summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 06:48:59 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 06:48:59 +0000
commitd835b2cae8abc71958b69362162e6a70c3d7ef63 (patch)
tree81052e3d2ce3e1bcda085f73d925e9d6257dec15 /etc
parentInitial commit. (diff)
downloadcrmsh-d835b2cae8abc71958b69362162e6a70c3d7ef63.tar.xz
crmsh-d835b2cae8abc71958b69362162e6a70c3d7ef63.zip
Adding upstream version 4.6.0.upstream/4.6.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'etc')
-rw-r--r--etc/crm.conf.in120
-rw-r--r--etc/profiles.yml29
2 files changed, 149 insertions, 0 deletions
diff --git a/etc/crm.conf.in b/etc/crm.conf.in
new file mode 100644
index 0000000..39f8d5c
--- /dev/null
+++ b/etc/crm.conf.in
@@ -0,0 +1,120 @@
+; crmsh configuration file
+; To override per user, create a file ~/.config/crm/crm.conf
+;
+; [core]
+; editor = $EDITOR
+; pager = $PAGER
+; user =
+; skill_level = expert
+; sort_elements = yes
+; check_frequency = always
+; check_mode = strict
+; wait = no
+; add_quotes = yes
+; manage_children = ask
+; force = no
+; debug = no
+; ptest = ptest, crm_simulate
+; dotty = dotty
+; dot = dot
+; ignore_missing_metadata = no
+; report_tool_options =
+; lock_timeout = 120
+
+; set OCF_1_1_SUPPORT to yes is to fully turn on OCF 1.1 feature once the corresponding CIB detected.
+; OCF_1_1_SUPPORT = yes
+
+; obscure_pattern option is the persisent configuration of CLI.
+; Example, for the high security concern, obscure_pattern = passw* | ip
+; which makes `crm configure show` is equal to
+;
+; node-1:~ # crm configure show obscure:passw* obscure:ip
+; node 1084783297: node1
+; primitive fence_device stonith:fence_ilo5 \
+; params password="******"
+; primitive ip IPaddr2 \
+; params ip="******"
+;
+; The default option is passw*
+; If you don't want to obscure, change the value to blank.
+;
+; obscure_pattern = passw*
+
+[path]
+; sharedir = <detected>
+; cache = <detected>
+; crm_config = <detected>
+; crm_daemon_dir = <detected>
+crm_daemon_user = @CRM_DAEMON_USER@
+ocf_root = @OCF_ROOT_DIR@
+; crm_dtd_dir = <detected>
+; pe_state_dir = <detected>
+; heartbeat_dir = <detected>
+; hb_delnode = /usr/share/heartbeat/hb_delnode
+; nagios_plugins = /usr/lib/nagios/plugins
+
+; [color]
+; style = color
+; error = red bold
+; ok = green bold
+; warn = yellow bold
+; info = cyan
+; help_keyword = blue bold underline
+; help_header = normal bold
+; help_topic = yellow bold
+; help_block = cyan
+; keyword = yellow
+; identifier = normal
+; attr_name = cyan
+; attr_value = red
+; resource_reference = green
+; id_reference = green
+; score = magenta
+; ticket = magenta
+
+; [report]
+; from_time = -12H
+; compress = yes
+; speed_up = no
+; collect_extra_logs = /var/log/messages /var/log/pacemaker.log
+; remove_exist_dest = no
+; single_node = no
+;
+; sanitize_rule = sanitize_pattern[:options] ...
+;
+; This defines the way to hide sensitive data generated by crm report.
+;
+; 'sanitize_pattern' is a RegEx string, which is used to matches 'name'
+; field of CIB params. The sanitize process will hide 'value' of those
+; matched 'name:value' pairs in CIB, PE, pacemaker.log.
+;
+; 'options' is the predefined, and 'raw' is the only one defined
+; currently. With ':raw" option, the sanitize process will fetch
+; 'value' results out of CIB 'name:value' pairs, and use them to
+; hide all clear text occurence from all files crm report collected.
+;
+; Example 1:
+; sanitize_rule = passw.*
+;
+; This is the default. It will hide password nam:value pairs.
+; The result of crm report clould be like
+; name="password", value=******
+; @name=password @value=******
+; passwd=******
+;
+;
+; Example 2:
+; sanitize_rule = ip.*:raw
+;
+; This will only hide ip addresses. Example, the sanitize process will fetch
+; ip=10.10.10.10 and replace all clear text occurrence of "10.10.10.10"
+;
+;
+; Example 3:
+; sanitize_rule = passw.*|ip.*:raw
+;
+; This is useful for the higher security concern.
+; The sanitize process will hide all "name:value" pair for password like in
+; example 1, and all clear text ip addresses like in example 2 above.
+;
+; sanitize_rule = passw.*
diff --git a/etc/profiles.yml b/etc/profiles.yml
new file mode 100644
index 0000000..eca34d2
--- /dev/null
+++ b/etc/profiles.yml
@@ -0,0 +1,29 @@
+# The valid profile names are:
+# "microsoft-azure", "google-cloud-platform", "amazon-web-services", "s390", "default"
+#
+# "default" profile is loaded in the beginning.
+#
+# Those specific profile will override the corresponding values in "default"
+# profile if the specific environment is detected.
+#
+# Users could customize the "default" profile for their needs, for example,
+# those on-premise environments which is not defined yet.
+#
+# Profiles are only loaded on bootstrap init node.
+#
+# More details please see man corosync.conf, man sbd
+
+default:
+ corosync.totem.crypto_hash: sha1
+ corosync.totem.crypto_cipher: aes256
+ corosync.totem.token: 5000
+ corosync.totem.join: 60
+ corosync.totem.max_messages: 20
+ corosync.totem.token_retransmits_before_loss_const: 10
+ # sbd.msgwait is set to sbd.watchdog_timeout*2 by crmsh
+ # or, you can define your own value in profiles.yml
+ sbd.watchdog_timeout: 15
+
+microsoft-azure:
+ corosync.totem.token: 30000
+ sbd.watchdog_timeout: 60