# ========================= # Pulp Server Configuration # ========================= # -- Common Configuration ----------------------------------------------------- # = Database = # # Controls the behavior of MongoDB under Pulp's usage. # # name: name of the database to use # seeds: comma-separated list of hostname:port of database replica seed hosts # operation_retries: number of retries on database operations to # perform before giving up and reporting an error [database] name: pulp_database seeds: localhost:27017 operation_retries: 2 # = Server = # # Controls general Pulp web server behavior. # # server_name: hostname the admin client and consumers should use when accessing # the server; if not specified, this is defaulted to the server's hostname # default_login: default admin username of the Pulp server; this user will be # the first time the server is started # default_password: default password for admin when it is first created; this # should be changed once the server is operational # debugging_mode: boolean; toggles Pulp's debugging capabilities [server] server_name: pulppuppet01sand.brusselsairport.*** key_url: /pulp/gpg ks_url: /pulp/ks default_login: admin default_password: admin debugging_mode: true # = Security = # # Controls aspects of the Pulp web server security. # # For production installations, it is recommended that a new CA certificate be # generated for the signing of user and consumer certificates and configured # using the following properties. # # cacert: full path to the CA certificate that will be used to sign consumer # and admin identification certificates; this must match the value of # SSLCACertificateFile in /etc/httpd/conf.d/pulp.conf # # cakey: path to the private key for the above CA certificate # # ssl_ca_certificate: full path to the CA certificate used to sign the Pulp # server's SSL certificate; consumers will use this to verify the # Pulp server's SSL certificate during the SSL handshake # # user_cert_expiration: number of days a user certificate is valid # # consumer_cert_expiration: number of days a consumer certificate is valid [security] cacert: /etc/pki/tls/pulpserver.crt cakey: /etc/pki/tls/pulpserver.key ssl_ca_certificate: /etc/pki/pulp/ssl_ca.crt user_cert_expiration: 365 consumer_cert_expiration: 3650 serial_number_path: /var/lib/pulp/sn.dat # -- Advanced Configuration --------------------------------------------------- # = Consumer History = # # Controls the storage of recorded consumer events. # # lifetime: number of days to store consumer events; events older # than this will be purged; set to -1 to disable [consumer_history] lifetime: 180 # = Coordinator = # # Controls the behavior of conflict resolution in Pulp's asynchronous dispatch # subsystem. # # task_state_poll_interval: float; seconds to wait between polling for a change # in a task's state [coordinator] task_state_poll_interval: 0.1 # = Data Reaping = # # Controls the frequency in which reporting data is automatically removed from # the database. Database entries that exceed the given thresholds will be # deleted from the database when the reaper runs. # # reaper_interval: float; time in days between checks for old data in # the database # # archived_calls: float; time in days to store archived calls # # consumer_history: float; time in days to store consumer history events # # repo_sync_history: float; time in days to store repository sync history events # # repo_publish_history: float; time in days to store repository publish history # events # # repo_group_publish_history: float; time in days to store repository group # publish history events [data_reaping] reaper_interval: 0.25 archived_calls: 0.5 consumer_history: 60 repo_sync_history: 60 repo_publish_history: 60 repo_group_publish_history: 60 # = LDAP = # # Uncomment the below section with appropriate values to use an external LDAP # server for user authentication. # # enabled: boolean; controls whether or not LDAP authentication is enabled # # uri: url of LDAP server # # base: location in the directory from which the LDAP search begins # # tls: boolean; controls whether or not to use TLS security # # default_role: Id of the role to assign LDAP users to by default. This is # optional. This role must first be created on the Pulp server. If # default_role is not set or doesn't exist, LDAP users are given same # default permissions as local users. # # filter: directive to set more restrictive LDAP filter to limit the LDAP # users who can authenticate to Pulp # [ldap] # enabled: true # uri: ldap://localhost # base: dc=localhost # tls: no # default_role: # filter: (gidNumber=200) # = OAuth = # # Uncomment the below section with appropriate values to use OAuth # authentication. # # enabled: boolean; controls whether OAuth authentication is enabled # # oauth_key: string; key to enable OAuth style authentication # # oauth_secret: string; shared secret that can be used for OAuth style # authentication # [oauth] #enabled: true #oauth_key: QHQANGTA #oauth_secret: 0UYG59NI # = Logging = # # Controls the logging behavior of Pulp. # # config: full path to the logging config file for the Pulp server # # db_config: full path to the logging config file for database specific # operations [logs] config: /etc/pulp/logging/basic.cfg db_config: /etc/pulp/logging/db.cfg # = Messaging = # # Controls Pulp's configuration of QPID for remote messaging. # # url: the url used to contact the broker in the form # ://:; transport can be 'tcp' or 'ssl' # # cacert: full path to PEM encoded CA certificate file, used when Pulp connects # to a broker over SSL # # clientcert: full path to PEM encoded file containing both the private key and # certificate Pulp should present to the broker to be authenticated # # topic_exchange: name of the exchange to use; must be a topic exchange; # defaults to "amq.topic", which is a default exchange that # is guaranteed to exist on the broker # # The format for the following timeouts is :. The # timeout is the number of seconds to wait for the consumer to acknowledge and # begin handling the request before indicating a timeout has occurred. The # timeout is how long the consumer is allowed to act on the request # before the server considers the entire request timed out. # # unit_install_timeout: messaging timeout in seconds for unit installs # # unit_update_timeout: messaging timeout in seconds for unit updates # # unit_uninstall_timeout: messaging timeout in seconds for unit uninstalls # # bind_timeout: messaging timeout in seconds for bind requests # # unbind_timeout: messaging timeout in seconds for unbind requests [messaging] url: tcp://pulppuppet01sand.brusselsairport.aero:5672 #cacert: /etc/pki/qpid/ca/ca.crt #clientcert: /etc/pki/qpid/client/client.pem #topic_exchange: 'amq.topic' #install_timeout: 10:10800 #update_timeout: 10:10800 #uninstall_timeout: 10:10800 #bind_timeout: 2592000:600 #unbind_timeout: 2592000:600 # = Scheduler = # # Controls the scheduling portion of Pulp's asynchronous dispatch subsystem. # # dispatch_interval: float; seconds to wait between checking for the presence of # scheduled calls to dispatch [scheduler] dispatch_interval: 30 # = Asynchronous Tasks = # # Controls the behavior of individual tasks in Pulp's asynchronous dispatch # subsystem. # # concurrency_threshold: maximum sum weight of tasks to run in parallel; # base task weight is 1 # # dispatch_interval: float; seconds to wait before checking for new to tasks # to dispatch # # archived_call_lifetime: the amount of time in hours to store archived call # requests and call reports # # consumer_content_weight: concurrency weight of consumer content tasks # (install, update, uninstall) # # create_weight: concurrency weight of all resource creation tasks # # publish_weight: concurrency weight of repository publish tasks # # sync_weight: concurrency weight of repository sync tasks [tasks] concurrency_threshold: 9 dispatch_interval: 0.5 archived_call_lifetime: 48 consumer_content_weight: 0 create_weight: 0 publish_weight: 1 sync_weight: 2 # = Email = # # Settings that allow the system to send email. It is recommended that # the system relay through a local MTA on the machine. Pulp does not retry in # case of error, so it is important to have a real MTA available locally. # # If there is a need to test email sending, it is recommended to run this: # $ python -m smtpd -n -c DebuggingServer localhost:1025 # which will write each message to stdout. # # host: host name of the MTA pulp should relay through # # port: destination port to connect on # # from: the "From" address of each email the system sends # # enabled: booleanl controls whether or not emails will be sent [email] host: localhost port: 25 from: no-reply@your.domain enabled: false