Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # =========================
- # Pulp Server Configuration
- # =========================
- # The settings in this file are all commented by default, and the commented settings show the
- # default values that Pulp Server will choose if not specified here.
- # -- Common Configuration -----------------------------------------------------
- # = Database =
- #
- # Controls the behavior of MongoDB under Pulp's usage.
- #
- # Authentication - If the username and the password keys have values provided,
- # the pulp server will attempt to authenticate to the MongoDB server. The
- # username and password provided here will be used to authenticate with the
- # database specified in the name field.
- #
- # Replica Sets - If more than one seed is provided, a connection will be attempted to each seed
- # until a connection is made. When multiple seeds are provided, the 'replica_set' value must also
- # be specified.
- #
- # name: name of the database to use
- # seeds: comma-separated list of hostname:port of database replica seed hosts
- # username: The user name to use for authenticating to the MongoDB server
- # password: The password to use for authenticating to the MongoDB server
- # replica_set: uncomment and set this value to the name of replica set configured in MongoDB,
- # if one is in use
- # ssl: If True, create the connection to the server using SSL.
- # ssl_keyfile: A path to the private keyfile used to identify the local connection against
- # mongod. If included with the certfile then only the ssl_certfile is needed.
- # ssl_certfile: The certificate file used to identify the local connection against mongod.
- # verify_ssl: Specifies whether a certificate is required from the other side of the
- # connection, and whether it will be validated if provided. If it is true, then
- # the ssl_ca_certs parameter must point to a file of CA certificates used to
- # validate the connection.
- # ca_path: The ca_certs file contains a set of concatenated “certification authority”
- # certificates, which are used to validate certificates passed from the other end
- # of the connection.
- # unsafe_autoretry: If true, retry commands to the database if there is a connection error.
- # Warning: if set to true, this setting can result in duplicate records.
- # write_concern: Write concern of 'majority' or 'all'. When 'all' is specified, 'w' is set to
- # number of seeds specified. For version of MongoDB < 2.6, replica_set must also
- # be specified. Please note that 'all' will cause Pulp to halt if any of the
- # replica set members is not available. 'majority' is used by default.
- [database]
- # name: pulp_database
- # seeds: localhost:27017
- # username:
- # password:
- # replica_set:
- # ssl: false
- # ssl_keyfile:
- # ssl_certfile:
- # verify_ssl: true
- # ca_path: /etc/pki/tls/certs/ca-bundle.crt
- # unsafe_autoretry: false
- # write_concern: majority
- # = Server =
- #
- # Controls general Pulp web server behavior.
- #
- # server_name: hostname the admin client and consumers should use when accessing
- # the server; if not specified, this defaults to the server's fully qualified
- # domain name (FQDN)
- # default_login: default admin username of the Pulp server; this user will be
- # the first time the server is started
- # default_password: default password for admin when it is first created; this
- # should be changed once the server is operational
- # debugging_mode: boolean; toggles Pulp's debugging capabilities
- # log_level: The desired logging level. Options are: CRITICAL, ERROR, WARNING, INFO, DEBUG,
- # and NOTSET. Pulp will default to INFO.
- # working_directory:path to where pulp workers can create working directories needed to complete tasks
- [server]
- # server_name: server_hostname
- # key_url: /pulp/gpg
- # ks_url: /pulp/ks
- # default_login: admin
- # default_password: admin
- # debugging_mode: false
- log_level: DEBUG
- # working_directory: /var/cache/pulp
- # = Authentication =
- #
- # Keys used for message authentication.
- #
- # rsa_key:
- # The RSA private key used for authentication.
- # rsa_pub:
- # The RSA public key used for authentication.
- [authentication]
- # rsa_key = /etc/pki/pulp/rsa.key
- # rsa_pub = /etc/pki/pulp/rsa_pub.key
- # = Security =
- #
- # Controls aspects of the Pulp web server security.
- #
- # For production installations, it is recommended that a new CA certificate be
- # generated for the signing of user and consumer certificates and configured
- # using the following properties.
- #
- # cacert: full path to the CA certificate that will be used to sign consumer
- # and admin identification certificates; this must match the value of
- # SSLCACertificateFile in /etc/httpd/conf.d/pulp.conf
- # Deprecated! - Please note that both cacert and cakey settings will be
- # removed in the next major release since Pulp will not sign certificates.
- # However, Pulp will continue to support client certificates generated
- # by users through Apache and pulp-admin.
- #
- # cakey: path to the private key for the above CA certificate
- #
- # ssl_ca_certificate: full path to the CA certificate used to sign the Pulp
- # server's SSL certificate; consumers will use this to verify the
- # Pulp server's SSL certificate during the SSL handshake
- # Deprecated! - Please note that this setting will be removed in the next
- # major release and will be replaced by a setting in the consumer.conf file
- # that will allow the user to specify a directory path containing certificates.
- #
- # user_cert_expiration: number of days a user certificate is valid
- #
- # consumer_cert_expiration: number of days a consumer certificate is valid
- #
- [security]
- # cacert: /etc/pki/pulp/ca.crt # Deprecated! See above description for details.
- # cakey: /etc/pki/pulp/ca.key # Deprecated! See above description for details.
- # ssl_ca_certificate: /etc/pki/pulp/ssl_ca.crt # Deprecated! See above description for details.
- # user_cert_expiration: 7
- # consumer_cert_expiration: 3650
- # serial_number_path: /var/lib/pulp/sn.dat
- # -- Advanced Configuration ---------------------------------------------------
- # = Consumer History =
- #
- # Controls the storage of recorded consumer events.
- #
- # lifetime: number of days to store consumer events; events older
- # than this will be purged; set to -1 to disable
- [consumer_history]
- # lifetime: 180
- # = Data Reaping =
- #
- # Controls the frequency in which reporting data is automatically removed from
- # the database. Database entries that exceed the given thresholds will be
- # deleted from the database when the reaper runs.
- #
- # reaper_interval: float; time in days between checks for old data in
- # the database
- #
- # consumer_history: float; time in days to store consumer history events
- #
- # repo_sync_history: float; time in days to store repository sync history events
- #
- # repo_publish_history: float; time in days to store repository publish history
- # events
- #
- # repo_group_publish_history: float; time in days to store repository group
- # publish history events
- #
- # task_status_history: float; time in days to store task status history in the db
- # task_result_history: float; time in days to store task results history
- [data_reaping]
- # reaper_interval: 0.25
- # consumer_history: 60
- # repo_sync_history: 60
- # repo_publish_history: 60
- # repo_group_publish_history: 60
- # task_status_history: 7
- # task_result_history: 3
- # = LDAP =
- #
- # Uncomment the below section with appropriate values to use an external LDAP
- # server for user authentication.
- #
- # enabled: boolean; controls whether or not LDAP authentication is enabled
- #
- # uri: url of LDAP server
- #
- # base: location in the directory from which the LDAP search begins
- #
- # tls: boolean; controls whether or not to use TLS security
- #
- # default_role: Id of the role to assign LDAP users to by default. This is
- # optional. This role must first be created on the Pulp server. If
- # default_role is not set or doesn't exist, LDAP users are given same
- # default permissions as local users.
- #
- # filter: directive to set more restrictive LDAP filter to limit the LDAP
- # users who can authenticate to Pulp
- # Deprecated! Please use apache's mod_authnz_ldap to do preauthentication. See
- # pulp's user guide for details.
- # [ldap]
- # enabled: true # are you sure? This has been deprecated.
- # uri: ldap://localhost
- # base: dc=localhost
- # tls: no
- # default_role: <role-id>
- # filter: (gidNumber=200)
- # = OAuth =
- #
- # Uncomment the below section with appropriate values to use OAuth
- # authentication.
- #
- # enabled: boolean; controls whether OAuth authentication is enabled
- #
- # oauth_key: string; key to enable OAuth style authentication
- #
- # oauth_secret: string; shared secret that can be used for OAuth style
- # authentication
- [oauth]
- # enabled: true
- # oauth_key:
- # oauth_secret:
- # = Messaging =
- #
- # Controls Pulp's configuration of broker settings for communicating to the Consumer Agent.
- #
- # url: the url used to contact the broker. This setting uses the form:
- #
- # <protocol>://<host>:<port>/<virtual-host>
- #
- # Or to use a username and password:
- #
- # <protocol>://<user>:<password>@<host>:<port>/<virtual-host>
- #
- # Supported <protocol> values are 'tcp' or 'ssl' depending on if SSL should be used or not.
- # The <virtual-host> is optional, and is only applicable to RabbitMQ broker environments.
- #
- # The default broker string is 'tcp://localhost:5672'.
- #
- # transport: The type of broker you are connecting to. The default is 'qpid'. For RabbitMQ,
- # 'rabbitmq' should be used.
- #
- # cacert: Absolute path to PEM encoded CA certificate file, used by Pulp to validate the identity
- # of the broker using SSL. The default is '/etc/pki/qpid/ca/ca.crt'.
- #
- # clientcert: Absolute path to PEM encoded file containing both the private key and
- # certificate Pulp should present to the broker to be authenticated by the broker. The default
- # is '/etc/pki/qpid/client/client.pem'.
- #
- # auth_enabled:
- # Message authentication enabled flag. The default is 'true' which enables authentication.
- # To disable authentication, use 'false'.
- #
- # topic_exchange: The name of the exchange to use. The exchange must be a topic exchange. The
- # default is 'amq.topic', which is a default exchange that is guaranteed to exist on a Qpid
- # broker. This setting is a string, and therefore includes the single quotes.
- #
- # event_notifications_enabled:
- # Enables or disables Pulp event notfications on the message bus. Defaults to 'false'.
- #
- # event_notification_url:
- # The AMQP URL for event notifications. Defaults to 'qpid://localhost:5672/'.
- [messaging]
- # url: tcp://localhost:5672
- transport: rabbitmq
- # auth_enabled: true
- # cacert: /etc/pki/qpid/ca/ca.crt
- # clientcert: /etc/pki/qpid/client/client.pem
- # topic_exchange: 'amq.topic'
- # event_notifications_enabled: false
- event_notification_url: amqp://guest:guest@localhost:5672/
- # = Asynchronous Tasks =
- #
- # Controls Pulp's Celery settings. These settings are used by the Pulp Server and Pulp Workers to
- # perform asynchronous, server-side task work such as syncing, publishing, or deletion of content.
- # Communication between these different components occurs through the broker.
- #
- # broker_url: A URL to a broker that Celery can use to queue tasks. For example, to configure
- # Celery with a Qpid backend, set broker_url to:
- #
- # qpid://<username>:<password>@<hostname>:<port>/
- #
- # For RabbitMQ you can use the following broker_url style:
- #
- # amqp://<username>:<password>@<hostname>:<port>/<vhost>
- #
- # celery_require_ssl: Require SSL if set to 'true', otherwise do not require SSL. The default is
- # 'false'.
- #
- # cacert: The absolute path to the PEM encoded CA Certificate allowing identity validation of the
- # message bus. The default is '/etc/pki/pulp/qpid/ca.crt'.
- #
- # keyfile: The absolute path to the keyfile used for authentication to the message bus. This is the
- # private key that corresponds with the certificate. The default value is
- # '/etc/pki/pulp/qpid/client.crt'. Sometimes the key is kept in the same file as the
- # certificate it corresponds with, and the default assumes this is the case.
- #
- # certfile: The absolute path to the PEM encoded certificate used for authentication to the message
- # bus. The default value is '/etc/pki/pulp/qpid/client.crt'.
- #
- # login_method: Select the SASL login method used to connect to the broker. This should be left
- # unset except in special cases such as SSL client certificate authentication.
- [tasks]
- broker_url: amqp://guest:guest@localhost/
- # celery_require_ssl: false
- # cacert: /etc/pki/pulp/qpid/ca.crt
- # keyfile: /etc/pki/pulp/qpid/client.crt
- # certfile: /etc/pki/pulp/qpid/client.crt
- # login_method:
- # = Email =
- #
- # Settings that allow the system to send email. It is recommended that
- # the system relay through a local MTA on the machine. Pulp does not retry in
- # case of error, so it is important to have a real MTA available locally.
- #
- # If there is a need to test email sending, it is recommended to run this:
- # $ python -m smtpd -n -c DebuggingServer localhost:1025
- # which will write each message to stdout.
- #
- # host: host name of the MTA pulp should relay through
- #
- # port: destination port to connect on
- #
- # from: the "From" address of each email the system sends
- #
- # enabled: boolean controls whether or not emails will be sent
- [email]
- # host: localhost
- # port: 25
- # from: no-reply@your.domain
- # enabled: false
- # = Lazy =
- #
- # Settings for lazy content loading.
- #
- # redirect_host:
- # The host FQDN or IP to which requests are redirected. Defaults to
- # the local host's fully qualified domain name.
- #
- # redirect_port:
- # The TCP port to which requests are redirected. By default no port
- # is stated explicitly so an HTTP redirect will use port 80 and an
- # HTTPS redirect will use port 443. The protocol used will match the
- # protocol the client used for the initial request.
- #
- # redirect_path:
- # The base path to which requests are redirected. Defaults to /streamer/
- #
- # https_retrieval:
- # boolean; controls whether Pulp uses HTTPS or HTTP to
- # retrieve content from the streamer.
- # WARNING: Setting this to 'false' is not safe if you wish
- # to use Pulp to provide repository entitlement
- # enforcement. It is strongly recommended to keep
- # this set to 'true' and use certificates that are
- # signed by a trusted authority on the web server
- # that serves as the streamer reverse proxy.
- #
- # download_interval:
- # The interval in minutes between checks for content cached
- # by the Squid proxy.
- #
- # download_concurrency:
- # The number of downloads to perform concurrently when
- # downloading content from the Squid cache.
- [lazy]
- # redirect_host:
- # redirect_port:
- # redirect_path:
- # https_retrieval: true
- # download_interval: 30
- # download_concurrency: 5
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement