Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
519 lines (435 sloc) 18.3 KB
manager:
# The manager's private IP address. This is the address which will be used by
# agent hosts to connect to the Manager's fileserver and message broker.
private_ip: ''
# An IP address by which the Manager is accessible externally, such as via the CLI
# or external clients. If not applicable, provide the same value as "private_ip".
public_ip: ''
# The Manager's hostname, doesn't have to be accessible.
# If no hostname is supplied it will be read from /etc/hostname
hostname: ''
# Provide an IP or hostname to be used in the local CLI profile on the manager.
# This might be useful when providing an external certificate.
cli_local_profile_host_name: localhost
######################################################################################
#
# As long as you have set the config entries above, you can install the manager with:
# cfy_manager install
# The rest of the configuration is only required if you need to change the defaults.
#
######################################################################################
# This is set by the installer build script. Changing this will not change the edition
# you are using, but may cause interesting problems.
premium_edition: set_by_installer_builder
# Sets whether the first time the manager's VM is booted from a Cloudify manager image
# its private IP will be propagated to all relevant configuration files.
set_manager_ip_on_boot: false
security:
# When enabled, the external REST communication will be performed over HTTPS
ssl_enabled: false
# Username and password of the Cloudify Manager administrator.
admin_username: admin
# If admin_password is left blank, a password will be generated for you and provided
# to you at the end of the install process.
admin_password: ''
# A path to a Cloudify license to be uploaded on the Manager during installation
cloudify_license_path: ''
manager-ip-setter:
sources:
manager_ip_setter_rpm: cloudify-manager-ip-setter-*.rpm
provider_context:
policy_engine:
start_timeout: 30
# An imported URL is prefix-matched against the key in each entry. If a match is found,
# then the URL prefix is replaced with the value of the corresponding entry.
# That allows serving YAML files from within the manager, even when the imported URL
# points to the external network.
import_resolver:
parameters:
rules:
- {http://www.getcloudify.org/spec: file:///opt/manager/resources/spec}
- {http://cloudify.co/spec: file:///opt/manager/resources/spec}
- {https://www.getcloudify.org/spec: file:///opt/manager/resources/spec}
- {https://cloudify.co/spec: file:///opt/manager/resources/spec}
# if this is set to true, the import resolver will try the original,
# non-resolved URL as well, if the resolved one returns a HTTP error
fallback: true
# A dict of network names and IP addresses of managers and brokers associated with them.
# By default, there is only a "default" network, with the manager's
# private IP and broker IPs associated with it. This network can be overwritten.
# Structure:
# networks:
# <network_name>: <manager address or ip>
# <network2_name>: ...
networks: {}
agent:
broker_port: 5671
min_workers: 2
max_workers: 5
# AMQP heartbeat timeout. 0 means no heartbeats
heartbeat: 30
# Default logging level.
# This can be overridden on a per-agent basis by using the "log_level" directive
# under "agent_config".
log_level: INFO
rabbitmq:
# Sets the username/password to use for clients such as celery to connect to
# the rabbitmq broker. It is recommended that you set both the username and
# password to something reasonably secure.
username: cloudify
password: c10udify
# A list of cluster members, including network-specific IPs.
# The 'default' network IP must be set for each member.
# If installing a single external rabbit (not intended to be part of a cluster),
# or an all-in-one manager this section can be left blank.
# Example:
# cluster_members:
# <hostname of rabbit node>:
# default: <ip of rabbit node> (not needed if node name is resolvable via DNS)
# <other network name>: <ip for this node on 'other network'>
# ...
# <name of second rabbit node>:
# default: ...
# ...
# ...
# All nodes must have a 'default' entry.
# This should not be populated on an all-in-one manager.
cluster_members: {}
# Path to cert for CA that signed the broker cert.
# Must be provided to use external brokers.
# Will default to cert_path if installing a broker locally.
ca_path: ''
#####################################################
# #
# RABBITMQ SERVER SETTINGS #
# Settings before this point are relevant for both #
# locally and remotely installed queue_service. #
# Settings after this point are only relevant when #
# installing the queue_service on its own or as #
# part of an all-in-one manager. #
# They are not used in any other cases, and so can #
# be left unaltered if the queue_service is not #
# being installed locally. #
# #
#####################################################
# Path to broker certificate for external broker
# For all-in-one manager install, this should be left blank
# For external brokers, the broker certificate (in PEM format) should be
# in the file referred to by this configuration entry
# NOTE: This certificate and key pair must both be provided when installing
# a broker. These are not relevant for a manager-only or postgres-only
# install. For manager-only specification of brokers, see the
# cluster_members setting.
cert_path: ''
# Associated key
key_path: ''
# The name to give this cluster node. If this is blank, it will be set to localhost.
nodename:
# Whether to support FQDNs. If this is set to false, only the hostname will be
# used even if the FQDN is supplied.
# Caution: Setting this to true will require manually specifying target node
# and using the --longnames argument for any rabbitmqctl operations.
use_long_name: false
# If this is part of a cluster and not the first node to be configured, set
# this to one of the other cluster node names.
join_cluster:
# If this is a cluster then this value must be the same on all rabbitmq nodes.
# If left blank, it will be auto-generated.
erlang_cookie:
sources:
erlang_rpm_source_url: erlang-21.0.2-1.el7.centos.x86_64.rpm
socat_rpm_source_url: socat-1.7.3.2-2.el7.x86_64.rpm
rabbitmq_rpm_source_url: rabbitmq-server-3.7.7-1.el7.noarch.rpm
cloudify_rabbitmq_package: cloudify-rabbitmq-*.noarch.rpm
# Sets the File Descriptor limit for the rabbitmq user.
fd_limit: 102400
# Make the management plugin only listen on the local interface
# The plugin will automatically be made to listen externally on external
# brokers.
management_only_local: true
# NOTE: The policy settings are only set up by the first broker in a cluster
# of brokers, and they're not configured at all by a manager using an external
# broker.
# If you remove any of these policies, you may encounter undefined
# behaviour, so it's probably best not to remove them.
policies:
- name: logs_queue_message_policy
expression: ^cloudify-log$
# Highest value priority is applied in expression collisions
priority: 100
policy:
# Sets the number of milliseconds to wait before a message expires
# in the events queue. Not used if an external endpoint is used.
message-ttl: 1200000
# Sets the number of messages the events queue can hold. Note this is NOT
# the message byte length! Not used if an external endpoint is used.
# Note that for each of the queue length limit properties, new messages
# will be queued in RabbitMQ and old messages will be deleted once the
# limit is reached! https://www.rabbitmq.com/maxlength.html
max-length: 1000000
# Used to ensure data integrity by keeping a replica of the queue on all
# cluster nodes
ha-mode: all
ha-sync-mode: automatic
ha-sync-batch-size: 50
- name: events_queue_message_policy
expression: ^cloudify-events$
priority: 100
policy:
message-ttl: 1200000
max-length: 1000000
ha-mode: all
ha-sync-mode: automatic
ha-sync-batch-size: 50
- name: default_policy
expression: ^
priority: 1
policy:
ha-mode: all
ha-sync-mode: automatic
ha-sync-batch-size: 50
postgresql_server:
sources:
libxslt_rpm_url: libxslt-1.1.28-5.el7.x86_64.rpm
ps_libs_rpm_url: postgresql95-libs-9.5.3-2PGDG.rhel7.x86_64.rpm
ps_rpm_url: postgresql95-9.5.3-2PGDG.rhel7.x86_64.rpm
ps_contrib_rpm_url: postgresql95-contrib-9.5.3-2PGDG.rhel7.x86_64.rpm
ps_server_rpm_url: postgresql95-server-9.5.3-2PGDG.rhel7.x86_64.rpm
ps_devel_rpm_url: postgresql95-devel-9.5.3-2PGDG.rhel7.x86_64.rpm
# For external postgres installation, set to true
enable_remote_connections: false
# Password to set for the postgres user
# This is only relevant for external postgres installations when you enable
# remote connections
# THE PASSWORD WILL BE REMOVED FROM THE FILE AFTER THE INSTALLATION FINISHES
postgres_password: ''
# SSL must be enabled for external databases - provide proper certificates
ssl_enabled: false
# If true, clientcert=1 will be added to the hostssl lines in pg_hba.conf
# forcing client certificate verification
ssl_client_verification: false
# If try only SSL connections will be permitted, use with caution
ssl_only_connections: false
postgresql_client:
sources:
ps_libs_rpm_url: postgresql95-libs-9.5.3-2PGDG.rhel7.x86_64.rpm
ps_rpm_url: postgresql95-9.5.3-2PGDG.rhel7.x86_64.rpm
psycopg2_rpm_url: python-psycopg2-2.5.1-3.el7.x86_64.rpm
# Default values for the Postgres DB name, host, username and password
# For external postgres installation, update accordingly
host: localhost
# DB name, user name and password to be created
# default postgres user is used for database initialization
db_name: cloudify_db
username: cloudify
password: cloudify
# SSL must be enabled for external databases - provide proper certificates
ssl_enabled: false
# If true, client SSL certificates will need to be supplied and the Postgres
# server will verify each client connection
ssl_client_verification: false
# Password to use when connecting to the database with the postgres user
# This is only relevant for external postgres installations when you enable
# remote connections
# THE PASSWORD WILL BE REMOVED FROM THE FILE AFTER THE INSTALLATION FINISHES
postgres_password: ''
stage:
# If set to true, Cloudify UI will not be installed
skip_installation: false
sources:
nodejs_source_url: node-v10.15.1-linux-x64.tar.xz
stage_source_url: cloudify-stage-*.tgz
# Number of Cloudify Stage processes to be started
# 0/max - to spread the app across all CPUs
# -1 - to spread the app across all CPUs - 1
# number - to spread the app across number CPUs
instances: 0
composer:
# If set to true, Cloudify Composer will not be installed
skip_installation: false
sources:
composer_source_url: cloudify-blueprint-composer-*.tgz
python:
# Some plugins installed from sources require compilation - installs a
# compiler and the python headers to allow that.
install_python_compilers: false
# If set to true, python sources (e.g. pip) will be removed when
# uninstalling the Cloudify Manager. NOTE: only set to true if those
# dependencies weren't available before Cloudify Manager installation
remove_on_teardown: false
premium:
sources:
premium_source_url: cloudify-premium-*.x86_64.rpm
restservice:
log:
# Logging level for the REST service. Defaults to 'INFO', as 'DEBUG' may
# end up logging sensitive information.
level: INFO
# The size, in MB, that the REST service log file may grow to before it's
# rotated.
file_size: 100
# Number of historical log files to keep when rotating the REST service logs.
files_backup_count: 7
gunicorn:
# The number of gunicorn worker processes for handling requests. If the
# default value (0) is set, then min((2 * cpu_count + 1 processes), max_worker_count)
# will be used.
worker_count: 0
# Maximum number of gunicorn workers (if calculated automatically)
max_worker_count: 12
# The maximum number of requests a worker will process before restarting.
# If this is set to zero then the automatic worker restarts are disabled.
max_requests: 1000
ldap:
# LDAP server, admin username, admin password and domain
server: ''
username: ''
password: ''
domain: ''
# True if Active Directory will be used as the LDAP authenticator
is_active_directory: true
# Any extra LDAP information (separated by the `;` sign. e.g. a=1;b=2)
dn_extra: ''
sources:
agents_source_url: cloudify-agents-*.rpm
restservice_source_url: cloudify-rest-service-*.x86_64.rpm
# Minimum available memory for running list query on Manager host in MB.
min_available_memory_mb: 100
# Disables insecure REST endpoints
insecure_endpoints_disabled: true
# Port to be used by the REST service
port: 8100
# Number of failed logins (bad password) before account lockout
failed_logins_before_account_lock: 4
# Account lockout time in minutes. `-1` means no account lockout,
# even when `failed_logins_before_account_lock` has a value.
account_lock_period: -1
# The default page size for REST queries
default_page_size: 1000
# Additional environment variables to add to the REST Service's service
# file.
extra_env: {}
nginx:
# Number of nginx worker processes to have.
# Specify "auto" to use nginx's recommended configuration of one
# process per core.
worker_processes: auto
# Number of connections that any nginx worker is allowed to carry simultaneously.
worker_connections: 4096
# Maximum number of open file descriptors that any nginx process
# is allowed to have.
max_open_fds: 102400
sources:
nginx_source_url: nginx-1.13.7-1.el7_4.ngx.x86_64.rpm
mgmtworker:
sources:
mgmtworker_source_url: cloudify-management-worker-*.x86_64.rpm
# Sets the logging level to use for the management workers. This affects the
# logging performed by the manager during the execution of management tasks,
# such as deployment creation and deployment deletion. NOTE: specifying
# "debug" will result in considerable amount of logging activity. Consider
# using "info" (or a more restrictive level) for production environments.
log_level: INFO
# Minimum number of worker processes maintained by the management worker.
min_workers: 2
# Maximum number of worker processes started by the management worker.
max_workers: 100
# Maximum number of manager-side tasks that can be performed concurrently.
# This is a performance measure to avoid deployments' starvation, in case
# a rogue deployment takes over all management workers.
gatekeeper_bucket_size: 25
# Additional environment variables to add to the management worker's service
# file.
extra_env: {}
workflows:
# Sets the number of times a failed task will be retried on recoverable error.
task_retries: 60
# Sets the interval between retry attempts in seconds.
task_retry_interval: 15
patch:
sources:
patch_source_url: patch-2.7.1-10.el7_5.x86_64.rpm
cli:
sources:
cli_source_url: cloudify-cli-*.x86_64.rpm
sanity:
# If set to true, the sanity blueprint install/uninstall will not be
# performed during Cloudify Manager installation
skip_sanity: false
sources:
sanity_source_url: cloudify-hello-world-example-*.tar.gz
dev:
# Constraints (in standard `pip` constraints format) to pass on to `pip`
# when installing overlays (such as `rest_service_source_url`, `dsl_parser_source_url`
# and so on). Example:
# requests==2.13.0
# requests-toolbelt==0.7.1
pip_constraints: ''
sources:
cloudify_resources_url: ''
rest_client_source_url: ''
plugins_common_source_url: ''
script_plugin_source_url: ''
agent_source_url: ''
dsl_parser_source_url: ''
validations:
# If set to true, install/configuration validations will not be performed
skip_validations: false
# These allow to override specific validation values
# NOTE: We do not recommend changing these values unless you know exactly
# what you're doing.
minimum_required_total_physical_memory_in_mb: 3700
# Minimum required disk space on Manager host in GB.
minimum_required_available_disk_space_in_gb: 5
# Python version expected to be found on the machine
expected_python_version: '2.7'
# The only Linux distros fully supported, on which a Cloudify Manager can
# be installed
supported_distros: [centos, redhat]
# The supported versions of the above distros
supported_distro_versions: ['7']
ssl_inputs:
external_cert_path: ''
external_key_path: ''
internal_cert_path: ''
internal_key_path: ''
postgresql_server_cert_path: ''
postgresql_server_key_path: ''
postgresql_client_cert_path: ''
postgresql_client_key_path: ''
postgresql_ca_cert_path: ''
ca_cert_path: ''
ca_key_path: ''
ca_key_password: ''
# External CA cert is used to auto-generate the external cert, if the
# external cert is not provided.
# The key and the password will not be stored.
# External CA cert, if provided, will also be used with the on-manager CLI.
external_ca_cert_path: ''
external_ca_key_path: ''
external_ca_key_password: ''
internal_manager_host: ''
usage_collector:
collect_cloudify_uptime:
# True if the uptime collector will be installed
active: true
# Sets the interval between running the uptime collector in hours
interval_in_hours: 4
collect_cloudify_usage:
# True if the usage collector will be installed
active: true
# Sets the interval between running the usage collector in days
interval_in_days: 1
flask_security: {}
# list of services - manager_service, queue_service, database_service
# will install only these services on this machine
# I.E - all-in-one installation
# services_to_install:
# - database_service
# - queue_service
# - manager_service
services_to_install:
- database_service
- queue_service
- manager_service
unconfigured_install: true
You can’t perform that action at this time.