-
Notifications
You must be signed in to change notification settings - Fork 8
/
credentials.example.yml
216 lines (164 loc) · 6.5 KB
/
credentials.example.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
---
## Customization
# Tweak these settings to make your instance unique.
# Give your instance a unique name to distinguish it from others running on the same account
# and region. Resource names will include this string.
instance:
# Modify this to launch a new backend behind the same load balancers. This is useful for launching
# a new batch of worker hosts to implement large changes in architecture without incurring
# downtime.
deployment: blue
# Name and URL of the GitHub repository containing the site mapping and layouts.
#
# `control_repository_name` should be used if the control repository is hosted on GitHub. If it
# is, the control repository webhooks will be automatically created by the playbook. If it isn't,
# specify any git URL as `control_repository_url`, leave `control_repository_name` blank, and
# set up webhooks on the control repository manually.
control_repository_name: deconst/control-example
control_repository_url: https://github.com/{{ control_repository_name }}.git
# Branch of the control repository that governs this deployment.
control_repository_branch: master
# Domain name to be used for the presenter and content service.
domain:
# Domain name to be used for the build server.
build_domain: build.{{ domain }}
# Domain name to be used for the staging presenter.
staging_presenter_domain: staging.{{ domain }}
# Domain name to be used for the staging content service.
staging_content_domain: content.staging.{{ domain }}
# Cloud Files containers used to store raw content as metadata envelopes and to
# store CDN-distributed, fingerprinted assets.
#
# These containers will be created by the content service at first launch.
content_container: deconst-docs
asset_container: deconst-assets
staging_content_container: staging-{{ content_container }}
staging_asset_container: staging-{{ asset_container }}
# Number of worker hosts to provision.
worker_count: 3
# Rackspace server flavor to use for worker hosts.
worker_flavor: general1-2
# Rackspace server image to use for worker hosts.
worker_image: "{{ image_coreos_beta }}"
# Number of "pods" of related services to launch on each worker host.
pod_count: 2
# Number of servers to include in the elasticsearch cluster.
elastic_count: 1
# Rackspace server flavor to use for elasticsearch hosts.
elastic_flavor: general1-2
# Rackspace server image to use for worker hosts.
elastic_image: "{{ image_coreos_beta }}"
# Number of servers to include in the build cluster.
build_count: 1
# Rackspace server flavor to use for build hosts.
build_flavor: general1-2
# Rackspace server flavor to use for build hosts.
build_image: "{{ image_coreos_beta }}"
# Number of builds to support in parallel at once.
build_parallel_jobs: 2
# Number of servers to include in the staging cluster.
staging_count: 1
# Rackspace server flavor to use for staging hosts.
staging_flavor: general1-2
# Rackspace server flavor to use for staging hosts.
staging_image: "{{ image_coreos_beta }}"
# Number of "pods" to launch on each staging host.
staging_pod_count: 2
# Optionally override the domain of presented URLs.
#
# This is most useful for testing locally, staging environments, or deployments that don't have
# DNS configured yet.
presented_url_proto:
presented_url_domain:
# Strider
#
# Configuration for self-hosted builds.
# Email address used for the system user. Doesn't need to be real.
strider_system_email:
# Strider access control. Specify a GitHub organization and (optionally) access and admin teams
# within that organization.
strider_access_org:
strider_access_team:
strider_admin_team:
# Docker container whitelist, comma-separated.
# strider_build_whitelist: quay.io/deconst/preparer-sphinx,quay.io/deconst/preparer-jekyll
# Configure logging levels.
log_level: INFO
content_log_level: "{{ log_level }}"
presenter_log_level: "{{ log_level }}"
strider_log_level: "{{ log_level }}"
# Enable or disable diagnostics that are dangerous to enable in production.
# enable_diagnostics: yes
## Secrets
# Keep these safe.
# Rackspace credentials
rackspace_username:
rackspace_api_key:
rackspace_region:
# Name of an SSH keypair present on the account and region that you've specified above.
rackspace_keyname:
# Administrator credentials for the build host
build_admin_email:
build_admin_password:
# TLS credentials
#
# A valid certificate including an SAN for each domain that you wish to host on this cluster.
# Public certificate to be presented by each pod
ssl_certificate:
# Private half of the keypair
ssl_key:
# Intermediate certificate chain that nginx should include.
ssl_intermediate_certificates: []
# - |
# -- BEGIN CERTIFICATE --
# - |
# -- BEGIN CERTIFICATE --
#
# MongoDB URI
#
# Split into components. mongodb_host should also include ports and database as needed.
mongodb_username:
mongodb_password:
mongodb_host:
mongodb_uri: "mongodb://{{ mongodb_username }}:{{ mongodb_password }}@{{ mongodb_host }}"
# Elasticsearch
#
# Credentials used to access your Elasticsearch instance.
elasticsearch_username:
elasticsearch_password:
elasticsearch_hosts: []
elasticsearch_transport_port:
elasticsearch_api_proto: https
elasticsearch_api_port:
# Number of days' worth of logstash logs to preserve. Older indexes will be purged once a day.
elasticsearch_keep_days: 5
# Action to take on indexes older than elasticsearch_keep_days.
# "show" is a no-op.
# "close" deactivates old indexes to reduce system strain, but keeps them on disk.
# "prune" deletes old indexes entirely.
elasticsearch_curator_action: show
# GitHub integration settings.
# Personal access token for the GitHub system user. This token will be used for GitHub actions taken
# by automated services on the cluster (automatically created content builds, pull request build
# comments).
#
# Generate a unique token for this at: https://github.com/settings/tokens/new
github_oauth_token:
# OAuth application tokens. These are used for GitHub OAuth logins.
#
# Create these by registering at: https://github.com/settings/applications/new
github_app_id:
github_app_secret:
# Choose secure administrative API keys for the production and staging content services.
# For example:
# hexdump -v -e '1/1 "%.2x"' -n 128 /dev/random
content_admin_apikey:
staging_content_admin_apikey:
# Make this an array of administrators' public keys to install on all provisioned hosts, granting them access to the "core" user.
admin_ssh_pubkeys:
# - name: someone
# pubkey: >
# ssh-rsa AAAAB3Nz...
# List of IP addresses from which incoming SSH connections should be accepted.
# Leave this as an empty collection to accept SSH connections from any IP.
source_addresses: []