This repository has been archived by the owner on Dec 7, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 170
/
server.conf
352 lines (317 loc) · 13.3 KB
/
server.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
# =========================
# Pulp Server Configuration
# =========================
# The settings in this file are all commented by default, and the commented settings show the
# default values that Pulp Server will choose if not specified here.
# -- Common Configuration -----------------------------------------------------
# = Database =
#
# Controls the behavior of MongoDB under Pulp's usage.
#
# Authentication - If the username and the password keys have values provided,
# the pulp server will attempt to authenticate to the MongoDB server. The
# username and password provided here will be used to authenticate with the
# database specified in the name field.
#
# Replica Sets - If more than one seed is provided, a connection will be attempted to each seed
# until a connection is made. When multiple seeds are provided, the 'replica_set' value must also
# be specified.
#
# name: name of the database to use
# seeds: comma-separated list of hostname:port of database replica seed hosts
# username: The user name to use for authenticating to the MongoDB server
# password: The password to use for authenticating to the MongoDB server
# replica_set: uncomment and set this value to the name of replica set configured in MongoDB,
# if one is in use
# ssl: If True, create the connection to the server using SSL.
# ssl_keyfile: A path to the private keyfile used to identify the local connection against
# mongod. If included with the certfile then only the ssl_certfile is needed.
# ssl_certfile: The certificate file used to identify the local connection against mongod.
# verify_ssl: Specifies whether a certificate is required from the other side of the
# connection, and whether it will be validated if provided. If it is true, then
# the ssl_ca_certs parameter must point to a file of CA certificates used to
# validate the connection.
# ca_path: The ca_certs file contains a set of concatenated “certification authority”
# certificates, which are used to validate certificates passed from the other end
# of the connection.
# unsafe_autoretry: If true, retry commands to the database if there is a connection error.
# Warning: if set to true, this setting can result in duplicate records.
# write_concern: Write concern of 'majority' or 'all'. When 'all' is specified, 'w' is set to
# number of seeds specified. For version of MongoDB < 2.6, replica_set must also
# be specified. Please note that 'all' will cause Pulp to halt if any of the
# replica set members is not available. 'majority' is used by default.
[database]
# name: pulp_database
# seeds: localhost:27017
# username:
# password:
# replica_set:
# ssl: false
# ssl_keyfile:
# ssl_certfile:
# verify_ssl: true
# ca_path: /etc/pki/tls/certs/ca-bundle.crt
# unsafe_autoretry: false
# write_concern: majority
# = Server =
#
# Controls general Pulp web server behavior.
#
# server_name: hostname the admin client and consumers should use when accessing
# the server; if not specified, this defaults to the server's fully qualified
# domain name (FQDN)
# default_login: default admin username of the Pulp server; this user will be
# the first time the server is started
# default_password: default password for admin when it is first created; this
# should be changed once the server is operational
# debugging_mode: boolean; toggles Pulp's debugging capabilities
# log_level: The desired logging level. Options are: CRITICAL, ERROR, WARNING, INFO, DEBUG,
# and NOTSET. Pulp will default to INFO.
# working_directory:path to where pulp workers can create working directories needed to complete tasks
[server]
# server_name: server_hostname
# key_url: /pulp/gpg
# ks_url: /pulp/ks
# default_login: admin
# default_password: admin
# debugging_mode: false
# log_level: INFO
# working_directory: /var/cache/pulp
# = Authentication =
#
# Keys used for message authentication.
#
# rsa_key:
# The RSA private key used for authentication.
# rsa_pub:
# The RSA public key used for authentication.
[authentication]
# rsa_key = /etc/pki/pulp/rsa.key
# rsa_pub = /etc/pki/pulp/rsa_pub.key
# = Security =
#
# Controls aspects of the Pulp web server security.
#
# For production installations, it is recommended that a new CA certificate be
# generated for the signing of user and consumer certificates and configured
# using the following properties.
#
# cacert: full path to the CA certificate that will be used to sign consumer
# and admin identification certificates; this must match the value of
# SSLCACertificateFile in /etc/httpd/conf.d/pulp.conf
# Deprecated! - Please note that both cacert and cakey settings will be
# removed in the next major release since Pulp will not sign certificates.
# However, Pulp will continue to support client certificates generated
# by users through Apache and pulp-admin.
#
# cakey: path to the private key for the above CA certificate
#
# ssl_ca_certificate: full path to the CA certificate used to sign the Pulp
# server's SSL certificate; consumers will use this to verify the
# Pulp server's SSL certificate during the SSL handshake
# Deprecated! - Please note that this setting will be removed in the next
# major release and will be replaced by a setting in the consumer.conf file
# that will allow the user to specify a directory path containing certificates.
#
# user_cert_expiration: number of days a user certificate is valid
#
# consumer_cert_expiration: number of days a consumer certificate is valid
#
[security]
# cacert: /etc/pki/pulp/ca.crt # Deprecated! See above description for details.
# cakey: /etc/pki/pulp/ca.key # Deprecated! See above description for details.
# ssl_ca_certificate: /etc/pki/pulp/ssl_ca.crt # Deprecated! See above description for details.
# user_cert_expiration: 7
# consumer_cert_expiration: 3650
# serial_number_path: /var/lib/pulp/sn.dat
# -- Advanced Configuration ---------------------------------------------------
# = Consumer History =
#
# Controls the storage of recorded consumer events.
#
# lifetime: number of days to store consumer events; events older
# than this will be purged; set to -1 to disable
[consumer_history]
# lifetime: 180
# = Data Reaping =
#
# Controls the frequency in which reporting data is automatically removed from
# the database. Database entries that exceed the given thresholds will be
# deleted from the database when the reaper runs.
#
# reaper_interval: float; time in days between checks for old data in
# the database
#
# consumer_history: float; time in days to store consumer history events
#
# repo_sync_history: float; time in days to store repository sync history events
#
# repo_publish_history: float; time in days to store repository publish history
# events
#
# repo_group_publish_history: float; time in days to store repository group
# publish history events
#
# task_status_history: float; time in days to store task status history in the db
# task_result_history: float; time in days to store task results history
[data_reaping]
# reaper_interval: 0.25
# consumer_history: 60
# repo_sync_history: 60
# repo_publish_history: 60
# repo_group_publish_history: 60
# task_status_history: 7
# task_result_history: 3
# = LDAP =
#
# Uncomment the below section with appropriate values to use an external LDAP
# server for user authentication.
#
# enabled: boolean; controls whether or not LDAP authentication is enabled
#
# uri: url of LDAP server
#
# base: location in the directory from which the LDAP search begins
#
# tls: boolean; controls whether or not to use TLS security
#
# default_role: Id of the role to assign LDAP users to by default. This is
# optional. This role must first be created on the Pulp server. If
# default_role is not set or doesn't exist, LDAP users are given same
# default permissions as local users.
#
# filter: directive to set more restrictive LDAP filter to limit the LDAP
# users who can authenticate to Pulp
# Deprecated! Please use apache's mod_authnz_ldap to do preauthentication. See
# pulp's user guide for details.
# [ldap]
# enabled: true # are you sure? This has been deprecated.
# uri: ldap://localhost
# base: dc=localhost
# tls: no
# default_role: <role-id>
# filter: (gidNumber=200)
# = OAuth =
#
# Uncomment the below section with appropriate values to use OAuth
# authentication.
#
# enabled: boolean; controls whether OAuth authentication is enabled
#
# oauth_key: string; key to enable OAuth style authentication
#
# oauth_secret: string; shared secret that can be used for OAuth style
# authentication
[oauth]
# enabled: true
# oauth_key:
# oauth_secret:
# = Messaging =
#
# Controls Pulp's configuration of broker settings for communicating to the Consumer Agent.
#
# url: the url used to contact the broker. This setting uses the form:
#
# <protocol>://<host>:<port>/<virtual-host>
#
# Or to use a username and password:
#
# <protocol>://<user>:<password>@<host>:<port>/<virtual-host>
#
# Supported <protocol> values are 'tcp' or 'ssl' depending on if SSL should be used or not.
# The <virtual-host> is optional, and is only applicable to RabbitMQ broker environments.
#
# The default broker string is 'tcp://localhost:5672'.
#
# transport: The type of broker you are connecting to. The default is 'qpid'. For RabbitMQ,
# 'rabbitmq' should be used.
#
# cacert: Absolute path to PEM encoded CA certificate file, used by Pulp to validate the identity
# of the broker using SSL. The default is '/etc/pki/qpid/ca/ca.crt'.
#
# clientcert: Absolute path to PEM encoded file containing both the private key and
# certificate Pulp should present to the broker to be authenticated by the broker. The default
# is '/etc/pki/qpid/client/client.pem'.
#
# auth_enabled:
# Message authentication enabled flag. The default is 'true' which enables authentication.
# To disable authentication, use 'false'.
#
# topic_exchange: The name of the exchange to use. The exchange must be a topic exchange. The
# default is 'amq.topic', which is a default exchange that is guaranteed to exist on a Qpid
# broker. This setting is a string, and therefore includes the single quotes.
#
# event_notifications_enabled:
# Enables or disables Pulp event notfications on the message bus. Defaults to 'false'.
#
# event_notification_url:
# The AMQP URL for event notifications. Defaults to 'qpid://localhost:5672/'.
[messaging]
# url: tcp://localhost:5672
# transport: qpid
# auth_enabled: true
# cacert: /etc/pki/qpid/ca/ca.crt
# clientcert: /etc/pki/qpid/client/client.pem
# topic_exchange: 'amq.topic'
# event_notifications_enabled: false
# event_notification_url: qpid://localhost:5672/
# = Asynchronous Tasks =
#
# Controls Pulp's Celery settings. These settings are used by the Pulp Server and Pulp Workers to
# perform asynchronous, server-side task work such as syncing, publishing, or deletion of content.
# Communication between these different components occurs through the broker.
#
# broker_url: A URL to a broker that Celery can use to queue tasks. For example, to configure
# Celery with a Qpid backend, set broker_url to:
#
# qpid://<username>:<password>@<hostname>:<port>/
#
# For RabbitMQ you can use the following broker_url style:
#
# amqp://<username>:<password>@<hostname>:<port>/<vhost>
#
# celery_require_ssl: Require SSL if set to 'true', otherwise do not require SSL. The default is
# 'false'.
#
# cacert: The absolute path to the PEM encoded CA Certificate allowing identity validation of the
# message bus. The default is '/etc/pki/pulp/qpid/ca.crt'.
#
# keyfile: The absolute path to the keyfile used for authentication to the message bus. This is the
# private key that corresponds with the certificate. The default value is
# '/etc/pki/pulp/qpid/client.crt'. Sometimes the key is kept in the same file as the
# certificate it corresponds with, and the default assumes this is the case.
#
# certfile: The absolute path to the PEM encoded certificate used for authentication to the message
# bus. The default value is '/etc/pki/pulp/qpid/client.crt'.
#
# login_method: Select the SASL login method used to connect to the broker. This should be left
# unset except in special cases such as SSL client certificate authentication.
[tasks]
# broker_url: qpid://localhost/
# celery_require_ssl: false
# cacert: /etc/pki/pulp/qpid/ca.crt
# keyfile: /etc/pki/pulp/qpid/client.crt
# certfile: /etc/pki/pulp/qpid/client.crt
# login_method:
# = Email =
#
# Settings that allow the system to send email. It is recommended that
# the system relay through a local MTA on the machine. Pulp does not retry in
# case of error, so it is important to have a real MTA available locally.
#
# If there is a need to test email sending, it is recommended to run this:
# $ python -m smtpd -n -c DebuggingServer localhost:1025
# which will write each message to stdout.
#
# host: host name of the MTA pulp should relay through
#
# port: destination port to connect on
#
# from: the "From" address of each email the system sends
#
# enabled: boolean controls whether or not emails will be sent
[email]
# host: localhost
# port: 25
# from: no-reply@your.domain
# enabled: false