-
-
Notifications
You must be signed in to change notification settings - Fork 73
/
main.yml
90 lines (82 loc) · 3.43 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
---
# StackStorm version to install. `present` to install available package, `latest` to get automatic updates or pin it to numeric version like `2.2.0`.
# On Debian need to specify revision of package like `2.2.0-1`.
st2_version: latest
# Hash with StackStorm configuration settings to set in 'st2.conf' ini file
# See https://github.com/StackStorm/st2/blob/master/conf/st2.conf.sample for a full list
st2_config: {}
# Example:
#st2_config:
# auth:
# debug: True
# enable: True
# database:
# username: st2
# db_name: st2
# password: random-password123
# messaging:
# url: amqp://st2:[email protected]:5672//
# In StackStorm > 3.4 then redis client libraries are included in the ST2
# package. And therefore redis can be automatically used by setting st2_config
# as follows
#st2_config:
# coordination:
# url: redis://127.0.0.1:6379
# System user from which st2 will execute local/remote shell actions
st2_system_user: stanley
# Add `st2_system_user` to the sudoers (recommended for most `st2` features to work)
st2_system_user_in_sudoers: yes
# Path to `st2_system_user` ssh private key. It will be autogenerated if key absent
st2_ssh_key_file: /home/{{ st2_system_user }}/.ssh/{{ st2_system_user }}_rsa
# Enable StackStorm standalone authentication
st2_auth_enable: yes
# Username used by StackStorm standalone authentication
st2_auth_username: testu
# Password used by StackStorm standalone authentication
st2_auth_password: testp
# By specifying a valid configuration for LDAP,
# (See https://docs.stackstorm.com/latest/authentication.html#ldap )
# LDAP auth backend is setup for st2.
# Note that you just need to provide the backend_kwargs.
st2_ldap_enable: no
# "enable" is not a key of st2_ldap because the defaults would be lost if any key in the dictionary is changed
st2_ldap:
backend_kwargs: {}
# Specify roles and assignments for RBAC.
# Roles are pushed as YML files to /opt/stackstorm/rbac/roles
# Assignments are pushed as YML files to /opt/stackstorm/rbac/assignments/
# The schema for roles and assignments follow the exact schema definition
# define in https://docs.stackstorm.com/latest/rbac.html#defining-roles-and-permission-grants
# and https://docs.stackstorm.com/latest/rbac.html#defining-user-role-assignments
# Mappings are pushed as YML files to /opt/stackstorm/rbac/mappings/
# The schema for mappings takes on the following format:
# - The well-defined "name" key is used as the filename, e.g., the example below creates /opt/stackstorm/rbac/mappings/domain-admins.yaml
# - The well-defined "mapping" key defines the mapping itself
# The reason for this convention drift is to avoid attempting to use "cn=domain-admins,ou=groups,dc=stackstorm,dc=com" as the basis for the filename
# st2_rbac:
# mappings:
# - name: domain-admins
# mapping:
# group: cn=domain-admins,ou=groups,dc=stackstorm,dc=com
# description: Grant admin role to all domain-admin members
# roles:
# - admin
st2_rbac_enable: no
# "enable" is not a key of st2_rbac because the defaults would be lost if any key in the dictionary is changed
st2_rbac:
roles: []
assignments:
- name: "{{ st2_system_user }}"
roles:
- admin
- name: "{{ st2_auth_username }}"
roles:
- system_admin
mappings: []
# Save credentials in ~/.st2/config file
st2_save_credentials: yes
# ST2 packs to be installed (list)
st2_packs:
- st2
# Additional python packages to install
st2_python_packages: []