From d835b2cae8abc71958b69362162e6a70c3d7ef63 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 17 Apr 2024 08:48:59 +0200 Subject: Adding upstream version 4.6.0. Signed-off-by: Daniel Baumann --- etc/crm.conf.in | 120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 120 insertions(+) create mode 100644 etc/crm.conf.in (limited to 'etc/crm.conf.in') diff --git a/etc/crm.conf.in b/etc/crm.conf.in new file mode 100644 index 0000000..39f8d5c --- /dev/null +++ b/etc/crm.conf.in @@ -0,0 +1,120 @@ +; crmsh configuration file +; To override per user, create a file ~/.config/crm/crm.conf +; +; [core] +; editor = $EDITOR +; pager = $PAGER +; user = +; skill_level = expert +; sort_elements = yes +; check_frequency = always +; check_mode = strict +; wait = no +; add_quotes = yes +; manage_children = ask +; force = no +; debug = no +; ptest = ptest, crm_simulate +; dotty = dotty +; dot = dot +; ignore_missing_metadata = no +; report_tool_options = +; lock_timeout = 120 + +; set OCF_1_1_SUPPORT to yes is to fully turn on OCF 1.1 feature once the corresponding CIB detected. +; OCF_1_1_SUPPORT = yes + +; obscure_pattern option is the persisent configuration of CLI. +; Example, for the high security concern, obscure_pattern = passw* | ip +; which makes `crm configure show` is equal to +; +; node-1:~ # crm configure show obscure:passw* obscure:ip +; node 1084783297: node1 +; primitive fence_device stonith:fence_ilo5 \ +; params password="******" +; primitive ip IPaddr2 \ +; params ip="******" +; +; The default option is passw* +; If you don't want to obscure, change the value to blank. +; +; obscure_pattern = passw* + +[path] +; sharedir = +; cache = +; crm_config = +; crm_daemon_dir = +crm_daemon_user = @CRM_DAEMON_USER@ +ocf_root = @OCF_ROOT_DIR@ +; crm_dtd_dir = +; pe_state_dir = +; heartbeat_dir = +; hb_delnode = /usr/share/heartbeat/hb_delnode +; nagios_plugins = /usr/lib/nagios/plugins + +; [color] +; style = color +; error = red bold +; ok = green bold +; warn = yellow bold +; info = cyan +; help_keyword = blue bold underline +; help_header = normal bold +; help_topic = yellow bold +; help_block = cyan +; keyword = yellow +; identifier = normal +; attr_name = cyan +; attr_value = red +; resource_reference = green +; id_reference = green +; score = magenta +; ticket = magenta + +; [report] +; from_time = -12H +; compress = yes +; speed_up = no +; collect_extra_logs = /var/log/messages /var/log/pacemaker.log +; remove_exist_dest = no +; single_node = no +; +; sanitize_rule = sanitize_pattern[:options] ... +; +; This defines the way to hide sensitive data generated by crm report. +; +; 'sanitize_pattern' is a RegEx string, which is used to matches 'name' +; field of CIB params. The sanitize process will hide 'value' of those +; matched 'name:value' pairs in CIB, PE, pacemaker.log. +; +; 'options' is the predefined, and 'raw' is the only one defined +; currently. With ':raw" option, the sanitize process will fetch +; 'value' results out of CIB 'name:value' pairs, and use them to +; hide all clear text occurence from all files crm report collected. +; +; Example 1: +; sanitize_rule = passw.* +; +; This is the default. It will hide password nam:value pairs. +; The result of crm report clould be like +; name="password", value=****** +; @name=password @value=****** +; passwd=****** +; +; +; Example 2: +; sanitize_rule = ip.*:raw +; +; This will only hide ip addresses. Example, the sanitize process will fetch +; ip=10.10.10.10 and replace all clear text occurrence of "10.10.10.10" +; +; +; Example 3: +; sanitize_rule = passw.*|ip.*:raw +; +; This is useful for the higher security concern. +; The sanitize process will hide all "name:value" pair for password like in +; example 1, and all clear text ip addresses like in example 2 above. +; +; sanitize_rule = passw.* -- cgit v1.2.3