Created
August 27, 2020 17:59
-
-
Save dk0r/ad492a74034b07f4c1094299d200a53b to your computer and use it in GitHub Desktop.
oncall/configs/config.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
####################### | |
### Oncall-api settings | |
####################### | |
server: | |
host: 0.0.0.0 | |
port: 8080 | |
oncall_host: http://localhost:8080 | |
metrics: dummy | |
db: | |
conn: | |
kwargs: | |
scheme: mysql+pymysql | |
user: root | |
password: "1234" | |
host: 127.0.0.1 | |
port: 3306 | |
database: oncall | |
charset: utf8 | |
echo: True | |
str: "%(scheme)s://%(user)s:%(password)s@%(host)s:%(port)s/%(database)s?charset=%(charset)s" | |
kwargs: | |
pool_recycle: 3600 | |
healthcheck_path: /tmp/status | |
# Keys for encrypting/signing session cookies. | |
# Change to random long values in production. | |
session: | |
encrypt_key: 'abc' | |
sign_key: '123' | |
# Debug mode toggle. Disable in production. | |
# Debug mode disables authentication, allows access to debug-only API endpoints | |
# (used for testing), allows HTTP access, and removes some security headers | |
# from responses. | |
debug: True | |
## To run Oncall without https, set this value to True | |
## WARNING: use this only for debugging purposes, to avoid sending | |
## usernames and passwords in plain text. | |
#allow_http: False | |
# Pluggable authentication module configuration. | |
# Additional auth modules can be added by implementing the Authenticator | |
# class, with two required methods: __init__(self, config) and | |
# authenticate(self, username, password) | |
auth: | |
debug: True | |
module: 'oncall.auth.modules.debug' # Auth module where Authenticator is implemented | |
# Example configuration for LDAP-based auth | |
# module: 'oncall.auth.modules.ldap_example' | |
# module: 'oncall.auth.modules.ldap_import' # for automatically import user at first connexion | |
# ldap_url: 'ldaps://example.com' | |
# ldap_user_suffix: '@example.biz' | |
# ldap_cert_path: '/etc/ldap_cert.pem' | |
# ldap_bind_user: 'cn=binduser,ou=services,dc=company,dc=org' | |
# ldap_bind_password: 'abc123' | |
# ldap_base_dn: 'ou=accounts,dc=company,dc=org' | |
# ldap_search_filter: '(uid=%s)' | |
# options used by the ldap_import module. | |
# import_user: True | |
# attrs: | |
# username: 'uid' | |
# full_name: 'displayName' | |
# email: 'mail' | |
# mobile: 'mobile' | |
# sms: 'phone' | |
# slack: 'uid' | |
############################ | |
### Oncall-notifier settings | |
############################ | |
notifier: | |
# Skip sending messages, log instead | |
skipsend: True | |
# Reminder notification settings | |
notifications: | |
# The notifier will send reminders for events with these roles | |
default_roles: | |
- "primary" | |
- "secondary" | |
- "shadow" | |
- "manager" | |
# Reminders will be sent $x seconds before events start, for $x in this list | |
default_times: | |
- 86400 | |
- 604800 | |
# Reminders are sent using these modes of contact | |
default_modes: | |
- "email" | |
# - "teams_messenger" | |
# Reminder task settings | |
reminder: | |
activated: True | |
polling_interval: 360 # In seconds, the reminder will poll DB for events every $n seconds | |
default_timezone: 'US/Pacific' # Dates/times in the reminders are formatted in this timezone | |
# User validator checks that people scheduled for on-call events have defined phone numbers | |
user_validator: | |
activated: True | |
subject: 'Warning: Missing phone number in Oncall' | |
body: 'You are scheduled for an on-call shift in the future, but have no phone number recorded. Please update your information in Oncall.' | |
# Reminders sent using these messengers | |
messengers: | |
# - type: teams_messenger | |
# webhook: "channel_webhook_url" | |
# | |
# - type: rocketchat_messenger | |
# user: username | |
# password: abc123 | |
# refresh: 60000 | |
# api_host: https://example.rocket.chat | |
# | |
# - type: iris_messenger | |
# application: oncall | |
# iris_api_key: magic | |
# api_host: http://localhost:16649 | |
- type: dummy | |
application: oncall | |
iris_api_key: magic | |
############################ | |
### Oncall frontend settings | |
############################ | |
supported_timezones: | |
- 'US/Pacific' | |
- 'US/Eastern' | |
- 'US/Central' | |
- 'US/Mountain' | |
- 'US/Alaska' | |
- 'US/Hawaii' | |
- 'Asia/Kolkata' | |
- 'Asia/Shanghai' | |
- 'UTC' | |
index_content_setting: | |
# Page footer contents | |
#footer: | | |
# <ul> | |
# <li>Oncall © LinkedIn 2020</li> | |
# <li>Feedback</li> | |
# <li><a href="http://oncall.tools" target="_blank">About</a></li> | |
# </ul> | |
# Note displayed when a user has no phone number | |
missing_number_note: 'No number' | |
header_color: '#3a3a3a' | |
# The base url for the public oncall calendar. This url has to open to the public internet for most web calendar subscriptions to work. | |
# The public calendar url will be formatted as follows: "{public_calendar_base_url}/{ical_key}". | |
# Replace localhost with the hostname of the oncall or iris-relay instance. | |
public_calendar_base_url: 'http://localhost:8080/api/v0/ical' | |
# Additional message you want to put here, could be a link to the FAQ | |
public_calendar_additional_message: 'Link to FAQ' | |
# Integration with Iris, allowing for escalation from Oncall | |
iris_plan_integration: | |
activated: True | |
# Iris app and key settings | |
app: oncall | |
api_key: magic | |
api_host: http://localhost:16649 | |
# API url to get a list of Oncall-compatible plans | |
# This will be /v0/applications/$app_name/plans | |
plan_url: '/v0/applications/oncall/plans' | |
# Plan to follow with urgent escalations; must be a dynamic plan | |
urgent_plan: | |
name: 'Oncall test' | |
# In the Iris plan, dynamic target $n will map to dynamic_targets[$n]. | |
# For example, here, Iris target 0 will be the oncall-primary of the | |
# team, target 1 will be the team, and target 2 will be the manager | |
dynamic_targets: | |
- role: 'oncall-primary' | |
- role: 'team' | |
- role: 'manager' | |
# Similar to above, but for medium teams. | |
medium_plan: | |
name: 'Oncall test' | |
dynamic_targets: | |
- role: 'oncall-primary' | |
- role: 'team' | |
- role: 'manager' | |
# CORS settings | |
# allow_origins_list: | |
# - http://www.example.com | |
# Configures whether Slack settings will appear in the frontend | |
slack_instance: foobar | |
# Setting to determine whether the Oncall API/frontend is available unauthenticated. | |
# Set to True to force login splash page and authentication on API calls and False to allow read | |
# APIs without authentication | |
require_auth: False | |
########################### | |
### Oncall bonus management | |
########################### | |
# add_bonus_events_api: True | |
# bonus_url: 'https://ONCALL_BONUS_TEAMS_ENDPOINT' | |
# bonus_whitelist: | |
# - 'team_foo' | |
# bonus_blacklist: | |
# - 'team_bar' | |
# - 'team_baz' | |
########################## | |
### Oncall user management | |
########################## | |
# # Configure which user_sync module is being used | |
# user_sync: | |
# module: 'oncall.user_sync.ldap_sync' | |
# | |
# # User management by syncing from Slack | |
# slack: | |
# oauth_access_token: 'foo' | |
# | |
# # User management by syncing from LDAP | |
# ldap_sync: | |
# url: 'ldaps://example.com' | |
# base: 'ou=Staff Users,dc=multiforest,dc=biz' | |
# user: 'CN=example,DC=multiforest,DC=biz' | |
# password: 'password' | |
# cert_path: '/etc/ldap_cert.pem' | |
# query: '(&(objectClass=userProxy)(employeeId=*))' | |
# # Map of Oncall user information to LDAP attribute | |
# attrs: | |
# username: 'sAMAccountName' | |
# full_name: 'displayName' | |
# mail: 'mail' | |
# mobile: 'mobile' | |
# image_url: 'https://image.example.com/api/%s/picture' | |
# | |
# | |
# | |
# | |
# | |
# Configure which user_sync module is being used | |
user_sync: | |
module: 'oncall.user_sync.ldap_sync' | |
# User management by syncing from LDAP | |
ldap_sync: | |
url: 'ldap://172.17.0.2:10389' # TODO: Try default port 389 instead of 10389? Try ldaps:// instead and provide cert_path ?? | |
base: 'ou=users,dc=wimpi,dc=net' # TODO: Try ou=roles instead? | |
user: 'UID=oncall,OU=users,DC=wimpi,DC=net' # TODO: Try Caps vs Noncaps? Try including an ou (as shown in admin guide)? | |
password: 'secret' | |
cert_path: '/etc/ldap_cert.pem' # TODO: Get cert from Docker LDAP server and specify path here? Unsure if useful but /etc/ldap/ldap.conf shows LOCAL cert appears to be located @ /etc/ssl/certs/ca-certificates.crt | |
query: '(uid=*)' # TODO: Consider original query: '(&(objectClass=userProxy)(employeeId=*))' # TODO: hmmmmm.... | |
# Map of Oncall user information to LDAP attribute | |
attrs: | |
username: 'uid' | |
full_name: 'cn' | |
mail: 'mail' | |
mobile: 'mobile' | |
image_url: 'https://<redacted>' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment