1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
|
# A sample goiardi config file, with nonsense entries to get the point across
# IP address to listen on. Set to "0.0.0.0" to listen on all interfaces
ipaddress = "127.0.0.2"
# TCP port to listen on
port = 4646
# Hostname goiardi should use. Used for sending links to resources back to the
# client
hostname = "moomernoo.local"
# Where to send log data instead of stdout
log-file = "/tmp/goiardi.log"
# Or log to syslog. log-file, syslog, or neither can be used, but you cannot use
# both.
syslog = false
# Log level. Options are "debug", "info", "warning", "error", "critical", and
# "fatal". May be specified on the command line with one or more -V flags.
log-level = "error"
# If these two options are both set, goiardi will save the data store and index
# data to disk. It will cause an error to only set one of the options, unless
# you are using MySQL or Postgres as your data store backend. In that case,
# do not set data-file. Furthermore, if you are running postgres and using the
# postgres-backed search instead of the default ersatz trie-based Solr search,
# goiardi will print a non-fatal message warning you that setting index-file is
# not very useful in that case.
index-file = "/tmp/goiardi-index.bin"
data-file = "/tmp/goiardi-data.bin"
# How often to save the index and data files from the background. Not
# particularly useful without setting index-file and data-file
freeze-interval = 120
# Use the faster, but less safe, old method of storing data in the in-memory data
# store with pointers, rather than encoding the data with gob and giving a new
# copy of the object to each requestor. If this is enabled goiardi will run
# faster in in-memory mode, but one goroutine could change an object while it's
# being used by another. Has no effect when using an SQL backend.
# use-unsafe-mem-store = false
# Time slew: the time difference allowed between the server's clock and the time
# in the X-Ops-Timestamp header. Formatted like 5m, 150s, etc. Defaults to 15m.
time-slew = "15m"
# Conf root: root directory for configs and certificates. Default: the directory
# the config file is in, or the current directory if no config file is setl
# conf-root = "/etc/goiardi"
# Use auth: Use authentication? If this is set to true, clients will have to
# be created on the server and have proper keys (which is the normal chef-server
# behavior). If it is not set, no authentication checks are performed. This is
# how chef-zero behaves, and goiardi's only mode previously. Defaults to false.
use-auth = true
# Use SSL: Use SSL for connections to the server. Defaults to false. If set to
# true, ssl-cert and ssl-key must be set. If the port is set to 80, this will
# be forced to false. If port is set to 443, it will be forced to true.
use-ssl = false
# SSL certificate file. If a relative path, it will be set relative to
# conf-root.
# ssl-cert="/path/to/goiardi/conf/cert.pem"
# SSL key file. If a relative path, it will be set relative to conf-root.
# ssl-key="/path/to/goiardi/conf/key.pem"
# HTTPS urls: If true, URLs generated by the server will use 'https://'. Useful
# when goiardi is sitting behind a reverse proxy that uses SSL, but is
# communicating with the proxy over HTTP.
https-urls = false
# Proxy hostname and proxy port: If goiardi is sitting behind a reverse proxy
# that's listening on a different host or port than goiardi itself is using,
# set these to the values the proxy is using so URLs are properly crafted.
# proxy-hostname = "nginx.frontend.chef"
# proxy-port = 80
# Disable webui: If true, connections and logins from the webui interface will
# not be allowed.
disable-webui = false
# Log events. Keep track of changes to chef objects by logging events that
# change them. They are accessible through the /events endpoint.
log-events = true
# How many log events to keep. If set, will periodically purge logged events to
# keep the number of events stored to this number.
# log-event-keep = 1000
# Skip logging extended object information in the event log.
# skip-log-extended = false
# Purge old reports after this period. Specified in golang's duration format
# (like, "720h15m30s").
# purge-reports-after = "720h"
# Purge old node statuses after this period of time. Like the above, specified
# in the golang time format.
# purge-status-after = "720h"
# Purge old sandboxes after they've been around for this period of time. By
# default, they are purged after one week.
# purge-sandboxes-after = "168h"
# Maximum object size in bytes for the file store. Default 10485760 bytes
# (10MB).
# obj-max-size = 10485760
# Maximum size for a JSON request from the client. Default is 1000000.
#json-req-max-size = 1000000
# Use the faster, but less safe, old method of storing data in the in-memory
# data store with pointers, rather than encoding the data with gob and giving a
# new copy of the object to each requestor. If this is enabled goiardi will run
# faster in in-memory mode, but one goroutine could change an object while it's
# being used by another. Has no effect when using an SQL backend.
# use-unsafe-mem-store = false
# Number of idle db connections to maintain. Default is 0 - no idle connections
# retained.
# db-pool-size = 25
# Maximum number of connections allowed for the database. Default is 0 -
# unlimited.
# max-connections = 50
# Have goiardi send and receive events and queries from a serf cluster. Required
# for shovey
# use-serf = true
# Announce logged events over serf, as serf user events. If enabled, something
# needs to be reading the events from the queue, otherwise they'll pile up in
# the serf event queue and eventually make it so new events can't be added.
# serf-event-announce = false
# IP address and port for RPC connection with a serf agent. Defaults to
# 127.0.0.1:7373
# serf-addr = "127.0.0.1:7373"
# Enable using shovey for sending jobs to nodes. Requires use-serf.
# use-shovey = true
# Path to RSA private key used to sign shovey requests.
# sign-priv-key = "/path/to/shovey.key"
# Local directory for storing cookbook files on the filesystem. Optional in
# in-memory mode (standard behavior is to keep the files in memory), and
# mandatory for SQL mode (unless using S3 uploads).
# local-filestore-dir = "/var/goiardi/file_checksums"
# Postgres and advanced search options
# dot-search = false # set to true to use . instead of _ to separate path items
# # in the search key paths. Always true if pg-search is
# # true.
# convert-search = true # Set to false to not convert searches with the old
# # underscore separator to dots. Recommended to be set to
# # true, at least for now. Only meaningful if dot-search
# # is also true.
# pg-search = false # Use the postgres search backend instead of the default
# # in-memory search index. Not surprisingly, this requires
# # using Postgres for the storage backend.
# Statsd options
# With this, you can send some metrics about goiardi to statsd, which can in
# turn be sent on to graphite or similar and, when used with something like
# grafana, can be visualized or if used with something like bosun you could set
# alerts on it, like if the number of chef-client runs that fail suddenly jumps
# dramatically.
#
# use-statsd = false
# statsd-addr = "127.0.0.1:8125"
# statsd-type = "standard" # can also be "datadog", for their statsd format
# stastd-instance = "my_goiardi_server" # should be the hostname. "." will
# # automatically be converted to "_".
# MySQL options. If "use-mysql" is true on the command line or in the
# configuration file, connect to mysql with the options in [mysql]. All of the
# MySQL options must be strings.
use-mysql = false
[mysql]
username = "foo" # technically optional, although you probably want it
password = "s3kr1t" # optional, if you have no password set for MySQL
protocol = "tcp" # optional, but set to "unix" for connecting to MySQL
# through a Unix socket.
address = "localhost"
port = "3306" # optional, defaults to 3306. Not used with sockets.
dbname = "goiardi_test"
# See https://github.com/go-sql-driver/mysql#parameters for an
# explanation of available parameters
#[mysql.extra_params]
# tls = "false"
# foo = "bar"
# Environment variables - if, for some reason, you need to pass environment
# variables to goiardi but can't easily do so in the usual way, you can do so
# here.
# env-vars = [
# "FOO=bar",
# "BAZ=blugh",
# "AWS_THINGY=sos3kr1t"
# ]
# Amazon S3 uploads
#
# Settings for S3, if using S3 (or a compatible service) to store uploaded
# cookbooks.
#
## Whether to use s3 uploads
# use-s3-upload = true
#
## AWS region to use
# aws-region = "us-west"
#
## Disable SSL with s3. Mostly for testing with fakes3 or somesuch.
# aws-disable-ssl = false
#
## S3 endpoint. Again, mostly for testing with fakes3 or similar.
# s3-endpoint = "s3.amazonaws.com"
#
## Length of time, in minutes, for URLs generated to upload or download files
## to/from S3 to remain valid. Default is 15 minutes.
# s3-file-period = 15
## vault settings
##
## For goiardis compiled with the appropriate support, you can store secrets
## like passwords and signing keys in vault. See the docs for configuration.
##
# use-external-secrets = false
# vault-addr =
# vault-shovey-key = keys/shovey/signing
# index-val-trim
# If set to a value greater than 0, values being indexed for chef search will be
# truncated at this number of characters to help keep memory usage sane and/or
# keep table size a little bit more reasonable. (Probably should make it a
# reasonably long length where the values indexed are likely to be meaningful,
# but not so long that there's no memory savings. Keys are left untouched.
#
# NB: At this time, if no value for this flag is set nothing will be trimmed.
# *This will change* to a reasonable default with the next major release. After
# that, you'll need to explicitly set a value to disable trimming values to be
# indexed.
index-val-trim = 0
use-postgresql = false
# PostgreSQL options. If "use-postgres" is set to true on the command line or in
# the configuration file, connect to postgres with the options in [postgres].
# These options are all strings. See
# http://godoc.org/github.com/lib/pq#hdr-Connection_String_Parameters for details
# on the connection parameters. All of these parameters are technically optional,
# although chances are pretty good that you'd want to set at least some of them.
[postgresql]
username = "foo"
password = "s3kr1t"
host = "localhost"
port = "5432"
dbname = "mydb"
sslmode = "disable"
|
