From 13d6990f2951012e91de659aed00de7e969dc0a7 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Tue, 5 Nov 2024 17:35:49 +0100 Subject: [PATCH] Extract the installer help and params to separate files By extracting the generated content to separate files and including them the get-params script can automatically overwrite it with the correct content. --- .../nightly/3.2.2_installer_options-help.md | 292 ++ .../nightly/3.2.2_installer_options-params.md | 2192 +++++++++++++++ .../nightly/3.2.2_installer_options.md | 2486 +---------------- scripts/installer/get-params | 4 +- 4 files changed, 2488 insertions(+), 2486 deletions(-) create mode 100644 _includes/manuals/nightly/3.2.2_installer_options-help.md create mode 100644 _includes/manuals/nightly/3.2.2_installer_options-params.md diff --git a/_includes/manuals/nightly/3.2.2_installer_options-help.md b/_includes/manuals/nightly/3.2.2_installer_options-help.md new file mode 100644 index 0000000000..90ab8cd6c3 --- /dev/null +++ b/_includes/manuals/nightly/3.2.2_installer_options-help.md @@ -0,0 +1,292 @@ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
OptionDescription
--[no-]enable-apache-mod-statusEnable 'apache_mod_status' puppet module
--[no-]enable-foremanEnable 'foreman' puppet module
--[no-]enable-foreman-cliEnable 'foreman_cli' puppet module
--[no-]enable-foreman-cli-ansibleEnable 'foreman_cli_ansible' puppet module
--[no-]enable-foreman-cli-azureEnable 'foreman_cli_azure' puppet module
--[no-]enable-foreman-cli-discoveryEnable 'foreman_cli_discovery' puppet module
--[no-]enable-foreman-cli-googleEnable 'foreman_cli_google' puppet module
--[no-]enable-foreman-cli-kubevirtEnable 'foreman_cli_kubevirt' puppet module
--[no-]enable-foreman-cli-openscapEnable 'foreman_cli_openscap' puppet module
--[no-]enable-foreman-cli-puppetEnable 'foreman_cli_puppet' puppet module
--[no-]enable-foreman-cli-remote-executionEnable 'foreman_cli_remote_execution' puppet module
--[no-]enable-foreman-cli-sshEnable 'foreman_cli_ssh' puppet module
--[no-]enable-foreman-cli-tasksEnable 'foreman_cli_tasks' puppet module
--[no-]enable-foreman-cli-templatesEnable 'foreman_cli_templates' puppet module
--[no-]enable-foreman-cli-webhooksEnable 'foreman_cli_webhooks' puppet module
--[no-]enable-foreman-proxyEnable 'foreman_proxy' puppet module
--[no-]enable-puppetEnable 'puppet' puppet module
--[no-]enable-foreman-plugin-acdEnable 'foreman_plugin_acd' puppet module (foreman_acd)
--[no-]enable-foreman-plugin-ansibleEnable 'foreman_plugin_ansible' puppet module (foreman_ansible)
--[no-]enable-foreman-plugin-azureEnable 'foreman_plugin_azure' puppet module (foreman_azure)
--[no-]enable-foreman-plugin-bootdiskEnable 'foreman_plugin_bootdisk' puppet module (foreman_bootdisk)
--[no-]enable-foreman-plugin-default-hostgroupEnable 'foreman_plugin_default_hostgroup' puppet module (foreman_default_hostgroup)
--[no-]enable-foreman-plugin-dhcp-browserEnable 'foreman_plugin_dhcp_browser' puppet module (foreman_dhcp_browser)
--[no-]enable-foreman-plugin-discoveryEnable 'foreman_plugin_discovery' puppet module (foreman_discovery)
--[no-]enable-foreman-plugin-dlmEnable 'foreman_plugin_dlm' puppet module (foreman_dlm)
--[no-]enable-foreman-plugin-expire-hostsEnable 'foreman_plugin_expire_hosts' puppet module (foreman_expire_hosts)
--[no-]enable-foreman-plugin-git-templatesEnable 'foreman_plugin_git_templates' puppet module (foreman_git_templates)
--[no-]enable-foreman-plugin-googleEnable 'foreman_plugin_google' puppet module (foreman_google)
--[no-]enable-foreman-plugin-host-extra-validatorEnable 'foreman_plugin_host_extra_validator' puppet module (foreman_host_extra_validator)
--[no-]enable-foreman-plugin-kubevirtEnable 'foreman_plugin_kubevirt' puppet module (foreman_kubevirt)
--[no-]enable-foreman-plugin-leappEnable 'foreman_plugin_leapp' puppet module (foreman_leapp)
--[no-]enable-foreman-plugin-monitoringEnable 'foreman_plugin_monitoring' puppet module (foreman_monitoring)
--[no-]enable-foreman-plugin-netboxEnable 'foreman_plugin_netbox' puppet module (foreman_netbox)
--[no-]enable-foreman-plugin-omahaEnable 'foreman_plugin_omaha' puppet module (foreman_omaha)
--[no-]enable-foreman-plugin-openscapEnable 'foreman_plugin_openscap' puppet module (foreman_openscap)
--[no-]enable-foreman-plugin-ovirt-provisionEnable 'foreman_plugin_ovirt_provision' puppet module (ovirt_provision_plugin)
--[no-]enable-foreman-plugin-proxmoxEnable 'foreman_plugin_proxmox' puppet module (foreman_proxmox)
--[no-]enable-foreman-plugin-puppetEnable 'foreman_plugin_puppet' puppet module (foreman_puppet)
--[no-]enable-foreman-plugin-puppetdbEnable 'foreman_plugin_puppetdb' puppet module (puppetdb_foreman)
--[no-]enable-foreman-plugin-remote-executionEnable 'foreman_plugin_remote_execution' puppet module (foreman_remote_execution)
--[no-]enable-foreman-plugin-remote-execution-cockpitEnable 'foreman_plugin_remote_execution_cockpit' puppet module (foreman_remote_execution_cockpit)
--[no-]enable-foreman-plugin-rescueEnable 'foreman_plugin_rescue' puppet module (foreman_rescue)
--[no-]enable-foreman-plugin-saltEnable 'foreman_plugin_salt' puppet module (foreman_salt)
--[no-]enable-foreman-plugin-snapshot-managementEnable 'foreman_plugin_snapshot_management' puppet module (foreman_snapshot_management)
--[no-]enable-foreman-plugin-statisticsEnable 'foreman_plugin_statistics' puppet module (foreman_statistics)
--[no-]enable-foreman-plugin-tasksEnable 'foreman_plugin_tasks' puppet module (foreman_tasks)
--[no-]enable-foreman-plugin-templatesEnable 'foreman_plugin_templates' puppet module (foreman_templates)
--[no-]enable-foreman-plugin-vaultEnable 'foreman_plugin_vault' puppet module (foreman_vault)
--[no-]enable-foreman-plugin-webhooksEnable 'foreman_plugin_webhooks' puppet module (foreman_webhooks)
--[no-]enable-foreman-plugin-wreckingballEnable 'foreman_plugin_wreckingball' puppet module (foreman_wreckingball)
--[no-]enable-foreman-compute-ec2Enable 'foreman_compute_ec2' puppet module
--[no-]enable-foreman-compute-libvirtEnable 'foreman_compute_libvirt' puppet module
--[no-]enable-foreman-compute-openstackEnable 'foreman_compute_openstack' puppet module
--[no-]enable-foreman-compute-ovirtEnable 'foreman_compute_ovirt' puppet module
--[no-]enable-foreman-compute-vmwareEnable 'foreman_compute_vmware' puppet module
--[no-]enable-foreman-proxy-plugin-acdEnable 'foreman_proxy_plugin_acd' puppet module (smart_proxy_acd)
--[no-]enable-foreman-proxy-plugin-ansibleEnable 'foreman_proxy_plugin_ansible' puppet module (smart_proxy_ansible)
--[no-]enable-foreman-proxy-plugin-dhcp-infobloxEnable 'foreman_proxy_plugin_dhcp_infoblox' puppet module (smart_proxy_dhcp_infoblox)
--[no-]enable-foreman-proxy-plugin-dhcp-remote-iscEnable 'foreman_proxy_plugin_dhcp_remote_isc' puppet module (smart_proxy_dhcp_remote_isc)
--[no-]enable-foreman-proxy-plugin-discoveryEnable 'foreman_proxy_plugin_discovery' puppet module (smart_proxy_discovery)
--[no-]enable-foreman-proxy-plugin-dns-infobloxEnable 'foreman_proxy_plugin_dns_infoblox' puppet module (smart_proxy_dns_infoblox)
--[no-]enable-foreman-proxy-plugin-dns-powerdnsEnable 'foreman_proxy_plugin_dns_powerdns' puppet module (smart_proxy_dns_powerdns)
--[no-]enable-foreman-proxy-plugin-dns-route53Enable 'foreman_proxy_plugin_dns_route53' puppet module (smart_proxy_dns_route53)
--[no-]enable-foreman-proxy-plugin-dynflowEnable 'foreman_proxy_plugin_dynflow' puppet module (smart_proxy_dynflow)
--[no-]enable-foreman-proxy-plugin-monitoringEnable 'foreman_proxy_plugin_monitoring' puppet module (smart_proxy_monitoring)
--[no-]enable-foreman-proxy-plugin-omahaEnable 'foreman_proxy_plugin_omaha' puppet module (smart_proxy_omaha)
--[no-]enable-foreman-proxy-plugin-openscapEnable 'foreman_proxy_plugin_openscap' puppet module (smart_proxy_openscap)
--[no-]enable-foreman-proxy-plugin-remote-execution-scriptEnable 'foreman_proxy_plugin_remote_execution_script' puppet module (smart_proxy_remote_execution_script)
--[no-]enable-foreman-proxy-plugin-saltEnable 'foreman_proxy_plugin_salt' puppet module (smart_proxy_salt)
--[no-]enable-foreman-proxy-plugin-shellhooksEnable 'foreman_proxy_plugin_shellhooks' puppet module (smart_proxy_shellhooks)
+
diff --git a/_includes/manuals/nightly/3.2.2_installer_options-params.md b/_includes/manuals/nightly/3.2.2_installer_options-params.md new file mode 100644 index 0000000000..e52034e247 --- /dev/null +++ b/_includes/manuals/nightly/3.2.2_installer_options-params.md @@ -0,0 +1,2192 @@ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
OptionDescription
--apache-mod-status-extended-statusDetermines whether to track extended status information for each request, via the ExtendedStatus directive.
--apache-mod-status-requiresA Variant type that can be: - String with: - '' or 'unmanaged' - Host auth control done elsewhere - 'ip <List of IPs>>' - Allowed IPs/ranges - 'host <List of names>' - Allowed names/domains - 'all [granted|denied]' - Array of strings with ip or host as above - Hash with following keys: - 'requires' - Value => Array as above - 'enforce' - Value => String 'Any', 'All' or 'None' This encloses "Require" directives in "" block Optional - If unspecified, "Require" directives follow current flow
--apache-mod-status-status-pathPath assigned to the Location directive which defines the URL to access the server status.
--foreman-apacheConfigure Apache as a reverse proxy for the Foreman server
--foreman-client-ssl-caDefines the SSL CA used to communicate with Foreman Proxies
--foreman-client-ssl-certDefines the SSL certificate used to communicate with Foreman Proxies
--foreman-client-ssl-keyDefines the SSL private key used to communicate with Foreman Proxies
--foreman-cors-domainsList of domains that show be allowed for Cross-Origin Resource Sharing
--foreman-db-databaseDatabase 'production' database (e.g. foreman)
--foreman-db-hostDatabase 'production' host
--foreman-db-manageIf enabled, will install and configure the database server on this host
--foreman-db-manage-rakeif enabled, will run rake jobs, which depend on the database
--foreman-db-passwordDatabase 'production' password, default is randomly generated
--foreman-db-poolDatabase 'production' size of connection pool. If the value is not set, it will be set by default to the amount of puma threads + 4 (for internal system threads)
--foreman-db-portDatabase 'production' port
--foreman-db-root-certRoot cert used to verify SSL connection to postgres
--foreman-db-sslmodeDatabase 'production' ssl mode
--foreman-db-usernameDatabase 'production' user (e.g. foreman)
--foreman-dynflow-manage-servicesWhether to manage the dynflow services
--foreman-dynflow-orchestrator-ensureThe state of the dynflow orchestrator instance
--foreman-dynflow-redis-urlIf set, the redis server is not managed and we use the defined url to connect
--foreman-dynflow-worker-concurrencyHow many concurrent jobs to handle per worker instance
--foreman-dynflow-worker-instancesThe number of worker instances that should be running
--foreman-email-delivery-methodEmail delivery method
--foreman-email-reply-addressEmail reply address for emails that Foreman is sending
--foreman-email-sendmail-argumentsThe arguments to pass to the sendmail binary. Unused when SMTP delivery is used.
--foreman-email-sendmail-locationThe location of the binary to call when sendmail is the delivery method. Unused when SMTP delivery is used.
--foreman-email-smtp-addressSMTP server hostname, when delivery method is SMTP
--foreman-email-smtp-authenticationSMTP authentication method
--foreman-email-smtp-domainSMTP HELO domain
--foreman-email-smtp-passwordPassword for SMTP server auth, if authentication is enabled
--foreman-email-smtp-portSMTP port
--foreman-email-smtp-user-nameUsername for SMTP server auth, if authentication is enabled
--foreman-email-subject-prefixPrefix to add to all outgoing email
--foreman-foreman-service-puma-threads-maxMaximum number of threads for every Puma worker
--foreman-foreman-service-puma-threads-minMinimum number of threads for every Puma worker. If no value is specified, this defaults to setting min threads to maximum threads. Setting min threads equal to max threads has been shown to alleviate memory leaks and in some cases produce better performance.
--foreman-foreman-service-puma-workersNumber of workers for Puma. If not set, the value is dynamically calculated based on available number of CPUs and memory.
--foreman-foreman-urlURL on which foreman is going to run
--foreman-gssapi-local-nameWhether to enable GssapiLocalName when using mod_auth_gssapi
--foreman-hsts-enabledShould HSTS enforcement in https requests be enabled
--foreman-http-keytabPath to keytab to be used for Kerberos authentication on the WebUI. If left empty, it will be automatically determined.
--foreman-initial-admin-emailInitial E-mail address of the admin user
--foreman-initial-admin-first-nameInitial first name of the admin user
--foreman-initial-admin-last-nameInitial last name of the admin user
--foreman-initial-admin-localeInitial locale (= language) of the admin user
--foreman-initial-admin-passwordInitial password of the admin user, default is randomly generated
--foreman-initial-admin-timezoneInitial timezone of the admin user
--foreman-initial-admin-usernameInitial username for the admin user account, default is admin
--foreman-initial-locationName of an initial location
--foreman-initial-organizationName of an initial organization
--foreman-ipa-authenticationEnable configuration for external authentication via IPA
--foreman-ipa-authentication-apiEnable configuration for external authentication via IPA for API
--foreman-ipa-manage-sssdIf ipa_authentication is true, should the installer manage SSSD? You can disable it if you use another module for SSSD configuration
--foreman-ipa-sssd-default-realmIf ipa_manage_sssd is true, set default_domain_suffix option in sssd configuration to this value to allow logging in without having to provide the domain name.
--foreman-keycloakEnable Keycloak support. Note this is limited to configuring Apache and still relies on manually running keycloak-httpd-client-install
--foreman-keycloak-app-nameThe app name as passed to keycloak-httpd-client-install
--foreman-keycloak-realmThe realm as passed to keycloak-httpd-client-install
--foreman-loggersEnable or disable specific loggers, e.g. {"sql" => true}
--foreman-logging-layoutLogging layout of the Foreman application
--foreman-logging-levelLogging level of the Foreman application
--foreman-logging-typeLogging type of the Foreman application
--foreman-oauth-activeEnable OAuth authentication for REST API
--foreman-oauth-consumer-keyOAuth consumer key
--foreman-oauth-consumer-secretOAuth consumer secret
--foreman-oauth-effective-userUser to be used for REST interaction
--foreman-oauth-map-usersShould Foreman use the foreman_user header to identify API user?
--foreman-pam-servicePAM service used for host-based access control in IPA
--foreman-plugin-versionForeman plugins package version, it's passed to ensure parameter of package resource can be set to 'installed', 'latest', 'present' only
--foreman-provisioning-ct-locationThe location of the binary to call when transpiling CoreOS templates.
--foreman-provisioning-fcct-locationThe location of the binary to call when transpiling Fedora CoreOS templates.
--foreman-rails-cache-storeSet rails cache store
--foreman-register-in-foremanRegister host in Foreman
--foreman-server-portDefines Apache port for HTTP requests
--foreman-server-ssl-caDefines Apache mod_ssl SSLCACertificateFile setting in Foreman vhost conf file.
--foreman-server-ssl-certDefines Apache mod_ssl SSLCertificateFile setting in Foreman vhost conf file.
--foreman-server-ssl-chainDefines Apache mod_ssl SSLCertificateChainFile setting in Foreman vhost conf file.
--foreman-server-ssl-crlDefines the Apache mod_ssl SSLCARevocationFile setting in Foreman vhost conf file.
--foreman-server-ssl-keyDefines Apache mod_ssl SSLCertificateKeyFile setting in Foreman vhost conf file.
--foreman-server-ssl-portDefines Apache port for HTTPS requests
--foreman-server-ssl-protocolDefines the Apache mod_ssl SSLProtocol setting in Foreman vhost conf file.
--foreman-server-ssl-verify-clientDefines the Apache mod_ssl SSLVerifyClient setting in Foreman vhost conf file.
--foreman-serveraliasesServer aliases of the VirtualHost in the webserver
--foreman-servernameServer name of the VirtualHost in the webserver
--foreman-sslEnable and set require_ssl in Foreman settings (note: requires Apache, SSL does not apply to kickstarts)
--foreman-telemetry-logger-enabledEnable telemetry logs - useful for telemetry debugging
--foreman-telemetry-logger-levelTelemetry debugging logs level
--foreman-telemetry-prefixPrefix for all metrics
--foreman-telemetry-prometheus-enabledEnable prometheus telemetry
--foreman-telemetry-statsd-enabledEnable statsd telemetry
--foreman-telemetry-statsd-hostStatsd host in format ip:port, do not use DNS
--foreman-telemetry-statsd-protocolStatsd protocol one of 'statsd', 'statsite' or 'datadog' - currently only statsd is supported
--foreman-trusted-proxiesList of trusted IPs / networks. Default: IPv4 and IPV6 localhost addresses. If overwritten, localhost addresses (127.0.0.1/8, ::1) need to be in trusted_proxies IP list again. More details: https://api.rubyonrails.org/classes/ActionDispatch/RemoteIp.html
--foreman-unattendedShould Foreman manage host provisioning as well
--foreman-unattended-urlURL hosts will retrieve templates from during build (normally http as many installers don't support https)
--foreman-versionForeman package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc.
--foreman-websockets-encryptWhether to encrypt websocket connections
--foreman-websockets-ssl-certSSL certificate file to use when encrypting websocket connections
--foreman-websockets-ssl-keySSL key file to use when encrypting websocket connections
--foreman-cli-foreman-urlURL on which Foreman runs
--foreman-cli-manage-root-configWhether to manage /root/.hammer configuration.
--foreman-cli-passwordPassword for authentication
--foreman-cli-refresh-cacheCheck API documentation cache status on each request
--foreman-cli-request-timeoutAPI request timeout, set -1 for infinity
--foreman-cli-ssl-ca-filePath to SSL certificate authority
--foreman-cli-use-sessionsEnable using sessions
--foreman-cli-usernameUsername for authentication
--foreman-cli-versionforeman-cli package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc.
--foreman-proxy-autosignfileHostname-Whitelisting only: Location of puppets autosign.conf
--foreman-proxy-bind-hostHost to bind ports to, e.g. *, localhost, 0.0.0.0
--foreman-proxy-bmcEnable BMC feature
--foreman-proxy-bmc-default-providerBMC default provider.
--foreman-proxy-bmc-listen-onBMC proxy to listen on https, http, or both
--foreman-proxy-bmc-redfish-verify-sslBMC Redfish verify ssl.
--foreman-proxy-bmc-ssh-keyBMC SSH key location.
--foreman-proxy-bmc-ssh-powercycleBMC SSH powercycle command.
--foreman-proxy-bmc-ssh-poweroffBMC SSH poweroff command.
--foreman-proxy-bmc-ssh-poweronBMC SSH poweron command.
--foreman-proxy-bmc-ssh-powerstatusBMC SSH powerstatus command.
--foreman-proxy-bmc-ssh-userBMC SSH user.
--foreman-proxy-dhcpEnable DHCP feature
--foreman-proxy-dhcp-additional-interfacesAdditional DHCP listen interfaces (in addition to dhcp_interface). Note: as opposed to dhcp_interface *no* subnet will be provisioned for any of the additional DHCP listen interfaces. Please configure any additional subnets using `dhcp::pool` and related resource types (provided by the theforeman/puppet-dhcp module).
--foreman-proxy-dhcp-configDHCP config file path
--foreman-proxy-dhcp-failover-addressAddress for DHCP to listen for connections from its peer
--foreman-proxy-dhcp-failover-portPort for DHCP to listen & communicate with it DHCP peer
--foreman-proxy-dhcp-gatewayDHCP pool gateway
--foreman-proxy-dhcp-interfaceDHCP listen interface
--foreman-proxy-dhcp-ipxe-bootstrapEnable or disable iPXE bootstrap(discovery) feature
--foreman-proxy-dhcp-ipxefilenameiPXE DHCP "filename" value, If not specified, it's determined dynamically. When the templates feature is enabled, the template_url is used.
--foreman-proxy-dhcp-key-nameDHCP key name
--foreman-proxy-dhcp-key-secretDHCP password
--foreman-proxy-dhcp-leasesDHCP leases file
--foreman-proxy-dhcp-listen-onDHCP proxy to listen on https, http, or both
--foreman-proxy-dhcp-load-balanceCutoff after which load balancing is disabled
--foreman-proxy-dhcp-load-splitSplit leases between Primary and Secondary. 255 means Primary is chiefly responsible. 0 means Secondary is chiefly responsible.
--foreman-proxy-dhcp-manage-aclsWhether to manage DHCP directory ACLs. This allows the Foreman Proxy user to access even if the directory mode is 0750.
--foreman-proxy-dhcp-managedThe DHCP daemon is managed by this module
--foreman-proxy-dhcp-max-response-delaySeconds after it will assume that connection has failed to DHCP peer
--foreman-proxy-dhcp-max-unacked-updatesHow many BNDUPD messages DHCP can send before it receives a BNDACK from the local system
--foreman-proxy-dhcp-mcltSeconds for which a lease may be renewed by either failover peer without contacting the other
--foreman-proxy-dhcp-nameserversDHCP nameservers, comma-separated
--foreman-proxy-dhcp-netmaskDHCP server netmask value, defaults otherwise to value based on IP of dhcp_interface
--foreman-proxy-dhcp-networkDHCP server network value, defaults otherwise to value based on IP of dhcp_interface
--foreman-proxy-dhcp-node-typeDHCP node type
--foreman-proxy-dhcp-omapi-portDHCP server OMAPI port
--foreman-proxy-dhcp-option-domainDHCP use the dhcpd config option domain-name
--foreman-proxy-dhcp-peer-addressThe other DHCP servers address
--foreman-proxy-dhcp-ping-free-ipPerform ICMP and TCP ping when searching free IPs from the pool. This makes sure that active IP address is not suggested as free, however in locked down network environments this can cause no free IPs.
--foreman-proxy-dhcp-providerDHCP provider for the DHCP module
--foreman-proxy-dhcp-pxefilenameDHCP "filename" value, defaults otherwise to pxelinux.0
--foreman-proxy-dhcp-pxeserverDHCP "next-server" value, defaults otherwise to IP of dhcp_interface
--foreman-proxy-dhcp-rangeSpace-separated DHCP pool range
--foreman-proxy-dhcp-search-domainsDHCP search domains option
--foreman-proxy-dhcp-serverAddress of DHCP server to manage
--foreman-proxy-dhcp-subnetsSubnets list to restrict DHCP management to
--foreman-proxy-dnsEnable DNS feature
--foreman-proxy-dns-forwardersDNS forwarders
--foreman-proxy-dns-interfaceDNS interface
--foreman-proxy-dns-listen-onDNS proxy to listen on https, http, or both
--foreman-proxy-dns-managedThe DNS daemon is managed by this module. Only supported for the nsupdate and nsupdate_gss DNS providers.
--foreman-proxy-dns-providerDNS provider
--foreman-proxy-dns-reverseDNS reverse zone name
--foreman-proxy-dns-serverAddress of DNS server to manage
--foreman-proxy-dns-tsig-keytabKerberos keytab for DNS updates using GSS-TSIG authentication
--foreman-proxy-dns-tsig-principalKerberos principal for DNS updates using GSS-TSIG authentication
--foreman-proxy-dns-ttlDNS default TTL override
--foreman-proxy-dns-zoneDNS zone name
--foreman-proxy-ensure-packages-versioncontrol extra packages version, it's passed to ensure parameter of package resource
--foreman-proxy-foreman-base-urlBase Foreman URL used for REST interaction
--foreman-proxy-foreman-ssl-caSSL CA used to verify connections when accessing the Foreman API. When not specified, the ssl_ca is used instead.
--foreman-proxy-foreman-ssl-certSSL client certificate used when accessing the Foreman API When not specified, the ssl_cert is used instead.
--foreman-proxy-foreman-ssl-keyCorresponding key to a foreman_ssl_cert certificate When not specified, the ssl_key is used instead.
--foreman-proxy-freeipa-configPath to FreeIPA default.conf configuration file
--foreman-proxy-freeipa-remove-dnsRemove DNS entries from FreeIPA when deleting hosts from realm
--foreman-proxy-groupsArray of additional groups for the foreman proxy user
--foreman-proxy-httpEnable HTTP
--foreman-proxy-http-portHTTP port to listen on (if http is enabled)
--foreman-proxy-httpbootEnable HTTPBoot feature. In most deployments this requires HTTP to be enabled as well.
--foreman-proxy-httpboot-listen-onHTTPBoot proxy to listen on https, http, or both
--foreman-proxy-keyfileDNS server keyfile path
--foreman-proxy-libvirt-connectionConnection string of libvirt DNS/DHCP provider (e.g. "qemu:///system")
--foreman-proxy-libvirt-networkNetwork for libvirt DNS/DHCP provider
--foreman-proxy-logForeman proxy log file, 'STDOUT', 'SYSLOG' or 'JOURNAL'
--foreman-proxy-log-bufferLog buffer size
--foreman-proxy-log-buffer-errorsAdditional log buffer size for errors
--foreman-proxy-log-levelForeman proxy log level
--foreman-proxy-logsEnable Logs (log buffer) feature
--foreman-proxy-logs-listen-onLogs proxy to listen on https, http, or both
--foreman-proxy-manage-puppet-groupWhether to ensure the $puppet_group exists. Also ensures group owner of ssl keys and certs is $puppet_group Not applicable when ssl is false.
--foreman-proxy-manage-servicecontrol the service, whether it should be started / enabled or not. useful, if the service should be managed by a cluster software e.g. corosync / pacemaker
--foreman-proxy-oauth-consumer-keyOAuth key to be used for REST interaction
--foreman-proxy-oauth-consumer-secretOAuth secret to be used for REST interaction
--foreman-proxy-oauth-effective-userUser to be used for REST interaction
--foreman-proxy-puppetEnable Puppet module for environment imports and Puppet runs
--foreman-proxy-puppet-api-timeoutTimeout in seconds when accessing Puppet environment classes API
--foreman-proxy-puppet-groupGroups of Foreman proxy user
--foreman-proxy-puppet-listen-onProtocols for the Puppet feature to listen on
--foreman-proxy-puppet-ssl-caSSL CA used to verify connections when accessing the Puppet master API
--foreman-proxy-puppet-ssl-certSSL certificate used when accessing the Puppet master API
--foreman-proxy-puppet-ssl-keySSL private key used when accessing the Puppet master API
--foreman-proxy-puppet-urlURL of the Puppet master itself for API requests
--foreman-proxy-puppetcaEnable Puppet CA feature
--foreman-proxy-puppetca-certificateToken-whitelisting only: Certificate to use when encrypting tokens (undef to use SSL certificate)
--foreman-proxy-puppetca-listen-onProtocols for the Puppet CA feature to listen on
--foreman-proxy-puppetca-providerWhether to use puppetca_hostname_whitelisting or puppetca_token_whitelisting
--foreman-proxy-puppetca-sign-allToken-whitelisting only: Whether to sign all CSRs without checking their token
--foreman-proxy-puppetca-token-ttlToken-whitelisting only: Fallback time (in minutes) after which tokens will expire
--foreman-proxy-puppetca-tokens-fileToken-Whitelisting only: Location of the tokens.yaml
--foreman-proxy-puppetdirPuppet var directory
--foreman-proxy-realmEnable realm management feature
--foreman-proxy-realm-keytabKerberos keytab path to authenticate realm updates
--foreman-proxy-realm-listen-onRealm proxy to listen on https, http, or both
--foreman-proxy-realm-principalKerberos principal for realm updates
--foreman-proxy-realm-providerRealm management provider
--foreman-proxy-register-in-foremanRegister proxy back in Foreman
--foreman-proxy-registered-nameProxy name which is registered in Foreman
--foreman-proxy-registered-proxy-urlProxy URL which is registered in Foreman
--foreman-proxy-registrationEnable Registration feature
--foreman-proxy-registration-listen-onRegistration proxy to listen on https, http, or both
--foreman-proxy-registration-urlURL that hosts will connect to when registering
--foreman-proxy-sslEnable SSL, ensure feature is added with "https://" protocol if true
--foreman-proxy-ssl-caSSL CA to validate the client certificates used to access the proxy
--foreman-proxy-ssl-certSSL certificate to be used to run the foreman proxy via https.
--foreman-proxy-ssl-disabled-ciphersList of OpenSSL cipher suite names that will be disabled from the default
--foreman-proxy-ssl-keyCorresponding key to a ssl_cert certificate
--foreman-proxy-ssl-portHTTPS port to listen on (if ssl is enabled)
--foreman-proxy-ssldirPuppet CA SSL directory
--foreman-proxy-template-urlURL a client should use for provisioning templates
--foreman-proxy-templatesEnable templates feature
--foreman-proxy-templates-listen-onTemplates proxy to listen on https, http, or both
--foreman-proxy-tftpEnable TFTP feature
--foreman-proxy-tftp-dirsDirectories to be create in $tftp_root
--foreman-proxy-tftp-listen-onTFTP proxy to listen on https, http, or both
--foreman-proxy-tftp-manage-wgetIf enabled will install the wget package
--foreman-proxy-tftp-managedThe TFTP daemon is managed by this module.
--foreman-proxy-tftp-replace-grub2-cfgDetermines if grub2.cfg will be replaced
--foreman-proxy-tftp-rootTFTP root directory
--foreman-proxy-tftp-servernameDefines the TFTP Servername to use, overrides the name in the subnet declaration
--foreman-proxy-tls-disabled-versionsList of TLS versions that will be disabled from the default
--foreman-proxy-trusted-hostsOnly hosts listed will be permitted, empty array to disable authorization
--foreman-proxy-versionforeman package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc.
--puppet-additional-settingsA hash of additional main settings.
--puppet-agentShould a puppet agent be installed
--puppet-agent-additional-settingsA hash of additional agent settings. Example: {stringify_facts => true}
--puppet-agent-default-schedulesA boolean to enable/disable the default schedules
--puppet-agent-noopRun the agent in noop mode.
--puppet-agent-restart-commandThe command which gets excuted on puppet service restart
--puppet-agent-server-hostnameHostname of your puppetserver (server directive in puppet.conf)
--puppet-agent-server-portOverride the port of the server we connect to.
--puppet-allow-any-crl-authAllow any authentication for the CRL. This is needed on the puppet CA to accept clients from a the puppet CA proxy.
--puppet-auth-allowedAn array of authenticated nodes allowed to access all catalog and node endpoints. default to ['$1']
--puppet-autosignIf set to a boolean, autosign is enabled or disabled for all incoming requests. Otherwise this has to be set to the full file path of an autosign.conf file or an autosign script. If this is set to a script, make sure that script considers the content of autosign.conf as otherwise Foreman functionality might be broken.
--puppet-autosign-contentIf set, write the autosign file content using the value of this parameter. Cannot be used at the same time as autosign_entries For example, could be a string, or file('another_module/autosign.sh') or template('another_module/autosign.sh.erb')
--puppet-autosign-entriesA list of certnames or domain name globs whose certificate requests will automatically be signed. Defaults to an empty Array.
--puppet-autosign-modemode of the autosign file/script
--puppet-autosign-sourceIf set, use this as the source for the autosign file, instead of autosign_content.
--puppet-ca-crl-filepathPath to CA CRL file, dynamically resolves based on $::server_ca status.
--puppet-ca-portPuppet CA port
--puppet-ca-serverUse a different ca server. Should be either a string with the location of the ca_server or 'false'.
--puppet-certificate-revocationWhether certificate revocation checking should be enabled, and what level of checking should be performed
--puppet-classfileThe file in which puppet agent stores a list of the classes associated with the retrieved configuration.
--puppet-client-certnameThe node's certificate name, and the unique identifier it uses when requesting catalogs.
--puppet-client-packageInstall a custom package to provide the puppet client
--puppet-codedirOverride the puppet code directory.
--puppet-cron-cmdSpecify command to launch when runmode is set 'cron'.
--puppet-dirOverride the puppet directory.
--puppet-dir-groupGroup of the base puppet directory, used when puppet::server is false.
--puppet-dir-ownerOwner of the base puppet directory, used when puppet::server is false.
--puppet-dns-alt-namesUse additional DNS names when generating a certificate. Defaults to an empty Array.
--puppet-environmentDefault environment of the Puppet agent
--puppet-groupOverride the name of the puppet group.
--puppet-hiera-configThe hiera configuration file.
--puppet-http-connect-timeoutThe maximum amount of time an agent waits when establishing an HTTP connection.
--puppet-http-read-timeoutThe time an agent waits for one block to be read from an HTTP connection. If nothing is read after the elapsed interval then the connection will be closed.
--puppet-localconfigThe localconfig setting.
--puppet-logdirOverride the log directory.
--puppet-manage-packagesShould this module install packages or not. Can also install only server packages with value of 'server' or only agent packages with 'agent'.
--puppet-module-repositoryUse a different puppet module repository
--puppet-package-install-optionsFlags that should be passed to the package manager during installation. Defaults to undef. May be a string, an array or a hash, see Puppet Package resource documentation for the provider matching your package manager
--puppet-package-providerThe provider used to install the agent. Defaults to chocolatey on Windows Defaults to undef elsewhere
--puppet-package-sourceThe location of the file to be used by the agent's package resource. Defaults to undef. If 'windows' or 'msi' are used as the provider then this setting is required.
--puppet-pluginfactsourceURL to retrieve Puppet facts from during pluginsync
--puppet-pluginsourceURL to retrieve Puppet plugins from during pluginsync
--puppet-postrun-commandA command which gets excuted after each Puppet run
--puppet-prerun-commandA command which gets excuted before each Puppet run
--puppet-puppetconf-modeThe permissions for /etc/puppetlabs/puppet/puppet.conf default to '0644' and '0674' on windows
--puppet-reportSend reports to the Puppet Master
--puppet-run-hourThe hour at which to run the puppet agent when runmode is cron or systemd.timer.
--puppet-run-minuteThe minute at which to run the puppet agent when runmode is cron or systemd.timer.
--puppet-rundirOverride the PID directory.
--puppet-runintervalSet up the interval (in seconds) to run the puppet agent.
--puppet-runmodeSelect the mode to setup the puppet agent.
--puppet-serverShould a puppet server be installed as well as the client
--puppet-server-acceptor-threadsThis sets the number of threads that the webserver will dedicate to accepting socket connections for unencrypted HTTP traffic. If not provided, the webserver defaults to the number of virtual cores on the host divided by 8, with a minimum of 1 and maximum of 4.
--puppet-server-additional-settingsA hash of additional settings. Example: {trusted_node_data => true, ordering => 'manifest'}
--puppet-server-admin-api-allowlistThe allowlist of clients that can query the puppet-admin-api endpoint Defaults to [ '127.0.0.1', '::1', $::ipaddress ]
--puppet-server-allow-header-cert-infoEnable client authentication over HTTP Headers Defaults to false, is also activated by the $server_http setting
--puppet-server-caProvide puppet CA
--puppet-server-ca-allow-auth-extensionsAllow CA to sign certificate requests that have authorization extensions Defaults to false
--puppet-server-ca-allow-auto-renewalEnable the auto renewal for client certificates Defaults to false
--puppet-server-ca-allow-auto-renewal-cert-ttlSet the auto renewal interval for client certificates Defaults to 60d
--puppet-server-ca-allow-sansAllow CA to sign certificate requests that have Subject Alternative Names Defaults to false
--puppet-server-ca-auth-requiredWhether client certificates are needed to access the puppet-admin api Defaults to true
--puppet-server-ca-client-allowlistThe allowlist of client certificates that can query the certificate-status endpoint Defaults to [ '127.0.0.1', '::1', $::ipaddress ]
--puppet-server-ca-client-self-deleteAdds a rule to auth.conf, that allows a client to delete its own certificate Defaults to false
--puppet-server-ca-crl-syncSync puppet CA crl file to compilers, Puppet CA Must be the Puppetserver for the compilers. Defaults to false.
--puppet-server-ca-enable-infra-crlEnable the separate CRL for Puppet infrastructure nodes Defaults to false
--puppet-server-certnameThe name to use when handling certificates.
--puppet-server-check-for-updatesShould the puppetserver phone home to check for available updates? Defaults to true
--puppet-server-cipher-suitesList of SSL ciphers to use in negotiation Defaults to ['TLS_AES_128_GCM_SHA256', 'TLS_AES_256_GCM_SHA384', 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384']
--puppet-server-common-modules-pathCommon modules paths
--puppet-server-compile-modeUsed to control JRuby's "CompileMode", which may improve performance. Defaults to undef (off).
--puppet-server-connect-timeoutHow long the server will wait for a response to a connection attempt
--puppet-server-crl-enableTurn on crl checking. Defaults to true when server_ca is true. Otherwise Defaults to false. Note unless you are using an external CA. It is recommended to set this to true. See $server_ca_crl_sync to enable syncing from CA Puppet Master
--puppet-server-custom-trusted-oid-mappingA hash of custom trusted oid mappings. Defaults to undef Example: { 1.3.6.1.4.1.34380.1.2.1.1 => { shortname => 'myshortname' } }
--puppet-server-default-manifestToggle if default_manifest setting should be added to the [main] section
--puppet-server-default-manifest-contentA string to set the content of the default_manifest If set to '' it will not manage the file
--puppet-server-default-manifest-pathA string setting the path to the default_manifest
--puppet-server-dirPuppet configuration directory
--puppet-server-environment-class-cache-enabledEnable environment class cache in conjunction with the use of the environment_classes API. Defaults to false
--puppet-server-environment-timeoutTimeout for cached compiled catalogs (10s, 5m, ...)
--puppet-server-environment-varsA hash of environment variables and their values which the puppetserver is allowed to see. To define literal values double quotes should be used: {'MYVAR': '"MYVALUE"'}. Omitting the inner quotes might lead to unexpected results since the HOCON format does not allow characters like $, curly/square brackets or = in unquoted strings. Multi line strings are also allowed as long as they are triple quoted: {'MYVAR': "\"\"\"MY\nMULTI\nLINE\nVALUE\"\"\""} To pass an existing variable use substitutions: {'MYVAR': '${MYVAR}'}.
--puppet-server-environments-groupThe group owning the environments directory
--puppet-server-environments-modeEnvironments directory mode.
--puppet-server-environments-ownerThe owner of the environments directory
--puppet-server-environments-recurseShould the environments directory be managed recursively
--puppet-server-envs-dirList of directories which hold puppet environments
--puppet-server-envs-targetIndicates that $envs_dir should be a symbolic link to this target
--puppet-server-external-nodesExternal nodes classifier executable
--puppet-server-foremanShould foreman integration be installed
--puppet-server-foreman-factsShould foreman receive facts from puppet
--puppet-server-foreman-ssl-caSSL CA of the Foreman server
--puppet-server-foreman-ssl-certClient certificate for authenticating against Foreman server
--puppet-server-foreman-ssl-keyKey for authenticating against Foreman server
--puppet-server-foreman-urlForeman URL
--puppet-server-git-branch-mapGit branch to puppet env mapping for the default post receive hook
--puppet-server-git-repoUse git repository as a source of modules
--puppet-server-git-repo-groupGit repository group
--puppet-server-git-repo-hook-modeGit repository hook mode
--puppet-server-git-repo-pathGit repository path on disk
--puppet-server-git-repo-umaskUmask used during git operations
--puppet-server-git-repo-userGit repository user
--puppet-server-groupGroup used for the puppetserver process
--puppet-server-httpShould the puppet server listen on HTTP as well as HTTPS. Useful for load balancer or reverse proxy scenarios.
--puppet-server-http-portPuppet server HTTP port; defaults to 8139.
--puppet-server-idle-timeoutHow long the server will wait for a response on an existing connection
--puppet-server-ipBind ip address of the puppetserver
--puppet-server-jolokia-metrics-allowlistThe allowlist of clients that can query the jolokia /metrics/v2 endpoint
--puppet-server-jruby-gem-homeWhere jruby gems are located for puppetserver
--puppet-server-jvm-cli-argsJava options to use when using puppetserver subcommands (eg puppetserver gem).
--puppet-server-jvm-configSpecify the puppetserver jvm configuration file.
--puppet-server-jvm-extra-argsAdditional java options to pass through. This can be used for Java versions prior to Java 8 to specify the max perm space to use: For example: '-XX:MaxPermSize=128m'.
--puppet-server-jvm-java-binSet the default java to use. If unspecified, it will be derived from the Puppet version.
--puppet-server-jvm-max-heap-sizeSpecify the maximum jvm heap space.
--puppet-server-jvm-min-heap-sizeSpecify the minimum jvm heap space.
--puppet-server-manage-userWhether to manage the server user resource
--puppet-server-max-active-instancesMax number of active jruby instances. Defaults to processor count
--puppet-server-max-open-filesIncrease the max open files limit for Puppetserver. Defaults to undef
--puppet-server-max-queued-requestsThe maximum number of requests that may be queued waiting to borrow a JRuby from the pool. Defaults to 0 (disabled).
--puppet-server-max-requests-per-instanceMax number of requests a jruby instances will handle. Defaults to 0 (disabled)
--puppet-server-max-retry-delaySets the upper limit for the random sleep set as a Retry-After header on 503 responses returned when max-queued-requests is enabled. Defaults to 1800.
--puppet-server-max-threadsThis sets the maximum number of threads assigned to responding to HTTP and/or HTTPS requests for a single webserver, effectively changing how many concurrent requests can be made at one time. If not provided, the webserver defaults to 200.
--puppet-server-metrics-allowedSpecify metrics to allow in addition to those in the default list Defaults to undef
--puppet-server-metrics-graphite-enableEnable or disable Graphite metrics reporter. Defaults to false
--puppet-server-metrics-graphite-hostGraphite server host. Defaults to "127.0.0.1"
--puppet-server-metrics-graphite-intervalHow often to send metrics to graphite (in seconds) Defaults to 5
--puppet-server-metrics-graphite-portGraphite server port. Defaults to 2003
--puppet-server-metrics-jmx-enableEnable or disable JMX metrics reporter. Defaults to true
--puppet-server-metrics-server-idA server id that will be used as part of the namespace for metrics produced Defaults to $fqdn
--puppet-server-multithreadedUse multithreaded jruby. Defaults to false.
--puppet-server-packageCustom package name for puppet server
--puppet-server-parserSets the parser to use. Valid options are 'current' or 'future'. Defaults to 'current'.
--puppet-server-portPuppet server port
--puppet-server-post-hook-contentWhich template to use for git post hook
--puppet-server-post-hook-nameName of a git hook
--puppet-server-puppet-basedirWhere is the puppet code base located
--puppet-server-puppetserver-auth-templateTemplate for generating /etc/puppetlabs/puppetserver/conf.d/auth.conf
--puppet-server-puppetserver-dirThe path of the puppetserver config dir
--puppet-server-puppetserver-experimentalEnable the /puppet/experimental route? Defaults to true
--puppet-server-puppetserver-logdirThe path of the puppetserver log dir
--puppet-server-puppetserver-metricsEnable puppetserver http-client metrics
--puppet-server-puppetserver-profilerEnable JRuby profiling. If set to false, compiler and function metrics will not be available, (eg. when enabling graphite metrics)
--puppet-server-puppetserver-rundirThe path of the puppetserver run dir
--puppet-server-puppetserver-telemetryEnable Dropsonde telemetry. Undef means disabled while booleans are explicit opt-in or opt-out. This is different from Puppetserver's default values.
--puppet-server-puppetserver-trusted-agentsCertificate names of puppet agents that are allowed to fetch *all* catalogs Defaults to [] and all agents are only allowed to fetch their own catalogs.
--puppet-server-puppetserver-trusted-certificate-extensionsAn array of hashes of certificate extensions and values to be used in auth.conf
--puppet-server-puppetserver-vardirThe path of the puppetserver var dir
--puppet-server-puppetserver-versionThe version of puppetserver installed (or being installed) Unfortunately, different versions of puppetserver need configuring differently. The default is derived from the installed puppet version. Generally it's not needed to override this but when upgrading it might be.
--puppet-server-reportsList of report types to include on the puppetserver
--puppet-server-request-timeoutTimeout in node.rb script for fetching catalog from Foreman (in seconds).
--puppet-server-ruby-load-pathsList of ruby paths
--puppet-server-selector-threadsThis sets the number of selectors that the webserver will dedicate to processing events on connected sockets for unencrypted HTTPS traffic. If not provided, the webserver defaults to the minimum of: virtual cores on the host divided by 2 or max-threads divided by 16, with a minimum of 1.
--puppet-server-ssl-acceptor-threadsThis sets the number of threads that the webserver will dedicate to accepting socket connections for encrypted HTTPS traffic. If not provided, defaults to the number of virtual cores on the host divided by 8, with a minimum of 1 and maximum of 4.
--puppet-server-ssl-chain-filepathPath to certificate chain for puppetserver Only used when $ca is true Defaults to "${ssl_dir}/ca/ca_crt.pem"
--puppet-server-ssl-dirSSL directory
--puppet-server-ssl-dir-manageToggle if ssl_dir should be added to the [server] configuration section. This is necessary to disable in case CA is delegated to a separate instance
--puppet-server-ssl-key-manageToggle if "private_keys/${::puppet::server::certname}.pem" should be created with default user and group. This is used in the default Forman setup to reuse the key for TLS communication.
--puppet-server-ssl-protocolsArray of SSL protocols to use. Defaults to [ 'TLSv1.3', 'TLSv1.2' ]
--puppet-server-ssl-selector-threadsThis sets the number of selectors that the webserver will dedicate to processing events on connected sockets for encrypted HTTPS traffic. Defaults to the number of virtual cores on the host divided by 2, with a minimum of 1 and maximum of 4. The number of selector threads actually used by Jetty is twice the number of selectors requested. For example, if a value of 3 is specified for the ssl-selector-threads setting, Jetty will actually use 6 selector threads.
--puppet-server-storeconfigsWhether to enable storeconfigs
--puppet-server-strict-variablesif set to true, it will throw parse errors when accessing undeclared variables.
--puppet-server-trusted-external-commandThe external trusted facts script to use.
--puppet-server-userUsername used for the puppetserver process
--puppet-server-versionCustom package version for puppet server
--puppet-server-versioned-code-contentContains the path to an executable script that Puppet Server invokes when on static_file_content requests. Defaults to undef
--puppet-server-versioned-code-idThe path to an executable script that Puppet Server invokes to generate a code_id Defaults to undef
--puppet-server-web-idle-timeoutTime in ms that Jetty allows a socket to be idle, after processing has completed. Defaults to 30000, using the Jetty default of 30s
--puppet-service-nameThe name of the puppet agent service.
--puppet-sharedirOverride the system data directory.
--puppet-show-diffShow and report changed files with diff output
--puppet-splaySwitch to enable a random amount of time to sleep before each run.
--puppet-splaylimitThe maximum time to delay before runs. Defaults to being the same as the run interval. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y).
--puppet-srv-domainSearch domain for SRV records
--puppet-ssldirOverride where SSL certificates are kept.
--puppet-syslogfacilityFacility name to use when logging to syslog
--puppet-systemd-cmdSpecify command to launch when runmode is set 'systemd.timer'.
--puppet-systemd-randomizeddelaysecAdds a random delay between 0 and this value (in seconds) to the timer. Only relevant when runmode is 'systemd.timer'.
--puppet-systemd-unit-nameThe name of the puppet systemd units.
--puppet-unavailable-runmodesRunmodes that are not available for the current system. This module will not try to disable these modes. Default is [] on Linux, ['cron', 'systemd.timer'] on Windows and ['systemd.timer'] on other systems.
--puppet-use-srv-recordsWhether DNS SRV records will be used to resolve the Puppet server
--puppet-usecacheonfailureSwitch to enable use of cached catalog on failure of run.
--puppet-userOverride the name of the puppet user.
--puppet-vardirOverride the puppet var directory.
--puppet-versionSpecify a specific version of a package to install. The version should be the exact match for your distro. You can also use certain values like 'latest'. Note that when you specify exact versions you should also override $server_version since that defaults to $version.
--foreman-plugin-default-hostgroup-hostgroupsAn array of hashes of hostgroup names and facts to add to the configuration
--foreman-plugin-puppetdb-addressAddress of puppetdb API.
--foreman-plugin-puppetdb-api-versionPuppetDB API version.
--foreman-plugin-puppetdb-ssl-ca-fileCA certificate file which will be used to connect to the PuppetDB API.
--foreman-plugin-puppetdb-ssl-certificateCertificate file which will be used to connect to the PuppetDB API.
--foreman-plugin-puppetdb-ssl-private-keyPrivate key file which will be used to connect to the PuppetDB API.
--foreman-plugin-remote-execution-cockpit-ensureSpecify the package state, or absent to remove it
--foreman-plugin-remote-execution-cockpit-originsSpecify additional Cockpit Origins to configure cockpit.conf. The $foreman_url is included by default.
--foreman-plugin-tasks-automatic-cleanupEnable automatic task cleanup using a cron job
--foreman-plugin-tasks-backupEnable creating a backup of cleaned up tasks in CSV format when automatic_cleanup is enabled
--foreman-plugin-tasks-cron-lineCron line defining when the cleanup cron job should run
--foreman-compute-ec2-versionPackage version to install, defaults to installed
--foreman-compute-libvirt-versionPackage version to install, defaults to installed
--foreman-compute-openstack-versionPackage version to install, defaults to installed
--foreman-compute-ovirt-versionPackage version to install, defaults to installed
--foreman-compute-vmware-versionPackage version to install, defaults to installed
--foreman-proxy-plugin-acd-enabledenables/disables the acd plugin
--foreman-proxy-plugin-acd-listen-onproxy feature listens on http, https, or both
--foreman-proxy-plugin-acd-versionplugin package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc.
--foreman-proxy-plugin-ansible-ansible-dirAnsible directory to search for available roles
--foreman-proxy-plugin-ansible-callbackThe callback plugin to configure in ansible.cfg
--foreman-proxy-plugin-ansible-collections-pathsPaths where to look for ansible collections
--foreman-proxy-plugin-ansible-enabledEnables/disables the ansible plugin
--foreman-proxy-plugin-ansible-host-key-checkingWhether to ignore errors when a host is reinstalled so it has a different key in ~/.ssh/known_hosts If a host is not initially in 'known_hosts' setting this to True will result in prompting for confirmation of the key, which is not possible from non-interactive environments like Foreman Remote Execution or cron
--foreman-proxy-plugin-ansible-install-runnerIf true, installs ansible-runner package to support running ansible by ansible-runner
--foreman-proxy-plugin-ansible-listen-onProxy feature listens on https, http, or both
--foreman-proxy-plugin-ansible-roles-pathPaths where we look for ansible roles.
--foreman-proxy-plugin-ansible-runner-package-nameThe name of the ansible-runner package to install
--foreman-proxy-plugin-ansible-ssh-argsThe ssh_args parameter in ansible.cfg under [ssh_connection]
--foreman-proxy-plugin-ansible-working-dirA directory where the playbooks will be generated. A tmp directory will be created when left blank
--foreman-proxy-plugin-dhcp-infoblox-dns-viewThe DNS view to use
--foreman-proxy-plugin-dhcp-infoblox-network-viewThe network view to use
--foreman-proxy-plugin-dhcp-infoblox-passwordThe password of the Infoblox user
--foreman-proxy-plugin-dhcp-infoblox-record-typeRecord type to manage
--foreman-proxy-plugin-dhcp-infoblox-used-ips-search-typeThe search type for used ips
--foreman-proxy-plugin-dhcp-infoblox-usernameThe username of the Infoblox user
--foreman-proxy-plugin-dhcp-remote-isc-dhcp-configDHCP config file path
--foreman-proxy-plugin-dhcp-remote-isc-dhcp-leasesDHCP leases file
--foreman-proxy-plugin-dhcp-remote-isc-key-nameDHCP key name
--foreman-proxy-plugin-dhcp-remote-isc-key-secretDHCP password
--foreman-proxy-plugin-dhcp-remote-isc-omapi-portDHCP server OMAPI port
--foreman-proxy-plugin-discovery-enabledWhether the module is enabled or disabled.
--foreman-proxy-plugin-discovery-image-nametarball with images
--foreman-proxy-plugin-discovery-install-imagesDownload and extract the discovery image
--foreman-proxy-plugin-discovery-listen-onWhen enabled, it's configured to listen on HTTPS (default), HTTP or both.
--foreman-proxy-plugin-discovery-source-urlsource URL to download from
--foreman-proxy-plugin-discovery-tftp-rootTFTP root directory where extracted discovery image will be installed
--foreman-proxy-plugin-discovery-versionThe version to ensure
--foreman-proxy-plugin-dns-infoblox-dns-serverThe address of the Infoblox server
--foreman-proxy-plugin-dns-infoblox-dns-viewThe Infoblox DNS View
--foreman-proxy-plugin-dns-infoblox-passwordThe password of the Infoblox user
--foreman-proxy-plugin-dns-infoblox-usernameThe username of the Infoblox user
--foreman-proxy-plugin-dns-powerdns-rest-api-keyThe REST API key
--foreman-proxy-plugin-dns-powerdns-rest-urlThe REST API URL
--foreman-proxy-plugin-dns-route53-aws-access-keyThe Access Key ID of the IAM account
--foreman-proxy-plugin-dns-route53-aws-secret-keyThe Secret Access Key of the IAM account
--foreman-proxy-plugin-dynflow-console-authWhether to enable trusted hosts and ssl for the dynflow console
--foreman-proxy-plugin-dynflow-database-pathPath to the SQLite database file, set empty for in-memory sqlite
--foreman-proxy-plugin-dynflow-enabledEnables/disables the dynflow plugin
--foreman-proxy-plugin-dynflow-listen-onProxy feature listens on https, http, or both
--foreman-proxy-plugin-dynflow-open-file-limitLimit number of open files - Only Red Hat Operating Systems with Software Collections.
--foreman-proxy-plugin-dynflow-ssl-disabled-ciphersDisable SSL ciphers. For example: ['NULL-MD5', 'NULL-SHA']
--foreman-proxy-plugin-dynflow-tls-disabled-versionsDisable TLS versions. Version 1.0 is always disabled. For example: ['1.1']
--foreman-proxy-plugin-monitoring-collect-statuscollect monitoring status from monitoring solution
--foreman-proxy-plugin-monitoring-enabledenables/disables the monitoring plugin
--foreman-proxy-plugin-monitoring-listen-onproxy feature listens on http, https, or both
--foreman-proxy-plugin-monitoring-providersmonitoring providers
--foreman-proxy-plugin-monitoring-versionplugin package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc.
--foreman-proxy-plugin-omaha-contentpathPath where omaha content is stored
--foreman-proxy-plugin-omaha-distributiondistribution type, it's passed to specify the distribution type. can be set to one of 'coreos' (default), 'flatcar'
--foreman-proxy-plugin-omaha-enabledenables/disables the omaha plugin
--foreman-proxy-plugin-omaha-http-proxyURL to a proxy server that should be used to retrieve omaha content, e.g. 'http://proxy.example.com:3128/'
--foreman-proxy-plugin-omaha-listen-onproxy feature listens on http, https, or both
--foreman-proxy-plugin-omaha-sync-releasesHow many of the latest releases should be synced
--foreman-proxy-plugin-omaha-versionplugin package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc.
--foreman-proxy-plugin-openscap-ansible-moduleEnsure the Ansible module
--foreman-proxy-plugin-openscap-ansible-module-ensureThe state of the Ansible module to ensure
--foreman-proxy-plugin-openscap-contentdirDirectory where OpenSCAP content XML are stored So we will not request the XML from Foreman each time
--foreman-proxy-plugin-openscap-corrupted-dirDirectory where corrupted OpenSCAP report XML are stored
--foreman-proxy-plugin-openscap-enabledenables/disables the openscap plugin
--foreman-proxy-plugin-openscap-failed-dirDirectory where OpenSCAP report XML are stored In case sending to Foreman succeeded, yet failed to save to reportsdir
--foreman-proxy-plugin-openscap-listen-onProxy feature listens on http, https, or both
--foreman-proxy-plugin-openscap-openscap-send-log-fileLog file for the forwarding script
--foreman-proxy-plugin-openscap-proxy-nameProxy name to send to Foreman with parsed report Foreman matches it against names of registered proxies to find the report source
--foreman-proxy-plugin-openscap-puppet-moduleEnsure the Puppet module. This only makes sense if Puppetserver runs on the same machine.
--foreman-proxy-plugin-openscap-puppet-module-ensureThe state of the Puppet module to ensure
--foreman-proxy-plugin-openscap-reportsdirDirectory where OpenSCAP report XML are stored So Foreman can request arf xml reports
--foreman-proxy-plugin-openscap-spooldirDirectory where OpenSCAP audits are stored before they are forwarded to Foreman
--foreman-proxy-plugin-openscap-timeoutTimeout for sending ARF reports to foreman
--foreman-proxy-plugin-openscap-versionplugin package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc.
--foreman-proxy-plugin-remote-execution-script-cockpit-integrationEnables/disables Cockpit integration
--foreman-proxy-plugin-remote-execution-script-enabledEnables/disables the plugin
--foreman-proxy-plugin-remote-execution-script-generate-keysAutomatically generate SSH keys
--foreman-proxy-plugin-remote-execution-script-install-keyAutomatically install generated SSH key to root authorized keys which allows managing this host through Remote Execution
--foreman-proxy-plugin-remote-execution-script-listen-onProxy feature listens on https, http, or both
--foreman-proxy-plugin-remote-execution-script-local-working-dirLocal working directory on the smart proxy
--foreman-proxy-plugin-remote-execution-script-modeOperation Mode of the plugin.
--foreman-proxy-plugin-remote-execution-script-mqtt-rate-limitNumber of jobs that are allowed to run at the same time
--foreman-proxy-plugin-remote-execution-script-mqtt-resend-intervalTime interval in seconds at which the notification should be re-sent to the host until the job is picked up or canceleld
--foreman-proxy-plugin-remote-execution-script-mqtt-ttlTime interval in seconds given to the host to pick up the job before considering the job undelivered.
--foreman-proxy-plugin-remote-execution-script-remote-working-dirRemote working directory on clients
--foreman-proxy-plugin-remote-execution-script-ssh-identity-dirDirectory where SSH keys are stored
--foreman-proxy-plugin-remote-execution-script-ssh-identity-fileProvide an alternative name for the SSH keys
--foreman-proxy-plugin-remote-execution-script-ssh-kerberos-authEnable kerberos authentication for SSH
--foreman-proxy-plugin-remote-execution-script-ssh-keygenLocation of the ssh-keygen binary
--foreman-proxy-plugin-remote-execution-script-ssh-log-levelConfigure ssh client LogLevel
--foreman-proxy-plugin-salt-apiUse Salt API
--foreman-proxy-plugin-salt-api-authSalt API auth mechanism
--foreman-proxy-plugin-salt-api-passwordSalt API password
--foreman-proxy-plugin-salt-api-urlSalt API URL
--foreman-proxy-plugin-salt-api-usernameSalt API username
--foreman-proxy-plugin-salt-autosign-fileFile to use for salt autosign
--foreman-proxy-plugin-salt-autosign-key-fileFile to use for salt autosign via grains
--foreman-proxy-plugin-salt-enabledEnables/disables the salt plugin
--foreman-proxy-plugin-salt-groupGroup to run salt commands and access configuration files
--foreman-proxy-plugin-salt-listen-onProxy feature listens on https, http, or both
--foreman-proxy-plugin-salt-saltfilePath to Saltfile
--foreman-proxy-plugin-salt-userUser to run salt commands under
--foreman-proxy-plugin-shellhooks-directoryAbsolute path to directory with executables
--foreman-proxy-plugin-shellhooks-enabledenables/disables the shellhooks plugin
--foreman-proxy-plugin-shellhooks-listen-onproxy feature listens on http, https, or both
--foreman-proxy-plugin-shellhooks-versionplugin package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc.
+
diff --git a/_includes/manuals/nightly/3.2.2_installer_options.md b/_includes/manuals/nightly/3.2.2_installer_options.md index 8bb453e296..6a773bedcf 100644 --- a/_includes/manuals/nightly/3.2.2_installer_options.md +++ b/_includes/manuals/nightly/3.2.2_installer_options.md @@ -24,298 +24,7 @@ The installer contains a number of high level modules (e.g. "foreman", "puppet") More information about compute resources can be found in the [Compute Resources section](/manuals/{{page.version}}/index.html#5.2ComputeResources) and plugins in the [Plugins section](/manuals/{{page.version}}/index.html#6.Plugins). -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
OptionDescription
--[no-]enable-apache-mod-statusEnable 'apache_mod_status' puppet module
--[no-]enable-foremanEnable 'foreman' puppet module
--[no-]enable-foreman-cliEnable 'foreman_cli' puppet module
--[no-]enable-foreman-cli-ansibleEnable 'foreman_cli_ansible' puppet module
--[no-]enable-foreman-cli-azureEnable 'foreman_cli_azure' puppet module
--[no-]enable-foreman-cli-discoveryEnable 'foreman_cli_discovery' puppet module
--[no-]enable-foreman-cli-googleEnable 'foreman_cli_google' puppet module
--[no-]enable-foreman-cli-kubevirtEnable 'foreman_cli_kubevirt' puppet module
--[no-]enable-foreman-cli-openscapEnable 'foreman_cli_openscap' puppet module
--[no-]enable-foreman-cli-puppetEnable 'foreman_cli_puppet' puppet module
--[no-]enable-foreman-cli-remote-executionEnable 'foreman_cli_remote_execution' puppet module
--[no-]enable-foreman-cli-sshEnable 'foreman_cli_ssh' puppet module
--[no-]enable-foreman-cli-tasksEnable 'foreman_cli_tasks' puppet module
--[no-]enable-foreman-cli-templatesEnable 'foreman_cli_templates' puppet module
--[no-]enable-foreman-cli-webhooksEnable 'foreman_cli_webhooks' puppet module
--[no-]enable-foreman-proxyEnable 'foreman_proxy' puppet module
--[no-]enable-puppetEnable 'puppet' puppet module
--[no-]enable-foreman-plugin-acdEnable 'foreman_plugin_acd' puppet module (foreman_acd)
--[no-]enable-foreman-plugin-ansibleEnable 'foreman_plugin_ansible' puppet module (foreman_ansible)
--[no-]enable-foreman-plugin-azureEnable 'foreman_plugin_azure' puppet module (foreman_azure)
--[no-]enable-foreman-plugin-bootdiskEnable 'foreman_plugin_bootdisk' puppet module (foreman_bootdisk)
--[no-]enable-foreman-plugin-default-hostgroupEnable 'foreman_plugin_default_hostgroup' puppet module (foreman_default_hostgroup)
--[no-]enable-foreman-plugin-dhcp-browserEnable 'foreman_plugin_dhcp_browser' puppet module (foreman_dhcp_browser)
--[no-]enable-foreman-plugin-discoveryEnable 'foreman_plugin_discovery' puppet module (foreman_discovery)
--[no-]enable-foreman-plugin-dlmEnable 'foreman_plugin_dlm' puppet module (foreman_dlm)
--[no-]enable-foreman-plugin-expire-hostsEnable 'foreman_plugin_expire_hosts' puppet module (foreman_expire_hosts)
--[no-]enable-foreman-plugin-git-templatesEnable 'foreman_plugin_git_templates' puppet module (foreman_git_templates)
--[no-]enable-foreman-plugin-googleEnable 'foreman_plugin_google' puppet module (foreman_google)
--[no-]enable-foreman-plugin-host-extra-validatorEnable 'foreman_plugin_host_extra_validator' puppet module (foreman_host_extra_validator)
--[no-]enable-foreman-plugin-kubevirtEnable 'foreman_plugin_kubevirt' puppet module (foreman_kubevirt)
--[no-]enable-foreman-plugin-leappEnable 'foreman_plugin_leapp' puppet module (foreman_leapp)
--[no-]enable-foreman-plugin-monitoringEnable 'foreman_plugin_monitoring' puppet module (foreman_monitoring)
--[no-]enable-foreman-plugin-netboxEnable 'foreman_plugin_netbox' puppet module (foreman_netbox)
--[no-]enable-foreman-plugin-omahaEnable 'foreman_plugin_omaha' puppet module (foreman_omaha)
--[no-]enable-foreman-plugin-openscapEnable 'foreman_plugin_openscap' puppet module (foreman_openscap)
--[no-]enable-foreman-plugin-ovirt-provisionEnable 'foreman_plugin_ovirt_provision' puppet module (ovirt_provision_plugin)
--[no-]enable-foreman-plugin-proxmoxEnable 'foreman_plugin_proxmox' puppet module (foreman_proxmox)
--[no-]enable-foreman-plugin-puppetEnable 'foreman_plugin_puppet' puppet module (foreman_puppet)
--[no-]enable-foreman-plugin-puppetdbEnable 'foreman_plugin_puppetdb' puppet module (puppetdb_foreman)
--[no-]enable-foreman-plugin-remote-executionEnable 'foreman_plugin_remote_execution' puppet module (foreman_remote_execution)
--[no-]enable-foreman-plugin-remote-execution-cockpitEnable 'foreman_plugin_remote_execution_cockpit' puppet module (foreman_remote_execution_cockpit)
--[no-]enable-foreman-plugin-rescueEnable 'foreman_plugin_rescue' puppet module (foreman_rescue)
--[no-]enable-foreman-plugin-saltEnable 'foreman_plugin_salt' puppet module (foreman_salt)
--[no-]enable-foreman-plugin-snapshot-managementEnable 'foreman_plugin_snapshot_management' puppet module (foreman_snapshot_management)
--[no-]enable-foreman-plugin-statisticsEnable 'foreman_plugin_statistics' puppet module (foreman_statistics)
--[no-]enable-foreman-plugin-tasksEnable 'foreman_plugin_tasks' puppet module (foreman_tasks)
--[no-]enable-foreman-plugin-templatesEnable 'foreman_plugin_templates' puppet module (foreman_templates)
--[no-]enable-foreman-plugin-vaultEnable 'foreman_plugin_vault' puppet module (foreman_vault)
--[no-]enable-foreman-plugin-webhooksEnable 'foreman_plugin_webhooks' puppet module (foreman_webhooks)
--[no-]enable-foreman-plugin-wreckingballEnable 'foreman_plugin_wreckingball' puppet module (foreman_wreckingball)
--[no-]enable-foreman-compute-ec2Enable 'foreman_compute_ec2' puppet module
--[no-]enable-foreman-compute-libvirtEnable 'foreman_compute_libvirt' puppet module
--[no-]enable-foreman-compute-openstackEnable 'foreman_compute_openstack' puppet module
--[no-]enable-foreman-compute-ovirtEnable 'foreman_compute_ovirt' puppet module
--[no-]enable-foreman-compute-vmwareEnable 'foreman_compute_vmware' puppet module
--[no-]enable-foreman-proxy-plugin-acdEnable 'foreman_proxy_plugin_acd' puppet module (smart_proxy_acd)
--[no-]enable-foreman-proxy-plugin-ansibleEnable 'foreman_proxy_plugin_ansible' puppet module (smart_proxy_ansible)
--[no-]enable-foreman-proxy-plugin-dhcp-infobloxEnable 'foreman_proxy_plugin_dhcp_infoblox' puppet module (smart_proxy_dhcp_infoblox)
--[no-]enable-foreman-proxy-plugin-dhcp-remote-iscEnable 'foreman_proxy_plugin_dhcp_remote_isc' puppet module (smart_proxy_dhcp_remote_isc)
--[no-]enable-foreman-proxy-plugin-discoveryEnable 'foreman_proxy_plugin_discovery' puppet module (smart_proxy_discovery)
--[no-]enable-foreman-proxy-plugin-dns-infobloxEnable 'foreman_proxy_plugin_dns_infoblox' puppet module (smart_proxy_dns_infoblox)
--[no-]enable-foreman-proxy-plugin-dns-powerdnsEnable 'foreman_proxy_plugin_dns_powerdns' puppet module (smart_proxy_dns_powerdns)
--[no-]enable-foreman-proxy-plugin-dns-route53Enable 'foreman_proxy_plugin_dns_route53' puppet module (smart_proxy_dns_route53)
--[no-]enable-foreman-proxy-plugin-dynflowEnable 'foreman_proxy_plugin_dynflow' puppet module (smart_proxy_dynflow)
--[no-]enable-foreman-proxy-plugin-monitoringEnable 'foreman_proxy_plugin_monitoring' puppet module (smart_proxy_monitoring)
--[no-]enable-foreman-proxy-plugin-omahaEnable 'foreman_proxy_plugin_omaha' puppet module (smart_proxy_omaha)
--[no-]enable-foreman-proxy-plugin-openscapEnable 'foreman_proxy_plugin_openscap' puppet module (smart_proxy_openscap)
--[no-]enable-foreman-proxy-plugin-remote-execution-scriptEnable 'foreman_proxy_plugin_remote_execution_script' puppet module (smart_proxy_remote_execution_script)
--[no-]enable-foreman-proxy-plugin-saltEnable 'foreman_proxy_plugin_salt' puppet module (smart_proxy_salt)
--[no-]enable-foreman-proxy-plugin-shellhooksEnable 'foreman_proxy_plugin_shellhooks' puppet module (smart_proxy_shellhooks)
-
+{% include manuals/{{page.version}}/3.2.2_installer_options-help.md %} #### Available options @@ -326,2198 +35,7 @@ For example the hash `{show_diff => true, stringify_facts => false}` for `--pupp -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
OptionDescription
--apache-mod-status-extended-statusDetermines whether to track extended status information for each request, via the ExtendedStatus directive.
--apache-mod-status-requiresA Variant type that can be: - String with: - '' or 'unmanaged' - Host auth control done elsewhere - 'ip <List of IPs>>' - Allowed IPs/ranges - 'host <List of names>' - Allowed names/domains - 'all [granted|denied]' - Array of strings with ip or host as above - Hash with following keys: - 'requires' - Value => Array as above - 'enforce' - Value => String 'Any', 'All' or 'None' This encloses "Require" directives in "" block Optional - If unspecified, "Require" directives follow current flow
--apache-mod-status-status-pathPath assigned to the Location directive which defines the URL to access the server status.
--foreman-apacheConfigure Apache as a reverse proxy for the Foreman server
--foreman-client-ssl-caDefines the SSL CA used to communicate with Foreman Proxies
--foreman-client-ssl-certDefines the SSL certificate used to communicate with Foreman Proxies
--foreman-client-ssl-keyDefines the SSL private key used to communicate with Foreman Proxies
--foreman-cors-domainsList of domains that show be allowed for Cross-Origin Resource Sharing
--foreman-db-databaseDatabase 'production' database (e.g. foreman)
--foreman-db-hostDatabase 'production' host
--foreman-db-manageIf enabled, will install and configure the database server on this host
--foreman-db-manage-rakeif enabled, will run rake jobs, which depend on the database
--foreman-db-passwordDatabase 'production' password, default is randomly generated
--foreman-db-poolDatabase 'production' size of connection pool. If the value is not set, it will be set by default to the amount of puma threads + 4 (for internal system threads)
--foreman-db-portDatabase 'production' port
--foreman-db-root-certRoot cert used to verify SSL connection to postgres
--foreman-db-sslmodeDatabase 'production' ssl mode
--foreman-db-usernameDatabase 'production' user (e.g. foreman)
--foreman-dynflow-manage-servicesWhether to manage the dynflow services
--foreman-dynflow-orchestrator-ensureThe state of the dynflow orchestrator instance
--foreman-dynflow-redis-urlIf set, the redis server is not managed and we use the defined url to connect
--foreman-dynflow-worker-concurrencyHow many concurrent jobs to handle per worker instance
--foreman-dynflow-worker-instancesThe number of worker instances that should be running
--foreman-email-delivery-methodEmail delivery method
--foreman-email-reply-addressEmail reply address for emails that Foreman is sending
--foreman-email-sendmail-argumentsThe arguments to pass to the sendmail binary. Unused when SMTP delivery is used.
--foreman-email-sendmail-locationThe location of the binary to call when sendmail is the delivery method. Unused when SMTP delivery is used.
--foreman-email-smtp-addressSMTP server hostname, when delivery method is SMTP
--foreman-email-smtp-authenticationSMTP authentication method
--foreman-email-smtp-domainSMTP HELO domain
--foreman-email-smtp-passwordPassword for SMTP server auth, if authentication is enabled
--foreman-email-smtp-portSMTP port
--foreman-email-smtp-user-nameUsername for SMTP server auth, if authentication is enabled
--foreman-email-subject-prefixPrefix to add to all outgoing email
--foreman-foreman-service-puma-threads-maxMaximum number of threads for every Puma worker
--foreman-foreman-service-puma-threads-minMinimum number of threads for every Puma worker. If no value is specified, this defaults to setting min threads to maximum threads. Setting min threads equal to max threads has been shown to alleviate memory leaks and in some cases produce better performance.
--foreman-foreman-service-puma-workersNumber of workers for Puma. If not set, the value is dynamically calculated based on available number of CPUs and memory.
--foreman-foreman-urlURL on which foreman is going to run
--foreman-gssapi-local-nameWhether to enable GssapiLocalName when using mod_auth_gssapi
--foreman-hsts-enabledShould HSTS enforcement in https requests be enabled
--foreman-http-keytabPath to keytab to be used for Kerberos authentication on the WebUI. If left empty, it will be automatically determined.
--foreman-initial-admin-emailInitial E-mail address of the admin user
--foreman-initial-admin-first-nameInitial first name of the admin user
--foreman-initial-admin-last-nameInitial last name of the admin user
--foreman-initial-admin-localeInitial locale (= language) of the admin user
--foreman-initial-admin-passwordInitial password of the admin user, default is randomly generated
--foreman-initial-admin-timezoneInitial timezone of the admin user
--foreman-initial-admin-usernameInitial username for the admin user account, default is admin
--foreman-initial-locationName of an initial location
--foreman-initial-organizationName of an initial organization
--foreman-ipa-authenticationEnable configuration for external authentication via IPA
--foreman-ipa-authentication-apiEnable configuration for external authentication via IPA for API
--foreman-ipa-manage-sssdIf ipa_authentication is true, should the installer manage SSSD? You can disable it if you use another module for SSSD configuration
--foreman-ipa-sssd-default-realmIf ipa_manage_sssd is true, set default_domain_suffix option in sssd configuration to this value to allow logging in without having to provide the domain name.
--foreman-keycloakEnable Keycloak support. Note this is limited to configuring Apache and still relies on manually running keycloak-httpd-client-install
--foreman-keycloak-app-nameThe app name as passed to keycloak-httpd-client-install
--foreman-keycloak-realmThe realm as passed to keycloak-httpd-client-install
--foreman-loggersEnable or disable specific loggers, e.g. {"sql" => true}
--foreman-logging-layoutLogging layout of the Foreman application
--foreman-logging-levelLogging level of the Foreman application
--foreman-logging-typeLogging type of the Foreman application
--foreman-oauth-activeEnable OAuth authentication for REST API
--foreman-oauth-consumer-keyOAuth consumer key
--foreman-oauth-consumer-secretOAuth consumer secret
--foreman-oauth-effective-userUser to be used for REST interaction
--foreman-oauth-map-usersShould Foreman use the foreman_user header to identify API user?
--foreman-pam-servicePAM service used for host-based access control in IPA
--foreman-plugin-versionForeman plugins package version, it's passed to ensure parameter of package resource can be set to 'installed', 'latest', 'present' only
--foreman-provisioning-ct-locationThe location of the binary to call when transpiling CoreOS templates.
--foreman-provisioning-fcct-locationThe location of the binary to call when transpiling Fedora CoreOS templates.
--foreman-rails-cache-storeSet rails cache store
--foreman-register-in-foremanRegister host in Foreman
--foreman-server-portDefines Apache port for HTTP requests
--foreman-server-ssl-caDefines Apache mod_ssl SSLCACertificateFile setting in Foreman vhost conf file.
--foreman-server-ssl-certDefines Apache mod_ssl SSLCertificateFile setting in Foreman vhost conf file.
--foreman-server-ssl-chainDefines Apache mod_ssl SSLCertificateChainFile setting in Foreman vhost conf file.
--foreman-server-ssl-crlDefines the Apache mod_ssl SSLCARevocationFile setting in Foreman vhost conf file.
--foreman-server-ssl-keyDefines Apache mod_ssl SSLCertificateKeyFile setting in Foreman vhost conf file.
--foreman-server-ssl-portDefines Apache port for HTTPS requests
--foreman-server-ssl-protocolDefines the Apache mod_ssl SSLProtocol setting in Foreman vhost conf file.
--foreman-server-ssl-verify-clientDefines the Apache mod_ssl SSLVerifyClient setting in Foreman vhost conf file.
--foreman-serveraliasesServer aliases of the VirtualHost in the webserver
--foreman-servernameServer name of the VirtualHost in the webserver
--foreman-sslEnable and set require_ssl in Foreman settings (note: requires Apache, SSL does not apply to kickstarts)
--foreman-telemetry-logger-enabledEnable telemetry logs - useful for telemetry debugging
--foreman-telemetry-logger-levelTelemetry debugging logs level
--foreman-telemetry-prefixPrefix for all metrics
--foreman-telemetry-prometheus-enabledEnable prometheus telemetry
--foreman-telemetry-statsd-enabledEnable statsd telemetry
--foreman-telemetry-statsd-hostStatsd host in format ip:port, do not use DNS
--foreman-telemetry-statsd-protocolStatsd protocol one of 'statsd', 'statsite' or 'datadog' - currently only statsd is supported
--foreman-trusted-proxiesList of trusted IPs / networks. Default: IPv4 and IPV6 localhost addresses. If overwritten, localhost addresses (127.0.0.1/8, ::1) need to be in trusted_proxies IP list again. More details: https://api.rubyonrails.org/classes/ActionDispatch/RemoteIp.html
--foreman-unattendedShould Foreman manage host provisioning as well
--foreman-unattended-urlURL hosts will retrieve templates from during build (normally http as many installers don't support https)
--foreman-versionForeman package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc.
--foreman-websockets-encryptWhether to encrypt websocket connections
--foreman-websockets-ssl-certSSL certificate file to use when encrypting websocket connections
--foreman-websockets-ssl-keySSL key file to use when encrypting websocket connections
--foreman-cli-foreman-urlURL on which Foreman runs
--foreman-cli-manage-root-configWhether to manage /root/.hammer configuration.
--foreman-cli-passwordPassword for authentication
--foreman-cli-refresh-cacheCheck API documentation cache status on each request
--foreman-cli-request-timeoutAPI request timeout, set -1 for infinity
--foreman-cli-ssl-ca-filePath to SSL certificate authority
--foreman-cli-use-sessionsEnable using sessions
--foreman-cli-usernameUsername for authentication
--foreman-cli-versionforeman-cli package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc.
--foreman-proxy-autosignfileHostname-Whitelisting only: Location of puppets autosign.conf
--foreman-proxy-bind-hostHost to bind ports to, e.g. *, localhost, 0.0.0.0
--foreman-proxy-bmcEnable BMC feature
--foreman-proxy-bmc-default-providerBMC default provider.
--foreman-proxy-bmc-listen-onBMC proxy to listen on https, http, or both
--foreman-proxy-bmc-redfish-verify-sslBMC Redfish verify ssl.
--foreman-proxy-bmc-ssh-keyBMC SSH key location.
--foreman-proxy-bmc-ssh-powercycleBMC SSH powercycle command.
--foreman-proxy-bmc-ssh-poweroffBMC SSH poweroff command.
--foreman-proxy-bmc-ssh-poweronBMC SSH poweron command.
--foreman-proxy-bmc-ssh-powerstatusBMC SSH powerstatus command.
--foreman-proxy-bmc-ssh-userBMC SSH user.
--foreman-proxy-dhcpEnable DHCP feature
--foreman-proxy-dhcp-additional-interfacesAdditional DHCP listen interfaces (in addition to dhcp_interface). Note: as opposed to dhcp_interface *no* subnet will be provisioned for any of the additional DHCP listen interfaces. Please configure any additional subnets using `dhcp::pool` and related resource types (provided by the theforeman/puppet-dhcp module).
--foreman-proxy-dhcp-configDHCP config file path
--foreman-proxy-dhcp-failover-addressAddress for DHCP to listen for connections from its peer
--foreman-proxy-dhcp-failover-portPort for DHCP to listen & communicate with it DHCP peer
--foreman-proxy-dhcp-gatewayDHCP pool gateway
--foreman-proxy-dhcp-interfaceDHCP listen interface
--foreman-proxy-dhcp-ipxe-bootstrapEnable or disable iPXE bootstrap(discovery) feature
--foreman-proxy-dhcp-ipxefilenameiPXE DHCP "filename" value, If not specified, it's determined dynamically. When the templates feature is enabled, the template_url is used.
--foreman-proxy-dhcp-key-nameDHCP key name
--foreman-proxy-dhcp-key-secretDHCP password
--foreman-proxy-dhcp-leasesDHCP leases file
--foreman-proxy-dhcp-listen-onDHCP proxy to listen on https, http, or both
--foreman-proxy-dhcp-load-balanceCutoff after which load balancing is disabled
--foreman-proxy-dhcp-load-splitSplit leases between Primary and Secondary. 255 means Primary is chiefly responsible. 0 means Secondary is chiefly responsible.
--foreman-proxy-dhcp-manage-aclsWhether to manage DHCP directory ACLs. This allows the Foreman Proxy user to access even if the directory mode is 0750.
--foreman-proxy-dhcp-managedThe DHCP daemon is managed by this module
--foreman-proxy-dhcp-max-response-delaySeconds after it will assume that connection has failed to DHCP peer
--foreman-proxy-dhcp-max-unacked-updatesHow many BNDUPD messages DHCP can send before it receives a BNDACK from the local system
--foreman-proxy-dhcp-mcltSeconds for which a lease may be renewed by either failover peer without contacting the other
--foreman-proxy-dhcp-nameserversDHCP nameservers, comma-separated
--foreman-proxy-dhcp-netmaskDHCP server netmask value, defaults otherwise to value based on IP of dhcp_interface
--foreman-proxy-dhcp-networkDHCP server network value, defaults otherwise to value based on IP of dhcp_interface
--foreman-proxy-dhcp-node-typeDHCP node type
--foreman-proxy-dhcp-omapi-portDHCP server OMAPI port
--foreman-proxy-dhcp-option-domainDHCP use the dhcpd config option domain-name
--foreman-proxy-dhcp-peer-addressThe other DHCP servers address
--foreman-proxy-dhcp-ping-free-ipPerform ICMP and TCP ping when searching free IPs from the pool. This makes sure that active IP address is not suggested as free, however in locked down network environments this can cause no free IPs.
--foreman-proxy-dhcp-providerDHCP provider for the DHCP module
--foreman-proxy-dhcp-pxefilenameDHCP "filename" value, defaults otherwise to pxelinux.0
--foreman-proxy-dhcp-pxeserverDHCP "next-server" value, defaults otherwise to IP of dhcp_interface
--foreman-proxy-dhcp-rangeSpace-separated DHCP pool range
--foreman-proxy-dhcp-search-domainsDHCP search domains option
--foreman-proxy-dhcp-serverAddress of DHCP server to manage
--foreman-proxy-dhcp-subnetsSubnets list to restrict DHCP management to
--foreman-proxy-dnsEnable DNS feature
--foreman-proxy-dns-forwardersDNS forwarders
--foreman-proxy-dns-interfaceDNS interface
--foreman-proxy-dns-listen-onDNS proxy to listen on https, http, or both
--foreman-proxy-dns-managedThe DNS daemon is managed by this module. Only supported for the nsupdate and nsupdate_gss DNS providers.
--foreman-proxy-dns-providerDNS provider
--foreman-proxy-dns-reverseDNS reverse zone name
--foreman-proxy-dns-serverAddress of DNS server to manage
--foreman-proxy-dns-tsig-keytabKerberos keytab for DNS updates using GSS-TSIG authentication
--foreman-proxy-dns-tsig-principalKerberos principal for DNS updates using GSS-TSIG authentication
--foreman-proxy-dns-ttlDNS default TTL override
--foreman-proxy-dns-zoneDNS zone name
--foreman-proxy-ensure-packages-versioncontrol extra packages version, it's passed to ensure parameter of package resource
--foreman-proxy-foreman-base-urlBase Foreman URL used for REST interaction
--foreman-proxy-foreman-ssl-caSSL CA used to verify connections when accessing the Foreman API. When not specified, the ssl_ca is used instead.
--foreman-proxy-foreman-ssl-certSSL client certificate used when accessing the Foreman API When not specified, the ssl_cert is used instead.
--foreman-proxy-foreman-ssl-keyCorresponding key to a foreman_ssl_cert certificate When not specified, the ssl_key is used instead.
--foreman-proxy-freeipa-configPath to FreeIPA default.conf configuration file
--foreman-proxy-freeipa-remove-dnsRemove DNS entries from FreeIPA when deleting hosts from realm
--foreman-proxy-groupsArray of additional groups for the foreman proxy user
--foreman-proxy-httpEnable HTTP
--foreman-proxy-http-portHTTP port to listen on (if http is enabled)
--foreman-proxy-httpbootEnable HTTPBoot feature. In most deployments this requires HTTP to be enabled as well.
--foreman-proxy-httpboot-listen-onHTTPBoot proxy to listen on https, http, or both
--foreman-proxy-keyfileDNS server keyfile path
--foreman-proxy-libvirt-connectionConnection string of libvirt DNS/DHCP provider (e.g. "qemu:///system")
--foreman-proxy-libvirt-networkNetwork for libvirt DNS/DHCP provider
--foreman-proxy-logForeman proxy log file, 'STDOUT', 'SYSLOG' or 'JOURNAL'
--foreman-proxy-log-bufferLog buffer size
--foreman-proxy-log-buffer-errorsAdditional log buffer size for errors
--foreman-proxy-log-levelForeman proxy log level
--foreman-proxy-logsEnable Logs (log buffer) feature
--foreman-proxy-logs-listen-onLogs proxy to listen on https, http, or both
--foreman-proxy-manage-puppet-groupWhether to ensure the $puppet_group exists. Also ensures group owner of ssl keys and certs is $puppet_group Not applicable when ssl is false.
--foreman-proxy-manage-servicecontrol the service, whether it should be started / enabled or not. useful, if the service should be managed by a cluster software e.g. corosync / pacemaker
--foreman-proxy-oauth-consumer-keyOAuth key to be used for REST interaction
--foreman-proxy-oauth-consumer-secretOAuth secret to be used for REST interaction
--foreman-proxy-oauth-effective-userUser to be used for REST interaction
--foreman-proxy-puppetEnable Puppet module for environment imports and Puppet runs
--foreman-proxy-puppet-api-timeoutTimeout in seconds when accessing Puppet environment classes API
--foreman-proxy-puppet-groupGroups of Foreman proxy user
--foreman-proxy-puppet-listen-onProtocols for the Puppet feature to listen on
--foreman-proxy-puppet-ssl-caSSL CA used to verify connections when accessing the Puppet master API
--foreman-proxy-puppet-ssl-certSSL certificate used when accessing the Puppet master API
--foreman-proxy-puppet-ssl-keySSL private key used when accessing the Puppet master API
--foreman-proxy-puppet-urlURL of the Puppet master itself for API requests
--foreman-proxy-puppetcaEnable Puppet CA feature
--foreman-proxy-puppetca-certificateToken-whitelisting only: Certificate to use when encrypting tokens (undef to use SSL certificate)
--foreman-proxy-puppetca-listen-onProtocols for the Puppet CA feature to listen on
--foreman-proxy-puppetca-providerWhether to use puppetca_hostname_whitelisting or puppetca_token_whitelisting
--foreman-proxy-puppetca-sign-allToken-whitelisting only: Whether to sign all CSRs without checking their token
--foreman-proxy-puppetca-token-ttlToken-whitelisting only: Fallback time (in minutes) after which tokens will expire
--foreman-proxy-puppetca-tokens-fileToken-Whitelisting only: Location of the tokens.yaml
--foreman-proxy-puppetdirPuppet var directory
--foreman-proxy-realmEnable realm management feature
--foreman-proxy-realm-keytabKerberos keytab path to authenticate realm updates
--foreman-proxy-realm-listen-onRealm proxy to listen on https, http, or both
--foreman-proxy-realm-principalKerberos principal for realm updates
--foreman-proxy-realm-providerRealm management provider
--foreman-proxy-register-in-foremanRegister proxy back in Foreman
--foreman-proxy-registered-nameProxy name which is registered in Foreman
--foreman-proxy-registered-proxy-urlProxy URL which is registered in Foreman
--foreman-proxy-registrationEnable Registration feature
--foreman-proxy-registration-listen-onRegistration proxy to listen on https, http, or both
--foreman-proxy-registration-urlURL that hosts will connect to when registering
--foreman-proxy-sslEnable SSL, ensure feature is added with "https://" protocol if true
--foreman-proxy-ssl-caSSL CA to validate the client certificates used to access the proxy
--foreman-proxy-ssl-certSSL certificate to be used to run the foreman proxy via https.
--foreman-proxy-ssl-disabled-ciphersList of OpenSSL cipher suite names that will be disabled from the default
--foreman-proxy-ssl-keyCorresponding key to a ssl_cert certificate
--foreman-proxy-ssl-portHTTPS port to listen on (if ssl is enabled)
--foreman-proxy-ssldirPuppet CA SSL directory
--foreman-proxy-template-urlURL a client should use for provisioning templates
--foreman-proxy-templatesEnable templates feature
--foreman-proxy-templates-listen-onTemplates proxy to listen on https, http, or both
--foreman-proxy-tftpEnable TFTP feature
--foreman-proxy-tftp-dirsDirectories to be create in $tftp_root
--foreman-proxy-tftp-listen-onTFTP proxy to listen on https, http, or both
--foreman-proxy-tftp-manage-wgetIf enabled will install the wget package
--foreman-proxy-tftp-managedThe TFTP daemon is managed by this module.
--foreman-proxy-tftp-replace-grub2-cfgDetermines if grub2.cfg will be replaced
--foreman-proxy-tftp-rootTFTP root directory
--foreman-proxy-tftp-servernameDefines the TFTP Servername to use, overrides the name in the subnet declaration
--foreman-proxy-tls-disabled-versionsList of TLS versions that will be disabled from the default
--foreman-proxy-trusted-hostsOnly hosts listed will be permitted, empty array to disable authorization
--foreman-proxy-versionforeman package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc.
--puppet-additional-settingsA hash of additional main settings.
--puppet-agentShould a puppet agent be installed
--puppet-agent-additional-settingsA hash of additional agent settings. Example: {stringify_facts => true}
--puppet-agent-default-schedulesA boolean to enable/disable the default schedules
--puppet-agent-noopRun the agent in noop mode.
--puppet-agent-restart-commandThe command which gets excuted on puppet service restart
--puppet-agent-server-hostnameHostname of your puppetserver (server directive in puppet.conf)
--puppet-agent-server-portOverride the port of the server we connect to.
--puppet-allow-any-crl-authAllow any authentication for the CRL. This is needed on the puppet CA to accept clients from a the puppet CA proxy.
--puppet-auth-allowedAn array of authenticated nodes allowed to access all catalog and node endpoints. default to ['$1']
--puppet-autosignIf set to a boolean, autosign is enabled or disabled for all incoming requests. Otherwise this has to be set to the full file path of an autosign.conf file or an autosign script. If this is set to a script, make sure that script considers the content of autosign.conf as otherwise Foreman functionality might be broken.
--puppet-autosign-contentIf set, write the autosign file content using the value of this parameter. Cannot be used at the same time as autosign_entries For example, could be a string, or file('another_module/autosign.sh') or template('another_module/autosign.sh.erb')
--puppet-autosign-entriesA list of certnames or domain name globs whose certificate requests will automatically be signed. Defaults to an empty Array.
--puppet-autosign-modemode of the autosign file/script
--puppet-autosign-sourceIf set, use this as the source for the autosign file, instead of autosign_content.
--puppet-ca-crl-filepathPath to CA CRL file, dynamically resolves based on $::server_ca status.
--puppet-ca-portPuppet CA port
--puppet-ca-serverUse a different ca server. Should be either a string with the location of the ca_server or 'false'.
--puppet-certificate-revocationWhether certificate revocation checking should be enabled, and what level of checking should be performed
--puppet-classfileThe file in which puppet agent stores a list of the classes associated with the retrieved configuration.
--puppet-client-certnameThe node's certificate name, and the unique identifier it uses when requesting catalogs.
--puppet-client-packageInstall a custom package to provide the puppet client
--puppet-codedirOverride the puppet code directory.
--puppet-cron-cmdSpecify command to launch when runmode is set 'cron'.
--puppet-dirOverride the puppet directory.
--puppet-dir-groupGroup of the base puppet directory, used when puppet::server is false.
--puppet-dir-ownerOwner of the base puppet directory, used when puppet::server is false.
--puppet-dns-alt-namesUse additional DNS names when generating a certificate. Defaults to an empty Array.
--puppet-environmentDefault environment of the Puppet agent
--puppet-groupOverride the name of the puppet group.
--puppet-hiera-configThe hiera configuration file.
--puppet-http-connect-timeoutThe maximum amount of time an agent waits when establishing an HTTP connection.
--puppet-http-read-timeoutThe time an agent waits for one block to be read from an HTTP connection. If nothing is read after the elapsed interval then the connection will be closed.
--puppet-localconfigThe localconfig setting.
--puppet-logdirOverride the log directory.
--puppet-manage-packagesShould this module install packages or not. Can also install only server packages with value of 'server' or only agent packages with 'agent'.
--puppet-module-repositoryUse a different puppet module repository
--puppet-package-install-optionsFlags that should be passed to the package manager during installation. Defaults to undef. May be a string, an array or a hash, see Puppet Package resource documentation for the provider matching your package manager
--puppet-package-providerThe provider used to install the agent. Defaults to chocolatey on Windows Defaults to undef elsewhere
--puppet-package-sourceThe location of the file to be used by the agent's package resource. Defaults to undef. If 'windows' or 'msi' are used as the provider then this setting is required.
--puppet-pluginfactsourceURL to retrieve Puppet facts from during pluginsync
--puppet-pluginsourceURL to retrieve Puppet plugins from during pluginsync
--puppet-postrun-commandA command which gets excuted after each Puppet run
--puppet-prerun-commandA command which gets excuted before each Puppet run
--puppet-puppetconf-modeThe permissions for /etc/puppetlabs/puppet/puppet.conf default to '0644' and '0674' on windows
--puppet-reportSend reports to the Puppet Master
--puppet-run-hourThe hour at which to run the puppet agent when runmode is cron or systemd.timer.
--puppet-run-minuteThe minute at which to run the puppet agent when runmode is cron or systemd.timer.
--puppet-rundirOverride the PID directory.
--puppet-runintervalSet up the interval (in seconds) to run the puppet agent.
--puppet-runmodeSelect the mode to setup the puppet agent.
--puppet-serverShould a puppet server be installed as well as the client
--puppet-server-acceptor-threadsThis sets the number of threads that the webserver will dedicate to accepting socket connections for unencrypted HTTP traffic. If not provided, the webserver defaults to the number of virtual cores on the host divided by 8, with a minimum of 1 and maximum of 4.
--puppet-server-additional-settingsA hash of additional settings. Example: {trusted_node_data => true, ordering => 'manifest'}
--puppet-server-admin-api-allowlistThe allowlist of clients that can query the puppet-admin-api endpoint Defaults to [ '127.0.0.1', '::1', $::ipaddress ]
--puppet-server-allow-header-cert-infoEnable client authentication over HTTP Headers Defaults to false, is also activated by the $server_http setting
--puppet-server-caProvide puppet CA
--puppet-server-ca-allow-auth-extensionsAllow CA to sign certificate requests that have authorization extensions Defaults to false
--puppet-server-ca-allow-auto-renewalEnable the auto renewal for client certificates Defaults to false
--puppet-server-ca-allow-auto-renewal-cert-ttlSet the auto renewal interval for client certificates Defaults to 60d
--puppet-server-ca-allow-sansAllow CA to sign certificate requests that have Subject Alternative Names Defaults to false
--puppet-server-ca-auth-requiredWhether client certificates are needed to access the puppet-admin api Defaults to true
--puppet-server-ca-client-allowlistThe allowlist of client certificates that can query the certificate-status endpoint Defaults to [ '127.0.0.1', '::1', $::ipaddress ]
--puppet-server-ca-client-self-deleteAdds a rule to auth.conf, that allows a client to delete its own certificate Defaults to false
--puppet-server-ca-crl-syncSync puppet CA crl file to compilers, Puppet CA Must be the Puppetserver for the compilers. Defaults to false.
--puppet-server-ca-enable-infra-crlEnable the separate CRL for Puppet infrastructure nodes Defaults to false
--puppet-server-certnameThe name to use when handling certificates.
--puppet-server-check-for-updatesShould the puppetserver phone home to check for available updates? Defaults to true
--puppet-server-cipher-suitesList of SSL ciphers to use in negotiation Defaults to ['TLS_AES_128_GCM_SHA256', 'TLS_AES_256_GCM_SHA384', 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384']
--puppet-server-common-modules-pathCommon modules paths
--puppet-server-compile-modeUsed to control JRuby's "CompileMode", which may improve performance. Defaults to undef (off).
--puppet-server-connect-timeoutHow long the server will wait for a response to a connection attempt
--puppet-server-crl-enableTurn on crl checking. Defaults to true when server_ca is true. Otherwise Defaults to false. Note unless you are using an external CA. It is recommended to set this to true. See $server_ca_crl_sync to enable syncing from CA Puppet Master
--puppet-server-custom-trusted-oid-mappingA hash of custom trusted oid mappings. Defaults to undef Example: { 1.3.6.1.4.1.34380.1.2.1.1 => { shortname => 'myshortname' } }
--puppet-server-default-manifestToggle if default_manifest setting should be added to the [main] section
--puppet-server-default-manifest-contentA string to set the content of the default_manifest If set to '' it will not manage the file
--puppet-server-default-manifest-pathA string setting the path to the default_manifest
--puppet-server-dirPuppet configuration directory
--puppet-server-environment-class-cache-enabledEnable environment class cache in conjunction with the use of the environment_classes API. Defaults to false
--puppet-server-environment-timeoutTimeout for cached compiled catalogs (10s, 5m, ...)
--puppet-server-environment-varsA hash of environment variables and their values which the puppetserver is allowed to see. To define literal values double quotes should be used: {'MYVAR': '"MYVALUE"'}. Omitting the inner quotes might lead to unexpected results since the HOCON format does not allow characters like $, curly/square brackets or = in unquoted strings. Multi line strings are also allowed as long as they are triple quoted: {'MYVAR': "\"\"\"MY\nMULTI\nLINE\nVALUE\"\"\""} To pass an existing variable use substitutions: {'MYVAR': '${MYVAR}'}.
--puppet-server-environments-groupThe group owning the environments directory
--puppet-server-environments-modeEnvironments directory mode.
--puppet-server-environments-ownerThe owner of the environments directory
--puppet-server-environments-recurseShould the environments directory be managed recursively
--puppet-server-envs-dirList of directories which hold puppet environments
--puppet-server-envs-targetIndicates that $envs_dir should be a symbolic link to this target
--puppet-server-external-nodesExternal nodes classifier executable
--puppet-server-foremanShould foreman integration be installed
--puppet-server-foreman-factsShould foreman receive facts from puppet
--puppet-server-foreman-ssl-caSSL CA of the Foreman server
--puppet-server-foreman-ssl-certClient certificate for authenticating against Foreman server
--puppet-server-foreman-ssl-keyKey for authenticating against Foreman server
--puppet-server-foreman-urlForeman URL
--puppet-server-git-branch-mapGit branch to puppet env mapping for the default post receive hook
--puppet-server-git-repoUse git repository as a source of modules
--puppet-server-git-repo-groupGit repository group
--puppet-server-git-repo-hook-modeGit repository hook mode
--puppet-server-git-repo-pathGit repository path on disk
--puppet-server-git-repo-umaskUmask used during git operations
--puppet-server-git-repo-userGit repository user
--puppet-server-groupGroup used for the puppetserver process
--puppet-server-httpShould the puppet server listen on HTTP as well as HTTPS. Useful for load balancer or reverse proxy scenarios.
--puppet-server-http-portPuppet server HTTP port; defaults to 8139.
--puppet-server-idle-timeoutHow long the server will wait for a response on an existing connection
--puppet-server-ipBind ip address of the puppetserver
--puppet-server-jolokia-metrics-allowlistThe allowlist of clients that can query the jolokia /metrics/v2 endpoint
--puppet-server-jruby-gem-homeWhere jruby gems are located for puppetserver
--puppet-server-jvm-cli-argsJava options to use when using puppetserver subcommands (eg puppetserver gem).
--puppet-server-jvm-configSpecify the puppetserver jvm configuration file.
--puppet-server-jvm-extra-argsAdditional java options to pass through. This can be used for Java versions prior to Java 8 to specify the max perm space to use: For example: '-XX:MaxPermSize=128m'.
--puppet-server-jvm-java-binSet the default java to use. If unspecified, it will be derived from the Puppet version.
--puppet-server-jvm-max-heap-sizeSpecify the maximum jvm heap space.
--puppet-server-jvm-min-heap-sizeSpecify the minimum jvm heap space.
--puppet-server-manage-userWhether to manage the server user resource
--puppet-server-max-active-instancesMax number of active jruby instances. Defaults to processor count
--puppet-server-max-open-filesIncrease the max open files limit for Puppetserver. Defaults to undef
--puppet-server-max-queued-requestsThe maximum number of requests that may be queued waiting to borrow a JRuby from the pool. Defaults to 0 (disabled).
--puppet-server-max-requests-per-instanceMax number of requests a jruby instances will handle. Defaults to 0 (disabled)
--puppet-server-max-retry-delaySets the upper limit for the random sleep set as a Retry-After header on 503 responses returned when max-queued-requests is enabled. Defaults to 1800.
--puppet-server-max-threadsThis sets the maximum number of threads assigned to responding to HTTP and/or HTTPS requests for a single webserver, effectively changing how many concurrent requests can be made at one time. If not provided, the webserver defaults to 200.
--puppet-server-metrics-allowedSpecify metrics to allow in addition to those in the default list Defaults to undef
--puppet-server-metrics-graphite-enableEnable or disable Graphite metrics reporter. Defaults to false
--puppet-server-metrics-graphite-hostGraphite server host. Defaults to "127.0.0.1"
--puppet-server-metrics-graphite-intervalHow often to send metrics to graphite (in seconds) Defaults to 5
--puppet-server-metrics-graphite-portGraphite server port. Defaults to 2003
--puppet-server-metrics-jmx-enableEnable or disable JMX metrics reporter. Defaults to true
--puppet-server-metrics-server-idA server id that will be used as part of the namespace for metrics produced Defaults to $fqdn
--puppet-server-multithreadedUse multithreaded jruby. Defaults to false.
--puppet-server-packageCustom package name for puppet server
--puppet-server-parserSets the parser to use. Valid options are 'current' or 'future'. Defaults to 'current'.
--puppet-server-portPuppet server port
--puppet-server-post-hook-contentWhich template to use for git post hook
--puppet-server-post-hook-nameName of a git hook
--puppet-server-puppet-basedirWhere is the puppet code base located
--puppet-server-puppetserver-auth-templateTemplate for generating /etc/puppetlabs/puppetserver/conf.d/auth.conf
--puppet-server-puppetserver-dirThe path of the puppetserver config dir
--puppet-server-puppetserver-experimentalEnable the /puppet/experimental route? Defaults to true
--puppet-server-puppetserver-logdirThe path of the puppetserver log dir
--puppet-server-puppetserver-metricsEnable puppetserver http-client metrics
--puppet-server-puppetserver-profilerEnable JRuby profiling. If set to false, compiler and function metrics will not be available, (eg. when enabling graphite metrics)
--puppet-server-puppetserver-rundirThe path of the puppetserver run dir
--puppet-server-puppetserver-telemetryEnable Dropsonde telemetry. Undef means disabled while booleans are explicit opt-in or opt-out. This is different from Puppetserver's default values.
--puppet-server-puppetserver-trusted-agentsCertificate names of puppet agents that are allowed to fetch *all* catalogs Defaults to [] and all agents are only allowed to fetch their own catalogs.
--puppet-server-puppetserver-trusted-certificate-extensionsAn array of hashes of certificate extensions and values to be used in auth.conf
--puppet-server-puppetserver-vardirThe path of the puppetserver var dir
--puppet-server-puppetserver-versionThe version of puppetserver installed (or being installed) Unfortunately, different versions of puppetserver need configuring differently. The default is derived from the installed puppet version. Generally it's not needed to override this but when upgrading it might be.
--puppet-server-reportsList of report types to include on the puppetserver
--puppet-server-request-timeoutTimeout in node.rb script for fetching catalog from Foreman (in seconds).
--puppet-server-ruby-load-pathsList of ruby paths
--puppet-server-selector-threadsThis sets the number of selectors that the webserver will dedicate to processing events on connected sockets for unencrypted HTTPS traffic. If not provided, the webserver defaults to the minimum of: virtual cores on the host divided by 2 or max-threads divided by 16, with a minimum of 1.
--puppet-server-ssl-acceptor-threadsThis sets the number of threads that the webserver will dedicate to accepting socket connections for encrypted HTTPS traffic. If not provided, defaults to the number of virtual cores on the host divided by 8, with a minimum of 1 and maximum of 4.
--puppet-server-ssl-chain-filepathPath to certificate chain for puppetserver Only used when $ca is true Defaults to "${ssl_dir}/ca/ca_crt.pem"
--puppet-server-ssl-dirSSL directory
--puppet-server-ssl-dir-manageToggle if ssl_dir should be added to the [server] configuration section. This is necessary to disable in case CA is delegated to a separate instance
--puppet-server-ssl-key-manageToggle if "private_keys/${::puppet::server::certname}.pem" should be created with default user and group. This is used in the default Forman setup to reuse the key for TLS communication.
--puppet-server-ssl-protocolsArray of SSL protocols to use. Defaults to [ 'TLSv1.3', 'TLSv1.2' ]
--puppet-server-ssl-selector-threadsThis sets the number of selectors that the webserver will dedicate to processing events on connected sockets for encrypted HTTPS traffic. Defaults to the number of virtual cores on the host divided by 2, with a minimum of 1 and maximum of 4. The number of selector threads actually used by Jetty is twice the number of selectors requested. For example, if a value of 3 is specified for the ssl-selector-threads setting, Jetty will actually use 6 selector threads.
--puppet-server-storeconfigsWhether to enable storeconfigs
--puppet-server-strict-variablesif set to true, it will throw parse errors when accessing undeclared variables.
--puppet-server-trusted-external-commandThe external trusted facts script to use.
--puppet-server-userUsername used for the puppetserver process
--puppet-server-versionCustom package version for puppet server
--puppet-server-versioned-code-contentContains the path to an executable script that Puppet Server invokes when on static_file_content requests. Defaults to undef
--puppet-server-versioned-code-idThe path to an executable script that Puppet Server invokes to generate a code_id Defaults to undef
--puppet-server-web-idle-timeoutTime in ms that Jetty allows a socket to be idle, after processing has completed. Defaults to 30000, using the Jetty default of 30s
--puppet-service-nameThe name of the puppet agent service.
--puppet-sharedirOverride the system data directory.
--puppet-show-diffShow and report changed files with diff output
--puppet-splaySwitch to enable a random amount of time to sleep before each run.
--puppet-splaylimitThe maximum time to delay before runs. Defaults to being the same as the run interval. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y).
--puppet-srv-domainSearch domain for SRV records
--puppet-ssldirOverride where SSL certificates are kept.
--puppet-syslogfacilityFacility name to use when logging to syslog
--puppet-systemd-cmdSpecify command to launch when runmode is set 'systemd.timer'.
--puppet-systemd-randomizeddelaysecAdds a random delay between 0 and this value (in seconds) to the timer. Only relevant when runmode is 'systemd.timer'.
--puppet-systemd-unit-nameThe name of the puppet systemd units.
--puppet-unavailable-runmodesRunmodes that are not available for the current system. This module will not try to disable these modes. Default is [] on Linux, ['cron', 'systemd.timer'] on Windows and ['systemd.timer'] on other systems.
--puppet-use-srv-recordsWhether DNS SRV records will be used to resolve the Puppet server
--puppet-usecacheonfailureSwitch to enable use of cached catalog on failure of run.
--puppet-userOverride the name of the puppet user.
--puppet-vardirOverride the puppet var directory.
--puppet-versionSpecify a specific version of a package to install. The version should be the exact match for your distro. You can also use certain values like 'latest'. Note that when you specify exact versions you should also override $server_version since that defaults to $version.
--foreman-plugin-default-hostgroup-hostgroupsAn array of hashes of hostgroup names and facts to add to the configuration
--foreman-plugin-puppetdb-addressAddress of puppetdb API.
--foreman-plugin-puppetdb-api-versionPuppetDB API version.
--foreman-plugin-puppetdb-ssl-ca-fileCA certificate file which will be used to connect to the PuppetDB API.
--foreman-plugin-puppetdb-ssl-certificateCertificate file which will be used to connect to the PuppetDB API.
--foreman-plugin-puppetdb-ssl-private-keyPrivate key file which will be used to connect to the PuppetDB API.
--foreman-plugin-remote-execution-cockpit-ensureSpecify the package state, or absent to remove it
--foreman-plugin-remote-execution-cockpit-originsSpecify additional Cockpit Origins to configure cockpit.conf. The $foreman_url is included by default.
--foreman-plugin-tasks-automatic-cleanupEnable automatic task cleanup using a cron job
--foreman-plugin-tasks-backupEnable creating a backup of cleaned up tasks in CSV format when automatic_cleanup is enabled
--foreman-plugin-tasks-cron-lineCron line defining when the cleanup cron job should run
--foreman-compute-ec2-versionPackage version to install, defaults to installed
--foreman-compute-libvirt-versionPackage version to install, defaults to installed
--foreman-compute-openstack-versionPackage version to install, defaults to installed
--foreman-compute-ovirt-versionPackage version to install, defaults to installed
--foreman-compute-vmware-versionPackage version to install, defaults to installed
--foreman-proxy-plugin-acd-enabledenables/disables the acd plugin
--foreman-proxy-plugin-acd-listen-onproxy feature listens on http, https, or both
--foreman-proxy-plugin-acd-versionplugin package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc.
--foreman-proxy-plugin-ansible-ansible-dirAnsible directory to search for available roles
--foreman-proxy-plugin-ansible-callbackThe callback plugin to configure in ansible.cfg
--foreman-proxy-plugin-ansible-collections-pathsPaths where to look for ansible collections
--foreman-proxy-plugin-ansible-enabledEnables/disables the ansible plugin
--foreman-proxy-plugin-ansible-host-key-checkingWhether to ignore errors when a host is reinstalled so it has a different key in ~/.ssh/known_hosts If a host is not initially in 'known_hosts' setting this to True will result in prompting for confirmation of the key, which is not possible from non-interactive environments like Foreman Remote Execution or cron
--foreman-proxy-plugin-ansible-install-runnerIf true, installs ansible-runner package to support running ansible by ansible-runner
--foreman-proxy-plugin-ansible-listen-onProxy feature listens on https, http, or both
--foreman-proxy-plugin-ansible-roles-pathPaths where we look for ansible roles.
--foreman-proxy-plugin-ansible-runner-package-nameThe name of the ansible-runner package to install
--foreman-proxy-plugin-ansible-ssh-argsThe ssh_args parameter in ansible.cfg under [ssh_connection]
--foreman-proxy-plugin-ansible-working-dirA directory where the playbooks will be generated. A tmp directory will be created when left blank
--foreman-proxy-plugin-dhcp-infoblox-dns-viewThe DNS view to use
--foreman-proxy-plugin-dhcp-infoblox-network-viewThe network view to use
--foreman-proxy-plugin-dhcp-infoblox-passwordThe password of the Infoblox user
--foreman-proxy-plugin-dhcp-infoblox-record-typeRecord type to manage
--foreman-proxy-plugin-dhcp-infoblox-used-ips-search-typeThe search type for used ips
--foreman-proxy-plugin-dhcp-infoblox-usernameThe username of the Infoblox user
--foreman-proxy-plugin-dhcp-remote-isc-dhcp-configDHCP config file path
--foreman-proxy-plugin-dhcp-remote-isc-dhcp-leasesDHCP leases file
--foreman-proxy-plugin-dhcp-remote-isc-key-nameDHCP key name
--foreman-proxy-plugin-dhcp-remote-isc-key-secretDHCP password
--foreman-proxy-plugin-dhcp-remote-isc-omapi-portDHCP server OMAPI port
--foreman-proxy-plugin-discovery-enabledWhether the module is enabled or disabled.
--foreman-proxy-plugin-discovery-image-nametarball with images
--foreman-proxy-plugin-discovery-install-imagesDownload and extract the discovery image
--foreman-proxy-plugin-discovery-listen-onWhen enabled, it's configured to listen on HTTPS (default), HTTP or both.
--foreman-proxy-plugin-discovery-source-urlsource URL to download from
--foreman-proxy-plugin-discovery-tftp-rootTFTP root directory where extracted discovery image will be installed
--foreman-proxy-plugin-discovery-versionThe version to ensure
--foreman-proxy-plugin-dns-infoblox-dns-serverThe address of the Infoblox server
--foreman-proxy-plugin-dns-infoblox-dns-viewThe Infoblox DNS View
--foreman-proxy-plugin-dns-infoblox-passwordThe password of the Infoblox user
--foreman-proxy-plugin-dns-infoblox-usernameThe username of the Infoblox user
--foreman-proxy-plugin-dns-powerdns-rest-api-keyThe REST API key
--foreman-proxy-plugin-dns-powerdns-rest-urlThe REST API URL
--foreman-proxy-plugin-dns-route53-aws-access-keyThe Access Key ID of the IAM account
--foreman-proxy-plugin-dns-route53-aws-secret-keyThe Secret Access Key of the IAM account
--foreman-proxy-plugin-dynflow-console-authWhether to enable trusted hosts and ssl for the dynflow console
--foreman-proxy-plugin-dynflow-database-pathPath to the SQLite database file, set empty for in-memory sqlite
--foreman-proxy-plugin-dynflow-enabledEnables/disables the dynflow plugin
--foreman-proxy-plugin-dynflow-listen-onProxy feature listens on https, http, or both
--foreman-proxy-plugin-dynflow-open-file-limitLimit number of open files - Only Red Hat Operating Systems with Software Collections.
--foreman-proxy-plugin-dynflow-ssl-disabled-ciphersDisable SSL ciphers. For example: ['NULL-MD5', 'NULL-SHA']
--foreman-proxy-plugin-dynflow-tls-disabled-versionsDisable TLS versions. Version 1.0 is always disabled. For example: ['1.1']
--foreman-proxy-plugin-monitoring-collect-statuscollect monitoring status from monitoring solution
--foreman-proxy-plugin-monitoring-enabledenables/disables the monitoring plugin
--foreman-proxy-plugin-monitoring-listen-onproxy feature listens on http, https, or both
--foreman-proxy-plugin-monitoring-providersmonitoring providers
--foreman-proxy-plugin-monitoring-versionplugin package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc.
--foreman-proxy-plugin-omaha-contentpathPath where omaha content is stored
--foreman-proxy-plugin-omaha-distributiondistribution type, it's passed to specify the distribution type. can be set to one of 'coreos' (default), 'flatcar'
--foreman-proxy-plugin-omaha-enabledenables/disables the omaha plugin
--foreman-proxy-plugin-omaha-http-proxyURL to a proxy server that should be used to retrieve omaha content, e.g. 'http://proxy.example.com:3128/'
--foreman-proxy-plugin-omaha-listen-onproxy feature listens on http, https, or both
--foreman-proxy-plugin-omaha-sync-releasesHow many of the latest releases should be synced
--foreman-proxy-plugin-omaha-versionplugin package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc.
--foreman-proxy-plugin-openscap-ansible-moduleEnsure the Ansible module
--foreman-proxy-plugin-openscap-ansible-module-ensureThe state of the Ansible module to ensure
--foreman-proxy-plugin-openscap-contentdirDirectory where OpenSCAP content XML are stored So we will not request the XML from Foreman each time
--foreman-proxy-plugin-openscap-corrupted-dirDirectory where corrupted OpenSCAP report XML are stored
--foreman-proxy-plugin-openscap-enabledenables/disables the openscap plugin
--foreman-proxy-plugin-openscap-failed-dirDirectory where OpenSCAP report XML are stored In case sending to Foreman succeeded, yet failed to save to reportsdir
--foreman-proxy-plugin-openscap-listen-onProxy feature listens on http, https, or both
--foreman-proxy-plugin-openscap-openscap-send-log-fileLog file for the forwarding script
--foreman-proxy-plugin-openscap-proxy-nameProxy name to send to Foreman with parsed report Foreman matches it against names of registered proxies to find the report source
--foreman-proxy-plugin-openscap-puppet-moduleEnsure the Puppet module. This only makes sense if Puppetserver runs on the same machine.
--foreman-proxy-plugin-openscap-puppet-module-ensureThe state of the Puppet module to ensure
--foreman-proxy-plugin-openscap-reportsdirDirectory where OpenSCAP report XML are stored So Foreman can request arf xml reports
--foreman-proxy-plugin-openscap-spooldirDirectory where OpenSCAP audits are stored before they are forwarded to Foreman
--foreman-proxy-plugin-openscap-timeoutTimeout for sending ARF reports to foreman
--foreman-proxy-plugin-openscap-versionplugin package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc.
--foreman-proxy-plugin-remote-execution-script-cockpit-integrationEnables/disables Cockpit integration
--foreman-proxy-plugin-remote-execution-script-enabledEnables/disables the plugin
--foreman-proxy-plugin-remote-execution-script-generate-keysAutomatically generate SSH keys
--foreman-proxy-plugin-remote-execution-script-install-keyAutomatically install generated SSH key to root authorized keys which allows managing this host through Remote Execution
--foreman-proxy-plugin-remote-execution-script-listen-onProxy feature listens on https, http, or both
--foreman-proxy-plugin-remote-execution-script-local-working-dirLocal working directory on the smart proxy
--foreman-proxy-plugin-remote-execution-script-modeOperation Mode of the plugin.
--foreman-proxy-plugin-remote-execution-script-mqtt-rate-limitNumber of jobs that are allowed to run at the same time
--foreman-proxy-plugin-remote-execution-script-mqtt-resend-intervalTime interval in seconds at which the notification should be re-sent to the host until the job is picked up or canceleld
--foreman-proxy-plugin-remote-execution-script-mqtt-ttlTime interval in seconds given to the host to pick up the job before considering the job undelivered.
--foreman-proxy-plugin-remote-execution-script-remote-working-dirRemote working directory on clients
--foreman-proxy-plugin-remote-execution-script-ssh-identity-dirDirectory where SSH keys are stored
--foreman-proxy-plugin-remote-execution-script-ssh-identity-fileProvide an alternative name for the SSH keys
--foreman-proxy-plugin-remote-execution-script-ssh-kerberos-authEnable kerberos authentication for SSH
--foreman-proxy-plugin-remote-execution-script-ssh-keygenLocation of the ssh-keygen binary
--foreman-proxy-plugin-remote-execution-script-ssh-log-levelConfigure ssh client LogLevel
--foreman-proxy-plugin-salt-apiUse Salt API
--foreman-proxy-plugin-salt-api-authSalt API auth mechanism
--foreman-proxy-plugin-salt-api-passwordSalt API password
--foreman-proxy-plugin-salt-api-urlSalt API URL
--foreman-proxy-plugin-salt-api-usernameSalt API username
--foreman-proxy-plugin-salt-autosign-fileFile to use for salt autosign
--foreman-proxy-plugin-salt-autosign-key-fileFile to use for salt autosign via grains
--foreman-proxy-plugin-salt-enabledEnables/disables the salt plugin
--foreman-proxy-plugin-salt-groupGroup to run salt commands and access configuration files
--foreman-proxy-plugin-salt-listen-onProxy feature listens on https, http, or both
--foreman-proxy-plugin-salt-saltfilePath to Saltfile
--foreman-proxy-plugin-salt-userUser to run salt commands under
--foreman-proxy-plugin-shellhooks-directoryAbsolute path to directory with executables
--foreman-proxy-plugin-shellhooks-enabledenables/disables the shellhooks plugin
--foreman-proxy-plugin-shellhooks-listen-onproxy feature listens on http, https, or both
--foreman-proxy-plugin-shellhooks-versionplugin package version, it's passed to ensure parameter of package resource can be set to specific version number, 'latest', 'present' etc.
-
+{% include manuals/{{page.version}}/3.2.2_installer_options-params.md %} #### Answers file diff --git a/scripts/installer/get-params b/scripts/installer/get-params index 41a2327bd7..ff2df5d224 100755 --- a/scripts/installer/get-params +++ b/scripts/installer/get-params @@ -20,6 +20,6 @@ cd $(dirname $0) TAG=foreman-installer:$FOREMAN_VERSION $PROGRAM build --build-arg FOREMAN_VERSION=$FOREMAN_VERSION -t $TAG . -$PROGRAM run --rm $TAG foreman-installer -h | grep enable- | grep -v enable-scenario | sed 's/ (default: \(true\|false\))//' | ./installer-enable-to-table > installer-$FOREMAN_VERSION-help.html -$PROGRAM run --rm $TAG kafo-export-params -c /etc/foreman-installer/scenarios.d/foreman.yaml -f html | sed 's/installer-options/all-installer-options/' > installer-$FOREMAN_VERSION-params.html +$PROGRAM run --rm $TAG foreman-installer -h | grep enable- | grep -v enable-scenario | sed 's/ (default: \(true\|false\))//' | ./installer-enable-to-table > ../../../manuals/$FOREMAN_VERSION/3.2.2_installer_options-help.md +$PROGRAM run --rm $TAG kafo-export-params -c /etc/foreman-installer/scenarios.d/foreman.yaml -f html | sed 's/installer-options/all-installer-options/' > ../../../manuals/$FOREMAN_VERSION/3.2.2_installer_options-params.md $PROGRAM rmi $TAG