Merge pull request #157 from eLobato/gh-pages

Updated descriptions for 1.4 settings

_includes/manuals/1.4/3.5.2_configuration_options.md

@@ -43,6 +43,21 @@ This boolean option configures whether Foreman will act as a simple node classif
 When Foreman needs to mail the administrator then this is the email address that it will contact.
 Default: root@<your domain>.
 
+##### authorize_login_delegation
+
+mod_proxy and other load balancers will set a REMOTE_USER environment variable. If this is _true_ , your users will be able to login through an external service and Foreman requests will be authenticated using this REMOTE_USER variable.
+Default: true
+
+##### authorize_login_delegation_api
+
+Same as above, but this setting allows REMOTE_USER authentication for API calls as well.
+Default: true
+
+##### authorize_login_delegation_auth_source_autocreate
+
+If you have authorize_login_delegation set, new users can be autocreated through your external authentication mechanism by changing this to the name of the Auth Source you want to use to auto create users.
+Default: ''
+
 ##### create_new_host_when_facts_are_uploaded
 
 When facts are received from Puppet or other configuration management systems, a corresponding host will be created in Foreman if the certname or hostname is unknown.  When false, this behavior is disabled and facts will be discarded from unknown hosts.
@@ -65,11 +80,21 @@ Default: production
 A Smart-variable's match criteria are evaluated in a specific order and if this search order is not provided then _Default_variables_Lookup_Path_ is used.
 Default: ["fqdn", "hostgroup", "os", "domain"]
 
+##### document_root
+
+Puppetdoc will create RDoc documents for your manifests if its available. This setting allows you to select the directory where you want these documents to be created.
+Default: foreman_root/public/puppet/rdoc
+
 ##### email_reply_address
 
 The return address applied to outgoing emails.
 Default: Foreman-noreply@<your domain>
 
+##### enc_environment
+
+When this is _true_, Foreman will send the puppet environment in the ENC yaml output. This is meant to fix conflicts between a node's puppet.conf environment and the environment set in Foreman. On Puppet 3+, agents will take the environment sent by the ENC. When _false_, the ENC yaml will not contain the environment, the node will not update its environment and use the one at puppet.conf.
+Default: true
+
 ##### Enable_Smart_Variables_in_ENC
 
 Whether Smart-variables should be included in the yaml node information provided to puppet.
@@ -91,25 +116,81 @@ Emails may contain embedded references to Foreman's web interface. This option a
 Default: https://FQDN/ or http://FQDN/ (depending on require_ssl)
 See also: unattended_url
 
+##### host_group_matchers_inheritance
+
+Matchers used in smart variables or class parameters to match host groups can be inherited by children of those matching host groups too (e.g. a matcher for hostgroup=Base will also apply to Base/Web). Set this to false to make matchers only match a particular hostgroup and not its children.
+Default: true
+
+##### idle_timeout
+
+Users that stay idle (no requests sent to Foreman) for more than this number of minutes will be logged out.
+Default: 60
+
+##### interpolate_erb_in_parameters
+
+If _true_, Foreman variables will be exposed to the ENC. Check [Template Writing](http://projects.theforeman.org/projects/foreman/wiki/TemplateWriting) for a more comprehensive guide on how to create and use these variables in your ERB templates.
+Default: true
+
 ##### ignore_puppet_facts_for_provisioning
 
 If this option is set to _true_ then Foreman will not update a host's IP and MAC with the values that it receives in a host's facts and it will also include Foreman's values for IP and MAC to puppet in its node information.
 Default: false
 
+##### legacy_puppet_hostname
+
+This setting truncates the hostname of your smart proxy to 'puppet' if it starts with 'puppet'.
+Default: false
+
+##### libvirt_default_console_access
+
+The IP address that should be used for the console listen address when provisioning new virtual machines via Libvirt.
+Default: 0.0.0.0
+
+##### login_delegation_logout_url
+
+If your external authentication system has a logout URL, redirect your users to it here. This setting can be useful if your users sign in Foreman through SSO, and you want them to sign out from all services when they log out Foreman.
+Default: ''
+
 ##### manage_puppetca
 
 If this option is set to _true_ then Foreman will manage a host's Puppet certificate signing. If it is set to _false_ then some external mechanism is required to ensure that the host's certificate request is signed.
 Default: true
 
-##### use_uuid_for_certificates
+##### max_trend
 
-When enabled, Foreman will generate UUIDs for each host instead of using the hostname as the Puppet certname, which is more reliable with changing hostnames.  Note that when disabling this setting, existing stored certnames won't be changed or discarded until new certificates are requested from a host (i.e. on a rebuild), in order that the existing certificate remains known to Foreman and can be revoked.
+Days that trend graphs will capture.
+Default: 30
 
 ##### modulepath
 
 This it the modulepath that foreman uses when processing puppet modules. It is usually able to determine this itself at runtime but if it is not able to find a value then _modulepath_ is used.
 Default: /etc/puppet/modules
 
+##### oauth_active
+
+Enables OAuth authentication for API requests.
+Default: false
+
+##### oauth_consumer_key
+
+OAuth consumer key
+Default: 'katello'
+
+##### oauth_consumer_secret
+
+OAuth consumer secret
+Default: 'shhhh'
+
+##### oauth_map_users
+
+This allows OAuth users to specify which user their requests map to. When this is _false_, OAuth requests will map to admin.
+Default: true
+
+##### Parametrized_Classes_in_ENC
+
+In Puppet 2.6.5+, the ENC may send a hash of the class's attributes and values. Before then, the ENC used to send just an array of class names. Set this to _true_ if you are using any version of Puppet equal to or higher than 2.6.5.
+Default: true
+
 ##### puppet_interval
 
 This is the number of minutes between each run of puppet.
@@ -120,16 +201,36 @@ Default: 30
 The default puppet server hostname. For larger organizations this is often a non fqdn so that a name like _puppet_ can be a different host within each DNS domain.
 Default: puppet
 
-##### puppetconfdir
-Path to directory containing puppet.conf.
-Default: /etc/puppet
-
-
 ##### puppetrun
 
 If this option is set to _true_ then Foreman will be able to trigger a puppet run on any host that it manages.
 Default: false
 
+##### query_local_nameservers
+
+If _true_, Foreman will query the local DNS. When _false_ Foreman will query the SOA/NS authority. Warning! Querying a resolver can cause Foreman to get false positives when checking presence of DNS records due to caching.
+Default: false
+
+##### remote_addr
+
+If Foreman is running behind Passenger or a remote load balancer, the IP of this load balance should be set here. This is a regular expression, so it can support several load balancers, i.e: (10.0.0.1|127.0.0.1)
+Default: 127.0.0.1
+
+##### remove_classes_not_in_environment
+
+This setting forces your host to only pick up classes known to be in its environment. It will avoid Puppet errors caused by trying to pick up classes in other environments, this could happen if your host is in environment 'production', but its host group is in environment 'staging'.
+Default: false
+
+##### require_ssl_puppetmasters
+
+When set to _true_, Foreman requires a client SSL certificate on requests from puppet masters, and will verify the CN of the certificate against the known smart proxies. If false, it uses the reverse DNS of the IP address making the request. require_ssl in ```config/settings.yaml``` should be enabled too. For more information about securing the connection between Foreman and puppet masters, see [Section 5.4.1](manuals/{{page.version}}/index.html#5.4.1SecuringPuppetMasterRequests)
+Default: true
+
+##### restrict_registered_puppetmasters
+
+When set to _true_, you will have to register your puppet masters as Smart Proxies with the Puppet feature so they can access fact/report importers and ENC output.
+Default: true
+
 ##### root_pass
 
 If a root password is not provided whilst configuring a host then this encrypted password is used when building the machine. The plain text password "123123" has been encrypted to produce the default value.
@@ -142,6 +243,26 @@ Default: xybxa6JUkz63w
 The default templating system used within Foreman allows unlimited interpolated variables and expressions. This could obviously be abused so a evaluation environment is provided that restricts the template variables and expressions to a whitelist. When this option is _true_ then only known helper methods and instance variables will be available in template expansion.
 Default: true
 
+##### signo_sso
+
+Use Signo as SSO login.
+Default: false
+
+##### signo_url
+
+Signo SSO url for login.
+Default: https://theforeman/signo
+
+##### ssl_client_dn_env
+
+Environment variable containing the subject DN from a client SSL certificate
+Default: SSL_CLIENT_S_DN
+
+##### ssl_client_verify_env
+
+Environment variable containing the verification status of a client SSL certificate
+Default: SSL_CLIENT_VERIFY
+
 ##### ssl_ca_file
 
 The SSL Certificate Authority file that Foreman will use when connecting to its smart-proxies.
@@ -157,6 +278,16 @@ Default: The host certificate used by puppet
 The SSL private key file that Foreman will use when connecting to its smart-proxies.
 Default: The private key file used by puppet
 
+##### token_duration
+
+Time in minutes installation tokens should be valid for, 0 to disable.
+Default: 60
+
+##### trusted_puppetmaster_hosts
+
+Other trusted puppet masters in addition to Smart Proxies to access fact/report importers and ENC output. i.e: [puppetmaster1.yourdomain.com, puppetmaster2.yourdomain.com]
+Default: []
+
 ##### unattended_url
 
 This controls the URL prefix used in provisioning templates such as TFTP/PXELinux files that refer to the Foreman server.  It is usually HTTP rather than HTTPS due to lack of installer support for HTTPS.
@@ -168,7 +299,22 @@ See also: foreman_url
 If Foreman receives an environment fact from one of its hosts and if this option is _true_, it will update the host's environment with the new value. By default this is not the case as Foreman should manage the host's environment.
 Default: false
 
+##### update_ip_from_built_request
+
+If _true_, Foreman will update the host IP with the IP that made the 'build' request. This request is made at the end of a provisioning cycle to indicate a host has completed the build.
+Default: false
+
 ##### use_shortname_for_vms
 
 When false, any hosts created on a compute resource will use the FQDN of the host for the name of the virtual machine.  When set to the true, the short name (i.e. without domain) will be used instead.
 Default: false
+
+##### use_gravatar
+
+Display user avatars by matching their emails with emails at Gravatar.com
+Default: true
+
+##### use_uuid_for_certificates
+
+When enabled, Foreman will generate UUIDs for each host instead of using the hostname as the Puppet certname, which is more reliable with changing hostnames.  Note that when disabling this setting, existing stored certnames won't be changed or discarded until new certificates are requested from a host (i.e. on a rebuild), in order that the existing certificate remains known to Foreman and can be revoked.
+