|
---
|
|
# SSL Setup
|
|
|
|
# if enabled, all communication would be verfied via SSL
|
|
# NOTE that both certificates need to be signed by the same CA in order for this to work
|
|
# see http://theforeman.org/projects/smart-proxy/wiki/SSL for more information
|
|
#:ssl_certificate: ssl/certs/fqdn.pem
|
|
#:ssl_ca_file: ssl/certs/ca.pem
|
|
#:ssl_private_key: ssl/private_keys/fqdn.key
|
|
# the hosts which the proxy accepts connections from
|
|
# commenting the following lines would mean every verified SSL connection allowed
|
|
#:trusted_hosts:
|
|
#- foreman.prod.domain
|
|
#- foreman.dev.domain
|
|
|
|
# enable the daemon to run in the background
|
|
:daemon: true
|
|
:daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid
|
|
|
|
# port used by the proxy
|
|
:port: 8443
|
|
|
|
# Enable TFTP management
|
|
:tftp: <%= scope.lookupvar("foreman_proxy::params::tftp") %>
|
|
:tftproot: <%= scope.lookupvar("foreman_proxy::params::tftproot") %>
|
|
:tftp_servername: <%= scope.lookupvar("foreman_proxy::params::servername") %>
|
|
# Defines the TFTP Servername to use, overrides the name in the subnet declaration
|
|
#:tftp_servername: tftp.domain.com
|
|
|
|
# Enable DNS management
|
|
:dns: <%= scope.lookupvar("foreman_proxy::params::dns") %>
|
|
:dns_key: <%= scope.lookupvar("foreman_proxy::params::keyfile") %>
|
|
# use this setting if you are managing a dns server which is not localhost though this proxy
|
|
#:dns_server: dns.domain.com
|
|
|
|
# Enable DHCP management
|
|
:dhcp: <%= scope.lookupvar("foreman_proxy::params::dhcp") %>
|
|
<% if scope.lookupvar("foreman_proxy::params::dhcp") == true -%>
|
|
:dhcp_vendor: <%= scope.lookupvar("foreman_proxy::params::dhcp_vendor") %>
|
|
:dhcp_config: <%= scope.lookupvar("foreman_proxy::params::dhcp_config") %>
|
|
:dhcp_leases: <%= scope.lookupvar("foreman_proxy::params::dhcp_leases") %>
|
|
<% else -%>
|
|
# The vendor can be either isc or native_ms
|
|
:dhcp_vendor: isc
|
|
# dhcp_subnets is a Native MS implementation setting. It restricts the subnets queried to a
|
|
# subset, so as to reduce the query time.
|
|
#:dhcp_subnets: [192.168.205.0/255.255.255.128, 192.168.205.128/255.255.255.128]
|
|
# Settings for Ubuntu ISC
|
|
#:dhcp_config: /etc/dhcp3/dhcpd.conf
|
|
#:dhcp_leases: /var/lib/dhcp3/dhcpd.leases
|
|
# Settings for Redhat ISC
|
|
#:dhcp_config: /etc/dhcpd.conf
|
|
#:dhcp_leases: /var/lib/dhcpd/dhcpd.leases
|
|
#:dhcp_key_name: secret_key_name
|
|
#:dhcp_key_secret: secret_key
|
|
<% end -%>
|
|
|
|
# enable PuppetCA management
|
|
:puppetca: <%= scope.lookupvar("foreman_proxy::params::puppetca") %>
|
|
|
|
# enable Puppet management
|
|
:puppet: <%= scope.lookupvar("foreman_proxy::params::puppetrun") %>
|
|
:puppet_conf: /etc/puppet/puppet.conf
|
|
|
|
# Where our proxy log files are stored
|
|
# filename or STDOUT
|
|
:log_file: <%= scope.lookupvar("foreman_proxy::params::log") %>
|
|
# valid options are
|
|
# WARN, DEBUG, Error, Fatal, INFO, UNKNOWN
|
|
#:log_level: DEBUG
|