puppet-pulp/templates/etc/pulp/server.conf.erb @ 45e7e8a3
3b030c03 | Ivan Necas | #
|
|
# WARNING: THIS CONFIGURATION WAS GENERATED BY KATELLO-CONFIGURE TOOL,
|
|||
# CHANGES WILL LIKELY BE OVERWRITTEN.
|
|||
#
|
|||
b5c28bf5 | David Davis | # =========================
|
|
# Pulp Server Configuration
|
|||
# =========================
|
|||
# -- Common Configuration -----------------------------------------------------
|
|||
# = Database =
|
|||
3b030c03 | Ivan Necas | #
|
|
b5c28bf5 | David Davis | # Controls the behavior of MongoDB under Pulp's usage.
|
|
3b030c03 | Ivan Necas | #
|
|
b5c28bf5 | David Davis | # name: name of the database to use
|
|
# seeds: comma-separated list of hostname:port of database replica seed hosts
|
|||
# operation_retries: number of retries on database operations to
|
|||
# perform before giving up and reporting an error
|
|||
[database]
|
|||
name: pulp_database
|
|||
seeds: localhost:27017
|
|||
operation_retries: 2
|
|||
3b030c03 | Ivan Necas | ||
b5c28bf5 | David Davis | # = Server =
|
|
3b030c03 | Ivan Necas | #
|
|
b5c28bf5 | David Davis | # Controls general Pulp web server behavior.
|
|
3b030c03 | Ivan Necas | #
|
|
b5c28bf5 | David Davis | # server_name: hostname the admin client and consumers should use when accessing
|
|
# the server; if not specified, this is defaulted to the server's hostname
|
|||
# default_login: default admin username of the Pulp server; this user will be
|
|||
# the first time the server is started
|
|||
# default_password: default password for admin when it is first created; this
|
|||
# should be changed once the server is operational
|
|||
# debugging_mode: boolean; toggles Pulp's debugging capabilities
|
|||
3b030c03 | Ivan Necas | ||
b5c28bf5 | David Davis | [server]
|
|
server_name: <%= (has_variable?("fqdn") ? fqdn : hostname).downcase %>
|
|||
key_url: /pulp/gpg
|
|||
ks_url: /pulp/ks
|
|||
default_login: <%= @default_login %>
|
|||
45e7e8a3 | Eric D. Helms | default_password: <%= @default_password %>
|
|
b5c28bf5 | David Davis | debugging_mode: false
|
|
3b030c03 | Ivan Necas | ||
b5c28bf5 | David Davis | # = Security =
|
|
#
|
|||
# Controls aspects of the Pulp web server security.
|
|||
#
|
|||
# For production installations, it is recommended that a new CA certificate be
|
|||
# generated for the signing of user and consumer certificates and configured
|
|||
# using the following properties.
|
|||
#
|
|||
# cacert: full path to the CA certificate that will be used to sign consumer
|
|||
# and admin identification certificates; this must match the value of
|
|||
# SSLCACertificateFile in /etc/httpd/conf.d/pulp.conf
|
|||
#
|
|||
# cakey: path to the private key for the above CA certificate
|
|||
#
|
|||
# ssl_ca_certificate: full path to the CA certificate used to sign the Pulp
|
|||
# server's SSL certificate; consumers will use this to verify the
|
|||
# Pulp server's SSL certificate during the SSL handshake
|
|||
#
|
|||
# user_cert_expiration: number of days a user certificate is valid
|
|||
#
|
|||
# consumer_cert_expiration: number of days a consumer certificate is valid
|
|||
3b030c03 | Ivan Necas | ||
b5c28bf5 | David Davis | [security]
|
|
cacert: <%= @consumers_ca_cert %>
|
|||
<% if @consumers_ca_key -%>
|
|||
cakey: <%= @consumers_ca_key %>
|
|||
<% end -%>
|
|||
ssl_ca_certificate: <%= @ssl_ca_cert %>
|
|||
user_cert_expiration: 7
|
|||
consumer_cert_expiration: 3650
|
|||
serial_number_path: /var/lib/pulp/sn.dat
|
|||
# -- Advanced Configuration ---------------------------------------------------
|
|||
# = Consumer History =
|
|||
3b030c03 | Ivan Necas | #
|
|
b5c28bf5 | David Davis | # Controls the storage of recorded consumer events.
|
|
3b030c03 | Ivan Necas | #
|
|
b5c28bf5 | David Davis | # lifetime: number of days to store consumer events; events older
|
|
# than this will be purged; set to -1 to disable
|
|||
3b030c03 | Ivan Necas | ||
[consumer_history]
|
|||
lifetime: 180
|
|||
b5c28bf5 | David Davis | # = Coordinator =
|
|
3b030c03 | Ivan Necas | #
|
|
# Controls the behavior of conflict resolution in Pulp's asynchronous dispatch
|
|||
# subsystem.
|
|||
#
|
|||
b5c28bf5 | David Davis | # task_state_poll_interval: float; seconds to wait between polling for a change
|
|
# in a task's state
|
|||
3b030c03 | Ivan Necas | ||
[coordinator]
|
|||
task_state_poll_interval: 0.1
|
|||
b5c28bf5 | David Davis | # = Data Reaping =
|
|
#
|
|||
# Controls the frequency in which reporting data is automatically removed from
|
|||
# the database. Database entries that exceed the given thresholds will be
|
|||
# deleted from the database when the reaper runs.
|
|||
3b030c03 | Ivan Necas | #
|
|
b5c28bf5 | David Davis | # reaper_interval: float; time in days between checks for old data in
|
|
# the database
|
|||
3b030c03 | Ivan Necas | #
|
|
b5c28bf5 | David Davis | # archived_calls: float; time in days to store archived calls
|
|
#
|
|||
# consumer_history: float; time in days to store consumer history events
|
|||
#
|
|||
# repo_sync_history: float; time in days to store repository sync history events
|
|||
#
|
|||
# repo_publish_history: float; time in days to store repository publish history
|
|||
# events
|
|||
#
|
|||
# repo_group_publish_history: float; time in days to store repository group
|
|||
# publish history events
|
|||
3b030c03 | Ivan Necas | ||
b5c28bf5 | David Davis | [data_reaping]
|
|
reaper_interval: 0.25
|
|||
archived_calls: 0.5
|
|||
consumer_history: 60
|
|||
repo_sync_history: 60
|
|||
repo_publish_history: 60
|
|||
repo_group_publish_history: 60
|
|||
3b030c03 | Ivan Necas | ||
b5c28bf5 | David Davis | # = LDAP =
|
|
#
|
|||
# Uncomment the below section with appropriate values to use an external LDAP
|
|||
# server for user authentication.
|
|||
#
|
|||
# enabled: boolean; controls whether or not LDAP authentication is enabled
|
|||
#
|
|||
# uri: url of LDAP server
|
|||
#
|
|||
# base: location in the directory from which the LDAP search begins
|
|||
3b030c03 | Ivan Necas | #
|
|
b5c28bf5 | David Davis | # tls: boolean; controls whether or not to use TLS security
|
|
3b030c03 | Ivan Necas | #
|
|
b5c28bf5 | David Davis | # default_role: Id of the role to assign LDAP users to by default. This is
|
|
# optional. This role must first be created on the Pulp server. If
|
|||
# default_role is not set or doesn't exist, LDAP users are given same
|
|||
# default permissions as local users.
|
|||
#
|
|||
# filter: directive to set more restrictive LDAP filter to limit the LDAP
|
|||
# users who can authenticate to Pulp
|
|||
3b030c03 | Ivan Necas | ||
b5c28bf5 | David Davis | # [ldap]
|
|
# enabled: true
|
|||
# uri: ldap://localhost
|
|||
# base: dc=localhost
|
|||
# tls: no
|
|||
# default_role: <role-id>
|
|||
# filter: (gidNumber=200)
|
|||
3b030c03 | Ivan Necas | ||
b5c28bf5 | David Davis | # = OAuth =
|
|
3b030c03 | Ivan Necas | #
|
|
b5c28bf5 | David Davis | # Uncomment the below section with appropriate values to use OAuth
|
|
# authentication.
|
|||
3b030c03 | Ivan Necas | #
|
|
b5c28bf5 | David Davis | # enabled: boolean; controls whether OAuth authentication is enabled
|
|
3b030c03 | Ivan Necas | #
|
|
b5c28bf5 | David Davis | # oauth_key: string; key to enable OAuth style authentication
|
|
3b030c03 | Ivan Necas | #
|
|
b5c28bf5 | David Davis | # oauth_secret: string; shared secret that can be used for OAuth style
|
|
# authentication
|
|||
3b030c03 | Ivan Necas | ||
[oauth]
|
|||
enabled: true
|
|||
oauth_key: <%= @oauth_key %>
|
|||
oauth_secret: <%= @oauth_secret %>
|
|||
b5c28bf5 | David Davis | # = Logging =
|
|
3b030c03 | Ivan Necas | #
|
|
# Controls the logging behavior of Pulp.
|
|||
#
|
|||
b5c28bf5 | David Davis | # config: full path to the logging config file for the Pulp server
|
|
#
|
|||
# db_config: full path to the logging config file for database specific
|
|||
# operations
|
|||
3b030c03 | Ivan Necas | ||
[logs]
|
|||
config: /etc/pulp/logging/basic.cfg
|
|||
b5c28bf5 | David Davis | db_config: /etc/pulp/logging/db.cfg
|
|
3b030c03 | Ivan Necas | ||
b5c28bf5 | David Davis | # = Messaging =
|
|
3b030c03 | Ivan Necas | #
|
|
# Controls Pulp's configuration of QPID for remote messaging.
|
|||
#
|
|||
b5c28bf5 | David Davis | # url: the url used to contact the broker in the form
|
|
# <transport>://<host>:<port>; transport can be 'tcp' or 'ssl'
|
|||
#
|
|||
# cacert: full path to PEM encoded CA certificate file, used when Pulp connects
|
|||
# to a broker over SSL
|
|||
#
|
|||
# clientcert: full path to PEM encoded file containing both the private key and
|
|||
# certificate Pulp should present to the broker to be authenticated
|
|||
3b030c03 | Ivan Necas | #
|
|
b5c28bf5 | David Davis | # topic_exchange: name of the exchange to use; must be a topic exchange;
|
|
# defaults to "amq.topic", which is a default exchange that
|
|||
# is guaranteed to exist on the broker
|
|||
3b030c03 | Ivan Necas | #
|
|
b5c28bf5 | David Davis | # The format for the following timeouts is <start>:<duration>. The <start>
|
|
# timeout is the time to wait for the consumer to acknowledge and
|
|||
# begin handling the request before indicating a timeout has occurred. The
|
|||
# <duration> timeout is how long the consumer is allowed to act on the request
|
|||
# before the server considers the entire request timed out. The default unit is
|
|||
# seconds. The numeric value may be specified with an optional unit suffix.
|
|||
# Supported suffixes are: s=seconds, m=minutes, h=hours, d=days.
|
|||
3b030c03 | Ivan Necas | #
|
|
b5c28bf5 | David Davis | # unit_install_timeout: messaging timeout in seconds for unit installs
|
|
#
|
|||
# unit_update_timeout: messaging timeout in seconds for unit updates
|
|||
#
|
|||
# unit_uninstall_timeout: messaging timeout in seconds for unit uninstalls
|
|||
#
|
|||
# bind_timeout: messaging timeout in seconds for bind requests
|
|||
#
|
|||
# unbind_timeout: messaging timeout in seconds for unbind requests
|
|||
3b030c03 | Ivan Necas | ||
[messaging]
|
|||
url: <%= @messaging_url %>
|
|||
<% if @cacert -%>
|
|||
cacert: <%= @cacert %>
|
|||
<% end -%>
|
|||
<% if @clientcert -%>
|
|||
clientcert: <%= @clientcert %>
|
|||
<% end -%>
|
|||
topic_exchange: 'amq.topic'
|
|||
b5c28bf5 | David Davis | install_timeout: 36h:3d
|
|
update_timeout: 36h:3d
|
|||
uninstall_timeout: 36h:3d
|
|||
bind_timeout: 30d:6h
|
|||
unbind_timeout: 30d:6h
|
|||
3b030c03 | Ivan Necas | ||
b5c28bf5 | David Davis | # = Scheduler =
|
|
3b030c03 | Ivan Necas | #
|
|
# Controls the scheduling portion of Pulp's asynchronous dispatch subsystem.
|
|||
#
|
|||
b5c28bf5 | David Davis | # dispatch_interval: float; seconds to wait between checking for the presence of
|
|
# scheduled calls to dispatch
|
|||
3b030c03 | Ivan Necas | ||
[scheduler]
|
|||
dispatch_interval: 30
|
|||
b5c28bf5 | David Davis | # = Asynchronous Tasks =
|
|
3b030c03 | Ivan Necas | #
|
|
# Controls the behavior of individual tasks in Pulp's asynchronous dispatch
|
|||
# subsystem.
|
|||
#
|
|||
b5c28bf5 | David Davis | # concurrency_threshold: maximum sum weight of tasks to run in parallel;
|
|
# base task weight is 1
|
|||
#
|
|||
# dispatch_interval: float; seconds to wait before checking for new to tasks
|
|||
# to dispatch
|
|||
#
|
|||
# archived_call_lifetime: the amount of time in hours to store archived call
|
|||
# requests and call reports
|
|||
#
|
|||
# consumer_content_weight: concurrency weight of consumer content tasks
|
|||
# (install, update, uninstall)
|
|||
#
|
|||
# create_weight: concurrency weight of all resource creation tasks
|
|||
#
|
|||
# publish_weight: concurrency weight of repository publish tasks
|
|||
#
|
|||
# sync_weight: concurrency weight of repository sync tasks
|
|||
3b030c03 | Ivan Necas | ||
[tasks]
|
|||
b5c28bf5 | David Davis | concurrency_threshold: <%= processorcount.to_i + 1 %>
|
|
3b030c03 | Ivan Necas | dispatch_interval: 0.5
|
|
archived_call_lifetime: 48
|
|||
consumer_content_weight: 0
|
|||
create_weight: 0
|
|||
publish_weight: 1
|
|||
sync_weight: 2
|
|||
b5c28bf5 | David Davis | # = Email =
|
|
3b030c03 | Ivan Necas | #
|
|
b5c28bf5 | David Davis | # Settings that allow the system to send email. It is recommended that
|
|
3b030c03 | Ivan Necas | # the system relay through a local MTA on the machine. Pulp does not retry in
|
|
# case of error, so it is important to have a real MTA available locally.
|
|||
#
|
|||
# If there is a need to test email sending, it is recommended to run this:
|
|||
# $ python -m smtpd -n -c DebuggingServer localhost:1025
|
|||
# which will write each message to stdout.
|
|||
#
|
|||
b5c28bf5 | David Davis | # host: host name of the MTA pulp should relay through
|
|
#
|
|||
# port: destination port to connect on
|
|||
#
|
|||
# from: the "From" address of each email the system sends
|
|||
#
|
|||
# enabled: booleanl controls whether or not emails will be sent
|
|||
3b030c03 | Ivan Necas | ||
[email]
|
|||
host: localhost
|
|||
port: 25
|
|||
b5c28bf5 | David Davis | from: no-reply@your.domain
|
|
3b030c03 | Ivan Necas | enabled: false
|