| # |
| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to You under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| |
| mode: deploy |
| lean: false |
| prompt_user: true |
| openwhisk_home: "{{ lookup('env', 'OPENWHISK_HOME') | default(playbook_dir ~ '/..', true) }}" |
| openwhisk_cli_home: "{{ lookup('env', 'OPENWHISK_CLI') | default(openwhisk_home ~ '/../openwhisk-cli', true) }}" |
| exclude_logs_from: [] |
| |
| # This whisk_api_localhost_name_default is used to configure nginx to permit vanity URLs for web actions |
| # for local deployment. For a public deployment, the specific environment group vars should define |
| # whisk_api_host_name; this is available to actions and hence must resolve from inside an action container |
| # specific to the deployment (i.e., it may be an IP address rather than a hostname in some cases). |
| # For a local deployment, use whisk_api_localhost_name. For a deployment which requires |
| # different name resolution between the whisk_api_host_name and the whisk_api_local_host_name, both should |
| # be defined so that the nginx configuration for the server name reflects the public facing naming (of the |
| # edge router) even if it is different from the API host available to the actions. The precedence order for |
| # configuring nginx and the SSL certificate generation is: |
| # whisk_api_localhost_name (first) |
| # whisk_api_host_name (second) |
| # whisk_api_localhost_name_default (last) |
| whisk_api_localhost_name_default: "localhost" |
| |
| # Type of your environment. |
| # If you want to deploy everything on your local machine use 'local'. |
| # If you use a docker-machine on a mac use 'docker-machine' |
| # If you want to deploy Openwhisk to other machines use 'distributed' |
| environmentInformation: |
| type: "{{ environment_type | default('local') }}" |
| |
| hosts_dir: "{{ inventory_dir | default(env_hosts_dir) }}" |
| |
| whisk: |
| version: |
| date: "{{ansible_date_time.iso8601}}" |
| feature_flags: |
| require_api_key_annotation: "{{ require_api_key_annotation | default(true) }}" |
| |
| ## |
| # configuration parameters related to support runtimes (see org.apache.openwhisk.core.entity.ExecManifest for schema of the manifest). |
| # briefly the parameters are: |
| # |
| # runtimes_registry: optional registry (with trailing slash) where to pull docker images from for default runtimes (in manifest) |
| # user_images_registry: optional registry (with trailing slash) where to pull docker images from for blackbox images |
| # |
| # skip_pull_runtimes: this will skip pulling the images to the invoker (images must exist there somehow) |
| # |
| # runtimes_manifest: set of language runtime families grouped by language (e.g., nodejs, python) and blackbox images to pre-pull |
| # |
| # runtimes_bypass_pull_for_local_images: optional, if true, allow images with a prefix that matches |
| # {{ runtimes_local_image_prefix }} to skip docker pull in invoker even if the image is not part of the blackbox set |
| # |
| |
| manifestfile: "{{ manifest_file | default('/ansible/files/runtimes.json') }}" |
| runtimesManifest: "{{ runtimes_manifest | default(lookup('file', openwhisk_home ~ '{{ manifestfile }}') | from_json) }}" |
| |
| limits: |
| invocationsPerMinute: "{{ limit_invocations_per_minute | default(60) }}" |
| concurrentInvocations: "{{ limit_invocations_concurrent | default(30) }}" |
| firesPerMinute: "{{ limit_fires_per_minute | default(60) }}" |
| sequenceMaxLength: "{{ limit_sequence_max_length | default(50) }}" |
| |
| # Moved here to avoid recursions. Please do not use outside of controller-dict. |
| __controller_ssl_keyPrefix: "controller-" |
| __controller_blackbox_fraction: 0.10 |
| |
| # port means outer port |
| controller: |
| dir: |
| become: "{{ controller_dir_become | default(false) }}" |
| confdir: "{{ config_root_dir }}/controller" |
| basePort: 10001 |
| heap: "{{ controller_heap | default('2g') }}" |
| arguments: "{{ controller_arguments | default('') }}" |
| managedFraction: "{{ controller_managed_fraction | default(1.0 - (controller_blackbox_fraction | default(__controller_blackbox_fraction))) }}" |
| blackboxFraction: "{{ controller_blackbox_fraction | default(__controller_blackbox_fraction) }}" |
| timeoutFactor: "{{ controller_timeout_factor | default(2) }}" |
| timeoutAddon: "{{ controller_timeout_addon | default('1 m') }}" |
| instances: "{{ groups['controllers'] | length }}" |
| akka: |
| provider: cluster |
| cluster: |
| basePort: 8000 |
| host: "{{ groups['controllers'] | map('extract', hostvars, 'ansible_host') | list }}" |
| bindPort: 2551 |
| # at this moment all controllers are seed nodes |
| seedNodes: "{{ groups['controllers'] | map('extract', hostvars, 'ansible_host') | list }}" |
| loadbalancer: |
| spi: "{{ controller_loadbalancer_spi | default('') }}" |
| authentication: |
| spi: "{{ controller_authentication_spi | default('') }}" |
| loglevel: "{{ controller_loglevel | default(whisk_loglevel) | default('INFO') }}" |
| entitlement: |
| spi: "{{ controller_entitlement_spi | default('') }}" |
| protocol: "{{ controller_protocol | default('https') }}" |
| ssl: |
| cn: openwhisk-controllers |
| keyPrefix: "{{ __controller_ssl_keyPrefix }}" |
| storeFlavor: PKCS12 |
| clientAuth: "{{ controller_client_auth | default('true') }}" |
| cert: "{{ __controller_ssl_keyPrefix }}openwhisk-server-cert.pem" |
| key: "{{ __controller_ssl_keyPrefix }}openwhisk-server-key.pem" |
| keystore: |
| password: "openwhisk" |
| name: "{{ __controller_ssl_keyPrefix }}openwhisk-keystore.p12" |
| extraEnv: "{{ controller_extraEnv | default({}) }}" |
| |
| jmx: |
| basePortController: 15000 |
| rmiBasePortController: 16000 |
| basePortInvoker: 17000 |
| rmiBasePortInvoker: 18000 |
| user: "{{ jmxuser | default('jmxuser') }}" |
| pass: "{{ jmxuser | default('jmxpass') }}" |
| jvmCommonArgs: "-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=/home/owuser/jmxremote.password -Dcom.sun.management.jmxremote.access.file=/home/owuser/jmxremote.access" |
| enabled: "{{ jmxremote_enabled | default('true') }}" |
| |
| transactions: |
| header: "{{ transactions_header | default('X-Request-ID') }}" |
| |
| registry: |
| confdir: "{{ config_root_dir }}/registry" |
| |
| kafka: |
| ssl: |
| client_authentication: required |
| keystore: |
| name: kafka-keystore.jks |
| password: openwhisk |
| cipher_suites: |
| - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
| - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
| - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| protocols: |
| - TLSv1.2 |
| protocol: "{{ kafka_protocol_for_setup }}" |
| version: 0.11.0.1 |
| port: 9072 |
| advertisedPort: 9093 |
| ras: |
| port: 8093 |
| heap: "{{ kafka_heap | default('1g') }}" |
| replicationFactor: "{{ kafka_replicationFactor | default((groups['kafkas']|length)|int) }}" |
| offsetsTopicReplicationFactor: "{{ kafka_offsetsTopicReplicationFactor | default(kafka_replicationFactor) | default((groups['kafkas']|length)|int) }}" |
| # adapt this param for production deployments depending on the number of kafka consumers |
| networkThreads: "{{ kafka_network_threads | default(3) }}" |
| |
| kafka_connect_string: "{% set ret = [] %}\ |
| {% for host in groups['kafkas'] %}\ |
| {{ ret.append( hostvars[host].ansible_host + ':' + ((kafka.advertisedPort+loop.index-1)|string) ) }}\ |
| {% endfor %}\ |
| {{ ret | join(',') }}" |
| |
| kafka_protocol_for_setup: "{{ kafka_protocol | default('PLAINTEXT') }}" |
| |
| zookeeper: |
| version: 3.4 |
| port: 2181 |
| |
| zookeeper_connect_string: "{% set ret = [] %}\ |
| {% for host in groups['zookeepers'] %}\ |
| {{ ret.append( hostvars[host].ansible_host + ':' + ((zookeeper.port+loop.index-1)|string) ) }}\ |
| {% endfor %}\ |
| {{ ret | join(',') }}" |
| |
| invokerHostnameFromMap: "{{ groups['invokers'] | map('extract', hostvars, 'ansible_host') | list | first }}" |
| invokerHostname: "{{ invokerHostnameFromMap | default(inventory_hostname) }}" |
| |
| # Moved here to avoid recursions. Please do not use outside of invoker-dict. |
| __invoker_ssl_keyPrefix: "invoker-" |
| |
| invoker: |
| dir: |
| become: "{{ invoker_dir_become | default(false) }}" |
| confdir: "{{ config_root_dir }}/invoker" |
| port: 12001 |
| heap: "{{ invoker_heap | default('2g') }}" |
| arguments: "{{ invoker_arguments | default('') }}" |
| userMemory: "{{ invoker_user_memory | default('2048m') }}" |
| # Specify if it is allowed to deploy more than 1 invoker on a single machine. |
| allowMultipleInstances: "{{ invoker_allow_multiple_instances | default(false) }}" |
| # Specify if it should use docker-runc or docker to pause/unpause containers |
| useRunc: "{{ invoker_use_runc | default(true) }}" |
| docker: |
| become: "{{ invoker_docker_become | default(false) }}" |
| runcdir: "{{ invoker_runcdir | default('/run/docker/runtime-runc/moby') }}" |
| loglevel: "{{ invoker_loglevel | default(whisk_loglevel) | default('INFO') }}" |
| jmxremote: |
| jvmArgs: "{% if inventory_hostname in groups['invokers'] %} |
| {{ jmx.jvmCommonArgs }} -Djava.rmi.server.hostname={{ invokerHostname }} -Dcom.sun.management.jmxremote.rmi.port={{ jmx.rmiBasePortInvoker + groups['invokers'].index(inventory_hostname) }} -Dcom.sun.management.jmxremote.port={{ jmx.basePortInvoker + groups['invokers'].index(inventory_hostname) }} |
| {% endif %}" |
| extraEnv: "{{ invoker_extraEnv | default({}) }}" |
| protocol: "{{ invoker_protocol | default('https') }}" |
| ssl: |
| cn: "openwhisk-invokers" |
| keyPrefix: "{{ __invoker_ssl_keyPrefix }}" |
| storeFlavor: "PKCS12" |
| clientAuth: "{{ invoker_client_auth | default('true') }}" |
| cert: "{{ __invoker_ssl_keyPrefix }}openwhisk-server-cert.pem" |
| key: "{{ __invoker_ssl_keyPrefix }}openwhisk-server-key.pem" |
| keystore: |
| password: "{{ invoker_keystore_password | default('openwhisk') }}" |
| name: "{{ __invoker_ssl_keyPrefix }}openwhisk-keystore.p12" |
| |
| userLogs: |
| spi: "{{ userLogs_spi | default('org.apache.openwhisk.core.containerpool.logging.DockerToActivationLogStoreProvider') }}" |
| |
| nginx: |
| confdir: "{{ config_root_dir }}/nginx" |
| htmldir: "{{ ui_path | default(false) }}" |
| dir: |
| become: "{{ nginx_dir_become | default(false) }}" |
| version: "{{ nginx_version | default('1.15') }}" |
| port: |
| http: 80 |
| https: 443 |
| ssl: |
| path: "{{ nginx_ssl_path | default(playbook_dir +'/roles/nginx/files') }}" |
| cert: "{{ nginx_ssl_server_cert | default('openwhisk-server-cert.pem') }}" |
| key: "{{ nginx_ssl_server_key | default('openwhisk-server-key.pem') }}" |
| client_ca_cert: "{{ nginx_ssl_client_ca_cert | default('openwhisk-client-ca-cert.pem') }}" |
| verify_client: "{{ nginx_ssl_verify_client | default('off') }}" |
| password_file: "{{ nginx_ssl_password_file | default(false) }}" |
| wpn: |
| router: "{{ nginx_wpn_router | default('1') }}" |
| special_users: "{{ nginx_special_users | default('[]') }}" |
| |
| # These are the variables to define all database relevant settings. |
| # The authKeys are the users, that are initially created to use OpenWhisk. |
| # The keys are stored in ansible/files and will be inserted into the authentication databse. |
| # The key db.whisk.actions is the name of the database where all artifacts of the user are stored. These artifacts are actions, triggers, rules and packages. |
| # The key db.whisk.activation is the name of the database where all activations are stored. |
| # The key db.whisk.auth is the name of the authentication database where all keys of all users are stored. |
| # The db_prefix is defined for each environment on its own. The CouchDb credentials are also defined for each environment on its own. |
| db: |
| provider: "{{ db_provider | default(lookup('ini', 'db_provider section=db_creds file={{ playbook_dir }}/db_local.ini')) }}" |
| protocol: "{{ db_protocol | default(lookup('ini', 'db_protocol section=db_creds file={{ playbook_dir }}/db_local.ini')) }}" |
| port: "{{ db_port | default(lookup('ini', 'db_port section=db_creds file={{ playbook_dir }}/db_local.ini')) }}" |
| host: "{{ db_host | default(lookup('ini', 'db_host section=db_creds file={{ playbook_dir }}/db_local.ini')) }}" |
| persist_path: "{{ db_persist_path | default(false) }}" |
| instances: "{{ groups['db'] | length }}" |
| authkeys: |
| - guest |
| - whisk.system |
| whisk: |
| actions: "{{ db_prefix }}whisks" |
| activations: "{{ db_prefix }}activations" |
| auth: "{{ db_prefix }}subjects" |
| credentials: |
| admin: |
| user: "{{ db_username | default(lookup('ini', 'db_username section=db_creds file={{ playbook_dir }}/db_local.ini')) }}" |
| pass: "{{ db_password | default(lookup('ini', 'db_password section=db_creds file={{ playbook_dir }}/db_local.ini')) }}" |
| controller: |
| user: "{{ db_controller_user | default(lookup('ini', 'db_username section=controller file={{ playbook_dir }}/db_local.ini')) }}" |
| pass: "{{ db_controller_pass | default(lookup('ini', 'db_password section=controller file={{ playbook_dir }}/db_local.ini')) }}" |
| invoker: |
| user: "{{ db_invoker_user | default(lookup('ini', 'db_username section=invoker file={{ playbook_dir }}/db_local.ini')) }}" |
| pass: "{{ db_invoker_pass | default(lookup('ini', 'db_password section=invoker file={{ playbook_dir }}/db_local.ini')) }}" |
| |
| apigateway: |
| port: |
| api: 9000 |
| mgmt: 9001 |
| # Default to 'nightly', which tracks the head revision of the master branch of apigateway's gitrepo |
| version: nightly |
| |
| redis: |
| version: 4.0 |
| port: 6379 |
| password: openwhisk |
| |
| linux: |
| version: 4.4.0-31 |
| |
| couchdb: |
| version: 2.3 |
| |
| docker: |
| # The user to install docker for. Defaults to the ansible user if not set. This will be the user who is able to run |
| # docker commands on a machine setup with prereq_build.yml |
| #user: |
| image: |
| prefix: "{{ docker_image_prefix | default('whisk') }}" |
| tag: "{{ docker_image_tag | default('latest') }}" |
| version: 1.12.0-0~trusty |
| storagedriver: overlay |
| port: 4243 |
| restart: |
| policy: always |
| pull: |
| retries: 10 |
| delay: 10 |
| timezone: "{{ docker_timezone | default('UTC') }}" |
| |
| cli: |
| path: "{{ openwhisk_home }}/bin/wsk" |
| |
| # The default name space is /whisk.system. The catalog namespace must begin with a slash "/". |
| catalog_namespace: "/whisk.system" |
| |
| # The catalog_auth_key is used to determine the secret key to authenticate the openwhisk service. |
| # The value for this variable can be set to either the secret key itself or the file, which |
| # saves the secret key. |
| # By default, we take the key from ansible/files/auth.whisk.system. |
| catalog_auth_key: "{{ playbook_dir }}/files/auth.whisk.system" |
| |
| # The catalog_repos is used to specify all the catalog names and repository URLs, |
| # so that openwhisk knows where to download the catalog and install them. The key |
| # specifies the catalog name and the url saves the URL of the repository. The location |
| # specifies the location to save the code of the catalog. The version specifies the hash |
| # of the commit to be cloned. If it is omit or set to HEAD, the latest commit will be |
| # selected. The repo_update specifies whether to retrieve new revisions from the origin |
| # repository and the default value is yes, meaning that it will retrieve the new |
| # revisions. The keys url and location are mandatory and the keys version and repo_update |
| # are optional. To add a new repository, please follow the template by adding: |
| # |
| # catalog_repos: |
| # ... |
| # <catalog-name>: |
| # url: <URL of repository>, mandatory. |
| # location: <local location to save the catalog>, mandatory. |
| # version: <hash of the commit>, optional, default to HEAD. |
| # repo_update: <whether to retrieve new revisions from the origin repository>, |
| # optional, default to no. Yes means to retrieve the new revisions, and |
| # no means not to retrieve the new revisions. |
| # |
| catalog_repos: |
| openwhisk-catalog: |
| url: https://github.com/apache/openwhisk-catalog.git |
| # Set the local location as the same level as openwhisk home, but it can be changed. |
| location: "{{ openwhisk_home }}/../openwhisk-catalog" |
| version: "HEAD" |
| repo_update: "no" |
| |
| # The openwhisk_cli is used to determine how to install the OpenWhisk CLI. The |
| # installation_mode can be specified into two modes: remote and local. |
| # The mode remote means to download the available binaries from the releases page |
| # of the official openwhisk cli repository. The mode local means to build the binaries |
| # locally in a directory and get them from the local directory. The default value |
| # for openwhisk is local. |
| # |
| # The name specifies the package name of the binaries in remote mode. |
| # |
| # The dest_name specifies the package name of the binaries in Nginx in remote mode. |
| # |
| # The location specifies the official website where Openwhisk CLI is hosted in |
| # remote mode or location to save the binaries of the OpenWhisk CLI in local mode. |
| |
| openwhisk_cli_tag: "{{ cli_tag | default(lookup('ini', 'git_tag section=openwhisk-cli file=' ~ openwhisk_home ~ '/ansible/files/package-versions.ini')) }}" |
| openwhisk_cli: |
| installation_mode: "{{ cli_installation_mode | default(lookup('env', 'OPENWHISK_CLI_MODE')) | default('remote', true) }}" |
| archive_name: OpenWhisk_CLI |
| nginxdir: |
| name: "{{ nginx.confdir }}/cli/go/download" |
| become: "{{ cli_dir_become | default(false) }}" |
| local: |
| location: "{{ openwhisk_cli_home }}/build" |
| remote: |
| location: "https://github.com/apache/openwhisk-cli/releases/download/{{ openwhisk_cli_tag }}" |
| |
| # Controls access to log directories |
| logs: |
| dir: |
| become: "{{ logs_dir_become | default(false) }}" |
| |
| # Metrics Configuration |
| metrics: |
| log: |
| enabled: "{{ metrics_log | default(true) }}" |
| kamon: |
| enabled: "{{ metrics_kamon | default(false) }}" |
| tags: "{{ metrics_kamon_tags | default(false) }}" |
| host: "{{ metrics_kamon_statsd_host | default('') }}" |
| port: "{{ metrics_kamon_statsd_port | default('8125') }}" |
| |
| user_events: "{{ user_events_enabled | default(false) }}" |