The nodejs environment
a valid nodejs environment

Nodejs can have multiple environments, like development or production

The database host
a valid IP or FQDN

Ansible Forms requires a mysql database connection to store the configuration of the application.

The database user
a valid mysql user

Ansible Forms requires a mysql database connection to store the configuration of the application.

The database password
a valid mysql password

Ansible Forms requires a mysql database connection to store the configuration of the application.

Http port
a valid TCP port

The listening port of the web application

Enables HTTPS

Our docker-compose comes with sample certificates. It is highly recommended to enable HTTPS.

Private key
a valid file path

The path to the private key of the server certificate, in BASE64/PEM format.

Certificate
a valid file path

The path to the server certificate, in BASE64/PEM format.

Forms.yaml path
a valid file path

The forms.yaml file is the main configuration file needed to run Ansible Forms.
Read here more about the forms.yaml file.

ansibleForm.lock path
a valid file path

Only 1 user can use the designer, so we use a locking file to hold the current owners information.

Backup path for form backups
a valid directory path

When backups are made, they end up in this path

Days of backups to keep
a valid number in days

Old backups are cleanup, you can choose the age

The azure graph api base uri
a valid base URI without slash on the end

This variable is used to acquire data from the Azure AD api.

Enable the schema creation

When you start Ansible Forms for the first time and there is no database, Ansible Forms will present you the option to create the schema. Although this is fairly handy, you might want to disable this option to prevent accidental schema re-creation.
Also note that if you use the docker-compose solution, the database is created as part of the Mysql initialization.
If you use a different database, you might want to enable this option, to at the very least create the schema the very first time.
If you want to disable this option, set this variable to 0.

Enable the bypass admin authentication

When you have locked yourself out, you can enable the bypass admin authentication, by setting this variable to 1.
This will allow you to login as temp admin with any combination of username and password. You can then fix the issue and disable this option again.
Note : This option will allow ANYONE to login as admin, so use with caution and disable as soon as possible.

Enable the database query logging

When you want to see the database queries that are executed, you can enable this option by setting this variable to 1.
introduced, due to massive amount of logging of database queries, which can be useful for debugging, but not for production.

Enable the forms.yaml in database

If you use git repositories to store the forms, you can choose to store the master forms.yaml in git as well.
Or, you can choose to have the forms.yaml in the database instead. Having a clean separation : master forms.yaml in database, and the actual forms in git.

Enable the internal designer

Although we encourage you to use an editor such as Visual Studio Code to edit the forms.yaml file, preferably with some form of source control. Ansible Forms comes with an internal yaml designer.
And although only admins can see the designer, you might want to disable it completely by setting this variable to 0.

Enable the ytt interpreter

https://github.com/carvel-dev/ytt is a tool for yaml templating. It can be activated by this variable.

Log level

Ansible Forms logs to logfile called Ansible Forms.log.
It does so in multiple levels.

Path for logfiles
a valid folder path

Ansible Forms maintains 2 logfiles. ansibleforms.log and ansibleforms.errors.log

Console Log level

When you run ansibleforms, by default the application also logs to the console.
For example with docker you can use the command docker logs to access this console log.
This console log has a seperate loglevel.

Syslog host
a valid IP or FQDN

Setting the syslog settings, enables the logging to a syslog server

Syslog level

The logging level for the syslog server

Syslog Port
valid tcp/udp port number

The port on which the syslog server is listening

Syslog protocol

The syslog protocol to use

Syslog path
valid syslog path

The path to the syslog dgram socket (i.e. /dev/log or /var/run/syslog for OS X)

Source hostname
hostname

Host to indicate where log messages are coming from

Syslog protocol type

The type of the syslog protocol to use

App Name
free text

The name of the application

Error color code
valid escape color code

The escape color code for error (default red)

Warning color code
valid escape color code

The escape color code for warning (default yellow)

Notice color code
valid escape color code

The escape color code for notice (default white)

Info color code
valid escape color code

The escape color code for info (default green)

Debug color code
valid escape color code

The escape color code for debug (default cyan)

Secret to encryp access tokens
a hard secret string

AnsibleForm uses Basic Authentication as authentication mechanism.
Once authenticated, the client uses a JWT (Json Web Token) for authorization (Bearer authorization header). This token is stored on the client side (i.e. browser cookie) and is signed with a secret key.
To keep the communication between client and server safe, we strongly recommend you to set this secret.

Expiration time access token
a valid time indication

A JWT (Json Web Token) is only valid for a certain amount of time.
If someone would be able to intercept a communication packet and see the token, it would only be valid for a short time.
After this short time, the client must refresh his access token using his refresh token.

Expiration time refresh token
a valid time indication

Once the access token is expired, and the client tries to connect to the server, the client hits a 401 error (unauthorized). the client application captures this error, and calls the refresh api with its refresh token. If the refresh token is valid, the client gets a new set of access and refresh tokens and retries the last unauthorized api call with the renew access token.
With this mechanism, the client can keep the user-connection open for a long time and avoid a sudden logout during a save action.
If the client has not connected back to the server during the expiration time of the refresh token, the client is logged of and authentication is required again.

The users home directory
a valid path

Ansible Forms generates an sshkey at first start, is one is not present, so you can have a git connection or other password-less connection.
Typically this key is stored in the users home-directory under /.ssh/id_rsa. You can set this homedirectory path manually with this property.

Repositories path
a valid path

This path is the root path for your local repositories, allowing you to integrate data with git repositories.

Database encryption secret
a strong encryption string

Ansible Forms encrypts passwords in the database using this secret.
We strongly advise you to set a custom entryption secret to uniquely protect your passwords.
The secret must be 32 character long, however, we extend or cut the secret if this is not the case.

The path of the ansible playbooks (local instance)
a valid path

Ansible Forms can have a local ansible instance. This path says where the playbooks are.

Filter out job output tasks
an escaped regular expression

Sometime, the job output is flooded with meaningless output, such as ‘Gathering Facts’, or ‘Includes’. You filter out these by add a piece of string in the taskname, i.e. [low] and then used regex \\[low\\] to hide this information.
The output has a button Apply filter for the filtering to take effect.

The path for file uploads
a valid path

Since 4.0.16, a new field type is introduced that allows file uploads. The files are uploaded in this path.