-

# =========================
# Pulp Server Configuration
# =========================

# This settings in this file are all commented by default, and the commented settings show the
# default values that Pulp will choose if not specified here.

# -- Common Configuration -----------------------------------------------------

# = Database =
#
# Controls the behavior of MongoDB under Pulp's usage.
#
# name: name of the database to use
# seeds: comma-separated list of hostname:port of database replica seed hosts
# operation_retries: number of retries on database operations to
#     perform before giving up and reporting an error
#
# Authentication - If the username and the password keys have values provided,
# the pulp server will attempt to authenticate to the MongoDB server.  The
# username and password provided here will be used to authenticate with the
# database specified in the name field.
#
# username: The user name to use for authenticating to the MongoDB server
# password: The password to use for authenticating to the MongoDB server
# replica_set: uncomment and set this value to the name of replica set configured
#     in MongoDB, if one is in use

[database]
# name: pulp_database
# seeds: localhost:27017
# operation_retries: 2
# username: admin
# password: admin
# replica_set: replica_set_name


# = Server =
#
# Controls general Pulp web server behavior.
#
# server_name:      hostname the admin client and consumers should use when accessing
#                   the server; if not specified, this is defaulted to the server's hostname
# default_login:    default admin username of the Pulp server; this user will be
#                   the first time the server is started
# default_password: default password for admin when it is first created; this
#                   should be changed once the server is operational
# debugging_mode:   boolean; toggles Pulp's debugging capabilities
# log_level:        The desired logging level. Options are: CRITICAL, ERROR, WARNING, INFO, DEBUG,
#                   and NOTSET. Pulp will default to INFO.
[server]
server_name: sat61devg.example.com
# key_url: /pulp/gpg
# ks_url: /pulp/ks
default_login: admin
default_password: 9JQLe9eQ5Zutdgr3YXgAT4kJXx5a6ESy
# debugging_mode: false
# log_level: INFO


# = Authentication =
#
# Keys used for message authentication.
#
# rsa_key:
#   The RSA private key used for authentication.
# rsa_pub:
#   The RSA public key used for authentication.

[authentication]
# rsa_key = /etc/pki/pulp/rsa.key
# rsa_pub = /etc/pki/pulp/rsa_pub.key


# = Security =
#
# Controls aspects of the Pulp web server security.
#
# For production installations, it is recommended that a new CA certificate be
# generated for the signing of user and consumer certificates and configured
# using the following properties.
#
# cacert: full path to the CA certificate that will be used to sign consumer
#     and admin identification certificates; this must match the value of
#     SSLCACertificateFile in /etc/httpd/conf.d/pulp.conf
#
# cakey: path to the private key for the above CA certificate
#
# ssl_ca_certificate: full path to the CA certificate used to sign the Pulp
#     server's SSL certificate; consumers will use this to verify the
#     Pulp server's SSL certificate during the SSL handshake
#
# user_cert_expiration: number of days a user certificate is valid
#
# consumer_cert_expiration: number of days a consumer certificate is valid
#

[security]
cacert:  /etc/pki/katello/certs/katello-default-ca.crt
cakey:   /etc/pki/katello/private/katello-default-ca.key
ssl_ca_certificate: /etc/pki/pulp/ssl_ca.crt
# user_cert_expiration: 7
# consumer_cert_expiration: 3650
# serial_number_path: /var/lib/pulp/sn.dat


# -- Advanced Configuration ---------------------------------------------------

# = Consumer History =
#
# Controls the storage of recorded consumer events.
#
# lifetime: number of days to store consumer events; events older
#     than this will be purged; set to -1 to disable

[consumer_history]
# lifetime: 180


# = Data Reaping =
#
# Controls the frequency in which reporting data is automatically removed from
# the database. Database entries that exceed the given thresholds will be
# deleted from the database when the reaper runs.
#
# reaper_interval: float; time in days between checks for old data in
#     the database
#
# archived_calls: float; time in days to store archived calls
#
# consumer_history: float; time in days to store consumer history events
#
# repo_sync_history: float; time in days to store repository sync history events
#
# repo_publish_history: float; time in days to store repository publish history
#     events
#
# repo_group_publish_history: float; time in days to store repository group
#     publish history events

[data_reaping]
# reaper_interval: 0.25
# archived_calls: 0.5
# consumer_history: 60
# repo_sync_history: 60
# repo_publish_history: 60
# repo_group_publish_history: 60


# = LDAP =
#
# Uncomment the below section with appropriate values to use an external LDAP
# server for user authentication.
#
# enabled: boolean; controls whether or not LDAP authentication is enabled
#
# uri: url of LDAP server
#
# base: location in the directory from which the LDAP search begins
#
# tls: boolean; controls whether or not to use TLS security
#
# default_role: Id of the role to assign LDAP users to by default. This is
#     optional. This role must first be created on the Pulp server. If
#     default_role is not set or doesn't exist, LDAP users are given same
#     default permissions as local users.
#
# filter: directive to set more restrictive LDAP filter to limit the LDAP
#     users who can authenticate to Pulp

# Deprecated! Please use apache's mod_authnz_ldap to do preauthentication. See
# pulp's user guide for details.
# [ldap]
# enabled: true # are you sure? This has been deprecated.
# uri: ldap://localhost
# base: dc=localhost
# tls: no
# default_role: <role-id>
# filter: (gidNumber=200)


# = OAuth =
#
# Uncomment the below section with appropriate values to use OAuth
# authentication.
#
# enabled: boolean; controls whether OAuth authentication is enabled
#
# oauth_key: string; key to enable OAuth style authentication
#
# oauth_secret: string; shared secret that can be used for OAuth style
#     authentication

[oauth]
enabled: true
oauth_key: katello
oauth_secret: LqDyQVroWMgrnYrZ3hJuiGDQJiDsNPqe

# = Messaging =
#
# Controls Pulp's configuration of QPID for remote messaging.
#
# url: the url used to contact the broker in the form
#     <transport>://<host>:<port>; transport can be 'tcp' or 'ssl'
#
# transport: The type of broker you are connecting to. May be "qpid" or "amqplib" (for RabbitMQ).
#            Defaults to qpid.
#
# cacert: full path to PEM encoded CA certificate file, used when Pulp connects
#     to a broker over SSL
#
# clientcert: full path to PEM encoded file containing both the private key and
#     certificate Pulp should present to the broker to be authenticated
#
# auth_enabled:
#     Message authentication enabled flag.
#
# topic_exchange: name of the exchange to use; must be a topic exchange;
#     defaults to "amq.topic", which is a default exchange that
#     is guaranteed to exist on the broker
#
# The format for the following timeouts is <start>:<duration>. The <start>
# timeout is the time to wait for the consumer to acknowledge and
# begin handling the request before indicating a timeout has occurred. The
# <duration> timeout is how long the consumer is allowed to act on the request
# before the server considers the entire request timed out.  The default unit is
# seconds.  The numeric value may be specified with an optional unit suffix.
# Supported suffixes are: s=seconds, m=minutes, h=hours, d=days.
#

[messaging]
url: ssl://localhost:5671
cacert: /etc/pki/katello/certs/katello-default-ca.crt
clientcert: /etc/pki/katello/qpid_client_striped.crt
transport: qpid
auth_enabled: false
# topic_exchange: 'amq.topic'


# = Asynchronous Tasks =
#
# Controls Pulp's Celery settings.
#
# broker_url: 		  A URL to a broker that Celery can use to queue tasks. For example, to
#                     configure Celery with a Qpid backend, set broker_url to:
#
#                       qpid://<username>:<password>@<hostname>:<port>/
#
#                     For RabbitMQ you can use the following broker_url style:
#
#                       amqp://<username>:<password>@<hostname>:<port>/<vhost>
#
# celery_require_ssl:  Whether or not Celery should use SSL when connecting to the message broker.
#                      This should be "true", or "false".
# cacert:			   A path to the CA certificate that should be used to authenticate the broker.
# keyfile:			   A path to the private key that should be used with the client certificate
#                      when connecting to the broker.
# certfile:			   A path to the client certificate that should be used when connecting to the
#                      broker.
[tasks]
broker_url: qpid://sat61devg.example.com:5671
celery_require_ssl: true
cacert: /etc/pki/katello/certs/katello-default-ca.crt
keyfile:
certfile: /etc/pki/katello/qpid_client_striped.crt


# = Email =
#
# Settings that allow the system to send email. It is recommended that
# the system relay through a local MTA on the machine. Pulp does not retry in
# case of error, so it is important to have a real MTA available locally.
#
# If there is a need to test email sending, it is recommended to run this:
#   $ python -m smtpd -n -c DebuggingServer localhost:1025
# which will write each message to stdout.
#
# host: host name of the MTA pulp should relay through
#
# port: destination port to connect on
#
# from: the "From" address of each email the system sends
#
# enabled: booleanl controls whether or not emails will be sent

[email]
# host: localhost
# port: 25
# from: no-reply@your.domain
# enabled: false