89eae7098e
* Adds support for 'anvil_resources:🐏:reserved' that can be set to a number of MiB to override the default 8192. * Adds support for 'anvil::<anvil_uuid>::resources:🐏:reserved' to allow for per-Anvil! node override on the reserved RAM default, and over the 'anvil_resources:🐏:reserved' option. Signed-off-by: digimer <mkelly@alteeve.ca>
227 lines
12 KiB
Plaintext
227 lines
12 KiB
Plaintext
### This is the main Anvil! configuration file.
|
|
|
|
# To help understand how the Anvil! is used, some features will "call home" to record anonymous information
|
|
# about a machine participating in an Anvil! system. An example is DRBD's 'usage-count' option. If you wish
|
|
# to not have this happen, set this to '1'.
|
|
sys::privacy::strong = 0
|
|
|
|
### Features
|
|
# Normally, if one node in the Anvil! is healthier than the other, it will pull the servers from the peer
|
|
# on to it. This is a process called "preventative live migration". If you would like to disable this
|
|
# feature, set this to '1'.
|
|
feature::scancore::disable::preventative-live-migration = 0
|
|
|
|
# If a node is found to be powered off, and there is no reason recorded in the database, it will be booted.
|
|
# The assumption is that an accidental power off occurred. If you would like to have nodes that power off
|
|
# stay off until manually started, set this to '0'
|
|
#feature::scancore::disable::boot-unknown-stop = 1
|
|
|
|
### Database
|
|
# Database connections;
|
|
#
|
|
# Each Anvil! database is defined below using an incrementing counter as the second variable. The value of
|
|
# the second variable is the local 'host_uuid' (via: dmidecode --string system-uuid | perl -ne 'print lc').
|
|
# This ensures that entries can be moved and copied without causing conflicts.
|
|
#
|
|
# There are six variables for each database definition;
|
|
# host = This is the (resolvable) host name or IP address of the peer database.
|
|
# port = This is the TCP port used to connect to the database. By default, it is 5432
|
|
# password = This is the password used to connect to the database.
|
|
# NOTE: Do not directly change the database password. Please use 'anvil-update-password' so that
|
|
# the WebUI, database, nodes and peers are all kept in sync.
|
|
# ping = If set, this will cause a ping to be made against the database server before the actual
|
|
# connection is attempted. This can be useful when peer dashboards are offline for extended
|
|
# periods of time. The value can be any real number and will be used as the timeout for the actual
|
|
# ping. If the peer dashboard is on the same subnet, a value of '0.25' (250ms) should be a good
|
|
# balance between giving the peer a chance to reply and not waiting too long when it is offline.
|
|
# If the peer is remote, you will want to set this to '1' (1000ms) or higher.
|
|
#
|
|
# Setting this to '0' disables pinging before connecting entirely. In this case, if the peer is
|
|
# offline, it will take about 3 seconds on average for the connection attempt to timeout. This
|
|
# might be necessary if the peer dashboard is behind a firewall/router or otherwise can't respond
|
|
# to ICMP pings.
|
|
# NOTE: The database is called 'anvil' and the database owner is 'admin'.
|
|
#database::eec27c2f-2308-4b4f-bd81-24118b53f8a3::host = localhost
|
|
#database::eec27c2f-2308-4b4f-bd81-24118b53f8a3::port = 5432
|
|
#database::eec27c2f-2308-4b4f-bd81-24118b53f8a3::password = Initial1
|
|
#database::eec27c2f-2308-4b4f-bd81-24118b53f8a3::ping = 1
|
|
|
|
# Below are the databases configured for use by this system. Please be careful manually editing them. They
|
|
# are updated by Striker and changes can be overwritten. Please do not alter or remove the 'start db list'
|
|
# and 'end db list' comments below.
|
|
### start db list ###
|
|
### end db list ###
|
|
|
|
# To keep Anvil!'s database growth in check, an auto-archive mechanism is used by some agents where, at the
|
|
# end of each scan, the number of records in the history schema for a given table are counted (restricted to
|
|
# the agent's host, when appropriate).
|
|
#
|
|
# When the number exceeds the trigger, the number of records that are archived is approximately (number of
|
|
# records above trigger + 'count'). This is not an exact number because a representative timestamp will be
|
|
# selected from the hostory schema at this count, and then any record equal to or older than the time stamp
|
|
# is removed.
|
|
#
|
|
# To protect against the potential of using too much disk space, archives are off by default. Under normal
|
|
# behaviour, old records are simple removed. To enable the archive function, set this to '1'.
|
|
#sys::database::archive::save_to_disk = 1
|
|
#
|
|
# When archiving to disk is enabled, to protect against large memory use or long archive times in the case
|
|
# where the number of records to archive are particularly large, the 'division' value is used to break up the
|
|
# archive job into "chunks". Generally speaking, the division should be greater than the count, and never be
|
|
# needed. However, if the archive process takes too long, or if the archive was triggered well above the
|
|
# trigger value, the division can help prevent using too much memory at once. If division is set to '0',
|
|
# archive jobs will never be divided.
|
|
#
|
|
# The archives are all stored in the specified directory using the name format
|
|
# '<agent>.<table>.<timestamp>.bz2' and the archives are synced between dashboards for safe keeping. Archive
|
|
# files are never removed automatically.
|
|
#
|
|
# To disable auto-archiving entirely, set 'trigger' to '0'.
|
|
#
|
|
# NOTE: If the archive directory doesn't exist, Anvil! will create it
|
|
# automatically the first time it is needed.
|
|
sys::database::archive::compress = 1
|
|
sys::database::archive::trigger = 500000
|
|
sys::database::archive::count = 100000
|
|
sys::database::archive::division = 125000
|
|
sys::database::archive::directory = /usr/local/anvil/archives/
|
|
|
|
# This puts a limit on how many queries (writes, generally) to make in a single batch transaction. This is
|
|
# useful when doing very large transacions, like resync'ing a large table, by limiting how long a given
|
|
# transaction can take and how much memory is used.
|
|
sys::database::maximum_batch_size = 25000
|
|
|
|
|
|
### Apache stuff
|
|
# By default, we try to determine the host type which anvil RPM is installed. If, for some reason, you want
|
|
# to statically assign the host type, you can do so with this variable. Note that this sets the host type of
|
|
# this host only. You will need to set this appropriately on other hosts.
|
|
#
|
|
# Normally, you should not need to set this.
|
|
#sys::host_type = node
|
|
# This configuration file provides a way to override Anvil::Tools' built-in defaults.
|
|
|
|
# This controls the default language. The value is the ISO code of the country's language you want to use by
|
|
# default. Note that the logging language is set with 'defaults::log::language' below.
|
|
# NOTE: Be sure the language exists before changing it!
|
|
defaults::languages::output = en_CA
|
|
|
|
# This controls how many loops Anvil::Tools::Words is allow to make while processing a string. This acts as a
|
|
# mechanism to exit infinite loops, and generally should not need to be changed.
|
|
defaults::limits::string_loops = 1000
|
|
|
|
|
|
### Logging options
|
|
# This controls whether all database transactions are recorded or not. Genreally this should be left off
|
|
# unless you are debugging the program.
|
|
# WARNING: This ignores 'secure', and will always be logged. Be careful about exposing sensitive data!
|
|
sys::database::log_transactions = 0
|
|
|
|
# By default, if a configured database is not accessible, a log level 1 alert is registered. This can cause a
|
|
# lot of log traffic. If you want to silence these log alerts, you can set the value below to be higher than
|
|
# your current active log level (default is '1', so set to '2' or '3' to silence).
|
|
# NOTE: It's important to only use this temporarily.
|
|
#sys::database::failed_connection_log_level = 2
|
|
|
|
# This controls what log facility to use by default.
|
|
# NOTE: This will always be 'authpriv' when a log entry is marked as secure.
|
|
defaults::log::facility = local0
|
|
|
|
# This controls what language logs are recorded in. Be sure that the language exists before changing it!
|
|
defaults::log::language = en_CA
|
|
|
|
# This controls the default log level. See 'perldoc Anvil::Tools::Logs' for details.
|
|
defaults::log::level = 1
|
|
|
|
# This controls whether sensitive log entries are logged or not. Generally, this should be left disabled!
|
|
defaults::log::secure = 0
|
|
|
|
# THis sets the default log server to send the log entries to. Leave it blank in most cases.
|
|
#defaults::log::server =
|
|
|
|
# This sets the default log tag used when logging an entry. Most programs will likely override this.
|
|
defaults::log::tag = anvil
|
|
|
|
|
|
### Templates
|
|
# This sets the default template used when rendering HTML pages. It must be the same as the directory name
|
|
# under /var/www/html/skins/
|
|
defaults::template::html = alteeve
|
|
|
|
|
|
### Install Target options
|
|
# Note; Please see 'pxe.txt' for editable templates for 'dhcpd.conf', (tftpboot's BIOS) 'default' and the
|
|
# kickstart templates.
|
|
#
|
|
# This section allows for adapting certain installations of systems via the Install Target feature.
|
|
# Generally, these don't need to be edited.
|
|
#
|
|
# This controls the keyboard configuration. See:
|
|
# - https://docs.fedoraproject.org/en-US/fedora/f28/install-guide/appendixes/Kickstart_Syntax_Reference/#sect-kickstart-commands-keyboard
|
|
#kickstart::keyboard = --vckeymap=us --xlayouts='us'
|
|
#
|
|
# This sets the default password of newly stage-1 built machines. Generally, this shouldn't be change. It is
|
|
# recorded in plain text and it is used in the stage-2 configuration tools.
|
|
#kickstart::password = Initial1
|
|
#
|
|
# This is the system timezone to be set. Generally, it's recommended to leave the Anvil! machines to UTC, but
|
|
# you might want to change this is if you spend time working directly on the various Anvil! cluster machines.
|
|
#kickstart::timezone = Etc/GMT --isUtc
|
|
|
|
# If this is set to '1', the packages used to build machines via the Install Target feature will not
|
|
# auto-update.
|
|
install-manifest::refresh-packages = 1
|
|
|
|
# This controls how often the local RPM repository is checked for updates. The default is '86400' seconds
|
|
# (one day). If anything, you might want to increase this. Common values;
|
|
# 86400 = Once per day
|
|
# 604800 = Once per week
|
|
# 2419200 = Once per month (well, 4 weeks)
|
|
install-manifest::refresh-period = 86400
|
|
|
|
|
|
### This controls Striker-specific features
|
|
# This can be set a a comma-separated list of packages to be added to Striker's RPM repos. Note that this is
|
|
# only useful is you want to store EL8-specific packages needed outside the Anvil!.
|
|
striker::repo::extra-packages =
|
|
|
|
### System functions
|
|
# The machines used in the Anvil! are treated as appliances, and thus fully under our control. As such, much
|
|
# of the system is monitored, managed and auto-repaired. This can frustrate sysadmins. As such, an admin may
|
|
# use the 'system::*' options to retake control over some system behaviour.
|
|
|
|
# Setting this to '0' will disable auto-management of the firewall.
|
|
sys::manage::firewall = 1
|
|
|
|
# By default, Anvil! nodes reserve 8 GiB of RAM for host OS use. That is to say, if a node (pair) has 128GiB
|
|
# of physical RAM, 120 GiB will be available for allocation to servers. Generally, this should NOT be reduced
|
|
# as doing so could trigger oom-killer (out of memory killer) to terminate servers. This is an integer
|
|
# representing the reserved RAM in MiB
|
|
# NOTE: Minimum is 1024, but really, never go below 4096 unless you _really_ know what you're doing.
|
|
#anvil_resources::ram::reserved = 8192
|
|
|
|
# If you wish to alter the amount of reservered RAM for a single Anvil! node, you can use:
|
|
#anvil::<anvil_uuid>::resources::ram::reserved = 8192
|
|
|
|
|
|
### Server related options
|
|
# This is the "short list" of servers shown when provisioning a new server. To see the full list of options,
|
|
# run '/usr/bin/osinfo-query os' and use here the 'Short ID' entries on any machine in the Anvil!.
|
|
#sys::servers::os_short_list = rhel8.7,rhel9.1,win10,win2k19,win2k22
|
|
|
|
|
|
### Scan agent options
|
|
# All scan agent configurations have the format 'scancore::<agent_name>::<variable>'.
|
|
|
|
# An agent can be disabled on a given machine by setting the 'disable' variable.
|
|
#scancore::scan-network::disable = 1
|
|
|
|
# Logging can be set on a per-agent basis with:
|
|
#scancore::scan-network::log_level = 2
|
|
#scancore::scan-network::log_secure = 1
|
|
|
|
# By default, the Anvil! will manage the /etc/hosts file. If this is causing you issue, you can disable this
|
|
# behavious by setting this to '0'. Be aware of course that you will need to manually update or add entries
|
|
# going forward.
|
|
#sys::hosts::manage = 0
|