/config/settings.yml.example - Annotate - Smart Proxy - Foreman

| Branch: | Tag: | Revision:

root/config/settings.yml.example @ e478c9e7

a4f75050	Ohad Levy	---
		# SSL Setup

		# if enabled, all communication would be verfied via SSL
		# NOTE that both certificates need to be signed by the same CA in order for this to work
		# see http://theforeman.org/projects/smart-proxy/wiki/SSL for more information
2b403a61	Ohad Levy	#:ssl_certificate: ssl/certs/fqdn.pem
		#:ssl_ca_file: ssl/certs/ca.pem
		#:ssl_private_key: ssl/private_keys/fqdn.key
a4f75050	Ohad Levy	# the hosts which the proxy accepts connections from
		# commenting the following lines would mean every verified SSL connection allowed
2b403a61	Ohad Levy	#:trusted_hosts:
		#- foreman.prod.domain
		#- foreman.dev.domain
4c2e7d8b	Romain Vrignaud	#:foreman_url: http://127.0.0.1:3000
a4f75050	Ohad Levy
3ee29b07	Ohad Levy	# enable the daemon to run in the background
		:daemon: true
41ae3f71	Lukas Zapletal	:daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid
3ee29b07	Ohad Levy
a4f75050	Ohad Levy	# port used by the proxy
		:port: 8443

6cd78804	Ohad Levy	# Enable TFTP management
2b403a61	Ohad Levy	:tftp: false
24806ab8	Dominic Cleal	:tftproot: /var/lib/tftpboot
b2aa8c03	Ohad Levy	# Defines the TFTP Servername to use, overrides the name in the subnet declaration
		#:tftp_servername: tftp.domain.com
b3c7e27f	Ohad Levy
6cd78804	Ohad Levy	# Enable DNS management
2b403a61	Ohad Levy	:dns: false
7e72434b	Dominic Cleal	# valid providers:
		# nsupdate
		# nsupdate_gss (for GSS-TSIG support)
		:dns_provider: nsupdate
2b403a61	Ohad Levy	#:dns_key: /etc/rndc.key
		# use this setting if you are managing a dns server which is not localhost though this proxy
		#:dns_server: dns.domain.com
1242cab2	Povilas Daukintis	# use this setting if you want to override default TTL setting (86400)
		#:dns_ttl: 86400
7e72434b	Dominic Cleal	# use dns_tsig_* for GSS-TSIG updates using Kerberos. Required for Windows MS DNS with
		# Secure Dynamic Updates, or BIND as used in FreeIPA. Set dns_provider to nsupdate_gss.
		#:dns_tsig_keytab: /usr/share/foreman-proxy/dns.keytab
		#:dns_tsig_principal: DNS/host.example.com@EXAMPLE.COM
b3c7e27f	Ohad Levy
6cd78804	Ohad Levy	# Enable DHCP management
2b403a61	Ohad Levy	:dhcp: false
6cd78804	Ohad Levy	# The vendor can be either isc or native_ms
		:dhcp_vendor: isc
700e96b5	Paul kelly	# dhcp_subnets is a Native MS implementation setting. It restricts the subnets queried to a
		# subset, so as to reduce the query time.
		#:dhcp_subnets: [192.168.205.0/255.255.255.128, 192.168.205.128/255.255.255.128]
6cd78804	Ohad Levy	# Settings for Ubuntu ISC
		#:dhcp_config: /etc/dhcp3/dhcpd.conf
		#:dhcp_leases: /var/lib/dhcp3/dhcpd.leases
		# Settings for Redhat ISC
ed062812	Florian Koch	# Redhat 5
2b403a61	Ohad Levy	#:dhcp_config: /etc/dhcpd.conf
ed062812	Florian Koch	# Redhat 6
		#:dhcp_config: /etc/dhcp/dhcpd.conf
2b403a61	Ohad Levy	#:dhcp_leases: /var/lib/dhcpd/dhcpd.leases
bf8dfda6	Ohad Levy	#:dhcp_key_name: secret_key_name
		#:dhcp_key_secret: secret_key
eb305390	Ohad Levy
b3c7e27f	Ohad Levy	# enable PuppetCA management
2b403a61	Ohad Levy	:puppetca: false
dd633419	Greg Sutcliffe	#:ssldir: /var/lib/puppet/ssl
		#:puppetdir: /etc/puppet
b3c7e27f	Ohad Levy
		# enable Puppet management
2b403a61	Ohad Levy	:puppet: false
80f8a61f	Sam Kottler	# valid providers:
		# puppetrun (for puppetrun/kick, deprecated in Puppet 3)
		# mcollective (uses mco puppet)
13ed4712	Hannes Schaller	# puppetssh (run puppet over ssh)
4a8e35aa	Francois Deppierraz	# salt (uses salt puppet.run)
e478c9e7	Glen Ogilvie	# customrun (calls a custom command with args)
80f8a61f	Sam Kottler	:puppet_provider: puppetrun
e478c9e7	Glen Ogilvie
		# customrun command details
		# Set :customrun_cmd to the full path of the script you want to run, instead of /bin/false
		:customrun_cmd: /bin/false
		# Set :customrun_args to any args you want to pass to your custom script. The hostname of the
		# system to run against will be appended after the custom commands.
		:customrun_args: -ay -f -s

5da8bfa9	Ohad Levy	:puppet_conf: /etc/puppet/puppet.conf
13ed4712	Hannes Schaller	# whether to use sudo before the ssh command
		:puppetssh_sudo: false
		# the command which will be sent to the host
		:puppetssh_command: /usr/bin/puppet agent --onetime --no-usecacheonfailure
		# With which user should the proxy connect
		#:puppetssh_user: root
		#:puppetssh_keyfile: /etc/foreman-proxy/id_rsa
b3c7e27f	Ohad Levy
81a34451	Greg Petras	# Which user to invoke sudo as to run puppet commands
		#:puppet_user: root

4c2e7d8b	Romain Vrignaud	# enable Chef management
		:chefproxy: false
		# :chef_authenticate_nodes: true
		# :chef_server_url: "https://chef.example.net"
		# smart-proxy client node needs to have some admin right on chef-server
		# in order to retrive all nodes public keys
		# :chef_smartproxy_clientname: 'chef.fitzdsl.net'
		# :chef_smartproxy_privatekey: '/etc/chef/client.pem'

94cca053	Corey Osman	# enable BMC management (Bare metal power and bios controls)
3a19312e	Greg Sutcliffe	# Available providers:
		# - freeipmi / ipmitool - requires the appropriate package installed, and the rubyipmi gem
		# - shell - for local reboot control (requires sudo access to /sbin/shutdown for the proxy user)
94cca053	Corey Osman	:bmc: false
		#:bmc_default_provider: freeipmi

b3c7e27f	Ohad Levy	# Where our proxy log files are stored
		# filename or STDOUT
ed062812	Florian Koch	:log_file: /var/log/foreman-proxy/proxy.log
a4f75050	Ohad Levy	# valid options are
ed062812	Florian Koch	# WARN, DEBUG, ERROR, FATAL, INFO, UNKNOWN
		:log_level: ERROR

Project

General

Profile

Foreman » Smart Proxy