Settings

Many settings can be configured using the GUI by navigating to the 'person' menu at the top right of the Sal window and choosing settings. However, there are some settings that require editing a configuration file.

By modifying sal/settings.py you can customise how plugins and data is displayed in Sal. If you are upgrading from a previous version of Sal, refer to this document to see how your settings.py file should be changed to take advantage of any new features. There are defaults set in sal/system_settings.py, but they can be overridden if you choose.

The majority of settings are also exposed as environment variables for Docker. Add DOCKER_SAL_ to the beginning of the setting name (for example, -e DOCKER_SAL_ADD_TO_ALL_BUSINESS_UNITS="true")

Basic Authentication on HTTP endpoints

Sal exposes several endpoints - some of these may contain confidential information (particularly any custom scripts from plugins). By default, the client scripts will use the client's key for basic http authentication. If for some reason you wish to disable this (if you cannot upgrade your client scripts, for example), you should set this to False. By default this is True, and it is strongly recommended you leave this enabled.

BASIC_AUTH = True

Automatically adding users to a Business Unit

In some situations, it may be desirable to automatically give all of your users access to all business units. To enable the feature, add the following to sal/settings.py:

ADD_TO_ALL_BUSINESS_UNITS = True

LIMIT_PLUGIN_TO_FRONT_PAGE

These plugins will only be shown on the front page. They will not appear anywhere else.

LIMIT_PLUGIN_TO_FRONT_PAGE = ['Uptime', 'Memory']

HIDE_PLUGIN_FROM_FRONT_PAGE

Once again, a list of plugin names. These will not be shown on the front page.

HIDE_PLUGIN_FROM_FRONT_PAGE = ['DiskSpace']

HIDE_PLUGIN_FROM_BUSINESS_UNIT

Specify which Business Unit IDs should be hidden from which plugins. The data should be a dictionary containing lists. The Business Unit ID will be shown in the URL when on that particular Business Unit's page.

HIDE_PLUGIN_FROM_BUSINESS_UNIT = {
    'Encryption':['1','2','4'],
    'DiskSpace':['5','7','9']
}

HIDE_PLUGIN_FROM_MACHINE_GROUP

Works exactly the same as HIDE_PLUGIN_FROM_BUSINESS_UNIT (although you are specifying the Machine Group ID, obviously!),

HIDE_PLUGIN_FROM_MACHINE_GROUP = {
    'DiskSpace':['1'],
    'Uptime':['2','8']
}

SEARCH_FACTS

As of Sal 3.2.8, you can add a list of Facter Facts to include in the basic search (the input box on every page). This is an exact match for the Fact name.

SEARCH_FACTS = ['company_info=>email']

SEARCH_CONDITIONS

As of Sal 3.2.8, you can add a list of Munki conditions to include in the basic search (the input box on every page). This is an exact match for the Condition name.

SEARCH_CONDTIONS = ['machine_type']

IGNORE_FACTS

These Facts will be discarded and will not be saved to the database. These are 'begins with' strings - this allows you to exclude whole structured Facts if you wish. For example, the following will exclude all of the child Facts (mountpoints=>/, mountpoints=>/dev, etc).

IGNORE_FACTS = ['munki_managed_installs=>', 'installed_packages=>', 'certificates=>', 'mountpoints=>']

If you are using Salt or Chef, you may want to ignore additional facts, just in case a user in your organization is using Puppet/Facter.

Salt

IGNORE_FACTS = ['counters=>', 'grain=>counters=>']

Chef

IGNORE_FACTS = ['counters=>', 'ohai=>counters=>']

EXCLUDED_FACTS

These Facts won't be displayed on the Machine Information page. This won't effect any plugins that rely on the Fact.

EXCLUDED_FACTS = {
    'sshrsakey',
    'sshfp_rsa',
    'sshfp_dsa',
    'sshdsakey',
}

EXCLUDED_CONDITIONS

The same as EXCLUDED_FACTS, but will hide Munki Conditions instead.

EXCLUDED_CONDITIONS = {
    'ipv4_address',
}

ADD_NEW_MACHINES

By default, machines that don't exist in Sal, but have a valid Machine Group Key will be created. If you are using Sal for inventory purposes (for example, signing Puppet Certificates), you may wish to disable this.

ADD_NEW_MACHINES = False

DEFAULT_MACHINE_GROUP_KEY

By default, all machine submissions must include a machine group key otherwise an error will occur. By defining this value to an existing machine group key then machines without a group key already defined in its preferences will be placed into this group. This can be used, for example, to determine which machines have not been setup properly with the correct machine group. You should not use this when you have basic HTTP auth enabled, as clients will be unable to communicate with Sal if they do not have a key explicitly set.

DEFAULT_MACHINE_GROUP_KEY = 'x1eru38unri08badpo0ux4ahz043hapbyqyixdz482l047u9xe60nn6cux1sj0ad5bq7hwblyzjpmaqb17psygfwlfeo4x6hozb1jejaf1nee6paj68glducdt5575dz'

HISTORICAL_FACTS

Normally only the most recent fact is recorded for a machine. Any facts defined here will also have historical data from each run kept in addition to the most recent run.

HISTORICAL_FACTS = [
    'memoryfree_mb',
]

SSH_ACCOUNT

As of version 3.0.1, Sal includes a machine detail widget named "Remote Connection", which allows users to initiate a VNC or SSH connection to the machine being displayed. The open handler for SSH URLs (at least Safari and Chrome) automatically makes the connection with the username of the console user. VNC connections will prompt for both username and password.

Setting SSH_ACCOUNT will add a username to all SSH and VNC URLs generated for machine detail pages for all users. The main use-case for this is organizations that use a generic account that is enabled for these remote connections.

SSH_ACCOUNT = 'topSecretAdmin'

Leave this setting unset to use the console username. The primary use-case for this scenario is organizations with machines bound to a directory service, and remote administration enabled for the connecting users or groups in which they have membership.

INACTIVE_UNDEPLOYED

This is the number of days that a machine hasn't checked in for when it is considered inactive (deployed=False). This means that it will no longer show up in widgets. This value must be an integer greater than 0.

# machines that haven't checked in for 180 days are 'undeployed'
INACTIVE_UNDEPLOYED = 180

DEPLOYED_ON_CHECKIN

If a machine is 'undeployed' and checks in again, setting this to true will mark the machine as deployed again.

DEPLOYED_ON_CHECKIN = False