Reference

st2: Base class for st2 module. Used as top-level to set parameters via Hiera, this class does not need to be called directly.
st2::auth: Class to configure authentication for StackStorm.
st2::auth::common: Class that contains all of the "common" settings for auth.
st2::auth::flat_file: Auth class to configure and setup Flat File (htpasswd) Authentication
st2::auth::keystone: Auth class to configure and setup Keystone Based Authentication
st2::auth::ldap: Auth class to configure and setup LDAP Based Authentication
st2::auth::mongodb: Auth class to configure and setup MongoDB Based Authentication
st2::auth::pam: Auth class to configure and setup PAM authentication.
st2::kvs: Automatically loads Key/Value pairs for StackStorm DB from Hiera
st2::logging::rsyslog: Helper class to route syslog messages when using rsyslog
st2::notices: This is a private class used to store long strings to limit down on lint problems.
st2::notifier: Manages the st2notifier service (Orquesta)
st2::packs: Install and configure st2 packages in bulk and via Hiera.
st2::params: Main parameters to manage the st2 module
st2::profile::chatops: Profile to install and configure chatops for st2
st2::profile::client: Profile to install, configure and manage all client libraries for st2
st2::profile::facter: Setup custom fact locations
st2::profile::fullinstall: This class performs a full default install of StackStorm and all its components on a single node.
st2::profile::mongodb: StackStorm compatable installation of MongoDB and dependencies.
st2::profile::nginx: StackStorm compatible installation of nginx and dependencies.
st2::profile::nodejs: st2 compatable installation of NodeJS and dependencies for use with StackStorm.
st2::profile::python: StackStorm compatable installation of Python and dependencies.
st2::profile::rabbitmq: StackStorm compatable installation of RabbitMQ and dependencies.
st2::profile::redis: StackStorm compatable installation of Redis.
st2::profile::selinux: Configure SELinux so that StackStorm services run properly
st2::profile::server: Profile to install, configure and manage all server components for st2
st2::profile::web: Profile to install, configure and manage StackStorm web UI (st2web).
st2::repo: Manages the installation of st2 required repos for installing the StackStorm packages.
st2::repo::apt: Apt repo for StackStorm
st2::repo::yum: Yum repo for StackStorm
st2::rulesengine: Manages the st2rulesengine service (Orquesta)
st2::scheduler: Manages the st2scheduler service.
st2::server::datastore_keys: Generates and manages crypto keys for use with the StackStorm datastore
st2::stanley: Installs the default admin user for st2 (stanley).
st2::timersengine: Manages the st2timersengine service.
st2::workflowengine: Manages the st2workflowengine service (Orquesta)

Defined types

st2::auth_user: Creates and manages StackStorm application users (flat_file auth only)
st2::client::settings: Generates a configuration file for the st2 CLI (st2client)
st2::kv: Sets a value to the StackStorm Key/Value Store
st2::pack: Manages a StackStorm Pack
st2::rbac: This defined type creates RBAC resources for users
st2::service: Creates additional service for components that can be scaled out
st2::user: Creates an system (OS level) user for use with StackStorm

Resource types

st2_pack: Manage st2 packs

Functions

st2::urlencode: URL encodes a string
st2::version_ge: Determines if the StackStorm version installed or the version requested by the user is greater than or equal to $version.

Data types

St2::Repository: Validate the type of system package repository for StackStorm

Tasks

key_decrypt: Decrypt a StackStorm key/value pair. TODO - Remove this when the following is closed: StackStorm/st2#4545
key_get: Retrieve the value for a key from the StackStorm datastore
key_load: Load a list of a StackStorm key/value pairs into the datastore
pack_install: Install a list of packs
pack_list: Get a list of packs
pack_register: Registers a pack that exists on the filesystem
pack_remove: Remove a list of packs
rule_disable: Disable a given rule
rule_list: Return a list of rules.
run: Runs a StackStorm action

Plans

st2::upgrade_mongodb: Upgrades a standalone MongoDB database between versions.

Classes

`st2`

Base class for st2 module. Used as top-level to set parameters via Hiera, this class does not need to be called directly.

Examples

Basic Usage

include st2

Variables can be set in Hiera and take advantage of automatic data bindings:

st2::version: 2.10.1

Customizing parameters

# best practice is to change default username/password
class { 'st2::params':
  admin_username => 'st2admin',
  admin_password => 'SuperSecret!',
}

class { 'st2':
  version => '2.10.1',
}

Different passwords for each database (MongoDB, RabbitMQ)

class { 'st2':
  # StackStorm user
  cli_username        => 'st2admin',
  cli_password        => 'SuperSecret!',
  # MongoDB user for StackStorm
  db_username         => 'admin',
  db_password         => 'KLKfp9#!2',
  # RabbitMQ user for StackStorm
  rabbitmq_username   => 'st2',
  rabbitmq_password   => '@!fsdf0#45',
}

Install with python 3.8 (if not default on your system)

$st2_python_version = $facts['os']['family'] ? {
  'RedHat' => '3.8',
  'Debian' => 'python3.8',
}
class { 'st2':
  python_version            => $st2_python_version,
}

Parameters

The following parameters are available in the st2 class:

version
python_version
repository
conf_dir
conf_file
use_ssl
ssl_cert_manage
ssl_dir
ssl_cert
ssl_key
auth
auth_api_url
auth_debug
auth_mode
auth_backend
auth_backend_config
cli_base_url
cli_api_version
cli_debug
cli_cache_token
cli_username
cli_password
cli_apikey
cli_api_url
cli_auth_url
actionrunner_workers
packs
packs_group
index_url
syslog
syslog_host
syslog_protocol
syslog_port
syslog_facility
ssh_key_location
db_host
db_port
db_bind_ips
db_name
db_username
db_password
mongodb_version
mongodb_manage_repo
mongodb_auth
nginx_manage_repo
nginx_ssl_ciphers
nginx_ssl_protocols
nginx_ssl_port
nginx_client_max_body_size
web_root
timersengine_enabled
timersengine_timezone
scheduler_sleep_interval
scheduler_gc_interval
scheduler_pool_size
chatops_adapter
chatops_adapter_conf
chatops_hubot_log_level
chatops_hubot_express_port
chatops_tls_cert_reject_unauthorized
chatops_hubot_name
chatops_hubot_alias
chatops_api_key
chatops_st2_hostname
chatops_api_url
chatops_auth_url
chatops_web_url
nodejs_version
nodejs_manage_repo
redis_bind_ip
workflowengine_num
scheduler_num
rulesengine_num
notifier_num
erlang_url
erlang_key
validate_output_schema
cli_silence_ssl_warnings
ng_init
datastore_keys_dir
datastore_key_path
rabbitmq_username
rabbitmq_password
rabbitmq_hostname
rabbitmq_port
rabbitmq_bind_ip
rabbitmq_vhost
redis_hostname
redis_port
redis_password

`version`

Data type: Any

Version of StackStorm package to install (default = 'present') See the package 'ensure' property: https://puppet.com/docs/puppet/5.5/types/package.html#package-attribute-ensure

Default value: 'present'

`python_version`

Data type: String

Version of Python to install. Default is 'system' meaning the system version of Python will be used. To install Python 3.8 on RHEL/CentOS 7 specify '3.8'. To install Python 3.8 on Ubuntu 16.05 specify 'python3.8'.

Default value: 'system'

`repository`

Data type: St2::Repository

Release repository to enable. 'stable', 'unstable' (default = 'stable')

Default value: $st2::params::repository

`conf_dir`

Data type: Any

The directory where st2 configs are stored

Default value: $st2::params::conf_dir

`conf_file`

Data type: Any

The path where st2 config is stored

Default value: "${st2::params::conf_dir}/st2.conf"

`use_ssl`

Data type: Any

Enable/Disable SSL for all st2 APIs

Default value: $st2::params::use_ssl

`ssl_cert_manage`

Data type: Any

Boolean to determine if this module should manage the SSL certificate used by nginx.

Default value: true

`ssl_dir`

Data type: Any

Directory where st2web will look for its SSL info. (default: /etc/ssl/st2)

Default value: $st2::params::ssl_dir

`ssl_cert`

Data type: Any

Path to the file where the StackStorm SSL cert will be generated. (default: /etc/ssl/st2/st2.crt)

Default value: $st2::params::ssl_cert

`ssl_key`

Data type: Any

Path to the file where the StackStorm SSL key will be generated. (default: /etc/ssl/st2/st2.key)

Default value: $st2::params::ssl_key

`auth`

Data type: Any

Toggle to enable/disable auth (Default: true)

Default value: true

`auth_api_url`

Data type: Any

URL where StackStorm auth service will communicate with the StackStorm API service

Default value: "http://${st2::params::hostname}:${st2::params::api_port}"

`auth_debug`

Data type: Any

Toggle to enable/disable auth debugging (Default: false)

Default value: false

`auth_mode`

Data type: Any

Auth mode, either 'standalone' or 'backend (default: 'standalone')

Default value: $st2::params::auth_mode

`auth_backend`

Data type: Any

Determines which auth backend to configure. (default: flat_file) Available backends:

flat_file
keystone
ldap
mongodb
pam

Default value: $st2::params::auth_backend

`auth_backend_config`

Data type: Any

Hash of parameters to pass to the auth backend class when it's instantiated. This will be different for every backend. Please see the corresponding backend class to determine what the config options should be.

Default value: $st2::params::auth_backend_config

`cli_base_url`

Data type: Any

CLI config - Base URL lives

Default value: "http://${st2::params::hostname}"

`cli_api_version`

Data type: Any

CLI config - API Version

Default value: 'v1'

`cli_debug`

Data type: Any

CLI config - Enable/Disable Debug

Default value: false

`cli_cache_token`

Data type: Any

CLI config - True to cache auth token until expries

Default value: true

`cli_username`

Data type: Any

CLI config - Auth Username

Default value: $st2::params::admin_username

`cli_password`

Data type: Any

CLI config - Auth Password

Default value: $st2::params::admin_password

`cli_apikey`

Data type: Any

CLI config - StackStorm API Key to use for pack and k/v installation, instead of user/pass

Default value: undef

`cli_api_url`

Data type: Any

CLI config - API URL

Default value: "http://${st2::params::hostname}:${st2::params::api_port}"

`cli_auth_url`

Data type: Any

CLI config - Auth URL

Default value: "http://${st2::params::hostname}:${st2::params::auth_port}"

`actionrunner_workers`

Data type: Any

Set the number of actionrunner processes to start

Default value: $st2::params::actionrunner_workers

`packs`

Data type: Any

Hash of st2 packages to be installed

Default value: {}

`packs_group`

Data type: Any

Name of the group that will own the /opt/stackstorm/packs directory (default: st2packs)

Default value: $st2::params::packs_group_name

`index_url`

Data type: Any

Url to the StackStorm Exchange index file. (default undef)

Default value: undef

`syslog`

Data type: Any

Routes all log messages to syslog

Default value: false

`syslog_host`

Data type: Any

Syslog host. Default: localhost

Default value: 'localhost'

`syslog_protocol`

Data type: Any

Syslog protocol. Default: udp

Default value: 'udp'

`syslog_port`

Data type: Any

Syslog port. Default: 514

Default value: 514

`syslog_facility`

Data type: Any

Syslog facility. Default: local7

Default value: 'local7'

`ssh_key_location`

Data type: Any

Location on filesystem of Admin SSH key for remote runner

Default value: '/home/stanley/.ssh/st2_stanley_key'

`db_host`

Data type: Any

Hostname to talk to st2 db

Default value: $st2::params::hostname

`db_port`

Data type: Any

Port for db server for st2 to talk to

Default value: $st2::params::mongodb_port

`db_bind_ips`

Data type: Any

Array of bind IP addresses for MongoDB to listen on

Default value: $st2::params::mongodb_bind_ips

`db_name`

Data type: Any

Name of db to connect to (default: 'st2')

Default value: $st2::params::mongodb_st2_db

`db_username`

Data type: Any

Username to connect to db with (default: 'stackstorm')

Default value: $st2::params::mongodb_st2_username

`db_password`

Data type: Any

Password for 'admin' and 'stackstorm' users in MongDB. If 'undef' then use $cli_password

Default value: $st2::params::admin_password

`mongodb_version`

Data type: Any

Version of MongoDB to install. If not provided it will be auto-calcuated based on $version (default: undef)

Default value: undef

`mongodb_manage_repo`

Data type: Any

Set this to false when you have your own repositories for MongoDB (default: true)

Default value: true

`mongodb_auth`

Data type: Any

Boolean determining if auth should be enabled for MongoDB. Note: On new versions of Puppet (4.0+) you'll need to disable this setting. (default: true)

Default value: true

`nginx_manage_repo`

Data type: Any

Set this to false when you have your own repositories for nginx (default: true)

Default value: true

`nginx_ssl_ciphers`

Data type: Any

String or list of strings of acceptable SSL ciphers to configure nginx with. @see http://nginx.org/en/docs/http/ngx_http_ssl_module.html Note: the defaults are setup to restrict to TLSv1.2 and TLSv1.3 secure ciphers only (secure by default). The secure ciphers for each protocol were obtained via: @see https://wiki.mozilla.org/Security/Server_Side_TLS

Default value: $st2::params::nginx_ssl_ciphers

`nginx_ssl_protocols`

Data type: Any

String or list of strings of acceptable SSL protocols to configure nginx with. @see http://nginx.org/en/docs/http/ngx_http_ssl_module.html Note: the defaults are setup to restrict to TLSv1.2 and TLSv1.3 only (secure by default)

Default value: $st2::params::nginx_ssl_protocols

`nginx_ssl_port`

Data type: Any

What port should nginx listen on publicly for new connections (default: 443)

Default value: $st2::params::nginx_ssl_port

`nginx_client_max_body_size`

Data type: Any

The maximum size of the body for a request allow through nginx. We default this to '0' to allow for large messages/payloads/inputs/results to be passed through nginx as is normal in the StackStorm context. @see http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size

Default value: $st2::params::nginx_client_max_body_size

`web_root`

Data type: Any

Directory where the StackStorm WebUI site lives on the filesystem

Default value: $st2::params::web_root

`timersengine_enabled`

Data type: Any

Set to true if the st2timersengine service should be enabled on this node (default: true)

Default value: $st2::params::timersengine_enabled

`timersengine_timezone`

Data type: Any

The local timezone for this node. (default: 'America/Los_Angeles')

Default value: $st2::params::timersengine_timezone

`scheduler_sleep_interval`

Data type: Any

How long (in seconds) to sleep between each action scheduler main loop run interval. (default = 0.1)

Default value: $st2::params::scheduler_sleep_interval

`scheduler_gc_interval`

Data type: Any

How often (in seconds) to look for zombie execution requests before rescheduling them. (default = 10)

Default value: $st2::params::scheduler_gc_interval

`scheduler_pool_size`

Data type: Any

The size of the pool used by the scheduler for scheduling executions. (default = 10)

Default value: $st2::params::scheduler_pool_size

`chatops_adapter`

Data type: Any

Adapter package(s) to be installed with npm. List of hashes.

Default value: $st2::params::chatops_adapter

`chatops_adapter_conf`

Data type: Any

Configuration parameters for Hubot adapter (hash)

Default value: $st2::params::chatops_adapter_conf

`chatops_hubot_log_level`

Data type: Any

Logging level for hubot (string)

Default value: $st2::params::hubot_log_level

`chatops_hubot_express_port`

Data type: Any

Port that hubot operates on (integer or string)

Default value: $st2::params::hubot_express_port

`chatops_tls_cert_reject_unauthorized`

Data type: Any

Should hubot validate SSL certs Set to 1 when using self signed certs

Default value: $st2::params::tls_cert_reject_unauthorized

`chatops_hubot_name`

Data type: Any

Name of the bot in chat. Should be properly quoted if it has special characters, example: '"MyBot!"'

Default value: $st2::params::hubot_name

`chatops_hubot_alias`

Data type: Any

Character to trigger the bot at the beginning of a message. Must be properly quoted of it's a special character, example: "'!'"

Default value: $st2::params::hubot_alias

`chatops_api_key`

Data type: Any

API key generated by st2 apikey create that hubot will use to post data back to StackStorm. (default: undef)

Default value: undef

`chatops_st2_hostname`

Data type: Any

Hostname of the StackStorm instance that chatops will connect to for API and Auth. If unspecified it will use the default in /opt/stackstorm/chatops/st2chatops.env (default: undef)

Default value: $st2::params::hostname

`chatops_api_url`

Data type: Any

ChatOps config - API URL

Default value: "https://${st2::params::hostname}/api"

`chatops_auth_url`

Data type: Any

ChatOps config - Auth URL

Default value: "https://${st2::params::hostname}/auth"

`chatops_web_url`

Data type: Any

Public URL of StackStorm instance. used by chatops to offer links to execution details in a chat. If unspecified it will use the default in /opt/stackstorm/chatops/st2chatops.env (default: undef)

Default value: undef

`nodejs_version`

Data type: Any

Version of NodeJS to install. If not provided it will be auto-calcuated based on $version (default: undef)

Default value: undef

`nodejs_manage_repo`

Data type: Any

Set this to false when you have your own repositories for NodeJS (default: true)

Default value: true

`redis_bind_ip`

Data type: Any

Bind IP of the Redis server. Default is 127.0.0.1

Default value: $st2::params::redis_bind_ip

`workflowengine_num`

Data type: Any

The number of workflowengines to have in an active active state (default: 1)

Default value: $st2::params::workflowengine_num

`scheduler_num`

Data type: Any

The number of schedulers to have in an active active state (default: 1)

Default value: $st2::params::scheduler_num

`rulesengine_num`

Data type: Any

The number of rulesengines to have in an active active state (default: 1)

Default value: $st2::params::rulesengine_num

`notifier_num`

Data type: Any

The number of notifiers to have in an active active state (default: 1)

Default value: $st2::params::notifier_num

`erlang_url`

Data type: Any

The url for the erlang repositiory to be used for rabbitmq

Default value: $st2::params::erlang_url

`erlang_key`

Data type: Any

The gpg key for the erlang repositiory to be used for rabbitmq

Default value: $st2::params::erlang_key

`validate_output_schema`

Data type: Any

Enable/disable output schema validation in StackStorm

Default value: $st2::params::validate_output_schema

`cli_silence_ssl_warnings`

Data type: Any

Default value: false

`ng_init`

Data type: Any

Default value: true

`datastore_keys_dir`

Data type: Any

Default value: $st2::params::datstore_keys_dir

`datastore_key_path`

Data type: Any

Default value: "${st2::params::datstore_keys_dir}/datastore_key.json"

`rabbitmq_username`

Data type: Any

Default value: $st2::params::rabbitmq_username

`rabbitmq_password`

Data type: Any

Default value: $st2::params::rabbitmq_password

`rabbitmq_hostname`

Data type: Any

Default value: $st2::params::rabbitmq_hostname

`rabbitmq_port`

Data type: Any

Default value: $st2::params::rabbitmq_port

`rabbitmq_bind_ip`

Data type: Any

Default value: $st2::params::rabbitmq_bind_ip

`rabbitmq_vhost`

Data type: Any

Default value: $st2::params::rabbitmq_vhost

`redis_hostname`

Data type: Any

Default value: $st2::params::redis_hostname

`redis_port`

Data type: Any

Default value: $st2::params::redis_port

`redis_password`

Data type: Any

Default value: $st2::params::redis_password

`st2::auth`

StackStorn st2auth service provides a framework for authenticating with various sources. Plugins to this framework that provide authentication implementations are called 'backends'. This generic class can be used to configure the st2auth service and also instantiate a proper backend. The auth backend implementations are in the manifests/auth/ directory.

Examples

Basic usage (via st2)

class { 'st2':
  auth_backend        => 'flat_file',
  auth_backend_config => {
    htpasswd_file => '/etc/something/htpasswd',
  },
}

Instantiate via Hiera

st2::auth_backend: "flat_file"
st2::auth_backend_config"
  htpasswd_file: "/etc/something/htpasswd"

Direct usage (default Flat File auth backend)

include st2::auth

Direct usage to configure a specific auth backend

class { 'st2::auth':
  backend  => 'mongodb',
  backend_config => {
    db_host => 'mongodb.stackstorm.net',
  }
  use_ssl  => true,
  ssl_cert => '/etc/ssl/cert.crt',
  ssl_key  => '/etc/ssl/cert.key',
}

Parameters

The following parameters are available in the st2::auth class:

backend
backend_config
debug
mode
use_ssl
ssl_cert
ssl_key

`backend`

Data type: Any

Determines which auth backend to configure. (default: flat_file) Available backends:

flat_file
keystone
ldap
mongodb
pam

Default value: $st2::auth_backend

`backend_config`

Data type: Any

Hash of parameters to pass to the backend class when it's instantiated. This will be different for every backend. Please see the corresponding backend class to determine what the config options should be.

Default value: $st2::auth_backend_config

`debug`

Data type: Any

Enable Debug (default: false)

Default value: $st2::auth_debug

`mode`

Data type: Any

Authentication mode, either 'standalone' or 'proxy' (default: standalone)

Default value: $st2::auth_mode

`use_ssl`

Data type: Any

Enable SSL (default: false)

Default value: $st2::use_ssl

`ssl_cert`

Data type: Any

Path to SSL Certificate file (default: '/etc/ssl/st2/st2.crt')

Default value: $st2::ssl_cert

`ssl_key`

Data type: Any

Path to SSL Key file (default: '/etc/ssl/st2/st2.key')

Default value: $st2::ssl_key

`st2::auth::common`

Class that contains all of the "common" settings for auth.

Note Don't use directly

Parameters

The following parameters are available in the st2::auth::common class:

api_url
conf_file
debug
mode
use_ssl
ssl_cert
ssl_key

`api_url`

Data type: Any

URL to the StackStorm API

Default value: $st2::auth_api_url

`conf_file`

Data type: Any

The path where st2 config is stored

Default value: $st2::conf_file

`debug`

Data type: Any

Enable Debug (default: false)

Default value: $st2::auth_debug

`mode`

Data type: Any

Authentication mode, either 'standalone' or 'proxy' (default: standalone)

Default value: $st2::auth_mode

`use_ssl`

Data type: Any

Enable SSL (default: false)

Default value: $st2::use_ssl

`ssl_cert`

Data type: Any

Path to SSL Certificate file (default: '/etc/ssl/st2/st2.crt')

Default value: $st2::ssl_cert

`ssl_key`

Data type: Any

Path to SSL Key file (default: '/etc/ssl/st2/st2.key')

Default value: $st2::ssl_key

`st2::auth::flat_file`

Auth class to configure and setup Flat File (htpasswd) Authentication

Examples

Instantiate via st2

class { 'st2':
  auth_backend        => 'flat_file',
  auth_backend_config => {
    htpasswd_file => '/etc/something/htpasswd',
  },
}

Instantiate via Hiera

st2::auth_backend: "flat_file"
st2::auth_backend_config"
  htpasswd_file: "/etc/something/htpasswd"

Parameters

The following parameters are available in the st2::auth::flat_file class:

cli_username
cli_password
conf_file
htpasswd_file

`cli_username`

Data type: Any

CLI config - Auth Username

Default value: $st2::cli_username

`cli_password`

Data type: Any

CLI config - Auth Password

Default value: $st2::cli_password

`conf_file`

Data type: Any

The path where st2 config is stored

Default value: $st2::conf_file

`htpasswd_file`

Data type: Any

Path to htpasswd file (default: /etc/st2/htpasswd)

Default value: $st2::params::auth_htpasswd_file

`st2::auth::keystone`

For information on parameters see the {backend documentation}[https://github.com/StackStorm/st2-auth-backend-keystone#configuration-options]

Examples

Instantiate via st2

class { 'st2':
  auth_backend        => 'keystone',
  auth_backend_config => {
    keystone_url     => 'http://keystone.domain.tld:5000',
    keystone_version => '3',
  },
}

Instantiate via Hiera

st2::auth_backend: "keystone"
st2::auth_backend_config:
  keystone_url: "http://keystone.domain.tld:5000"
  keystone_version: "3"

Parameters

The following parameters are available in the st2::auth::keystone class:

conf_file
keystone_url
keystone_version

`conf_file`

Data type: Any

The path where st2 config is stored

Default value: $st2::conf_file

`keystone_url`

Data type: Any

Keystone URL to connect to (default: '127.0.0.1')

Default value: 'http://127.0.0.1:5000'

`keystone_version`

Data type: Any

Keystone API version (default: '2')

Default value: '2'

`st2::auth::ldap`

For information on parameters see the {backend documentation}[https://docs.stackstorm.com/authentication.html#ldap]

Examples

Instantiate via st2 (Active Directory)

class { 'st2':
  auth_backend        => 'ldap',
  auth_backend_config => {
    host            => 'ldap.domain.tld',
    bind_dn         => 'cn=ldap_stackstorm,ou=service accounts,dc=domain,dc=tld',
    base_dn         => 'dc=domain,dc=tld',
    scope           => 'subtree',
    id_attr         => 'username',
    bind_pw         => 'some_password',
    group_dns       => ['"cn=stackstorm_users,ou=groups,dc=domain,dc=tld"'],
    account_pattern => 'userPrincipalName={username}',
  },
}

Instantiate via Hiera (Active Directory)

st2::auth_backend: "ldap"
st2::auth_backend_config:
  host: "ldaps.domain.tld"
  use_tls: false
  use_ssl: true
  port: 636
  bind_dn: 'cn=ldap_stackstorm,ou=service accounts,dc=domain,dc=tld'
  bind_pw: 'some_password'
  chase_referrals: false
  base_dn: 'dc=domain,dc=tld'
  group_dns:
    - '"cn=stackstorm_users,ou=groups,dc=domain,dc=tld"'
  scope: "subtree"
  id_attr: "username"
  account_pattern: "userPrincipalName={username}"

Parameters

The following parameters are available in the st2::auth::ldap class:

conf_file
host
use_tls
use_ssl
port
bind_dn
bind_pw
base_dn
group_dns
chase_referrals
scope
id_attr
account_pattern
group_pattern

`conf_file`

Data type: Any

The path where st2 config is stored

Default value: $st2::conf_file

`host`

Data type: Any

URI of the LDAP server. Format: ://[:port] (protocol: ldap or ldaps)

Default value: ''

`use_tls`

Data type: Any

Boolean parameter to set if tls is required. Should be set to false using ldaps in the uri. (default: false)

Default value: false

`use_ssl`

Data type: Any

Boolean parameter to set if ssl is required. Should be set to true using ldaps in the uri. (default: false)

Default value: false

`port`

Data type: Any

Integer port to be used for LDAP connection Should be set to false using ldaps in the uri. (default: 389)

Default value: 389

`bind_dn`

Data type: Any

DN user to bind to LDAP. If an empty string, an anonymous bind is performed. To use the user supplied username in the bind_dn, use the {username} placeholder in string.

Default value: ''

`bind_pw`

Data type: Any

DN password. Use the {password} placeholder in the string to use the user supplied password.

Default value: ''

`base_dn`

Data type: Any

Base DN to search for all users/groups entries.

Default value: ''

`group_dns`

Data type: Any

DN of groups user must be member of to be granted access

Default value: undef

`chase_referrals`

Data type: Any

Boolean parameter to set whether to chase referrals. (default: true)

Default value: true

`scope`

Data type: Any

Search scope (base, onelevel, or subtree) (default: subtree)

Default value: 'subtree'

`id_attr`

Data type: Any

Field name of the user ID attribute (default: uid)

Default value: 'uid'

`account_pattern`

Data type: Any

LDAP subtree pattern to match user. The user’s username is escaped and interpolated into this string

Default value: undef

`group_pattern`

Data type: Any

LDAP subtree pattern for user groups. Both user_dn and username are escaped and then interpolated into this string

Default value: undef

`st2::auth::mongodb`

For information on parameters see the {backend documentation}[https://github.com/StackStorm/st2-auth-backend-mongodb#configuration-options]

Examples

Instantiate via st2

class { 'st2':
  auth_backend        => 'mongodb',
  auth_backend_config => {
    db_host => 'mongodb.stackstorm.net',
    db_port => '1234',
    db_name => 'myauthdb',
  },
}

Instantiate via Hiera

st2::auth_backend: "mongodb"
st2::auth_backend_config:
  db_host: "mongodb.stackstorm.net"
  db_port: "1234"
  db_name: "myauthdb"

Parameters

The following parameters are available in the st2::auth::mongodb class:

conf_file
db_host
db_port
db_name
db_auth
db_username
db_password

`conf_file`

Data type: Any

The path where st2 config is stored

Default value: $st2::conf_file

`db_host`

Data type: Any

Hostname for the MongoDB server (default: 127.0.0.1)

Default value: $st2::db_host

`db_port`

Data type: Any

Port for the MongoDB server (default: 27017)

Default value: $st2::db_port

`db_name`

Data type: Any

Database name in MongoDB (default: st2auth)

Default value: 'st2auth'

`db_auth`

Data type: Any

Enable authentication with MongoDB (required for MongoDB installs with auth enabled)

Default value: $st2::mongodb_auth

`db_username`

Data type: Any

Username for MongoDB login (default: st2auth)

Default value: $st2::db_username

`db_password`

Data type: Any

Password for MongoDB login (default: st2auth)

Default value: $st2::db_password

`st2::auth::pam`

Auth class to configure and setup PAM authentication.

TODO Need to configure st2auth service to run as root
Note This backend will NOT allow you to auth with PAM for the 'root' user. You will need to auth a non-root user on the Linux host.

Examples

Instantiate via st2

class { 'st2':
  backend => 'pam',
}

Instantiate via Hiera

st2::auth_backend: "pam"
st2::auth_backend_config: {}

Parameters

The following parameters are available in the st2::auth::pam class:

conf_file

`conf_file`

Data type: Any

The path where st2 config is stored

Default value: $st2::conf_file

`st2::kvs`

Automatically loads Key/Value pairs for StackStorm DB from Hiera

See also
- st2::kv

Examples

Key/value pairs defined in Hiera

st2::kvs:
  keyname:
    value: 'blah'
  mysupercoolkey:
    value: 'xyz123'

`st2::logging::rsyslog`

This class bootstraps a system configured with rsyslog and st2::syslog enabled to route messages to all the right places.

Examples

Basic usage

include st2::logging::rsyslog

`st2::notices`

This is a private class used to store long strings to limit down on lint problems.

Note Please do not call directly

`st2::notifier`

Normally this class is instantiated by +st2::profile::fullinstall+. However, advanced users can instantiate this class directly to configure and manage just the st2notifier service on a single node. Parameters for this class mirror the parameters in the st2 config.

See also
- https://github.com/StackStorm/st2/blob/master/conf/st2.conf.sample

Examples

Basic usage

include st2::notifier

Parameters

The following parameters are available in the st2::notifier class:

notifier_num
notifier_services

`notifier_num`

Data type: Any

The number of notifiers to have in an active active state

Default value: $st2::notifier_num

`notifier_services`

Data type: Any

Name of all the notifier services

Default value: $st2::params::notifier_services

`st2::packs`

Install and configure st2 packages in bulk and via Hiera.

See also
- st2::pack
  - and st2::pack::config for usage

Examples

Basic Usage

class { 'st2::packs':
  packs => {
    puppet => {},
    influxdb => {
      config => {
        server => 'influxdb.domain.tld',
    },
  },
}

Created via Hiera

st2::packs:
  puppet: {}
  influxdb:
    config:
      server => 'influxdb.domain.tld'

Parameters

The following parameters are available in the st2::packs class:

packs

`packs`

Data type: Any

Default value: $st2::packs

`st2::params`

Main parameters to manage the st2 module

Examples

Best Practice

class { 'st2::params':
  admin_username => 'myuser',
  admin_password => 'SuperSecret!',
}
include st2::profile::fullinstall

Parameters

The following parameters are available in the st2::params class:

packs_group_name
hostname
admin_username
admin_password

`packs_group_name`

Data type: Any

The name of the group created to hold the st2 admin user

Default value: 'st2packs'

`hostname`

Data type: Any

Hostname of the StackStorm box. This is used as the default to drive a lot of other parameters in the st2 class such as auth URL, MongoDB host, RabbitMQ host, etc.

Default value: '127.0.0.1'

`admin_username`

Data type: Any

Username of the StackStorm admin user. Best practice is to change this to a unique username.

Default value: 'st2admin'

`admin_password`

Data type: Any

Password of the StackStorm admin user. Best practice is to change this to a unique password.

Default value: 'Ch@ngeMe'

`st2::profile::chatops`

Profile to install and configure chatops for st2

Note This class doesn't need to be invoked directly, instead it's best to customize it through the main +st2+ class

Examples

Basic Usage

class { 'st2':
  chatops_hubot_name => '"@RosieRobot"',
  chatops_api_key    => '"xxxxyyyyy123abc"',
  chatops_adapter    => {
    hubot-adapter => {
      package => 'hubot-rocketchat',
      source  => 'git+ssh://git@git.company.com:npm/hubot-rocketchat#master',
    },
  },
  chatops_adapter_conf => {
    HUBOT_ADAPTER        => 'rocketchat',
    ROCKETCHAT_URL       => 'https://chat.company.com',
    ROCKETCHAT_ROOM      => 'stackstorm',
    LISTEN_ON_ALL_PUBLIC => 'true',
    ROCKETCHAT_USER      => 'st2',
    ROCKETCHAT_PASSWORD  => 'secret123',
    ROCKETCHAT_AUTH      => 'password',
    RESPOND_TO_DM        => 'true',
  },
}

Parameters

The following parameters are available in the st2::profile::chatops class:

version
hubot_log_level
hubot_express_port
tls_cert_reject_unauthorized
hubot_name
hubot_alias
npm_packages
adapter_config
api_key
st2_hostname
web_url
api_url
auth_url
auth_username
auth_password

`version`

Data type: Any

Version of the st2chatops package to install

Default value: $st2::version

`hubot_log_level`

Data type: Any

Hubot log level

Default value: $st2::chatops_hubot_log_level

`hubot_express_port`

Data type: Any

Express port hubot listens to

Default value: $st2::chatops_hubot_express_port

`tls_cert_reject_unauthorized`

Data type: Any

Set to 1 when using self signed certs

Default value: $st2::chatops_tls_cert_reject_unauthorized

`hubot_name`

Data type: Any

Name of the bot in chat. Should be properly quoted if it has special characters, example: '"MyBot!"'

Default value: $st2::chatops_hubot_name

`hubot_alias`

Data type: Any

Character to trigger the bot at the beginning of a message. Must be properly quoted of it's a special character, example: "'!'"

Default value: $st2::chatops_hubot_alias

`npm_packages`

Data type: Any

NodeJS packages to be installed (usually a hubot adapter)

Default value: $st2::chatops_adapter

`adapter_config`

Data type: Any

Configuration parameters for Hubot adapter (hash)

Default value: $st2::chatops_adapter_conf

`api_key`

Data type: Any

API key generated by st2 apikey create that hubot will use to post data back to StackStorm.

Default value: $st2::chatops_api_key

`st2_hostname`

Data type: Any

Hostname of the StackStorm instance that chatops will connect to for API and Auth. If unspecified it will use the default in /opt/stackstorm/chatops/st2chatops.env

Default value: $st2::chatops_st2_hostname

`web_url`

Data type: Any

Public URL of StackStorm instance. Used by chatops to offer links to execution details in a chat. If unspecified it will use the default in /opt/stackstorm/chatops/st2chatops.env

Default value: $st2::chatops_web_url

`api_url`

Data type: Any

URL of the StackStorm API service

Default value: $st2::chatops_api_url

`auth_url`

Data type: Any

URL of the StackStorm Auth service

Default value: $st2::chatops_auth_url

`auth_username`

Data type: Any

StackStorm auth Username for ChatOps to communicate back with StackStorm. Used if +api_key+ is not specified (optional)

Default value: $st2::cli_username

`auth_password`

Data type: Any

StackStorm auth Password for ChatOps to communicate back with StackStorm. Used if +api_key+ is not specified (optional)

Default value: $st2::cli_password

`st2::profile::client`

Profile to install, configure and manage all client libraries for st2

Examples

Basic Usage

include st2::profile::client

Parameters

The following parameters are available in the st2::profile::client class:

auth
api_url
auth_url
base_url
username
password
api_version
cacert
debug
cache_token
silence_ssl_warnings

`auth`

Data type: Any

Is auth enabled or not.

Default value: $st2::auth

`api_url`

Data type: Any

URL of the StackStorm API service

Default value: $st2::cli_api_url

`auth_url`

Data type: Any

URL of the StackStorm Auth service

Default value: $st2::cli_auth_url

`base_url`

Data type: Any

Base URL for other StackStorm services

Default value: $st2::cli_base_url

`username`

Data type: Any

Username for auth on the CLI

Default value: $st2::cli_username

`password`

Data type: Any

Password for auth on the CLI

Default value: $st2::cli_password

`api_version`

Data type: Any

Version of the StackStorm API

Default value: $st2::cli_api_version

`cacert`

Data type: Any

Path to the SSL CA certficate for the StackStorm services

Default value: $st2::cli_cacert

`debug`

Data type: Any

Enable debug mode

Default value: $st2::cli_debug

`cache_token`

Data type: Any

Enable cacheing authentication tokens until they expire

Default value: $st2::cli_cache_token

`silence_ssl_warnings`

Data type: Any

Enable silencing SSL warnings for self-signed certs

Default value: $st2::cli_silence_ssl_warnings

`st2::profile::facter`

Setup custom fact locations

Examples

Basic Usage

include st2::profile::facter

`st2::profile::fullinstall`

Components:

RabbitMQ
Python
MongoDB
NodeJS
nginx

Examples

Basic Usage

include st2::profile::fullinstall

Customizing parameters

# Customizations are done via the main st2 class
class { 'st2':
  # ... assign custom parameters
}

include st2::profile::fullinstall

`st2::profile::mongodb`

StackStorm compatable installation of MongoDB and dependencies.

Examples

Basic Usage

include st2::profile::mongodb

Customize (done via st2)

class { 'st2':
  db_name     => 'stackstormdb',
  db_username => 'abc',
  db_password => 'xyz123',
  db_port     => 12345,
}
include st2::profile::mongodb

Parameters

The following parameters are available in the st2::profile::mongodb class:

db_name
db_username
db_password
db_port
db_bind_ips
version
manage_repo
auth

`db_name`

Data type: Any

Name of the StackStorm database

Default value: $st2::db_name

`db_username`

Data type: Any

Username to connect to db with

Default value: $st2::db_username

`db_password`

Data type: Any

Password for 'admin' and 'stackstorm' users in MongDB. If 'undef' then use $cli_password

Default value: $st2::db_password

`db_port`

Data type: Any

Port for db server for st2 to talk to

Default value: $st2::db_port

`db_bind_ips`

Data type: Any

Array of bind IP addresses for MongoDB to listen on

Default value: $st2::db_bind_ips

`version`

Data type: Any

Version of MongoDB to install. If not provided it will be auto-calcuated based on $st2::version.

Default value: $st2::mongodb_version

`manage_repo`

Data type: Any

Set this to +false+ when you have your own repositories for mongodb

Default value: $st2::mongodb_manage_repo

`auth`

Data type: Any

Boolean determining if auth should be enabled for MongoDB.

Default value: $st2::mongodb_auth

`st2::profile::nginx`

StackStorm compatible installation of nginx and dependencies.

Examples

Basic Usage

include st2::profile::nginx

Disable managing the nginx repo so you can manage it yourself

class { 'st2::profile::nginx':
  manage_repo => false,
}

Parameters

The following parameters are available in the st2::profile::nginx class:

manage_repo

`manage_repo`

Data type: Any

Set this to false when you have your own repository for nginx

Default value: $st2::nginx_manage_repo

`st2::profile::nodejs`

This class is needed for StackStorm ChatOps +st2::profile::chatops::. Normally this class is instantiated by +st2::profile::fullinstall+. However, advanced users can instantiate this class directly to configure and manage just the NodeJS installation on a single node.

Examples

Basic Usage

include st2::profile::nodejs

Custom Parameters

class { 'st2::profile::nodejs':
}

Parameters

The following parameters are available in the st2::profile::nodejs class:

manage_repo
version

`manage_repo`

Data type: Any

Set this to false when you have your own repositories for NodeJS.

Default value: $st2::nodejs_manage_repo

`version`

Data type: Any

Version of NodeJS to install. If not provided it will be auto-calcuated based on $st2::version

Default value: $st2::nodejs_version

`st2::profile::python`

include st2::profile::python

Examples

Basic Usage

include st2::profile::python

Install with python 3.8 (if not default on your system)

$st2_python_version = $facts['os']['family'] ? {
  'RedHat' => '3.8',
  'Debian' => 'python3.8',
}
class { 'st2':
  python_version            => $st2_python_version,
}

Parameters

The following parameters are available in the st2::profile::python class:

version

`version`

Data type: String

Version of Python to install. Default is 'system' meaning the system version of Python will be used. To install Python 3.8 on RHEL/CentOS/Rocky 7/8 specify '3.8'. To install Python 3.8 on Ubuntu 18.04/20.04 specify 'python3.8'.

Default value: $st2::python_version

`st2::profile::rabbitmq`

StackStorm compatable installation of RabbitMQ and dependencies.

Examples

Basic Usage

include st2::profile::rabbitmq

Authentication enabled (configured vi st2)

class { 'st2':
  rabbitmq_username => 'rabbitst2',
  rabbitmq_password => 'secret123',
}
include st2::profile::rabbitmq

Parameters

The following parameters are available in the st2::profile::rabbitmq class:

username
password
port
bind_ip
vhost
erlang_url
erlang_key

`username`

Data type: Any

User to create within RabbitMQ for authentication.

Default value: $st2::rabbitmq_username

`password`

Data type: Any

Password of +username+ for RabbitMQ authentication.

Default value: $st2::rabbitmq_password

`port`

Data type: Any

Port to bind to for the RabbitMQ server

Default value: $st2::rabbitmq_port

`bind_ip`

Data type: Any

IP address to bind to for the RabbitMQ server

Default value: $st2::rabbitmq_bind_ip

`vhost`

Data type: Any

RabbitMQ virtual host to create for StackStorm

Default value: $st2::rabbitmq_vhost

`erlang_url`

Data type: Any

Default value: $st2::erlang_url

`erlang_key`

Data type: Any

Default value: $st2::erlang_key

`st2::profile::redis`

StackStorm compatable installation of Redis.

Examples

Basic Usage

include st2::profile::redis

Install with redis

class { '::redis':
   bind_ip => '127.0.0.1',
 }

Parameters

The following parameters are available in the st2::profile::redis class:

bind_ip

`bind_ip`

Data type: String

Bind IP of the Redis server. Default is 127.0.0.1

Default value: $st2::redis_bind_ip

`st2::profile::selinux`

Configure SELinux so that StackStorm services run properly

Examples

Basic Usage

include st2::profile::selinux

`st2::profile::server`

Profile to install, configure and manage all server components for st2

Examples

Basic usage

include st2::profile::server

Parameters

The following parameters are available in the st2::profile::server class:

version
conf_dir
conf_file
auth
actionrunner_workers
st2api_listen_ip
st2api_listen_port
st2auth_listen_ip
st2auth_listen_port
syslog
syslog_host
syslog_protocol
syslog_port
syslog_facility
ssh_key_location
db_username
db_password
index_url
ng_init
rabbitmq_username
rabbitmq_password
rabbitmq_hostname
rabbitmq_port
rabbitmq_vhost
redis_hostname
redis_port
redis_password
packs_group
validate_output_schema

`version`

Data type: Any

Version of StackStorm to install

Default value: $st2::version

`conf_dir`

Data type: Any

The directory where st2 configs are stored

Default value: $st2::conf_dir

`conf_file`

Data type: Any

The path where st2 config is stored

Default value: $st2::conf_file

`auth`

Data type: Any

Toggle Auth

Default value: $st2::auth

`actionrunner_workers`

Data type: Any

Set the number of actionrunner processes to start

Default value: $st2::actionrunner_workers

`st2api_listen_ip`

Data type: Any

Listen IP for st2api process

Default value: '127.0.0.1'

`st2api_listen_port`

Data type: Any

Listen port for st2api process

Default value: '9101'

`st2auth_listen_ip`

Data type: Any

Listen IP for st2auth process

Default value: '127.0.0.1'

`st2auth_listen_port`

Data type: Any

Listen port for st2auth process

Default value: '9100'

`syslog`

Data type: Any

Routes all log messages to syslog

Default value: $st2::syslog

`syslog_host`

Data type: Any

Syslog host.

Default value: $st2::syslog_host

`syslog_protocol`

Data type: Any

Syslog protocol.

Default value: $st2::syslog_protocol

`syslog_port`

Data type: Any

Syslog port.

Default value: $st2::syslog_port

`syslog_facility`

Data type: Any

Syslog facility.

Default value: $st2::syslog_facility

`ssh_key_location`

Data type: Any

Location on filesystem of Admin SSH key for remote runner

Default value: $st2::ssh_key_location

`db_username`

Data type: Any

Username to connect to MongoDB with (default: 'stackstorm')

Default value: $st2::db_username

`db_password`

Data type: Any

Password for 'stackstorm' user in MongDB.

Default value: $st2::db_password

`index_url`

Data type: Any

Url to the StackStorm Exchange index file. (default undef)

Default value: $st2::index_url

`ng_init`

Data type: Any

Default value: $st2::ng_init

`rabbitmq_username`

Data type: Any

Default value: $st2::rabbitmq_username

`rabbitmq_password`

Data type: Any

Default value: $st2::rabbitmq_password

`rabbitmq_hostname`

Data type: Any

Default value: $st2::rabbitmq_hostname

`rabbitmq_port`

Data type: Any

Default value: $st2::rabbitmq_port

`rabbitmq_vhost`

Data type: Any

Default value: $st2::rabbitmq_vhost

`redis_hostname`

Data type: Any

Default value: $st2::redis_hostname

`redis_port`

Data type: Any

Default value: $st2::redis_port

`redis_password`

Data type: Any

Default value: $st2::redis_password

`packs_group`

Data type: Any

Default value: $st2::packs_group_name

`validate_output_schema`

Data type: Any

Default value: $st2::validate_output_schema

`st2::profile::web`

Profile to install, configure and manage StackStorm web UI (st2web).

Examples

Basic Usage

include st2::profile::web'

Managing your own certificate

# create your own certificate and key in the correct locations
file { '/etc/ssl/st2/st2.crt':
  content => 'my cert data',
}
file { '/etc/ssl/st2/st2.key':
  content => 'my privatekey data',
}

# instantiate this profile with ssl_cert_manage false
class { 'st2::profile::web':
  ssl_cert_manage => false,
}

Change the SSL protocols and ciphers

class { 'st2::profile::web':
  nginx_ssl_protocols => ['TLSv1.2'],
  nginx_ssl_ciphers => [
    'ECDHE-ECDSA-AES256-GCM-SHA384',
    'ECDHE-ECDSA-AES256-SHA384',
  ],
}

Parameters

The following parameters are available in the st2::profile::web class:

nginx_ssl_ciphers
nginx_ssl_protocols
nginx_ssl_port
nginx_client_max_body_size
ssl_cert_manage
ssl_dir
ssl_cert
ssl_key
version
web_root

`nginx_ssl_ciphers`

Data type: Variant[Array[String], String]

String or list of strings of acceptable SSL ciphers to configure nginx with. @see http://nginx.org/en/docs/http/ngx_http_ssl_module.html Note: the defaults are setup to restrict to TLSv1.2 and TLSv1.3 secure ciphers only (secure by default). The secure ciphers for each protocol were obtained via: @see https://wiki.mozilla.org/Security/Server_Side_TLS

Default value: $st2::nginx_ssl_ciphers

`nginx_ssl_protocols`

Data type: Variant[Array[String], String]

String or list of strings of acceptable SSL protocols to configure nginx with. @see http://nginx.org/en/docs/http/ngx_http_ssl_module.html Note: the defaults are setup to restrict to TLSv1.2 and TLSv1.3 only (secure by default)

Default value: $st2::nginx_ssl_protocols

`nginx_ssl_port`

Data type: Stdlib::Port

What port should nginx listen on publicly for new connections (default: 443)

Default value: $st2::nginx_ssl_port

`nginx_client_max_body_size`

Data type: String

The maximum size of the body for a request allow through nginx. We default this to '0' to allow for large messages/payloads/inputs/results to be passed through nginx as is normal in the StackStorm context. @see http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size

Default value: $st2::nginx_client_max_body_size

`ssl_cert_manage`

Data type: Boolean

Boolean to determine if this module should manage the SSL certificate used by nginx.

Default value: $st2::ssl_cert_manage

`ssl_dir`

Data type: Stdlib::Absolutepath

Directory where st2web will look for its SSL info. (default: /etc/ssl/st2)

Default value: $st2::ssl_dir

`ssl_cert`

Data type: String

Path to the file where the StackStorm SSL cert will be generated. (default: /etc/ssl/st2/st2.crt)

Default value: $st2::ssl_cert

`ssl_key`

Data type: String

Path to the file where the StackStorm SSL key will be generated. (default: /etc/ssl/st2/st2.key)

Default value: $st2::ssl_key

`version`

Data type: String

Version of StackStorm WebUI to install

Default value: $st2::version

`web_root`

Data type: String

Directory where the StackStorm WebUI site lives on the filesystem

Default value: $st2::web_root

`st2::repo`

Manages the installation of st2 required repos for installing the StackStorm packages.

Examples

Basic usage

include st2::repo

Installing from unstable

class { 'st2::repo':
  repository => 'unstable',
}

Parameters

The following parameters are available in the st2::repo class:

ensure
repository
manage_epel_repo

`ensure`

Data type: Enum['present', 'absent']

The basic state the repo should be in

Default value: 'present'

`repository`

Data type: St2::Repository

Release repository to enable

Default value: $st2::repository

`manage_epel_repo`

Data type: Boolean

Default value: true

`st2::repo::apt`

Apt repo for StackStorm

`st2::repo::yum`

Yum repo for StackStorm

`st2::rulesengine`

Normally this class is instantiated by +st2::profile::fullinstall+. However, advanced users can instantiate this class directly to configure and manage just the st2rulesengine service on a single node. Parameters for this class mirror the parameters in the st2 config.

See also
- https://github.com/StackStorm/st2/blob/master/conf/st2.conf.sample

Examples

Basic usage

include st2::rulesengine

Parameters

The following parameters are available in the st2::rulesengine class:

rulesengine_num
rulesengine_services

`rulesengine_num`

Data type: Any

The number of rulesengines to have in an active active state

Default value: $st2::rulesengine_num

`rulesengine_services`

Data type: Any

Name of all the rulesengine services

Default value: $st2::params::rulesengine_services

`st2::scheduler`

Normally this class is instantiated by st2::profile::fullinstall. However, advanced users can instantiate this class directly to configure and manage just the st2scheduler service on a single node. Parameters for this class mirror the parameters in the st2 config.

See also
- https://github.com/StackStorm/st2/blob/master/conf/st2.conf.sample#L251-L259

Examples

Basic usage

include st2::scheduler

Customizing parameters

class { 'st2::scheduler':
  sleep_interval => 60,
  gc_interval    => 120,
}

Parameters

The following parameters are available in the st2::scheduler class:

sleep_interval
gc_interval
pool_size
scheduler_num
scheduler_services

`sleep_interval`

Data type: Any

How long (in seconds) to sleep between each action scheduler main loop run interval.

Default value: $st2::scheduler_sleep_interval

`gc_interval`

Data type: Any

How often (in seconds) to look for zombie execution requests before rescheduling them.

Default value: $st2::scheduler_gc_interval

`pool_size`

Data type: Any

The size of the pool used by the scheduler for scheduling executions.

Default value: $st2::scheduler_pool_size

`scheduler_num`

Data type: Any

The number of schedulers to have in an active active state

Default value: $st2::scheduler_num

`scheduler_services`

Data type: Any

Name of all the scheduler services.

Default value: $st2::params::scheduler_services

`st2::server::datastore_keys`

Generates and manages crypto keys for use with the StackStorm datastore

Examples

Basic Usage

include st2::server::datastore_keys

Custom key path

class { 'st2::server::datastore_keys':
  keys_dir => '/path/to/custom/keys',
  key_path => '/path/to/custom/keys/datastore_key.json.',
}

Parameters

The following parameters are available in the st2::server::datastore_keys class:

conf_file
keys_dir
key_path

`conf_file`

Data type: Any

The path where st2 config is stored

Default value: $st2::conf_file

`keys_dir`

Data type: Any

The directory where the datastore keys will be stored

Default value: $st2::datastore_keys_dir

`key_path`

Data type: Any

Path to the key file

Default value: $st2::datastore_key_path

`st2::stanley`

Installs the default admin user for st2 (stanley).

Note Will install auto-generate SSH keys of none are provided.

Examples

Basic Usage

include st2::stanley

Custom SSH keys

class { 'st2::stanley':
  ssh_key_type => 'ssh-rsa',
  ssh_public_key => 'AAAAAWESOMEKEY==',
  ssh_private_key => '----- BEGIN RSA PRIVATE KEY -----\nDEADBEEF\n----- END RSA PRIVATE KEY -----',
}

Parameters

The following parameters are available in the st2::stanley class:

username
ssh_public_key
ssh_key_type
ssh_private_key
client
server

`username`

Data type: Any

Name of the stanley user

Default value: 'stanley'

`ssh_public_key`

Data type: Any

SSH Public Key without leading key-type and end email

Default value: undef

`ssh_key_type`

Data type: Any

Type of SSH Key (ssh-dsa/ssh-rsa)

Default value: undef

`ssh_private_key`

Data type: Any

Private key

Default value: undef

`client`

Data type: Any

Allow incoming connections from the defined user

Default value: true

`server`

Data type: Any

Server where connection requests originate (usually st2 server)

Default value: true

`st2::timersengine`

Normally this class is instantiated by +st2::profile::fullinstall+. However, advanced users can instantiate this class directly to configure and manage just the st2timersengine service on a single node. Parameters for this class mirror the parameters in the st2 config.

See also
- https://github.com/StackStorm/st2/blob/master/conf/st2.conf.sample#L337-L343

Examples

Basic usage

include st2::timersengine

Customizing parameters

class { 'st2::timersengine':
  enabled  => true,
  timezone => 'America/Los_Angeles',
}

Parameters

The following parameters are available in the st2::timersengine class:

enabled
timezone

`enabled`

Data type: Any

Specify to enable timer service.

Default value: $st2::timersengine_enabled

`timezone`

Data type: Any

Timezone pertaining to the location where st2 is run.

Default value: $st2::timersengine_timezone

`st2::workflowengine`

Normally this class is instantiated by +st2::profile::fullinstall+. However, advanced users can instantiate this class directly to configure and manage just the st2workflowengine service on a single node. Parameters for this class mirror the parameters in the st2 config.

See also
- https://github.com/StackStorm/st2/blob/master/conf/st2.conf.sample

Examples

Basic usage

include st2::workflowengine

Parameters

The following parameters are available in the st2::workflowengine class:

workflowengine_num
workflowengine_services

`workflowengine_num`

Data type: Any

The number of workflowengines to have in an active active state

Default value: $st2::workflowengine_num

`workflowengine_services`

Data type: Any

Name of all the workflowengine services.

Default value: $st2::params::workflowengine_services

Defined types

`st2::auth_user`

Creates and manages StackStorm application users (flat_file auth only)

Examples

Basic usage

st2::auth_user { 'st2admin':
  password => 'neato!',
}

Parameters

The following parameters are available in the st2::auth_user defined type:

name
ensure
password

`name`

Name of the user

`ensure`

Data type: Any

Ensure user exists or not

Default value: present

`password`

Data type: Any

User's password

Default value: undef

`st2::client::settings`

Generates a configuration file for the st2 CLI (st2client)

Examples

Basic usage

st2::client::settings { 'john':
  username => 'st2_john',
  password => 'xyz123',
}

Parameters

The following parameters are available in the st2::client::settings defined type:

name
user
homedir
auth
api_url
auth_url
base_url
username
password
disable_credentials
api_version
cacert
debug
cache_token
silence_ssl_warnings

`name`

OS-level username. Used to determine where the config file will be placed.

`user`

Data type: Any

See name

Default value: $name

`homedir`

Data type: Any

Path to home directory of the user.

Default value: "/home/${name}"

`auth`

Data type: Any

Is auth enabled or not.

Default value: $st2::auth

`api_url`

Data type: Any

URL of the StackStorm API service

Default value: $st2::cli_api_url

`auth_url`

Data type: Any

URL of the StackStorm Auth service

Default value: $st2::cli_auth_url

`base_url`

Data type: Any

Base URL for other StackStorm services

Default value: $st2::cli_base_url

`username`

Data type: Any

Username for auth on the CLI

Default value: $st2::cli_username

`password`

Data type: Any

Password for auth on the CLI

Default value: $st2::cli_password

`disable_credentials`

Data type: Any

Prevents credentials (username, password) from being written to the config file

Default value: false

`api_version`

Data type: Any

Version of the StackStorm API

Default value: $st2::cli_api_version

`cacert`

Data type: Any

Path to the SSL CA certficate for the StackStorm services

Default value: $st2::cli_cacert

`debug`

Data type: Any

Enable debug mode

Default value: $st2::cli_debug

`cache_token`

Data type: Any

Enable cacheing authentication tokens until they expire

Default value: $st2::cli_cache_token

`silence_ssl_warnings`

Data type: Any

Enable silencing SSL warnings for self-signed certs

Default value: $st2::cli_silence_ssl_warnings

`st2::kv`

Sets a value to the StackStorm Key/Value Store

Examples

Basic usage

st2::kv { 'install_uuid':
  value => $_uuid,
}

Parameters

The following parameters are available in the st2::kv defined type:

key
value
ensure
apikey

`key`

Data type: Any

Key to set

Default value: $name

`value`

Data type: Any

Value of key

`ensure`

Data type: Any

Default value: present

`apikey`

Data type: Any

Default value: $st2::cli_apikey

`st2::pack`

Manages a StackStorm Pack

Examples

Basic Usage

st2::pack { 'puppet': }

Install from a custom URL

st2::pack { 'custom':
  repo_url => 'http://github.com/myorg/stackstorm-custom.git',
}

Parameters

The following parameters are available in the st2::pack defined type:

pack
repo_url
config
ensure
version

`pack`

Data type: Any

Name of the pack to install.

Default value: $name

`repo_url`

Data type: Any

URL of the package to install when not installing from the exchange.

Default value: undef

`config`

Data type: Any

Hash that will be translated into YAML in the pack's config file after installation.

Default value: undef

`ensure`

Data type: Any

Default value: present

`version`

Data type: Any

Default value: undef

`st2::rbac`

This defined type creates RBAC resources for users

Note This is an enterprise feature, and requires a license to be used.

Examples

st2::rbac { 'admin':
  description => "Administrative user",
  roles       => [
    'observer',
    'my_test_role',
  ],
}

Parameters

The following parameters are available in the st2::rbac defined type:

ensure
user
description
roles

`ensure`

Data type: Any

Default value: 'present'

`user`

Data type: Any

Default value: $name

`description`

Data type: Any

Default value: 'Created and managed by Puppet'

`roles`

Data type: Any

Default value: []

`st2::service`

Creates additional service for components that can be scaled out

Examples

build st2workflowengine service

st2::service { 'st2workflowengine':
  service_name => 'st2workflowengine-rsa',
  service_num => '2',
  existing_services => ['st2workflowengine'],
}

Parameters

The following parameters are available in the st2::service defined type:

service_name
service_num
existing_services

`service_name`

Data type: Any

The service name that we are attempting to scale

`service_num`

Data type: Any

The number of servicees that should be scaled out

`existing_services`

Data type: Any

The service to make sure are enabled and running. All new service are automatically added to this.

`st2::user`

Creates an system (OS level) user for use with StackStorm

Examples

Custom SSH keys

st2::user { 'stanley':
  ssh_key_type => 'ssh-rsa',
  ssh_public_key => 'AAAAAWESOMEKEY==',
  ssh_private_key => '----- BEGIN RSA PRIVATE KEY -----\nDEADBEEF\n----- END RSA PRIVATE KEY -----',
}

Parameters

The following parameters are available in the st2::user defined type:

client
server
create_sudo_entry
ssh_public_key
ssh_key_type
ssh_private_key
groups
ssh_dir

`client`

Data type: Any

Allow incoming connections from the defined user

Default value: true

`server`

Data type: Any

Server where connection requests originate (usually st2 server)

Default value: false

`create_sudo_entry`

Data type: Any

Manage the sudoers entry (default: false)

Default value: false

`ssh_public_key`

Data type: Any

SSH Public Key without leading key-type and end email.

Default value: undef

`ssh_key_type`

Data type: Any

Type of SSH Key (ssh-dsa/ssh-rsa)

Default value: undef

`ssh_private_key`

Data type: Any

SSH Private key. If not specified, then one will be generated.

Default value: undef

`groups`

Data type: Any

List of groups (OS level) that this user should be a member of

Default value: undef

`ssh_dir`

Data type: Any

Directory where SSH keys will be stored

Default value: "/home/${name}/.ssh"

Resource types

`st2_pack`

Manage st2 packs

Properties

The following properties are available in the st2_pack type.

`ensure`

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

Parameters

The following parameters are available in the st2_pack type.

apikey
name
password
provider
source
user
version

`apikey`

St2 apikey

`name`

namevar

Name of the pack.

`password`

St2 cli password

`provider`

The specific backend to use for this st2_pack resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform.

`source`

Git URL for st2 pack

`user`

St2 cli user

`version`

Specific pack version to install

Functions

`st2::urlencode`

Type: Ruby 4.x API

URL encodes a string

Examples

Basic usage

st2::urlencode('xyz!123')

`st2::urlencode(String $url)`

URL encodes a string

Returns: String URL encoded data

Examples

Basic usage

st2::urlencode('xyz!123')

`url`

Data type: String

Raw URL data to encode

`st2::version_ge`

Type: Puppet Language

Determines if the StackStorm version installed on the system $facts['st2_version'] or the version requested by the user $st2::version is greater than or equal to $version.

This is used to determine if this Puppet module should enable features for managing specific versions of StackStorm. Older versions of StackStorm will not have new features and we don't want this module to try and manage them if they're not present on the system.

Users who have old version of StackStorm installed may have $st2::version = 'present' or $st2::version = 'installed'. In this case, we don't want to assume the user has a new version of StackStorm or wants to upgrade. Instead, we should assume that this the installed version of StackStorm is the version we should be using to compare.

Examples

Basic Usage

if st2::version_ge('2.4.0') {
  # ... do something only for StackStorm version >= 2.4.0
}

`st2::version_ge(String $version)`

Determines if the StackStorm version installed on the system $facts['st2_version'] or the version requested by the user $st2::version is greater than or equal to $version.

This is used to determine if this Puppet module should enable features for managing specific versions of StackStorm. Older versions of StackStorm will not have new features and we don't want this module to try and manage them if they're not present on the system.

Users who have old version of StackStorm installed may have $st2::version = 'present' or $st2::version = 'installed'. In this case, we don't want to assume the user has a new version of StackStorm or wants to upgrade. Instead, we should assume that this the installed version of StackStorm is the version we should be using to compare.

Returns: Boolean True if the StackStorm version on the system or $st2::version is

= to the +version+ parameter.

Examples

Basic Usage

if st2::version_ge('2.4.0') {
  # ... do something only for StackStorm version >= 2.4.0
}

`version`

Data type: String

Version string to compare against. This should be in SemVer format

Data types

`St2::Repository`

Validate the type of system package repository for StackStorm

Alias of

Enum['stable', 'unstable', 'staging-stable', 'staging-unstable']

Tasks

`key_decrypt`

Decrypt a StackStorm key/value pair. TODO - Remove this when the following is closed: StackStorm/st2#4545

Supports noop? false

Parameters

`crypto_key_path`

Data type: String

Path to StackStorm crypto key

`keys`

Data type: Array[Hash]

List of key value pairs

`key_get`

Retrieve the value for a key from the StackStorm datastore

Supports noop? false

Parameters

`key`

Data type: String[1]

Key to get

`scope`

Data type: Optional[String]

Scope to retrieve the data from. Default = 'system'

`decrypt`

Data type: Optional[Boolean]

Decrypt secret if encrypted. Default = false

`convert`

Data type: Optional[Boolean]

Attempt to convert the string into a hash, array, etc by parsing it as JSON. If an error occurs the string data will be returned. Default = true

`api_key`

Data type: Optional[String]

StackStorm API key to use for authentication (prefer this over username/password).

`auth_token`

Data type: Optional[String]

StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.

`username`

Data type: Optional[String]

Username to use for StackStorm authentication.

`password`

Data type: Optional[String]

Password to use for StackStorm authentication.

`key_load`

Load a list of a StackStorm key/value pairs into the datastore

Supports noop? false

Parameters

`keys`

Data type: Array[Hash]

List of key value pairs. Each hash should have a 'name' and 'value' key. Example: {'name': 'mydatastorkey', 'value': 'valueinthedatastore'} . For more details , see: https://docs.stackstorm.com/datastore.html#loading-key-value-pairs-from-a-file

`convert`

Data type: Optional[Boolean]

Convert non-string types (hash, array, boolean, int, float) to a JSON string before loading it into the datastore.

`api_key`

Data type: Optional[String]

StackStorm API key to use for authentication (prefer this over username/password).

`auth_token`

Data type: Optional[String]

StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.

`username`

Data type: Optional[String]

Username to use for StackStorm authentication.

`password`

Data type: Optional[String]

Password to use for StackStorm authentication.

`pack_install`

Install a list of packs

Supports noop? false

Parameters

`packs`

Data type: Array[String]

List of packs to install. This can either be the name of a pack to install from the exchange, a URL to a pack to install from git://user@domain/pack.git or https://github.com/org/pack.git, or the path to a local git repo file:///path/to/local/pack

`api_key`

Data type: Optional[String]

StackStorm API key to use for authentication (prefer this over username/password).

`auth_token`

Data type: Optional[String]

StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.

`username`

Data type: Optional[String]

Username to use for StackStorm authentication.

`password`

Data type: Optional[String]

Password to use for StackStorm authentication.

`pack_list`

Get a list of packs

Supports noop? false

Parameters

`api_key`

Data type: Optional[String]

StackStorm API key to use for authentication (prefer this over username/password).

`auth_token`

Data type: Optional[String]

StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.

`username`

Data type: Optional[String]

Username to use for StackStorm authentication.

`password`

Data type: Optional[String]

Password to use for StackStorm authentication.

`pack_register`

Registers a pack that exists on the filesystem

Supports noop? false

Parameters

`paths`

Data type: Array[String]

Array of directories on the local StackStorm filesystem where the pack contents currently exist and will be used to register from.

`api_key`

Data type: Optional[String]

StackStorm API key to use for authentication (prefer this over username/password).

`auth_token`

Data type: Optional[String]

StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.

`username`

Data type: Optional[String]

Username to use for StackStorm authentication.

`password`

Data type: Optional[String]

Password to use for StackStorm authentication.

`pack_remove`

Remove a list of packs

Supports noop? false

Parameters

`packs`

Data type: Array[String]

List of packs names to remove

`api_key`

Data type: Optional[String]

StackStorm API key to use for authentication (prefer this over username/password).

`auth_token`

Data type: Optional[String]

StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.

`username`

Data type: Optional[String]

Username to use for StackStorm authentication.

`password`

Data type: Optional[String]

Password to use for StackStorm authentication.

`rule_disable`

Disable a given rule

Supports noop? false

Parameters

`rule`

Data type: String

Name of a rule to disable (format: pack_name.rule_name)

`api_key`

Data type: Optional[String]

StackStorm API key to use for authentication (prefer this over username/password).

`auth_token`

Data type: Optional[String]

StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.

`username`

Data type: Optional[String]

Username to use for StackStorm authentication.

`password`

Data type: Optional[String]

Password to use for StackStorm authentication.

`rule_list`

Return a list of rules.

Supports noop? false

Parameters

`pack`

Data type: Optional[String]

Name of a pack if you want to return rules only for a given pack.

`api_key`

Data type: Optional[String]

StackStorm API key to use for authentication (prefer this over username/password).

`auth_token`

Data type: Optional[String]

StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.

`username`

Data type: Optional[String]

Username to use for StackStorm authentication.

`password`

Data type: Optional[String]

Password to use for StackStorm authentication.

`run`

Runs a StackStorm action

Supports noop? false

Parameters

`action`

Data type: String

Name of the action to execute

`parameters`

Data type: Optional[Array[String]]

Array of parameter strings to pass to the execution. Named arguments should be of the format 'param=value' positional parameters can be put in their normal order as strings.

`api_key`

Data type: Optional[String]

StackStorm API key to use for authentication (prefer this over username/password).

`auth_token`

Data type: Optional[String]

StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.

`username`

Data type: Optional[String]

Username to use for StackStorm authentication.

`password`

Data type: Optional[String]

Password to use for StackStorm authentication.

Plans

`st2::upgrade_mongodb`

The default upgrade for this plan goes from 3.4 to 3.6 and ultimately to 4.0

High level steps:

stop stackstorm

https://docs.mongodb.com/manual/release-notes/3.6-upgrade-standalone/

set MongoDB feature compatibility to 3.4
change package repo to 3.8
upgrade packages
set MongoDB feature compatibility to 3.8

https://docs.mongodb.com/manual/release-notes/4.0-upgrade-standalone/

change package repo to 4.0
upgrade packages
set MongoDB feature compatibility to 4.0
start stackstorm

Examples

Basic usage

bolt plan run st2::upgrade_mongodb --targets ssh_nodes --params '{"mongo_password": "xxx"}'

Upgrading enterprise packages

bolt plan run st2::upgrade_mongodb --targets ssh_nodes --params '{"mongo_password": "xxx", "mongo_packages": ["mongodb-enterprise-server", "mongodb-enterprise-shell", "mongodb-enterprise-tools"], "mongo_edition": "enterprise"}'

Upgrading from 3.6 to 4.0

bolt plan run st2::upgrade_mongodb --targets ssh_nodes --params '{"mongo_password": "xxx", "upgrade_version_start": "3.8", "upgrade_version_path": ["4.0"]}'

Upgrading from 3.4 to 3.6 to 4.0

bolt plan run st2::upgrade_mongodb --targets ssh_nodes --params '{"mongo_password": "xxx", "upgrade_version_start": "3.4", "upgrade_version_path": ["3.8", "4.0"]}'

Parameters

The following parameters are available in the st2::upgrade_mongodb plan:

targets
mongo_admin_db
mongo_username
mongo_password
mongo_packages
mongo_edition
upgrade_version_start
upgrade_version_path

`targets`

Data type: TargetSpec

Set of targets (MongoDB hosts) that this plan will be executed on.

`mongo_admin_db`

Data type: String

Name of the admin database for MongoDB

Default value: 'admin'

`mongo_username`

Data type: String

Name of the admin user on the admin database

Default value: 'admin'

`mongo_password`

Data type: String

Password of the admin user on the admin database

`mongo_packages`

Data type: Array[String]

List of MongoDB packages that will be upgraded

Default value: ['mongodb-org-server', 'mongodb-org-shell', 'mongodb-org-tools']

`mongo_edition`

Data type: Enum['enterprise', 'org']

What edition of MongoDB should be setup from a repo perspective, either 'org' for community edition, or 'enterprise' for enterprise edition.

Default value: 'org'

`upgrade_version_start`

Data type: String

Version of MongoDB that the database is currently on, ie. where we are starting from.

Default value: '3.4'

`upgrade_version_path`

Data type: Array[String]

List of versions that we will upgrade through along our path to success!

Default value: ['3.6', '4.0']

Files

REFERENCE.md

Latest commit

History

REFERENCE.md

File metadata and controls

Reference

Table of Contents

Classes

Defined types

Resource types

Functions

Data types

Tasks

Plans

Classes

st2

Examples

Basic Usage

Variables can be set in Hiera and take advantage of automatic data bindings:

Customizing parameters

Different passwords for each database (MongoDB, RabbitMQ)

Install with python 3.8 (if not default on your system)

Parameters

version

python_version

repository

conf_dir

conf_file

use_ssl

ssl_cert_manage

ssl_dir

ssl_cert

ssl_key

auth

auth_api_url

auth_debug

auth_mode

auth_backend

auth_backend_config

cli_base_url

cli_api_version

cli_debug

cli_cache_token

cli_username

cli_password

cli_apikey

cli_api_url

cli_auth_url

actionrunner_workers

packs

packs_group

index_url

syslog

syslog_host

syslog_protocol

syslog_port

syslog_facility

ssh_key_location

db_host

db_port

db_bind_ips

db_name

db_username

db_password

mongodb_version

mongodb_manage_repo

mongodb_auth

nginx_manage_repo

nginx_ssl_ciphers

nginx_ssl_protocols

nginx_ssl_port

nginx_client_max_body_size

web_root

timersengine_enabled

timersengine_timezone

scheduler_sleep_interval

scheduler_gc_interval

scheduler_pool_size

chatops_adapter

`st2`

`version`

`python_version`

`repository`

`conf_dir`

`conf_file`

`use_ssl`

`ssl_cert_manage`

`ssl_dir`

`ssl_cert`

`ssl_key`

`auth`

`auth_api_url`

`auth_debug`

`auth_mode`

`auth_backend`

`auth_backend_config`

`cli_base_url`

`cli_api_version`

`cli_debug`

`cli_cache_token`

`cli_username`

`cli_password`

`cli_apikey`

`cli_api_url`

`cli_auth_url`

`actionrunner_workers`

`packs`

`packs_group`

`index_url`

`syslog`

`syslog_host`

`syslog_protocol`

`syslog_port`

`syslog_facility`

`ssh_key_location`

`db_host`

`db_port`

`db_bind_ips`

`db_name`

`db_username`

`db_password`

`mongodb_version`

`mongodb_manage_repo`

`mongodb_auth`

`nginx_manage_repo`

`nginx_ssl_ciphers`

`nginx_ssl_protocols`

`nginx_ssl_port`

`nginx_client_max_body_size`

`web_root`

`timersengine_enabled`

`timersengine_timezone`

`scheduler_sleep_interval`

`scheduler_gc_interval`

`scheduler_pool_size`

`chatops_adapter`

`chatops_adapter_conf`

`chatops_hubot_log_level`

`chatops_hubot_express_port`

`chatops_tls_cert_reject_unauthorized`

`chatops_hubot_name`

`chatops_hubot_alias`

`chatops_api_key`

`chatops_st2_hostname`

`chatops_api_url`

`chatops_auth_url`

`chatops_web_url`

`nodejs_version`

`nodejs_manage_repo`

`redis_bind_ip`

`workflowengine_num`

`scheduler_num`

`rulesengine_num`

`notifier_num`

`erlang_url`

`erlang_key`

`validate_output_schema`

`cli_silence_ssl_warnings`

`ng_init`