This file lets you specify or dynamically build a list of nodes in your environment.

All you have to do here is define a Python dictionary called nodes. It should look something like this:

nodes = {
    "node-1": {
        'hostname': "",

With BundleWrap, the DNS name and the internal identifier for a node ("node-1" in this case) are two separate things.

All fields for a node (including hostname) are optional. If you don't give one, BundleWrap will attempt to use the internal identifier to connect to a node:

nodes = {
    "": {},

Dynamic node list

You are not confined to the static way of defining a node list as shown above. You can also assemble the nodes dictionary dynamically:

def get_my_nodes_from_ldap():
    return ldap_nodes

nodes = get_my_nodes_from_ldap()

Node attribute reference

This section is a reference for all possible attributes you can define for a node:

nodes = {
    'node-1': {


A list of bundle names to be assigned to this node.


Set this to True to prevent BundleWrap from creating items for and connecting to this node. This is useful for unmanaged nodes because you can still assign them bundles and metadata like regular nodes and access that from managed nodes (e.g. for monitoring).

May also be set at group level.


A string used as a DNS name when connecting to this node. May also be an IP address.

The username and SSH private key for connecting to the node cannot be configured in BundleWrap. If you need to customize those, BundleWrap will honor your ~/.ssh/config.


This can be a dictionary of arbitrary data. You can access it from your templates as node.metadata. Use this to attach custom data (such as a list of IP addresses that should be configured on the target node) to the node. Note that you can also define metadata at the group level, but node metadata has higher priority.

You are restricted to using only the following types in metadata:

  • dict
  • list
  • tuple
  • set
  • bool
  • text / unicode
  • bytes / str (only if decodable into text using UTF-8)
  • int
  • None
  • bundlewrap.utils.Fault
Also see the documentation for group.metadata for more information.


Currently, only the default value of "linux" is supported. Your mileage may vary for "macos" or "openbsd".

May also be set at group level.


Changing this setting will affect the security of the target system. Only do this for legacy systems that don't support shadow passwords.

This setting will affect how the user item item operates. If set to False, password hashes will be written directly to /etc/passwd and thus be accessible to any user on the system. If the OS of the node is set to "openbsd", this setting has no effect as master.shadow is always used.

May also be set at group level.