openSUSE/open-build-service

View on GitHub
src/api/config/options.yml.example

Summary

Maintainability
Test Coverage
#
# This file contains the default configuration of the Open Build Service API.
#

default: &default
  #read_only_hosts: [ "build.opensuse.org", "software.opensuse.org" ]

  # Make use of mod_xforward module in apache
  #use_xforward: true

  # Make use of X-Accel-Redirect for Nginx.
  # http://kovyrin.net/2010/07/24/nginx-fu-x-accel-redirect-remote
  #use_nginx_redirect: /internal_redirect

  # Set to true to verify XML reponses comply to the schema
  response_schema_validation: false

  # backend source server
  source_host: localhost
  # NOTE: the source_port setting is ignored and hardcoded for "test" and "development" env
  source_port: 5352
  #source_protocol: https
  #source_protocol_ssl_verification: false

  # api access to this instance
  frontend_host: localhost
  frontend_port: 443
  frontend_protocol: https

  extended_backend_log: false

  ### Public Access Configuration
  # Configure if this OBS is allowing people to browse it's content anonymously or not.
  # Disabling this also disables the interconnect feature.
  # Boolean: true or false
  # Default: true
  #
  # allow_anonymous: false

  ### Proxy Auth Configuration
  # Configure if this OBS is behind an Identity And Access Proxy (IAP). A
  # reverse proxy in front of this OBS that authenticates the user making the
  # request using an Identity Provider (IDP) and modifies the request headers
  # to include information about the authenticated user.
  #
  # Request Headers used by OBS:
  # - HTTP_X_USERNAME -> User.login
  # - HTTP_X_EMAIL -> User.email
  # - HTTP_X_FIRSTNAME + HTTP_X_LASTNAME -> User.realname
  #
  # The mode. Can be:
  # - :off to disable it
  # - :on to enable generic mode
  # - :mellon to enable apache mod_auth_mellon (SAML) mode
  # - :ichain to enable legacy ichain mode
  proxy_auth_mode: :off
  #
  # The URL we send people to log in.
  # *This setting is required for proxy auth to work.
  # proxy_auth_login_page: https://my-idp.example.com/login
  #
  # The URL we send people to log out.
  # *This setting is required for proxy auth to work.
  # proxy_auth_logout_page: https://my-idp.example.com/logout
  #
  # The URL we send people to sign up.
  # This setting is optional, if not set sign up is disabled.
  # proxy_auth_register_page: https://my-idp.example.com/signup
  #
  # The URL we send people to view their account.
  # This setting is optional, if not set account links are not shown.
  # proxy_auth_account_page: https://my-idp.example.com/myaccount

  ### Kerberos configuration

  # can be true or false
  kerberos_mode: false

  #kerberos_keytab: "/etc/krb5.keytab"
  #kerberos_service_principal: "HTTP/hostname.example.com@EXAMPLE.COM"
  #kerberos_realm: "EXAMPLE.COM"


  #schema_location

  #version

  # if set to false, the API will only fake writes to backend (useful in testing)
  # global_write_through: true

  # see http://colszowka.heroku.com/2011/02/22/setting-up-your-custom-hoptoad-notifier-endpoint-for-free-using-errbit-on-heroku
  #errbit_api_key: api_key_of_your_app
  #errbit_project_id:
  #errbit_host: installation.of.errbit.com

  ##################
  # LDAP options
  ##################

  #### WARNING: LDAP mode is not official supported by OBS!
  ldap_mode: :off
  #### WARNING: LDAP mode is not official supported by OBS!

  # LDAP Servers separated by ':'.
  # OVERRIDE with your company's ldap servers. Servers are picked randomly for
  # each connection to distribute load.
  ldap_servers: ldap1.mycompany.com:ldap2.mycompany.com

  # Max number of times to attempt to contact the LDAP servers
  ldap_max_attempts: 15

  # The attribute the user memberof is stored in
  ldap_user_memberof_attr: memberof

  # Perform the group_user search with the member attribute of group entry or memberof attribute of user entry
  # It depends on your ldap define
  # The attribute the group member is stored in
  ldap_group_member_attr: member

  # If you're using ldap_authenticate=:ldap then you should ensure that
  # ldaps is used to transfer the credentials over SSL or use the StartTLS extension
  ldap_ssl: :on

  # Use StartTLS extension of LDAP
  ldap_start_tls: :off

  # LDAP port defaults to 636 for ldaps and 389 for ldap and ldap with StartTLS
  #ldap_port:
  # Authentication with Windows 2003 AD requires
  ldap_referrals: :off

  # OVERRIDE with your company's ldap search base for the users who will use OBS
  ldap_search_base: OU=Organizational Unit,DC=Domain Component
  # Sam Account Name is the login name for LDAP
  ldap_search_attr: sAMAccountName
  # The attribute the users name is stored in
  ldap_name_attr: cn
  # The attribute the users email is stored in
  ldap_mail_attr: mail
  # Credentials to use to search ldap for the username
  ldap_search_user: ""
  ldap_search_auth: ""

  # By default any LDAP user can be used to authenticate to the OBS
  # In some deployments this may be too broad and certain criteria should
  # be met; eg group membership
  #
  # To allow only users in a specific group uncomment this line:
  #ldap_user_filter: (memberof=CN=group,OU=Groups,DC=Domain Component)
  #
  # Note this is joined to the normal selection like so:
  # (&(#{ldap_search_attr}=#{login})#{ldap_user_filter})
  # giving an ldap search of:
  #  (&(sAMAccountName=#{login})(memberof=CN=group,OU=Groups,DC=Domain Component))
  #
  # Also note that openLDAP must be configured to use the memberOf overlay

  # ldap_authenticate says how the credentials are verified:
  #   :ldap = attempt to bind to ldap as user using supplied credentials
  #   :local = compare the credentials supplied with those in
  #            LDAP using #{ldap_auth_attr} & #{ldap_auth_mech}
  #       if :local is used then ldap_auth_mech can be
  #       :md5
  #       :cleartext
  ldap_authenticate: :ldap
  ldap_auth_mech: :md5
  # This is a string
  ldap_auth_attr: userPassword

  # Whether to search group info from ldap, it does not take effect
  # when LDAP_GROUP_SUPPOR is not set.
  # Please also set below LDAP_GROUP_* configs correctly to ensure the operation works properly
  ldap_group_support: :off
  # OVERRIDE with your company's ldap search base for groups
  ldap_group_search_base: ou=OBSGROUPS,dc=EXAMPLE,dc=COM
  # The attribute the group name is stored in
  ldap_group_title_attr: cn
  # The value of the group objectclass attribute, leave it as "" if objectclass attr doesn't exist
  ldap_group_objectclass_attr: groupOfNames

  # Data to locate the database backup
  # Will be used in the script/import_database.rb script
  backup_server: foo.bar
  backup_user: tux
  backup_location: /home/tux
  backup_filename: obs_production.sql.xz
  backup_port: 22

  # Rabbitmq based message bus
  #
  # Prefix of the message bus rooting key
  # amqp_namespace: 'opensuse.obs'
  #
  # Connection options -> http://rubybunny.info/articles/connecting.html
  # amqp_options:
  #   host: rabbit.example.com
  #   port: 5672
  #   user: guest
  #   pass: guest
  #   vhost: vhost
  #
  # Exchange options -> http://rubybunny.info/articles/exchanges.html
  # amqp_exchange_name: pubsub
  # amqp_exchange_options:
  #  type: :topic
  #  auto_delete: false
  #  arguments:
  #    persistent: true
  #    passive: true

  # For sending application performance metrics to a influx time series database
  # influxdb_database: rails
  # influxdb_username: rails
  # influxdb_password: 123456
  # influxdb_hosts:
  #  - domain.tld
  # influxdb_port: 8086
  # influxdb_ssl: true
  # influxdb_retry: 10
  # influxdb_time_precision: ms

  # Disable the contribution graph on the user home page
  # contribution_graph: :off

  # Display sponsors above the footer on every page
  # sponsors:
  # - name: Sponsor ABC
  #   description: We are the best at ABC
  #   icon: sponsor_abc
  #   url: https://www.example.com

  # Lifetime for repositories published after accepting maintenance release requests.
  # Default: 2 days (172800 seconds).
  # maintenance_release_repositories_lifetime: 172800

  # Lifetime for notifications.
  # Default: 365 days (1 year).
  notifications_lifetime: 365

  # Prevent adding the user as a maintainer, in project creation, in this API endpoint:
  # PUT /source/:project/_meta
  # Former and default value is `false`: the user is added as a maintainer.
  prevent_adding_maintainer_in_project_creation_with_api: false

  # Limit results returned by this API endpoint:
  # GET /search/...
  # Return a 403 error if both:
  # - number of matched results surpass the limit
  # - the endpoint doesn't end in .../id
  # limit_for_search_results: 10000

production:
  <<: *default

test:
  <<: *default
  source_host: backend
  memcached_host: cache

development:
  <<: *default
  source_host: backend
  memcached_host: cache