summaryrefslogtreecommitdiffstats
path: root/etc/crm.conf.in
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--etc/crm.conf.in120
1 files changed, 120 insertions, 0 deletions
diff --git a/etc/crm.conf.in b/etc/crm.conf.in
new file mode 100644
index 0000000..39f8d5c
--- /dev/null
+++ b/etc/crm.conf.in
@@ -0,0 +1,120 @@
+; crmsh configuration file
+; To override per user, create a file ~/.config/crm/crm.conf
+;
+; [core]
+; editor = $EDITOR
+; pager = $PAGER
+; user =
+; skill_level = expert
+; sort_elements = yes
+; check_frequency = always
+; check_mode = strict
+; wait = no
+; add_quotes = yes
+; manage_children = ask
+; force = no
+; debug = no
+; ptest = ptest, crm_simulate
+; dotty = dotty
+; dot = dot
+; ignore_missing_metadata = no
+; report_tool_options =
+; lock_timeout = 120
+
+; set OCF_1_1_SUPPORT to yes is to fully turn on OCF 1.1 feature once the corresponding CIB detected.
+; OCF_1_1_SUPPORT = yes
+
+; obscure_pattern option is the persisent configuration of CLI.
+; Example, for the high security concern, obscure_pattern = passw* | ip
+; which makes `crm configure show` is equal to
+;
+; node-1:~ # crm configure show obscure:passw* obscure:ip
+; node 1084783297: node1
+; primitive fence_device stonith:fence_ilo5 \
+; params password="******"
+; primitive ip IPaddr2 \
+; params ip="******"
+;
+; The default option is passw*
+; If you don't want to obscure, change the value to blank.
+;
+; obscure_pattern = passw*
+
+[path]
+; sharedir = <detected>
+; cache = <detected>
+; crm_config = <detected>
+; crm_daemon_dir = <detected>
+crm_daemon_user = @CRM_DAEMON_USER@
+ocf_root = @OCF_ROOT_DIR@
+; crm_dtd_dir = <detected>
+; pe_state_dir = <detected>
+; heartbeat_dir = <detected>
+; hb_delnode = /usr/share/heartbeat/hb_delnode
+; nagios_plugins = /usr/lib/nagios/plugins
+
+; [color]
+; style = color
+; error = red bold
+; ok = green bold
+; warn = yellow bold
+; info = cyan
+; help_keyword = blue bold underline
+; help_header = normal bold
+; help_topic = yellow bold
+; help_block = cyan
+; keyword = yellow
+; identifier = normal
+; attr_name = cyan
+; attr_value = red
+; resource_reference = green
+; id_reference = green
+; score = magenta
+; ticket = magenta
+
+; [report]
+; from_time = -12H
+; compress = yes
+; speed_up = no
+; collect_extra_logs = /var/log/messages /var/log/pacemaker.log
+; remove_exist_dest = no
+; single_node = no
+;
+; sanitize_rule = sanitize_pattern[:options] ...
+;
+; This defines the way to hide sensitive data generated by crm report.
+;
+; 'sanitize_pattern' is a RegEx string, which is used to matches 'name'
+; field of CIB params. The sanitize process will hide 'value' of those
+; matched 'name:value' pairs in CIB, PE, pacemaker.log.
+;
+; 'options' is the predefined, and 'raw' is the only one defined
+; currently. With ':raw" option, the sanitize process will fetch
+; 'value' results out of CIB 'name:value' pairs, and use them to
+; hide all clear text occurence from all files crm report collected.
+;
+; Example 1:
+; sanitize_rule = passw.*
+;
+; This is the default. It will hide password nam:value pairs.
+; The result of crm report clould be like
+; name="password", value=******
+; @name=password @value=******
+; passwd=******
+;
+;
+; Example 2:
+; sanitize_rule = ip.*:raw
+;
+; This will only hide ip addresses. Example, the sanitize process will fetch
+; ip=10.10.10.10 and replace all clear text occurrence of "10.10.10.10"
+;
+;
+; Example 3:
+; sanitize_rule = passw.*|ip.*:raw
+;
+; This is useful for the higher security concern.
+; The sanitize process will hide all "name:value" pair for password like in
+; example 1, and all clear text ip addresses like in example 2 above.
+;
+; sanitize_rule = passw.*