Сравнение конфигурационных файлов

В разделе приведено сравнение параметров конфигурационных файлов модулей osmax-core и osmax-provisioner для текущей и предыдущей версий продукта, где:

  • строки с символом «-», выделенные желтым цветом — устаревшие названия параметров/комментариев, которые были частично изменены, полностью заменены или удалены в текущей версии продукта;

  • строки с символом «+», выделенные бледно-зеленым цветом — обновленные названия параметров/комментариев, актуальные для текущей версии продукта;

  • строки с символом «+», выделенные зеленым цветом — новые строки в файле, появившиеся в текущей версии продукта.

  • дополнительно:

    • розовым цветом подсвечены измененные/удаленные элементы;

    • ярко-зеленым цветом подсвечены новые элементы.

Описание параметров см. в разделах «Конфигурация модуля osmax-core» и «Конфигурация модуля osmax-provisioner» соответственно.
Конфигурационный файл модуля osmax-core
application.properties.1.10.0 → application.properties.1.11.0
@@ -1,430 +1,443 @@
1
1
  ## This is an example of `application.properties` file as main configuration file for osmax-core backend
2
2
 
3
3
  ###############################################################################
4
4
  # HTTP server properties section #
5
5
  ###############################################################################
6
6
 
7
7
  ## Main application port
8
8
  quarkus.http.port=8081
9
9
 
10
+ ## HTTP body limit, can be changed to big files uploading
11
+ quarkus.http.limits.max-body-size=10M
12
+
10
13
  ## SSL configuration section.
11
14
  ## To enable serving requests via HTTPS uncomment the following parameters:
12
15
  #quarkus.http.insecure-requests=disabled
13
16
  #quarkus.http.ssl-port=8081
14
17
  #quarkus.http.ssl.certificate.key-store-file=/opt/osmax-core/keystore.jks
15
18
  #quarkus.http.ssl.certificate.key-store-password=keystore@12345
16
19
 
17
20
  ###############################################################################
18
21
  # Authentication & Authorization section #
19
22
  ###############################################################################
20
23
 
21
24
  ## Enable/disable authentication
22
25
  osmax.application.auth.disabled=false
23
26
  ## Enables kerberos authentication debug mode
24
27
  #quarkus.kerberos.debug=true
25
28
  ## There are 2 alternative options for the kerberos credentials [principal realm, name and password] defining:
26
29
  ## 1) via direct defining;
27
30
  ## 2) via keytab file path defining
28
31
  ##
29
32
  ## Direct kerberos credentials defining:
30
33
  quarkus.kerberos.service-principal-name=lcm_backend_svc
31
34
  quarkus.kerberos.service-principal-realm=my.domain.com
32
35
  quarkus.kerberos.service-principal-password=Password123
33
36
  ## Path to keytab:
34
37
  #quarkus.kerberos.keytab-path=/opt/osmax-core/my_file.keytab
35
38
 
36
39
  ## Old deprecated authorization based on LDAP-groups only
37
40
  ## List of LDAP groups whose users are authorized in Admin Console
38
41
  #osmax.authorization.user-groups-white-list[0]=CN=testGroup,CN=Users,DC=inno,DC=test
39
42
 
40
43
  # New RBAC
41
44
  osmax.authorization.rbac.enabled=false
42
45
  # The following users will be mapped to the superuser role when the application starts
43
46
  #osmax.authorization.rbac.super-users[0]=alice@INNO.TEST
44
47
  #osmax.authorization.rbac.super-users[1]=bob@INNO.TEST
45
48
 
46
49
  ###############################################################################
47
50
  # Database properties section #
48
51
  ###############################################################################
49
52
 
50
53
  ## Main datasource
51
54
  quarkus.datasource."lcm-db".username=lcm
52
55
  quarkus.datasource."lcm-db".password=password
53
56
  quarkus.datasource."lcm-db".reactive.url=postgresql://localhost:5432/lcm
54
57
  ## If you need to specify default DB schema use the syntax below
55
58
  #quarkus.datasource."lcm-db".reactive.url=postgresql://localhost:5432/lcm?search_path=lcm_schema_name
56
59
 
60
+ ## If you need to specify few datasource connections for load-balancing or work with clustered db use the syntax below
61
+ #quarkus.datasource."lcm-db".reactive.url=postgresql://host1:5432/lcm,postgresql://host2:5432/lcm,postgresql://host3:5432/lcm
62
+ ## Or this can also be written with indexed property syntax
63
+ #quarkus.datasource."lcm-db".reactive.url[0]=postgresql://host1:5432/lcm
64
+ #quarkus.datasource."lcm-db".reactive.url[1]=postgresql://host2:5432/lcm
65
+ #quarkus.datasource."lcm-db".reactive.url[2]=postgresql://host3:5432/lcm
66
+
57
67
  ## Main datasource Liquibase config
58
68
  quarkus.datasource."lcm-db".jdbc.url=jdbc:postgresql://localhost:5432/lcm
59
69
  quarkus.liquibase."lcm-db".default-schema-name=lcm
60
70
  quarkus.liquibase."lcm-db".migrate-at-start=True
61
71
 
62
72
  ## Readonly datasource
63
73
  quarkus.datasource."lcm-db-readonly".username=readonly
64
74
  quarkus.datasource."lcm-db-readonly".password=password
65
75
  quarkus.datasource."lcm-db-readonly".reactive.url=postgresql://localhost:5432/lcm
66
76
  quarkus.datasource."lcm-db-readonly".jdbc.url=jdbc:postgresql://localhost:5432/lcm
67
77
 
68
78
  ###############################################################################
69
79
  # Hardware inventory properties section #
70
80
  ###############################################################################
71
81
 
72
- # Schedule for collections pillars synchronization with S3 (quartz cron format)
73
- # [At second :00, every 15 minutes starting at minute :00, of every hour]
74
- osmax.inventory.job.sync-collection-pillars.cron.expr=0 0/15 * ? * * *
75
-
76
82
  # Remote operation orders
77
83
  # Every 10 minutes
78
84
  osmax.inventory.job.remote-operation-expired-orders.cron.expression=0 */10 * ? * *
79
85
 
80
86
  # Schedule for checking dynamic machine collections refresh executing time (quartz cron format), every 2 min
81
87
  osmax.inventory.job.dynamic-collections-refresh-executing-time.cron.expr=0 */2 * ? * *
82
88
  # Splay value in seconds for one-time task of dynamic machine collections refresh
83
89
  osmax.inventory.job.dynamic-collections-refresh.splay=10
84
90
 
85
91
  # Schedule for starting entity cleanup tasks (quartz cron format)
86
92
  # Every 2 minutes
87
93
  osmax.inventory.job.cleanup-tasks-starter-scheduler.cron.expr=0 */2 * ? * *
88
94
 
89
95
  # Determines the maximum amount of machine custom attributes in one section
90
96
  osmax.inventory.machine-attribute.section.size=20
91
97
 
92
98
  # Determines the maximum amount of user custom attributes in one section
93
99
  osmax.inventory.user-attribute.section.size=20
94
100
 
95
101
  # The number of minutes since the last agent activity before the device goes into "Offline" status
96
102
  osmax.inventory.settings.agent.minutes-to-become-offline=5
97
103
  # Absolute file path to `wtmp` file which stores historical data of user logins and logouts
98
- osmax.inventory.settings.agent.user-session-file-path=/var/log/wtmp
104
+ osmax.machines.user-sessions.linux.wtmp-absolute-path=/var/log/wtmp
99
105
  # Absolute file path to `utmp` file which stores user sessions in real time
100
- osmax.inventory.settings.agent.active-user-session-file-path=/var/run/utmp
106
+ osmax.machines.user-sessions.linux.utmp-absolute-path=/var/run/utmp
101
107
  # Option, which determines the considered Salt mode (single- or multimaster), can be true or false
102
- osmax.inventory.settings.agent.multi-master-mode=true
108
+ osmax.agent-installation.settings.multi-master-mode=true
103
109
  # Absolute path, containing all files which are to be included into bootstrap script configuration archive (.tar.gz)
104
- osmax.inventory.settings.agent.bootstrap-script-config-path=/config/script-configs/bootstrap/
110
+ osmax.salt.scripts.bootstrap-script-config-path=/config/script-configs/bootstrap/
105
111
  # Optional parameters, matching salt-ssh connection settings,
106
112
  # see https://docs.saltproject.io/en/latest/ref/runners/all/salt.runners.manage.html#salt.runners.manage.bootstrap
107
- #osmax.inventory.settings.agent.bootstrap-ssh-user=
108
- #osmax.inventory.settings.agent.bootstrap-ssh-password=
109
- #osmax.inventory.settings.agent.bootstrap-ssh-private-key-path=
113
+ #osmax.agent-installation.settings.bootstrap-ssh-user=
114
+ #osmax.agent-installation.settings.bootstrap-ssh-password=
115
+ #osmax.agent-installation.settings.bootstrap-ssh-private-key-path=
110
116
 
111
117
  ###############################################################################
112
118
  # LDAP integration properties section #
113
119
  ###############################################################################
114
120
 
115
121
  #enable JNDI for the LDAP server discovery inside the MS AD domain when you define option 'osmax.inventory.ldap.datasource[i].dns-srv-record'
116
122
  quarkus.naming.enable-jndi=true
117
123
  ## Determines the page size for any ldap query
118
124
  osmax.inventory.ldap.search-page-size=200
119
125
  ## The first LDAP datasource configuration
120
126
  osmax.inventory.ldap.datasource[0].name=my.domain.com
121
127
  osmax.inventory.ldap.datasource[0].base-dn=DC=my,DC=domain,DC=com
122
128
  ## There are 2 options to set LDAP hostname pools
123
129
  ## 1) direct addresses defining
124
130
  ## 2) using DNS SRV records to discover LDAP servers from MS AS domain
125
131
  ##
126
132
  ## For the direct addresses defining of LDAP datasource please use the following options:
127
133
  ## osmax.inventory.ldap.datasource[i].host=
128
134
  ## osmax.inventory.ldap.datasource[i].port=
129
135
  ##
130
136
  ## extra hosts section is optional
131
137
  ## osmax.inventory.ldap.datasource[i].extra-hosts[j].host=
132
138
  ## osmax.inventory.ldap.datasource[i].extra-hosts[j].port=
133
139
 
134
140
  ## For the using DNS SRV records to discover LDAP servers from MS AS domain use the following options:
135
141
  ### osmax.inventory.ldap.datasource[i].dns-srv-record=
136
142
  ##
137
143
  ## example below:
138
144
  osmax.inventory.ldap.datasource[0].host=localhost
139
145
  osmax.inventory.ldap.datasource[0].port=636
140
146
  osmax.inventory.ldap.datasource[0].username=administrator@my.domain.com
141
147
  osmax.inventory.ldap.datasource[0].password=Welkom123
142
148
  ## Optional section for the LDAP datasource
143
149
  # osmax.inventory.ldap.datasource[0].connect-timeout-millis=10000
144
150
  # osmax.inventory.ldap.datasource[0].response-timeout=10000
145
151
  # osmax.inventory.ldap.datasource[0].abandon-on-timeout=true
146
152
  # osmax.inventory.ldap.datasource[0].allow-concurrent-socket-factory-use=true
147
153
 
148
154
  ## The second and subsequent LDAP datasource configurations are optional
149
155
  #osmax.inventory.ldap.datasource[1].name=my2.domain.com
150
156
  #osmax.inventory.ldap.datasource[1].base-dn=DC=my2,DC=domain,DC=com
151
157
  #osmax.inventory.ldap.datasource[1].dns-srv-record=_ldap._tcp.dc._msdcs.mydomain.com
152
158
  #osmax.inventory.ldap.datasource[1]...
153
159
 
154
160
  ## LDAPS (LDAP over SSL) parameters section.
155
161
 
156
162
  # To configure LDAPS please use the following option
157
163
  #osmax.inventory.ldap.datasource[i].ssl=...
158
164
  # There are 3 options available for this option:
159
165
  # value `false` - use this mode when you want to use LDAP without SSL (usually 389 port)
160
166
  # value `true` - use this mode when you want to use LDAPS (usually 636 port), requires path to the certificate file or truststore file
161
167
  # value `start-tls` - use this mode when you want to establish an insecure connection (usually 389 port),
162
168
  # but then to immediately use the StartTLS extended operation to convert that insecure connection to a secure one
163
169
 
164
170
  # If you want to trust all SSL certificates without direct certificate/truststore definition you can use the option
165
171
  # osmax.inventory.ldap.datasource[i].trust-all-ssl-certificates=true
166
172
 
167
173
  ## The following example shows how to configure LDAPS with certificate file definition for the datasource
168
174
  #osmax.inventory.ldap.datasource[0].ssl=true
169
175
  #osmax.inventory.ldap.datasource[0].ssl-certificate=/opt/osmax-core/samba_cert.pem
170
176
 
171
177
  ## The following example shows how to configure LDAPS with truststore file definition for the datasource
172
178
  #osmax.inventory.ldap.datasource[0].ssl=true
173
179
  #osmax.inventory.ldap.datasource[0].ssl-trust-store=/opt/osmax-core/keystore.jks
174
180
  #osmax.inventory.ldap.datasource[0].ssl-trust-store-type=PKCS12
175
181
  #osmax.inventory.ldap.datasource[0].ssl-trust-store-password=keystore@12345
176
182
 
177
183
  ## The following example shows how to configure LDAPS with truststore file definition for all datasource
178
184
  #osmax.inventory.ldap.ssl-trust-store=/opt/osmax-core/keystore.jks
179
185
  #osmax.inventory.ldap.ssl-trust-store-type=JKS
180
186
  #osmax.inventory.ldap.ssl-trust-store-password=keystore@12345
181
187
 
182
188
 
183
189
  ###############################################################################
184
190
  # Application Store properties section #
185
191
  ###############################################################################
186
192
 
187
193
  # Determines the amount of hours after which order is considered failed
188
194
  osmax.order-management.completion.time.hours=12
189
195
  # Schedule for tracking long-running orders as failed (quartz cron format)
190
196
  # [At second :00 of minute :00 of every hour]
191
197
  osmax.order-management.autocomplete.cron.expr=0 0 * ? * * *
192
198
 
193
199
  ###############################################################################
194
200
  # Kafka messages section #
195
201
  ###############################################################################
196
202
 
197
203
  ## Kafka bootstrap servers (comma separated)
198
204
  mp.messaging.connector.smallrye-kafka.bootstrap.servers=localhost:9092
199
205
  # Kafka topic name
200
206
  mp.messaging.incoming.salt-events-kafka.topic=salt-topic
201
207
  mp.messaging.outgoing.core-os-reinstallation-machines.topic=osmax-core.os.reinstallation.machines
202
208
  mp.messaging.incoming.provisioner-os-reinstallation-machine-registration-statuses.topic=osmax-provisioner.os.reinstallation.machines.registration.statuses
203
209
  mp.messaging.incoming.provisioner-os-installed-events-kafka.topic=provisioner-topic
204
210
  mp.messaging.incoming.provisioner-os-installed-events-kafka.dead-letter-queue.topic=provisioner-dlq-topic
205
211
 
206
212
  ## The provisioner-os-installed-events-kafka listener support retry strategy,
207
213
  ## default values are maxRetries=3, delay=100ms and jitter=0, to change retry settings use
208
214
  #tech.inno.lcm.provisioner.events.ProvisionerEventsListener/consume/Retry/maxRetries=0
209
215
  ## See more info https://quarkus.io/guides/smallrye-fault-tolerance#runtime-configuration
210
216
  ## and available options https://github.com/eclipse/microprofile-fault-tolerance/blob/main/api/src/main/java/org/eclipse/microprofile/faulttolerance/Retry.java
211
217
 
212
218
  ## Kafka SSL connection parameters section.
213
219
  ## To enable SSL connection mode uncomment three following parameters:
214
220
  #mp.messaging.connector.smallrye-kafka.security.protocol=SSL
215
221
  #mp.messaging.connector.smallrye-kafka.ssl.truststore.location=/etc/ssl/certs/java/cacerts
216
222
  #mp.messaging.connector.smallrye-kafka.ssl.truststore.password=changeit
217
223
  ## Optionally if the custom truststore is used:
218
224
  ## To change the format use one of JKS, JCEKS, P12, PKCS12, PFX. Default format is JKS
219
225
  #mp.messaging.connector.smallrye-kafka.ssl.truststore.type=PKCS12
220
226
 
221
227
  ## To enable mutual TLS connection mode uncomment three following parameters, along with configuration above:
222
228
  #mp.messaging.connector.smallrye-kafka.ssl.keystore.location=/opt/osmax-core/keystore.jks
223
229
  #mp.messaging.connector.smallrye-kafka.ssl.keystore.password=keystore@12345
224
230
  ## Optionally if the custom keystore is used:
225
231
  ## To change the format use one of JKS, JCEKS, P12, PKCS12, PFX. Default format is JKS
226
232
  #mp.messaging.connector.smallrye-kafka.ssl.keystore.type=PKCS12
227
233
 
228
234
  ###############################################################################
229
235
  # REST clients common configuration #
230
236
  ###############################################################################
231
237
 
232
238
  ## SSL connection parameters sections.
233
239
  ## To enable accessing REST endpoints via HTTPS uncomment two following parameters:
234
240
  #quarkus.rest-client.trust-store=/etc/ssl/certs/java/cacerts
235
241
  #quarkus.rest-client.trust-store-password=changeit
236
242
  ## Optionally if the custom truststore is used:
237
243
  ## To change the format use one of JKS, JCEKS, P12, PKCS12, PFX. Default format is JKS
238
244
  #quarkus.rest-client.trust-store-type=PKCS12
239
245
  ## For disabling SSL connection verification you can use option below
240
246
  #quarkus.rest-client.remote-access.trust-all=true
241
247
 
242
248
  ###############################################################################
243
249
  # SaltStack integration section #
244
250
  ###############################################################################
245
251
 
246
252
  osmax.salt-adapter.command-runner.http-scheme=http
247
253
  osmax.salt-adapter.command-runner.master-api-port=8000
248
254
  osmax.salt-adapter.command-runner.global-auth.eauth=pam
249
255
  osmax.salt-adapter.command-runner.global-auth.login=salt_api
250
256
  osmax.salt-adapter.command-runner.global-auth.password=123
251
257
  osmax.salt-adapter.command-runner.retry.number-of-attempts=5
252
258
  osmax.salt-adapter.command-runner.retry.initial-back-off=1s
253
259
  osmax.salt-adapter.command-runner.retry.max-back-off=1s
254
260
 
255
261
  ## Salt masters configuration section.
256
262
  ## Optional, this section should be used when backend server can't resolve salt master by DNS name
257
263
  #osmax.salt-adapter.command-runner.override-masters[0].id=salt-master1
258
264
  #osmax.salt-adapter.command-runner.override-masters[0].uri=http://192.168.0.1:8000
259
265
 
260
266
  ## The second and other Salt masters can be configured in the same way
261
267
  #osmax.salt-adapter.command-runner.override-masters[1].id=salt-master2
262
268
  #osmax.salt-adapter.command-runner.override-masters[1].uri=http://192.168.0.2:8000
263
269
 
264
270
  ###############################################################################
265
271
  # Remote access service integration section #
266
272
  ###############################################################################
267
273
 
268
274
  # URL to the guacamole remote access service
269
275
  quarkus.rest-client.remote-access.url=https://guacamole-host.net:9099/guacamole
270
276
  # for an advanced configuration of the quarkus REST client to the guacamole service you can set up the following settings group
271
277
  # Timeout specified in milliseconds to wait to connect to the remote endpoint.
272
278
  #quarkus.rest-client.remote-access.connect-timeout=<millis>
273
279
  # Timeout specified in milliseconds to wait for a response from the remote endpoint.
274
280
  #quarkus.rest-client.remote-access.read-timeout=<millis>
275
281
  #quarkus.rest-client.remote-access.trust-store
276
282
  #quarkus.rest-client.remote-access.trust-store-password
277
283
  #quarkus.rest-client.remote-access.trust-store-type
278
284
  #quarkus.rest-client.remote-access.key-store
279
285
  #quarkus.rest-client.remote-access.key-store-password
280
286
  #quarkus.rest-client.remote-access.key-store-type
281
287
  #quarkus.rest-client.remote-access.hostname-verifier
282
288
  #quarkus.rest-client.remote-access.connection-ttl
283
289
  #and others
284
290
  #quarkus.rest-client.remote-access.***
285
291
 
286
292
  # system account login for the guacamole remote access service
287
293
  osmax.inventory.remote-access.username=admin
288
294
  # system account login password for the guacamole remote access service
289
295
  osmax.inventory.remote-access.password=password
290
296
 
291
297
  ###############################################################################
292
298
  # S3 integration section #
293
299
  ###############################################################################
294
300
 
295
301
  # contains a list of S3 server URIs
296
302
  osmax.salt-adapter.s3.server-uri-list=http://localhost:9000,http://localhost:9900
297
303
  ## To enable SSL connection mode replace 'osmax.salt-adapter.s3.server-uri-list' parameter with following value:
298
304
  #osmax.salt-adapter.s3.server-uri-list=https://localhost:9000,https://localhost:9900
299
305
  osmax.salt-adapter.s3.access-key-id=s3adminSalt
300
306
  osmax.salt-adapter.s3.secret-access-key=s3adminSaltPassword
301
307
  osmax.salt-adapter.s3.region=ru-location-1
302
308
  osmax.salt-adapter.s3.connection-timeout=1s
303
309
  osmax.salt-adapter.s3.num-retries=3
304
310
  osmax.salt-adapter.s3.initial-retry-delay-millis=100
305
311
  osmax.salt-adapter.s3.max-retry-delay-millis=1000
306
312
  osmax.salt-adapter.s3.state-bucket-name=salt-bucket
307
313
  osmax.salt-adapter.s3.pillar-bucket-name=pillar-bucket
308
314
  osmax.salt-adapter.s3.script-bucket-name=script-bucket
309
315
 
310
316
  ###############################################################################
311
317
  # Multimedia service section #
312
318
  ###############################################################################
313
319
 
314
320
  # contains a list of S3 server URIs
315
321
  osmax.multimedia.s3.server-uri-list=http://localhost:9000,http://localhost:9900
316
322
  ## To enable SSL connection mode replace 'osmax.multimedia.s3.server-uri-list' parameter with following value:
317
323
  #osmax.multimedia.s3.server-uri-list=https://localhost:9000,https://localhost:9900
318
324
  osmax.multimedia.s3.access-key-id=s3adminMultimedia
319
325
  osmax.multimedia.s3.secret-access-key=s3adminMultimediaPassword
320
326
  osmax.multimedia.s3.region=ru-location-1
321
327
  osmax.multimedia.s3.connection-timeout=1s
322
328
  osmax.multimedia.s3.num-retries=3
323
329
  osmax.multimedia.s3.initial-retry-delay-millis=100
324
330
  osmax.multimedia.s3.max-retry-delay-millis=1000
325
331
  osmax.multimedia.s3.icons-bucket-name=multimedia-bucket
326
332
  osmax.multimedia.s3.images-bucket-name=multimedia-bucket
327
333
  osmax.multimedia.s3.others-bucket-name=multimedia-bucket
328
334
  osmax.multimedia.s3.script-bucket-name=script-bucket
329
335
  osmax.multimedia.common.max-file-size-kb=1024
330
336
  osmax.multimedia.common.download-token-ttl-seconds=3600
331
337
  osmax.multimedia.common.expired-tokens-deletion-cron=0 0 * ? * *
332
338
  # Contains current nginx frontend uri, used to form bootstrap script installation link
333
339
  osmax.multimedia.common.frontend-uri=http://localhost:8081
334
340
 
335
341
  ###############################################################################
336
342
  # Configurations manager section #
337
343
  ###############################################################################
338
344
 
339
345
  # Determines maximum amount of categories per one configuration
340
346
  osmax.catalog.category.configuration-limit=5
341
347
  # Determines total amount of categories
342
348
  osmax.catalog.category.total-limit=15
343
349
  # Determines maximum salt-agent installation script file size in megabytes
344
350
  osmax.catalog.script.max-script-size-mbytes=10
345
351
  # Determines allowed interval in milliseconds between comparing dates
346
352
  # Under this interval the two dates will be considered equal
347
- osmax.catalog.common.dates-comparing-accuracy-millis=100
353
+ # Deprecated since 1.11.0
354
+ # osmax.catalog.common.dates-comparing-accuracy-millis=100
355
+ # use osmax.optimistic-locks.dates-comparing-accuracy-millis
348
356
 
349
357
  ###############################################################################
350
358
  # Software inventory section #
351
359
  ###############################################################################
352
360
  # Base directory for executable files scan
353
361
  osmax.inventory.software.executable-files.base-path-scan=/home/
354
362
  # Comma separated sections list which packages will be ignored
355
363
  osmax.inventory.software.packages.sections-blacklist=libs,non-free/libs,devel
356
364
 
357
365
  ###############################################################################
358
366
  # Logging section #
359
367
  ###############################################################################
360
368
 
361
369
  # Common logging config
362
370
  quarkus.log.file.enable=true
363
371
  quarkus.log.json.file.enable=true
364
372
  quarkus.log.json.console.enable=false
365
373
 
366
374
  # File logging config
367
375
  quarkus.log.file.path=/var/log/osmax/core/osmax-core.log
368
376
  quarkus.log.file.rotation.max-file-size=10M
369
377
  quarkus.log.file.rotation.max-backup-index=5
370
378
  quarkus.log.file.rotation.file-suffix=.yyyy-MM-dd.gz
371
379
 
372
380
  # Json format config
373
381
  quarkus.log.json.fields.mdc.flat-fields=true
374
382
  quarkus.log.json.fields.timestamp.date-format=yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
375
383
  quarkus.log.json.fields.timestamp.zone-id=UTC
376
384
 
377
385
  # Audit logging config
378
386
  quarkus.log.handler.file.audit-handler.enable=true
379
387
  quarkus.log.handler.file.audit-handler.path=/var/log/osmax/core/audit-osmax-core.log
380
388
  quarkus.log.handler.file.audit-handler.rotation.max-file-size=10M
381
389
  quarkus.log.handler.file.audit-handler.rotation.max-backup-index=50
382
390
  quarkus.log.handler.file.audit-handler.rotation.file-suffix=.yyyy-MM-dd
383
391
 
384
392
  quarkus.log.category."AUDIT".level=INFO
385
393
  quarkus.log.category."AUDIT".handlers=audit-handler
386
394
  quarkus.log.category."AUDIT".use-parent-handlers=false
387
395
 
388
396
  ###############################################################################
389
397
  # Debug section #
390
398
  # Enable all logging events via environment variable `QUARKUS_PROFILE=debug` #
391
399
  # or delete `%debug.` prefix #
392
400
  ###############################################################################
393
401
 
394
402
  # HTTP server access logs (uri + status)
395
403
  %debug.quarkus.http.access-log.enabled=true
396
404
 
397
405
  # Internal rest-client
398
406
  %debug.quarkus.rest-client.logging.scope=request-response
399
407
  %debug.quarkus.rest-client.logging.body-limit=500
400
408
  %debug.quarkus.log.category."org.jboss.resteasy.reactive.client.logging".level=DEBUG
401
409
  %debug.quarkus.log.category."org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext".level=DEBUG
402
410
 
403
411
  # SaltStack events
404
412
  %debug.quarkus.log.category."tech.inno.lcm.salt.events".level=DEBUG
405
413
 
406
414
  # All backend services
407
415
  %debug.quarkus.log.category."tech.inno.lcm".level=DEBUG
408
416
 
409
417
  # Kerberos
410
418
  %debug.quarkus.kerberos.debug=true
411
419
  %debug.quarkus.log.category."io.quarkiverse.kerberos.runtime.KerberosIdentityProvider".level=TRACE
412
420
  %debug.quarkus.log.category."io.quarkiverse.kerberos.runtime.KerberosIdentityProvider".min-level=TRACE
413
421
 
414
422
  # AWS client
415
423
  %debug.quarkus.log.category."software.amazon.awssdk.request".level=DEBUG
416
424
 
417
425
  ###############################################################################
418
426
  # Quarkus framework section #
419
427
  ###############################################################################
420
428
 
421
429
  # application is run under specific user, those settings allow not clashing with other quarkus apps on the same server
422
430
  quarkus.http.body.uploads-directory=${java.io.tmpdir}/osmax_core_uploads
423
431
  quarkus.management.body.uploads-directory=${java.io.tmpdir}/osmax_core_uploads
424
432
 
425
433
  ###############################################################################
426
434
  # Locks section #
427
435
  ###############################################################################
428
436
  osmax.pessimistic-locks.enabled=true
429
437
  osmax.pessimistic-locks.auto-unlock.threshold.seconds=3600
430
- osmax.pessimistic-locks.auto-unlock.job.interval.seconds=600
438
+ osmax.pessimistic-locks.auto-unlock.job.interval.seconds=600
439
+
440
+ osmax.optimistic-locks.enabled=true
441
+ # Determines allowed interval in milliseconds between comparing dates
442
+ # Under this interval the two dates will be considered equal hen checking optimistic lock by date
443
+ #osmax.optimistic-locks.dates-comparing-accuracy-millis=100
Конфигурационный файл модуля osmax-provisioner
application.properties.1.10.0 → application.properties.1.11.0
@@ -1,207 +1,214 @@
1
1
  ## This is an example of `application.properties` file as main configuration file for osmax-provisioner backend
2
2
 
3
3
  ###############################################################################
4
4
  # HTTP server properties section #
5
5
  ###############################################################################
6
6
 
7
7
  ## Main application port
8
8
  quarkus.http.port=8082
9
9
 
10
10
  ###############################################################################
11
11
  # SSL configuration section. #
12
12
  ###############################################################################
13
13
 
14
14
  ## To enable serving requests via HTTPS uncomment the following parameters:
15
15
  #quarkus.http.insecure-requests=disabled
16
16
  #quarkus.http.ssl-port=8082
17
17
  #quarkus.http.ssl.certificate.key-store-file=/opt/osmax-provisioner/keystore.jks
18
18
  #quarkus.http.ssl.certificate.key-store-password=keystore@12345
19
19
 
20
20
  ###############################################################################
21
21
  # REST clients common configuration #
22
22
  ###############################################################################
23
23
 
24
24
  ## SSL connection parameters sections.
25
25
  ## To enable accessing REST endpoints via HTTPS uncomment two following parameters:
26
26
  #quarkus.rest-client.trust-store=/etc/ssl/certs/java/cacerts
27
27
  #quarkus.rest-client.trust-store-password=changeit
28
28
  ## Optionally if the custom truststore is used:
29
29
  ## To change the format use one of JKS, JCEKS, P12, PKCS12, PFX. Default format is JKS
30
30
  #quarkus.rest-client.trust-store-type=PKCS12
31
31
  ## For disabling SSL connection verification you can use option below
32
32
  #quarkus.rest-client.remote-access.trust-all=true
33
33
 
34
34
  ###############################################################################
35
35
  # Security section #
36
36
  ###############################################################################
37
37
 
38
38
  ## Enable/disable authentication
39
39
  osmax.provisioner.security.authentication.enabled=true
40
40
 
41
41
  ## Enable/disable role-based authorization
42
42
  osmax.provisioner.security.rbac.enabled=false
43
43
 
44
44
  ## osmax-core base url (source of user permissions info)
45
45
  # Should be set even if osmax.provisioner.security.rbac.enabled is false
46
46
  # To enable access via HTTPS use corresponding prefix in base url
47
47
  # and configure REST client using REST clients common configuration section above
48
48
  quarkus.rest-client."tech.inno.lcm.provisioner.common.security.OsmaxPermissionsService".url=<osmax-core base url>
49
49
 
50
50
  ## Kerberos authentication configuration section
51
51
  ## There are 2 alternative options for defining Kerberos credentials [principal realm, name and password]:
52
52
  ## 1) via setting values in properties directly
53
53
  ## 2) via setting path to keytab file
54
54
  ##
55
55
  ## Direct Kerberos credentials definition:
56
56
  quarkus.kerberos.service-principal-name=<service_principal_name>
57
57
  quarkus.kerberos.service-principal-realm=<service.domain>
58
58
  quarkus.kerberos.service-principal-password=<service_principal_password>
59
59
  ## Direct Kerberos credentials definition for REST client, reuse service settings:
60
60
  kerberos-client.user-principal-name=${quarkus.kerberos.service-principal-name}
61
61
  kerberos-client.user-principal-password=${quarkus.kerberos.service-principal-password}
62
62
  kerberos-client.user-principal-realm=${quarkus.kerberos.service-principal-realm}
63
63
  kerberos-client.service-principal-name=${quarkus.kerberos.service-principal-name}
64
64
  ## Kerberos keytab file definition:
65
65
  #quarkus.kerberos.keytab-path=</path/to/keytab/file>
66
66
  #kerberos-client.keytab-path=</path/to/keytab/file>
67
67
  ## Enables Kerberos authentication debug mode
68
68
  #quarkus.kerberos.debug=true
69
69
  #kerberos-client.debug=true
70
70
  ## REST client debug
71
71
  #quarkus.rest-client.logging.scope=request-response
72
72
  #quarkus.rest-client.logging.body-limit=50
73
73
  #quarkus.log.category."org.jboss.resteasy.reactive.client.logging".level=DEBUG
74
74
 
75
75
  ###############################################################################
76
76
  # Database properties section #
77
77
  ###############################################################################
78
78
 
79
79
  ## Common configuration for datasources
80
80
  quarkus.datasource.username=<db-username>
81
81
  quarkus.datasource.password=<db-password>
82
82
  ## Reactive datasource configuration for app
83
83
  quarkus.datasource.reactive.url=postgresql://<db-host>:<db-port>/<db-name>
84
84
  ## Datasource configuration for Liquibase
85
85
  quarkus.datasource.jdbc.url=jdbc:postgresql://<db-host>:<db-port>/<db-name>
86
86
 
87
+ ## If you need to specify multiple datasource connections for load-balancing or working with clustered db use the syntax below
88
+ #quarkus.datasource."osmax_provisioner_db".reactive.url=postgresql://host1:5432/lcm_provisioner,postgresql://host2:5432/lcm_provisioner,postgresql://host3:5432/lcm_provisioner
89
+ ## Or this can also be written with indexed property syntax
90
+ #quarkus.datasource."osmax_provisioner_db".reactive.url[0]=postgresql://host1:5432/lcm_provisioner
91
+ #quarkus.datasource."osmax_provisioner_db".reactive.url[1]=postgresql://host2:5432/lcm_provisioner
92
+ #quarkus.datasource."osmax_provisioner_db".reactive.url[2]=postgresql://host3:5432/lcm_provisioner
93
+
87
94
  ## Liquibase parameters which are used in changelog files
88
95
  quarkus.liquibase.change-log-parameters.index_tablespace=pg_default
89
96
  quarkus.liquibase.change-log-parameters.data_tablespace=pg_default
90
97
  quarkus.liquibase.change-log-parameters.installation_distro_repository_url=http://<astra-linux-repository-location>
91
98
  quarkus.liquibase.change-log-parameters.installation_distro_kernel=</path/to/kernel>
92
99
  quarkus.liquibase.change-log-parameters.installation_distro_initrd=</path/to/initrd>
93
100
  quarkus.liquibase.change-log-parameters.distro_repository_hostname=<astra-linux-repository-location>
94
101
  quarkus.liquibase.change-log-parameters.distro_repository_directory=</path/to/repository>
95
102
 
96
103
  ###############################################################################
97
104
  # Template engine properties section #
98
105
  ###############################################################################
99
106
 
100
107
  ## To specify custom template placeholders which can be used in Jinja templates use a key-value format like
101
108
  ## 'osmax.provisioner.template-engine.template-placeholders.my_custom_placeholder=my-value-for-custom-placeholder'
102
109
  ## Be aware that specified custom template placeholders
103
110
  ## should be used in exact format as they are specified in this configuration
104
111
  ## To enable SSL connection mode replace
105
112
  ## 'osmax.provisioner.template-engine.template-placeholders.osmax_provisioner_base_url' parameter with following value:
106
113
  #osmax.provisioner.template-engine.template-placeholders.osmax_provisioner_base_url=https://<osmax-provisioner-host>:<port>
107
114
  osmax.provisioner.template-engine.template-placeholders.osmax_provisioner_base_url=http://<osmax-provisioner-host>:<port>
108
115
  osmax.provisioner.template-engine.template-placeholders.unattended_install_file_url=/v1/unattended_install_files
109
116
  osmax.provisioner.template-engine.template-placeholders.repository_cert_url=</path/to/certificate>
110
117
 
111
118
  ###############################################################################
112
119
  # Installation process properties section #
113
120
  ###############################################################################
114
121
 
115
122
  osmax.provisioner.installation-process.steps.READY_TO_INSTALL=\u0413\u043E\u0442\u043E\u0432\u043E \u043A \u0443\u0441\u0442\u0430\u043D\u043E\u0432\u043A\u0435
116
123
  osmax.provisioner.installation-process.steps.IN_PROCESS_EARLY=\u0417\u0430\u043F\u0443\u0449\u0435\u043D \u043F\u0440\u043E\u0446\u0435\u0441\u0441 \u0443\u0441\u0442\u0430\u043D\u043E\u0432\u043A\u0438 Astra Linux SE
117
124
  osmax.provisioner.installation-process.steps.INSTALL_ERROR_KERNEL=\u041E\u0448\u0438\u0431\u043A\u0430 \u043F\u043E\u043B\u0443\u0447\u0435\u043D\u0438\u044F \u0444\u0430\u0439\u043B\u0430 kernel
118
125
  osmax.provisioner.installation-process.steps.INSTALL_ERROR_INITRD=\u041E\u0448\u0438\u0431\u043A\u0430 \u043F\u043E\u043B\u0443\u0447\u0435\u043D\u0438\u044F \u0444\u0430\u0439\u043B\u0430 initrd
119
126
  osmax.provisioner.installation-process.steps.INSTALL_ERROR_BOOT=\u041E\u0448\u0438\u0431\u043A\u0430 \u0437\u0430\u0433\u0440\u0443\u0437\u043A\u0438 \u044F\u0434\u0440\u0430
120
127
  osmax.provisioner.installation-process.steps.FINISHED=\u041E\u0421 \u0443\u0441\u0442\u0430\u043D\u043E\u0432\u043B\u0435\u043D\u0430
121
128
 
122
129
  osmax.provisioner.installation-process.machine-export.scheduler-cron-expression=0 */10 * ? * *
123
130
  osmax.provisioner.installation-process.machine-export.batch-size=100
124
131
 
125
132
  ###############################################################################
126
133
  # Scheduler properties section
127
134
  ###############################################################################
128
135
 
129
136
  osmax.provisioner.scheduler.polling-interval=10s
130
137
 
131
138
  ###############################################################################
132
139
  # S3 integration section #
133
140
  ###############################################################################
134
141
 
135
142
  ## S3 server configuration
136
143
  ## To enable SSL connection mode replace 'osmax.provisioner.s3.server-uri' parameter with following value:
137
144
  #osmax.provisioner.s3.server-uri=https://<s3-host>:<s3-port>
138
145
  osmax.provisioner.s3.server-uri=http://<s3-host>:<s3-port>
139
146
  osmax.provisioner.s3.access-key-id=<s3-access-key-id>
140
147
  osmax.provisioner.s3.secret-access-key=<s3-secret-access-key>
141
148
  osmax.provisioner.s3.region=ru-location-1
142
149
 
143
150
  ## Path to ISO images bucket where generated ISO images will be located
144
151
  osmax.provisioner.s3.bootable-images-bucket-name=os-installation-iso-images-bucket
145
152
 
146
153
  ###############################################################################
147
154
  # Kafka integration section #
148
155
  ###############################################################################
149
156
 
150
157
  mp.messaging.connector.smallrye-kafka.bootstrap.servers=localhost:19092
151
158
  mp.messaging.outgoing.machine-installation-status.topic=provisioner-topic
152
159
  mp.messaging.incoming.reinstallation-machines-import.topic=osmax-core.os.reinstallation.machines
153
160
  mp.messaging.outgoing.reinstallation-machines-import-result.topic=osmax-provisioner.os.reinstallation.machines.registration.statuses
154
161
 
155
162
  ## Kafka SSL connection parameters section.
156
163
  ## To enable SSL connection mode uncomment three following parameters:
157
164
  #mp.messaging.connector.smallrye-kafka.security.protocol=SSL
158
165
  #mp.messaging.connector.smallrye-kafka.ssl.truststore.location=/etc/ssl/certs/java/cacerts
159
166
  #mp.messaging.connector.smallrye-kafka.ssl.truststore.password=changeit
160
167
  ## Optionally if the custom truststore is used:
161
168
  ## To change the format use one of JKS, JCEKS, P12, PKCS12, PFX. Default format is JKS
162
169
  #mp.messaging.connector.smallrye-kafka.ssl.truststore.type=PKCS12
163
170
 
164
171
  ## To enable mutual TLS connection mode uncomment three following parameters, along with configuration above:
165
172
  #mp.messaging.connector.smallrye-kafka.ssl.keystore.location=/opt/osmax-provisioner/keystore.jks
166
173
  #mp.messaging.connector.smallrye-kafka.ssl.keystore.password=keystore@12345
167
174
  ## Optionally if the custom keystore is used:
168
175
  ## To change the format use one of JKS, JCEKS, P12, PKCS12, PFX. Default format is JKS
169
176
  #mp.messaging.connector.smallrye-kafka.ssl.keystore.type=PKCS12
170
177
 
171
178
  ###############################################################################
172
179
  # Logging section #
173
180
  ###############################################################################
174
181
 
175
182
  # Common logging config
176
183
  quarkus.log.file.enable=true
177
184
  quarkus.log.json.file.enable=true
178
185
  quarkus.log.json.console.enable=false
179
186
 
180
187
  # Json log format config
181
188
  quarkus.log.json.fields.mdc.flat-fields=true
182
189
  quarkus.log.json.fields.timestamp.date-format=yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
183
190
  quarkus.log.json.fields.timestamp.zone-id=UTC
184
191
 
185
192
  # File logging config
186
193
  quarkus.log.file.path=/var/log/osmax/provisioner/osmax-provisioner.log
187
194
  quarkus.log.file.rotation.max-file-size=10M
188
195
  quarkus.log.file.rotation.max-backup-index=5
189
196
  quarkus.log.file.rotation.file-suffix=.yyyy-MM-dd.gz
190
197
 
191
198
  # Audit logging config
192
199
  quarkus.log.handler.file.audit-handler.enable=true
193
200
  quarkus.log.handler.file.audit-handler.path=/var/log/osmax/provisioner/audit-osmax-provisioner.log
194
201
  quarkus.log.handler.file.audit-handler.rotation.max-file-size=10M
195
202
  quarkus.log.handler.file.audit-handler.rotation.max-backup-index=50
196
203
  quarkus.log.handler.file.audit-handler.rotation.file-suffix=.yyyy-MM-dd
197
204
  quarkus.log.category."AUDIT".level=INFO
198
205
  quarkus.log.category."AUDIT".handlers=audit-handler
199
206
  quarkus.log.category."AUDIT".use-parent-handlers=false
200
207
 
201
208
  # Universal boot image paths
202
209
  osmax.provisioner.universal-boot-image.ipxe_lkrn_url=insert-your-path
203
210
  osmax.provisioner.universal-boot-image.isohdpxf_bin_url=insert-your-path
204
211
  osmax.provisioner.universal-boot-image.isolinux_bin_url=insert-your-path
205
212
  osmax.provisioner.universal-boot-image.ldlinux_c32_url=insert-your-path
206
213
  osmax.provisioner.universal-boot-image.menu_c32_url=insert-your-path
207
214
  osmax.provisioner.universal-boot-image.ipxe_x86_64_efi_url=insert-your-path