Complete configuration of API via Ansible
This commit is contained in:
parent
32bcbbeca0
commit
5d3de3ece2
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# Logging
|
# Logging configuration
|
||||||
pvc_log_to_file: True
|
pvc_log_to_file: True
|
||||||
pvc_log_to_stdout: True
|
pvc_log_to_stdout: True
|
||||||
pvc_log_keepalives: True
|
pvc_log_keepalives: True
|
||||||
|
|
@ -7,18 +7,24 @@ pvc_log_keepalive_cluster_details: True
|
||||||
pvc_log_keepalive_storage_details: True
|
pvc_log_keepalive_storage_details: True
|
||||||
pvc_log_console_lines: 1000
|
pvc_log_console_lines: 1000
|
||||||
|
|
||||||
# Client API authentication configuration
|
# Client API configuration
|
||||||
# > If the key is left blank, the API will listen UNAUTHENTICATED on all IP addresses of the
|
|
||||||
# current primary node; use this with care and not in unsecured environments (e.g. if the
|
|
||||||
# upstream network is untrusted).
|
|
||||||
pvc_api_authentication_key: "" # Use pwgen to generate
|
|
||||||
pvc_api_listen_address: "0.0.0.0"
|
pvc_api_listen_address: "0.0.0.0"
|
||||||
pvc_api_listen_port: "7370"
|
pvc_api_listen_port: "7370"
|
||||||
|
pvc_api_enable_authentication: False
|
||||||
|
pvc_api_secret_key: ""
|
||||||
|
pvc_api_tokens:
|
||||||
|
- description: "myuser"
|
||||||
|
token: ""
|
||||||
|
pvc_api_enable_ssl: False
|
||||||
|
pvc_api_ssl_cert: >
|
||||||
|
# A RAW CERTIFICATE FILE, installed to /etc/pvc/api-cert.pem
|
||||||
|
pvc_api_ssl_key: >
|
||||||
|
# A RAW KEY FILE, installed to /etc/pvc/api-key.pem
|
||||||
|
|
||||||
# Ceph storage
|
# Ceph storage configuration
|
||||||
pvc_ceph_storage_secret_uuid: "" # Use uuidgen to generate
|
pvc_ceph_storage_secret_uuid: "" # Use uuidgen to generate
|
||||||
|
|
||||||
# Database configurations
|
# Database configuration
|
||||||
pvc_dns_database_name: "pvcdns"
|
pvc_dns_database_name: "pvcdns"
|
||||||
pvc_dns_database_user: "pvcdns"
|
pvc_dns_database_user: "pvcdns"
|
||||||
pvc_dns_database_password: "" # Use pwgen to generate
|
pvc_dns_database_password: "" # Use pwgen to generate
|
||||||
|
|
|
||||||
|
|
@ -12,21 +12,38 @@
|
||||||
|
|
||||||
- name: install pvc configurations
|
- name: install pvc configurations
|
||||||
template:
|
template:
|
||||||
src: pvc/{{ item }}.yaml.j2
|
src: pvc/{{ item }}.j2
|
||||||
dest: /etc/pvc/{{ item }}.yaml
|
dest: /etc/pvc/{{ item }}
|
||||||
notify:
|
notify:
|
||||||
- restart {{ item }}
|
- restart pvcd
|
||||||
with_items:
|
with_items:
|
||||||
- pvcd
|
- pvcd.yaml
|
||||||
- pvc-api
|
- pvc-api.yaml
|
||||||
|
|
||||||
|
- name: install API SSL certificate file
|
||||||
|
copy:
|
||||||
|
content: "{{ pvc_api_ssl_cert }}"
|
||||||
|
dest: /etc/pvc/api-cert.pem
|
||||||
|
mode: 0644
|
||||||
|
no_log: True
|
||||||
|
when: pvc_api_enable_ssl
|
||||||
|
|
||||||
|
- name: install API SSL key file
|
||||||
|
copy:
|
||||||
|
content: "{{ pvc_api_ssl_key }}"
|
||||||
|
dest: /etc/pvc/api-key.pem
|
||||||
|
mode: 0640
|
||||||
|
no_log: True
|
||||||
|
when: pvc_api_enable_ssl
|
||||||
|
|
||||||
- name: stop and disable unneccessary services
|
- name: stop and disable unneccessary services
|
||||||
service:
|
service:
|
||||||
name: "{{ item }}"
|
name: "{{item }}"
|
||||||
state: stopped
|
state: stopped
|
||||||
enabled: no
|
enabled: no
|
||||||
with_items:
|
with_items:
|
||||||
- pdns.service
|
- pdns.service
|
||||||
|
- dnsmasq.service
|
||||||
|
|
||||||
- include: pvc/bootstrap.yml
|
- include: pvc/bootstrap.yml
|
||||||
when: bootstrap is defined and bootstrap
|
when: bootstrap is defined and bootstrap
|
||||||
|
|
|
||||||
|
|
@ -3,11 +3,40 @@
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
pvc:
|
pvc:
|
||||||
coordinators:
|
coordinators:
|
||||||
{% for node in pvc_nodes if node.is_coordinator %}
|
|
||||||
- {{ node.hostname }}.{{ pvc_cluster_domain }}
|
|
||||||
{% endfor %}
|
|
||||||
api:
|
api:
|
||||||
listen_address: "{{ pvc_api_listen_address }}"
|
listen_address: "{{ pvc_api_listen_address }}"
|
||||||
listen_port: "{{ pvc_api_listen_port }}"
|
listen_port: "{{ pvc_api_listen_port }}"
|
||||||
authentication:
|
authentication:
|
||||||
key: "{{ pvc_api_authentication_key }}"
|
key: "{{ pvc_api_authentication_key }}"
|
||||||
|
|
||||||
|
pvc:
|
||||||
|
coordinators:
|
||||||
|
{% for node in pvc_nodes if node.is_coordinator %}
|
||||||
|
- {{ node.hostname }}
|
||||||
|
{% endfor %}
|
||||||
|
# api: Configuration of the API listener
|
||||||
|
api:
|
||||||
|
# listen_address: IP address(es) to listen on; use 0.0.0.0 for all interfaces
|
||||||
|
listen_address: "{{ pvc_api_listen_address }}"
|
||||||
|
# listen_port: TCP port to listen on, usually 7370
|
||||||
|
listen_port: "{{ pvc_api_listen_port }}"
|
||||||
|
# authentication: Authentication and security settings
|
||||||
|
authentication:
|
||||||
|
# enabled: Enable or disable authentication (True/False)
|
||||||
|
enabled: {{ pvc_api_enable_authentication }}
|
||||||
|
# secret_key: Per-cluster secret key for API cookies; generate with uuidgen or pwgen
|
||||||
|
secret_key: "{{ pvc_api_secret_key }}"
|
||||||
|
# tokens: a list of authentication tokens; leave as an empty list to disable authentication
|
||||||
|
tokens:
|
||||||
|
{% for token in pvc_api_tokens %}
|
||||||
|
- description: "{{ token.description }}"
|
||||||
|
token: "{{ token.token }}"
|
||||||
|
{% endfor %}
|
||||||
|
# ssl: SSL configuration
|
||||||
|
ssl:
|
||||||
|
# enabled: Enabled or disable SSL operation (True/False)
|
||||||
|
enabled: {{ pvc_api_enable_ssl }}
|
||||||
|
# cert_file: SSL certificate file
|
||||||
|
cert_file: "/etc/pvc/api-cert.pem"
|
||||||
|
# key_file: SSL certificate key file
|
||||||
|
key_file: "/etc/pvc/api-key.pem"
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue