-
-
Notifications
You must be signed in to change notification settings - Fork 747
/
st2.conf.sample
392 lines (361 loc) · 18.7 KB
/
st2.conf.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
# Sample config which contains all the available options which the corresponding descriptions
# Note: This file is automatically generated using tools/config_gen.py - DO NOT UPDATE MANUALLY
[action_sensor]
# List of execution statuses for which a trigger will be emitted.
emit_when = succeeded,failed,timeout,canceled,abandoned # comma separated list allowed here.
# Whether to enable or disable the ability to post a trigger on action.
enable = True
[actionrunner]
# Internal pool size for dispatcher used by regular actions.
actions_pool_size = 60
# How long to wait for process (in seconds) to exit after receiving shutdown signal.
exit_still_active_check = 300
# This will enable the graceful shutdown and wait for ongoing requests to complete until exit_timeout.
graceful_shutdown = True
# location of the logging.conf file
logging = /etc/st2/logging.actionrunner.conf
# List of pip options to be passed to "pip install" command when installing pack dependencies into pack virtual environment.
pip_opts = # comma separated list allowed here.
# Python binary which will be used by Python actions.
python_binary = /usr/bin/python3
# Default log level to use for Python runner actions. Can be overriden on invocation basis using "log_level" runner parameter.
python_runner_log_level = DEBUG
# Time interval between subsequent queries to check running executions.
still_active_check_interval = 2
# True to store and stream action output (stdout and stderr) in real-time.
stream_output = True
# Buffer size to use for real time action output streaming. 0 means unbuffered 1 means line buffered, -1 means system default, which usually means fully buffered and any other positive value means use a buffer of (approximately) that size
stream_output_buffer_size = -1
# Virtualenv binary which should be used to create pack virtualenvs.
virtualenv_binary = /usr/bin/virtualenv
# List of virtualenv options to be passsed to "virtualenv" command that creates pack virtualenv.
virtualenv_opts = --system-site-packages # comma separated list allowed here.
# Internal pool size for dispatcher used by workflow actions.
workflows_pool_size = 40
[api]
# List of origins allowed for api, auth and stream
allow_origin = http://127.0.0.1:3000 # comma separated list allowed here.
# SameSite attribute value for the auth-token cookie we set on successful authentication from st2web. If you don't have a specific reason (e.g. supporting old browsers) we recommend you set this value to strict. Setting it to "unset" will default to the behavior in previous releases and not set this SameSite header value.
# Valid values: strict, lax, none, unset
auth_cookie_same_site = lax
# True if secure flag should be set for "auth-token" cookie which is set on successful authentication via st2web. You should only set this to False if you have a good reason to not run and access StackStorm behind https proxy.
auth_cookie_secure = True
# None
debug = False
# StackStorm API server host
host = 127.0.0.1
# location of the logging.conf file
logging = /etc/st2/logging.api.conf
# True to mask secrets in the API responses
mask_secrets = True
# Maximum limit (page size) argument which can be specified by the user in a query string.
max_page_size = 100
# StackStorm API server port
port = 9101
[auth]
# Common option - options below apply in both scenarios - when auth service is running as a WSGI
# service (e.g. under Apache or Nginx) and when it's running in the standalone mode.
# Base URL to the API endpoint excluding the version
api_url = None
# Specify to enable debug mode.
debug = False
# Enable authentication middleware.
enable = True
# Path to the logging config.
logging = /etc/st2/logging.auth.conf
# Authentication mode (proxy,standalone)
mode = standalone
# Service token ttl in seconds.
service_token_ttl = 86400
# Enable Single Sign On for GUI if true.
sso = False
# Single Sign On backend to use when SSO is enabled. Available backends: noop, saml2.
sso_backend = noop
# JSON serialized arguments which are passed to the SSO backend.
sso_backend_kwargs = None
# Access token ttl in seconds.
token_ttl = 86400
# Standalone mode options - options below only apply when auth service is running in the standalone
# mode.
# Authentication backend to use in a standalone mode. Available backends: flat_file, ldap.
backend = flat_file
# JSON serialized arguments which are passed to the authentication backend in a standalone mode.
backend_kwargs = None
# Path to the SSL certificate file. Only used when "use_ssl" is specified.
cert = /etc/apache2/ssl/mycert.crt
# Host on which the service should listen on.
host = 127.0.0.1
# Path to the SSL private key file. Only used when "use_ssl" is specified.
key = /etc/apache2/ssl/mycert.key
# Port on which the service should listen on.
port = 9100
# Specify to enable SSL / TLS mode
use_ssl = False
[content]
# A URL pointing to the pack index. StackStorm Exchange is used by default. Use a comma-separated list for multiple indexes if you want to get other packs discovered with "st2 pack search".
index_url = https://index.stackstorm.org/v1/index.json # comma separated list allowed here.
# User group that can write to packs directory.
pack_group = st2packs
# Paths which will be searched for integration packs.
packs_base_paths = None
# Paths which will be searched for runners.
# DEPRECATED FOR REMOVAL since 3.0.0: Option unused since StackStorm v3.0.0
runners_base_paths = None
# Path to the directory which contains system packs.
system_packs_base_path = /opt/stackstorm/packs
# Path to the directory which contains system runners.
# DEPRECATED FOR REMOVAL since 3.0.0: Option unused since StackStorm v3.0.0
system_runners_base_path = /opt/stackstorm/runners
[coordination]
# TTL for the lock if backend suports it.
lock_timeout = 60
# True to register StackStorm services in a service registry.
service_registry = False
# Endpoint for the coordination server.
url = None
[database]
# Specifies database authentication mechanisms. By default, it use SCRAM-SHA-1 with MongoDB 3.0 and later, MONGODB-CR (MongoDB Challenge Response protocol) for older servers.
authentication_mechanism = None
# Comma delimited string of compression algorithms to use for transport level compression. Actual algorithm will then be decided based on the algorithms supported by the client and the server. For example: zstd. Defaults to no compression. Keep in mind that zstd is only supported with MongoDB 4.2 and later.
compressors =
# Connection retry backoff max (seconds).
connection_retry_backoff_max_s = 10
# Backoff multiplier (seconds).
connection_retry_backoff_mul = 1
# Connection retry total time (minutes).
connection_retry_max_delay_m = 3
# Connection and server selection timeout (in ms).
connection_timeout = 3000
# name of database
db_name = st2
# host of db server
host = 127.0.0.1
# password for db login
password = None
# port of db server
port = 27017
# Specifies whether a certificate is required from the other side of the connection, and whether it will be validated if provided
# DEPRECATED FOR REMOVAL since 3.9.0: Use tls_allow_invalid_certificates with the following: The 'optional' and 'required' values are equivalent to tls_allow_invalid_certificates=False. The 'none' value is equivalent to tls_allow_invalid_certificates=True. This option is a needlessly more complex version of tls_allow_invalid_certificates.
# Valid values: none, optional, required
ssl_cert_reqs = None
# Certificate file used to identify the localconnection
# DEPRECATED FOR REMOVAL since 3.9.0: Use tls_certificate_key_file with a path to a file containing the concatenation of the files from ssl_keyfile and ssl_certfile. This option is ignored by pymongo.
ssl_certfile = None
# Private keyfile used to identify the local connection against MongoDB.
# DEPRECATED FOR REMOVAL since 3.9.0: Use tls_certificate_key_file with a path to a file containing the concatenation of the files from ssl_keyfile and ssl_certfile. This option is ignored by pymongo.
ssl_keyfile = None
# If True and `ssl_cert_reqs` is not None, enables hostname verification
# DEPRECATED FOR REMOVAL since 3.9.0: Use tls_allow_invalid_hostnames with the opposite value from this option.
ssl_match_hostname = True
# Create the connection to mongodb using TLS.
# This option has a deprecated alias: ssl
tls = False
# Specifies whether MongoDB is allowed to pass an invalid certificate. This defaults to False to have security by default. Only temporarily set to True if you need to debug the connection.
tls_allow_invalid_certificates = False
# If True and `tlsAllowInvalidCertificates` is True, disables hostname verification. This defaults to False to have security by default. Only temporarily set to True if you need to debug the connection.
tls_allow_invalid_hostnames = False
# ca_certs file contains a set of concatenated CA certificates, which are used to validate certificates passed from MongoDB.
# This option has a deprecated alias: ssl_ca_certs
tls_ca_file = None
# Client certificate used to identify the local connection against MongoDB. The certificate file must contain one or both of private key and certificate. Supplying separate files for private key (ssl_keyfile) and certificate (ssl_certfile) is no longer supported. If encrypted, pass the password or passphrase in tls_certificate_key_file_password.
tls_certificate_key_file = None
# The password or passphrase to decrypt the file in tls_certificate_key_file. Only set this if tls_certificate_key_file is encrypted.
tls_certificate_key_file_password = None
# username for db login
username = None
# Compression level when compressors is set to zlib. Valid values are -1 to 9. Defaults to 6.
zlib_compression_level =
[garbagecollector]
# Action execution output objects (ones generated by action output streaming) older than this value (days) will be automatically deleted. Defaults to 7.
action_executions_output_ttl = 7
# Action executions and related objects (live actions, action output objects) older than this value (days) will be automatically deleted. Defaults to None (disabled).
action_executions_ttl = None
# How often to check database for old data and perform garbage collection.
collection_interval = 600
# Location of the logging configuration file.
logging = /etc/st2/logging.garbagecollector.conf
# Set to True to perform garbage collection on Inquiries (based on the TTL value per Inquiry)
purge_inquiries = False
# Rule enforcements older than this value (days) will be automatically deleted. Defaults to None (disabled).
rule_enforcements_ttl = None
# How long to wait / sleep (in seconds) between collection of different object types.
sleep_delay = 2
# Workflow task execution output objects (generated by action output streaming) older than this value (days) will be automatically deleted. Defaults to None (disabled).
task_executions_ttl = None
# Tokens that expired over this value (days) will be automatically deleted. Defaults to None (disabled).
tokens_ttl = None
# Trace objects older than this value (days) will be automatically deleted. Defaults to None (disabled).
traces_ttl = None
# Trigger instances older than this value (days) will be automatically deleted. Defaults to None (disabled).
trigger_instances_ttl = None
# Workflow execution output objects (generated by action output streaming) older than this value (days) will be automatically deleted. Defaults to None (disabled).
workflow_executions_ttl = None
[keyvalue]
# Allow encryption of values in key value stored qualified as "secret".
enable_encryption = True
# Location of the symmetric encryption key for encrypting values in kvstore. This key should be in JSON and should've been generated using st2-generate-symmetric-crypto-key tool.
encryption_key_path =
[log]
# Exclusion list of loggers to omit.
excludes = # comma separated list allowed here.
# True to mask secrets in the log files.
mask_secrets = True
# Blacklist of additional attribute names to mask in the log messages.
mask_secrets_blacklist = # comma separated list allowed here.
# Controls if stderr should be redirected to the logs.
redirect_stderr = False
[messaging]
# URL of all the nodes in a messaging service cluster.
cluster_urls = # comma separated list allowed here.
# Compression algorithm to use for compressing the payloads which are sent over the message bus. Defaults to no compression.
# Valid values: zstd, lzma, bz2, gzip, None
compression = None
# How many times should we retry connection before failing.
connection_retries = 10
# How long should we wait between connection retries.
connection_retry_wait = 10000
# Login method to use (AMQPLAIN, PLAIN, EXTERNAL, etc.).
login_method = None
# Use SSL / TLS to connect to the messaging server. Same as appending "?ssl=true" at the end of the connection URL string.
ssl = False
# ca_certs file contains a set of concatenated CA certificates, which are used to validate certificates passed from RabbitMQ.
ssl_ca_certs = None
# Specifies whether a certificate is required from the other side of the connection, and whether it will be validated if provided.
# Valid values: none, optional, required
ssl_cert_reqs = None
# Certificate file used to identify the local connection (client).
ssl_certfile = None
# Private keyfile used to identify the local connection against RabbitMQ.
ssl_keyfile = None
# URL of the messaging server.
url = amqp://guest:guest@127.0.0.1:5672//
[metrics]
# Driver type for metrics collection.
driver = noop
# Destination server to connect to if driver requires connection.
host = 127.0.0.1
# Destination port to connect to if driver requires connection.
port = 8125
# Optional prefix which is prepended to all the metric names. Comes handy when you want to submit metrics from various environment to the same metric backend instance.
prefix = None
# Randomly sample and only send metrics for X% of metric operations to the backend. Default value of 1 means no sampling is done and all the metrics are sent to the backend. E.g. 0.1 would mean 10% of operations are sampled.
sample_rate = 1
[notifier]
# Location of the logging configuration file.
logging = /etc/st2/logging.notifier.conf
[packs]
# Enable/Disable support for pack common libs. Setting this config to ``True`` would allow you to place common library code for sensors and actions in lib/ folder in packs and use them in python sensors and actions. See https://docs.stackstorm.com/reference/sharing_code_sensors_actions.html for details.
enable_common_libs = False
[rulesengine]
# Location of the logging configuration file.
logging = /etc/st2/logging.rulesengine.conf
[scheduler]
# How long GC to search back in minutes for orphaned scheduled actions
execution_scheduling_timeout_threshold_min = 1
# How often (in seconds) to look for zombie execution requests before rescheduling them.
gc_interval = 10
# Location of the logging configuration file.
logging = /etc/st2/logging.scheduler.conf
# The size of the pool used by the scheduler for scheduling executions.
pool_size = 10
# The maximum number of attempts that the scheduler retries on error.
retry_max_attempt = 10
# The number of milliseconds to wait in between retries.
retry_wait_msec = 3000
# How long (in seconds) to sleep between each action scheduler main loop run interval.
sleep_interval = 0.1
[schema]
# URL to the JSON schema draft.
draft = http://json-schema.org/draft-04/schema#
# Version of JSON schema to use.
version = 4
[sensorcontainer]
# location of the logging.conf file
logging = /etc/st2/logging.sensorcontainer.conf
# Provider of sensor node partition config.
partition_provider = name:default
# name of the sensor node.
sensor_node_name = sensornode1
# Run in a single sensor mode where parent process exits when a sensor crashes / dies. This is useful in environments where partitioning, sensor process life cycle and failover is handled by a 3rd party service such as kubernetes.
single_sensor_mode = False
[ssh_runner]
# How partial success of actions run on multiple nodes should be treated.
allow_partial_failure = False
# Max number of parallel remote SSH actions that should be run. Works only with Paramiko SSH runner.
max_parallel_actions = 50
# Location of the script on the remote filesystem.
remote_dir = /tmp
# Path to the ssh config file.
ssh_config_file_path = ~/.ssh/config
# Max time in seconds to establish the SSH connection.
ssh_connect_timeout = 60
# Use the .ssh/config file. Useful to override ports etc.
use_ssh_config = False
[stream]
# Specify to enable debug mode.
debug = False
# Send empty message every N seconds to keep connection open
heartbeat = 25
# StackStorm stream API server host
host = 127.0.0.1
# location of the logging.conf file
logging = /etc/st2/logging.stream.conf
# StackStorm API stream, server port
port = 9102
[syslog]
# Syslog facility level.
facility = local7
# Host for the syslog server.
host = 127.0.0.1
# Port for the syslog server.
port = 514
# Transport protocol to use (udp / tcp).
protocol = udp
[system]
# Base path to all st2 artifacts.
base_path = /opt/stackstorm
# Enable debug mode.
debug = False
# True to validate action and runner output against schema.
validate_output_schema = False
# True to validate parameters for non-system trigger types when creatinga rule. By default, only parameters for system triggers are validated.
validate_trigger_parameters = True
# True to validate payload for non-system trigger types when dispatching a trigger inside the sensor. By default, only payload for system triggers is validated.
validate_trigger_payload = True
[system_user]
# SSH private key for the system user.
ssh_key_file = /home/stanley/.ssh/stanley_rsa
# Default system user.
user = stanley
[timer]
# Specify to enable timer service. NOTE: Deprecated in favor of timersengine.enable
enable = None
# Timezone pertaining to the location where st2 is run. NOTE: Deprecated in favor of timersengine.local_timezone
local_timezone = None
# Location of the logging configuration file. NOTE: Deprecated in favor of timersengine.logging
logging = None
[timersengine]
# Specify to enable timer service.
enable = True
# Timezone pertaining to the location where st2 is run.
local_timezone = America/Los_Angeles
# Location of the logging configuration file.
logging = /etc/st2/logging.timersengine.conf
[webui]
# Base https URL to access st2 Web UI. This is used to construct history URLs that are sent out when chatops is used to kick off executions.
webui_base_url = https://localhost
[workflow_engine]
# How long to wait for process (in seconds) to exit after receiving shutdown signal.
exit_still_active_check = 300
# Max seconds to allow workflow execution be idled before it is identified as orphaned and cancelled by the garbage collector. A value of zero means the feature is disabled. This is disabled by default.
gc_max_idle_sec = 0
# Location of the logging configuration file.
logging = /etc/st2/logging.workflowengine.conf
# Max jitter interval to smooth out retries.
retry_max_jitter_msec = 1000
# Max time to stop retrying.
retry_stop_max_msec = 60000
# Interval inbetween retries.
retry_wait_fixed_msec = 1000
# Time interval between subsequent queries to check executions handled by WFE.
still_active_check_interval = 2