Func config Files

/etc/func/minion.conf

/etc/func/minion.conf is the config file for the func minion and the funcd daemon.

Options include:

• log_level: defaults to debug
• acl_dir: path to the directory containing minion ACL infomation. Default is /etc/func/minion-acl.d
• listen_addr: If the minion has multiple network interfaces or hostnames, this option can be set to force a specific hostname or ip. Default is blank (aka, look up the hostname the normal way)
• listen_port: Sets which port the funcd daemon listens to. Default is 51234. See Port Info for more details

/etc/func/async_methods.conf

This file is used to set with func methods are called asynchronously by default when using the overlord command line client ("func"). Default is command.run, yumcmd.update, virt.install

Certmaster config files

/etc/certmaster/certmaster.conf

/etc/certmaster/certmaster.conf is the config file for the certmaster daemon.

Options include:

• autosign: If set to yes, the daemon will automatically sign any cert request made to it. The default is no.
• listen_addr: If the certmaster has multiple network interfaces or hostnames, this option can be set to force a specific hostname or ip. Default is blank (aka, look up the hostname the normal way)
• listen_port: Sets which port the certmaster daemon listens to. Default is 51235. See Port Info for more details. certmaster_port in /etc/certmaster/minion.conf is the corresponding setting for the minions.
• ca_dir: The directory that certmaster uses to store the Certificate Authority cert it creates. Default is /etc/pki/certmaster/ca
• cert_dir: The minions signed cert (HOSTNAME.cert), the private key the cert is signed with (HOSTNAME.pem), the signing request used to generate the cert (HOSTNAME.csr), and the certmasters CA cert (ca.cert) are stored here. Default is /etc/pki/certmaster
• certroot: where certmaster stores the signed certs created for each minion. Default is /var/lib/certmaster/certs
• csrroot: where the certmaster stores the CSR from the minions. Default is /var/lib/certmaster/csrs/
• cert_extension: The suffix used in naming the certficates. Default is "cert". Can be changed if it needs to use certs from another CA system.
• sync_certs: Determines whether certmaster-sync will run as a post-sign trigger. Default is False. See: MinionToMinion.
• peerroot: The directory in which to store certificates for peer minions. Default is /var/lib/certmaster/peers/. See: MinionToMinion.
• peering: If set to True, the minions defined in peerroot are used to resolve minion globs. This is also used by certmaster-sync to determine whether a minion is a candidate for syncing or not. Default is True. See: MinionToMinion.

/etc/certmaster/minion.conf

/etc/certmaster/minion.conf is the config file used by func minions for options related to the certmaster.

Options include:

• certmaster: The hostname of the certmaster server. Default is "certmaster"
• certmaster_port: The port the certmaster server listens on. Default is 51235
• log_level: certmaster logging level. Default is DEBUG.
• cert_dir: Directory the minions looks for it's ssl certs in. Default is /etc/pki/certmaster.