `confkey:"plugin.security.provider" default:"puppet" validate:"enum=puppet,file,pkcs11,certmanager"`                      // The Security Provider to use
	SecurityAlwaysOverwriteCache bool     `confkey:"plugin.security.always_overwrite_cache" default:"false"`                                                        // Always store new Public Keys to the cache overwriting existing ones
	RemoteSignerTokenFile        string   `confkey:"plugin.choria.security.request_signer.token_file" type:"path_string" url:"https://github.com/choria-io/aaasvc"` // Path to the token used to access a Central Authenticator
	RemoteSignerTokenEnvironment string   `confkey:"plugin.choria.security.request_signer.token_environment" url:"https://github.com/choria-io/aaasvc"`             // Environment variable to store Central Authenticator tokens
	RemoteSignerSigningCert      string   `confkey:"plugin.choria.security.request_signing_certificate"`                                                            // The public certificate of the key used to sign the JWTs in the Signing Service
	RemoteSignerURL              string   `confkey:"plugin.choria.security.request_signer.url" url:"https://github.com/choria-io/aaasvc"`                           // URL to the Signing Service
	ClientAnonTLS                bool     `confkey:"plugin.security.client_anon_tls" default:"false"`                                                               // Use anonymous TLS to the Choria brokers from a client, also disables security provider verification - only when a remote signer is set

	FileSecurityCertificate string `confkey:"plugin.security.file.certificate" type:"path_string"` // When using file security provider, the path to the public certificate
	FileSecurityKey         string `confkey:"plugin.security.file.key" type:"path_string"`         // When using file security provider, the path to the private key
	FileSecurityCA          string `confkey:"plugin.security.file.ca" type:"path_string"`          // When using file security provider, the path to the Certificate Authority public certificate
	FileSecurityCache       string `confkey:"plugin.security.file.cache" type:"path_string"`       // When using file security provider, the path to the client cache

	CertManagerSecurityNamespace  string   `confkey:"plugin.security.certmanager.namespace" default:"choria"`   // When using Cert Manager security provider, the namespace the issuer is in
	CertManagerSecurityIssuer     string   `confkey:"plugin.security.certmanager.issuer"`                       // When using Cert Manager security provider, the name of the issuer
	CertManagerSecurityReplaceCSR bool     `confkey:"plugin.security.certmanager.replace" default:"true"`       // when using Cert Manager security provider, replace existing CSRs with new ones
	CertManagerSecurityAltNames   []string `confkey:"plugin.security.certmanager.alt_names" type:"comma_split"` // when using Cert Manager security provider, add these additional names to the CSR

	CipherSuites []string `confkey:"plugin.security.cipher_suites" type:"comma_split"` // List of allowed cipher suites
	ECCCurves    []string `confkey:"plugin.security.ecc_curves" type:"comma_split"`    // List of allowed ECC curves

	PKCS11DriverFile string `confkey:"plugin.security.pkcs11.driver_file" type:"path_string" url:"https://choria.io/blog/post/2019/09/09/pkcs11/"` // When using the pkcs11 security provider, the path to the PCS11 driver file
	PKCS11Slot       int    `confkey:"plugin.security.pkcs11.slot" url:"https://choria.io/blog/post/2019/09/09/pkcs11/"`                           // When using the pkcs11 security provider, the slot to use in the device

	Adapters []string `confkey:"plugin.choria.adapters" type:"comma_split" url:"https://choria.io/docs/adapters/"` // The list of Data Adapters to activate

	StatusFilePath      string `confkey:"plugin.choria.status_file_path" type:"path_string"` // Path to a JSON file to write server health information to regularly
	StatusUpdateSeconds int    `confkey:"plugin.choria.status_update_interval" default:"30"` // How frequently to write to the status_file_path

	MachineSourceDir string `confkey:"plugin.choria.machine.store" url:"https://choria.io/docs/autoagents/"` // Directory where Autonomous Agents are stored

	PrometheusTextFileDir string `confkey:"plugin.choria.prometheus_textfile_directory" type:"path_string"` // Directory where Prometheus Node Exporter textfile collector reads data
	ScoutOverrides        string `confkey:"plugin.scout.overrides" type:"path_string"`                      // Path to a file holding overrides for Scout checks
	ScoutTags             string `confkey:"plugin.scout.tags" type:"path_string"`                           // Path to a file holding tags for a Scout entity

	RequireClientFilter bool `confkey:"plugin.choria.require_client_filter" default:"false"` // If a client filter should always be required, only used in Go clients
}

ChoriaPluginConfig settings

NOTE: When adding or updating doc strings please run `go generate` in the root of the repository

type Config

type Config struct {
	// The plugins used when publishing Registration data, when this is unset or empty sending registration data is disabled
	Registration []string `confkey:"registration" type:"comma_split"`

	// The Sub Collective to publish registration data to
	RegistrationCollective string `confkey:"registration_collective"`

	// How often to publish registration data
	RegisterInterval int `confkey:"registerinterval" default:"300"`

	// When true delays initial registration publish by a random period up to registerinterval following registration publishes will be at registerinterval without further splay
	RegistrationSplay bool `confkey:"registration_splay" default:"false"`

	// The list of known Sub Collectives this node will join or communicate with, Servers will subscribe the node and each agent to each sub collective and Clients will publish to a chosen sub collective
	Collectives []string `confkey:"collectives" type:"comma_split" default:"mcollective"`

	// The Sub Collective where a Client will publish to when no specific Sub Collective is configured
	MainCollective string `confkey:"main_collective"`

	// The file to write logs to, when set to an empty string logging will be to the console
	LogFile string `confkey:"logfile" type:"path_string"`

	// The lowest level log to add to the logfile
	LogLevel string `confkey:"loglevel" default:"info" validate:"enum=debug,info,warn,error,fatal"`

	// The directory where Agents, DDLs and other plugins are found
	LibDir []string `confkey:"libdir" type:"path_split"`

	// The identity this machine is known as, when empty it's derived based on the operating system hostname or by calling facter fqdn
	Identity string `confkey:"identity"`

	// Enables the direct-to-node communications pattern, unused in the Go clients
	DirectAddressing bool `confkey:"direct_addressing" default:"true"`

	// Disables or enable CLI color, not well supported in Go based code
	Color bool `confkey:"color" default:"true"`

	// Used to select the security provider in Ruby clients, only sensible value is "choria"
	SecurityProvider string `confkey:"securityprovider" default:"choria" type:"title_string" deprecated:"1"`

	// Configures the network connector to use, only sensible value is "nats", unused in Go based code
	Connector string `confkey:"connector" default:"nats" type:"title_string"`

	// Path to a file listing configuration classes applied to a node, used in matches using Class filters
	ClassesFile string `confkey:"classesfile" default:"/opt/puppetlabs/puppet/cache/state/classes.txt" type:"path_string"`

	// How long to wait for responses while doing broadcast discovery
	DiscoveryTimeout int `confkey:"discovery_timeout" default:"2"`

	// Ruby clients use this to determine how long they will allow when publishing requests
	PublishTimeout int `confkey:"publish_timeout" default:"2"`

	// Ruby clients use this to determine how long they will try to connect, fails after timeout
	ConnectionTimeout int `confkey:"connection_timeout"`

	// When enabled uses rpcauditprovider to audit RPC requests processed by the server
	RPCAudit bool `confkey:"rpcaudit" default:"false" url:"https://choria.io/docs/configuration/aaa/"`

	// The audit provider to use, unused at present as there is only a "choria" one
	RPCAuditProvider string `confkey:"rpcauditprovider" type:"title_string" url:"https://choria.io/docs/configuration/aaa/"`

	// When enables authorization is performed on every RPC request based on rpcauthprovider
	RPCAuthorization bool `confkey:"rpcauthorization" default:"false" url:"https://choria.io/docs/configuration/aaa/"`

	// The Authorization system to use
	RPCAuthorizationProvider string `confkey:"rpcauthprovider" type:"title_string" default:"action_policy" url:"https://choria.io/docs/configuration/aaa/"`

	// When limiting nodes to a subset of discovered nodes this is the method to use, random is influenced by
	RPCLimitMethod string `confkey:"rpclimitmethod" default:"first" validate:"enum=first,random"`

	// The type of logging to use, unused in Go based programs
	LoggerType string `confkey:"logger_type" default:"file" validate:"enum=console,file,syslog"`

	// Enables multi threaded mode in the Ruby client, generally a bad idea
	Threaded bool `confkey:"threaded" default:"false"`

	// How long published messages are allowed to linger on the network, lower numbers have a higher reliance on clocks being in sync
	TTL int `confkey:"ttl" default:"60"`

	// Configurable options to always pass to the discovery subsystem
	DefaultDiscoveryOptions []string `confkey:"default_discovery_options"`

	// The default discovery plugin to use. The default "mc" uses a network broadcast and "choria" uses PuppetDB
	DefaultDiscoveryMethod string `confkey:"default_discovery_method" default:"mc"`

	// Where to look for YAML or JSON based facts
	FactSourceFile string `confkey:"plugin.yaml" default:"/etc/puppetlabs/mcollective/generated-facts.yaml" type:"path_string"`

	ActivateAgents            bool   `confkey:"activate_agents" default:"true" deprecated:"1"`
	Daemonize                 bool   `confkey:"daemonize" default:"false" deprecated:"1"`
	DirectAddressingThreshold int    `confkey:"direct_addressing_threshold" default:"10" deprecated:"1"`
	FactCacheTime             int    `confkey:"fact_cache_time" default:"300" deprecated:"1"`
	FactSource                string `confkey:"factsource" default:"yaml" deprecated:"1"`
	KeepLogs                  int    `confkey:"keeplogs" default:"5" deprecated:"1"`
	LogFacility               string `confkey:"logfacility" default:"user" deprecated:"1"`
	MaxLogSize                int    `confkey:"max_log_size" default:"2097152" deprecated:"1"`
	SoftShutdown              bool   `confkey:"soft_shutdown" default:"true" deprecated:"1"`
	SoftShutdownTimeout       int    `confkey:"soft_shutdown_timeout" default:"2" deprecated:"1"`

	ConfigFile string

	Choria *ChoriaPluginConfig

	// DisableSecurityProviderVerify skips calling security provider Validate()
	DisableSecurityProviderVerify bool

	// DisableTLS turns off TLS and skips calling security provider Validate()
	DisableTLS bool

	// DisableTLSVerify turns off CA validation etc in TLS connections
	DisableTLSVerify bool

	// OverrideCertname sets a arbitrary certname and short circuits calling Puppet etc
	// this is mainly used by tests to adjust the certname on the fly
	OverrideCertname string

	// InitiatedByServer indicates to the framework that certain server specific
	// initialization steps - like Provisioning mode - should be performed.
	InitiatedByServer bool

	// Puppet provides access to puppet config data, settings and facts
	Puppet *puppet.Wrapper

	// CacheBatchedTransports should be true when a agent provider does batched
	// requests where effectively the same request can span many publishes often
	// long apart. The problem is that in these cases the security framework might
	// require frequent 2FA and users might be prompted for 2FA mid-batch.  This
	// setting will hint to choria.Message to return the same transport message
	// repeatedly
	CacheBatchedTransports bool
	// contains filtered or unexported fields
}

Config represents Choria configuration

NOTE: When adding or updating doc strings please run `go generate` in the root of the repository

func NewConfig

func NewConfig(path string) (*Config, error)

NewConfig parses a config file and return the config

func NewConfigForTests

func NewConfigForTests() *Config

NewConfigForTests creates a configuration for use in testing tools

func NewDefaultConfig

func NewDefaultConfig() (*Config, error)

NewDefaultConfig creates a empty configuration

func (*Config) ApplyBuildSettings

func (c *Config) ApplyBuildSettings(b BuildInfoProvider)

ApplyBuildSettings applies build time overrides to the configuration

func (*Config) ConfigKeys

func (c *Config) ConfigKeys(re string) (found []string, err error)

ConfigKeys retrieves all known configuration keys matching re

func (*Config) DocForConfigKey

func (c *Config) DocForConfigKey(k string) *confkey.Doc

func (*Config) HasOption

func (c *Config) HasOption(option string) bool

HasOption determines if a specific option was set from a config key. The option given would be something like `plugin.choria.use_srv` and true would indicate that it was set by config vs using defaults

func (*Config) Option

func (c *Config) Option(option string, deflt string) string

Option retrieves the raw string representation of a given option from that was loaded from the configuration

func (*Config) SetOption

func (c *Config) SetOption(option string, value string)

SetOption sets a raw string option, can be used to programatically set plugin options etc, setting a main config item value here does not update the values in the strings, so this is only really useful for setting plugin options

type Mutator

type Mutator interface {
	Mutate(*Config, *logrus.Entry)
}

Mutator is a function that can mutate the configuration

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL