diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 06:48:59 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 06:48:59 +0000 |
commit | d835b2cae8abc71958b69362162e6a70c3d7ef63 (patch) | |
tree | 81052e3d2ce3e1bcda085f73d925e9d6257dec15 /etc | |
parent | Initial commit. (diff) | |
download | crmsh-d835b2cae8abc71958b69362162e6a70c3d7ef63.tar.xz crmsh-d835b2cae8abc71958b69362162e6a70c3d7ef63.zip |
Adding upstream version 4.6.0.upstream/4.6.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'etc')
-rw-r--r-- | etc/crm.conf.in | 120 | ||||
-rw-r--r-- | etc/profiles.yml | 29 |
2 files changed, 149 insertions, 0 deletions
diff --git a/etc/crm.conf.in b/etc/crm.conf.in new file mode 100644 index 0000000..39f8d5c --- /dev/null +++ b/etc/crm.conf.in @@ -0,0 +1,120 @@ +; crmsh configuration file +; To override per user, create a file ~/.config/crm/crm.conf +; +; [core] +; editor = $EDITOR +; pager = $PAGER +; user = +; skill_level = expert +; sort_elements = yes +; check_frequency = always +; check_mode = strict +; wait = no +; add_quotes = yes +; manage_children = ask +; force = no +; debug = no +; ptest = ptest, crm_simulate +; dotty = dotty +; dot = dot +; ignore_missing_metadata = no +; report_tool_options = +; lock_timeout = 120 + +; set OCF_1_1_SUPPORT to yes is to fully turn on OCF 1.1 feature once the corresponding CIB detected. +; OCF_1_1_SUPPORT = yes + +; obscure_pattern option is the persisent configuration of CLI. +; Example, for the high security concern, obscure_pattern = passw* | ip +; which makes `crm configure show` is equal to +; +; node-1:~ # crm configure show obscure:passw* obscure:ip +; node 1084783297: node1 +; primitive fence_device stonith:fence_ilo5 \ +; params password="******" +; primitive ip IPaddr2 \ +; params ip="******" +; +; The default option is passw* +; If you don't want to obscure, change the value to blank. +; +; obscure_pattern = passw* + +[path] +; sharedir = <detected> +; cache = <detected> +; crm_config = <detected> +; crm_daemon_dir = <detected> +crm_daemon_user = @CRM_DAEMON_USER@ +ocf_root = @OCF_ROOT_DIR@ +; crm_dtd_dir = <detected> +; pe_state_dir = <detected> +; heartbeat_dir = <detected> +; hb_delnode = /usr/share/heartbeat/hb_delnode +; nagios_plugins = /usr/lib/nagios/plugins + +; [color] +; style = color +; error = red bold +; ok = green bold +; warn = yellow bold +; info = cyan +; help_keyword = blue bold underline +; help_header = normal bold +; help_topic = yellow bold +; help_block = cyan +; keyword = yellow +; identifier = normal +; attr_name = cyan +; attr_value = red +; resource_reference = green +; id_reference = green +; score = magenta +; ticket = magenta + +; [report] +; from_time = -12H +; compress = yes +; speed_up = no +; collect_extra_logs = /var/log/messages /var/log/pacemaker.log +; remove_exist_dest = no +; single_node = no +; +; sanitize_rule = sanitize_pattern[:options] ... +; +; This defines the way to hide sensitive data generated by crm report. +; +; 'sanitize_pattern' is a RegEx string, which is used to matches 'name' +; field of CIB params. The sanitize process will hide 'value' of those +; matched 'name:value' pairs in CIB, PE, pacemaker.log. +; +; 'options' is the predefined, and 'raw' is the only one defined +; currently. With ':raw" option, the sanitize process will fetch +; 'value' results out of CIB 'name:value' pairs, and use them to +; hide all clear text occurence from all files crm report collected. +; +; Example 1: +; sanitize_rule = passw.* +; +; This is the default. It will hide password nam:value pairs. +; The result of crm report clould be like +; name="password", value=****** +; @name=password @value=****** +; passwd=****** +; +; +; Example 2: +; sanitize_rule = ip.*:raw +; +; This will only hide ip addresses. Example, the sanitize process will fetch +; ip=10.10.10.10 and replace all clear text occurrence of "10.10.10.10" +; +; +; Example 3: +; sanitize_rule = passw.*|ip.*:raw +; +; This is useful for the higher security concern. +; The sanitize process will hide all "name:value" pair for password like in +; example 1, and all clear text ip addresses like in example 2 above. +; +; sanitize_rule = passw.* diff --git a/etc/profiles.yml b/etc/profiles.yml new file mode 100644 index 0000000..eca34d2 --- /dev/null +++ b/etc/profiles.yml @@ -0,0 +1,29 @@ +# The valid profile names are: +# "microsoft-azure", "google-cloud-platform", "amazon-web-services", "s390", "default" +# +# "default" profile is loaded in the beginning. +# +# Those specific profile will override the corresponding values in "default" +# profile if the specific environment is detected. +# +# Users could customize the "default" profile for their needs, for example, +# those on-premise environments which is not defined yet. +# +# Profiles are only loaded on bootstrap init node. +# +# More details please see man corosync.conf, man sbd + +default: + corosync.totem.crypto_hash: sha1 + corosync.totem.crypto_cipher: aes256 + corosync.totem.token: 5000 + corosync.totem.join: 60 + corosync.totem.max_messages: 20 + corosync.totem.token_retransmits_before_loss_const: 10 + # sbd.msgwait is set to sbd.watchdog_timeout*2 by crmsh + # or, you can define your own value in profiles.yml + sbd.watchdog_timeout: 15 + +microsoft-azure: + corosync.totem.token: 30000 + sbd.watchdog_timeout: 60 |