Project

General

Profile

server.conf

Rodrigo Menezes, 12/15/2015 07:06 PM

 
1
# =========================
2
# Pulp Server Configuration
3
# =========================
4

    
5
# This settings in this file are all commented by default, and the commented settings show the
6
# default values that Pulp will choose if not specified here.
7

    
8
# -- Common Configuration -----------------------------------------------------
9

    
10
# = Database =
11
#
12
# Controls the behavior of MongoDB under Pulp's usage.
13
#
14
# Authentication - If the username and the password keys have values provided,
15
# the pulp server will attempt to authenticate to the MongoDB server.  The
16
# username and password provided here will be used to authenticate with the
17
# database specified in the name field.
18
#
19
# name:              name of the database to use
20
# seeds:             comma-separated list of hostname:port of database replica seed hosts
21
# username:          The user name to use for authenticating to the MongoDB server
22
# password:          The password to use for authenticating to the MongoDB server
23
# replica_set:       uncomment and set this value to the name of replica set configured in MongoDB,
24
#                    if one is in use
25
# ssl:               If True, create the connection to the server using SSL.
26
# ssl_keyfile:       A path to the private keyfile used to identify the local connection against
27
#                    mongod. If included with the certfile then only the ssl_certfile is needed.
28
# ssl_certfile:      The certificate file used to identify the local connection against mongod.
29
# verify_ssl:        Specifies whether a certificate is required from the other side of the
30
#                    connection, and whether it will be validated if provided. If it is true, then
31
#                    the ssl_ca_certs parameter must point to a file of CA certificates used to
32
#                    validate the connection.
33
# ca_path:           The ca_certs file contains a set of concatenated ‚Äúcertification authority‚ÄĚ
34
#                    certificates, which are used to validate certificates passed from the other end
35
#                    of the connection.
36

    
37
[database]
38
name: pulp_database
39
seeds: localhost:27017
40
ssl: false
41

    
42

    
43
# = Server =
44
#
45
# Controls general Pulp web server behavior.
46
#
47
# server_name:      hostname the admin client and consumers should use when accessing
48
#                   the server; if not specified, this is defaulted to the server's hostname
49
# default_login:    default admin username of the Pulp server; this user will be
50
#                   the first time the server is started
51
# default_password: default password for admin when it is first created; this
52
#                   should be changed once the server is operational
53
# debugging_mode:   boolean; toggles Pulp's debugging capabilities
54
# log_level:        The desired logging level. Options are: CRITICAL, ERROR, WARNING, INFO, DEBUG,
55
#                   and NOTSET. Pulp will default to INFO.
56
[server]
57
server_name: puppet100.[redacted].net
58
key_url: /pulp/gpg
59
ks_url: /pulp/ks
60
default_login: admin
61
default_password: [redacted]
62
debugging_mode: false
63
log_level: INFO
64

    
65

    
66
# = Authentication =
67
#
68
# Keys used for message authentication.
69
#
70
# rsa_key:
71
#   The RSA private key used for authentication.
72
# rsa_pub:
73
#   The RSA public key used for authentication.
74

    
75
[authentication]
76
rsa_key = /etc/pki/pulp/rsa.key
77
rsa_pub = /etc/pki/pulp/rsa_pub.key
78

    
79

    
80
# = Security =
81
#
82
# Controls aspects of the Pulp web server security.
83
#
84
# For production installations, it is recommended that a new CA certificate be
85
# generated for the signing of user and consumer certificates and configured
86
# using the following properties.
87
#
88
# cacert: full path to the CA certificate that will be used to sign consumer
89
#     and admin identification certificates; this must match the value of
90
#     SSLCACertificateFile in /etc/httpd/conf.d/pulp.conf
91
#
92
# cakey: path to the private key for the above CA certificate
93
#
94
# ssl_ca_certificate: full path to the CA certificate used to sign the Pulp
95
#     server's SSL certificate; consumers will use this to verify the
96
#     Pulp server's SSL certificate during the SSL handshake
97
#
98
# user_cert_expiration: number of days a user certificate is valid
99
#
100
# consumer_cert_expiration: number of days a consumer certificate is valid
101
#
102

    
103
[security]
104
cacert: /etc/pki/pulp/ca.crt
105
cakey: /etc/pki/pulp/ca.key
106
ssl_ca_certificate: /etc/pki/pulp/ssl_ca.crt
107
user_cert_expiration: 7
108
consumer_cert_expiration: 3650
109
serial_number_path: /var/lib/pulp/sn.dat
110

    
111

    
112
# -- Advanced Configuration ---------------------------------------------------
113

    
114
# = Consumer History =
115
#
116
# Controls the storage of recorded consumer events.
117
#
118
# lifetime: number of days to store consumer events; events older
119
#     than this will be purged; set to -1 to disable
120

    
121
[consumer_history]
122
lifetime: 180
123

    
124

    
125
# = Data Reaping =
126
#
127
# Controls the frequency in which reporting data is automatically removed from
128
# the database. Database entries that exceed the given thresholds will be
129
# deleted from the database when the reaper runs.
130
#
131
# reaper_interval: float; time in days between checks for old data in
132
#     the database
133
#
134
# archived_calls: float; time in days to store archived calls
135
#
136
# consumer_history: float; time in days to store consumer history events
137
#
138
# repo_sync_history: float; time in days to store repository sync history events
139
#
140
# repo_publish_history: float; time in days to store repository publish history
141
#     events
142
#
143
# repo_group_publish_history: float; time in days to store repository group
144
#     publish history events
145
#
146
# task_status_history: float; time in days to store task status history in the db
147
# task_result_history: float; time in days to store task results history
148

    
149
[data_reaping]
150
reaper_interval: 0.25
151
archived_calls: 0.5
152
consumer_history: 60
153
repo_sync_history: 60
154
repo_publish_history: 60
155
repo_group_publish_history: 60
156
task_status_history: 7
157
task_result_history: 3
158

    
159

    
160
# = LDAP =
161
#
162
# Uncomment the below section with appropriate values to use an external LDAP
163
# server for user authentication.
164
#
165
# enabled: boolean; controls whether or not LDAP authentication is enabled
166
#
167
# uri: url of LDAP server
168
#
169
# base: location in the directory from which the LDAP search begins
170
#
171
# tls: boolean; controls whether or not to use TLS security
172
#
173
# default_role: Id of the role to assign LDAP users to by default. This is
174
#     optional. This role must first be created on the Pulp server. If
175
#     default_role is not set or doesn't exist, LDAP users are given same
176
#     default permissions as local users.
177
#
178
# filter: directive to set more restrictive LDAP filter to limit the LDAP
179
#     users who can authenticate to Pulp
180

    
181
# Deprecated! Please use apache's mod_authnz_ldap to do preauthentication. See
182
# pulp's user guide for details.
183
# [ldap]
184
# enabled: true # are you sure? This has been deprecated.
185
# uri: ldap://localhost
186
# base: dc=localhost
187
# tls: no
188
# default_role: <role-id>
189
# filter: (gidNumber=200)
190

    
191

    
192
# = OAuth =
193
#
194
# Uncomment the below section with appropriate values to use OAuth
195
# authentication.
196
#
197
# enabled: boolean; controls whether OAuth authentication is enabled
198
#
199
# oauth_key: string; key to enable OAuth style authentication
200
#
201
# oauth_secret: string; shared secret that can be used for OAuth style
202
#     authentication
203

    
204
[oauth]
205
enabled: true
206
oauth_key: katello
207
oauth_secret: SBNzZcMxYisovUB9HMkMzGQBGeo5tKPA
208

    
209

    
210
# = Messaging =
211
#
212
# Controls Pulp's configuration of broker settings for communicating to the Consumer Agent.
213
#
214
# url: the url used to contact the broker. This setting uses the form:
215
#
216
#         <protocol>://<host>:<port>/<virtual-host>
217
#
218
#     Or to use a username and password:
219
#
220
#         <protocol>://<user>:<password>@<host>:<port>/<virtual-host>
221
#
222
#     Supported <protocol>  values are 'tcp' or 'ssl' depending on if SSL should be used or not.
223
#     The <virtual-host> is optional, and is only applicable to RabbitMQ broker environments.
224
#
225
#     The default broker string is 'tcp://localhost:5672'.
226
#
227
# transport: The type of broker you are connecting to. The default is 'qpid'. For RabbitMQ,
228
#     'rabbitmq' should be used.
229
#
230
# cacert: Absolute path to PEM encoded CA certificate file, used by Pulp to validate the identity
231
#     of the broker using SSL. The default is '/etc/pki/qpid/ca/ca.crt'.
232
#
233
# clientcert: Absolute path to PEM encoded file containing both the private key and
234
#     certificate Pulp should present to the broker to be authenticated by the broker. The default
235
#     is '/etc/pki/qpid/client/client.pem'.
236
#
237
# auth_enabled:
238
#     Message authentication enabled flag. The default is 'true' which enables authentication.
239
#     To disable authentication, use 'false'.
240
#
241
# topic_exchange: The name of the exchange to use. The exchange must be a topic exchange. The
242
#     default is 'amq.topic', which is a default exchange that is guaranteed to exist on a Qpid
243
#     broker. This setting is a string, and therefore includes the single quotes.
244
#
245

    
246
[messaging]
247
url: ssl://puppet100.[redacted].net:5671
248
transport: qpid
249
auth_enabled: false
250
cacert: /etc/pki/katello/certs/katello-default-ca.crt
251
clientcert: /etc/pki/katello/qpid_client_striped.crt
252
topic_exchange: 'amq.topic'
253

    
254

    
255
# = Asynchronous Tasks =
256
#
257
# Controls Pulp's Celery settings. These settings are used by the Pulp Server and Pulp Workers to
258
# perform asynchronous, server-side task work such as syncing, publishing, or deletion of content.
259
# Communication between these different components occurs through the broker.
260
#
261
# broker_url: A URL to a broker that Celery can use to queue tasks. For example, to configure
262
#     Celery with a Qpid backend, set broker_url to:
263
#
264
#         qpid://<username>:<password>@<hostname>:<port>/
265
#
266
#     For RabbitMQ you can use the following broker_url style:
267
#
268
#         amqp://<username>:<password>@<hostname>:<port>/<vhost>
269
#
270
# celery_require_ssl: Require SSL if set to 'true', otherwise do not require SSL. The default is
271
#     'false'.
272
#
273
# cacert: The absolute path to the PEM encoded CA Certificate allowing identity validation of the
274
#     message bus. The default is '/etc/pki/pulp/qpid/ca.crt'.
275
#
276
# keyfile: The absolute path to the keyfile used for authentication to the message bus. This is the
277
#     private key that corresponds with the certificate. The default value is
278
#     '/etc/pki/pulp/qpid/client.crt'. Sometimes the key is kept in the same file as the
279
#     certificate it corresponds with, and the default assumes this is the case.
280
#
281
# certfile: The absolute path to the PEM encoded certificate used for authentication to the message
282
#     bus. The default value is '/etc/pki/pulp/qpid/client.crt'.
283
#
284

    
285
[tasks]
286
broker_url: qpid://puppet100.[redacted].net:5671
287
celery_require_ssl: true
288
cacert: /etc/pki/katello/certs/katello-default-ca.crt
289
keyfile: /etc/pki/katello/qpid_client_striped.crt
290
certfile: /etc/pki/katello/qpid_client_striped.crt
291

    
292

    
293
# = Email =
294
#
295
# Settings that allow the system to send email. It is recommended that
296
# the system relay through a local MTA on the machine. Pulp does not retry in
297
# case of error, so it is important to have a real MTA available locally.
298
#
299
# If there is a need to test email sending, it is recommended to run this:
300
#   $ python -m smtpd -n -c DebuggingServer localhost:1025
301
# which will write each message to stdout.
302
#
303
# host: host name of the MTA pulp should relay through
304
#
305
# port: destination port to connect on
306
#
307
# from: the "From" address of each email the system sends
308
#
309
# enabled: boolean controls whether or not emails will be sent
310

    
311
[email]
312
host: localhost
313
port: 25
314
from: no-reply@[redacted].net
315
enabled: false
316