Foreman » Installer

# =========================

# Pulp Server Configuration

# =========================

# This settings in this file are all commented by default, and the commented settings show the

# default values that Pulp will choose if not specified here.

# -- Common Configuration -----------------------------------------------------

# = Database =

#

# Controls the behavior of MongoDB under Pulp's usage.

#

# name: name of the database to use

# seeds: comma-separated list of hostname:port of database replica seed hosts

# operation_retries: number of retries on database operations to

# perform before giving up and reporting an error

#

# Authentication - If the username and the password keys have values provided,

# the pulp server will attempt to authenticate to the MongoDB server. The

# username and password provided here will be used to authenticate with the

# database specified in the name field.

#

# username: The user name to use for authenticating to the MongoDB server

# password: The password to use for authenticating to the MongoDB server

# replica_set: uncomment and set this value to the name of replica set configured

# in MongoDB, if one is in use

[database]

# name: pulp_database

# seeds: localhost:27017

# operation_retries: 2

# username: admin

# password: admin

# replica_set: replica_set_name

# = Server =

#

# Controls general Pulp web server behavior.

#

# server_name: hostname the admin client and consumers should use when accessing

# the server; if not specified, this is defaulted to the server's hostname

# default_login: default admin username of the Pulp server; this user will be

# the first time the server is started

# default_password: default password for admin when it is first created; this

# should be changed once the server is operational

# debugging_mode: boolean; toggles Pulp's debugging capabilities

# log_level: The desired logging level. Options are: CRITICAL, ERROR, WARNING, INFO, DEBUG,

# and NOTSET. Pulp will default to INFO.

[server]

server_name: <%= (has_variable?("fqdn") ? @fqdn : @hostname).downcase %>

# key_url: /pulp/gpg

# ks_url: /pulp/ks

default_login: <%= @default_login %>

default_password: <%= @default_password %>

# debugging_mode: false

# log_level: INFO

# = Authentication =

#

# Keys used for message authentication.

#

# rsa_key:

# The RSA private key used for authentication.

# rsa_pub:

# The RSA public key used for authentication.

[authentication]

# rsa_key = /etc/pki/pulp/rsa.key

# rsa_pub = /etc/pki/pulp/rsa_pub.key

# = Security =

#

# Controls aspects of the Pulp web server security.

#

# For production installations, it is recommended that a new CA certificate be

# generated for the signing of user and consumer certificates and configured

# using the following properties.

#

# cacert: full path to the CA certificate that will be used to sign consumer

# and admin identification certificates; this must match the value of

# SSLCACertificateFile in /etc/httpd/conf.d/pulp.conf

#

# cakey: path to the private key for the above CA certificate

#

# ssl_ca_certificate: full path to the CA certificate used to sign the Pulp

# server's SSL certificate; consumers will use this to verify the

# Pulp server's SSL certificate during the SSL handshake

#

# user_cert_expiration: number of days a user certificate is valid

#

# consumer_cert_expiration: number of days a consumer certificate is valid

#

[security]

cacert: <%= @consumers_ca_cert %>

cakey: <%= @consumers_ca_key %>

ssl_ca_certificate: <%= @ssl_ca_cert %>

# user_cert_expiration: 7

# consumer_cert_expiration: 3650

# serial_number_path: /var/lib/pulp/sn.dat

# -- Advanced Configuration ---------------------------------------------------

# = Consumer History =

#

# Controls the storage of recorded consumer events.

#

# lifetime: number of days to store consumer events; events older

# than this will be purged; set to -1 to disable

[consumer_history]

# lifetime: 180

# = Data Reaping =

#

# Controls the frequency in which reporting data is automatically removed from

# the database. Database entries that exceed the given thresholds will be

# deleted from the database when the reaper runs.

#

# reaper_interval: float; time in days between checks for old data in

# the database

#

# archived_calls: float; time in days to store archived calls

#

# consumer_history: float; time in days to store consumer history events

#

# repo_sync_history: float; time in days to store repository sync history events

#

# repo_publish_history: float; time in days to store repository publish history

# events

#

# repo_group_publish_history: float; time in days to store repository group

# publish history events

[data_reaping]

# reaper_interval: 0.25

# archived_calls: 0.5

# consumer_history: 60

# repo_sync_history: 60

# repo_publish_history: 60

# repo_group_publish_history: 60

# = LDAP =

#

# Uncomment the below section with appropriate values to use an external LDAP

# server for user authentication.

#

# enabled: boolean; controls whether or not LDAP authentication is enabled

#

# uri: url of LDAP server

#

# base: location in the directory from which the LDAP search begins

#

# tls: boolean; controls whether or not to use TLS security

#

# default_role: Id of the role to assign LDAP users to by default. This is

# optional. This role must first be created on the Pulp server. If

# default_role is not set or doesn't exist, LDAP users are given same

# default permissions as local users.

#

# filter: directive to set more restrictive LDAP filter to limit the LDAP

# users who can authenticate to Pulp

# Deprecated! Please use apache's mod_authnz_ldap to do preauthentication. See

# pulp's user guide for details.

# [ldap]

# enabled: true # are you sure? This has been deprecated.

# uri: ldap://localhost

# base: dc=localhost

# tls: no

# default_role: <role-id>

# filter: (gidNumber=200)

# = OAuth =

#

# Uncomment the below section with appropriate values to use OAuth

# authentication.

#

# enabled: boolean; controls whether OAuth authentication is enabled

#

# oauth_key: string; key to enable OAuth style authentication

#

# oauth_secret: string; shared secret that can be used for OAuth style

# authentication

[oauth]

enabled: true

oauth_key: <%= @oauth_key %>

oauth_secret: <%= @oauth_secret %>

# = Messaging =

#

# Controls Pulp's configuration of QPID for remote messaging.

#

# url: the url used to contact the broker in the form

# <transport>://<host>:<port>; transport can be 'tcp' or 'ssl'

#

# transport: The type of broker you are connecting to. May be "qpid" or "amqplib" (for RabbitMQ).

# Defaults to qpid.

#

# cacert: full path to PEM encoded CA certificate file, used when Pulp connects

# to a broker over SSL

#

# clientcert: full path to PEM encoded file containing both the private key and

# certificate Pulp should present to the broker to be authenticated

#

# auth_enabled:

# Message authentication enabled flag.

#

# topic_exchange: name of the exchange to use; must be a topic exchange;

# defaults to "amq.topic", which is a default exchange that

# is guaranteed to exist on the broker

#

# The format for the following timeouts is <start>:<duration>. The <start>

# timeout is the time to wait for the consumer to acknowledge and

# begin handling the request before indicating a timeout has occurred. The

# <duration> timeout is how long the consumer is allowed to act on the request

# before the server considers the entire request timed out. The default unit is

# seconds. The numeric value may be specified with an optional unit suffix.

# Supported suffixes are: s=seconds, m=minutes, h=hours, d=days.

#

[messaging]

url: <%= @messaging_url %>

<% if @messaging_ca_cert -%>

cacert: <%= @messaging_ca_cert %>

<% end -%>

<% if @messaging_client_cert -%>

clientcert: <%= @messaging_client_cert %>

<% end -%>

transport: qpid

auth_enabled: false

# topic_exchange: 'amq.topic'

# = Asynchronous Tasks =

#

# Controls Pulp's Celery settings.

#

# broker_url: A URL to a broker that Celery can use to queue tasks. For example, to

# configure Celery with a Qpid backend, set broker_url to:

#

# qpid://<username>:<password>@<hostname>:<port>/

#

# For RabbitMQ you can use the following broker_url style:

#

# amqp://<username>:<password>@<hostname>:<port>/<vhost>

#

# celery_require_ssl: Whether or not Celery should use SSL when connecting to the message broker.

# This should be "true", or "false".

# cacert: A path to the CA certificate that should be used to authenticate the broker.

# keyfile: A path to the private key that should be used with the client certificate

# when connecting to the broker.

# certfile: A path to the client certificate that should be used when connecting to the

# broker.

[tasks]

broker_url: <%= @broker_url %>

celery_require_ssl: <%= @broker_use_ssl %>

cacert: <%= @messaging_ca_cert %>

keyfile:

certfile: <%= @messaging_client_cert %>

# = Email =

#

# Settings that allow the system to send email. It is recommended that

# the system relay through a local MTA on the machine. Pulp does not retry in

# case of error, so it is important to have a real MTA available locally.

#

# If there is a need to test email sending, it is recommended to run this:

# $ python -m smtpd -n -c DebuggingServer localhost:1025

# which will write each message to stdout.

#

# host: host name of the MTA pulp should relay through

#

# port: destination port to connect on

#

# from: the "From" address of each email the system sends

#

# enabled: booleanl controls whether or not emails will be sent

[email]

# host: localhost

# port: 25

# from: no-reply@your.domain

# enabled: false