-
Notifications
You must be signed in to change notification settings - Fork 38
/
all.yml
207 lines (191 loc) · 9.95 KB
/
all.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
cchq_home: "/home/{{ cchq_user }}"
www_dir: "{{ cchq_home }}/www"
www_home: "{{ www_dir }}/{{ deploy_env }}"
code_home: "{{ www_home }}/current"
log_home: "{{ www_home }}/log"
legacy_service_home: "{{ code_home }}/services"
service_home: "{{ www_home }}/services"
virtualenv_home: "{{ code_home }}/python_env"
py3_virtualenv_home: "{{ code_home }}/python_env-3.6"
nginx_static_home: "{{ code_home }}/staticfiles"
encrypted_root: "/opt/data"
encrypted_tmp: "/opt/tmp"
project: "commcare-hq"
airflow_home: "{{ cchq_home }}/airflow"
airflow_virtualenv: "{{ airflow_home }}/env"
internal_network_interface: "{{ ansible_default_ipv4.interface }}"
internal_network_interface_fact: "ansible_{{ internal_network_interface }}"
internal_ipv4: "{{ hostvars[inventory_hostname][internal_network_interface_fact].ipv4 }}"
shared_dir_gid: 1500 # This GID cannot already be allocated
shared_dir_name: "shared{{ '_' ~ deploy_env if deploy_env != 'production' else '' }}"
shared_data_dir: "/opt/{{ shared_dir_name }}"
shared_mount_dir: "/mnt/{{ shared_dir_name }}"
is_monolith: '{{ groups["all"]|length == 1 }}'
shared_drive_enabled: '{{ not is_monolith }}'
transfer_payload_dir_name: "transfer_payloads"
restore_payload_dir_name: "restore_payloads"
shared_temp_dir_name: "temp"
public_site_path: /opt/commcare-hq-public/site/output
commtrack_public_site_path: /opt/commtrack-static/site/output/
cchq_user: cchq
dev_group: dimagidev
etc_hosts_lines: []
etc_hosts_lines_removed: []
ssh_allow_password: False
ssh_allow_password_users: []
django_port: 9010
zookeeper_client_port: 2181
formplayer_port: 8181
couchdb_use_haproxy: False
couchdb2_port: 15984
couchdb2_proxy_port: "{{ 35984 if couchdb_use_haproxy else 25984 }}"
couchdb_admins: "{
'{{ localsettings_private.COUCH_USERNAME }}': '{{ localsettings_private.COUCH_PASSWORD }}',
}"
is_redis_cluster: '{{ "redis_cluster_master" in groups and groups["redis_cluster_master"]|length > 1 }}'
run_websockets_wsgi: False
# commcare-hq connects to an S3-compatible service
s3_blob_db_enabled: False
s3_blob_db_url:
s3_blob_db_s3_bucket:
s3_bulk_delete_chunksize: 1000
# For instructions on S3-to-S3 migrations, see docs/howto/migrate-s3-to-s3.md
# or http://dimagi.github.io/commcare-cloud/howto/migrate-s3-to-s3
old_s3_blob_db_url: ~
old_s3_blob_db_s3_bucket: ~
old_s3_bulk_delete_chunksize: ~
# To use these vars without deploying the riak control machine
# add riakcs_s3_access_key and riakcs_s3_secret_key to the ansible secret config directory
s3_blob_db_access_key: "{{ riakcs_s3_access_key if riakcs_s3_access_key else (hostvars[riakcs_control]['riak_key'] if s3_blob_db_enabled else '') }}"
s3_blob_db_secret_key: "{{ riakcs_s3_secret_key if riakcs_s3_secret_key else (hostvars[riakcs_control]['riak_secret'] if s3_blob_db_enabled else '') }}"
datadog_integration_cloudant: false
datadog_integration_couch: false
datadog_integration_elastic: false
datadog_integration_gunicorn: false
datadog_integration_kafka: false
datadog_integration_kafka_consumer: false
datadog_integration_nginx: false
datadog_integration_pgbouncer: false
datadog_integration_pgbouncer_custom: false
datadog_integration_postgres: false
datadog_integration_postgres_receiver: false
datadog_integration_rabbitmq: false
datadog_integration_redisdb: false
datadog_integration_zk: false
datadog_integration_jmx: false
datadog_integration_vmware: false
datadog_integration_http: false
datadog_integration_haproxy: false
datadog_integration_tcp_check: false
datadog_integration_disk_check: true
datadog_extra_host_checks: []
datadog_patch_modules:
- requests:true
- gevent:true
- psycopg:true
- redis:true
- sqlalchemy:true
- elasticsearch:true
root_email: commcarehq-ops+root@example.com
server_email: commcarehq-noreply@example.com
server_admin_email: commcarehq-ops+admins@example.com
default_from_email: commcarehq-noreply@example.com
support_email: support@example.com
probono_support_email: pro-bono@example.com
cchq_bug_report_email: commcarehq-bug-reports@example.com
accounts_email: accounts@example.com
data_email: datatree@example.com
subscription_change_email: accounts+subchange@example.com
internal_subscription_change_email: accounts+subchange+internal@example.com
billing_email: sales@example.com
invoicing_contact_email: billing-support@example.com
growth_email: growth@example.com
master_list_email: master-list@example.com
sales_email: sales@example.com
privacy_email: privacy@dimagi.com
feedback_email: hq-feedback@dimagi.com
eula_change_email: eula-notifications@example.com
contact_email: info@example.com
soft_assert_email: commcarehq-ops+soft_asserts@example.com
daily_deploy_email: null
check_s3_backups_email: null
AMAZON_S3_ACCESS_KEY: "{{ localsettings_private.AMAZON_S3_ACCESS_KEY | default(None) }}"
AMAZON_S3_SECRET_KEY: "{{ localsettings_private.AMAZON_S3_SECRET_KEY | default(None) }}"
AMQP_HOST: "{{ groups.rabbitmq.0 }}"
AMQP_NAME: commcarehq
AMQP_PASSWORD: "{{ secrets.AMQP_PASSWORD | default(None) }}"
AMQP_USER: "{{ secrets.AMQP_USER | default(None) }}"
APPCUES_ID: "{{ localsettings_private.APPCUES_ID | default('', true) }}"
APPCUES_KEY: "{{ localsettings_private.APPCUES_KEY | default('', true) }}"
BANK_ACCOUNT_NUMBER: "{{ localsettings_private.BANK_ACCOUNT_NUMBER | default(None) }}"
BANK_ROUTING_NUMBER_ACH: "{{ localsettings_private.BANK_ROUTING_NUMBER_ACH | default('') }}"
BANK_ROUTING_NUMBER_WIRE: "{{ localsettings_private.BANK_ROUTING_NUMBER_WIRE | default('')}}"
BITLY_APIKEY: "{{ localsettings_private.BITLY_APIKEY | default('') }}"
BITLY_LOGIN: "{{ localsettings_private.BITLY_LOGIN | default('') }}"
BOOKKEEPER_CONTACT_EMAILS: "{{ localsettings_private.BOOKKEEPER_CONTACT_EMAILS | default(None) }}"
COUCH_MONITORING_PASSWORD: "{{ localsettings_private.COUCH_MONITORING_PASSWORD | default(None) }}"
COUCH_MONITORING_USERNAME: "{{ localsettings_private.COUCH_MONITORING_USERNAME | default(None) }}"
DRIFT_ID: "{{ localsettings_private.DRIFT_ID | default('', true) }}"
DROPBOX_APP_NAME: 'CommCareHQFiles'
DROPBOX_KEY: "{{ localsettings_private.DROPBOX_KEY | default(None) }}"
DROPBOX_SECRET: "{{ localsettings_private.DROPBOX_SECRET | default(None)}}"
ELASTICSEARCH_PORT: 9200
EMAIL_LOGIN: "{{ localsettings_private.EMAIL_LOGIN | default(None) }}"
EMAIL_PASSWORD: "{{ localsettings_private.EMAIL_PASSWORD | default(None) }}"
FORMPLAYER_INTERNAL_AUTH_KEY: "{{ localsettings_private.FORMPLAYER_INTERNAL_AUTH_KEY | default(None) }}"
FULLSTORY_ID: "{{ localsettings_private.FULLSTORY_ID | default('', true)}}"
GMAPS_API_KEY: "{{ localsettings_private.GMAPS_API_KEY | default('') }}"
GOOGLE_ANALYTICS_API_ID: "{{ localsettings_private.GOOGLE_ANALYTICS_API_ID | default('', true) }}"
GREENHOUSE_API_KEY: "{{ localsettings_private.GREENHOUSE_API_KEY | default(None) }}"
HQ_PRIVATE_KEY: "{{ localsettings_private.HQ_PRIVATE_KEY | default(None) }}"
HUBSPOT_API_ID: "{{ localsettings_private.HUBSPOT_API_ID | default('', true) }}"
HUBSPOT_API_KEY: "{{ localsettings_private.HUBSPOT_API_KEY | default('', true) }}"
JAR_KEY_ALIAS: javarosakey
JAR_KEY_PASS: "{{ localsettings_private.JAR_KEY_PASS | default('') }}"
JAR_STORE_PASS: "{{ localsettings_private.JAR_STORE_PASS | default('') }}"
KISSMETRICS_KEY: "{{ localsettings_private.KISSMETRICS_KEY | default('', true) }}"
MAPS_LAYERS: "{{ localsettings_private.MAPS_LAYERS | default(None) }}"
MOBILE_INTEGRATION_TEST_TOKEN: "{{ localsettings_private.MOBILE_INTEGRATION_TEST_TOKEN | default(None) }}"
OPEN_EXCHANGE_RATES_API_ID: "{{ localsettings_private.OPEN_EXCHANGE_RATES_API_ID | default(None) }}"
SECRET_KEY: "{{ localsettings_private.SECRET_KEY }}"
SENTRY_DSN: "{{ localsettings_private.SENTRY_DSN | default(None) }}"
SENTRY_API_KEY: "{{ localsettings_private.SENTRY_API_KEY | default(None) }}"
# Deprecated
SENTRY_PRIVATE_KEY: "{{ localsettings_private.SENTRY_PRIVATE_KEY | default(None) }}"
SENTRY_PROJECT_ID: "{{ localsettings_private.SENTRY_PROJECT_ID | default(None) }}"
SENTRY_PUBLIC_KEY: "{{ localsettings_private.SENTRY_PUBLIC_KEY | default(None) }}"
SENTRY_QUERY_URL: "{{ localsettings_private.SENTRY_QUERY_URL | default(None) }}"
SIMPLE_API_KEYS: "{{ localsettings_private.SIMPLE_API_KEYS | default(None) }}"
STRIPE_PRIVATE_KEY: "{{ localsettings_private.STRIPE_PRIVATE_KEY | default(None) }}"
STRIPE_PUBLIC_KEY: "{{ localsettings_private.STRIPE_PUBLIC_KEY | default(None) }}"
TRANSIFEX_API_TOKEN: "{{ localsettings_private.TRANSIFEX_API_TOKEN | default(None) }}"
TWO_FACTOR_GATEWAY_ENABLED: False
DATADOG_API_KEY: "{{ secrets.DATADOG_API_KEY | default(None) }}"
DATADOG_APP_KEY: "{{ secrets.DATADOG_APP_KEY | default(None) }}"
ECRYPTFS_PASSWORD: "{{ secrets.ECRYPTFS_PASSWORD | default(None) }}"
KSPLICE_ACTIVATION_KEY: "{{ secrets.KSPLICE_ACTIVATION_KEY | default(None) }}"
NEW_RELIC_KEY: "{{ secrets.NEW_RELIC_KEY | default(None) }}"
formplayer_sentry_dsn: '{{ secrets.FORMPLAYER_SENTRY_DSN | default(None) }}'
internal_domain_name: null
old_s3_blob_db_access_key: "{{ secrets.OLD_S3_BLOB_DB_ACCESS_KEY | default(None) }}"
old_s3_blob_db_secret_key: "{{ secrets.OLD_S3_BLOB_DB_SECRET_KEY | default(None) }}"
postgres_users: "{{ secrets.POSTGRES_USERS | default(None) }}"
riakcs_s3_access_key: "{{ secrets.RIAKCS_S3_ACCESS_KEY | default(None) }}"
riakcs_s3_secret_key: "{{ secrets.RIAKCS_S3_SECRET_KEY | default(None) }}"
supervisor_http_password: "{{ secrets.SUPERVISOR_HTTP_PASSWORD | default(None) }}"
supervisor_http_username: "{{ secrets.SUPERVISOR_HTTP_USERNAME | default(None) }}"
# To enable Local ES snapshot override with repository location
es_local_repo: false
blobdb_snapshot_bucket: dimagi-{{ deploy_env }}-blobdb-backups
couchdb_snapshot_bucket: dimagi-{{ deploy_env }}-couch-backups
postgres_snapshot_bucket: dimagi-{{ deploy_env }}-postgres-backups
backup_es_s3: False
es_snapshot_bucket: "dimagi-{{ deploy_env }}-es-snapshots"
aws_region: None
# this reads "'s3.{{ aws_region }}.amazonaws.com' if aws_region else None"
aws_endpoint: '{{ aws_region and "s3." + aws_region + ".amazonaws.com" }}'
aws_versioning_enabled: true
airflow_secret_key: '{{ secrets.AIRFLOW_SECRET_KEY | default(None) }}'
airflow_flask_key: '{{ secrets.AIRFLOW_FLASK_KEY | default(None) }}'
nofile_limit: 4096
keepalived_recepient_email: '{{ root_email }}'