recordsansible/ara-collection
Code Issues Proposed changes
ara-collection/roles/ara_api/defaults/main.yaml
Jeffrey van Pelt 17d360c30e
ara_api: Add conjobs 
Create cron tasks to clean up old stuff from ARA, disabled by default but can be enabled if desired

Change-Id: I8d54a2649bb7b82298d73b5d9b89a857807f6d1e
2021-02-24 10:18:11 -05:00

220 lines
8.5 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
# Copyright (c) 2019 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA Records Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA Records Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
# By default, tasks in this role that could result in configuration or
# credentials being printed by Ansible are set up to hide the output to prevent
# sensitive information from being exposed.
# Setting ara_api_secure_logging to false will make Ansible print the raw,
# unfiltered result of these tasks.
# Note that it does not have any impact on tasks that are recorded by ARA.
# It is only for the output when running this specific role.
ara_api_secure_logging: true
# Root directory where every file for the ARA installation are located
ara_api_root_dir: "{{ ansible_user_dir }}/.ara"
# Directory where logs are written to
ara_api_log_dir: "{{ ara_api_root_dir }}/logs"
# Whether or not ara should be installed in a virtual environment.
# This defaults to true to prevent conflicting with system or distribution
# python packages.
ara_api_venv: true
# When using a virtualenv, path to where it will be installed
ara_api_venv_path: "{{ ara_api_root_dir }}/virtualenv"
# How ARA will be installed
# - source [default]: installs from a local or remote git repository
# - distribution: installs from distribution packages, if available
# - pypi [planned]: installs from pypi
ara_api_install_method: source
# When installing from source, the URL or filesystem path where the git source
# repository can be cloned from.
ara_api_source: "https://opendev.org/recordsansible/ara"
# When installing from source, location where the source repository will be checked out to.
ara_api_source_checkout: "{{ ara_api_root_dir }}/git/ara"
# Version of ARA to install
# When installing from source, this can be a git ref (tag, branch, commit, etc)
# When installing from PyPi, it would be a version number that has been released.
# When using "latest" as the source version, HEAD will be used
# When using "latest" as the pypi version, the latest release will be used
ara_api_version: master
# The frontend/web server for serving the ARA API
# It is recommended to specify a web server when deploying a production environment.
# - null [default]: No frontend server will be set up.
# - nginx: Nginx will be configured in front of the WSGI application server.
# - apache [planned]
ara_api_frontend_server: null
# Path to a custom vhost configuration jinja template
# The vhost configuration templates provided by the role are simple by design
# and are not sufficient to cover every use cases.
# Use this variable if you need to have your own custom nginx or apache configuration.
ara_api_frontend_vhost: null
# The WSGI server for running ARA's API server
# - null [default]: No persistent WSGI application server will be set up. Only the offline API client will work.
# - gunicorn: gunicorn will be installed and set up to run the API as a systemd service.
# - mod_wsgi [planned]
ara_api_wsgi_server: null
# Address and port on which the wsgi server will bind
# Changing this value means you might need to adjust "ara_api_allowed_hosts" and
# "ara_api_cors_origin_whitelist".
ara_api_wsgi_bind: "127.0.0.1:8000"
# Amount of worker processes for the wsgi server
# Recommended default formula by gunicorn: https://docs.gunicorn.org/en/stable/design.html#how-many-workers
ara_api_wsgi_workers: "{{ ansible_processor_count * ansible_processor_cores * ansible_processor_threads_per_core * 2 + 1 }}"
# When using a frontend server, the domain or address it will be listening on
ara_api_fqdn: "{{ ansible_default_ipv4['address'] | default(ansible_default_ipv6['address']) }}"
####################################
# ara API configuration settings
# For more information, see documentation: https://ara.readthedocs.io
####################################
# ARA_BASE_DIR - Default directory for storing data and configuration
ara_api_base_dir: "{{ ara_api_root_dir }}/server"
# ARA_SETTINGS - Path to an ARA API configuration file
ara_api_settings: "{{ ara_api_base_dir }}/settings.yaml"
# ARA_ENV - Environment to load configuration for
ara_api_env: default
# ARA_READ_LOGIN_REQUIRED - Whether authentication is required for reading data
ara_api_read_login_required: false
# ARA_WRITE_LOGIN_REQUIRED - Whether authentication is required for writing data
ara_api_write_login_required: false
# ARA_PAGE_SIZE - Amount of results returned per page by the API
ara_api_page_size: 100
# ARA_LOG_LEVEL - Log level of the different components
ara_api_log_level: INFO
# ARA_LOGGING - Python logging configuration
ara_api_logging:
disable_existing_loggers: false
formatters:
normal:
format: '%(asctime)s %(levelname)s %(name)s: %(message)s'
handlers:
console:
class: logging.handlers.TimedRotatingFileHandler
formatter: normal
level: "{{ ara_api_log_level }}"
filename: "{{ ara_api_log_dir }}/server.log"
when: 'midnight'
interval: 1
backupCount: 30
loggers:
ara:
handlers:
- console
level: "{{ ara_api_log_level }}"
propagate: 0
root:
handlers:
- console
level: "{{ ara_api_log_level }}"
version: 1
# ARA_CORS_ORIGIN_ALLOW_ALL - django-cors-headerss CORS_ORIGIN_WHITELIST_ALLOW_ALL setting
ara_api_cors_origin_allow_all: false
# ARA_CORS_ORIGIN_WHITELIST - django-cors-headerss CORS_ORIGIN_WHITELIST setting
ara_api_cors_origin_whitelist:
- "http://127.0.0.1:8000"
- "http://localhost:3000"
# ARA_CORS_ORIGIN_REGEX_WHITELIST - django-cors-headerss CORS_ORIGIN_REGEX_WHITELIST setting
ara_api_cors_origin_regex_whitelist: []
# ARA_SERVER_ALLOWED_HOSTS - Djangos ALLOWED_HOSTS setting
ara_api_allowed_hosts:
- "127.0.0.1"
- "localhost"
- "::1"
- "{{ ara_api_fqdn }}"
# ARA_DEBUG - Django's DEBUG setting
# It is not recommended to run with debug enabled in production.
ara_api_debug: false
# ARA_SECRET_KEY - Django's SECRET_KEY setting
# Note: If no key is provided, a random one will be generated once and persisted
ara_api_secret_key: null
# ARA_DISTRIBUTED_SQLITE - Whether to enable distributed sqlite backend
ara_api_distributed_sqlite: false
# ARA_DISTRIBUTED_SQLITE_PREFIX - Prefix to delegate to the distributed sqlite backend
ara_api_distributed_sqlite_prefix: ara-report
# ARA_DISTRIBUTED_SQLITE_ROOT - Root under which sqlite databases are expected
ara_api_distributed_sqlite_root: /var/www/logs
# ARA_DATABASE_ENGINE - Djangos ENGINE database setting
ara_api_database_engine: "{{ ara_api_distributed_sqlite | ternary('ara.server.db.backends.distributed_sqlite', 'django.db.backends.sqlite3') }}"
# ARA_DATABASE_NAME - Djangos NAME database setting
ara_api_database_name: "{{ ara_api_base_dir }}/ansible.sqlite"
# ARA_DATABASE_USER - Djangos USER database setting
ara_api_database_user: null
# ARA_DATABASE_PASSWORD - Djangos PASSWORD database setting
ara_api_database_password: null
# ARA_DATABASE_HOST - Djangos HOST database setting
ara_api_database_host: null
# ARA_DATABASE_PORT - Djangos PORT database setting
ara_api_database_port: null
# ARA_DATABASE_CONN_MAX_AGE - Django's CONN_MAX_AGE database setting
ara_api_database_conn_max_age: 0
# ARA_TIME_ZONE - Time zone used when storing and returning results
# Note: the default provided by ARA is dynamic and is set to the local system
# timezone but Ansible doesn't provide, for example, an ansible_timezone fact
# that we could use here. With that in mind, UTC is the best default for now.
ara_api_time_zone: UTC
# ARA cleanup settings
# The following settings configure daily maintenance cronjobs
ara_api_configure_cron: false
# When configuring cronjobs, only provide the arguments for the ara CLI utility
ara_api_cleanup_crons:
- name: ara_api expire running playbooks
arguments: 'expire --server http://localhost:8000 --client http --confirm --hours 24'
special_time: 'daily' # you can also use other time arguments from the cron module
- name: ara_api prune old reports
arguments: 'playbook prune --server http://localhost:8000 --client http --confirm --days 30'
special_time: 'daily'
View Git Blame Copy Permalink