Index ¶
- func DNSFQDN() (string, error)
- func Mutate(c *Config, log *logrus.Entry)
- func MutatorNames() []string
- func ProjectConfigurationFiles(path string) ([]string, error)
- func RegisterMutator(name string, m Mutator)
- type BuildInfoProvider
- type ChoriaPluginConfig
- type Config
- func (c *Config) ApplyBuildSettings(b BuildInfoProvider)
- func (c *Config) ConfigKeys(re string) (found []string, err error)
- func (c *Config) DocForConfigKey(k string) *confkey.Doc
- func (c *Config) HasOption(option string) bool
- func (c *Config) Option(option string, deflt string) string
- func (c *Config) SetOption(option string, value string)
- func (c *Config) UnParsedOptions() map[string]string
- type Mutator
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func MutatorNames ¶
func MutatorNames() []string
MutatorNames are the names of known configuration mutators
func ProjectConfigurationFiles ¶ added in v0.20.0
ProjectConfigurationFiles returns any configuration file in the specified directory and their parents directories.
func RegisterMutator ¶
RegisterMutator registers a new configuration mutator
Types ¶
type BuildInfoProvider ¶
type BuildInfoProvider interface {
HasTLS() bool
BuildInfoProvider provides build time information
type ChoriaPluginConfig ¶
type ChoriaPluginConfig struct { PuppetServerHost string `confkey:"plugin.choria.puppetserver_host" default:"puppet"` // The hostname where your Puppet Server can be found PuppetServerPort int `confkey:"plugin.choria.puppetserver_port" default:"8140"` // The port your Puppet Server listens on PuppetCAHost string `confkey:"plugin.choria.puppetca_host" default:"puppet"` // The hostname where your Puppet Certificate Authority can be found PuppetCAPort int `confkey:"plugin.choria.puppetca_port" default:"8140"` // The port your Puppet Certificate Authority listens on PuppetDBHost string `confkey:"plugin.choria.puppetdb_host" default:""` // The host hosting your PuppetDB, used by the "choria" discovery plugin PuppetDBPort int `confkey:"plugin.choria.puppetdb_port" default:"8081"` // The port your PuppetDB listens on UseSRVRecords bool `confkey:"plugin.choria.use_srv" default:"true" url:""` // If SRV record lookups should be attempted to find Puppet, PuppetDB, Brokers etc SRVDomain string `confkey:"plugin.choria.srv_domain" url:""` // The domain to use for SRV records, defaults to the domain the server FQDN is in Provision bool `confkey:"plugin.choria.server.provision" default:"false" url:""` // Specifically enable or disable provisioning ProvisionAllowUpdate bool `confkey:"plugin.choria.server.provision.allow_update" default:"false" url:""` // Allows the provisioner to perform in-place version updates ExternalDiscoveryCommand string `confkey:"plugin.choria.discovery.external.command" type:"path_string"` // The command to use for external discovery InventoryDiscoverySource string `confkey:"plugin.choria.discovery.inventory.source" type:"path_string"` // The file to read for inventory discovery BroadcastDiscoveryDynamicTimeout bool `confkey:"plugin.choria.discovery.broadcast.windowed_timeout"` // Enables the experimental dynamic timeout for choria/mc discovery FederationCollectives []string `` // List of known remote collectives accessible via Federation Brokers /* 142-byte string literal not displayed */ FederationMiddlewareHosts []string `confkey:"plugin.choria.federation_middleware_hosts" type:"comma_split" url:""` // Middleware brokers used by the Federation Broker, if unset uses SRV FederationCluster string `confkey:"plugin.choria.federation.cluster" default:"mcollective" url:""` // The cluster name a Federation Broker serves StatsListenAddress string `confkey:"plugin.choria.stats_address" default:""` // The address to listen on for statistics StatsPort int `confkey:"plugin.choria.stats_port" default:"0"` // The port to listen on for HTTP requests for statistics, setting to 0 disables it LegacyLifeCycleFormat bool `confkey:"plugin.choria.legacy_lifecycle_format" default:"0"` // When enabled will publish lifecycle events in the legacy format, else Cloud Events format is used NatsUser string `confkey:"plugin.nats.user" environment:"MCOLLECTIVE_NATS_USERNAME"` // The user to connect to the NATS server as. When unset no username is used. NatsPass string `confkey:"plugin.nats.pass" environment:"MCOLLECTIVE_NATS_PASSWORD"` // The password to use when connecting to the NATS server NatsCredentials string `confkey:"plugin.nats.credentials" environment:"MCOLLECTIVE_NATS_CREDENTIALS"` // The NATS 2.0 credentials to use, required for accessing NGS MiddlewareHosts []string `confkey:"plugin.choria.middleware_hosts" type:"comma_split"` // Set specific middleware hosts in the format host:port, if unset uses SRV NetworkAllowedClientHosts []string `confkey:"" type:"comma_split"` // CIDRs to limit client connections from, appropriate ACLs are added based on this NetworkClientAdvertiseName string `confkey:""` // Name:Port to advertise to clients, useful when fronted by a proxy NetworkClientPort int `confkey:"" default:"4222" url:""` // Port the Network Broker will accept client connections on NetworkClientTLSForce bool `confkey:""` // Force requiring/not requiring TLS for all clients NetworkClientTokenSigners []string `confkey:"" type:"comma_split"` // Fully qualified paths to the public certificates used by the AAA Service to sign client JWT tokens. This enables users with signed JWTs to use unverified TLS to connect. Can also be a list of ed25519 public keys. NetworkDenyServers bool `confkey:""` // Set ACLs denying server connections to this broker NetworkEventStoreDuration time.Duration `confkey:"" type:"duration" default:"24h"` // When not zero enables retaining Lifecycle events in the Stream Store NetworkEventStoreReplicas int `confkey:"" default:"-1"` // When configuring LifeCycle events ensure data is replicated in the cluster over this many servers, -1 means count of peers NetworkGatewayName string `confkey:"" default:"CHORIA"` // Name for the Super Cluster NetworkGatewayPort int `confkey:"" default:"0"` // Port to listen on for Super Cluster connections NetworkGatewayRemotes []string `confkey:"" type:"comma_split"` // List of remote Super Clusters to connect to NetworkLeaderElectionReplicas int `confkey:"" default:"-1"` // When configuring Stream based Leader Election storage ensure data is replicated in the cluster over this many servers, -1 means count of peers NetworkLeaderElectionTTL time.Duration `confkey:"" type:"duration" default:"1m"` // The TTL for leader election, leaders must vote at least this frequently to remain leader NetworkLeafPort int `confkey:"" default:"0"` // Port to listen on for Leafnode connections, disabled with 0 NetworkLeafRemotes []string `confkey:"" type:"comma_split"` // Remote networks to connect to as a Leafnode NetworkListenAddress string `confkey:"" default:"::" url:""` // Address the Network Broker will listen on NetworkMachineStoreDuration time.Duration `confkey:"" type:"duration" default:"24h"` // When not zero enables retaining Autonomous Agent events in the Stream Store NetworkMachineStoreReplicas int `confkey:"" default:"-1"` // When configuring Autonomous Agent event storage ensure data is replicated in the cluster over this many servers, -1 means count of peers NetworkMappings []string `confkey:"" type:"comma_split"` // List of subject remappings to apply NetworkPeerPassword string `confkey:""` // Password to use when connecting to cluster peers NetworkPeerPort int `confkey:"" url:""` // Port used to communicate with other local cluster peers NetworkPeerUser string `confkey:""` // Username to use when connecting to cluster peers NetworkPeers []string `confkey:"" type:"comma_split" url:""` // List of cluster peers in host:port format NetworkProfilePort int `confkey:"" default:"0"` // The port the network broker will listen on for pprof requests NetworkProvisioningClientPassword string `confkey:""` // Password the provisioned clients should use to connect NetworkProvisioningWithoutToken bool `confkey:""` // Allows a provisioner without a token to connect over TLS using username and password. This facilitates v1 provisioning on an Issuer based network NetworkProvisioningTokenSignerFile string `confkey:"" type:"path_string"` // Path to the public cert that signs provisioning tokens, enables accepting provisioning connections into the provisioning account NetworkServerTokenSigners []string `confkey:"" type:"comma_split"` // Fully qualified Paths to the public certificates used by the Provisioner Service to sign server JWT tokens. This enables servers with signed JWTs to use unverified TLS to connect. Can also be a list of ed25519 public keys. NetworkStreamAdvisoryDuration time.Duration `confkey:"" type:"duration" default:"168h"` // When not zero enables retaining Stream advisories in the Stream Store NetworkStreamAdvisoryReplicas int `confkey:"" default:"-1"` // When configuring Stream advisories storage ensure data is replicated in the cluster over this many servers, -1 means count of peers NetworkStreamManageStreams bool `confkey:"" default:"1"` // When set to zero will disable managing the standard streams on this node NetworkStreamStore string `confkey:"" type:"path_string"` // Enables Streaming data persistence stored in this path NetworkSystemPassword string `confkey:""` // Password used to access the Choria system account NetworkSystemUsername string `confkey:""` // Username used to access the Choria system account NetworkTLSTimeout int `confkey:"" default:"2"` // Time to allow for TLS connections to establish, increase on slow or very large networks NetworkWebSocketAdvertise string `confkey:"" url:""` // The URL to advertise for websocket connections NetworkWebSocketPort int `confkey:"" url:""` // Port to listen on for websocket connections NetworkWriteDeadline time.Duration `confkey:"" type:"duration" default:"10s"` // How long to allow clients to process traffic before treating them as slow, increase this on large networks or slow networks BrokerNetwork bool `confkey:"plugin.choria.broker_network" default:"false" url:""` // Enables the Network Broker BrokerFederation bool `confkey:"plugin.choria.broker_federation" default:"false" url:""` // Enables the Federation Broker BrokerAdapters []string `confkey:"plugin.choria.adapters" type:"comma_split" url:""` // The list of Data Adapters to activate FileContentRegistrationData string `confkey:"" default:""` // YAML or JSON file to use as data source for registration FileContentRegistrationTarget string `confkey:"" default:""` // NATS Subject to publish registration data to FileContentCompression bool `confkey:"plugin.choria.registration.file_content.compression" default:"true"` // Enables gzip compression of registration data InventoryContentCompression bool `confkey:"plugin.choria.registration.inventory_content.compression" default:"true"` // Enables gzip compression of registration data InventoryContentRegistrationTarget string `confkey:"" default:""` // NATS Subject to publish registration data to RubyAgentShim string `confkey:"plugin.choria.agent_provider.mcorpc.agent_shim"` // Path to the helper used to call MCollective Ruby agents RubyAgentConfig string `confkey:"plugin.choria.agent_provider.mcorpc.config"` // Path to the MCollective configuration file used when running MCollective Ruby agents RubyLibdir []string `confkey:"plugin.choria.agent_provider.mcorpc.libdir" type:"path_split"` // Path to the libdir MCollective Ruby agents should have SecurityProvider string `confkey:"" default:"puppet" validate:"enum=puppet,file,pkcs11,certmanager,choria"` // The Security Provider to use ServerAnonTLS bool `confkey:"" default:"false"` // Use anonymous TLS to the Choria brokers from a server ClientAnonTLS bool `confkey:"" default:"false"` // Use anonymous TLS to the Choria brokers from a client, also disables security provider verification - only when a remote signer is set AAAServiceLoginURLs []string `confkey:"plugin.login.aaasvc.login.url" type:"comma_split" url:""` // List of URLs to attempt to login against when the remote signer is enabled CipherSuites []string `confkey:"" type:"comma_split"` // List of allowed cipher suites ECCCurves []string `confkey:"" type:"comma_split"` // List of allowed ECC curves IssuerNames []string `confkey:"" type:"comma_split"` // List of names of valid issuers this server will accept, set indvidiaul issuer data using<name>.public ServerTokenFile string `confkey:"" type:"path_string"` // The server token file to use for authentication, defaults to serer.jwt in the same location as server.conf ServerTokenSeedFile string `confkey:"" type:"path_string"` // The server token seed to use for authentication, defaults to server.seed in the same location as server.conf SSLDir string `confkey:"plugin.choria.ssldir" type:"path_string"` // The SSL directory, auto detected via Puppet, when specifically set Puppet will not be consulted PrivilegedUsers []string `` // Patterns of certificate names that would be considered privileged and able to set custom callers /* 175-byte string literal not displayed */ CertnameAllowList []string `confkey:"" type:"comma_split" default:"\\.mcollective$,\\.choria$"` // Patterns of certificate names that are allowed to be clients SecurityAllowLegacyCerts bool `confkey:"" default:"false"` // Allow certificates without SANs to be used RemoteSignerTokenSeedFile string `confkey:"" type:"path_string" url:""` // Path to the seed file used to access a Central Authenticator RemoteSignerTokenFile string `confkey:"" type:"path_string" url:""` // Path to the token used to access a Central Authenticator RemoteSignerURL string `confkey:"" url:""` // URL to the Signing Service RemoteSignerService bool `confkey:"" url:""` // Enables signing requests via Choria RPC requests ChoriaSecurityTrustedSigners []string `confkey:"" type:"comma_split"` // Ed25119 public keys of entities allowed to sign client and server JWT tokens in hex encoded format ChoriaSecurityCertificate string `confkey:"" type:"path_string"` // When using choria security provider, the path to the optional public certificate ChoriaSecurityKey string `confkey:"" type:"path_string"` // When using choria security provider, the path to the optional private key ChoriaSecurityCA string `confkey:"" type:"path_string"` // When using choria security provider, the path to the optional Certificate Authority public certificate ChoriaSecurityTokenFile string `confkey:"" type:"path_string"` // The path to the JWT token file ChoriaSecuritySeedFile string `confkey:"" type:"path_string"` // The path to the seed file ChoriaSecuritySignReplies bool `confkey:"" default:"true"` // Disables signing replies which would significantly trim down the size of replies but would remove the ability to verify signatures or verify message origin FileSecurityCertificate string `confkey:"" type:"path_string"` // When using file security provider, the path to the public certificate FileSecurityKey string `confkey:"" type:"path_string"` // When using file security provider, the path to the private key FileSecurityCA string `confkey:"" type:"path_string"` // When using file security provider, the path to the Certificate Authority public certificate CertManagerSecurityNamespace string `confkey:"" default:"choria"` // When using Cert Manager security provider, the namespace the issuer is in CertManagerSecurityIssuer string `confkey:""` // When using Cert Manager security provider, the name of the issuer CertManagerSecurityReplaceCSR bool `confkey:"" default:"true"` // when using Cert Manager security provider, replace existing CSRs with new ones CertManagerSecurityAltNames []string `confkey:"" type:"comma_split"` // when using Cert Manager security provider, add these additional names to the CSR CertManagerAPIVersion string `confkey:"" default:"v1"` // the API version to call in cert manager PKCS11DriverFile string `confkey:"" type:"path_string" url:""` // When using the pkcs11 security provider, the path to the PCS11 driver file PKCS11Slot int `confkey:"" url:""` // When using the pkcs11 security provider, the slot to use in the device MachineSourceDir string `confkey:"" url:""` // Directory where Autonomous Agents are stored // Public key used to sign data for watchers like machines watcher. Will override the value compiled in or in the watcher definitions if set here. This is primarily to allow development environments to use different private keys. MachinesSignerPublicKey string `confkey:"plugin.choria.machine.signing_key"` StatusFilePath string `confkey:"plugin.choria.status_file_path" type:"path_string"` // Path to a JSON file to write server health information to regularly StatusUpdateSeconds int `confkey:"plugin.choria.status_update_interval" default:"30"` // How frequently to write to the status_file_path PrometheusTextFileDir string `confkey:"plugin.choria.prometheus_textfile_directory" type:"path_string"` // Directory where Prometheus Node Exporter textfile collector reads data ScoutOverrides string `confkey:"plugin.scout.overrides" type:"path_string"` // Path to a file holding overrides for Scout checks ScoutTags string `confkey:"plugin.scout.tags" type:"path_string"` // Path to a file holding tags for a Scout entity ScoutAgentDisabled bool `confkey:"plugin.scout.agent_disabled"` // Disables the scout agent ScoutGossLocalDenyResources []string `confkey:"plugin.scout.goss.denied_local_resources" type:"comma_split"` // List of resource types to deny for Goss manifests loaded from local disk ScoutGossRemoteDenyResources []string `confkey:"plugin.scout.goss.denied_remote_resources" default:"command" type:"comma_split"` // List of resource types to deny when Goss manifests or variables were received over rpc RequireClientFilter bool `confkey:"plugin.choria.require_client_filter" default:"false"` // If a client filter should always be required, only used in Go clients RegistryServiceStore string `confkey:"" type:"path_string"` // Directory where the Registry service finds DDLs to read RegistryClientCache string `confkey:"" type:"path_string" environment:"CHORIA_REGISTRY"` // Directory where the Registry client stores DDLs found in the registry SubmissionSpool string `confkey:"plugin.choria.submission.spool" type:"path_string"` // Path to a directory holding messages to submit to the middleware SubmissionSpoolMaxSize int `confkey:"plugin.choria.submission.max_spool_size" default:"500"` // Maximum amount of messages allowed into each priority }
ChoriaPluginConfig settings
NOTE: When adding or updating doc strings please run `go generate` in the root of the repository
type Config ¶
type Config struct { // The plugins used when publishing Registration data, when this is unset or empty sending registration data is disabled Registration []string `confkey:"registration" type:"comma_split"` // The Sub Collective to publish registration data to RegistrationCollective string `confkey:"registration_collective"` // How often to publish registration data RegisterInterval int `confkey:"registerinterval" default:"300"` // When true delays initial registration publish by a random period up to registerinterval following registration publishes will be at registerinterval without further splay RegistrationSplay bool `confkey:"registration_splay" default:"true"` // The list of known Sub Collectives this node will join or communicate with, Servers will subscribe the node and each agent to each sub collective and Clients will publish to a chosen sub collective. Defaults to the build settin build.DefaultCollectives Collectives []string `confkey:"collectives" type:"comma_split"` // The Sub Collective where a Client will publish to when no specific Sub Collective is configured MainCollective string `confkey:"main_collective"` // The file to write logs to, when set to 'discard' logging will be disabled. Also supports 'stdout' and 'stderr' as special log destinations. LogFile string `confkey:"logfile" type:"path_string" default:"stdout"` // The lowest level log to add to the logfile LogLevel string `confkey:"loglevel" default:"info" validate:"enum=debug,info,warn,error,fatal"` // The directory where Agents, DDLs and other plugins are found LibDir []string `confkey:"libdir" type:"path_split"` // The identity this machine is known as, when empty it's derived based on the operating system hostname or by calling facter fqdn Identity string `confkey:"identity"` // Disables or enable CLI color Color bool `confkey:"color" default:"true"` // Path to a file listing configuration classes applied to a node, used in matches using Class filters ClassesFile string `confkey:"classesfile" default:"/opt/puppetlabs/puppet/cache/state/classes.txt" type:"path_string"` // How long to wait for responses while doing broadcast discovery DiscoveryTimeout int `confkey:"discovery_timeout" default:"2"` // When enabled uses rpcauditprovider to audit RPC requests processed by the server RPCAudit bool `confkey:"rpcaudit" default:"false" url:""` // When enables authorization is performed on every RPC request based on rpcauthprovider RPCAuthorization bool `confkey:"rpcauthorization" default:"true" url:""` // The Authorization system to use RPCAuthorizationProvider string `confkey:"rpcauthprovider" type:"title_string" default:"action_policy" url:""` // When limiting nodes to a subset of discovered nodes this is the method to use, random is influenced by RPCLimitMethod string `confkey:"rpclimitmethod" default:"first" validate:"enum=first,random"` // How long published messages are allowed to linger on the network, lower numbers have a higher reliance on clocks being in sync TTL int `confkey:"ttl" default:"60"` // The default discovery plugin to use. The default "mc" uses a network broadcast, "choria" uses PuppetDB, external calls external commands DefaultDiscoveryMethod string `confkey:"default_discovery_method" default:"mc" validate:"enum=mc,broadcast,puppetdb,choria,external,inventory"` // Where to look for YAML or JSON based facts FactSourceFile string `confkey:"plugin.yaml" default:"/etc/puppetlabs/mcollective/generated-facts.yaml" type:"path_string"` // Default options to pass to the discovery plugin DefaultDiscoveryOptions []string `confkey:"default_discovery_options"` // The amount of time to allow the server to exit, after this memory and thread dumps will be performed and a force exit will be done SoftShutdownTimeout int `confkey:"soft_shutdown_timeout" default:"2"` // ConfigFile is the main configuration that got parsed ConfigFile string // ParsedFiles is a list of all files parsed to create the current config ParsedFiles []string Choria *ChoriaPluginConfig // DisableSecurityProviderVerify skips calling security provider Validate() DisableSecurityProviderVerify bool // DisableTLS turns off TLS and skips calling security provider Validate() DisableTLS bool // DisableTLSVerify turns off CA validation etc in TLS connections DisableTLSVerify bool // OverrideCertname sets a arbitrary certname and short circuits calling Puppet etc // this is mainly used by tests to adjust the certname on the fly OverrideCertname string // InitiatedByServer indicates to the framework that certain server specific // initialization steps - like Provisioning mode - should be performed. InitiatedByServer bool // Puppet provides access to puppet config data, settings and facts Puppet *puppet.Wrapper // CacheBatchedTransports should be true when a agent provider does batched // requests where effectively the same request can span many publishes often // long apart. The problem is that in these cases the security framework might // require frequent 2FA and users might be prompted for 2FA mid-batch. This // setting will hint to choria.Message to return the same transport message // repeatedly CacheBatchedTransports bool // Allow things like completion to put the DDL Registry in cache-only mode RegistryCacheOnly bool // CustomLogger sets a logger instance that Choria framework will use and // not change any configuration, if you do this you should take care of // configuring the Logrus standard logger as some places Choria will log // via that CustomLogger *log.Logger // contains filtered or unexported fields }
Config represents Choria cofnfiguration
NOTE: When adding or updating doc strings please run `go generate` in the root of the repository
func NewConfigForTests ¶
func NewConfigForTests() *Config
NewConfigForTests creates a configuration for use in testing tools
func NewDefaultConfig ¶
NewDefaultConfig creates a empty configuration
func NewDefaultSystemConfig ¶ added in v0.20.0
NewDefaultSystemConfig creates a new configuration for system services
func NewSystemConfig ¶ added in v0.20.0
func (*Config) ApplyBuildSettings ¶
func (c *Config) ApplyBuildSettings(b BuildInfoProvider)
ApplyBuildSettings applies build time overrides to the configuration
func (*Config) ConfigKeys ¶
ConfigKeys retrieves all known configuration keys matching re
func (*Config) HasOption ¶
HasOption determines if a specific option was set from a config key. The option given would be something like `plugin.choria.use_srv` and true would indicate that it was set by config vs using defaults
func (*Config) Option ¶
Option retrieves the raw string representation of a given option from that was loaded from the configuration
func (*Config) SetOption ¶
SetOption sets a raw string option, can be used to programmatically set plugin options etc, setting a main config item value here does not update the values in the strings, so this is only really useful for setting plugin options
func (*Config) UnParsedOptions ¶ added in v0.20.0
UnParsedOptions are the options loaded