This repository has been archived by the owner. It is now read-only.
Permalink
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
283 lines (265 sloc) 15.1 KB
#
# Copyright:: Copyright (c) 2012 Opscode, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
###
# High level options
###
default['chef_server']['api_version'] = "11.0.2"
default['chef_server']['flavor'] = "osc" # Open Source Chef
default['chef_server']['notification_email'] = "info@example.com"
default['chef_server']['bootstrap']['enable'] = true
####
# The Chef User that services run as
####
# The username for the chef services user
default['chef_server']['user']['username'] = "chef_server"
# The shell for the chef services user
default['chef_server']['user']['shell'] = "/bin/sh"
# The home directory for the chef services user
default['chef_server']['user']['home'] = "/opt/chef-server/embedded"
####
# RabbitMQ
####
default['chef_server']['rabbitmq']['enable'] = true
default['chef_server']['rabbitmq']['ha'] = false
default['chef_server']['rabbitmq']['dir'] = "/var/opt/chef-server/rabbitmq"
default['chef_server']['rabbitmq']['data_dir'] = "/var/opt/chef-server/rabbitmq/db"
default['chef_server']['rabbitmq']['log_directory'] = "/var/log/chef-server/rabbitmq"
default['chef_server']['rabbitmq']['vhost'] = '/chef'
default['chef_server']['rabbitmq']['user'] = 'chef'
default['chef_server']['rabbitmq']['password'] = 'chefrocks'
default['chef_server']['rabbitmq']['node_ip_address'] = '127.0.0.1'
default['chef_server']['rabbitmq']['node_port'] = '8672'
default['chef_server']['rabbitmq']['nodename'] = 'rabbit@localhost'
default['chef_server']['rabbitmq']['vip'] = '127.0.0.1'
default['chef_server']['rabbitmq']['consumer_id'] = 'hotsauce'
####
# Chef Solr
####
default['chef_server']['chef-solr']['enable'] = true
default['chef_server']['chef-solr']['ha'] = false
default['chef_server']['chef-solr']['dir'] = "/var/opt/chef-server/chef-solr"
default['chef_server']['chef-solr']['data_dir'] = "/var/opt/chef-server/chef-solr/data"
default['chef_server']['chef-solr']['log_directory'] = "/var/log/chef-server/chef-solr"
# defaults for heap size and new generation size are computed in the chef-solr
# recipe based on node memory
default['chef_server']['chef-solr']['heap_size'] = nil
default['chef_server']['chef-solr']['new_size'] = nil
default['chef_server']['chef-solr']['java_opts'] = ""
default['chef_server']['chef-solr']['ip_address'] = '127.0.0.1'
default['chef_server']['chef-solr']['vip'] = '127.0.0.1'
default['chef_server']['chef-solr']['port'] = 8983
default['chef_server']['chef-solr']['ram_buffer_size'] = 200
default['chef_server']['chef-solr']['merge_factor'] = 100
default['chef_server']['chef-solr']['max_merge_docs'] = 2147483647
default['chef_server']['chef-solr']['max_field_length'] = 100000
default['chef_server']['chef-solr']['max_commit_docs'] = 1000
default['chef_server']['chef-solr']['commit_interval'] = 60000 # in ms
default['chef_server']['chef-solr']['poll_seconds'] = 20 # slave -> master poll interval in seconds, max of 60 (see solrconfig.xml.erb)
####
# Chef Expander
####
default['chef_server']['chef-expander']['enable'] = true
default['chef_server']['chef-expander']['ha'] = false
default['chef_server']['chef-expander']['dir'] = "/var/opt/chef-server/chef-expander"
default['chef_server']['chef-expander']['log_directory'] = "/var/log/chef-server/chef-expander"
default['chef_server']['chef-expander']['reindexer_log_directory'] = "/var/log/chef-server/chef-expander-reindexer"
default['chef_server']['chef-expander']['consumer_id'] = "default"
default['chef_server']['chef-expander']['nodes'] = 2
####
# Bookshelf
####
default['chef_server']['bookshelf']['enable'] = true
default['chef_server']['bookshelf']['ha'] = false
default['chef_server']['bookshelf']['dir'] = "/var/opt/chef-server/bookshelf"
default['chef_server']['bookshelf']['data_dir'] = "/var/opt/chef-server/bookshelf/data"
default['chef_server']['bookshelf']['log_directory'] = "/var/log/chef-server/bookshelf"
default['chef_server']['bookshelf']['svlogd_size'] = 1000000
default['chef_server']['bookshelf']['svlogd_num'] = 10
default['chef_server']['bookshelf']['vip'] = node['fqdn']
default['chef_server']['bookshelf']['url'] = "https://#{node['fqdn']}"
# Default: set to Host: header. Override to hardcode a url, "http://..."
default['chef_server']['bookshelf']['external_url'] = :host_header
default['chef_server']['bookshelf']['listen'] = '127.0.0.1'
default['chef_server']['bookshelf']['port'] = 4321
default['chef_server']['bookshelf']['stream_download'] = true
default['chef_server']['bookshelf']['access_key_id'] = "generated-by-default"
default['chef_server']['bookshelf']['secret_access_key'] = "generated-by-default"
####
# Erlang Chef Server API
####
default['chef_server']['erchef']['enable'] = true
default['chef_server']['erchef']['ha'] = false
default['chef_server']['erchef']['dir'] = "/var/opt/chef-server/erchef"
default['chef_server']['erchef']['log_directory'] = "/var/log/chef-server/erchef"
default['chef_server']['erchef']['log_rotation']['file_maxbytes'] = 104857600
default['chef_server']['erchef']['log_rotation']['num_to_keep'] = 10
default['chef_server']['erchef']['svlogd_size'] = 1000000
default['chef_server']['erchef']['svlogd_num'] = 10
default['chef_server']['erchef']['vip'] = '127.0.0.1'
default['chef_server']['erchef']['listen'] = '127.0.0.1'
default['chef_server']['erchef']['port'] = 8000
default['chef_server']['erchef']['auth_skew'] = '900'
default['chef_server']['erchef']['bulk_fetch_batch_size'] = '5'
default['chef_server']['erchef']['max_cache_size'] = '10000'
default['chef_server']['erchef']['cache_ttl'] = '3600'
default['chef_server']['erchef']['db_pool_size'] = '20'
default['chef_server']['erchef']['ibrowse_max_sessions'] = 256
default['chef_server']['erchef']['ibrowse_max_pipeline_size'] = 1
# Default: generate signed URLs based upon Host: header. Override with a url, "http:// ..."
default['chef_server']['erchef']['base_resource_url'] = :host_header
default['chef_server']['erchef']['s3_bucket'] = 'bookshelf'
default['chef_server']['erchef']['s3_url_ttl'] = 28800
default['chef_server']['erchef']['s3_parallel_ops_timeout'] = 5000
default['chef_server']['erchef']['s3_parallel_ops_fanout'] = 20
default['chef_server']['erchef']['proxy_user'] = "pivotal"
default['chef_server']['erchef']['validation_client_name'] = "chef-validator"
default['chef_server']['erchef']['umask'] = "0022"
default['chef_server']['erchef']['web_ui_client_name'] = "chef-webui"
default['chef_server']['erchef']['root_metric_key'] = "chefAPI"
default['chef_server']['erchef']['depsolver_worker_count'] = 5
default['chef_server']['erchef']['depsolver_timeout'] = 5000
default['chef_server']['erchef']['max_request_size'] = 1000000
####
# Chef Server WebUI
####
default['chef_server']['chef-server-webui']['enable'] = true
default['chef_server']['chef-server-webui']['ha'] = false
default['chef_server']['chef-server-webui']['dir'] = "/var/opt/chef-server/chef-server-webui"
default['chef_server']['chef-server-webui']['log_directory'] = "/var/log/chef-server/chef-server-webui"
default['chef_server']['chef-server-webui']['environment'] = 'chefserver'
default['chef_server']['chef-server-webui']['listen'] = '127.0.0.1'
default['chef_server']['chef-server-webui']['vip'] = '127.0.0.1'
default['chef_server']['chef-server-webui']['port'] = 9462
default['chef_server']['chef-server-webui']['backlog'] = 1024
default['chef_server']['chef-server-webui']['tcp_nodelay'] = true
default['chef_server']['chef-server-webui']['worker_timeout'] = 3600
default['chef_server']['chef-server-webui']['umask'] = "0022"
default['chef_server']['chef-server-webui']['worker_processes'] = 2
default['chef_server']['chef-server-webui']['session_key'] = "_sandbox_session"
default['chef_server']['chef-server-webui']['cookie_domain'] = false
default['chef_server']['chef-server-webui']['cookie_secret'] = "47b3b8d95dea455baf32155e95d1e64e"
default['chef_server']['chef-server-webui']['web_ui_client_name'] = "chef-webui"
default['chef_server']['chef-server-webui']['web_ui_admin_user_name'] = "admin"
default['chef_server']['chef-server-webui']['web_ui_admin_default_password'] = "p@ssw0rd1"
####
# Chef Pedant
####
default['chef_server']['chef-pedant']['dir'] = "/var/opt/chef-server/chef-pedant"
default['chef_server']['chef-pedant']['log_directory'] = "/var/log/chef-server/chef-pedant"
default['chef_server']['chef-pedant']['log_http_requests'] = true
###
# Estatsd
###
default['chef_server']['estatsd']['enable'] = true
default['chef_server']['estatsd']['dir'] = "/var/opt/chef-server/estatsd"
default['chef_server']['estatsd']['log_directory'] = "/var/log/chef-server/estatsd"
default['chef_server']['estatsd']['vip'] = "127.0.0.1"
default['chef_server']['estatsd']['port'] = 9466
###
# Load Balancer
###
default['chef_server']['lb']['enable'] = true
default['chef_server']['lb']['vip'] = "127.0.0.1"
default['chef_server']['lb']['api_fqdn'] = node['fqdn']
default['chef_server']['lb']['web_ui_fqdn'] = node['fqdn']
default['chef_server']['lb']['cache_cookbook_files'] = false
default['chef_server']['lb']['debug'] = false
default['chef_server']['lb']['upstream']['erchef'] = [ "127.0.0.1" ]
default['chef_server']['lb']['upstream']['chef-server-webui'] = [ "127.0.0.1" ]
default['chef_server']['lb']['upstream']['bookshelf'] = [ "127.0.0.1" ]
####
# Nginx
####
default['chef_server']['nginx']['enable'] = true
default['chef_server']['nginx']['ha'] = false
default['chef_server']['nginx']['dir'] = "/var/opt/chef-server/nginx"
default['chef_server']['nginx']['log_directory'] = "/var/log/chef-server/nginx"
default['chef_server']['nginx']['ssl_port'] = 443
default['chef_server']['nginx']['enable_non_ssl'] = false
default['chef_server']['nginx']['non_ssl_port'] = 80
default['chef_server']['nginx']['server_name'] = node['fqdn']
default['chef_server']['nginx']['url'] = "https://#{node['fqdn']}"
# Based off of the Mozilla recommended cipher suite
# https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Ciphersuite
#
# SSLV3 was removed because of the poodle attack. (https://www.openssl.org/~bodo/ssl-poodle.pdf)
#
# If your infrastructure still has requirements for the vulnerable/venerable SSLV3, you can add
# "SSLv3" to the below line.
default['chef_server']['nginx']['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2"
default['chef_server']['nginx']['ssl_ciphers'] = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
default['chef_server']['nginx']['ssl_certificate'] = nil
default['chef_server']['nginx']['ssl_certificate_key'] = nil
default['chef_server']['nginx']['ssl_country_name'] = "US"
default['chef_server']['nginx']['ssl_state_name'] = "WA"
default['chef_server']['nginx']['ssl_locality_name'] = "Seattle"
default['chef_server']['nginx']['ssl_company_name'] = "YouCorp"
default['chef_server']['nginx']['ssl_organizational_unit_name'] = "Operations"
default['chef_server']['nginx']['ssl_email_address'] = "you@example.com"
default['chef_server']['nginx']['worker_processes'] = node['cpu']['total'].to_i
default['chef_server']['nginx']['worker_connections'] = 10240
default['chef_server']['nginx']['sendfile'] = 'on'
default['chef_server']['nginx']['tcp_nopush'] = 'on'
default['chef_server']['nginx']['tcp_nodelay'] = 'on'
default['chef_server']['nginx']['gzip'] = "on"
default['chef_server']['nginx']['gzip_http_version'] = "1.0"
default['chef_server']['nginx']['gzip_comp_level'] = "2"
default['chef_server']['nginx']['gzip_proxied'] = "any"
default['chef_server']['nginx']['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
default['chef_server']['nginx']['keepalive_timeout'] = 65
default['chef_server']['nginx']['client_max_body_size'] = '250m'
default['chef_server']['nginx']['cache_max_size'] = '5000m'
default['chef_server']['nginx']['enable_ipv6'] = false
###
# PostgreSQL
###
default['chef_server']['postgresql']['enable'] = true
default['chef_server']['postgresql']['ha'] = false
default['chef_server']['postgresql']['dir'] = "/var/opt/chef-server/postgresql"
default['chef_server']['postgresql']['data_dir'] = "/var/opt/chef-server/postgresql/data"
default['chef_server']['postgresql']['log_directory'] = "/var/log/chef-server/postgresql"
default['chef_server']['postgresql']['svlogd_size'] = 1000000
default['chef_server']['postgresql']['svlogd_num'] = 10
default['chef_server']['postgresql']['username'] = "opscode-pgsql"
default['chef_server']['postgresql']['shell'] = "/bin/sh"
default['chef_server']['postgresql']['home'] = "/var/opt/chef-server/postgresql"
default['chef_server']['postgresql']['user_path'] = "/opt/chef-server/embedded/bin:/opt/chef-server/bin:$PATH"
default['chef_server']['postgresql']['sql_user'] = "opscode_chef"
default['chef_server']['postgresql']['sql_password'] = "snakepliskin"
default['chef_server']['postgresql']['sql_ro_user'] = "opscode_chef_ro"
default['chef_server']['postgresql']['sql_ro_password'] = "shmunzeltazzen"
default['chef_server']['postgresql']['vip'] = "127.0.0.1"
default['chef_server']['postgresql']['port'] = 5432
default['chef_server']['postgresql']['listen_address'] = 'localhost'
default['chef_server']['postgresql']['max_connections'] = 200
default['chef_server']['postgresql']['md5_auth_cidr_addresses'] = [ '127.0.0.1/32', '::1/128' ]
default['chef_server']['postgresql']['shmmax'] = kernel['machine'] =~ /x86_64/ ? 17179869184 : 4294967295
default['chef_server']['postgresql']['shmall'] = kernel['machine'] =~ /x86_64/ ? 4194304 : 1048575
# Resolves CHEF-3889
if (node['memory']['total'].to_i / 4) > ((node['chef_server']['postgresql']['shmmax'].to_i / 1024) - 2097152)
# guard against setting shared_buffers > shmmax on hosts with installed RAM > 64GB
# use 2GB less than shmmax as the default for these large memory machines
default['chef_server']['postgresql']['shared_buffers'] = "14336MB"
else
default['chef_server']['postgresql']['shared_buffers'] = "#{(node['memory']['total'].to_i / 4) / (1024)}MB"
end
default['chef_server']['postgresql']['work_mem'] = "8MB"
default['chef_server']['postgresql']['effective_cache_size'] = "#{(node['memory']['total'].to_i / 2) / (1024)}MB"
default['chef_server']['postgresql']['checkpoint_segments'] = 10
default['chef_server']['postgresql']['checkpoint_timeout'] = "5min"
default['chef_server']['postgresql']['checkpoint_completion_target'] = 0.9
default['chef_server']['postgresql']['checkpoint_warning'] = "30s"