-
Notifications
You must be signed in to change notification settings - Fork 0
/
mothership.yaml.sample
314 lines (239 loc) · 8.86 KB
/
mothership.yaml.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
---
# Copyright 2011 Gilt Groupe, INC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# General config options
general:
# fqdn/fqun construction happens in this section
# a fqdn in mothership is: server.realm.site_id.domain.tld
# ex: ns1.qa.sfo.localhost.localdomain
# a fqun in mothership is: username.realm.site_id.domain.tld
# ex: dkovach.prod.area51.mywebsite.com
# the domain portion of the fqn
domain: 'localhost.localdomain'
# default contact email address
contact: '[email protected]'
# an array of valid realms. completely arbitrary
# we suggest at least 'prod' and 'qa'
realms: ['prod', 'qa']
# an array of valid site ids. completely arbitrary
# for naming of various geographic locations
# only really useful if you have multiple datacenters
# we default to using international airport callsigns
# since they're 3 letters long and globally unique
site_ids: ['iad', 'sfo']
# default public_ip for use in the network table
# for networks with a default outbound many-to-one NAT,
# this would be the public address
publicip: '123.123.123.123'
# configurable sudo passwords.
# if you use ssh keys and don't want to use passwords
# on user accounts for security reasons, set this to "True"
sudo_nopass: True
# set this to True to prevent root (uid 0) from running
# mothership. mostly useful for auditing purposes
root_lockout: True
# audit log location. this will get a dump of every command
# run in mothership with a timestamp and the user who ran it
audit_log_file: '/var/log/mothership_audit.log'
# Timeframe in which we can't provision stuff
# Set it if you want control when someone can provision servers (or vm)
#min_time: 11
#max_time: 14
# Database options
db:
# db engine, currently mysql and postgresql are supported
engine: 'postgresql'
# username to access the db
#must have write privileges on the db defined in 'dbname' below
user: 'root'
# password to access the db
pass: 'rootpass'
# hostname of the db
hostname: 'localhost'
# db name
dbname: 'mothership'
# Makes sqlalchemy output debug sql statements
# to the console. Normally you should not need this unless
# you are debugging a SQL generation error in sqlalchemy
echo: false
# Cobbler-specific info
cobbler:
# to enable Cobbler integration, set this to True
active: False
# user and pass are added via:
# htdigest /etc/cobbler/users.digest "Cobbler" <user>
user: 'api'
pass: 'api'
# Cobbler host
host: 'localhost'
# for profiles, the following fields MUST be defined in order
# for provisioning to work:
# Name : <cobbler_profile> # the cobbler_profile name
# Comment : <os> # the operating system name
# DHCP Tag : <default-arch> # baremetal | virtual | xenserver
# for example: cobbler profile edit --name="xenserverXYZ" --comment="XenServer X.Y.Z" --dhcp-tag="xenserver"
# define additional cobbler sites
sites:
- id: 'sfo'
user: 'sfo'
pass: 'sfo'
host: 'cm1.prod.sfo'
# for citrix xenserver, define templates for post-install
xentemplates:
'/var/www/cobbler/aux/xenserver/filename.template': '/alias'
# power control options
power:
user: 'vlad'
pass: 'CHANGE_ME_PLEASE'
# Dell Remote Access Controller options
drac:
# turn DRAC functionality on or off
enable: True
dell: 'calvin'
user: 'root'
pass: 'CHANGE_ME_PLEASE'
keys: [ 'root', 'postgres' ]
trust: 'gold'
# SNMP info for network equipment information gathering
snmp:
# an array of ips representing the switches we are interested in
hosts: [ '10.0.0.1', '10.0.0.3' ]
# SNMP version, '2c' is a reasonable default
version: '2c'
# SNMP RO community string. you really should change this
# default for most infrastructure devices is "public"
# you should change this
community: 'public'
# ports to exclude in snmp scan (i.e. bridge ports, etc)
exclude: [ 'No Such', 100 ]
# options for the Key-Value table
kv:
# an array with site and realm info that gets joined into
# the default search path for the key-value functions
search_path: [ ['prod', 'iad'], ['iad'], [] ]
# options for virtual machines
vm:
# minimum number of cpu cores
min_cpu: 1
# minimum size of memory ram in GB
min_ram: 1
# minimum size of virtual disks in GB
min_disk: 25
# Zenoss options
zenoss:
active: False
# Zabbix options
zabbix:
# change to True to enable the Zabbix module.
# VERY IMPORTANT: make sure you have a zabbix server set up
# before enabling this option.
active: False
# Network Config
network:
# This can be set to either 'snmp' or 'curl' depending on
# what style of management you want to use
mgmt_facility: 'snmp'
# Set the interface your management vlan uses
# eth0 is a reasonable default for this
mgmt_interface: 'eth0'
# Set the read-write community string for your switches here
# only applicable if you chose 'snmp' as your facility
mgmt_community: 'CHANGE_ME_PLEASE'
# Set the url for curl to call
# only applicable if you chose 'curl' as your facility
# you must set the user and password in KV
mgmt_enable_url: 'https://change.me/please?enable'
mgmt_disable_url: 'https://change.me/please?disable'
mgmt_status_url: 'https://change.me/please?status'
# Network map, repeat blocks as necessary
map:
- vlan: 100 # the vlan number on switch for this subnet
name: 'prod_web' # logical name for this subnet
cidr: '1.2.3.4/24' # the network/prefix CIDR address for this subnet
gw: '1.2.3.1' # the gateway address for this subnet
nic: 'eth0' # the interface name for this subnet
dom: '.realm.siteid.tld' # the domain suffix to be appended to short-hostnames
1st_static_ip: '10.0.0.10' # the first static ip address for baremetal hosts
1st_dyn_ip: '10.0.50.10' # the first dynamic ip address for virtual instances
# User and Group options
users_and_groups:
# A list containing valid user types
user_types: ['employee', 'consultant', 'system']
# Default user type, for when a user is added without
# any type being specified on the command line
def_user_type: 'employee'
# Default home directory path, will have <username> appended
# eg. hdir: "/home" will yield /home/dkovach
hdir: '/home'
# Default shell. /bin/bash seems to be reasonable
shell: '/bin/bash'
# Default email domain, will have <username> prepended
# eg. email_domain: "company.com" will yield [email protected]
email_domain: 'company.com'
# Start of the reserved UID range
# only change this if you REALLY know what you're doing
uid_start: '500'
# End of the reserved UID range
# for compatibility's sake, assume UIDs are 16-bit
# only change this if you REALLY know what you're doing
uid_end: '65535'
# Start of the reserved GID range
# only change this if you REALLY know what you're doing
gid_start: '500'
# End of the reserved GID range
# for compatibility's sake, assume GIDs are 16-bit
# only change this if you REALLY know what you're doing
gid_end: '65535'
# Array of groups to which ALL users are added
# we recommend populating this with at least one group
# commonly called "users"
default_groups: ['users', 'web']
# LDAP module options
ldap:
# To enable LDAP set this to True
# if you enable this, make sure you set up KV records
# in all your realms' master ldap server(s) for:
# ldap_admin_cn (usually root)
# ldap_admin_pass
# ldap_master_slapd_rootpw
active: False
# OU for users
users_ou: 'users'
# OU for groups
groups_ou: 'groups'
# LDAP connection success code.
# DO NOT CHANGE THIS unless you know what you're doing
ldap_success: '97'
# Default gidNumber for posixGroup , should match value
# associated to the first entry of default_groups array
default_gid: '401'
# DNS module options
dns:
# Location of the dns zone configuration file
# Default is /etc/named/zones.conf
zonecfg: "/etc/named/zones.conf"
# Location of the dns zone files
# Default is: /var/named
zonedir: "/var/named"
# location of the temporary working directory for dns file comparison
# Default is: /tmp
dns_tmpdir: "/tmp"
# Forward zones will be determined by the realms and site_ids
# Reverse zones will be determined by the network map
# Default TTL of zone headers
zonettl: 300
# Other default zone timings
refresh: 21600
retry: 3600
expire: 604800