root/config/settings.yml.example @ e478c9e7
a4f75050 | Ohad Levy | ---
|
|
# SSL Setup
|
|||
# if enabled, all communication would be verfied via SSL
|
|||
# NOTE that both certificates need to be signed by the same CA in order for this to work
|
|||
# see http://theforeman.org/projects/smart-proxy/wiki/SSL for more information
|
|||
2b403a61 | Ohad Levy | #:ssl_certificate: ssl/certs/fqdn.pem
|
|
#:ssl_ca_file: ssl/certs/ca.pem
|
|||
#:ssl_private_key: ssl/private_keys/fqdn.key
|
|||
a4f75050 | Ohad Levy | # the hosts which the proxy accepts connections from
|
|
# commenting the following lines would mean every verified SSL connection allowed
|
|||
2b403a61 | Ohad Levy | #:trusted_hosts:
|
|
#- foreman.prod.domain
|
|||
#- foreman.dev.domain
|
|||
4c2e7d8b | Romain Vrignaud | #:foreman_url: http://127.0.0.1:3000
|
|
a4f75050 | Ohad Levy | ||
3ee29b07 | Ohad Levy | # enable the daemon to run in the background
|
|
:daemon: true
|
|||
41ae3f71 | Lukas Zapletal | :daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid
|
|
3ee29b07 | Ohad Levy | ||
a4f75050 | Ohad Levy | # port used by the proxy
|
|
:port: 8443
|
|||
6cd78804 | Ohad Levy | # Enable TFTP management
|
|
2b403a61 | Ohad Levy | :tftp: false
|
|
24806ab8 | Dominic Cleal | :tftproot: /var/lib/tftpboot
|
|
b2aa8c03 | Ohad Levy | # Defines the TFTP Servername to use, overrides the name in the subnet declaration
|
|
#:tftp_servername: tftp.domain.com
|
|||
b3c7e27f | Ohad Levy | ||
6cd78804 | Ohad Levy | # Enable DNS management
|
|
2b403a61 | Ohad Levy | :dns: false
|
|
7e72434b | Dominic Cleal | # valid providers:
|
|
# nsupdate
|
|||
# nsupdate_gss (for GSS-TSIG support)
|
|||
:dns_provider: nsupdate
|
|||
2b403a61 | Ohad Levy | #:dns_key: /etc/rndc.key
|
|
# use this setting if you are managing a dns server which is not localhost though this proxy
|
|||
#:dns_server: dns.domain.com
|
|||
1242cab2 | Povilas Daukintis | # use this setting if you want to override default TTL setting (86400)
|
|
#:dns_ttl: 86400
|
|||
7e72434b | Dominic Cleal | # use dns_tsig_* for GSS-TSIG updates using Kerberos. Required for Windows MS DNS with
|
|
# Secure Dynamic Updates, or BIND as used in FreeIPA. Set dns_provider to nsupdate_gss.
|
|||
#:dns_tsig_keytab: /usr/share/foreman-proxy/dns.keytab
|
|||
#:dns_tsig_principal: DNS/host.example.com@EXAMPLE.COM
|
|||
b3c7e27f | Ohad Levy | ||
6cd78804 | Ohad Levy | # Enable DHCP management
|
|
2b403a61 | Ohad Levy | :dhcp: false
|
|
6cd78804 | Ohad Levy | # The vendor can be either isc or native_ms
|
|
:dhcp_vendor: isc
|
|||
700e96b5 | Paul kelly | # dhcp_subnets is a Native MS implementation setting. It restricts the subnets queried to a
|
|
# subset, so as to reduce the query time.
|
|||
#:dhcp_subnets: [192.168.205.0/255.255.255.128, 192.168.205.128/255.255.255.128]
|
|||
6cd78804 | Ohad Levy | # Settings for Ubuntu ISC
|
|
#:dhcp_config: /etc/dhcp3/dhcpd.conf
|
|||
#:dhcp_leases: /var/lib/dhcp3/dhcpd.leases
|
|||
# Settings for Redhat ISC
|
|||
ed062812 | Florian Koch | # Redhat 5
|
|
2b403a61 | Ohad Levy | #:dhcp_config: /etc/dhcpd.conf
|
|
ed062812 | Florian Koch | # Redhat 6
|
|
#:dhcp_config: /etc/dhcp/dhcpd.conf
|
|||
2b403a61 | Ohad Levy | #:dhcp_leases: /var/lib/dhcpd/dhcpd.leases
|
|
bf8dfda6 | Ohad Levy | #:dhcp_key_name: secret_key_name
|
|
#:dhcp_key_secret: secret_key
|
|||
eb305390 | Ohad Levy | ||
b3c7e27f | Ohad Levy | # enable PuppetCA management
|
|
2b403a61 | Ohad Levy | :puppetca: false
|
|
dd633419 | Greg Sutcliffe | #:ssldir: /var/lib/puppet/ssl
|
|
#:puppetdir: /etc/puppet
|
|||
b3c7e27f | Ohad Levy | ||
# enable Puppet management
|
|||
2b403a61 | Ohad Levy | :puppet: false
|
|
80f8a61f | Sam Kottler | # valid providers:
|
|
# puppetrun (for puppetrun/kick, deprecated in Puppet 3)
|
|||
# mcollective (uses mco puppet)
|
|||
13ed4712 | Hannes Schaller | # puppetssh (run puppet over ssh)
|
|
4a8e35aa | Francois Deppierraz | # salt (uses salt puppet.run)
|
|
e478c9e7 | Glen Ogilvie | # customrun (calls a custom command with args)
|
|
80f8a61f | Sam Kottler | :puppet_provider: puppetrun
|
|
e478c9e7 | Glen Ogilvie | ||
# customrun command details
|
|||
# Set :customrun_cmd to the full path of the script you want to run, instead of /bin/false
|
|||
:customrun_cmd: /bin/false
|
|||
# Set :customrun_args to any args you want to pass to your custom script. The hostname of the
|
|||
# system to run against will be appended after the custom commands.
|
|||
:customrun_args: -ay -f -s
|
|||
5da8bfa9 | Ohad Levy | :puppet_conf: /etc/puppet/puppet.conf
|
|
13ed4712 | Hannes Schaller | # whether to use sudo before the ssh command
|
|
:puppetssh_sudo: false
|
|||
# the command which will be sent to the host
|
|||
:puppetssh_command: /usr/bin/puppet agent --onetime --no-usecacheonfailure
|
|||
# With which user should the proxy connect
|
|||
#:puppetssh_user: root
|
|||
#:puppetssh_keyfile: /etc/foreman-proxy/id_rsa
|
|||
b3c7e27f | Ohad Levy | ||
81a34451 | Greg Petras | # Which user to invoke sudo as to run puppet commands
|
|
#:puppet_user: root
|
|||
4c2e7d8b | Romain Vrignaud | # enable Chef management
|
|
:chefproxy: false
|
|||
# :chef_authenticate_nodes: true
|
|||
# :chef_server_url: "https://chef.example.net"
|
|||
# smart-proxy client node needs to have some admin right on chef-server
|
|||
# in order to retrive all nodes public keys
|
|||
# :chef_smartproxy_clientname: 'chef.fitzdsl.net'
|
|||
# :chef_smartproxy_privatekey: '/etc/chef/client.pem'
|
|||
94cca053 | Corey Osman | # enable BMC management (Bare metal power and bios controls)
|
|
3a19312e | Greg Sutcliffe | # Available providers:
|
|
# - freeipmi / ipmitool - requires the appropriate package installed, and the rubyipmi gem
|
|||
# - shell - for local reboot control (requires sudo access to /sbin/shutdown for the proxy user)
|
|||
94cca053 | Corey Osman | :bmc: false
|
|
#:bmc_default_provider: freeipmi
|
|||
b3c7e27f | Ohad Levy | # Where our proxy log files are stored
|
|
# filename or STDOUT
|
|||
ed062812 | Florian Koch | :log_file: /var/log/foreman-proxy/proxy.log
|
|
a4f75050 | Ohad Levy | # valid options are
|
|
ed062812 | Florian Koch | # WARN, DEBUG, ERROR, FATAL, INFO, UNKNOWN
|
|
:log_level: ERROR
|