Lusheng Ji | e0db251 | 2018-02-12 11:04:08 -0500 | [diff] [blame] | 1 | # ================================================================================ |
| 2 | # Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved. |
| 3 | # ================================================================================ |
| 4 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | # you may not use this file except in compliance with the License. |
| 6 | # You may obtain a copy of the License at |
| 7 | # |
| 8 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | # |
| 10 | # Unless required by applicable law or agreed to in writing, software |
| 11 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | # See the License for the specific language governing permissions and |
| 14 | # limitations under the License. |
| 15 | # ============LICENSE_END========================================================= |
| 16 | # |
| 17 | # ECOMP is a trademark and service mark of AT&T Intellectual Property. |
Alex Shatov | 2f5b30a | 2018-04-18 11:09:49 -0400 | [diff] [blame] | 18 | |
Lusheng Ji | 1b2af34 | 2017-10-15 16:37:33 -0400 | [diff] [blame] | 19 | application_config: |
| 20 | policy_handler : |
| 21 | # parallelize the getConfig queries to policy-engine on each policy-update notification |
| 22 | thread_pool_size : 4 |
Alex Shatov | 86823d7 | 2017-10-27 16:58:22 -0400 | [diff] [blame] | 23 | |
Lusheng Ji | 1b2af34 | 2017-10-15 16:37:33 -0400 | [diff] [blame] | 24 | # parallelize requests to policy-engine and keep them alive |
| 25 | pool_connections : 20 |
Alex Shatov | 86823d7 | 2017-10-27 16:58:22 -0400 | [diff] [blame] | 26 | |
Lusheng Ji | 1b2af34 | 2017-10-15 16:37:33 -0400 | [diff] [blame] | 27 | # retry to getConfig from policy-engine on policy-update notification |
| 28 | policy_retry_count : 5 |
| 29 | policy_retry_sleep : 5 |
Alex Shatov | 86823d7 | 2017-10-27 16:58:22 -0400 | [diff] [blame] | 30 | |
Alex Shatov | 2f5b30a | 2018-04-18 11:09:49 -0400 | [diff] [blame] | 31 | # config of automatic catch_up for resiliency |
| 32 | catch_up : |
| 33 | # interval in seconds on how often to call automatic catch_up |
| 34 | # example: 1200 is 20*60 seconds that is 20 minutes |
| 35 | interval : 1200 |
Alex Shatov | 2f5b30a | 2018-04-18 11:09:49 -0400 | [diff] [blame] | 36 | |
Alex Shatov | 8804f66 | 2018-08-24 13:16:42 -0400 | [diff] [blame] | 37 | # config of periodic reconfigure-rediscover for adaptability |
| 38 | reconfigure: |
| 39 | # interval in seconds on how often to call automatic reconfigure |
| 40 | # example: 600 is 10*60 seconds that is 10 minutes |
| 41 | interval : 600 |
| 42 | |
Lusheng Ji | 1b2af34 | 2017-10-15 16:37:33 -0400 | [diff] [blame] | 43 | # policy-engine config |
| 44 | # These are the url of and the auth for the external system, namely the policy-engine (PDP). |
| 45 | # We obtain that info manually from PDP folks at the moment. |
| 46 | # In long run we should figure out a way of bringing that info into consul record |
| 47 | # related to policy-engine itself. |
| 48 | policy_engine : |
Alex Shatov | 82b58e5 | 2018-09-19 13:20:18 -0400 | [diff] [blame^] | 49 | url : "http://{{ policy_ip_addr }}:8081" |
Alex Shatov | b8be9f8 | 2018-09-18 17:17:47 -0400 | [diff] [blame] | 50 | path_notifications : "/pdp/notifications" |
Lusheng Ji | 1b2af34 | 2017-10-15 16:37:33 -0400 | [diff] [blame] | 51 | path_api : "/pdp/api/" |
| 52 | headers : |
| 53 | Accept : "application/json" |
| 54 | "Content-Type" : "application/json" |
Alex Shatov | 86823d7 | 2017-10-27 16:58:22 -0400 | [diff] [blame] | 55 | ClientAuth : "cHl0aG9uOnRlc3Q=" |
Lusheng Ji | 1b2af34 | 2017-10-15 16:37:33 -0400 | [diff] [blame] | 56 | Authorization : "Basic dGVzdHBkcDphbHBoYTEyMw==" |
| 57 | Environment : "TEST" |
| 58 | target_entity : "policy_engine" |
Alex Shatov | 1c2686a | 2018-09-14 17:32:11 -0400 | [diff] [blame] | 59 | # optional tls_ca_mode specifies where to find the cacert.pem for tls |
| 60 | # can be one of these: |
| 61 | # "cert_directory" - use the cacert.pem stored locally in cert_directory. |
| 62 | # this is the default if cacert.pem file is found |
| 63 | # |
| 64 | # "os_ca_bundle" - use the public ca_bundle provided by linux system. |
| 65 | # this is the default if cacert.pem file not found |
| 66 | # |
| 67 | # "do_not_verify" - special hack to turn off the verification by cacert and hostname |
| 68 | tls_ca_mode : "cert_directory" |
| 69 | # optional tls_wss_ca_mode specifies the same for the tls based web-socket |
| 70 | tls_wss_ca_mode : "cert_directory" |
Alex Shatov | 2f5b30a | 2018-04-18 11:09:49 -0400 | [diff] [blame] | 71 | # deploy_handler config |
| 72 | # changed from string "deployment_handler" in 2.3.1 to structure in 2.4.0 |
| 73 | deploy_handler : |
| 74 | # name of deployment-handler service used by policy-handler for logging |
| 75 | target_entity : "deployment_handler" |
| 76 | # url of the deployment-handler service for policy-handler to direct the policy-updates to |
| 77 | # - expecting dns to resolve the hostname deployment-handler to ip address |
| 78 | url : "http://deployment-handler:8188" |
Alex Shatov | ae60e47 | 2018-08-07 12:17:16 -0400 | [diff] [blame] | 79 | # limit the size of a single data segment for policy-update messages |
| 80 | # from policy-handler to deployment-handler in megabytes |
| 81 | max_msg_length_mb : 5 |
Alex Shatov | 55ef8b1 | 2018-08-14 13:02:50 -0400 | [diff] [blame] | 82 | query : |
| 83 | # optionally specify the tenant name for the cloudify under deployment-handler |
| 84 | # if not specified the "default_tenant" is used by the deployment-handler |
| 85 | cfy_tenant_name : "default_tenant" |
Alex Shatov | 1c2686a | 2018-09-14 17:32:11 -0400 | [diff] [blame] | 86 | # optional tls_ca_mode specifies where to find the cacert.pem or skip tls verification |
| 87 | # can be one of these: |
| 88 | # "cert_directory" - use the cacert.pem stored locally in cert_directory. |
| 89 | # this is the default if cacert.pem file is found |
| 90 | # |
| 91 | # "os_ca_bundle" - use the public ca_bundle provided by linux system. |
| 92 | # this is the default if cacert.pem file not found |
| 93 | # |
| 94 | # "do_not_verify" - special hack to turn off the verification by cacert and hostname |
| 95 | tls_ca_mode : "cert_directory" |