|
---
|
|
attributes1:
|
|
name: administrator
|
|
settings_type: string
|
|
category: Setting
|
|
default: root@some.host.fqdn
|
|
description: The Default administrator email address
|
|
attributes2:
|
|
name: foreman_url
|
|
category: Setting
|
|
default: http://foreman.some.host.fqdn
|
|
description: The URL Foreman should point to in emails etc
|
|
attributes3:
|
|
name: root_pass
|
|
category: Setting
|
|
default: "--- \n"
|
|
description: Default root password on provisioned hosts
|
|
attributes4:
|
|
name: safemode_render
|
|
category: Setting
|
|
default: "true"
|
|
description: Enable safe mode config templates rendinging(recommended)
|
|
attributes5:
|
|
name: ssl_certificate
|
|
category: Setting
|
|
default: /var/lib/puppet/ssl/certs/some.host.fqdn
|
|
description: SSL Certificate path that foreman would use to communicate with its proxies
|
|
attributes6:
|
|
name: ssl_ca_file
|
|
category: Setting
|
|
default: /var/lib/puppet/ssl/certs/ca.pem
|
|
description: SSL CA file that foreman would use to communicate with its proxies
|
|
attributes7:
|
|
name: ssl_priv_key
|
|
category: Setting
|
|
default: /var/lib/puppet/ssl/private_keys/super.some.host.fqdn.pem
|
|
description: SSL Private Key file that foreman would use to communicate with its proxies
|
|
attributes13:
|
|
name: failed_report_email_notification
|
|
category: Setting
|
|
default: "false"
|
|
description: Enable Email Alerts per each failed puppet report
|
|
attributes14:
|
|
name: Default_parameters_Lookup_Path
|
|
category: Setting
|
|
default: ["fqdn", "hostgroup", "os", "domain"]
|
|
description: The Default path in which foreman resolves host specific variables
|
|
attributes16:
|
|
name: entries_per_page
|
|
category: Setting
|
|
default: 20
|
|
description: The amount of records shown per page in foreman
|
|
attributes18:
|
|
name: idle_timeout
|
|
category: Setting
|
|
default: 5
|
|
description: idle timeout
|
|
attributes21:
|
|
name: query_local_nameservers
|
|
category: Setting
|
|
default: "false"
|
|
description: "Should Foreman query the locally configured name server or the SOA/NS authorities"
|
|
attributes23:
|
|
name: authorize_login_delegation
|
|
category: Setting
|
|
default: "false"
|
|
description: "Setting::Authorize login delegation with REMOTE_USER environment variable"
|
|
attributes24:
|
|
name: authorize_login_delegation_api
|
|
category: Setting
|
|
default: "false"
|
|
description: "Setting::Authorize login delegation with REMOTE_USER environment variable for API calls"
|
|
attribute26:
|
|
name: token_duration
|
|
category: Setting
|
|
default: 0
|
|
description: "Time in minutes installation tokens should be valid for, 0 to disable"
|
|
attribute27:
|
|
name: restrict_registered_smart_proxies
|
|
category: Setting
|
|
default: "true"
|
|
description: "Only known Smart Proxies may access features that use Smart Proxy authentication"
|
|
attribute29:
|
|
name: ssl_client_dn_env
|
|
category: Setting
|
|
default: "SSL_CLIENT_S_DN"
|
|
description: "Environment variable containing the subject DN from a client SSL certificate"
|
|
attribute30:
|
|
name: ssl_client_verify_env
|
|
category: Setting
|
|
default: "SSL_CLIENT_VERIFY"
|
|
description: "Environment variable containing the verification status of a client SSL certificate"
|
|
attribute31:
|
|
name: ssl_client_cert_env
|
|
category: Setting
|
|
default: "SSL_CLIENT_CERT"
|
|
description: "Environment variable containing a client SSL certificate"
|
|
attribute32:
|
|
name: trusted_hosts
|
|
category: Setting
|
|
default: []
|
|
description: "Hosts that will be trusted in addition to Smart Proxies for access to fact/report importers and ENC output"
|
|
settings_type: array
|
|
attribute37:
|
|
name: create_new_host_when_facts_are_uploaded
|
|
category: Setting
|
|
default: "true"
|
|
description: "Foreman will create the host when new facts are received"
|
|
attribute38:
|
|
name: update_ip_from_built_request
|
|
category: Setting
|
|
default: "true"
|
|
description: "Should we use the originating IP of the built request to update the Host's IP?"
|
|
attribute40:
|
|
name: interpolate_erb_in_parameters
|
|
category: Setting
|
|
default: "true"
|
|
description: "Should Foreman parse ERB to return dynamic parameters?"
|
|
attribute41:
|
|
name: use_shortname_for_vms
|
|
category: Setting
|
|
default: "false"
|
|
description: "Should Foreman use the short hostname instead of the FQDN for creating new virtual machines"
|
|
attribute42:
|
|
name: create_new_host_when_report_is_uploaded
|
|
category: Setting
|
|
default: "true"
|
|
description: "Foreman will create the host when a report is received"
|
|
attributes43:
|
|
name: unattended_url
|
|
category: Setting
|
|
default: http://foreman.some.host.fqdn
|
|
description: The URL Foreman should point to in templates etc
|
|
attributes44:
|
|
name: default_organization
|
|
category: Setting
|
|
default: 'Organization 1'
|
|
description: 'Default organization when importing hosts'
|
|
attributes45:
|
|
name: default_location
|
|
category: Setting
|
|
default: 'Location 1'
|
|
description: 'Default location when importing hosts'
|
|
attributes46:
|
|
name: location_fact
|
|
category: Setting
|
|
default: 'foreman_location'
|
|
description: 'Fact to set location from when importing hosts'
|
|
attributes47:
|
|
name: organization_fact
|
|
category: Setting
|
|
default: 'foreman_organization'
|
|
description: 'Fact to set organization from when importing hosts'
|
|
attributes49:
|
|
name: oauth_active
|
|
category: Setting
|
|
default: "false"
|
|
description: "Foreman will use OAuth for API authorization"
|
|
attributes50:
|
|
name: oauth_consumer_key
|
|
category: Setting
|
|
default: "oauth_key"
|
|
description: "OAuth consumer key"
|
|
attributes51:
|
|
name: oauth_consumer_secret
|
|
category: Setting
|
|
default: "oauth_secret"
|
|
description: "OAuth consumer secret"
|
|
attributes52:
|
|
name: oauth_map_users
|
|
category: Setting
|
|
default: "true"
|
|
description: "Foreman will map users by username in request-header. If this is set to false, OAuth requests will have admin rights."
|
|
attributes53:
|
|
name: send_welcome_email
|
|
category: Setting
|
|
default: "false"
|
|
description: "Send a welcome email including initial username and password to new users"
|
|
attributes54:
|
|
name: email_subject_prefix
|
|
category: Setting
|
|
default: "[foreman]"
|
|
description: "Prefix to add to all outgoing email"
|
|
attributes55:
|
|
name: outofsync_interval
|
|
settings_type: integer
|
|
category: Setting
|
|
default: 5
|
|
description: "Duration in minutes after the Puppet interval for servers to be classed as out of sync."
|
|
attributes56:
|
|
name: email_reply_address
|
|
category: Setting
|
|
default: "foreman-noreply@#{SETTINGS[:domain]}"
|
|
description: 'Email reply address for emails that Foreman is sending'
|
|
attributes57:
|
|
name: clean_up_failed_deployment
|
|
category: Setting
|
|
default: "true"
|
|
description: "Foreman will delete virtual machine if provisioning script ends with non zero exit code"
|
|
attributes58:
|
|
name: ignored_interface_identifiers
|
|
category: Setting
|
|
default: "['lo', 'en*v*', 'usb*', 'vnet*', 'macvtap*', '_vdsmdummy_', 'veth*', 'docker*', 'tap*', 'qbr*', 'qvb*', 'qvo*', 'qr-*', 'qg-*', 'vlinuxbr*', 'vovsbr*']"
|
|
description: 'Ignore interfaces that match these values during facts importing, you can use * wildcard to match names with indexes e.g. macvtap*'
|
|
attributes59:
|
|
name: always_show_configuration_status
|
|
category: Setting
|
|
default: "false"
|
|
description: 'All hosts will show a configuration status even when a Puppet smart proxy is not assigned'
|
|
attributes60:
|
|
name: max_trend
|
|
category: Setting
|
|
default: 30
|
|
description: 'Max days for Trends graphs'
|
|
attributes61:
|
|
name: name_generator_type
|
|
settings_type: string
|
|
category: Setting
|
|
default: "Random-based"
|
|
description: 'Random gives unique names, MAC-based are longer but stable (and only works with bare-metal)'
|
|
attributes62:
|
|
name: bmc_credentials_accessible
|
|
category: Setting
|
|
default: "true"
|
|
description: 'Permits access to BMC interface passwords through ENC YAML output and in templates'
|
|
attributes63:
|
|
name: password
|
|
category: Setting
|
|
default: nil
|
|
description: 'Encrypted password'
|
|
encrypted: true
|
|
attributes64:
|
|
name: access_unattended_without_build
|
|
category: Setting
|
|
default: "false"
|
|
description: 'Allow access to unattended URLs without build mode being used'
|
|
full_name: 'Access unattended without build'
|
|
settings_type: 'boolean'
|
|
attributes65:
|
|
name: update_subnets_from_facts
|
|
category: Setting
|
|
default: "none"
|
|
description: 'Foreman will update a hosts subnets from its facts'
|
|
attributes66:
|
|
name: delivery_method
|
|
category: Setting
|
|
default: :test
|
|
description: 'Method used to deliver e-mail'
|
|
attributes67:
|
|
name: smtp_address
|
|
category: Setting
|
|
default: 'smtp@example.com'
|
|
description: Method used to deliver email'
|
|
attributes68:
|
|
name: smtp_authentication
|
|
category: Setting
|
|
default: 'none'
|
|
description: 'Specify authentication type, if required'
|
|
attributes69:
|
|
name: sendmail_arguments
|
|
category: Setting
|
|
default: 'args'
|
|
description: 'Specify additional options to sendmail'
|
|
attribute70:
|
|
name: ignore_facts_for_operatingsystem
|
|
category: Setting
|
|
default: "false"
|
|
description: 'Stop updating Operating System from facts'
|
|
attribute71:
|
|
name: ignore_facts_for_domain
|
|
category: Setting
|
|
default: "false"
|
|
description: 'Stop updating domain from facts'
|
|
attribute72:
|
|
name: host_owner
|
|
category: Setting
|
|
default: nil
|
|
description: 'Default host owner'
|
|
attribute73:
|
|
name: local_boot_PXELinux
|
|
category: Setting
|
|
default: PXELinux default local boot
|
|
description: 'Set up default local boot template for PXELinux'
|
|
attribute74:
|
|
name: rss_enable
|
|
category: Setting
|
|
default: true
|
|
description: 'Whether to enable or not RSS feed notifications'
|
|
attribute75:
|
|
name: rss_url
|
|
category: Setting
|
|
default: "http://theforeman.org/feed.xml"
|
|
description: 'Default URL for RSS feed notifications'
|
|
attribute76:
|
|
name: default_pxe_item_global
|
|
category: Setting
|
|
default: nil
|
|
description: 'Default PXE global template entry'
|
|
attribute77:
|
|
name: default_pxe_item_local
|
|
category: Setting
|
|
default: nil
|
|
description: 'Default PXE local template entry'
|
|
attributes78:
|
|
name: excluded_facts
|
|
category: Setting
|
|
default: "['lo', 'en*v*', 'usb*', 'vnet*', 'macvtap*', '_vdsmdummy_', 'veth*', 'docker*', 'tap*', 'qbr*', 'qvb*', 'qvo*', 'qr-*', 'qg-*', 'vlinuxbr*', 'vovsbr*', 'load_averages::*', 'memory::system::capacity', 'memory::system::used*', 'memory::system::available*', 'memory::swap::capacity', 'memory::swap::used*', 'memory::swap::available*']"
|
|
description: 'Ignore fact names that match these values during facts importing, you can use * wildcard to match names with indexes e.g. macvtap*'
|
|
settings_type: 'array'
|
|
attribute79:
|
|
name: append_domain_name_for_hosts
|
|
category: Setting
|
|
default: "true"
|
|
description: "Should append domain names when new hosts are provisioned"
|
|
attribute80:
|
|
name: failed_login_attempts_limit
|
|
category: Setting
|
|
default: 30
|
|
description: "Foreman will block user login after this number of failed login attempts for 5 minutes from offending IP address. Set to 0 to disable bruteforce protection"
|
|
attribute81:
|
|
name: bcrypt_cost
|
|
category: Setting
|
|
default: 4
|
|
description: "Cost value of bcrypt password hash function for internal auth-sources."
|
|
attribute82:
|
|
name: login_text
|
|
category: Setting
|
|
default: "--- \n"
|
|
description: 'Text to be shown in the login-page footer'
|
|
attribute83:
|
|
name: ssh_timeout
|
|
category: Setting
|
|
default: 120
|
|
description: 'Time in seconds before SSH provisioning times out'
|
|
attribute84:
|
|
name: destroy_vm_on_host_delete
|
|
category: Setting
|
|
default: true
|
|
description: 'Destroy associated VM on host delete. When enabled, VMs linked to Hosts will be deleted on Compute Resource, meaning they can be re-associated or imported back to Foreman again. This does not automatically power off the VM'
|
|
attribute85:
|
|
name: intermediate_ipxe_script
|
|
category: Setting
|
|
default: nil
|
|
description: 'Intermidiate iPXE script'
|
|
attribute86:
|
|
name: maximum_structured_facts
|
|
category: Setting
|
|
default: 100
|
|
description: 'Maximum structured facts'
|
|
attribute87:
|
|
name: instance_id
|
|
category: Setting
|
|
default: '2abbbe02-4ace-4269-9e20-2753f3206cc2'
|
|
description: 'Foreman UUID'
|
|
attribute88:
|
|
name: oidc_jwks_url
|
|
category: Setting
|
|
default: 'https://keycloak.example.com/auth/realms/foreman/protocol/openid-connect/certs'
|
|
description: 'OpenID Connect JSON Web Key Set(JWKS) URL. Typically https://keycloak.example.com/auth/realms/<realm name>/protocol/openid-connect/certs if you are using Keycloak as an IDP'
|
|
attribute89:
|
|
name: oidc_audience
|
|
category: Setting
|
|
default: 'rest-client'
|
|
description: 'Name of the OpenID Connect Audience that is being used for Authentication. For example in case of Keycloak this is the Client ID.'
|
|
attribute90:
|
|
name: oidc_issuer
|
|
category: Setting
|
|
default: 127.0.0.1
|
|
description: "The iss (issuer) claim identifies the principal that issued the JWT, which exists at a `/.well-known/openid-configuration` in case of most of the IDP's."
|
|
attribute91:
|
|
name: oidc_algorithm
|
|
category: Setting
|
|
default: 'RS512'
|
|
description: 'The algorithm used to encode the JWT in the IDP.'
|
|
attribute92:
|
|
name: authorize_login_delegation_auth_source_user_autocreate
|
|
category: Setting
|
|
default: 'External'
|
|
description: 'Name of the external auth source where unknown externally authentication users (see authorize_login_delegation) should be created (keep unset to prevent the autocreation)'
|
|
attribute93:
|
|
name: update_hostgroup_from_facts
|
|
category: Setting
|
|
default: true
|
|
description: "Foreman will update a host's hostgroup from its facts"
|
|
attribute94:
|
|
name: default_global_registration_item
|
|
category: Setting
|
|
default: 'Global Registration'
|
|
description: "Default Global registration template"
|
|
attribute95:
|
|
name: default_host_init_config_template
|
|
category: Setting
|
|
default: 'Linux host initial configuration'
|
|
description: "Default host initial configuration template"
|
|
attribute96:
|
|
name: server_ca_file
|
|
category: Setting
|
|
default: /var/lib/puppet/ssl/certs/ca.pem
|
|
description: SSL CA file that will be used in templates (to verify the connection to Foreman)
|
|
attribute97:
|
|
name: ct_command
|
|
category: Setting
|
|
settings_type: 'array'
|
|
default: "['/usr/bin/cat']"
|
|
value: "['/usr/bin/cat']"
|
|
description: "CoreOS Transpiler"
|
|
attribute98:
|
|
name: fcct_command
|
|
category: Setting
|
|
settings_type: 'array'
|
|
default: "['/usr/bin/cat']"
|
|
value: "['/usr/bin/cat']"
|
|
description: "Fedora CoreOS Transpiler"
|