Joshua M. Boniface
934f73af0f
Add the additional pvc_api_ssl_cert_path and pvc_api_ssl_key_path group_vars options, which can be used to set the SSL details to existing files on the filesystem if desired. If these are empty (or nonexistent), the original pvc_api_ssl_cert and pvc_api_ssl_key raw format options will be used as they were. Allows the administrator to use outside methods (such as Let's Encrypt) to obtain the certs locally on the system, avoiding changes to the group_vars and redeployment to manage SSL keys.
81 lines
3.6 KiB
Django/Jinja
81 lines
3.6 KiB
Django/Jinja
---
|
|
# pvcapid configuration
|
|
# {{ ansible_managed }}
|
|
pvc:
|
|
debug: False
|
|
coordinators:
|
|
{% for node in pvc_nodes if node.is_coordinator %}
|
|
- {{ node.hostname.split('.')[0] }}
|
|
{% endfor %}
|
|
# api: Configuration of the API listener
|
|
api:
|
|
# listen_address: IP address(es) to listen on; use 0.0.0.0 for all interfaces
|
|
listen_address: "{{ pvc_api_listen_address }}"
|
|
# listen_port: TCP port to listen on, usually 7370
|
|
listen_port: "{{ pvc_api_listen_port }}"
|
|
# authentication: Authentication and security settings
|
|
authentication:
|
|
# enabled: Enable or disable authentication (True/False)
|
|
enabled: {{ pvc_api_enable_authentication }}
|
|
# secret_key: Per-cluster secret key for API cookies; generate with uuidgen or pwgen
|
|
secret_key: "{{ pvc_api_secret_key }}"
|
|
# tokens: a list of authentication tokens; leave as an empty list to disable authentication
|
|
tokens:
|
|
{% for token in pvc_api_tokens %}
|
|
- description: "{{ token.description }}"
|
|
token: "{{ token.token }}"
|
|
{% endfor %}
|
|
# ssl: SSL configuration
|
|
ssl:
|
|
# enabled: Enabled or disable SSL operation (True/False)
|
|
enabled: {{ pvc_api_enable_ssl }}
|
|
# cert_file: SSL certificate file
|
|
{% if pvc_api_ssl_cert_path is defined and pvc_api_ssl_cert_path %}
|
|
cert_file: "{{ pvc_api_ssl_cert_path }}"
|
|
{% else %}
|
|
cert_file: "/etc/pvc/api-cert.pem"
|
|
{% endif %}
|
|
# key_file: SSL certificate key file
|
|
{% if pvc_api_ssl_key_path is defined and pvc_api_ssl_key_path %}
|
|
key_file: "{{ pvc_api_ssl_key_path }}"
|
|
{% else %}
|
|
key_file: "/etc/pvc/api-key.pem"
|
|
{% endif %}
|
|
# provisioner: Configuration of the Provisioner API listener
|
|
provisioner:
|
|
# database: Backend database configuration
|
|
database:
|
|
# host: PostgreSQL hostname, usually 'localhost'
|
|
host: localhost
|
|
# port: PostgreSQL port, invariably '5432'
|
|
port: 5432
|
|
# name: PostgreSQL database name, invariably 'pvcapi'
|
|
name: {{ pvc_api_database_name }}
|
|
# user: PostgreSQL username, invariable 'pvcapi'
|
|
user: {{ pvc_api_database_user }}
|
|
# pass: PostgreSQL user password, randomly generated
|
|
pass: {{ pvc_api_database_password }}
|
|
# queue: Celery backend queue using the PVC Zookeeper cluster
|
|
queue:
|
|
# host: Redis hostname, usually 'localhost'
|
|
host: localhost
|
|
# port: Redis port, invariably '6279'
|
|
port: 6379
|
|
# path: Redis queue path, invariably '/0'
|
|
path: /0
|
|
# ceph_cluster: Information about the Ceph storage cluster
|
|
ceph_cluster:
|
|
# storage_hosts: The list of hosts that the Ceph monitors are valid on; if empty (the default),
|
|
# uses the list of coordinators
|
|
storage_hosts:
|
|
{% for node in pvc_nodes if node.is_coordinator %}
|
|
- {{ node.hostname.split('.')[0] }}
|
|
{% endfor %}
|
|
# storage_domain: The storage domain name, concatenated with the coordinators list names
|
|
# to form monitor access strings
|
|
storage_domain: {{ pvc_storage_domain }}
|
|
# ceph_monitor_port: The port that the Ceph monitor on each coordinator listens on
|
|
ceph_monitor_port: 6789
|
|
# ceph_storage_secret_uuid: Libvirt secret UUID for Ceph storage access
|
|
ceph_storage_secret_uuid: {{ pvc_ceph_storage_secret_uuid }}
|