Transport configuration options

Whether to clean up temporary files created on targets. When running commands on a target, Bolt might create temporary files. After completing the command, these files are automatically deleted. This value can be set to 'false' if you wish to leave these temporary files on the target.

• Type: Boolean

• Default: true

• Pluggable: true

cleanup: false

The target's hostname.

• Type: String

• Pluggable: true

host: docker_host_production

A map of an extension name to the absolute path of an executable, enabling you to override the shebang defined in a task executable. The extension can optionally be specified with the . character (.py and py both map to a task executable task.py) and the extension is case sensitive. When a target's name is localhost, Ruby tasks run with the Bolt Ruby interpreter by default.

• Type: Hash

• Pluggable: true

interpreters:
  rb:
  - "/usr/bin/ruby"
  - "-r"
  - puppet
  ".py": "/usr/bin/python3"

The user to run commands as after login. The run-as user must be different than the login user.

• Type: String

• Pluggable: true

run-as: root

The command to elevate permissions. Bolt appends the user and command strings to the configured run-as-command before running it on the target. This command must not require aninteractive password prompt, and the sudo-password option is ignored when run-as-command is specified. The run-as-command must be specified as an array.

• Type: Array

• Pluggable: true

run-as-command:
- sudo
- "-nkSEu"

The URL of the host used for API requests.

• Type: String

• Pluggable: true

service-url: https://api.example.com:8143

A shell command to wrap any exec commands in, such as bash -lc.

• Type: String

• Pluggable: true

shell-command: bash -lc

The executable to use when escalating to the configured run-as user. This is useful when you want to escalate using the configured sudo-password, since run-as-command does not use sudo-password or support prompting. The command executed on the target is <sudo-executable> -S -u <user> -p custom_bolt_prompt <command>. This option is experimental.

• Type: String

• Pluggable: true

sudo-executable: dzdo

The password to use when changing users via run-as.

• Type: String

• Pluggable: true

sudo-password: p@$$w0rd!

The directory to upload and execute temporary files on the target.

• Type: String

• Pluggable: true

tmpdir: "/tmp/bolt"

Whether to enable tty on exec commands.

• Type: Boolean

• Pluggable: true

tty: true

Whether to clean up temporary files created on targets. When running commands on a target, Bolt might create temporary files. After completing the command, these files are automatically deleted. This value can be set to 'false' if you wish to leave these temporary files on the target.

• Type: Boolean

• Default: true

• Pluggable: true

cleanup: false

The target's hostname.

• Type: String

• Pluggable: true

host: docker_host_production

A map of an extension name to the absolute path of an executable, enabling you to override the shebang defined in a task executable. The extension can optionally be specified with the . character (.py and py both map to a task executable task.py) and the extension is case sensitive. When a target's name is localhost, Ruby tasks run with the Bolt Ruby interpreter by default.

• Type: Hash

• Pluggable: true

interpreters:
  rb:
  - "/usr/bin/ruby"
  - "-r"
  - puppet
  ".py": "/usr/bin/python3"

The user to run commands as after login. The run-as user must be different than the login user.

• Type: String

• Pluggable: true

run-as: root

The command to elevate permissions. Bolt appends the user and command strings to the configured run-as-command before running it on the target. This command must not require aninteractive password prompt, and the sudo-password option is ignored when run-as-command is specified. The run-as-command must be specified as an array.

• Type: Array

• Pluggable: true

run-as-command:
- sudo
- "-nkSEu"

A shell command to wrap any exec commands in, such as bash -lc.

• Type: String

• Pluggable: true

shell-command: bash -lc

The executable to use when escalating to the configured run-as user. This is useful when you want to escalate using the configured sudo-password, since run-as-command does not use sudo-password or support prompting. The command executed on the target is <sudo-executable> -S -u <user> -p custom_bolt_prompt <command>. This option is experimental.

• Type: String

• Pluggable: true

sudo-executable: dzdo

The password to use when changing users via run-as.

• Type: String

• Pluggable: true

sudo-password: p@$$w0rd!

The directory to upload and execute temporary files on the target.

• Type: String

• Pluggable: true

tmpdir: "/tmp/bolt"

The user name to login as.

• Type: String

• Pluggable: true

user: bolt

Whether to use the Ruby bundled with Bolt packages for local targets.

• Type: Boolean

• Default: true

bundled-ruby: true

Whether to clean up temporary files created on targets. When running commands on a target, Bolt might create temporary files. After completing the command, these files are automatically deleted. This value can be set to 'false' if you wish to leave these temporary files on the target.

• Type: Boolean

• Default: true

• Pluggable: true

cleanup: false

A list of file extensions that are accepted for scripts or tasks on Windows. Scripts with these file extensions rely on the target's file type association to run. For example, if Python is installed on the system, a .py script runs with python.exe. The extensions .ps1, .rb, and .pp are always allowed and run via hard-coded executables.

• Type: Array

• Pluggable: true

extensions:
- ".sh"

A map of an extension name to the absolute path of an executable, enabling you to override the shebang defined in a task executable. The extension can optionally be specified with the . character (.py and py both map to a task executable task.py) and the extension is case sensitive. When a target's name is localhost, Ruby tasks run with the Bolt Ruby interpreter by default.

• Type: Hash

• Pluggable: true

interpreters:
  rb:
  - "/usr/bin/ruby"
  - "-r"
  - puppet
  ".py": "/usr/bin/python3"

The user to run commands as after login. The run-as user must be different than the login user.

• Type: String

• Pluggable: true

run-as: root

The command to elevate permissions. Bolt appends the user and command strings to the configured run-as-command before running it on the target. This command must not require aninteractive password prompt, and the sudo-password option is ignored when run-as-command is specified. The run-as-command must be specified as an array.

• Type: Array

• Pluggable: true

run-as-command:
- sudo
- "-nkSEu"

The executable to use when escalating to the configured run-as user. This is useful when you want to escalate using the configured sudo-password, since run-as-command does not use sudo-password or support prompting. The command executed on the target is <sudo-executable> -S -u <user> -p custom_bolt_prompt <command>. This option is experimental.

• Type: String

• Pluggable: true

sudo-executable: dzdo

The password to use when changing users via run-as.

• Type: String

• Pluggable: true

sudo-password: p@$$w0rd!

The directory to upload and execute temporary files on the target.

• Type: String

• Pluggable: true

tmpdir: "/tmp/bolt"

Whether to clean up temporary files created on targets. When running commands on a target, Bolt might create temporary files. After completing the command, these files are automatically deleted. This value can be set to 'false' if you wish to leave these temporary files on the target.

• Type: Boolean

• Default: true

• Pluggable: true

cleanup: false

A map of an extension name to the absolute path of an executable, enabling you to override the shebang defined in a task executable. The extension can optionally be specified with the . character (.py and py both map to a task executable task.py) and the extension is case sensitive. When a target's name is localhost, Ruby tasks run with the Bolt Ruby interpreter by default.

• Type: Hash

• Pluggable: true

interpreters:
  rb:
  - "/usr/bin/ruby"
  - "-r"
  - puppet
  ".py": "/usr/bin/python3"

The LXD remote host to use.

• Type: String

• Default: local

remote: myremote

The user to run commands as after login. The run-as user must be different than the login user.

• Type: String

• Pluggable: true

run-as: root

The command to elevate permissions. Bolt appends the user and command strings to the configured run-as-command before running it on the target. This command must not require aninteractive password prompt, and the sudo-password option is ignored when run-as-command is specified. The run-as-command must be specified as an array.

• Type: Array

• Pluggable: true

run-as-command:
- sudo
- "-nkSEu"

A shell command to wrap any exec commands in, such as bash -lc.

• Type: String

• Pluggable: true

shell-command: bash -lc

The executable to use when escalating to the configured run-as user. This is useful when you want to escalate using the configured sudo-password, since run-as-command does not use sudo-password or support prompting. The command executed on the target is <sudo-executable> -S -u <user> -p custom_bolt_prompt <command>. This option is experimental.

• Type: String

• Pluggable: true

sudo-executable: dzdo

The password to use when changing users via run-as.

• Type: String

• Pluggable: true

sudo-password: p@$$w0rd!

The directory to upload and execute temporary files on the target.

• Type: String

• Pluggable: true

tmpdir: "/tmp/bolt"

Whether to enable tty on exec commands.

• Type: Boolean

• Pluggable: true

tty: true

The path to the CA certificate.

• Type: String

• Pluggable: true

cacert: "~/.puppetlabs/puppet/cert.pem"

The target's hostname.

• Type: String

• Pluggable: true

host: docker_host_production

The interval, in seconds, to poll orchestrator for job status.

• Type: Integer

• Pluggable: true

job-poll-interval: 2

The time, in seconds, to wait for orchestrator job status.

• Type: Integer

• Pluggable: true

job-poll-timeout: 2000

How long to wait in seconds when making requests to the Orchestrator.

• Type: Integer

• Pluggable: true

read-timeout: 15

The URL of the host used for API requests.

• Type: String

• Pluggable: true

service-url: https://api.example.com:8143

The environment the orchestrator loads task code from.

• Type: String

• Default: production

• Pluggable: true

task-environment: development

The path to the token file.

• Type: String

• Pluggable: true

token-file: "~/.puppetlabs/puppet/token.pem"

Whether to clean up temporary files created on targets. When running commands on a target, Bolt might create temporary files. After completing the command, these files are automatically deleted. This value can be set to 'false' if you wish to leave these temporary files on the target.

• Type: Boolean

• Default: true

• Pluggable: true

cleanup: false

The target's hostname.

• Type: String

• Pluggable: true

host: docker_host_production

A map of an extension name to the absolute path of an executable, enabling you to override the shebang defined in a task executable. The extension can optionally be specified with the . character (.py and py both map to a task executable task.py) and the extension is case sensitive. When a target's name is localhost, Ruby tasks run with the Bolt Ruby interpreter by default.

• Type: Hash

• Pluggable: true

interpreters:
  rb:
  - "/usr/bin/ruby"
  - "-r"
  - puppet
  ".py": "/usr/bin/python3"

The user to run commands as after login. The run-as user must be different than the login user.

• Type: String

• Pluggable: true

run-as: root

The command to elevate permissions. Bolt appends the user and command strings to the configured run-as-command before running it on the target. This command must not require aninteractive password prompt, and the sudo-password option is ignored when run-as-command is specified. The run-as-command must be specified as an array.

• Type: Array

• Pluggable: true

run-as-command:
- sudo
- "-nkSEu"

A shell command to wrap any exec commands in, such as bash -lc.

• Type: String

• Pluggable: true

shell-command: bash -lc

The executable to use when escalating to the configured run-as user. This is useful when you want to escalate using the configured sudo-password, since run-as-command does not use sudo-password or support prompting. The command executed on the target is <sudo-executable> -S -u <user> -p custom_bolt_prompt <command>. This option is experimental.

• Type: String

• Pluggable: true

sudo-executable: dzdo

The password to use when changing users via run-as.

• Type: String

• Pluggable: true

sudo-password: p@$$w0rd!

The directory to upload and execute temporary files on the target.

• Type: String

• Pluggable: true

tmpdir: "/tmp/bolt"

Whether to enable tty on exec commands.

• Type: Boolean

• Pluggable: true

tty: true

The proxy target that the task executes on.

• Type: String

• Default: localhost

• Pluggable: true

run-on: proxy_target

Whether to clean up temporary files created on targets. When running commands on a target, Bolt might create temporary files. After completing the command, these files are automatically deleted. This value can be set to 'false' if you wish to leave these temporary files on the target.

• Type: Boolean

• Default: true

• Pluggable: true

cleanup: false

How long to wait in seconds when establishing connections. Set this value higher if you frequently encounter connection timeout errors when running Bolt.

• Type: Integer

• Default: 10

• Pluggable: true

connect-timeout: 15

How long to wait in seconds before force-closing a connection.

• Type: Integer

• Default: 5

• Pluggable: true

disconnect-timeout: 10

A list of encryption algorithms to use when establishing a connection to a target. Supported algorithms are defined by the Ruby net-ssh library and can be viewed here. All supported, non-deprecated algorithms are available by default when this option is not used. To reference all default algorithms using this option, add 'defaults' to the list of supported algorithms.

• Type: Array

• Pluggable: true

encryption-algorithms:
- defaults
- idea-cbc

A list of file extensions that are accepted for scripts or tasks on Windows. Scripts with these file extensions rely on the target's file type association to run. For example, if Python is installed on the system, a .py script runs with python.exe. The extensions .ps1, .rb, and .pp are always allowed and run via hard-coded executables.

• Type: Array

• Pluggable: true

extensions:
- ".sh"

The target's hostname.

• Type: String

• Pluggable: true

host: docker_host_production

A list of host key algorithms to use when establishing a connection to a target. Supported algorithms are defined by the Ruby net-ssh library and can be viewed here. All supported, non-deprecated algorithms are available by default when this option is not used. To reference all default algorithms using this option, add 'defaults' to the list of supported algorithms.

• Type: Array

• Pluggable: true

host-key-algorithms:
- defaults
- ssh-dss

Whether to perform host key validation when connecting.

• Type: Boolean

• Pluggable: true

host-key-check: false

A map of an extension name to the absolute path of an executable, enabling you to override the shebang defined in a task executable. The extension can optionally be specified with the . character (.py and py both map to a task executable task.py) and the extension is case sensitive. When a target's name is localhost, Ruby tasks run with the Bolt Ruby interpreter by default.

• Type: Hash

• Pluggable: true

interpreters:
  rb:
  - "/usr/bin/ruby"
  - "-r"
  - puppet
  ".py": "/usr/bin/python3"

A list of key exchange algorithms to use when establishing a connection to a target. Supported algorithms are defined by the Ruby net-ssh library and can be viewed here. All supported, non-deprecated algorithms are available by default when this option is not used. To reference all default algorithms using this option, add 'defaults' to the list of supported algorithms.

• Type: Array

• Pluggable: true

kex-algorithms:
- defaults
- diffie-hellman-group1-sha1

Whether to load system SSH configuration from '~/.ssh/config' and '/etc/ssh_config'.

• Type: Boolean

• Default: true

• Pluggable: true

load-config: false

Which login shell Bolt should expect on the target. Supported shells are sh, bash, zsh, dash, ksh, powershell. This option is experimental.

• Type: String

• Available values: sh, bash, zsh, dash, ksh, powershell

• Default: bash

• Pluggable: true

login-shell: powershell

List of message authentication code algorithms to use when establishing a connection to a target. Supported algorithms are defined by the Ruby net-ssh library and can be viewed here. All supported, non-deprecated algorithms are available by default when this option is not used. To reference all default algorithms using this option, add 'defaults' to the list of supported algorithms.

• Type: Array

• Pluggable: true

mac-algorithms:
- defaults
- hmac-md5

The password to use to login.

• Type: String

• Pluggable: true

password: hunter2!

The port to use when connecting to the target.

• Type: Integer

• Pluggable: true

port: 22

Either the path to the private key file to use for authentication, or a hash with the key key-data and the contents of the private key. Note that the key cannot be encrypted if using the key-data hash.

• Type: Hash, String

• Pluggable: true

private-key: "~/.ssh/id_rsa"

A jump host to proxy connections through, and an optional user to connect with.

• Type: String

• Pluggable: true

proxyjump: jump.example.com

The user to run commands as after login. The run-as user must be different than the login user.

• Type: String

• Pluggable: true

run-as: root

The command to elevate permissions. Bolt appends the user and command strings to the configured run-as-command before running it on the target. This command must not require aninteractive password prompt, and the sudo-password option is ignored when run-as-command is specified. The run-as-command must be specified as an array.

• Type: Array

• Pluggable: true

run-as-command:
- sudo
- "-nkSEu"

The subdirectory of the tmpdir to use in place of a randomized subdirectory for uploading and executing temporary files on the target. It's expected that this directory already exists as a subdir of tmpdir, which is either configured or defaults to /tmp.

• Type: String

• Pluggable: true

script-dir: bolt_scripts

The executable to use when escalating to the configured run-as user. This is useful when you want to escalate using the configured sudo-password, since run-as-command does not use sudo-password or support prompting. The command executed on the target is <sudo-executable> -S -u <user> -p custom_bolt_prompt <command>. This option is experimental.

• Type: String

• Pluggable: true

sudo-executable: dzdo

The password to use when changing users via run-as.

• Type: String

• Pluggable: true

sudo-password: p@$$w0rd!

The directory to upload and execute temporary files on the target.

• Type: String

• Pluggable: true

tmpdir: "/tmp/bolt"

Whether to enable tty on exec commands.

• Type: Boolean

• Pluggable: true

tty: true

The user name to login as.

• Type: String

• Pluggable: true

user: bolt

Ciphers allowed in order of preference. Multiple ciphers must be comma-separated.

Whether to use compression.

Compression level to use if compression is enabled.

Path to global host key database.

Host key algorithms that the client wants to use in order of preference.

Use alias instead of real hostname when looking up or saving the host key in the host key database file.

Host name to log.

File in which user's identity key is stored.

SSH port.

Login user.

Path to local user's host key database.

Whether to disable password querying. When set to false, SSH will fall back to prompting for a password if key authentication fails. This might cause Bolt to hang. To prevent Bolt from hanging, you can configure ssh-command to use an SSH utility such as sshpass that supports providing a password non-interactively. For more information, see Providing a password non-interactively using native-ssh.

• Type: Boolean

• Default: true

• Pluggable: true

batch-mode: false

Whether to clean up temporary files created on targets. When running commands on a target, Bolt might create temporary files. After completing the command, these files are automatically deleted. This value can be set to 'false' if you wish to leave these temporary files on the target.

• Type: Boolean

• Default: true

• Pluggable: true

cleanup: false

The command to use when copying files using native SSH. Bolt runs <copy-command> <src> <dest>. This option is used when you need support for features or algorithms that are not supported by the net-ssh Ruby library. This option is experimental. You can read more about this option in Native SSH transport.

• Type: Array, String

• Default: ["scp", "-r"]

• Pluggable: true

copy-command:
- scp
- "-r"
- "-F"
- "~/ssh-config/myconf"

The target's hostname.

• Type: String

• Pluggable: true

host: docker_host_production

Whether to perform host key validation when connecting.

• Type: Boolean

• Pluggable: true

host-key-check: false

A map of an extension name to the absolute path of an executable, enabling you to override the shebang defined in a task executable. The extension can optionally be specified with the . character (.py and py both map to a task executable task.py) and the extension is case sensitive. When a target's name is localhost, Ruby tasks run with the Bolt Ruby interpreter by default.

• Type: Hash

• Pluggable: true

interpreters:
  rb:
  - "/usr/bin/ruby"
  - "-r"
  - puppet
  ".py": "/usr/bin/python3"

This enables the native SSH transport, which shells out to SSH instead of using the net-ssh Ruby library

• Type: Boolean

• Default: false

native-ssh: true

The port to use when connecting to the target.

• Type: Integer

• Pluggable: true

port: 22

Either the path to the private key file to use for authentication, or a hash with the key key-data and the contents of the private key. Note that the key cannot be encrypted if using the key-data hash.

• Type: Hash, String

• Pluggable: true

private-key: "~/.ssh/id_rsa"

The user to run commands as after login. The run-as user must be different than the login user.

• Type: String

• Pluggable: true

run-as: root

The command to elevate permissions. Bolt appends the user and command strings to the configured run-as-command before running it on the target. This command must not require aninteractive password prompt, and the sudo-password option is ignored when run-as-command is specified. The run-as-command must be specified as an array.

• Type: Array

• Pluggable: true

run-as-command:
- sudo
- "-nkSEu"

The subdirectory of the tmpdir to use in place of a randomized subdirectory for uploading and executing temporary files on the target. It's expected that this directory already exists as a subdir of tmpdir, which is either configured or defaults to /tmp.

• Type: String

• Pluggable: true

script-dir: bolt_scripts

The command and options to use when SSHing. This option is used when you need support for features or algorithms that are not supported by the net-ssh Ruby library. This option is experimental. You can read more about this option in Native SSH transport.

• Type: Array, String

• Default: ssh

• Pluggable: true

ssh-command:
- ssh
- "-o"
- Ciphers=chacha20-poly1305@openssh.com

The executable to use when escalating to the configured run-as user. This is useful when you want to escalate using the configured sudo-password, since run-as-command does not use sudo-password or support prompting. The command executed on the target is <sudo-executable> -S -u <user> -p custom_bolt_prompt <command>. This option is experimental.

• Type: String

• Pluggable: true

sudo-executable: dzdo

The password to use when changing users via run-as.

• Type: String

• Pluggable: true

sudo-password: p@$$w0rd!

The directory to upload and execute temporary files on the target.

• Type: String

• Pluggable: true

tmpdir: "/tmp/bolt"

The user name to login as.

• Type: String

• Pluggable: true

user: bolt

Whether to force basic authentication. This option is only available when using SSL.

• Type: Boolean

• Default: false

• Pluggable: true

basic-auth-only: true

The path to the CA certificate.

• Type: String

• Pluggable: true

cacert: "~/.puppetlabs/puppet/cert.pem"

Whether to clean up temporary files created on targets. When running commands on a target, Bolt might create temporary files. After completing the command, these files are automatically deleted. This value can be set to 'false' if you wish to leave these temporary files on the target.

• Type: Boolean

• Default: true

• Pluggable: true

cleanup: false

How long to wait in seconds when establishing connections. Set this value higher if you frequently encounter connection timeout errors when running Bolt.

• Type: Integer

• Default: 10

• Pluggable: true

connect-timeout: 15

A list of file extensions that are accepted for scripts or tasks on Windows. Scripts with these file extensions rely on the target's file type association to run. For example, if Python is installed on the system, a .py script runs with python.exe. The extensions .ps1, .rb, and .pp are always allowed and run via hard-coded executables.

• Type: Array

• Pluggable: true

extensions:
- ".sh"

Which file transfer protocol to use. Either winrm or smb. Using smb is recommended for large file transfers.

• Type: String

• Available values: smb, winrm

• Default: winrm

• Pluggable: true

file-protocol: smb

The target's hostname.

• Type: String

• Pluggable: true

host: docker_host_production

A map of an extension name to the absolute path of an executable, enabling you to override the shebang defined in a task executable. The extension can optionally be specified with the . character (.py and py both map to a task executable task.py) and the extension is case sensitive. When a target's name is localhost, Ruby tasks run with the Bolt Ruby interpreter by default.

• Type: Hash

• Pluggable: true

interpreters:
  rb:
  - "/usr/bin/ruby"
  - "-r"
  - puppet
  ".py": "/usr/bin/python3"

The password to use to login.

• Type: String

• Pluggable: true

password: hunter2!

The port to use when connecting to the target.

• Type: Integer

• Pluggable: true

port: 22

The Kerberos realm (Active Directory domain) to authenticate against.

• Type: String

• Pluggable: true

realm: BOLT.PRODUCTION

The port to use when connecting to the target when file-protocol is set to 'smb'.

• Type: Integer

• Pluggable: true

smb-port: 445

Whether to use secure https connections for WinRM.

• Type: Boolean

• Default: true

• Pluggable: true

ssl: false

Whether to verify that the target's certificate matches the cacert.

• Type: Boolean

• Default: true

• Pluggable: true

ssl-verify: false

The directory to upload and execute temporary files on the target.

• Type: String

• Pluggable: true

tmpdir: "/tmp/bolt"

The user name to login as.

• Type: String

• Pluggable: true

user: bolt

# bolt-defaults.yaml
inventory-config:
  transport: winrm
  docker:
    cleanup: false
    host: docker_host_production
    interpreters: &1
      rb:
      - "/usr/bin/ruby"
      - "-r"
      - puppet
      ".py": "/usr/bin/python3"
    run-as: root
    run-as-command: &2
    - sudo
    - "-nkSEu"
    service-url: https://api.example.com:8143
    shell-command: bash -lc
    sudo-executable: dzdo
    sudo-password: p@$$w0rd!
    tmpdir: "/tmp/bolt"
    tty: true
  jail:
    cleanup: false
    host: docker_host_production
    interpreters: *1
    run-as: root
    run-as-command: *2
    shell-command: bash -lc
    sudo-executable: dzdo
    sudo-password: p@$$w0rd!
    tmpdir: "/tmp/bolt"
    user: bolt
  local:
    bundled-ruby: true
    cleanup: false
    extensions: &3
    - ".sh"
    interpreters: *1
    run-as: root
    run-as-command: *2
    sudo-executable: dzdo
    sudo-password: p@$$w0rd!
    tmpdir: "/tmp/bolt"
  lxd:
    cleanup: false
    interpreters: *1
    remote: myremote
    run-as: root
    run-as-command: *2
    shell-command: bash -lc
    sudo-executable: dzdo
    sudo-password: p@$$w0rd!
    tmpdir: "/tmp/bolt"
    tty: true
  pcp:
    cacert: "~/.puppetlabs/puppet/cert.pem"
    host: docker_host_production
    job-poll-interval: 2
    job-poll-timeout: 2000
    read-timeout: 15
    service-url: https://api.example.com:8143
    task-environment: development
    token-file: "~/.puppetlabs/puppet/token.pem"
  podman:
    cleanup: false
    host: docker_host_production
    interpreters: *1
    run-as: root
    run-as-command: *2
    shell-command: bash -lc
    sudo-executable: dzdo
    sudo-password: p@$$w0rd!
    tmpdir: "/tmp/bolt"
    tty: true
  remote:
    run-on: proxy_target
  ssh:
    cleanup: false
    connect-timeout: 15
    disconnect-timeout: 10
    encryption-algorithms:
    - defaults
    - idea-cbc
    extensions: *3
    host: docker_host_production
    host-key-algorithms:
    - defaults
    - ssh-dss
    host-key-check: false
    interpreters: *1
    kex-algorithms:
    - defaults
    - diffie-hellman-group1-sha1
    load-config: false
    login-shell: powershell
    mac-algorithms:
    - defaults
    - hmac-md5
    password: hunter2!
    port: 22
    private-key: "~/.ssh/id_rsa"
    proxyjump: jump.example.com
    run-as: root
    run-as-command: *2
    script-dir: bolt_scripts
    sudo-executable: dzdo
    sudo-password: p@$$w0rd!
    tmpdir: "/tmp/bolt"
    tty: true
    user: bolt
  winrm:
    basic-auth-only: true
    cacert: "~/.puppetlabs/puppet/cert.pem"
    cleanup: false
    connect-timeout: 15
    extensions: *3
    file-protocol: smb
    host: docker_host_production
    interpreters: *1
    password: hunter2!
    port: 22
    realm: BOLT.PRODUCTION
    smb-port: 445
    ssl: false
    ssl-verify: false
    tmpdir: "/tmp/bolt"
    user: bolt

# inventory.yaml
config:
  transport: winrm
  docker:
    cleanup: false
    host: docker_host_production
    interpreters: &1
      rb:
      - "/usr/bin/ruby"
      - "-r"
      - puppet
      ".py": "/usr/bin/python3"
    run-as: root
    run-as-command: &2
    - sudo
    - "-nkSEu"
    service-url: https://api.example.com:8143
    shell-command: bash -lc
    sudo-executable: dzdo
    sudo-password: p@$$w0rd!
    tmpdir: "/tmp/bolt"
    tty: true
  jail:
    cleanup: false
    host: docker_host_production
    interpreters: *1
    run-as: root
    run-as-command: *2
    shell-command: bash -lc
    sudo-executable: dzdo
    sudo-password: p@$$w0rd!
    tmpdir: "/tmp/bolt"
    user: bolt
  local:
    bundled-ruby: true
    cleanup: false
    extensions: &3
    - ".sh"
    interpreters: *1
    run-as: root
    run-as-command: *2
    sudo-executable: dzdo
    sudo-password: p@$$w0rd!
    tmpdir: "/tmp/bolt"
  lxd:
    cleanup: false
    interpreters: *1
    remote: myremote
    run-as: root
    run-as-command: *2
    shell-command: bash -lc
    sudo-executable: dzdo
    sudo-password: p@$$w0rd!
    tmpdir: "/tmp/bolt"
    tty: true
  pcp:
    cacert: "~/.puppetlabs/puppet/cert.pem"
    host: docker_host_production
    job-poll-interval: 2
    job-poll-timeout: 2000
    read-timeout: 15
    service-url: https://api.example.com:8143
    task-environment: development
    token-file: "~/.puppetlabs/puppet/token.pem"
  podman:
    cleanup: false
    host: docker_host_production
    interpreters: *1
    run-as: root
    run-as-command: *2
    shell-command: bash -lc
    sudo-executable: dzdo
    sudo-password: p@$$w0rd!
    tmpdir: "/tmp/bolt"
    tty: true
  remote:
    run-on: proxy_target
  ssh:
    cleanup: false
    connect-timeout: 15
    disconnect-timeout: 10
    encryption-algorithms:
    - defaults
    - idea-cbc
    extensions: *3
    host: docker_host_production
    host-key-algorithms:
    - defaults
    - ssh-dss
    host-key-check: false
    interpreters: *1
    kex-algorithms:
    - defaults
    - diffie-hellman-group1-sha1
    load-config: false
    login-shell: powershell
    mac-algorithms:
    - defaults
    - hmac-md5
    password: hunter2!
    port: 22
    private-key: "~/.ssh/id_rsa"
    proxyjump: jump.example.com
    run-as: root
    run-as-command: *2
    script-dir: bolt_scripts
    sudo-executable: dzdo
    sudo-password: p@$$w0rd!
    tmpdir: "/tmp/bolt"
    tty: true
    user: bolt
  winrm:
    basic-auth-only: true
    cacert: "~/.puppetlabs/puppet/cert.pem"
    cleanup: false
    connect-timeout: 15
    extensions: *3
    file-protocol: smb
    host: docker_host_production
    interpreters: *1
    password: hunter2!
    port: 22
    realm: BOLT.PRODUCTION
    smb-port: 445
    ssl: false
    ssl-verify: false
    tmpdir: "/tmp/bolt"
    user: bolt