.. _chapter_possible_vars: ============= Possible Vars ============= data/users/ =========== .. code-block:: yaml --- first_name: Anton Tobias last_name: Mustermann full_name: Anton Tobias Mustermann mail_address: antontobias.mustermann@perfact.de mail_virtual: - amustermann@perfact.de - mustermann@perfact.de - amu@perfact.de - antontobias.mustermann@perfact-innovation.de - otheradress@perfact.de # unique user id for all systems with ldap from 2023: posixuserid: 1546 # must be unique ssh_keys: # one pub-key transferred from pffile for access to perfact@systems": pffile: "ssh-rsa AAAA... First.Last@PerFact.DE" # list of pup-key stored on the laptop for initial connect_perfact connections # these keys are forced to "no-pty" laptop: - "ssh-rsa AAAA... username@username.laptop" # departments of employee. controls ssh-acces to systems departments: - project_realization - internal - internalit - internal_prod - key_account # for mail signatures ## required parameter: # signature for user will only be generated if # position or position_eng ist set position: # signature text english position_eng: # signature text german ## optional parameter: signature_name: # if the name in the signature is not # `first_name` `last_name`, e.g "i.V. Max Mustermann", # "Dr. Max Mustermann or if the name contains umlaute. telefon_extention: # the extention of the local phone number @ perfact mobil: # in the form: "Mobile: +49 1nn nnn nnn nn" evo: True # generates a signature for Perfact Evolution data/hosts/ =========== All possible variables for hosts .. code-block:: yaml --- phonehome: # pub-key for phonehome connection: # all keys are prepended by no-ptx # if option permitopen is not given, it defaults to permitopen="127.0.0.1:1" # if option permitlisten is not given, it defaults to permitlisten="localhost:*" ssh-key: (ssh-rsa|ecdsa-...) ... zop@systemname # (preferred: name of ssh-connection) port: 10xxx # allow ssh-access to this host for user not granted by department: ssh_allow_user_access: - mmusterfrau - anotheruser # list of ssh-pup-key (keys without users) for ssh perfact@system extra_ssh_keys: - "ssh-rsa AAAAB... M.Muserfrau@Perfct.DE" - .... # more keys for user pfremote - only at system pf-phonehome-2020-prod extra_ssh_keys_pfremote: - 'ssh-rsa ...' - 'ecdsa-sha2-nistp521 ...' - 'ssh-ed25519 ...' # ansibles uses ssh ansible_user@system ansible_user: perfact # defaults to perfact # if there is no sshd to connect to (example: nolte-dashboard-01/2) no_sshd: true # (defaults to false) # Perfact-Facts: pfsystemid: xxxxxxxx # used to setup new systems pfsystemname: pf-phonehome-2020-prod # example, no default # usage of the phonehome-cheker: perfact_phonehome_checker: use_checker: true # create config and check phonehome connection for this host (default: false) alert_cycles: 5 # (defaults to 5) # postfix # relay host - defaults to mail.perfact.de postfix_smtp_relay_host = smtp-dmz.perfact.de # for server in perfact-DNZ postfix_smtp_hostname = pf-phonehome-2020-prod.perfact.de # example, no default # mailname postfix_smtp_mailname = pf-phonehome-2020-prod.perfact.de # example, no default # controlling pffirewall firewall_int_dev: 'ens18' # example, no default firewall_int_net: '192.168.51.0/24' # example, no default firewall_clientRules: - '$INT_IP 192.168.51.1 "53"' # example, no default firewall_serverRules: # allow ssh-server - '$INT_IP $ANY_NET "22" tcp' # example, no default firewall_customRules: # custom defenied rules - 'iptables -A FORWARD ....' # example, no default # for Monit monit_start_delay: 180 # delay the first check seconds - defaults to 180 monit_smtp_server: smtp-dmz.perfact.de # defalts to "mail.perfact.de, mail02.perfact.de, mail01.perfact.de" monit_root_device: /dev/mapper/ubuntu--vg-ubuntu--lv monit_boot_device: /dev/vda2 monit_backup_device: /dev/system/backup # defaults to NULL # either dump or borg, defaults to borg pfbackup_type = borg # should database be backed up ? defaults to True pfbackup_includedb = True # vars used for BackupPC on pf-backup quadrant_backup: # possible vars # use ip or ssh_hostname if systemname cannot be be solved by dns ssh_hostname: # Hostname or IP for ssh-connection defaults to ansible-systemname ip: # ip-address for /etc/hosts if systemname cannot be solved by DNS ssh_port: 22 # defaults to 22 ssh_user: userwithsshaccess # defaults to root database_backup: true # (defaults to False) BackupExcludes: # list of dirs or files not to backup - '/dir1_not_to_backup' - '/dir2_not_to_backup' DisableBackupExcludeDefaults: no # don't use default exclude-list backuppc_client_conf: # additional parameters for BackupPC param1: value # without trailing "-" it is a dictionary param2: value PingMaxMsec: 1 PingMaxMsec: 45 BackupFilesOnly: "{ '/vol/backup/pf-gate' => [ '' ] }" ClientNameAlias: "'hostname'" # limit io to avoid high system load or traffic in Bytes/s # 100 Mbit/s ~ 100000 Byte/s RsyncArgsExtra: "[ '--bwlimit=20000' ]" RsyncArgsExtra: "[ '--bwlimit=5000000' ]" # # if host cannot be resolved and you want to disable the check NmbLookupCmd: "'/usr/bin/true'" NmbLookupFindHostCmd: "'/usr/bin/true'" PingCmd: "'/usr/bin/true'" DumpPreUserCmd: # defaults to '$sshPath -q -x -l root $host /opt/perfact/custom/backuppc-pg_basebackup.sh' # Attention: the single quotes have to be surrunded by double quotes: DumpPreUserCmd: "'$sshPath -q -x -l root $host /opt/perfact/custom/backuppc-pg_basebackup-custom.sh'" DumpPostUserCmd: # defaults to '$sshPath -q -x -l root $host /opt/perfact/custom/backuppc-pg_basebackup-remove.sh' rear_install: true # install REAR (defaults to false) # variables to include software that is installed on server software: measure # install measure and config database # configure measure for database haproxy # configure measure for haproxy ema # configure measure for ema clamav # configure measure for clamav # only for ldap servers: # purge ldap config and deploy ldap schemes - remove afterwards before going live init_ldap: true # put init data to system - remove afterwards before going live init_users: true # ldap ldap_basedn: "dc=perfact,dc=de" # only for perfact-mail-[devel|prod] # volume /vol/mail vg_name_mail: system vol_mail_size: 1G