Configuration
See torero.conf for using a config file.
Descriptions for each configuration variable can be seen below.
TORERO_APPLICATION_MODE
More information about this very important configuration variable can be found within the application modes documentation.
File
Section: application Key: application_mode
Default
local All in one server that runs without server and client.
Possible Values
["local", "client", "server"]
TORERO_APPLICATION_AUTO_ACCEPT_EULA
To use torero you must accept the EULA that can be found at: https://torero.dev/licenses/eula. If you
want to accept this without having to interact with acceptance on command line, this can be set to
true. This is useful in situations where running in a non-interactive mode such as server deployments.
Environment Variable
TORERO_APPLICATION_AUTO_ACCEPT_EULA
File
Section: application Key: auto_accept_eula
Default
false
TORERO_APPLICATION_CLUSTER_ID
The ID that uniquely identifies a cluster of a torero core servers with torero runner nodes. It should be noted that torero
saves all resources within the same cluster to a specific namespace for that cluster within the database. This means that
if you change your cluster ID, torero will fetch/save resources from a different section of the database. Consider running
using the torero db export and torero db import commands to migrate data resources clusters.
Environment Variable
TORERO_APPLICATION_CLUSTER_ID
File
Section: application Key: cluster_id
Default
No default value provided
TORERO_APPLICATION_WORKING_DIR
The location where torero will store various files that it will work off of.
Examples include torero's database when TORERO_STORE_BACKEND=local, the
torero.log file when torero is being run as a client, and the ssh
known_hosts file.
Environment Variable
TORERO_APPLICATION_WORKING_DIR
File
Section: application Key: working_dir
Default
~/.torero.d (Home directory of user running torero)
TORERO_CLIENT_CERTIFICATE_FILE
The full path to the certificate file to used by the torero client when
communicating with a torero server. Required when TORERO_CLIENT_USE_TLS is
enabled.
Environment Variable
TORERO_CLIENT_CERTIFICATE_FILE
File
Section: client Key: certificate_file
Default
No default value provided
TORERO_CLIENT_HOST
The host address of a torero server that a torero client will attempt to connect to when TORERO_APPLICATION_MODE is set to 'client'.
Environment Variable
TORERO_CLIENT_HOST
File
Section: client Key: host
Default
No default value provided
TORERO_CLIENT_PORT
The port of a torero server that a torero client will attempt to connect to.
Environment Variable
TORERO_CLIENT_PORT
File
Section: client Key: port
Default
50051
TORERO_CLIENT_PRIVATE_KEY_FILE
The full path to the private key file that is used by the torero client when
connecting to a torero server. Required when TORERO_CLIENT_USE_TLS is
enabled.
Environment Variable
TORERO_CLIENT_PRIVATE_KEY_FILE
File
Section: client Key: private_key_file
Default
No default value provided
TORERO_CLIENT_USE_TLS
Whether or not a torero client will use TLS when connecting to a torero server.
Environment Variable
TORERO_CLIENT_USE_TLS
File
Section: client Key: use_tls
Default
true
TORERO_FEATURES_ANSIBLE_ENABLED
A flag to enable or disable all Ansible features. This flag can disable the management of Ansible playbooks on a torero as well as the execution of Ansible services.
Environment Variable
TORERO_FEATURES_ANSIBLE_ENABLED
File
Section: features Key: ansible_enabled
Default
true
TORERO_FEATURES_HOSTKEYS_ENABLED
A flag to enable or disable the hostkeys feature. This flag can disable the hostkeys management commands.
Environment Variable
TORERO_FEATURES_HOSTKEYS_ENABLED
File
Section: features Key: hostkeys_enabled
Default
true
TORERO_FEATURES_OPENTOFU_ENABLED
A flag to enable or disable all OpenTofu features. This flag can disable the management of OpenTofu plans on a torero as well as the execution of OpenTofu services.
Environment Variable
TORERO_FEATURES_OPENTOFU_ENABLED
File
Section: features Key: opentofu_enabled
Default
true
TORERO_FEATURES_PYTHON_ENABLED
A flag to enable or disable all Python features. This flag can disable the management of Python scripts on a torero as well as the execution of Python services.
Environment Variable
TORERO_FEATURES_PYTHON_ENABLED
File
Section: features Key: python_enabled
Default
true
TORERO_LOG_CONSOLE_JSON
Whether the console logs should be displayed in the default format shown here
2024-02-14T09:18:28-06:00 INF grpc server is starting up.
or in JSON as shown here
{"level":"info","time":"2024-02-14T09:18:28-06:00","message":"grpc server is starting up"}
Environment Variable
TORERO_LOG_CONSOLE_JSON
File
Section: log Key: console_json
Default
false
TORERO_LOG_FILE_ENABLED
Controls whether or not torero should write to a log file.
Environment Variable
TORERO_LOG_FILE_ENABLED
File
Section: log Key: file_enabled
Default
true
TORERO_LOG_FILE_JSON
Whether the file logs should be displayed in the default format shown here
2024-02-14T09:18:28-06:00 INF grpc server is starting up.
or in JSON as shown here
{"level":"info","time":"2024-02-14T09:18:28-06:00","message":"grpc server is starting up"}
Environment Variable
TORERO_LOG_FILE_JSON
File
Section: log Key: file_json
Default
false
TORERO_LOG_LEVEL
The verbosity of the logs that torero will display to the console and file logs.
Environment Variable
TORERO_LOG_LEVEL
File
Section: log Key: level
Default
INFO
Possible Values
["TRACE", "DEBUG", "INFO", "WARN", "ERROR"]
TORERO_LOG_SERVER_DIR
The directory to place torero's torero.log file when launched as a server.
When torero is not launched as a server, logs will be placed in
TORERO_APPLICATION_WORKING_DIR.
Environment Variable
TORERO_LOG_SERVER_DIR
File
Section: log Key: server_dir
Default
/var/log/torero
TORERO_LOG_TIMESTAMP_TIMEZONE
Allows a user to specify a timezone that timestamps will be displayed within torero logs. e.g.
2024-05-03T10:36:55-05:00 INF using local connectionTimezones will be shown in UTC by default. If local is set, torero will use your machine's timezone. Additionally, one
can set a tz identifier such as America/New_York.
Environment Variable
TORERO_LOG_TIMESTAMP_TIMEZONE
File
Section: log Key: timestamp_timezone
Default
utc
Possible Values
["utc", "local", ...any tz identifier]
TORERO_RUNNER_ANNOUNCEMENT_ADDRESS
The address that a torero runner will register to its cluster when coming online. When a torero core server attempts to send a service execution request to a torero runner, it will send it to this address. If this variable is left unset, the torero runner will attempt to identify its own ip address and register it to the cluster.
Environment Variable
TORERO_RUNNER_ANNOUNCEMENT_ADDRESS
File
Section: runner Key: announcement_address
Default
No default value provided
TORERO_RUNNER_CERTIFICATE_FILE
The full path to the certificate file that the torero runner will use when connecting to a torero server when
TORERO_RUNNER_USE_TLS is enabled.
Environment Variable
TORERO_RUNNER_CERTIFICATE_FILE
File
Section: runner Key: certificate_file
Default
/etc/torero/torero.crt
TORERO_RUNNER_LISTEN_ADDRESS
The listen address that a torero runner will listen for service execution requests from a torero server core node from.
Environment Variable
TORERO_RUNNER_LISTEN_ADDRESS
File
Section: runner Key: listen_address
Default
127.0.0.1
TORERO_RUNNER_PORT
The port that a torero runner will listen for requests from a core torero node from.
Environment Variable
TORERO_RUNNER_PORT
File
Section: runner Key: port
Default
50051
TORERO_RUNNER_PRIVATE_KEY_FILE
The full path to the private key file that the torero runner will use when connecting to a torero core server node
when TORERO_RUNNER_USE_TLS is enabled.
Environment Variable
TORERO_RUNNER_PRIVATE_KEY_FILE
File
Section: runner Key: private_key_file
Default
/etc/torero/torero.key
TORERO_RUNNER_USE_TLS
Whether or not a torero runner will require TLS when connecting to a torero core server node.
Environment Variable
TORERO_RUNNER_USE_TLS
File
Section: runner Key: use_tls
Default
true
TORERO_SECRETS_ENCRYPT_KEY_FILE
The location of the file used to locally encrypt/decrypt secrets.
Environment Variable
TORERO_SECRETS_ENCRYPT_KEY_FILE
File
Section: secrets Key: encrypt_key_file
Default
No default value provided
TORERO_SERVER_API_KEY_EXPIRATION
The amount of time in minutes before a user API key expires.
Environment Variable
TORERO_SERVER_API_KEY_EXPIRATION
File
Section: server Key: api_key_expiration
Default
1440
TORERO_SERVER_CERTIFICATE_FILE
The full path to the certificate file that the torero server will use when serving connections to torero clients
when TORERO_SERVER_USE_TLS is enabled.
Environment Variable
TORERO_SERVER_CERTIFICATE_FILE
File
Section: server Key: certificate_file
Default
/etc/torero/torero.crt
TORERO_SERVER_DISTRIBUTED_EXECUTION
Determines if a server node is an 'all in one' deployment where services are run on the same node as the actual server itself. If you are deploying a torero architecture where you have separate runner nodes to execute services, you will want to set this to true.
Environment Variable
TORERO_SERVER_DISTRIBUTED_EXECUTION
File
Section: server Key: distributed_execution
Default
false
TORERO_SERVER_LISTEN_ADDRESS
The address that a torero server will listen from.
Environment Variable
TORERO_SERVER_LISTEN_ADDRESS
File
Section: server Key: listen_address
Default
127.0.0.1
TORERO_SERVER_PORT
The port that a torero server will listen from.
Environment Variable
TORERO_SERVER_PORT
File
Section: server Key: port
Default
50051
TORERO_SERVER_PRIVATE_KEY_FILE
The full path to the private key file that the torero server will use when
serving connections to torero clients. Required when TORERO_SERVER_USE_TLS
is enabled.
Environment Variable
TORERO_SERVER_PRIVATE_KEY_FILE
File
Section: server Key: private_key_file
Default
/etc/torero/torero.key
TORERO_SERVER_USE_TLS
Whether or not a torero server will require TLS when serving connections to torero clients.
Environment Variable
TORERO_SERVER_USE_TLS
File
Section: server Key: use_tls
Default
true
TORERO_STORE_BACKEND
Whether or place store torero's persistent data 'locally' at
TORERO_APPLICATION_WORKING_DIR/torero.db or in memory. More information can be found
at docs/store.md
Environment Variable
TORERO_STORE_BACKEND
File
Section: store Key: backend
Default
local
Possible Values
["local", "memory", "etcd"]
TORERO_STORE_ETCD_CLIENT_CERT_AUTH
When running torero with TORERO_STORE_BACKEND set to etcd, with TORERO_STORE_ETCD_USE_TLS set to true, this
configuration variable modifies what type of TLS authentication method will be used.
If set to false, torero will attempt to connect to etcd using 'Client-to-server transport security' where the only
required certificate on torero's side will be from TORERO_STORE_ETCD_CA_CERTIFICATE_FILE. This is the similar to the
'Example 1: Client-to-server transport security with HTTPS' section on etcd's security page.
If set to true, torero will attempt to connect to etcd using 'Client-to-server authentication' where mutual TLS authentication
will occur between your torero instance as well as the etcd server. This will require you to set
TORERO_STORE_ETCD_CA_CERTIFICATE_FILE, TORERO_STORE_ETCD_CERTIFICATE_FILE, and TORERO_STORE_ETCD_PRIVATE_KEY_FILE.
This is similar to the 'Example 3: Transport security & client certificates in a cluster' section on etcd's security page.
Environment Variable
TORERO_STORE_ETCD_CLIENT_CERT_AUTH
File
Section: store Key: etcd_client_cert_auth
Default
false
TORERO_STORE_ETCD_HOSTS
When running torero with TORERO_STORE_BACKEND set to etcd, this configuration variable allows you to set the etcd
host(s) that torero should connect to for its backend storage. A host entry consists of an address and a port. e.g. hostname:port.
If there is more than one host in the etcd cluster, the hosts should be separated by spaces e.g. hostname1:port hostname2:port.
Environment Variable
TORERO_STORE_ETCD_HOSTS
File
Section: store Key: etcd_hosts
Default
localhost:2379
TORERO_STORE_ETCD_USE_TLS
Controls whether or not torero will utilize TLS authentication when connecting to the etcd cluster. More information on configuring TLS on an etcd cluster can be found on the security section of the etcd document
Environment Variable
TORERO_STORE_ETCD_USE_TLS
File
Section: store Key: etcd_use_tls
Default
true
TORERO_STORE_ETCD_CA_CERTIFICATE_FILE
The certificate authority certificate file to use when connecting to etcd.
Environment Variable
TORERO_STORE_ETCD_CA_CERTIFICATE_FILE
File
Section: store Key: etcd_ca_certificate_file
Default
No default value provided
TORERO_STORE_ETCD_CERTIFICATE_FILE
The public certificate file to use when connecting to etcd.
Environment Variable
TORERO_STORE_ETCD_CERTIFICATE_FILE
File
Section: store Key: etcd_certificate_file
Default
No default value provided
TORERO_STORE_ETCD_PRIVATE_KEY_FILE
The private key file to use when connecting to etcd.
Environment Variable
TORERO_STORE_ETCD_PRIVATE_KEY_FILE
File
Section: store Key: etcd_private_key_file
Default
No default value provided
TORERO_TERMINAL_NO_COLOR
Whether or not console outputs as well as logs can have color in their outputs.
Environment Variable
TORERO_TERMINAL_NO_COLOR
File
Section: terminal Key: no_color
Default
false
TORERO_TERMINAL_TIMESTAMP_TIMEZONE
Allows a user to specify a timezone that timestamps will be displayed on torero terminal outputs such as when running services. e.g.
>_ torero run ansible-playbook hello-world
Start Time: 2024-05-03T10:35:44-05:00
End Time: 2024-05-03T10:35:46-05:00
Elapsed Time: 2.276147sTimezones will be shown in UTC by default. If local is set, torero will use your machine's timezone. Additionally, one can set a
tz identifier such as America/New_York.
Environment Variable
TORERO_TERMINAL_TIMESTAMP_TIMEZONE
File
Section: terminal Key: timestamp_timezone
Default
utc
Possible Values
["utc", "local", ...any tz identifier]