openstack/openstack-ansible-os_barbican
Code Issues Proposed changes
openstack-ansible-os_barbican/templates/barbican.conf.j2
Dmitriy Rabotyagov 57a5f46142 Move database configuration to it's own section 
Defining database configuration in [DEFAULT] section was deprecated
and removed for 2024.2 cycle [1]

We also remove some RabbitMQ configuration from DEFAULT section
that do not have any effect as of today.

[1] https://review.opendev.org/c/openstack/barbican/+/848011

Change-Id: Ia189d0e8051f76b8eb46de19b5f309ab5ea6aac5
2024-07-22 17:03:05 +02:00

114 lines
5.2 KiB
Django/Jinja
Raw Permalink Blame History

# {{ ansible_managed }}
[DEFAULT]
use_journal = True
# Disable stderr logging
use_stderr = False
# Show debugging output in logs (sets DEBUG log level output)
debug = {{ debug }}
# Host name, for use in HATEOAS-style references
# Note: Typically this would be the load balanced endpoint that clients would use
# communicate back with this service.
host_href = {{ barbican_service_publicurl }}
transport_url = {{ barbican_oslomsg_rpc_transport }}://{% for host in barbican_oslomsg_rpc_servers.split(',') %}{{ barbican_oslomsg_rpc_userid }}:{{ barbican_oslomsg_rpc_password }}@{{ host }}:{{ barbican_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ _barbican_oslomsg_rpc_vhost_conf }}{% if barbican_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ barbican_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ barbican_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
[database]
connection = mysql+pymysql://{{ barbican_galera_user }}:{{ barbican_galera_password }}@{{ barbican_galera_address }}:{{ barbican_galera_port }}/{{ barbican_galera_database }}?charset=utf8{% if barbican_galera_use_ssl | bool %}&ssl_verify_cert=true{% if barbican_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ barbican_galera_ssl_ca_cert }}{% endif %}{% endif +%}
max_overflow = {{ barbican_db_max_overflow }}
max_pool_size = {{ barbican_db_max_pool_size }}
pool_timeout = {{ barbican_db_pool_timeout }}
connection_recycle_time = {{ barbican_db_connection_recycle_time }}
[oslo_messaging_notifications]
driver = {{ (barbican_oslomsg_notify_configure | bool) | ternary('messagingv2', 'noop') }}
transport_url = {{ barbican_oslomsg_notify_transport }}://{% for host in barbican_oslomsg_notify_servers.split(',') %}{{ barbican_oslomsg_notify_userid }}:{{ barbican_oslomsg_notify_password }}@{{ host }}:{{ barbican_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ _barbican_oslomsg_notify_vhost_conf }}{% if barbican_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ barbican_oslomsg_notify_ssl_version }}&ssl_ca_file={{ barbican_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
{% if barbican_oslomsg_rpc_transport == 'rabbit' %}
[oslo_messaging_rabbit]
ssl = {{ barbican_oslomsg_notify_use_ssl | bool }}
rabbit_quorum_queue = {{ barbican_oslomsg_rabbit_quorum_queues }}
rabbit_transient_quorum_queue = {{ barbican_oslomsg_rabbit_transient_quorum_queues }}
rabbit_qos_prefetch_count = {{ barbican_oslomsg_rabbit_qos_prefetch_count }}
use_queue_manager = {{ barbican_oslomsg_rabbit_queue_manager }}
{% if barbican_oslomsg_rabbit_queue_manager %}
hostname = {{ [ansible_facts['hostname'], barbican_service_name] | join('-') }}
{% endif %}
rabbit_stream_fanout = {{ barbican_oslomsg_rabbit_stream_fanout }}
rabbit_quorum_delivery_limit = {{ barbican_oslomsg_rabbit_quorum_delivery_limit }}
rabbit_quorum_max_memory_bytes = {{ barbican_oslomsg_rabbit_quorum_max_memory_bytes }}
{% endif %}
{% if barbican_keystone_auth | bool %}
[keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_type = {{ barbican_keystone_auth_plugin }}
auth_url = {{ keystone_service_adminurl }}
www_authenticate_uri = {{ keystone_service_internaluri }}
project_domain_id = {{ barbican_service_project_domain_id }}
user_domain_id = {{ barbican_service_user_domain_id }}
project_name = {{ barbican_service_project_name }}
username = {{ barbican_service_user_name }}
password = {{ barbican_service_password }}
region_name = {{ keystone_service_region }}
service_token_roles_required = {{ barbican_service_token_roles_required | bool }}
service_token_roles = {{ barbican_service_token_roles | join(',') }}
service_type = {{ barbican_service_type }}
memcached_servers = {{ barbican_memcached_servers }}
token_cache_time = 300
# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}
{% endif %}
# ================= Secret Store Plugin ===================
[secretstore]
{% if barbican_backends_config | length > 1 %}
enable_multiple_secret_stores = True
stores_lookup_suffix = {{ barbican_backends_config.keys() | join(',') }}
{% for section, config in barbican_backends_config.items() %}
[secretstore:{{ section }}]
{% for key, value in config.items() %}
{{ key }} = {{ value }}
{% endfor %}
{% endfor %}
{% else %}
{% for config in barbican_backends_config.values() %}
enabled_secretstore_plugins = {{ config['secret_store_plugin'] }}
{% if 'crypto_plugin' in config %}
# ================= Crypto plugin ===================
[crypto]
enabled_crypto_plugins = {{ config['crypto_plugin'] }}
{% endif %}
{% endfor %}
{% endif %}
{% for section, config in barbican_plugins_config.items() %}
[{{ section }}]
{% for key, value in config.items() %}
{{ key }} = '{{ value }}'
{% endfor %}
{% endfor %}
[certificate]
enabled_certificate_plugins = simple_certificate
enabled_certificate_plugins = snakeoil_ca
[certificate_event]
enabled_certificate_event_plugins = simple_certificate
[snakeoil_ca_plugin]
ca_cert_path = /etc/barbican/snakeoil-ca.crt
ca_cert_key_path = /etc/barbican/snakeoil-ca.key
ca_cert_chain_path = /etc/barbican/snakeoil-ca.chain
ca_cert_pkcs7_path = /etc/barbican/snakeoil-ca.p7b
subca_cert_key_directory=/etc/barbican/snakeoil-cas
View Git Blame Copy Permalink