razor-server/config.yaml.sample at master · nickperry/razor-server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
---
# This is the configuration file for the Razor server. For each
# environment, the file contains a hash of configuration values. The
# special environment 'all' is used to set configuration values for all
# environments
#
# The *database_url* setting must be a connection URL for
# (Sequel)[http://sequel.rubyforge.org/rdoc/files/doc/opening_databases_rdoc.html]

production:
  database_url: 'jdbc:postgresql:razor_prd?user=razor&password=mypass'
development:
  database_url: 'jdbc:postgresql:razor_dev'
test:
  database_url: 'jdbc:postgresql:razor?user=razor&password=mypass'
all:
  # This section configures authentication for the Razor server.
  # Authentication applies to access to the `/api` URL path only.
  auth:
    # You can enable or disable authentication support.  When disabled, all
    # authentication is ignored and access to `/api` is unrestricted.
    # When enabled a valid username and password must be present in all
    # requests to `/api`.
    enabled: false
    # The path to the authentication configuration file.  We use Apache Shiro
    # to manage authentication, since it provides a solid and effective
    # abstraction over common third party sources of authentication and role
    # management information.
    #
    # You can learn more about the content of this file in their documentation:
    # http://shiro.apache.org/configuration.html
    #
    # If this is an absolute path it will be used as-is, but if you give a
    # relative path it is relative to the root directory of the
    # Razor installation.
    config: shiro.ini

  microkernel:
    debug_level: debug
    kernel_args:
    # If this value is present, and points to a zip file, it will be
    # downloaded and unpacked by the MK client prior to checkin.  This allows
    # for custom facts and other code to be shipped to the client without
    # having to rebuild the ISO image.
    #
    # If it is not set, no update will be sent, and the ISO will use only the
    # default facts, etc, available in the default build.
    #
    # extension-zip: /etc/razor/mk-extension.zip

  # Should newly discovered nodes be marked installed?
  protect_new_nodes: false

  # How to match nodes to possibly existing nodes in the database. The node
  # sends us the MAC addresses of its network interfaces, serial number,
  # asset tag, and UUID. We consider two nodes to be the same if they agree
  # on any of the values named in the array +match_nodes_on+. Array entries
  # can be any of 'mac', 'serial', 'asset', or 'uuid', in any order.
  #
  # Note that if you have nodes that have dummy values for one of these,
  # e.g. that all have an asset tag of 'No asset tag' and +match_nodes_on+
  # contains 'asset', all these nodes will be assumed to be the
  # same. Better yet: make sure that +match_nodes_on+ does not contain
  # 'asset' in that situation
  #
  # By default, we only match on MAC's, which is generally safe, but will
  # cause trouble if the NIC's in a node are ever completely
  # replaced. Consider adding one of the other possible values, e.g. 'uuid'
  # to the array
  match_nodes_on:
    - mac
  checkin_interval: 15
  # Colon-separated list of paths; each entry must be a directory in which
  # we should look for tasks
  task_path: tasks
  repo_store_root: /var/lib/razor/repo-store
  # The *broker_path* is a colon separated list of directories containing
  # broker types
  broker_path: brokers
  # The *hook_path* is a colon separated list of directories containing
  # hook types
  hook_path: hooks
  facts:
    # Facts that we should always ignore. These are stripped out before we
    # do anything else with facts coming in from a node. Each entry in this
    # array can either be a string (literal name of a fact) or a regexp
    # enclosed in /../ where any fact that matches the regexp will be
    # dropped
    blacklist:
      - domain
      - filesystems
      - fqdn
      - hostname
      - id
      - /kernel.*/
      - memoryfree
      - memorysize
      - memorytotal
      - /operatingsystem.*/
      - osfamily
      - path
      - ps
      - rubysitedir
      - rubyversion
      - selinux
      - sshdsakey
      - /sshfp_[dr]sa/
      - sshrsakey
      - /swap.*/
      - timezone
      - /uptime.*/
    # Facts that should be used to match nodes on; these are useful if the
    # primary hardware information like MAC addresses has changed (e.g.,
    # because of a motherboard replacement), but you want to make sure that
    # an existing node is still identified as the 'old' node. These facts
    # must be unique across all nodes that Razor manages - otherwise, it
    # will erroneously identify two physically different nodes as the same.
    #
    # The entries in the array follow the same format as those for
    # facts.blacklist
    #match_on:
    #  - unique_fact
    #  - /other_facts_.*/