Project

General

Profile

« Previous | Next » 

Revision e466c7ae

Added by Eric Helms about 10 years ago

Refs #5377: Updates for Pulp 2.4 support.

View differences:

manifests/config.pp
creates => '/var/lib/pulp/init.flag',
path => '/bin:/usr/bin',
logoutput => 'on_failure',
user => 'apache',
require => File['/etc/pulp/server.conf'],
}
manifests/init.pp
# $messaging_client_cert:: The client certificate signed by the CA cert
# above to authenticate.
#
# $broker_url:: URL for the Celery broker that Pulp will use to
# queue tasks.
#
# $broker_use_ssl:: Set to true if deploying broker for Celery with SSL.
#
# $consumers_ca_cert:: The path to the CA cert that will be used to sign customer
# and admin identification certificates
#
......
$messaging_ca_cert = $pulp::params::messaging_ca_cert,
$messaging_client_cert = $pulp::params::messaging_client_cert,
$broker_url = $pulp::params::broker_url,
$broker_use_ssl = $pulp::params::broker_use_ssl,
$consumers_ca_cert = $pulp::params::consumers_ca_cert,
$consumers_ca_key = $pulp::params::consumers_ca_key,
$ssl_ca_cert = $pulp::params::ssl_ca_cert,
manifests/params.pp
$oauth_secret = 'secret'
$messaging_url = 'tcp://localhost:5672'
$messaging_ca_cert = undef
$messaging_client_cert = undef
$broker_url = "qpid://${::fqdn}:5671"
$broker_use_ssl = true
$consumers_ca_cert = '/etc/pki/pulp/ca.crt'
$consumers_ca_key = '/etc/pki/pulp/ca.key'
$ssl_ca_cert = '/etc/pki/pulp/ssl_ca.crt'
manifests/service.pp
# Pulp Master Service
class pulp::service {
Service[httpd] ->
Class['pulp::service']
service {'pulp_celerybeat':
ensure => running,
require => [Service[mongodb], Service[qpidd]],
enable => true,
hasstatus => true,
hasrestart => true,
}
service {'pulp_workers':
ensure => running,
require => [Service[mongodb], Service[qpidd]],
enable => true,
hasstatus => true,
hasrestart => true,
status => 'service pulp_workers status | grep "node reserved_resource_worker"',
}
service {'pulp_resource_manager':
ensure => running,
require => [Service[mongodb], Service[qpidd]],
enable => true,
hasstatus => true,
hasrestart => true,
status => 'service pulp_resource_manager status | grep "node resource_manager"',
}
}
templates/etc/pulp/server.conf.erb
#
# WARNING: THIS CONFIGURATION WAS GENERATED BY KATELLO-CONFIGURE TOOL,
# CHANGES WILL LIKELY BE OVERWRITTEN.
#
# =========================
# Pulp Server Configuration
# =========================
# This settings in this file are all commented by default, and the commented settings show the
# default values that Pulp will choose if not specified here.
# -- Common Configuration -----------------------------------------------------
# = Database =
......
# seeds: comma-separated list of hostname:port of database replica seed hosts
# operation_retries: number of retries on database operations to
# perform before giving up and reporting an error
#
# Authentication - If the username and the password keys have values provided,
# the pulp server will attempt to authenticate to the MongoDB server. The
# username and password provided here will be used to authenticate with the
# database specified in the name field.
#
# username: The user name to use for authenticating to the MongoDB server
# password: The password to use for authenticating to the MongoDB server
# replica_set: uncomment and set this value to the name of replica set configured
# in MongoDB, if one is in use
[database]
name: pulp_database
seeds: localhost:27017
operation_retries: 2
# name: pulp_database
# seeds: localhost:27017
# operation_retries: 2
# username: admin
# password: admin
# replica_set: replica_set_name
# = Server =
#
# Controls general Pulp web server behavior.
#
# server_name: hostname the admin client and consumers should use when accessing
# the server; if not specified, this is defaulted to the server's hostname
# default_login: default admin username of the Pulp server; this user will be
# the first time the server is started
# server_name: hostname the admin client and consumers should use when accessing
# the server; if not specified, this is defaulted to the server's hostname
# default_login: default admin username of the Pulp server; this user will be
# the first time the server is started
# default_password: default password for admin when it is first created; this
# should be changed once the server is operational
# debugging_mode: boolean; toggles Pulp's debugging capabilities
# should be changed once the server is operational
# debugging_mode: boolean; toggles Pulp's debugging capabilities
# log_level: The desired logging level. Options are: CRITICAL, ERROR, WARNING, INFO, DEBUG,
# and NOTSET. Pulp will default to INFO.
[server]
server_name: <%= (has_variable?("fqdn") ? @fqdn : @hostname).downcase %>
key_url: /pulp/gpg
ks_url: /pulp/ks
# key_url: /pulp/gpg
# ks_url: /pulp/ks
default_login: <%= @default_login %>
default_password: <%= @default_password %>
debugging_mode: false
# debugging_mode: false
# log_level: INFO
# = Authentication =
#
# Keys used for message authentication.
#
# rsa_key:
# The RSA private key used for authentication.
# rsa_pub:
# The RSA public key used for authentication.
[authentication]
# rsa_key = /etc/pki/pulp/rsa.key
# rsa_pub = /etc/pki/pulp/rsa_pub.key
# = Security =
#
......
# user_cert_expiration: number of days a user certificate is valid
#
# consumer_cert_expiration: number of days a consumer certificate is valid
#
[security]
cacert: <%= @consumers_ca_cert %>
cakey: <%= @consumers_ca_key %>
ssl_ca_certificate: <%= @ssl_ca_cert %>
user_cert_expiration: 7
consumer_cert_expiration: 3650
serial_number_path: /var/lib/pulp/sn.dat
# user_cert_expiration: 7
# consumer_cert_expiration: 3650
# serial_number_path: /var/lib/pulp/sn.dat
# -- Advanced Configuration ---------------------------------------------------
......
# than this will be purged; set to -1 to disable
[consumer_history]
lifetime: 180
# = Coordinator =
#
# Controls the behavior of conflict resolution in Pulp's asynchronous dispatch
# subsystem.
#
# task_state_poll_interval: float; seconds to wait between polling for a change
# in a task's state
[coordinator]
task_state_poll_interval: 0.1
# lifetime: 180
# = Data Reaping =
......
# publish history events
[data_reaping]
reaper_interval: 0.25
archived_calls: 0.5
consumer_history: 60
repo_sync_history: 60
repo_publish_history: 60
repo_group_publish_history: 60
# reaper_interval: 0.25
# archived_calls: 0.5
# consumer_history: 60
# repo_sync_history: 60
# repo_publish_history: 60
# repo_group_publish_history: 60
# = LDAP =
......
# filter: directive to set more restrictive LDAP filter to limit the LDAP
# users who can authenticate to Pulp
# Deprecated! Please use apache's mod_authnz_ldap to do preauthentication. See
# pulp's user guide for details.
# [ldap]
# enabled: true
# enabled: true # are you sure? This has been deprecated.
# uri: ldap://localhost
# base: dc=localhost
# tls: no
......
oauth_key: <%= @oauth_key %>
oauth_secret: <%= @oauth_secret %>
# = Logging =
#
# Controls the logging behavior of Pulp.
#
# config: full path to the logging config file for the Pulp server
#
# db_config: full path to the logging config file for database specific
# operations
[logs]
config: /etc/pulp/logging/basic.cfg
db_config: /etc/pulp/logging/db.cfg
# = Messaging =
#
# Controls Pulp's configuration of QPID for remote messaging.
......
# url: the url used to contact the broker in the form
# <transport>://<host>:<port>; transport can be 'tcp' or 'ssl'
#
# transport: The type of broker you are connecting to. May be "qpid" or "amqplib" (for RabbitMQ).
# Defaults to qpid.
#
# cacert: full path to PEM encoded CA certificate file, used when Pulp connects
# to a broker over SSL
#
# clientcert: full path to PEM encoded file containing both the private key and
# certificate Pulp should present to the broker to be authenticated
#
# auth_enabled:
# Message authentication enabled flag.
#
# topic_exchange: name of the exchange to use; must be a topic exchange;
# defaults to "amq.topic", which is a default exchange that
# is guaranteed to exist on the broker
......
# seconds. The numeric value may be specified with an optional unit suffix.
# Supported suffixes are: s=seconds, m=minutes, h=hours, d=days.
#
# unit_install_timeout: messaging timeout in seconds for unit installs
#
# unit_update_timeout: messaging timeout in seconds for unit updates
#
# unit_uninstall_timeout: messaging timeout in seconds for unit uninstalls
#
# bind_timeout: messaging timeout in seconds for bind requests
#
# unbind_timeout: messaging timeout in seconds for unbind requests
[messaging]
url: <%= @messaging_url %>
......
<% if @messaging_client_cert -%>
clientcert: <%= @messaging_client_cert %>
<% end -%>
topic_exchange: 'amq.topic'
install_timeout: 36h:3d
update_timeout: 36h:3d
uninstall_timeout: 36h:3d
bind_timeout: 30d:6h
unbind_timeout: 30d:6h
# = Scheduler =
#
# Controls the scheduling portion of Pulp's asynchronous dispatch subsystem.
#
# dispatch_interval: float; seconds to wait between checking for the presence of
# scheduled calls to dispatch
[scheduler]
dispatch_interval: 30
transport: qpid
auth_enabled: false
# topic_exchange: 'amq.topic'
# = Asynchronous Tasks =
#
# Controls the behavior of individual tasks in Pulp's asynchronous dispatch
# subsystem.
#
# concurrency_threshold: maximum sum weight of tasks to run in parallel;
# base task weight is 1
#
# dispatch_interval: float; seconds to wait before checking for new to tasks
# to dispatch
# Controls Pulp's Celery settings.
#
# archived_call_lifetime: the amount of time in hours to store archived call
# requests and call reports
# broker_url: A URL to a broker that Celery can use to queue tasks. For example, to
# configure Celery with a Qpid backend, set broker_url to:
#
# consumer_content_weight: concurrency weight of consumer content tasks
# (install, update, uninstall)
# qpid://<username>:<password>@<hostname>:<port>/
#
# create_weight: concurrency weight of all resource creation tasks
# For RabbitMQ you can use the following broker_url style:
#
# publish_weight: concurrency weight of repository publish tasks
# amqp://<username>:<password>@<hostname>:<port>/<vhost>
#
# sync_weight: concurrency weight of repository sync tasks
# celery_require_ssl: Whether or not Celery should use SSL when connecting to the message broker.
# This should be "true", or "false".
# cacert: A path to the CA certificate that should be used to authenticate the broker.
# keyfile: A path to the private key that should be used with the client certificate
# when connecting to the broker.
# certfile: A path to the client certificate that should be used when connecting to the
# broker.
[tasks]
concurrency_threshold: <%= @processorcount.to_i + 1 %>
dispatch_interval: 0.5
archived_call_lifetime: 48
consumer_content_weight: 0
create_weight: 0
publish_weight: 1
sync_weight: 2
broker_url: <%= @broker_url %>
celery_require_ssl: <%= @broker_use_ssl %>
cacert: <%= @messaging_ca_cert %>
keyfile:
certfile: <%= @messaging_client_cert %>
# = Email =
......
# enabled: booleanl controls whether or not emails will be sent
[email]
host: localhost
port: 25
from: no-reply@your.domain
enabled: false
# host: localhost
# port: 25
# from: no-reply@your.domain
# enabled: false

Also available in: Unified diff