Test Logging Configuration
post
/api/v2/settings/logging/test/
Request
Supported Media Types
- application/json
Root Schema : schema
Type:
Show Source
object-
ACTIVITY_STREAM_ENABLED:
boolean
Enable capturing activity for the activity stream.
-
ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC:
boolean
Enable capturing activity for the activity stream when running inventory sync.
-
AD_HOC_COMMANDS(optional):
array AD_HOC_COMMANDS
List of modules allowed to be used by ad-hoc jobs.
-
ALLOW_JINJA_IN_EXTRA_VARS:
string
Ansible allows variable substitution via the Jinja2 templating language for --extra-vars. This poses a potential security risk where Tower users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python. It is recommended that this value be set to "template" or "never".
-
ALLOW_OAUTH2_FOR_EXTERNAL_USERS(optional):
boolean
For security reasons, users from external auth providers (LDAP, SAML, SSO, Radius, and others) are not allowed to create OAuth2 tokens. To change this behavior, enable this setting. Existing tokens will not be deleted when this setting is toggled off.
-
ANSIBLE_FACT_CACHE_TIMEOUT(optional):
integer
Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified. Only valid, non-stale, facts will be accessible by a playbook. Note, this does not influence the deletion of ansible_facts from the database. Use a value of 0 to indicate that no timeout should be imposed.
-
AUTH_BASIC_ENABLED:
boolean
Enable HTTP Basic Auth for the API Browser.
-
AUTH_LDAP_1_BIND_DN(optional):
string
DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the Ansible Tower documentation for example syntax.
-
AUTH_LDAP_1_BIND_PASSWORD(optional):
string
Password used to bind LDAP user account.
-
AUTH_LDAP_1_CONNECTION_OPTIONS(optional):
object AUTH_LDAP_1_CONNECTION_OPTIONS
Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
-
AUTH_LDAP_1_DENY_GROUP(optional):
string
Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
-
AUTH_LDAP_1_GROUP_SEARCH(optional):
array AUTH_LDAP_1_GROUP_SEARCH
Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
-
AUTH_LDAP_1_GROUP_TYPE(optional):
string
The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
-
AUTH_LDAP_1_GROUP_TYPE_PARAMS(optional):
object AUTH_LDAP_1_GROUP_TYPE_PARAMS
Key value parameters to send the chosen group type init method.
-
AUTH_LDAP_1_ORGANIZATION_MAP(optional):
object AUTH_LDAP_1_ORGANIZATION_MAP
Mapping between organization admins/users and LDAP groups. This controls which users are placed into which Tower organizations relative to their LDAP group memberships. Configuration details are available in the Ansible Tower documentation.
-
AUTH_LDAP_1_REQUIRE_GROUP(optional):
string
Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login via Tower. Only one require group is supported.
-
AUTH_LDAP_1_SERVER_URI(optional):
string
URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
-
AUTH_LDAP_1_START_TLS(optional):
boolean
Whether to enable TLS when the LDAP connection is not using SSL.
-
AUTH_LDAP_1_TEAM_MAP(optional):
object AUTH_LDAP_1_TEAM_MAP
Mapping between team members (users) and LDAP groups. Configuration details are available in the Ansible Tower documentation.
-
AUTH_LDAP_1_USER_ATTR_MAP(optional):
object AUTH_LDAP_1_USER_ATTR_MAP
Mapping of LDAP user schema to Tower API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the Ansible Tower documentation for additional details.
-
AUTH_LDAP_1_USER_DN_TEMPLATE(optional):
string
Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
-
AUTH_LDAP_1_USER_FLAGS_BY_GROUP(optional):
object AUTH_LDAP_1_USER_FLAGS_BY_GROUP
Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the Ansible Tower documentation for more detail.
-
AUTH_LDAP_1_USER_SEARCH(optional):
array AUTH_LDAP_1_USER_SEARCH
LDAP search query to find users. Any user that matches the given pattern will be able to login to Tower. The user should also be mapped into a Tower organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See Tower documentation for details.
-
AUTH_LDAP_2_BIND_DN(optional):
string
DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the Ansible Tower documentation for example syntax.
-
AUTH_LDAP_2_BIND_PASSWORD(optional):
string
Password used to bind LDAP user account.
-
AUTH_LDAP_2_CONNECTION_OPTIONS(optional):
object AUTH_LDAP_2_CONNECTION_OPTIONS
Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
-
AUTH_LDAP_2_DENY_GROUP(optional):
string
Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
-
AUTH_LDAP_2_GROUP_SEARCH(optional):
array AUTH_LDAP_2_GROUP_SEARCH
Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
-
AUTH_LDAP_2_GROUP_TYPE(optional):
string
The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
-
AUTH_LDAP_2_GROUP_TYPE_PARAMS(optional):
object AUTH_LDAP_2_GROUP_TYPE_PARAMS
Key value parameters to send the chosen group type init method.
-
AUTH_LDAP_2_ORGANIZATION_MAP(optional):
object AUTH_LDAP_2_ORGANIZATION_MAP
Mapping between organization admins/users and LDAP groups. This controls which users are placed into which Tower organizations relative to their LDAP group memberships. Configuration details are available in the Ansible Tower documentation.
-
AUTH_LDAP_2_REQUIRE_GROUP(optional):
string
Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login via Tower. Only one require group is supported.
-
AUTH_LDAP_2_SERVER_URI(optional):
string
URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
-
AUTH_LDAP_2_START_TLS(optional):
boolean
Whether to enable TLS when the LDAP connection is not using SSL.
-
AUTH_LDAP_2_TEAM_MAP(optional):
object AUTH_LDAP_2_TEAM_MAP
Mapping between team members (users) and LDAP groups. Configuration details are available in the Ansible Tower documentation.
-
AUTH_LDAP_2_USER_ATTR_MAP(optional):
object AUTH_LDAP_2_USER_ATTR_MAP
Mapping of LDAP user schema to Tower API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the Ansible Tower documentation for additional details.
-
AUTH_LDAP_2_USER_DN_TEMPLATE(optional):
string
Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
-
AUTH_LDAP_2_USER_FLAGS_BY_GROUP(optional):
object AUTH_LDAP_2_USER_FLAGS_BY_GROUP
Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the Ansible Tower documentation for more detail.
-
AUTH_LDAP_2_USER_SEARCH(optional):
array AUTH_LDAP_2_USER_SEARCH
LDAP search query to find users. Any user that matches the given pattern will be able to login to Tower. The user should also be mapped into a Tower organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See Tower documentation for details.
-
AUTH_LDAP_3_BIND_DN(optional):
string
DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the Ansible Tower documentation for example syntax.
-
AUTH_LDAP_3_BIND_PASSWORD(optional):
string
Password used to bind LDAP user account.
-
AUTH_LDAP_3_CONNECTION_OPTIONS(optional):
object AUTH_LDAP_3_CONNECTION_OPTIONS
Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
-
AUTH_LDAP_3_DENY_GROUP(optional):
string
Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
-
AUTH_LDAP_3_GROUP_SEARCH(optional):
array AUTH_LDAP_3_GROUP_SEARCH
Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
-
AUTH_LDAP_3_GROUP_TYPE(optional):
string
The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
-
AUTH_LDAP_3_GROUP_TYPE_PARAMS(optional):
object AUTH_LDAP_3_GROUP_TYPE_PARAMS
Key value parameters to send the chosen group type init method.
-
AUTH_LDAP_3_ORGANIZATION_MAP(optional):
object AUTH_LDAP_3_ORGANIZATION_MAP
Mapping between organization admins/users and LDAP groups. This controls which users are placed into which Tower organizations relative to their LDAP group memberships. Configuration details are available in the Ansible Tower documentation.
-
AUTH_LDAP_3_REQUIRE_GROUP(optional):
string
Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login via Tower. Only one require group is supported.
-
AUTH_LDAP_3_SERVER_URI(optional):
string
URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
-
AUTH_LDAP_3_START_TLS(optional):
boolean
Whether to enable TLS when the LDAP connection is not using SSL.
-
AUTH_LDAP_3_TEAM_MAP(optional):
object AUTH_LDAP_3_TEAM_MAP
Mapping between team members (users) and LDAP groups. Configuration details are available in the Ansible Tower documentation.
-
AUTH_LDAP_3_USER_ATTR_MAP(optional):
object AUTH_LDAP_3_USER_ATTR_MAP
Mapping of LDAP user schema to Tower API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the Ansible Tower documentation for additional details.
-
AUTH_LDAP_3_USER_DN_TEMPLATE(optional):
string
Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
-
AUTH_LDAP_3_USER_FLAGS_BY_GROUP(optional):
object AUTH_LDAP_3_USER_FLAGS_BY_GROUP
Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the Ansible Tower documentation for more detail.
-
AUTH_LDAP_3_USER_SEARCH(optional):
array AUTH_LDAP_3_USER_SEARCH
LDAP search query to find users. Any user that matches the given pattern will be able to login to Tower. The user should also be mapped into a Tower organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See Tower documentation for details.
-
AUTH_LDAP_4_BIND_DN(optional):
string
DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the Ansible Tower documentation for example syntax.
-
AUTH_LDAP_4_BIND_PASSWORD(optional):
string
Password used to bind LDAP user account.
-
AUTH_LDAP_4_CONNECTION_OPTIONS(optional):
object AUTH_LDAP_4_CONNECTION_OPTIONS
Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
-
AUTH_LDAP_4_DENY_GROUP(optional):
string
Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
-
AUTH_LDAP_4_GROUP_SEARCH(optional):
array AUTH_LDAP_4_GROUP_SEARCH
Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
-
AUTH_LDAP_4_GROUP_TYPE(optional):
string
The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
-
AUTH_LDAP_4_GROUP_TYPE_PARAMS(optional):
object AUTH_LDAP_4_GROUP_TYPE_PARAMS
Key value parameters to send the chosen group type init method.
-
AUTH_LDAP_4_ORGANIZATION_MAP(optional):
object AUTH_LDAP_4_ORGANIZATION_MAP
Mapping between organization admins/users and LDAP groups. This controls which users are placed into which Tower organizations relative to their LDAP group memberships. Configuration details are available in the Ansible Tower documentation.
-
AUTH_LDAP_4_REQUIRE_GROUP(optional):
string
Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login via Tower. Only one require group is supported.
-
AUTH_LDAP_4_SERVER_URI(optional):
string
URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
-
AUTH_LDAP_4_START_TLS(optional):
boolean
Whether to enable TLS when the LDAP connection is not using SSL.
-
AUTH_LDAP_4_TEAM_MAP(optional):
object AUTH_LDAP_4_TEAM_MAP
Mapping between team members (users) and LDAP groups. Configuration details are available in the Ansible Tower documentation.
-
AUTH_LDAP_4_USER_ATTR_MAP(optional):
object AUTH_LDAP_4_USER_ATTR_MAP
Mapping of LDAP user schema to Tower API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the Ansible Tower documentation for additional details.
-
AUTH_LDAP_4_USER_DN_TEMPLATE(optional):
string
Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
-
AUTH_LDAP_4_USER_FLAGS_BY_GROUP(optional):
object AUTH_LDAP_4_USER_FLAGS_BY_GROUP
Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the Ansible Tower documentation for more detail.
-
AUTH_LDAP_4_USER_SEARCH(optional):
array AUTH_LDAP_4_USER_SEARCH
LDAP search query to find users. Any user that matches the given pattern will be able to login to Tower. The user should also be mapped into a Tower organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See Tower documentation for details.
-
AUTH_LDAP_5_BIND_DN(optional):
string
DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the Ansible Tower documentation for example syntax.
-
AUTH_LDAP_5_BIND_PASSWORD(optional):
string
Password used to bind LDAP user account.
-
AUTH_LDAP_5_CONNECTION_OPTIONS(optional):
object AUTH_LDAP_5_CONNECTION_OPTIONS
Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
-
AUTH_LDAP_5_DENY_GROUP(optional):
string
Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
-
AUTH_LDAP_5_GROUP_SEARCH(optional):
array AUTH_LDAP_5_GROUP_SEARCH
Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
-
AUTH_LDAP_5_GROUP_TYPE(optional):
string
The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
-
AUTH_LDAP_5_GROUP_TYPE_PARAMS(optional):
object AUTH_LDAP_5_GROUP_TYPE_PARAMS
Key value parameters to send the chosen group type init method.
-
AUTH_LDAP_5_ORGANIZATION_MAP(optional):
object AUTH_LDAP_5_ORGANIZATION_MAP
Mapping between organization admins/users and LDAP groups. This controls which users are placed into which Tower organizations relative to their LDAP group memberships. Configuration details are available in the Ansible Tower documentation.
-
AUTH_LDAP_5_REQUIRE_GROUP(optional):
string
Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login via Tower. Only one require group is supported.
-
AUTH_LDAP_5_SERVER_URI(optional):
string
URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
-
AUTH_LDAP_5_START_TLS(optional):
boolean
Whether to enable TLS when the LDAP connection is not using SSL.
-
AUTH_LDAP_5_TEAM_MAP(optional):
object AUTH_LDAP_5_TEAM_MAP
Mapping between team members (users) and LDAP groups. Configuration details are available in the Ansible Tower documentation.
-
AUTH_LDAP_5_USER_ATTR_MAP(optional):
object AUTH_LDAP_5_USER_ATTR_MAP
Mapping of LDAP user schema to Tower API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the Ansible Tower documentation for additional details.
-
AUTH_LDAP_5_USER_DN_TEMPLATE(optional):
string
Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
-
AUTH_LDAP_5_USER_FLAGS_BY_GROUP(optional):
object AUTH_LDAP_5_USER_FLAGS_BY_GROUP
Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the Ansible Tower documentation for more detail.
-
AUTH_LDAP_5_USER_SEARCH(optional):
array AUTH_LDAP_5_USER_SEARCH
LDAP search query to find users. Any user that matches the given pattern will be able to login to Tower. The user should also be mapped into a Tower organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See Tower documentation for details.
-
AUTH_LDAP_BIND_DN(optional):
string
DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the Ansible Tower documentation for example syntax.
-
AUTH_LDAP_BIND_PASSWORD(optional):
string
Password used to bind LDAP user account.
-
AUTH_LDAP_CONNECTION_OPTIONS(optional):
object AUTH_LDAP_CONNECTION_OPTIONS
Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
-
AUTH_LDAP_DENY_GROUP(optional):
string
Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
-
AUTH_LDAP_GROUP_SEARCH(optional):
array AUTH_LDAP_GROUP_SEARCH
Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
-
AUTH_LDAP_GROUP_TYPE(optional):
string
The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
-
AUTH_LDAP_GROUP_TYPE_PARAMS(optional):
object AUTH_LDAP_GROUP_TYPE_PARAMS
Key value parameters to send the chosen group type init method.
-
AUTH_LDAP_ORGANIZATION_MAP(optional):
object AUTH_LDAP_ORGANIZATION_MAP
Mapping between organization admins/users and LDAP groups. This controls which users are placed into which Tower organizations relative to their LDAP group memberships. Configuration details are available in the Ansible Tower documentation.
-
AUTH_LDAP_REQUIRE_GROUP(optional):
string
Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login via Tower. Only one require group is supported.
-
AUTH_LDAP_SERVER_URI(optional):
string
URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
-
AUTH_LDAP_START_TLS(optional):
boolean
Whether to enable TLS when the LDAP connection is not using SSL.
-
AUTH_LDAP_TEAM_MAP(optional):
object AUTH_LDAP_TEAM_MAP
Mapping between team members (users) and LDAP groups. Configuration details are available in the Ansible Tower documentation.
-
AUTH_LDAP_USER_ATTR_MAP(optional):
object AUTH_LDAP_USER_ATTR_MAP
Mapping of LDAP user schema to Tower API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the Ansible Tower documentation for additional details.
-
AUTH_LDAP_USER_DN_TEMPLATE(optional):
string
Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
-
AUTH_LDAP_USER_FLAGS_BY_GROUP(optional):
object AUTH_LDAP_USER_FLAGS_BY_GROUP
Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the Ansible Tower documentation for more detail.
-
AUTH_LDAP_USER_SEARCH(optional):
array AUTH_LDAP_USER_SEARCH
LDAP search query to find users. Any user that matches the given pattern will be able to login to Tower. The user should also be mapped into a Tower organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See Tower documentation for details.
-
AUTOMATION_ANALYTICS_GATHER_INTERVAL(optional):
integer
Interval (in seconds) between data gathering.
-
AUTOMATION_ANALYTICS_LAST_GATHER:
string
-
AUTOMATION_ANALYTICS_URL(optional):
string
This setting is used to to configure data collection for the Automation Analytics dashboard
-
AWX_ANSIBLE_CALLBACK_PLUGINS(optional):
array AWX_ANSIBLE_CALLBACK_PLUGINS
List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.
-
AWX_COLLECTIONS_ENABLED(optional):
boolean
Allows collections to be dynamically downloaded from a requirements.yml file for SCM projects.
-
AWX_ISOLATED_CHECK_INTERVAL:
integer
The number of seconds to sleep between status checks for jobs running on isolated instances.
-
AWX_ISOLATED_CONNECTION_TIMEOUT(optional):
integer
Ansible SSH connection timeout (in seconds) to use when communicating with isolated instances. Value should be substantially greater than expected network latency.
-
AWX_ISOLATED_HOST_KEY_CHECKING(optional):
boolean
When set to True, AWX will enforce strict host key checking for communication with isolated nodes.
-
AWX_ISOLATED_LAUNCH_TIMEOUT:
integer
The timeout (in seconds) for launching jobs on isolated instances. This includes the time needed to copy source control files (playbooks) to the isolated instance.
-
AWX_PROOT_BASE_PATH:
string
The directory in which Tower will create new temporary directories for job execution and isolation (such as credential files and custom inventory scripts).
-
AWX_PROOT_ENABLED:
boolean
Isolates an Ansible job from protected parts of the system to prevent exposing sensitive information.
-
AWX_PROOT_HIDE_PATHS(optional):
array AWX_PROOT_HIDE_PATHS
Additional paths to hide from isolated processes. Enter one path per line.
-
AWX_PROOT_SHOW_PATHS(optional):
array AWX_PROOT_SHOW_PATHS
List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line.
-
AWX_RESOURCE_PROFILING_CPU_POLL_INTERVAL(optional):
number
Interval (in seconds) between polls for cpu usage. Setting this lower than the default will affect playbook performance.
-
AWX_RESOURCE_PROFILING_ENABLED(optional):
boolean
If set, detailed resource profiling data will be collected on all jobs. This data can be gathered with `sosreport`.
-
AWX_RESOURCE_PROFILING_MEMORY_POLL_INTERVAL(optional):
number
Interval (in seconds) between polls for memory usage. Setting this lower than the default will affect playbook performance.
-
AWX_RESOURCE_PROFILING_PID_POLL_INTERVAL(optional):
number
Interval (in seconds) between polls for PID count. Setting this lower than the default will affect playbook performance.
-
AWX_ROLES_ENABLED(optional):
boolean
Allows roles to be dynamically downloaded from a requirements.yml file for SCM projects.
-
AWX_SHOW_PLAYBOOK_LINKS(optional):
boolean
Follow symbolic links when scanning for playbooks. Be aware that setting this to True can lead to infinite recursion if a link points to a parent directory of itself.
-
AWX_TASK_ENV(optional):
object AWX_TASK_ENV
Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.
-
CUSTOM_LOGIN_INFO(optional):
string
If needed, you can add specific information (such as a legal notice or a disclaimer) to a text box in the login modal using this setting. Any content added must be in plain text or an HTML fragment, as other markup languages are not supported.
-
CUSTOM_LOGO(optional):
string
To set up a custom logo, provide a file that you create. For the custom logo to look its best, use a .png file with a transparent background. GIF, PNG and JPEG formats are supported.
-
CUSTOM_VENV_PATHS(optional):
array CUSTOM_VENV_PATHS
Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.
-
DEFAULT_INVENTORY_UPDATE_TIMEOUT(optional):
integer
Maximum time in seconds to allow inventory updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual inventory source will override this.
-
DEFAULT_JOB_TIMEOUT(optional):
integer
Maximum time in seconds to allow jobs to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual job template will override this.
-
DEFAULT_PROJECT_UPDATE_TIMEOUT(optional):
integer
Maximum time in seconds to allow project updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual project will override this.
-
EVENT_STDOUT_MAX_BYTES_DISPLAY:
integer
Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. `stdout` will end with `???` when truncated.
-
GALAXY_IGNORE_CERTS(optional):
boolean
If set to true, certificate validation will not be done when installing content from any Galaxy server.
-
INSIGHTS_TRACKING_STATE(optional):
boolean
Enables Tower to gather data on automation and send it to Red Hat.
-
LOG_AGGREGATOR_ENABLED(optional):
boolean
Enable sending logs to external log aggregator.
-
LOG_AGGREGATOR_HOST(optional):
string
Hostname/IP where external logs will be sent to.
-
LOG_AGGREGATOR_INDIVIDUAL_FACTS(optional):
boolean
If set, system tracking facts will be sent for each package, service, or other item found in a scan, allowing for greater search query granularity. If unset, facts will be sent as a single dictionary, allowing for greater efficiency in fact processing.
-
LOG_AGGREGATOR_LEVEL(optional):
string
Level threshold used by log handler. Severities from lowest to highest are DEBUG, INFO, WARNING, ERROR, CRITICAL. Messages less severe than the threshold will be ignored by log handler. (messages under category awx.anlytics ignore this setting)
-
LOG_AGGREGATOR_LOGGERS(optional):
array LOG_AGGREGATOR_LOGGERS
List of loggers that will send HTTP logs to the collector, these can include any or all of: awx - service logs activity_stream - activity stream records job_events - callback data from Ansible job events system_tracking - facts gathered from scan jobs.
-
LOG_AGGREGATOR_MAX_DISK_USAGE_GB(optional):
integer
Amount of data to store (in gigabytes) during an outage of the external log aggregator (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting.
-
LOG_AGGREGATOR_MAX_DISK_USAGE_PATH(optional):
string
Location to persist logs that should be retried after an outage of the external log aggregator (defaults to /var/lib/awx). Equivalent to the rsyslogd queue.spoolDirectory setting.
-
LOG_AGGREGATOR_PASSWORD(optional):
string
Password or authentication token for external log aggregator (if required; HTTP/s only).
-
LOG_AGGREGATOR_PORT(optional):
integer
Port on Logging Aggregator to send logs to (if required and not provided in Logging Aggregator).
-
LOG_AGGREGATOR_PROTOCOL(optional):
string
Protocol used to communicate with log aggregator. HTTPS/HTTP assumes HTTPS unless http:// is explicitly used in the Logging Aggregator hostname.
-
LOG_AGGREGATOR_RSYSLOGD_DEBUG(optional):
boolean
Enabled high verbosity debugging for rsyslogd. Useful for debugging connection issues for external log aggregation.
-
LOG_AGGREGATOR_TCP_TIMEOUT(optional):
integer
Number of seconds for a TCP connection to external log aggregator to timeout. Applies to HTTPS and TCP log aggregator protocols.
-
LOG_AGGREGATOR_TOWER_UUID(optional):
string
Useful to uniquely identify Tower instances.
-
LOG_AGGREGATOR_TYPE(optional):
string
Format messages for the chosen log aggregator.
-
LOG_AGGREGATOR_USERNAME(optional):
string
Username for external log aggregator (if required; HTTP/s only).
-
LOG_AGGREGATOR_VERIFY_CERT(optional):
boolean
Flag to control enable/disable of certificate verification when LOG_AGGREGATOR_PROTOCOL is "https". If enabled, Tower's log handler will verify certificate sent by external log aggregator before establishing connection.
-
LOGIN_REDIRECT_OVERRIDE(optional):
string
URL to which unauthorized users will be redirected to log in. If blank, users will be sent to the Tower login page.
-
MANAGE_ORGANIZATION_AUTH:
boolean
Controls whether any Organization Admin has the privileges to create and manage users and teams. You may want to disable this ability if you are using an LDAP or SAML integration.
-
MAX_FORKS(optional):
integer
Saving a Job Template with more than this number of forks will result in an error. When set to 0, no limit is applied.
-
MAX_UI_JOB_EVENTS:
integer
Maximum number of job events for the UI to retrieve within a single request.
-
OAUTH2_PROVIDER(optional):
object OAUTH2_PROVIDER
Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.
-
ORG_ADMINS_CAN_SEE_ALL_USERS:
boolean
Controls whether any Organization Admin can view all users and teams, even those not associated with their Organization.
-
PROJECT_UPDATE_VVV:
boolean
Adds the CLI -vvv flag to ansible-playbook runs of project_update.yml used for project updates.
-
PROXY_IP_ALLOWED_LIST:
array PROXY_IP_ALLOWED_LIST
If Tower is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which Tower should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')
-
RADIUS_PORT(optional):
integer
Port of RADIUS server.
-
RADIUS_SECRET(optional):
string
Shared secret for authenticating to RADIUS server.
-
RADIUS_SERVER(optional):
string
Hostname/IP of RADIUS server. RADIUS authentication is disabled if this setting is empty.
-
REDHAT_PASSWORD(optional):
string
This password is used to retrieve license information and to send Automation Analytics
-
REDHAT_USERNAME(optional):
string
This username is used to retrieve license information and to send Automation Analytics
-
REMOTE_HOST_HEADERS:
array REMOTE_HOST_HEADERS
HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as "HTTP_X_FORWARDED_FOR", if behind a reverse proxy. See the "Proxy Support" section of the Adminstrator guide for more details.
-
SAML_AUTO_CREATE_OBJECTS(optional):
boolean
When enabled (the default), mapped Organizations and Teams will be created automatically on successful SAML login.
-
SCHEDULE_MAX_JOBS:
integer
Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created.
-
SESSION_COOKIE_AGE:
integer
Number of seconds that a user is inactive before they will need to login again.
-
SESSIONS_PER_USER:
integer
Maximum number of simultaneous logged in sessions a user may have. To disable enter -1.
-
SOCIAL_AUTH_AZUREAD_OAUTH2_KEY(optional):
string
The OAuth2 key (Client ID) from your Azure AD application.
-
SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP(optional):
object SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which Tower organizations based on their username and email address. Configuration details are available in the Ansible Tower documentation.
-
SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET(optional):
string
The OAuth2 secret (Client Secret) from your Azure AD application.
-
SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP(optional):
object SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP
Mapping of team members (users) from social auth accounts. Configuration details are available in Tower documentation.
-
SOCIAL_AUTH_GITHUB_KEY(optional):
string
The OAuth2 key (Client ID) from your GitHub developer application.
-
SOCIAL_AUTH_GITHUB_ORG_KEY(optional):
string
The OAuth2 key (Client ID) from your GitHub organization application.
-
SOCIAL_AUTH_GITHUB_ORG_NAME(optional):
string
The name of your GitHub organization, as used in your organization's URL: https://github.com/
/. -
SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP(optional):
object SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which Tower organizations based on their username and email address. Configuration details are available in the Ansible Tower documentation.
-
SOCIAL_AUTH_GITHUB_ORG_SECRET(optional):
string
The OAuth2 secret (Client Secret) from your GitHub organization application.
-
SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP(optional):
object SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP
Mapping of team members (users) from social auth accounts. Configuration details are available in Tower documentation.
-
SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP(optional):
object SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which Tower organizations based on their username and email address. Configuration details are available in the Ansible Tower documentation.
-
SOCIAL_AUTH_GITHUB_SECRET(optional):
string
The OAuth2 secret (Client Secret) from your GitHub developer application.
-
SOCIAL_AUTH_GITHUB_TEAM_ID(optional):
string
Find the numeric team ID using the Github API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.
-
SOCIAL_AUTH_GITHUB_TEAM_KEY(optional):
string
The OAuth2 key (Client ID) from your GitHub organization application.
-
SOCIAL_AUTH_GITHUB_TEAM_MAP(optional):
object SOCIAL_AUTH_GITHUB_TEAM_MAP
Mapping of team members (users) from social auth accounts. Configuration details are available in Tower documentation.
-
SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP(optional):
object SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which Tower organizations based on their username and email address. Configuration details are available in the Ansible Tower documentation.
-
SOCIAL_AUTH_GITHUB_TEAM_SECRET(optional):
string
The OAuth2 secret (Client Secret) from your GitHub organization application.
-
SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP(optional):
object SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP
Mapping of team members (users) from social auth accounts. Configuration details are available in Tower documentation.
-
SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS(optional):
object SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS
Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the Ansible Tower documentation for more detail.
-
SOCIAL_AUTH_GOOGLE_OAUTH2_KEY(optional):
string
The OAuth2 key from your web application.
-
SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP(optional):
object SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which Tower organizations based on their username and email address. Configuration details are available in the Ansible Tower documentation.
-
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET(optional):
string
The OAuth2 secret from your web application.
-
SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP(optional):
object SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP
Mapping of team members (users) from social auth accounts. Configuration details are available in Tower documentation.
-
SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS(optional):
array SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS
Update this setting to restrict the domains who are allowed to login using Google OAuth2.
-
SOCIAL_AUTH_ORGANIZATION_MAP(optional):
object SOCIAL_AUTH_ORGANIZATION_MAP
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which Tower organizations based on their username and email address. Configuration details are available in the Ansible Tower documentation.
-
SOCIAL_AUTH_SAML_ENABLED_IDPS(optional):
object SOCIAL_AUTH_SAML_ENABLED_IDPS
Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.
-
SOCIAL_AUTH_SAML_EXTRA_DATA(optional):
array SOCIAL_AUTH_SAML_EXTRA_DATA
A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.
-
SOCIAL_AUTH_SAML_ORG_INFO:
object SOCIAL_AUTH_SAML_ORG_INFO
Provide the URL, display name, and the name of your app. Refer to the Ansible Tower documentation for example syntax.
-
SOCIAL_AUTH_SAML_ORGANIZATION_ATTR(optional):
object SOCIAL_AUTH_SAML_ORGANIZATION_ATTR
Used to translate user organization membership into Tower.
-
SOCIAL_AUTH_SAML_ORGANIZATION_MAP(optional):
object SOCIAL_AUTH_SAML_ORGANIZATION_MAP
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which Tower organizations based on their username and email address. Configuration details are available in the Ansible Tower documentation.
-
SOCIAL_AUTH_SAML_SECURITY_CONFIG(optional):
object SOCIAL_AUTH_SAML_SECURITY_CONFIG
A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings
-
SOCIAL_AUTH_SAML_SP_ENTITY_ID(optional):
string
The application-defined unique identifier used as the audience of the SAML service provider (SP) configuration. This is usually the URL for Tower.
-
SOCIAL_AUTH_SAML_SP_EXTRA(optional):
object SOCIAL_AUTH_SAML_SP_EXTRA
A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.
-
SOCIAL_AUTH_SAML_SP_PRIVATE_KEY:
string
Create a keypair for Tower to use as a service provider (SP) and include the private key content here.
-
SOCIAL_AUTH_SAML_SP_PUBLIC_CERT:
string
Create a keypair for Tower to use as a service provider (SP) and include the certificate content here.
-
SOCIAL_AUTH_SAML_SUPPORT_CONTACT:
object SOCIAL_AUTH_SAML_SUPPORT_CONTACT
Provide the name and email address of the support contact for your service provider. Refer to the Ansible Tower documentation for example syntax.
-
SOCIAL_AUTH_SAML_TEAM_ATTR(optional):
object SOCIAL_AUTH_SAML_TEAM_ATTR
Used to translate user team membership into Tower.
-
SOCIAL_AUTH_SAML_TEAM_MAP(optional):
object SOCIAL_AUTH_SAML_TEAM_MAP
Mapping of team members (users) from social auth accounts. Configuration details are available in Tower documentation.
-
SOCIAL_AUTH_SAML_TECHNICAL_CONTACT:
object SOCIAL_AUTH_SAML_TECHNICAL_CONTACT
Provide the name and email address of the technical contact for your service provider. Refer to the Ansible Tower documentation for example syntax.
-
SOCIAL_AUTH_TEAM_MAP(optional):
object SOCIAL_AUTH_TEAM_MAP
Mapping of team members (users) from social auth accounts. Configuration details are available in Tower documentation.
-
SOCIAL_AUTH_USER_FIELDS(optional):
array SOCIAL_AUTH_USER_FIELDS
When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.
-
STDOUT_MAX_BYTES_DISPLAY:
integer
Maximum Size of Standard Output in bytes to display before requiring the output be downloaded.
-
TACACSPLUS_AUTH_PROTOCOL(optional):
string
Choose the authentication protocol used by TACACS+ client.
-
TACACSPLUS_HOST(optional):
string
Hostname of TACACS+ server.
-
TACACSPLUS_PORT(optional):
integer
Port number of TACACS+ server.
-
TACACSPLUS_SECRET(optional):
string
Shared secret for authenticating to TACACS+ server.
-
TACACSPLUS_SESSION_TIMEOUT(optional):
integer
TACACS+ session timeout value in seconds, 0 disables timeout.
-
TOWER_URL_BASE:
string
This setting is used by services like notifications to render a valid url to the Tower host.
-
UI_LIVE_UPDATES_ENABLED:
boolean
If disabled, the page will not refresh when events are received. Reloading the page will be required to get the latest details.
Nested Schema : AD_HOC_COMMANDS
Type:
arrayList of modules allowed to be used by ad-hoc jobs.
Show Source
Nested Schema : AUTH_LDAP_1_CONNECTION_OPTIONS
Type:
objectAdditional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
Nested Schema : AUTH_LDAP_1_GROUP_SEARCH
Type:
arrayUsers are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
Show Source
Nested Schema : AUTH_LDAP_1_GROUP_TYPE_PARAMS
Type:
objectKey value parameters to send the chosen group type init method.
Nested Schema : AUTH_LDAP_1_ORGANIZATION_MAP
Type:
objectMapping between organization admins/users and LDAP groups. This controls which users are placed into which Tower organizations relative to their LDAP group memberships. Configuration details are available in the Ansible Tower documentation.
Nested Schema : AUTH_LDAP_1_TEAM_MAP
Type:
objectMapping between team members (users) and LDAP groups. Configuration details are available in the Ansible Tower documentation.
Nested Schema : AUTH_LDAP_1_USER_ATTR_MAP
Type:
objectMapping of LDAP user schema to Tower API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the Ansible Tower documentation for additional details.
Nested Schema : AUTH_LDAP_1_USER_FLAGS_BY_GROUP
Type:
objectRetrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the Ansible Tower documentation for more detail.
Nested Schema : AUTH_LDAP_1_USER_SEARCH
Type:
arrayLDAP search query to find users. Any user that matches the given pattern will be able to login to Tower. The user should also be mapped into a Tower organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See Tower documentation for details.
Show Source
Nested Schema : AUTH_LDAP_2_CONNECTION_OPTIONS
Type:
objectAdditional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
Nested Schema : AUTH_LDAP_2_GROUP_SEARCH
Type:
arrayUsers are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
Show Source
Nested Schema : AUTH_LDAP_2_GROUP_TYPE_PARAMS
Type:
objectKey value parameters to send the chosen group type init method.
Nested Schema : AUTH_LDAP_2_ORGANIZATION_MAP
Type:
objectMapping between organization admins/users and LDAP groups. This controls which users are placed into which Tower organizations relative to their LDAP group memberships. Configuration details are available in the Ansible Tower documentation.
Nested Schema : AUTH_LDAP_2_TEAM_MAP
Type:
objectMapping between team members (users) and LDAP groups. Configuration details are available in the Ansible Tower documentation.
Nested Schema : AUTH_LDAP_2_USER_ATTR_MAP
Type:
objectMapping of LDAP user schema to Tower API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the Ansible Tower documentation for additional details.
Nested Schema : AUTH_LDAP_2_USER_FLAGS_BY_GROUP
Type:
objectRetrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the Ansible Tower documentation for more detail.
Nested Schema : AUTH_LDAP_2_USER_SEARCH
Type:
arrayLDAP search query to find users. Any user that matches the given pattern will be able to login to Tower. The user should also be mapped into a Tower organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See Tower documentation for details.
Show Source
Nested Schema : AUTH_LDAP_3_CONNECTION_OPTIONS
Type:
objectAdditional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
Nested Schema : AUTH_LDAP_3_GROUP_SEARCH
Type:
arrayUsers are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
Show Source
Nested Schema : AUTH_LDAP_3_GROUP_TYPE_PARAMS
Type:
objectKey value parameters to send the chosen group type init method.
Nested Schema : AUTH_LDAP_3_ORGANIZATION_MAP
Type:
objectMapping between organization admins/users and LDAP groups. This controls which users are placed into which Tower organizations relative to their LDAP group memberships. Configuration details are available in the Ansible Tower documentation.
Nested Schema : AUTH_LDAP_3_TEAM_MAP
Type:
objectMapping between team members (users) and LDAP groups. Configuration details are available in the Ansible Tower documentation.
Nested Schema : AUTH_LDAP_3_USER_ATTR_MAP
Type:
objectMapping of LDAP user schema to Tower API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the Ansible Tower documentation for additional details.
Nested Schema : AUTH_LDAP_3_USER_FLAGS_BY_GROUP
Type:
objectRetrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the Ansible Tower documentation for more detail.
Nested Schema : AUTH_LDAP_3_USER_SEARCH
Type:
arrayLDAP search query to find users. Any user that matches the given pattern will be able to login to Tower. The user should also be mapped into a Tower organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See Tower documentation for details.
Show Source
Nested Schema : AUTH_LDAP_4_CONNECTION_OPTIONS
Type:
objectAdditional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
Nested Schema : AUTH_LDAP_4_GROUP_SEARCH
Type:
arrayUsers are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
Show Source
Nested Schema : AUTH_LDAP_4_GROUP_TYPE_PARAMS
Type:
objectKey value parameters to send the chosen group type init method.
Nested Schema : AUTH_LDAP_4_ORGANIZATION_MAP
Type:
objectMapping between organization admins/users and LDAP groups. This controls which users are placed into which Tower organizations relative to their LDAP group memberships. Configuration details are available in the Ansible Tower documentation.
Nested Schema : AUTH_LDAP_4_TEAM_MAP
Type:
objectMapping between team members (users) and LDAP groups. Configuration details are available in the Ansible Tower documentation.
Nested Schema : AUTH_LDAP_4_USER_ATTR_MAP
Type:
objectMapping of LDAP user schema to Tower API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the Ansible Tower documentation for additional details.
Nested Schema : AUTH_LDAP_4_USER_FLAGS_BY_GROUP
Type:
objectRetrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the Ansible Tower documentation for more detail.
Nested Schema : AUTH_LDAP_4_USER_SEARCH
Type:
arrayLDAP search query to find users. Any user that matches the given pattern will be able to login to Tower. The user should also be mapped into a Tower organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See Tower documentation for details.
Show Source
Nested Schema : AUTH_LDAP_5_CONNECTION_OPTIONS
Type:
objectAdditional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
Nested Schema : AUTH_LDAP_5_GROUP_SEARCH
Type:
arrayUsers are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
Show Source
Nested Schema : AUTH_LDAP_5_GROUP_TYPE_PARAMS
Type:
objectKey value parameters to send the chosen group type init method.
Nested Schema : AUTH_LDAP_5_ORGANIZATION_MAP
Type:
objectMapping between organization admins/users and LDAP groups. This controls which users are placed into which Tower organizations relative to their LDAP group memberships. Configuration details are available in the Ansible Tower documentation.
Nested Schema : AUTH_LDAP_5_TEAM_MAP
Type:
objectMapping between team members (users) and LDAP groups. Configuration details are available in the Ansible Tower documentation.
Nested Schema : AUTH_LDAP_5_USER_ATTR_MAP
Type:
objectMapping of LDAP user schema to Tower API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the Ansible Tower documentation for additional details.
Nested Schema : AUTH_LDAP_5_USER_FLAGS_BY_GROUP
Type:
objectRetrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the Ansible Tower documentation for more detail.
Nested Schema : AUTH_LDAP_5_USER_SEARCH
Type:
arrayLDAP search query to find users. Any user that matches the given pattern will be able to login to Tower. The user should also be mapped into a Tower organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See Tower documentation for details.
Show Source
Nested Schema : AUTH_LDAP_CONNECTION_OPTIONS
Type:
objectAdditional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
Nested Schema : AUTH_LDAP_GROUP_SEARCH
Type:
arrayUsers are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
Show Source
Nested Schema : AUTH_LDAP_GROUP_TYPE_PARAMS
Type:
objectKey value parameters to send the chosen group type init method.
Nested Schema : AUTH_LDAP_ORGANIZATION_MAP
Type:
objectMapping between organization admins/users and LDAP groups. This controls which users are placed into which Tower organizations relative to their LDAP group memberships. Configuration details are available in the Ansible Tower documentation.
Nested Schema : AUTH_LDAP_TEAM_MAP
Type:
objectMapping between team members (users) and LDAP groups. Configuration details are available in the Ansible Tower documentation.
Nested Schema : AUTH_LDAP_USER_ATTR_MAP
Type:
objectMapping of LDAP user schema to Tower API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the Ansible Tower documentation for additional details.
Nested Schema : AUTH_LDAP_USER_FLAGS_BY_GROUP
Type:
objectRetrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the Ansible Tower documentation for more detail.
Nested Schema : AUTH_LDAP_USER_SEARCH
Type:
arrayLDAP search query to find users. Any user that matches the given pattern will be able to login to Tower. The user should also be mapped into a Tower organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See Tower documentation for details.
Show Source
Nested Schema : AWX_ANSIBLE_CALLBACK_PLUGINS
Type:
arrayList of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.
Show Source
Nested Schema : AWX_PROOT_HIDE_PATHS
Type:
arrayAdditional paths to hide from isolated processes. Enter one path per line.
Show Source
Nested Schema : AWX_PROOT_SHOW_PATHS
Type:
arrayList of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line.
Show Source
Nested Schema : AWX_TASK_ENV
Type:
objectAdditional environment variables set for playbook runs, inventory updates, project updates, and notification sending.
Nested Schema : CUSTOM_VENV_PATHS
Type:
arrayPaths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.
Show Source
Nested Schema : LOG_AGGREGATOR_LOGGERS
Type:
arrayList of loggers that will send HTTP logs to the collector, these can include any or all of:
awx - service logs
activity_stream - activity stream records
job_events - callback data from Ansible job events
system_tracking - facts gathered from scan jobs.
Show Source
Nested Schema : OAUTH2_PROVIDER
Type:
objectDictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.
Nested Schema : PROXY_IP_ALLOWED_LIST
Type:
arrayIf Tower is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which Tower should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')
Show Source
Nested Schema : REMOTE_HOST_HEADERS
Type:
arrayHTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as "HTTP_X_FORWARDED_FOR", if behind a reverse proxy. See the "Proxy Support" section of the Adminstrator guide for more details.
Show Source
Nested Schema : SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP
Type:
objectMapping to organization admins/users from social auth accounts. This setting
controls which users are placed into which Tower organizations based on their
username and email address. Configuration details are available in the Ansible
Tower documentation.
Nested Schema : SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP
Type:
objectMapping of team members (users) from social auth accounts. Configuration
details are available in Tower documentation.
Nested Schema : SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP
Type:
objectMapping to organization admins/users from social auth accounts. This setting
controls which users are placed into which Tower organizations based on their
username and email address. Configuration details are available in the Ansible
Tower documentation.
Nested Schema : SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP
Type:
objectMapping of team members (users) from social auth accounts. Configuration
details are available in Tower documentation.
Nested Schema : SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP
Type:
objectMapping to organization admins/users from social auth accounts. This setting
controls which users are placed into which Tower organizations based on their
username and email address. Configuration details are available in the Ansible
Tower documentation.
Nested Schema : SOCIAL_AUTH_GITHUB_TEAM_MAP
Type:
objectMapping of team members (users) from social auth accounts. Configuration
details are available in Tower documentation.
Nested Schema : SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP
Type:
objectMapping to organization admins/users from social auth accounts. This setting
controls which users are placed into which Tower organizations based on their
username and email address. Configuration details are available in the Ansible
Tower documentation.
Nested Schema : SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP
Type:
objectMapping of team members (users) from social auth accounts. Configuration
details are available in Tower documentation.
Nested Schema : SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS
Type:
objectExtra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the Ansible Tower documentation for more detail.
Nested Schema : SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP
Type:
objectMapping to organization admins/users from social auth accounts. This setting
controls which users are placed into which Tower organizations based on their
username and email address. Configuration details are available in the Ansible
Tower documentation.
Nested Schema : SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP
Type:
objectMapping of team members (users) from social auth accounts. Configuration
details are available in Tower documentation.
Nested Schema : SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS
Type:
arrayUpdate this setting to restrict the domains who are allowed to login using Google OAuth2.
Show Source
Nested Schema : SOCIAL_AUTH_ORGANIZATION_MAP
Type:
objectMapping to organization admins/users from social auth accounts. This setting
controls which users are placed into which Tower organizations based on their
username and email address. Configuration details are available in the Ansible
Tower documentation.
Nested Schema : SOCIAL_AUTH_SAML_ENABLED_IDPS
Type:
objectConfigure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.
Nested Schema : SOCIAL_AUTH_SAML_EXTRA_DATA
Type:
arrayA list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.
Show Source
Nested Schema : SOCIAL_AUTH_SAML_ORG_INFO
Type:
objectProvide the URL, display name, and the name of your app. Refer to the Ansible Tower documentation for example syntax.
Nested Schema : SOCIAL_AUTH_SAML_ORGANIZATION_ATTR
Type:
objectUsed to translate user organization membership into Tower.
Nested Schema : SOCIAL_AUTH_SAML_ORGANIZATION_MAP
Type:
objectMapping to organization admins/users from social auth accounts. This setting
controls which users are placed into which Tower organizations based on their
username and email address. Configuration details are available in the Ansible
Tower documentation.
Nested Schema : SOCIAL_AUTH_SAML_SECURITY_CONFIG
Type:
objectA dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings
Nested Schema : SOCIAL_AUTH_SAML_SP_EXTRA
Type:
objectA dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.
Nested Schema : SOCIAL_AUTH_SAML_SUPPORT_CONTACT
Type:
objectProvide the name and email address of the support contact for your service provider. Refer to the Ansible Tower documentation for example syntax.
Nested Schema : SOCIAL_AUTH_SAML_TEAM_ATTR
Type:
objectUsed to translate user team membership into Tower.
Nested Schema : SOCIAL_AUTH_SAML_TEAM_MAP
Type:
objectMapping of team members (users) from social auth accounts. Configuration
details are available in Tower documentation.
Nested Schema : SOCIAL_AUTH_SAML_TECHNICAL_CONTACT
Type:
objectProvide the name and email address of the technical contact for your service provider. Refer to the Ansible Tower documentation for example syntax.
Nested Schema : SOCIAL_AUTH_TEAM_MAP
Type:
objectMapping of team members (users) from social auth accounts. Configuration
details are available in Tower documentation.
Nested Schema : SOCIAL_AUTH_USER_FIELDS
Type:
arrayWhen set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.
Show Source
Response
Supported Media Types
- application/json
201 Response
403 Response
Example Response (application/json)
{
"detail":"You do not have permission to perform this action."
}409 Response
Example Response (application/json)
{
"error":"Logging not enabled"
}