Created
February 17, 2017 22:31
-
-
Save daviddavis/2141a5db763083d9cfdcfd11fa7a94c9 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ========================= | |
# Pulp Server Configuration | |
# ========================= | |
# The settings in this file are all commented by default, and the commented settings show the | |
# default values that Pulp Server will choose if not specified here. | |
# -- Common Configuration ----------------------------------------------------- | |
# = Database = | |
# | |
# Controls the behavior of MongoDB under Pulp's usage. | |
# | |
# Authentication - If the username and the password keys have values provided, | |
# the pulp server will attempt to authenticate to the MongoDB server. The | |
# username and password provided here will be used to authenticate with the | |
# database specified in the name field. | |
# | |
# Replica Sets - If more than one seed is provided, a connection will be attempted to each seed | |
# until a connection is made. When multiple seeds are provided, the 'replica_set' value must also | |
# be specified. | |
# | |
# name: name of the database to use | |
# seeds: comma-separated list of hostname:port of database replica seed hosts | |
# username: The user name to use for authenticating to the MongoDB server | |
# password: The password to use for authenticating to the MongoDB server | |
# replica_set: uncomment and set this value to the name of replica set configured in MongoDB, | |
# if one is in use | |
# ssl: If True, create the connection to the server using SSL. | |
# ssl_keyfile: A path to the private keyfile used to identify the local connection against | |
# mongod. If included with the certfile then only the ssl_certfile is needed. | |
# ssl_certfile: The certificate file used to identify the local connection against mongod. | |
# verify_ssl: Specifies whether a certificate is required from the other side of the | |
# connection, and whether it will be validated if provided. If it is true, then | |
# the ssl_ca_certs parameter must point to a file of CA certificates used to | |
# validate the connection. | |
# ca_path: The ca_certs file contains a set of concatenated “certification authority” | |
# certificates, which are used to validate certificates passed from the other end | |
# of the connection. | |
# unsafe_autoretry: If true, retry commands to the database if there is a connection error. | |
# Warning: if set to true, this setting can result in duplicate records. | |
# write_concern: Write concern of 'majority' or 'all'. When 'all' is specified, 'w' is set to | |
# number of seeds specified. For version of MongoDB < 2.6, replica_set must also | |
# be specified. Please note that 'all' will cause Pulp to halt if any of the | |
# replica set members is not available. 'majority' is used by defau | |
[database] | |
name: pulp_database | |
seeds: localhost:27017 | |
ssl: false | |
unsafe_autoretry: false | |
# = Server = | |
# | |
# Controls general Pulp web server behavior. | |
# | |
# server_name: hostname the admin client and consumers should use when accessing | |
# the server; if not specified, this defaults to the server's fully qualified | |
# domain name (FQDN) | |
# default_login: default admin username of the Pulp server; this user will be | |
# the first time the server is started | |
# default_password: default password for admin when it is first created; this | |
# should be changed once the server is operational | |
# debugging_mode: boolean; toggles Pulp's debugging capabilities | |
# log_level: The desired logging level. Options are: CRITICAL, ERROR, WARNING, INFO, DEBUG, | |
# and NOTSET. Pulp will default to INFO. | |
# working_directory:path to where pulp workers can create working directories needed to complete tasks | |
[server] | |
server_name: pipeline-katello-nightly-centos7.example.com | |
key_url: /pulp/gpg | |
ks_url: /pulp/ks | |
default_login: admin | |
default_password: 7S6njgC7VYHprQktZJmREXEeM9agFdUS | |
debugging_mode: false | |
log_level: INFO | |
# = Authentication = | |
# | |
# Keys used for message authentication. | |
# | |
# rsa_key: | |
# The RSA private key used for authentication. | |
# rsa_pub: | |
# The RSA public key used for authentication. | |
[authentication] | |
rsa_key = /etc/pki/pulp/rsa.key | |
rsa_pub = /etc/pki/pulp/rsa_pub.key | |
# = Security = | |
# | |
# Controls aspects of the Pulp web server security. | |
# | |
# For production installations, it is recommended that a new CA certificate be | |
# generated for the signing of user and consumer certificates and configured | |
# using the following properties. | |
# | |
# cacert: full path to the CA certificate that will be used to sign consumer | |
# and admin identification certificates; this must match the value of | |
# SSLCACertificateFile in /etc/httpd/conf.d/pulp.conf | |
# Deprecated! - Please note that both cacert and cakey settings will be | |
# removed in the next major release since Pulp will not sign certificates. | |
# However, Pulp will continue to support client certificates generated | |
# by users through Apache and pulp-admin. | |
# | |
# cakey: path to the private key for the above CA certificate | |
# | |
# ssl_ca_certificate: full path to the CA certificate used to sign the Pulp | |
# server's SSL certificate; consumers will use this to verify the | |
# Pulp server's SSL certificate during the SSL handshake | |
# Deprecated! - Please note that this setting will be removed in the next | |
# major release and will be replaced by a setting in the consumer.conf file | |
# that will allow the user to specify a directory path containing certificates. | |
# | |
# user_cert_expiration: number of days a user certificate is valid | |
# | |
# consumer_cert_expiration: number of days a consumer certificate is valid | |
# | |
[security] | |
cacert: /etc/pki/pulp/ca.crt | |
cakey: /etc/pki/pulp/ca.key | |
ssl_ca_certificate: | |
user_cert_expiration: 7 | |
consumer_cert_expiration: 3650 | |
serial_number_path: /var/lib/pulp/sn.dat | |
# -- Advanced Configuration --------------------------------------------------- | |
# = Consumer History = | |
# | |
# Controls the storage of recorded consumer events. | |
# | |
# lifetime: number of days to store consumer events; events older | |
# than this will be purged; set to -1 to disable | |
[consumer_history] | |
lifetime: 180 | |
# = Data Reaping = | |
# | |
# Controls the frequency in which reporting data is automatically removed from | |
# the database. Database entries that exceed the given thresholds will be | |
# deleted from the database when the reaper runs. | |
# | |
# reaper_interval: float; time in days between checks for old data in | |
# the database | |
# | |
# consumer_history: float; time in days to store consumer history events | |
# | |
# repo_sync_history: float; time in days to store repository sync history events | |
# | |
# repo_publish_history: float; time in days to store repository publish history | |
# events | |
# | |
# repo_group_publish_history: float; time in days to store repository group | |
# publish history events | |
# | |
# task_status_history: float; time in days to store task status history in the db | |
# task_result_history: float; time in days to store task results history | |
[data_reaping] | |
reaper_interval: 0.25 | |
archived_calls: 0.5 | |
consumer_history: 60 | |
repo_sync_history: 60 | |
repo_publish_history: 60 | |
repo_group_publish_history: 60 | |
task_status_history: 7 | |
task_result_history: 3 | |
# = LDAP = | |
# | |
# Uncomment the below section with appropriate values to use an external LDAP | |
# server for user authentication. | |
# | |
# enabled: boolean; controls whether or not LDAP authentication is enabled | |
# | |
# uri: url of LDAP server | |
# | |
# base: location in the directory from which the LDAP search begins | |
# | |
# tls: boolean; controls whether or not to use TLS security | |
# | |
# default_role: Id of the role to assign LDAP users to by default. This is | |
# optional. This role must first be created on the Pulp server. If | |
# default_role is not set or doesn't exist, LDAP users are given same | |
# default permissions as local users. | |
# | |
# filter: directive to set more restrictive LDAP filter to limit the LDAP | |
# users who can authenticate to Pulp | |
# Deprecated! Please use apache's mod_authnz_ldap to do preauthentication. See | |
# pulp's user guide for details. | |
# [ldap] | |
# enabled: true # are you sure? This has been deprecated. | |
# uri: ldap://localhost | |
# base: dc=localhost | |
# tls: no | |
# default_role: <role-id> | |
# filter: (gidNumber=200) | |
# = OAuth = | |
# | |
# Uncomment the below section with appropriate values to use OAuth | |
# authentication. | |
# | |
# enabled: boolean; controls whether OAuth authentication is enabled | |
# | |
# oauth_key: string; key to enable OAuth style authentication | |
# | |
# oauth_secret: string; shared secret that can be used for OAuth style | |
# authentication | |
[oauth] | |
enabled: true | |
oauth_key: katello | |
oauth_secret: sh9JGhSG2JQXc9mtCjrCXHNSdyDBSgnp | |
# = Messaging = | |
# | |
# Controls Pulp's configuration of broker settings for communicating to the Consumer Agent. | |
# | |
# url: the url used to contact the broker. This setting uses the form: | |
# | |
# <protocol>://<host>:<port>/<virtual-host> | |
# | |
# Or to use a username and password: | |
# | |
# <protocol>://<user>:<password>@<host>:<port>/<virtual-host> | |
# | |
# Supported <protocol> values are 'tcp' or 'ssl' depending on if SSL should be used or not. | |
# The <virtual-host> is optional, and is only applicable to RabbitMQ broker environments. | |
# | |
# The default broker string is 'tcp://localhost:5672'. | |
# | |
# transport: The type of broker you are connecting to. The default is 'qpid'. For RabbitMQ, | |
# 'rabbitmq' should be used. | |
# | |
# cacert: Absolute path to PEM encoded CA certificate file, used by Pulp to validate the identity | |
# of the broker using SSL. The default is '/etc/pki/qpid/ca/ca.crt'. | |
# | |
# clientcert: Absolute path to PEM encoded file containing both the private key and | |
# certificate Pulp should present to the broker to be authenticated by the broker. The default | |
# is '/etc/pki/qpid/client/client.pem'. | |
# | |
# auth_enabled: | |
# Message authentication enabled flag. The default is 'true' which enables authentication. | |
# To disable authentication, use 'false'. | |
# | |
# topic_exchange: The name of the exchange to use. The exchange must be a topic exchange. The | |
# default is 'amq.topic', which is a default exchange that is guaranteed to exist on a Qpid | |
# broker. This setting is a string, and therefore includes the single quotes. | |
# | |
# event_notifications_enabled: | |
# Enables or disables Pulp event notfications on the message bus. Defaults to 'false'. | |
# | |
# event_notification_url: | |
# The AMQP URL for event notifications. Defaults to 'qpid://localhost:5672/'. | |
[messaging] | |
url: ssl://localhost:5671 | |
transport: qpid | |
auth_enabled: false | |
cacert: /etc/pki/katello/certs/katello-default-ca.crt | |
clientcert: /etc/pki/katello/qpid_client_striped.crt | |
topic_exchange: 'amq.topic' | |
event_notifications_enabled: false | |
# = Asynchronous Tasks = | |
# | |
# Controls Pulp's Celery settings. These settings are used by the Pulp Server and Pulp Workers to | |
# perform asynchronous, server-side task work such as syncing, publishing, or deletion of content. | |
# Communication between these different components occurs through the broker. | |
# | |
# broker_url: A URL to a broker that Celery can use to queue tasks. For example, to configure | |
# Celery with a Qpid backend, set broker_url to: | |
# | |
# qpid://<username>:<password>@<hostname>:<port>/ | |
# | |
# For RabbitMQ you can use the following broker_url style: | |
# | |
# amqp://<username>:<password>@<hostname>:<port>/<vhost> | |
# | |
# celery_require_ssl: Require SSL if set to 'true', otherwise do not require SSL. The default is | |
# 'false'. | |
# | |
# cacert: The absolute path to the PEM encoded CA Certificate allowing identity validation of the | |
# message bus. The default is '/etc/pki/pulp/qpid/ca.crt'. | |
# | |
# keyfile: The absolute path to the keyfile used for authentication to the message bus. This is the | |
# private key that corresponds with the certificate. The default value is | |
# '/etc/pki/pulp/qpid/client.crt'. Sometimes the key is kept in the same file as the | |
# certificate it corresponds with, and the default assumes this is the case. | |
# | |
# certfile: The absolute path to the PEM encoded certificate used for authentication to the message | |
# bus. The default value is '/etc/pki/pulp/qpid/client.crt'. | |
# | |
# login_method: Select the SASL login method used to connect to the broker. This should be left | |
# unset except in special cases such as SSL client certificate authentication. | |
[tasks] | |
broker_url: qpid://localhost:5671 | |
celery_require_ssl: true | |
cacert: /etc/pki/katello/certs/katello-default-ca.crt | |
keyfile: /etc/pki/katello/qpid_client_striped.crt | |
certfile: /etc/pki/katello/qpid_client_striped.crt | |
# = Email = | |
# | |
# Settings that allow the system to send email. It is recommended that | |
# the system relay through a local MTA on the machine. Pulp does not retry in | |
# case of error, so it is important to have a real MTA available locally. | |
# | |
# If there is a need to test email sending, it is recommended to run this: | |
# $ python -m smtpd -n -c DebuggingServer localhost:1025 | |
# which will write each message to stdout. | |
# | |
# host: host name of the MTA pulp should relay through | |
# | |
# port: destination port to connect on | |
# | |
# from: the "From" address of each email the system sends | |
# | |
# enabled: boolean controls whether or not emails will be sent | |
[email] | |
host: localhost | |
port: 25 | |
from: no-reply@example.com | |
enabled: false | |
# = Lazy = | |
# | |
# Settings for lazy content loading. | |
# | |
# enabled: | |
# This controls whether redirect is enabled | |
# | |
# redirect_host: | |
# The host FQDN or IP to which requests are redirected. | |
# | |
# redirect_port: | |
# The TCP port to which requests are redirected | |
# | |
# redirect_path: | |
# The base path to which requests are redirected | |
# | |
# https_retrieval: | |
# boolean; controls whether Pulp uses HTTPS or HTTP to | |
# retrieve content from the streamer. | |
# WARNING: Setting this to 'false' is not safe if you wish | |
# to use Pulp to provide repository entitlement | |
# enforcement. It is strongly recommended to keep | |
# this set to 'true' and use certificates that are | |
# signed by a trusted authority on the web server | |
# that serves as the streamer reverse proxy. | |
# | |
# download_interval: | |
# The interval in minutes between checks for content cached | |
# by the Squid proxy. | |
# | |
# download_concurrency: | |
# The number of downloads to perform concurrently when | |
# downloading content from the Squid cache. | |
[lazy] | |
redirect_host: pipeline-katello-nightly-centos7.example.com | |
redirect_path: /streamer/ | |
https_retrieval: false | |
download_interval: 10 | |
download_concurrency: 5 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment