From Commodious Cat, 4 Weeks ago, written in Plain Text.
  1. # Format:
  2. # <classname>: false - don't include this class
  3. # <classname>: true - include and use the defaults
  4. # <classname>:
  5. #   <param>: <value> - include and override the default(s)
  6. #
  7. # See params.pp in each class for what options are available
  8.  
  9. ---
  10. foreman:
  11.   foreman_url: https://aidrefsrv22.cern.ch
  12.   puppetrun: false
  13.   unattended: true
  14.   unattended_url:
  15.   authentication:
  16.   passenger: true
  17.   passenger_ruby: /usr/bin/tfm-ruby
  18.   passenger_ruby_package: tfm-rubygem-passenger-native
  19.   plugin_prefix: tfm-rubygem-foreman_
  20.   use_vhost: true
  21.   servername: aidrefsrv22.cern.ch
  22.   serveraliases:
  23.   - foreman
  24.   ssl: true
  25.   repo:
  26.   configure_epel_repo: false
  27.   configure_scl_repo: true
  28.   selinux:
  29.   gpgcheck: true
  30.   version: present
  31.   plugin_version: present
  32.   db_manage: true
  33.   db_type: postgresql
  34.   db_adapter:
  35.   db_host:
  36.   db_port:
  37.   db_database:
  38.   db_username: foreman
  39.   db_password: redacted
  40.   db_sslmode:
  41.   db_root_cert:
  42.   db_pool: 5
  43.   db_manage_rake: true
  44.   app_root: /usr/share/foreman
  45.   manage_user: true
  46.   user: foreman
  47.   group: foreman
  48.   user_groups:
  49.   - puppet
  50.   rails_env: production
  51.   locations_enabled:
  52.   organizations_enabled:
  53.   passenger_interface:
  54.   vhost_priority: '05'
  55.   server_port: 80
  56.   server_ssl_port: 443
  57.   server_ssl_ca: /etc/pki/tls/certs/cern-root.pem
  58.   server_ssl_chain: /etc/pki/tls/certs/cern-chain.pem
  59.   server_ssl_cert: /etc/pki/tls/certs/aidrefsrv22.cern.ch.pem
  60.   server_ssl_certs_dir: ''
  61.   server_ssl_key: /etc/pki/tls/private/aidrefsrv22.cern.ch.key
  62.   server_ssl_crl: /etc/pki/tls/crl/cern-bundle.crl
  63.   server_ssl_protocol:
  64.   client_ssl_ca: /etc/pki/tls/certs/cern-chain.pem
  65.   client_ssl_cert: /etc/pki/tls/certs/aidrefsrv22.cern.ch.pem
  66.   client_ssl_key: /etc/pki/tls/private/aidrefsrv22.cern.ch.key
  67.   keepalive: true
  68.   max_keepalive_requests: 100
  69.   keepalive_timeout: 5
  70.   oauth_active: true
  71.   oauth_map_users: false
  72.   oauth_consumer_key: wvLtkHuDXbsdz9hq6Usp47Ao3PsViCHY
  73.   oauth_consumer_secret: omvqkaQgGyCyDhBJLiNWRde4MuAktKtS
  74.   passenger_prestart: true
  75.   passenger_min_instances: 1
  76.   passenger_start_timeout: 90
  77.   initial_admin_username: admin
  78.   initial_admin_password: BellaVista
  79.   initial_admin_first_name:
  80.   initial_admin_last_name:
  81.   initial_admin_email: ''
  82.   initial_organization:
  83.   initial_location:
  84.   ipa_authentication: false
  85.   http_keytab: /etc/httpd/conf/http.keytab
  86.   pam_service: foreman
  87.   ipa_manage_sssd: true
  88.   websockets_encrypt: true
  89.   websockets_ssl_key: /etc/pki/tls/private/aidrefsrv22.cern.ch.cern.ch.key
  90.   websockets_ssl_cert: /etc/pki/tls/certs/aidrefsrv22.cern.ch.cern.ch.pem
  91.   logging_level: info
  92.   logging_type: file
  93.   logging_layout: pattern
  94.   loggers: {}
  95.   email_delivery_method:
  96.   email_smtp_address:
  97.   email_smtp_port: 25
  98.   email_smtp_domain:
  99.   email_smtp_authentication: none
  100.   email_smtp_user_name:
  101.   email_smtp_password:
  102.   telemetry_prefix: fm_rails
  103.   telemetry_prometheus_enabled: false
  104.   telemetry_statsd_enabled: false
  105.   telemetry_statsd_host: 127.0.0.1:8125
  106.   telemetry_statsd_protocol: statsd
  107.   telemetry_logger_enabled: false
  108.   telemetry_logger_level: DEBUG
  109.   dynflow_pool_size: 5
  110.   jobs_service: dynflowd
  111.   hsts_enabled: true
  112. foreman::cli:
  113.   foreman_url:
  114.   version: installed
  115.   manage_root_config: true
  116.   username:
  117.   password:
  118.   refresh_cache: false
  119.   request_timeout: 120
  120.   ssl_ca_file:
  121.   hammer_plugin_prefix: tfm-rubygem-hammer_cli_
  122. foreman::cli::ansible: false
  123. foreman::cli::discovery: false
  124. foreman::cli::openscap: false
  125. foreman::cli::remote_execution: false
  126. foreman::cli::tasks: false
  127. foreman::cli::templates: false
  128. foreman_proxy:
  129.   repo:
  130.   gpgcheck: true
  131.   version: present
  132.   ensure_packages_version: present
  133.   plugin_version: installed
  134.   bind_host:
  135.   - '::'
  136.   http_port: 8000
  137.   ssl_port: 8443
  138.   dir: /usr/share/foreman-proxy
  139.   user: foreman-proxy
  140.   groups: []
  141.   log: /var/log/foreman-proxy/proxy.log
  142.   log_level: INFO
  143.   log_buffer: 2000
  144.   log_buffer_errors: 1000
  145.   http: true
  146.   ssl: true
  147.   ssl_ca: /etc/pki/tls/certs/cern-chain.pem
  148.   ssl_cert: /etc/pki/tls/certs/aidrefsrv22.cern.ch.pem
  149.   ssl_key: /etc/pki/tls/private/aidrefsrv22.cern.ch.key
  150.   foreman_ssl_ca: /etc/pki/tls/certs/cern-chain.pem
  151.   foreman_ssl_cert: /etc/pki/tls/certs/aidrefsrv22.cern.ch.pem
  152.   foreman_ssl_key: /etc/pki/tls/private/aidrefsrv22.cern.ch.key
  153.   trusted_hosts:
  154.   - aidrefsrv22.cern.ch
  155.   ssl_disabled_ciphers: []
  156.   tls_disabled_versions: []
  157.   manage_sudoersd: true
  158.   use_sudoersd: true
  159.   use_sudoers: true
  160.   puppetca: false
  161.   puppetca_listen_on: https
  162.   ssldir: /etc/puppetlabs/puppet/ssl
  163.   puppetdir: /etc/puppetlabs/puppet
  164.   puppetca_cmd: /opt/puppetlabs/bin/puppet cert
  165.   puppet_group: puppet
  166.   puppetca_provider: puppetca_hostname_whitelisting
  167.   autosignfile: /etc/puppetlabs/puppet/autosign.conf
  168.   puppetca_sign_all: false
  169.   puppetca_tokens_file: /var/lib/foreman-proxy/tokens.yml
  170.   puppetca_token_ttl: 360
  171.   puppetca_certificate:
  172.   manage_puppet_group: false
  173.   puppet: false
  174.   puppet_listen_on: https
  175.   puppetrun_cmd: /opt/puppetlabs/bin/puppet kick
  176.   puppetrun_provider:
  177.   customrun_cmd: /bin/false
  178.   customrun_args: -ay -f -s
  179.   mcollective_user: root
  180.   puppetssh_sudo: false
  181.   puppetssh_command: /opt/puppetlabs/bin/puppet agent --onetime --no-usecacheonfailure
  182.   puppetssh_user: root
  183.   puppetssh_keyfile: /etc/foreman-proxy/id_rsa
  184.   puppetssh_wait: false
  185.   salt_puppetrun_cmd: puppet.run
  186.   puppet_user: root
  187.   puppet_url: https://aidrefsrv22.cern.ch:8140
  188.   puppet_ssl_ca: /etc/puppetlabs/puppet/ssl/certs/ca.pem
  189.   puppet_ssl_cert: /etc/puppetlabs/puppet/ssl/certs/aidrefsrv22.cern.ch.pem
  190.   puppet_ssl_key: /etc/puppetlabs/puppet/ssl/private_keys/aidrefsrv22.cern.ch.pem
  191.   puppet_use_environment_api:
  192.   puppet_api_timeout: 30
  193.   templates: true
  194.   templates_listen_on: both
  195.   template_url: http://aidrefsrv22.cern.ch:8000
  196.   logs: true
  197.   logs_listen_on: https
  198.   tftp: true
  199.   tftp_listen_on: https
  200.   tftp_managed: true
  201.   tftp_manage_wget: true
  202.   tftp_syslinux_filenames:
  203.   - /usr/share/syslinux/chain.c32
  204.   - /usr/share/syslinux/mboot.c32
  205.   - /usr/share/syslinux/menu.c32
  206.   - /usr/share/syslinux/memdisk
  207.   - /usr/share/syslinux/pxelinux.0
  208.   tftp_root: /var/lib/tftpboot
  209.   tftp_dirs:
  210.   - /var/lib/tftpboot/pxelinux.cfg
  211.   - /var/lib/tftpboot/grub
  212.   - /var/lib/tftpboot/grub2
  213.   - /var/lib/tftpboot/boot
  214.   - /var/lib/tftpboot/ztp.cfg
  215.   - /var/lib/tftpboot/poap.cfg
  216.   tftp_servername:
  217.   tftp_replace_grub2_cfg: false
  218.   dhcp: false
  219.   dhcp_listen_on: https
  220.   dhcp_managed: true
  221.   dhcp_provider: isc
  222.   dhcp_subnets: []
  223.   dhcp_option_domain:
  224.   - cern.ch
  225.   dhcp_search_domains:
  226.   dhcp_interface: p2p1
  227.   dhcp_additional_interfaces: []
  228.   dhcp_gateway:
  229.   dhcp_range:
  230.   dhcp_pxeserver:
  231.   dhcp_pxefilename: pxelinux.0
  232.   dhcp_network:
  233.   dhcp_netmask:
  234.   dhcp_nameservers: default
  235.   dhcp_server: 127.0.0.1
  236.   dhcp_config: /etc/dhcp/dhcpd.conf
  237.   dhcp_leases: /var/lib/dhcpd/dhcpd.leases
  238.   dhcp_key_name:
  239.   dhcp_key_secret:
  240.   dhcp_omapi_port: 7911
  241.   dhcp_peer_address:
  242.   dhcp_node_type: standalone
  243.   dhcp_failover_address: 10.163.43.10
  244.   dhcp_failover_port: 519
  245.   dhcp_max_response_delay: 30
  246.   dhcp_max_unacked_updates: 10
  247.   dhcp_mclt: 300
  248.   dhcp_load_split: 255
  249.   dhcp_load_balance: 3
  250.   dhcp_manage_acls: true
  251.   dns: false
  252.   dns_listen_on: https
  253.   dns_managed: true
  254.   dns_provider: nsupdate
  255.   dns_interface: p2p1
  256.   dns_zone: cern.ch
  257.   dns_reverse:
  258.   dns_server: 127.0.0.1
  259.   dns_ttl: 86400
  260.   dns_tsig_keytab: /etc/foreman-proxy/dns.keytab
  261.   dns_tsig_principal: foremanproxy/aidrefsrv22.cern.ch@CERN.CH
  262.   dns_forwarders: []
  263.   libvirt_network: default
  264.   libvirt_connection: qemu:///system
  265.   bmc: true
  266.   bmc_listen_on: https
  267.   bmc_default_provider: ipmitool
  268.   bmc_ssh_user: root
  269.   bmc_ssh_key: /usr/share/foreman/.ssh/id_rsa
  270.   bmc_ssh_powerstatus: 'true'
  271.   bmc_ssh_powercycle: shutdown -r +1
  272.   bmc_ssh_poweroff: shutdown +1
  273.   bmc_ssh_poweron: 'false'
  274.   realm: false
  275.   realm_listen_on: https
  276.   realm_provider: freeipa
  277.   realm_keytab: /etc/foreman-proxy/freeipa.keytab
  278.   realm_principal: realm-proxy@EXAMPLE.COM
  279.   freeipa_config: /etc/ipa/default.conf
  280.   freeipa_remove_dns: true
  281.   keyfile: /etc/rndc.key
  282.   register_in_foreman: true
  283.   foreman_base_url: https://aidrefsrv22.cern.ch
  284.   registered_name: aidrefsrv22.cern.ch
  285.   registered_proxy_url:
  286.   oauth_effective_user: admin
  287.   oauth_consumer_key: redacted
  288.   oauth_consumer_secret: redacted
  289.   puppet_use_cache:
  290. puppet: false
  291. foreman::plugin::ansible: {}
  292. foreman::plugin::azure: false
  293. foreman::plugin::bootdisk: false
  294. foreman::plugin::chef: false
  295. foreman::plugin::cockpit: {}
  296. foreman::plugin::default_hostgroup: false
  297. foreman::plugin::dhcp_browser: false
  298. foreman::plugin::digitalocean: false
  299. foreman::plugin::discovery: {}
  300. foreman::plugin::docker: false
  301. foreman::plugin::expire_hosts: false
  302. foreman::plugin::hooks: false
  303. foreman::plugin::host_extra_validator: false
  304. foreman::plugin::memcache: false
  305. foreman::plugin::monitoring: false
  306. foreman::plugin::omaha: false
  307. foreman::plugin::openscap: false
  308. foreman::plugin::ovirt_provision: false
  309. foreman::plugin::puppetdb: false
  310. foreman::plugin::remote_execution: {}
  311. foreman::plugin::salt: false
  312. foreman::plugin::setup: false
  313. foreman::plugin::snapshot_management: false
  314. foreman::plugin::tasks: false
  315. foreman::plugin::templates: {}
  316. foreman::compute::ec2: false
  317. foreman::compute::gce: false
  318. foreman::compute::libvirt: false
  319. foreman::compute::openstack: false
  320. foreman::compute::ovirt: false
  321. foreman::compute::rackspace: false
  322. foreman::compute::vmware: false
  323. foreman_proxy::plugin::abrt: false
  324. foreman_proxy::plugin::ansible:
  325.   enabled: true
  326.   listen_on: https
  327.   ansible_dir: /usr/share/foreman-proxy
  328.   working_dir: /tmp
  329.   host_key_checking: false
  330. foreman_proxy::plugin::chef: false
  331. foreman_proxy::plugin::dhcp::infoblox: false
  332. foreman_proxy::plugin::dhcp::remote_isc: false
  333. foreman_proxy::plugin::discovery:
  334.   install_images: false
  335.   tftp_root: /var/lib/tftpboot
  336.   source_url: http://downloads.theforeman.org/discovery/releases/latest/
  337.   image_name: fdi-image-latest.tar
  338. foreman_proxy::plugin::dns::infoblox: false
  339. foreman_proxy::plugin::dns::powerdns: false
  340. foreman_proxy::plugin::dynflow: false
  341. foreman_proxy::plugin::monitoring: false
  342. foreman_proxy::plugin::omaha: false
  343. foreman_proxy::plugin::openscap: false
  344. foreman_proxy::plugin::pulp: false
  345. foreman_proxy::plugin::remote_execution::ssh:
  346.   enabled: true
  347.   listen_on: https
  348.   generate_keys: true
  349.   install_key: false
  350.   ssh_identity_dir: /var/lib/foreman-proxy/ssh
  351.   ssh_identity_file: id_rsa_foreman_proxy
  352.   ssh_keygen: /usr/bin/ssh-keygen
  353.   local_working_dir: /var/tmp
  354.   remote_working_dir: /var/tmp
  355.   ssh_kerberos_auth: false
  356.   async_ssh: false
  357. foreman_proxy::plugin::salt: false
  358.  
captcha