| # Licensed to the Apache Software Foundation (ASF) under one or more contributor |
| # license agreements; and to You under the Apache License, Version 2.0. |
| |
| mode: deploy |
| prompt_user: true |
| openwhisk_home: "{{ lookup('env', 'OPENWHISK_HOME') | default(playbook_dir ~ '/..', true) }}" |
| openwhisk_cli_home: "{{ lookup('env', 'OPENWHISK_CLI') | default(openwhisk_home ~ '/../incubator-openwhisk-cli', true) }}" |
| openwhisk_build_dir: "{{ openwhisk_home }}/build" |
| exclude_logs_from: [] |
| |
| # This whisk_api_localhost_name_default is used to configure nginx to permit vanity URLs for web actions |
| # for local deployment. For a public deployment, the specific environment group vars should define |
| # whisk_api_host_name; this is available to actions and hence must resolve from inside an action container |
| # specific to the deployment (i.e., it may be an IP address rather than a hostname in some cases). |
| # For a local deployment, use whisk_api_localhost_name. For a deployment which requires |
| # different name resolution between the whisk_api_host_name and the whisk_api_local_host_name, both should |
| # be defined so that the nginx configuration for the server name reflects the public facing naming (of the |
| # edge router) even if it is different from the API host available to the actions. The precedence order for |
| # configuring nginx and the SSL certificate generation is: |
| # whisk_api_localhost_name (first) |
| # whisk_api_host_name (second) |
| # whisk_api_localhost_name_default (last) |
| whisk_api_localhost_name_default: "localhost" |
| |
| # Type of your environment. |
| # If you want to deploy everything on your local machine use 'local'. |
| # If you use a docker-machine on a mac use 'docker-machine' |
| # If you want to deploy Openwhisk to other machines use 'distributed' |
| environmentInformation: |
| type: "{{ environment_type | default('local') }}" |
| |
| hosts_dir: "{{ inventory_dir | default(env_hosts_dir) }}" |
| |
| whisk: |
| version: |
| date: "{{ansible_date_time.iso8601}}" |
| |
| ## |
| # configuration parameters related to support runtimes (see whisk.core.entity.ExecManifest for schema of the manifest). |
| # briefly the parameters are: |
| # |
| # runtimes_registry: optional registry (with trailing slack) where to pull docker images from for runtimes and backbox images |
| # |
| # skip_pull_runtimes: this will skip pulling the images to the invoker (images must exist there somehow) |
| # |
| # runtimes_manifest: set of language runtime families grouped by language (e.g., nodejs, python) and blackbox images to pre-pull |
| # |
| # runtimes_bypass_pull_for_local_images: optional, if true, allow images with a prefix that matches |
| # {{ runtimes_local_image_prefix }} to skip docker pull in invoker even if the image is not part of the blackbox set |
| # |
| runtimesManifest: "{{ runtimes_manifest | default(lookup('file', openwhisk_home ~ '/ansible/files/runtimes.json') | from_json) }}" |
| |
| limits: |
| invocationsPerMinute: "{{ limit_invocations_per_minute | default(60) }}" |
| concurrentInvocations: "{{ limit_invocations_concurrent | default(30) }}" |
| concurrentInvocationsSystem: "{{ limit_invocations_concurrent_system | default(5000) }}" |
| firesPerMinute: "{{ limit_fires_per_minute | default(60) }}" |
| sequenceMaxLength: "{{ limit_sequence_max_length | default(50) }}" |
| |
| # port means outer port |
| controller: |
| dir: |
| become: "{{ controller_dir_become | default(false) }}" |
| confdir: "{{ config_root_dir }}/controller" |
| basePort: 10001 |
| heap: "{{ controller_heap | default('2g') }}" |
| arguments: "{{ controller_arguments | default('') }}" |
| blackboxFraction: "{{ controller_blackbox_fraction | default(0.10) }}" |
| instances: "{{ groups['controllers'] | length }}" |
| localBookkeeping: "{{ controller_local_bookkeeping | default('false') }}" |
| akka: |
| provider: cluster |
| cluster: |
| basePort: 8000 |
| host: "{{ groups['controllers'] | map('extract', hostvars, 'ansible_host') | list }}" |
| bindPort: 2551 |
| # at this moment all controllers are seed nodes |
| seedNodes: "{{ groups['controllers'] | map('extract', hostvars, 'ansible_host') | list }}" |
| loadbalancer: |
| spi: "{{ controller_loadbalancer_spi | default('') }}" |
| loglevel: "{{ controller_loglevel | default(whisk_loglevel) | default('INFO') }}" |
| protocol: "{{ controllerProtocolForSetup }}" |
| ssl: |
| cn: openwhisk-controllers |
| cert: "{{ controller_ca_cert | default('controller-openwhisk-server-cert.pem') }}" |
| key: "{{ controller_key | default('controller-openwhisk-server-key.pem') }}" |
| clientAuth: "{{ controller_client_auth | default('true') }}" |
| storeFlavor: PKCS12 |
| keystore: |
| password: "{{ controllerKeystorePassword }}" |
| path: "/conf/{{ controllerKeystoreName }}" |
| # keystore and truststore are the same as long as controller and nginx share the certificate |
| truststore: |
| password: "{{ controllerKeystorePassword }}" |
| path: "/conf/{{ controllerKeystoreName }}" |
| extraEnv: "{{ controller_extraEnv | default({}) }}" |
| |
| # move controller protocol outside to not evaluate controller variables during execution of setup.yml |
| controllerProtocolForSetup: "{{ controller_protocol | default('https') }}" |
| controllerKeystoreName: "{{ controllerKeyPrefix }}openwhisk-keystore.p12" |
| controllerKeyPrefix: "controller-" |
| controllerKeystorePassword: openwhisk |
| |
| jmx: |
| basePortController: 15000 |
| rmiBasePortController: 16000 |
| basePortInvoker: 17000 |
| rmiBasePortInvoker: 18000 |
| user: "{{ jmxuser | default('jmxuser') }}" |
| pass: "{{ jmxuser | default('jmxpass') }}" |
| jvmCommonArgs: "-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=/root/jmxremote.password -Dcom.sun.management.jmxremote.access.file=/root/jmxremote.access" |
| enabled: "{{ jmxremote_enabled | default('true') }}" |
| |
| transactions: |
| header: "{{ transactions_header | default('X-Request-ID') }}" |
| |
| registry: |
| confdir: "{{ config_root_dir }}/registry" |
| |
| kafka: |
| ssl: |
| client_authentication: required |
| keystore: |
| name: kafka-keystore.jks |
| password: openwhisk |
| cipher_suites: |
| - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
| - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
| - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| protocol: "{{ kafka_protocol_for_setup }}" |
| version: 0.11.0.1 |
| port: 9072 |
| advertisedPort: 9093 |
| ras: |
| port: 8093 |
| heap: "{{ kafka_heap | default('1g') }}" |
| replicationFactor: "{{ kafka_replicationFactor | default((groups['kafkas']|length)|int) }}" |
| # adapt this param for production deployments depending on the number of kafka consumers |
| networkThreads: "{{ kafka_network_threads | default(3) }}" |
| |
| kafka_connect_string: "{% set ret = [] %}\ |
| {% for host in groups['kafkas'] %}\ |
| {{ ret.append( hostvars[host].ansible_host + ':' + ((kafka.advertisedPort+loop.index-1)|string) ) }}\ |
| {% endfor %}\ |
| {{ ret | join(',') }}" |
| |
| kafka_protocol_for_setup: "{{ kafka_protocol | default('PLAINTEXT') }}" |
| |
| zookeeper: |
| version: 3.4 |
| port: 2181 |
| |
| zookeeper_connect_string: "{% set ret = [] %}\ |
| {% for host in groups['zookeepers'] %}\ |
| {{ ret.append( hostvars[host].ansible_host + ':' + ((zookeeper.port+loop.index-1)|string) ) }}\ |
| {% endfor %}\ |
| {{ ret | join(',') }}" |
| |
| invokerHostnameFromMap: "{{ groups['invokers'] | map('extract', hostvars, 'ansible_host') | list | first }}" |
| invokerHostname: "{{ invokerHostnameFromMap | default(inventory_hostname) }}" |
| |
| invoker: |
| dir: |
| become: "{{ invoker_dir_become | default(false) }}" |
| confdir: "{{ config_root_dir }}/invoker" |
| port: 12001 |
| heap: "{{ invoker_heap | default('2g') }}" |
| arguments: "{{ invoker_arguments | default('') }}" |
| numcore: 2 |
| coreshare: 2 |
| busyThreshold: "{{ invoker_busy_threshold | default(16) }}" |
| instances: "{{ groups['invokers'] | length }}" |
| # Specify if it is allowed to deploy more than 1 invoker on a single machine. |
| allowMultipleInstances: "{{ invoker_allow_multiple_instances | default(false) }}" |
| # Specify if it should use docker-runc or docker to pause/unpause containers |
| useRunc: "{{ invoker_use_runc | default(true) }}" |
| docker: |
| become: "{{ invoker_docker_become | default(false) }}" |
| loglevel: "{{ invoker_loglevel | default(whisk_loglevel) | default('INFO') }}" |
| jmxremote: |
| jvmArgs: "{% if inventory_hostname in groups['invokers'] %} |
| {{ jmx.jvmCommonArgs }} -Djava.rmi.server.hostname={{ invokerHostname }} -Dcom.sun.management.jmxremote.rmi.port={{ jmx.rmiBasePortInvoker + groups['invokers'].index(inventory_hostname) }} -Dcom.sun.management.jmxremote.port={{ jmx.basePortInvoker + groups['invokers'].index(inventory_hostname) }} |
| {% endif %}" |
| extraEnv: "{{ invoker_extraEnv | default({}) }}" |
| |
| userLogs: |
| spi: "{{ userLogs_spi | default('whisk.core.containerpool.logging.DockerToActivationLogStoreProvider') }}" |
| |
| nginx: |
| confdir: "{{ config_root_dir }}/nginx" |
| dir: |
| become: "{{ nginx_dir_become | default(false) }}" |
| version: "{{ nginx_version | default('1.13') }}" |
| port: |
| http: 80 |
| api: 443 |
| adminportal: 8443 |
| ssl: |
| path: "{{ openwhisk_home }}/ansible/roles/nginx/files" |
| cert: "openwhisk-server-cert.pem" |
| key: "openwhisk-server-key.pem" |
| password_enabled: false |
| password_file: "ssl.pass" |
| client_ca_cert: "{{ openwhisk_client_ca_cert | default('openwhisk-client-ca-cert.pem') }}" |
| verify_client: "{{ nginx_ssl_verify_client | default('off') }}" |
| wpn: |
| router: "{{ nginx_wpn_router | default('1') }}" |
| special_users: "{{ nginx_special_users | default('[]') }}" |
| |
| # These are the variables to define all database relevant settings. |
| # The authKeys are the users, that are initially created to use OpenWhisk. |
| # The keys are stored in ansible/files and will be inserted into the authentication databse. |
| # The key db.whisk.actions is the name of the database where all artifacts of the user are stored. These artifacts are actions, triggers, rules and packages. |
| # The key db.whisk.activation is the name of the database where all activations are stored. |
| # The key db.whisk.auth is the name of the authentication database where all keys of all users are stored. |
| # The db_prefix is defined for each environment on its own. The CouchDb credentials are also defined for each environment on its own. |
| db: |
| instances: "{{ groups['db'] | length }}" |
| authkeys: |
| - guest |
| - whisk.system |
| whisk: |
| actions: "{{ db_prefix }}whisks" |
| activations: "{{ db_prefix }}activations" |
| auth: "{{ db_prefix }}subjects" |
| |
| apigateway: |
| port: |
| api: 9000 |
| api_secure: 443 |
| mgmt: 9001 |
| version: 0.9.10 |
| |
| redis: |
| version: 3.2 |
| port: 6379 |
| |
| linux: |
| version: 4.4.0-31 |
| |
| couchdb: |
| version: 2.1 |
| |
| docker: |
| # The user to install docker for. Defaults to the ansible user if not set. This will be the user who is able to run |
| # docker commands on a machine setup with prereq_build.yml |
| #user: |
| image: |
| prefix: "{{ docker_image_prefix | default('whisk') }}" |
| tag: "{{ docker_image_tag | default('latest') }}" |
| version: 1.12.0-0~trusty |
| storagedriver: overlay |
| port: 4243 |
| restart: |
| policy: always |
| pull: |
| retries: 10 |
| delay: 10 |
| |
| sdk: |
| dir: |
| become: "{{ sdk_dir_become | default(false) }}" |
| |
| cli: |
| path: "{{ openwhisk_home }}/bin/wsk" |
| dir: |
| become: "{{ cli_dir_become | default(false) }}" |
| |
| # The default name space is /whisk.system. The catalog namespace must begin with a slash "/". |
| catalog_namespace: "/whisk.system" |
| |
| # The catalog_auth_key is used to determine the secret key to authenticate the openwhisk service. |
| # The value for this variable can be set to either the secret key itself or the file, which |
| # saves the secret key. |
| # By default, we take the key from {{ openwhisk_home }}/ansible/files/auth.whisk.system. |
| catalog_auth_key: "{{ openwhisk_home }}/ansible/files/auth.whisk.system" |
| |
| # The catalog_repos is used to specify all the catalog names and repository URLs, |
| # so that openwhisk knows where to download the catalog and install them. The key |
| # specifies the catalog name and the url saves the URL of the repository. The location |
| # specifies the location to save the code of the catalog. The version specifies the hash |
| # of the commit to be cloned. If it is omit or set to HEAD, the latest commit will be |
| # selected. The repo_update specifies whether to retrieve new revisions from the origin |
| # repository and the default value is yes, meaning that it will retrieve the new |
| # revisions. The keys url and location are mandatory and the keys version and repo_update |
| # are optional. To add a new repository, please follow the template by adding: |
| # |
| # catalog_repos: |
| # ... |
| # <catalog-name>: |
| # url: <URL of repository>, mandatory. |
| # location: <local location to save the catalog>, mandatory. |
| # version: <hash of the commit>, optional, default to HEAD. |
| # repo_update: <whether to retrieve new revisions from the origin repository>, |
| # optional, default to no. Yes means to retrieve the new revisions, and |
| # no means not to retrieve the new revisions. |
| # |
| catalog_repos: |
| openwhisk-catalog: |
| url: https://github.com/apache/incubator-openwhisk-catalog.git |
| # Set the local location as the same level as openwhisk home, but it can be changed. |
| location: "{{ openwhisk_home }}/../openwhisk-catalog" |
| version: "HEAD" |
| repo_update: "no" |
| |
| # The openwhisk_cli is used to determine how to install the OpenWhisk CLI. The |
| # installation_mode can be specified into two modes: remote and local. |
| # The mode remote means to download the available binaries from the releases page |
| # of the official openwhisk cli repository. The mode local means to build the binaries |
| # locally in a directory and get them from the local directory. The default value |
| # for openwhisk is local. |
| # |
| # The name specifies the package name of the binaries in remote mode. |
| # |
| # The dest_name specifies the package name of the binaries in Nginx in remote mode. |
| # |
| # The location specifies the official website where Openwhisk CLI is hosted in |
| # remote mode or location to save the binaries of the OpenWhisk CLI in local mode. |
| |
| openwhisk_cli_tag: "{{ cli_tag | default(lookup('ini', 'git_tag section=openwhisk-cli file=' ~ openwhisk_home ~ '/ansible/files/package-versions.ini')) }}" |
| openwhisk_cli: |
| installation_mode: "{{ cli_installation_mode | default(lookup('env', 'OPENWHISK_CLI_MODE')) | default('remote', true) }}" |
| archive_name: OpenWhisk_CLI |
| nginxdir: |
| name: "{{ nginx.confdir }}/cli/go/download" |
| become: "{{ cli_dir_become | default(false) }}" |
| local: |
| location: "{{ openwhisk_cli_home }}/build" |
| remote: |
| location: "https://github.com/apache/incubator-openwhisk-cli/releases/download/{{ openwhisk_cli_tag }}" |
| |
| # Controls access to log directories |
| logs: |
| dir: |
| become: "{{ logs_dir_become | default(false) }}" |
| |
| # Metrics Configuration |
| metrics: |
| log: |
| enabled: "{{ metrics_log | default(true) }}" |
| kamon: |
| enabled: "{{ metrics_kamon | default(false) }}" |
| tags: "{{ metrics_kamon_tags | default(false) }}" |
| host: "{{ metrics_kamon_statsd_host | default('') }}" |
| port: "{{ metrics_kamon_statsd_port | default('8125') }}" |
| |
| user_events: "{{ user_events_enabled | default(false) }}" |
