-
Notifications
You must be signed in to change notification settings - Fork 13
/
config.yaml
518 lines (435 loc) · 18.3 KB
/
config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
manager:
# The manager's private IP address. This is the address which will be used by
# agent hosts to connect to the Manager's fileserver and message broker.
private_ip: ''
# An IP address by which the Manager is accessible externally, such as via the CLI
# or external clients. If not applicable, provide the same value as "private_ip".
public_ip: ''
# The Manager's hostname, doesn't have to be accessible.
# If no hostname is supplied it will be read from /etc/hostname
hostname: ''
# Provide an IP or hostname to be used in the local CLI profile on the manager.
# This might be useful when providing an external certificate.
cli_local_profile_host_name: localhost
######################################################################################
#
# As long as you have set the config entries above, you can install the manager with:
# cfy_manager install
# The rest of the configuration is only required if you need to change the defaults.
#
######################################################################################
# This is set by the installer build script. Changing this will not change the edition
# you are using, but may cause interesting problems.
premium_edition: set_by_installer_builder
# Sets whether the first time the manager's VM is booted from a Cloudify manager image
# its private IP will be propagated to all relevant configuration files.
set_manager_ip_on_boot: false
security:
# When enabled, the external REST communication will be performed over HTTPS
ssl_enabled: false
# Username and password of the Cloudify Manager administrator.
admin_username: admin
# If admin_password is left blank, a password will be generated for you and provided
# to you at the end of the install process.
admin_password: ''
# A path to a Cloudify license to be uploaded on the Manager during installation
cloudify_license_path: ''
manager-ip-setter:
sources:
manager_ip_setter_rpm: cloudify-manager-ip-setter-*.rpm
provider_context:
policy_engine:
start_timeout: 30
# An imported URL is prefix-matched against the key in each entry. If a match is found,
# then the URL prefix is replaced with the value of the corresponding entry.
# That allows serving YAML files from within the manager, even when the imported URL
# points to the external network.
import_resolver:
parameters:
rules:
- {http://www.getcloudify.org/spec: file:///opt/manager/resources/spec}
- {http://cloudify.co/spec: file:///opt/manager/resources/spec}
- {https://www.getcloudify.org/spec: file:///opt/manager/resources/spec}
- {https://cloudify.co/spec: file:///opt/manager/resources/spec}
# if this is set to true, the import resolver will try the original,
# non-resolved URL as well, if the resolved one returns a HTTP error
fallback: true
# A dict of network names and IP addresses of managers and brokers associated with them.
# By default, there is only a "default" network, with the manager's
# private IP and broker IPs associated with it. This network can be overwritten.
# Structure:
# networks:
# <network_name>: <manager address or ip>
# <network2_name>: ...
networks: {}
agent:
broker_port: 5671
min_workers: 2
max_workers: 5
# AMQP heartbeat timeout. 0 means no heartbeats
heartbeat: 30
# Default logging level.
# This can be overridden on a per-agent basis by using the "log_level" directive
# under "agent_config".
log_level: INFO
rabbitmq:
# Sets the username/password to use for clients such as celery to connect to
# the rabbitmq broker. It is recommended that you set both the username and
# password to something reasonably secure.
username: cloudify
password: c10udify
# A list of cluster members, including network-specific IPs.
# The 'default' network IP must be set for each member.
# If installing a single external rabbit (not intended to be part of a cluster),
# or an all-in-one manager this section can be left blank.
# Example:
# cluster_members:
# <hostname of rabbit node>:
# default: <ip of rabbit node> (not needed if node name is resolvable via DNS)
# <other network name>: <ip for this node on 'other network'>
# ...
# <name of second rabbit node>:
# default: ...
# ...
# ...
# All nodes must have a 'default' entry.
# This should not be populated on an all-in-one manager.
cluster_members: {}
# Path to cert for CA that signed the broker cert.
# Must be provided to use external brokers.
# Will default to cert_path if installing a broker locally.
ca_path: ''
#####################################################
# #
# RABBITMQ SERVER SETTINGS #
# Settings before this point are relevant for both #
# locally and remotely installed queue_service. #
# Settings after this point are only relevant when #
# installing the queue_service on its own or as #
# part of an all-in-one manager. #
# They are not used in any other cases, and so can #
# be left unaltered if the queue_service is not #
# being installed locally. #
# #
#####################################################
# Path to broker certificate for external broker
# For all-in-one manager install, this should be left blank
# For external brokers, the broker certificate (in PEM format) should be
# in the file referred to by this configuration entry
# NOTE: This certificate and key pair must both be provided when installing
# a broker. These are not relevant for a manager-only or postgres-only
# install. For manager-only specification of brokers, see the
# cluster_members setting.
cert_path: ''
# Associated key
key_path: ''
# The name to give this cluster node. If this is blank, it will be set to localhost.
nodename:
# Whether to support FQDNs. If this is set to false, only the hostname will be
# used even if the FQDN is supplied.
# Caution: Setting this to true will require manually specifying target node
# and using the --longnames argument for any rabbitmqctl operations.
use_long_name: false
# If this is part of a cluster and not the first node to be configured, set
# this to one of the other cluster node names.
join_cluster:
# If this is a cluster then this value must be the same on all rabbitmq nodes.
# If left blank, it will be auto-generated.
erlang_cookie:
sources:
erlang_rpm_source_url: erlang-21.0.2-1.el7.centos.x86_64.rpm
socat_rpm_source_url: socat-1.7.3.2-2.el7.x86_64.rpm
rabbitmq_rpm_source_url: rabbitmq-server-3.7.7-1.el7.noarch.rpm
cloudify_rabbitmq_package: cloudify-rabbitmq-*.noarch.rpm
# Sets the File Descriptor limit for the rabbitmq user.
fd_limit: 102400
# Make the management plugin only listen on the local interface
# The plugin will automatically be made to listen externally on external
# brokers.
management_only_local: true
# NOTE: The policy settings are only set up by the first broker in a cluster
# of brokers, and they're not configured at all by a manager using an external
# broker.
# If you remove any of these policies, you may encounter undefined
# behaviour, so it's probably best not to remove them.
policies:
- name: logs_queue_message_policy
expression: ^cloudify-log$
# Highest value priority is applied in expression collisions
priority: 100
policy:
# Sets the number of milliseconds to wait before a message expires
# in the events queue. Not used if an external endpoint is used.
message-ttl: 1200000
# Sets the number of messages the events queue can hold. Note this is NOT
# the message byte length! Not used if an external endpoint is used.
# Note that for each of the queue length limit properties, new messages
# will be queued in RabbitMQ and old messages will be deleted once the
# limit is reached! https://www.rabbitmq.com/maxlength.html
max-length: 1000000
# Used to ensure data integrity by keeping a replica of the queue on all
# cluster nodes
ha-mode: all
ha-sync-mode: automatic
ha-sync-batch-size: 50
- name: events_queue_message_policy
expression: ^cloudify-events$
priority: 100
policy:
message-ttl: 1200000
max-length: 1000000
ha-mode: all
ha-sync-mode: automatic
ha-sync-batch-size: 50
- name: default_policy
expression: ^
priority: 1
policy:
ha-mode: all
ha-sync-mode: automatic
ha-sync-batch-size: 50
postgresql_server:
sources:
libxslt_rpm_url: libxslt-1.1.28-5.el7.x86_64.rpm
ps_libs_rpm_url: postgresql95-libs-9.5.3-2PGDG.rhel7.x86_64.rpm
ps_rpm_url: postgresql95-9.5.3-2PGDG.rhel7.x86_64.rpm
ps_contrib_rpm_url: postgresql95-contrib-9.5.3-2PGDG.rhel7.x86_64.rpm
ps_server_rpm_url: postgresql95-server-9.5.3-2PGDG.rhel7.x86_64.rpm
ps_devel_rpm_url: postgresql95-devel-9.5.3-2PGDG.rhel7.x86_64.rpm
# For external postgres installation, set to true
enable_remote_connections: false
# Password to set for the postgres user
# This is only relevant for external postgres installations when you enable
# remote connections
# THE PASSWORD WILL BE REMOVED FROM THE FILE AFTER THE INSTALLATION FINISHES
postgres_password: ''
# SSL must be enabled for external databases - provide proper certificates
ssl_enabled: false
# If true, clientcert=1 will be added to the hostssl lines in pg_hba.conf
# forcing client certificate verification
ssl_client_verification: false
# If try only SSL connections will be permitted, use with caution
ssl_only_connections: false
postgresql_client:
sources:
ps_libs_rpm_url: postgresql95-libs-9.5.3-2PGDG.rhel7.x86_64.rpm
ps_rpm_url: postgresql95-9.5.3-2PGDG.rhel7.x86_64.rpm
psycopg2_rpm_url: python-psycopg2-2.5.1-3.el7.x86_64.rpm
# Default values for the Postgres DB name, host, username and password
# For external postgres installation, update accordingly
host: localhost
# DB name, user name and password to be created
# default postgres user is used for database initialization
db_name: cloudify_db
username: cloudify
password: cloudify
# SSL must be enabled for external databases - provide proper certificates
ssl_enabled: false
# If true, client SSL certificates will need to be supplied and the Postgres
# server will verify each client connection
ssl_client_verification: false
# Password to use when connecting to the database with the postgres user
# This is only relevant for external postgres installations when you enable
# remote connections
# THE PASSWORD WILL BE REMOVED FROM THE FILE AFTER THE INSTALLATION FINISHES
postgres_password: ''
stage:
# If set to true, Cloudify UI will not be installed
skip_installation: false
sources:
nodejs_source_url: node-v10.15.1-linux-x64.tar.xz
stage_source_url: cloudify-stage-*.tgz
# Number of Cloudify Stage processes to be started
# 0/max - to spread the app across all CPUs
# -1 - to spread the app across all CPUs - 1
# number - to spread the app across number CPUs
instances: 0
composer:
# If set to true, Cloudify Composer will not be installed
skip_installation: false
sources:
composer_source_url: cloudify-blueprint-composer-*.tgz
python:
# Some plugins installed from sources require compilation - installs a
# compiler and the python headers to allow that.
install_python_compilers: false
# If set to true, python sources (e.g. pip) will be removed when
# uninstalling the Cloudify Manager. NOTE: only set to true if those
# dependencies weren't available before Cloudify Manager installation
remove_on_teardown: false
premium:
sources:
premium_source_url: cloudify-premium-*.x86_64.rpm
restservice:
log:
# Logging level for the REST service. Defaults to 'INFO', as 'DEBUG' may
# end up logging sensitive information.
level: INFO
# The size, in MB, that the REST service log file may grow to before it's
# rotated.
file_size: 100
# Number of historical log files to keep when rotating the REST service logs.
files_backup_count: 7
gunicorn:
# The number of gunicorn worker processes for handling requests. If the
# default value (0) is set, then min((2 * cpu_count + 1 processes), max_worker_count)
# will be used.
worker_count: 0
# Maximum number of gunicorn workers (if calculated automatically)
max_worker_count: 12
# The maximum number of requests a worker will process before restarting.
# If this is set to zero then the automatic worker restarts are disabled.
max_requests: 1000
ldap:
# LDAP server, admin username, admin password and domain
server: ''
username: ''
password: ''
domain: ''
# True if Active Directory will be used as the LDAP authenticator
is_active_directory: true
# Any extra LDAP information (separated by the `;` sign. e.g. a=1;b=2)
dn_extra: ''
sources:
agents_source_url: cloudify-agents-*.rpm
restservice_source_url: cloudify-rest-service-*.x86_64.rpm
# Minimum available memory for running list query on Manager host in MB.
min_available_memory_mb: 100
# Disables insecure REST endpoints
insecure_endpoints_disabled: true
# Port to be used by the REST service
port: 8100
# Number of failed logins (bad password) before account lockout
failed_logins_before_account_lock: 4
# Account lockout time in minutes. `-1` means no account lockout,
# even when `failed_logins_before_account_lock` has a value.
account_lock_period: -1
# The default page size for REST queries
default_page_size: 1000
# Additional environment variables to add to the REST Service's service
# file.
extra_env: {}
nginx:
# Number of nginx worker processes to have.
# Specify "auto" to use nginx's recommended configuration of one
# process per core.
worker_processes: auto
# Number of connections that any nginx worker is allowed to carry simultaneously.
worker_connections: 4096
# Maximum number of open file descriptors that any nginx process
# is allowed to have.
max_open_fds: 102400
sources:
nginx_source_url: nginx-1.13.7-1.el7_4.ngx.x86_64.rpm
mgmtworker:
sources:
mgmtworker_source_url: cloudify-management-worker-*.x86_64.rpm
# Sets the logging level to use for the management workers. This affects the
# logging performed by the manager during the execution of management tasks,
# such as deployment creation and deployment deletion. NOTE: specifying
# "debug" will result in considerable amount of logging activity. Consider
# using "info" (or a more restrictive level) for production environments.
log_level: INFO
# Minimum number of worker processes maintained by the management worker.
min_workers: 2
# Maximum number of worker processes started by the management worker.
max_workers: 100
# Maximum number of manager-side tasks that can be performed concurrently.
# This is a performance measure to avoid deployments' starvation, in case
# a rogue deployment takes over all management workers.
gatekeeper_bucket_size: 25
# Additional environment variables to add to the management worker's service
# file.
extra_env: {}
workflows:
# Sets the number of times a failed task will be retried on recoverable error.
task_retries: 60
# Sets the interval between retry attempts in seconds.
task_retry_interval: 15
patch:
sources:
patch_source_url: patch-2.7.1-10.el7_5.x86_64.rpm
cli:
sources:
cli_source_url: cloudify-cli-*.x86_64.rpm
sanity:
# If set to true, the sanity blueprint install/uninstall will not be
# performed during Cloudify Manager installation
skip_sanity: false
sources:
sanity_source_url: cloudify-hello-world-example-*.tar.gz
dev:
# Constraints (in standard `pip` constraints format) to pass on to `pip`
# when installing overlays (such as `rest_service_source_url`, `dsl_parser_source_url`
# and so on). Example:
# requests==2.13.0
# requests-toolbelt==0.7.1
pip_constraints: ''
sources:
cloudify_resources_url: ''
rest_client_source_url: ''
plugins_common_source_url: ''
script_plugin_source_url: ''
agent_source_url: ''
dsl_parser_source_url: ''
validations:
# If set to true, install/configuration validations will not be performed
skip_validations: false
# These allow to override specific validation values
# NOTE: We do not recommend changing these values unless you know exactly
# what you're doing.
minimum_required_total_physical_memory_in_mb: 3700
# Minimum required disk space on Manager host in GB.
minimum_required_available_disk_space_in_gb: 5
# Python version expected to be found on the machine
expected_python_version: '2.7'
# The only Linux distros fully supported, on which a Cloudify Manager can
# be installed
supported_distros: [centos, redhat]
# The supported versions of the above distros
supported_distro_versions: ['7']
ssl_inputs:
external_cert_path: ''
external_key_path: ''
internal_cert_path: ''
internal_key_path: ''
postgresql_server_cert_path: ''
postgresql_server_key_path: ''
postgresql_client_cert_path: ''
postgresql_client_key_path: ''
postgresql_ca_cert_path: ''
ca_cert_path: ''
ca_key_path: ''
ca_key_password: ''
# External CA cert is used to auto-generate the external cert, if the
# external cert is not provided.
# The key and the password will not be stored.
# External CA cert, if provided, will also be used with the on-manager CLI.
external_ca_cert_path: ''
external_ca_key_path: ''
external_ca_key_password: ''
internal_manager_host: ''
usage_collector:
collect_cloudify_uptime:
# True if the uptime collector will be installed
active: true
# Sets the interval between running the uptime collector in hours
interval_in_hours: 4
collect_cloudify_usage:
# True if the usage collector will be installed
active: true
# Sets the interval between running the usage collector in days
interval_in_days: 1
flask_security: {}
# list of services - manager_service, queue_service, database_service
# will install only these services on this machine
# I.E - all-in-one installation
# services_to_install:
# - database_service
# - queue_service
# - manager_service
services_to_install:
- database_service
- queue_service
- manager_service
unconfigured_install: true