Configuration Reference
This page consolidates the configuration details that are currently spread across the README and CLI source definitions.
Global connection options
Section titled “Global connection options”The following options are shared by most execution commands through global CLI flags.
| Option | Source | Description |
|---|---|---|
--host | CLI | Device hostname or IP address |
--username, -u | CLI | SSH username |
--password, -p | CLI / RAUTO_PASSWORD | SSH password |
--ssh-port, -P | CLI | SSH port |
--enable-password, -e | CLI | Enable / privileged mode password |
--ssh-security | CLI | SSH compatibility profile: secure, balanced, legacy-compatible |
--linux-shell-flavor | CLI | Linux shell exit-code parsing mode: posix (bash alias) or fish |
--device-profile, -d | CLI | Device profile name, default linux |
--connection | CLI | Use a saved connection by name |
--save-connection | CLI | Save the effective resolved connection after success |
--save-password | CLI | Save password and enable password with --save-connection |
--template-dir | CLI / RAUTO_TEMPLATE_DIR | Deprecated legacy option; templates and custom profiles are now stored in SQLite |
Runtime environment variables
Section titled “Runtime environment variables”rauto currently exposes a small set of environment-based defaults.
| Env var | Used by | Description |
|---|---|---|
RAUTO_PASSWORD | global auth | Default SSH password when not passed inline |
RAUTO_MANAGER_URL | rauto agent | Default manager base URL |
RAUTO_AGENT_NAME | rauto agent | Default agent name |
RAUTO_AGENT_TOKEN | rauto agent | Default agent authentication token |
RAUTO_MANAGER_REPORT_MODE | rauto agent | Default reporting transport |
RAUTO_AGENT_PROBE_REPORT_INTERVAL | rauto agent | Default liveness probe reporting interval |
RAUTO_HOME | runtime layout | Override the default runtime root (~/.rauto) |
Default runtime layout
Section titled “Default runtime layout”By default, runtime data is stored under:
~/.rauto├── rauto.db└── backups/What lives there:
rauto.db- saved connections
- history recording indexes
- blacklist rules
- custom device profiles
- command templates
- command flow templates
- execution template metadata
backups/- generated
.tar.gzarchives
- generated
Execution recording options
Section titled “Execution recording options”Several execution commands share the same recording model.
| Option | Commands | Description |
|---|---|---|
--record-file <path> | exec, template, flow, upload, tx, tx-workflow | Export a JSONL recording file |
--record-level key-events-only | same | Minimal audit recording |
--record-level full | same | Richer prompt/state recording |
The RecordLevelOpt source definition currently exposes two values:
KeyEventsOnlyFull
Command-specific configuration
Section titled “Command-specific configuration”rauto exec
Section titled “rauto exec”| Option | Description |
|---|---|
--mode, -m | Execute the command in a specific device mode such as Enable, Config, or Shell |
rauto template
Section titled “rauto template”| Option | Description |
|---|---|
--vars, -v | JSON or YAML file used as the render context |
--dry-run | Render without executing |
rauto flow
Section titled “rauto flow”| Option | Description |
|---|---|
--template | Saved command flow template name |
--file | Ad-hoc TOML command flow template |
--vars, -v | JSON file containing runtime variables |
--vars-json | Inline JSON runtime variables |
rauto upload
Section titled “rauto upload”| Option | Description |
|---|---|
--local-path | Local file path on the machine running rauto |
--remote-path | Destination path on the remote target |
--timeout-secs | Upload timeout, default 300 |
--buffer-size | Optional transfer buffer size |
--show-progress | Emit progress logs during transfer |
rauto tx
Section titled “rauto tx”The source code exposes a richer set of tx controls than the current docs homepage covers.
| Option | Description |
|---|---|
--name | Transaction block name used in logs and recordings |
--run-kind | commands or command-flow |
--template | Render commands from a stored template |
--vars | Variables file for --template |
--flow-template / --flow-file | Main command-flow source |
--flow-vars / --flow-vars-json | Main command-flow runtime variables |
--rollback-flow-template / --rollback-flow-file | Rollback flow source |
--rollback-flow-vars / --rollback-flow-vars-json | Rollback flow variables |
--command | Repeatable command input in command mode |
--rollback-command | Repeatable per-step rollback commands |
--rollback-commands-file | One rollback command per line |
--rollback-commands-json | JSON array of rollback commands |
--rollback-on-failure | Roll back the failed step itself when using per-step rollback |
--rollback-trigger-step-index | Step index that triggers whole-resource rollback |
--mode | Target mode for generated steps or command flow execution |
--timeout-secs | Per-step timeout |
--resource-rollback-command | Explicit whole-resource rollback command |
--dry-run | Print normalized tx plan without executing |
--json | Output tx result as JSON |
rauto tx-workflow
Section titled “rauto tx-workflow”| Option | Description |
|---|---|
workflow_file | Required JSON workflow path |
--dry-run | Print normalized plan and exit |
--view | Render a terminal visualization of the workflow |
--json | Output raw workflow result JSON |
rauto orchestrate
Section titled “rauto orchestrate”| Option | Description |
|---|---|
plan_file | Required orchestration plan JSON path |
--dry-run | Print normalized plan and exit |
--view | Render a terminal visualization of the orchestration |
--json | Output orchestration result as JSON |
--record-level | Recording level applied to target executions |
rauto replay
Section titled “rauto replay”| Option | Description |
|---|---|
record_file | Path to JSONL recording |
--list | List recorded command output events |
--command | Replay a specific command |
--mode | Optional mode filter when replaying |
Agent configuration
Section titled “Agent configuration”rauto agent combines CLI flags, environment variables, and optional config file defaults.
Agent CLI flags
Section titled “Agent CLI flags”| Option | Default | Description |
|---|---|---|
--bind | 0.0.0.0 | Agent bind address |
--port | 8123 | Agent listen port |
--manager-url | none | Manager URL for registration and reporting |
--agent-name | none | Globally unique agent name |
--agent-token | none | Shared secret for manager callbacks and auth |
--report-mode | none | Manager report transport |
--agent-config | ~/.rauto/agent.toml | Optional config file path |
--probe-report-interval | none | Periodic device liveness reporting interval in seconds |
Agent config file example
Section titled “Agent config file example”[manager]url = "http://manager:50051"token = "my-secret-token"report_mode = "grpc"
[agent]name = "agent-beijing-01"heartbeat_interval = 30probe_report_interval = 300Inventory configuration model
Section titled “Inventory configuration model”Current inventory behavior is source-of-truth driven by saved connections.
- There is no separate persistent target database for inventory records.
- Saved connections hold target identity, labels, groups, and vars.
- Inventory CLI focuses on group management and merged vars preview.
Variable merge order is:
- group vars
- saved connection vars
- runtime vars
Operational defaults and guardrails
Section titled “Operational defaults and guardrails”From the source and current README behavior:
- default device profile is
linux - Web console default bind is
127.0.0.1:3000 - agent default bind is
0.0.0.0:8123 - upload timeout defaults to
300seconds - tx default name is
tx-block - replay reads JSONL recordings produced by execution commands
- saved passwords are encrypted in SQLite, but the master key remains in system keyring