-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsample-nv-config-manager.ini
More file actions
186 lines (159 loc) · 6.48 KB
/
sample-nv-config-manager.ini
File metadata and controls
186 lines (159 loc) · 6.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
# =============================================================================
# NVIDIA Config Manager Configuration
# =============================================================================
# This is a sample unified nv-config-manager.ini showing the proposed consolidated structure.
# Sections are grouped by: shared infrastructure first, then service-specific.
#
# Naming convention for endpoints:
# *_service = Internal k8s endpoint (http://service:port) - for service-to-service
# *_url = External gateway URL (https://hostname) - for user links, nautobot, etc.
# =============================================================================
# =============================================================================
# SHARED INFRASTRUCTURE
# =============================================================================
# These sections are used by multiple services and should be consistent.
[nautobot]
server = https://nautobot.example.com
# Optional: URL for user-facing device links (e.g. config-store API metadata). Defaults to server when unset.
# Set when Nautobot is reached internally (e.g. in-cluster) but users open it via a different public URL.
# public_url = https://nautobot.example.com
token = <secret>
# SSL verification: true (default), false (disable), or path to CA cert file
verify = true
cache_refresh_interval = 300
cache_ttl = 3600
[redis]
host = redis.nv-config-manager.svc.cluster.local
port = 6379
db = 0
lock_db = 1
ssl = false
socket_timeout = 5
socket_connect_timeout = 5
password = <secret>
[nats]
server = nats://nv-config-manager@nats:4222
queue = nv-config-manager
auth_method = password
password = <secret>
# Alternative: JWT auth
# auth_method = JWT
# creds_path = /etc/nats/nats.creds
local = false
config_manager_stream = kiwi
config_manager_subjects = kiwi.nautobotchange,kiwi.devicechange,kiwi.workflow.result
render_change_stream = kiwi
render_change_subject = kiwi.nautobotchange
device_change_stream = kiwi
device_change_subject = kiwi.devicechange
archive_stream = kiwi
archive_subject = kiwi.workflow.result
nautobot_stream = nautobot
nautobot_subjects = nautobot
nautobot_subject = nautobot
[aggregate]
is_aggregate_environment = false
[slack]
bot_token = <secret>
channel_name = nv-config-manager-alerts
# =============================================================================
# CONFIG-STORE SERVICE
# =============================================================================
# Database configuration for config-store's own postgres
[config_store]
database_host = cluster-config-store-rw.nv-config-manager.svc.cluster.local
database_port = 5432
database = nv_config_manager_config_store
database_user = <secret>
database_password = <secret>
# API configuration
[config_store.api]
# CORS origins allowed to make cross-origin requests with credentials
# Comma-separated list of allowed origins (e.g., "https://config-manager.example.com")
cors_origins = https://config-manager.example.com
# Client configuration for other services to call config-store
[config_store.client]
# Internal endpoint for service-to-service calls (within cluster)
api_service = http://nv-config-manager-config-store-service-api:9000
# External URL for user-facing links (markdown, nautobot references, etc.)
api_url = https://config-store.config-manager.example.com
ui_url = https://config-manager.example.com
use_internal_endpoint = false
verify = true
# =============================================================================
# RENDER SERVICE
# =============================================================================
[render]
# Internal endpoint for service-to-service calls
api_service = http://nv-config-manager-render-service-api:9000
# External URL for user-facing links
api_url = https://render.config-manager.example.com
use_internal_endpoint = false
# =============================================================================
# TEMPORAL / WORKFLOW SERVICE
# =============================================================================
[temporal]
# Internal: Temporal gRPC frontend (for workers, SDK clients)
grpc_service = temporal-frontend-service.nv-config-manager.svc.cluster.local:7233
# Internal: NVIDIA Config Manager Temporal API (for internal service calls)
api_service = http://nv-config-manager-temporal-api:9000
# External: Gateway URLs for user-facing links
api_url = https://workflow.config-manager.example.com
ui_url = https://config-manager.example.com
use_internal_endpoint = false
[temporal.elasticsearch]
local = false
server = https://elasticsearch.example.com
domain = nv-config-manager
# -----------------------------------------------------------------
# Temporal API Configuration (REST API for workflow operations)
# -----------------------------------------------------------------
[temporal.api]
# CORS origins allowed to make cross-origin requests with credentials
# Comma-separated list of allowed origins (e.g., "https://config-manager.example.com")
cors_origins = https://config-manager.example.com
# =============================================================================
# DEVICE / NETWORK CREDENTIALS
# =============================================================================
[device]
username = <secret>
password = <secret>
[redfish]
lenovo_default_user = <secret>
lenovo_default_password = <secret>
lenovo_config_manager_password = <secret>
bluefield_default_user = <secret>
bluefield_default_password = <secret>
bluefield_config_manager_password = <secret>
[jira]
base_url = https://yourcompany.atlassian.net
api_token = <secret>
# =============================================================================
# DHCP SERVICE
# =============================================================================
[dhcp]
# Internal endpoint for service-to-service calls
api_service = http://dhcp-internal:9000
# External URL for user-facing links
api_url = https://dhcp.config-manager.example.com
[dhcp.kea]
server = dhcp-internal
port = 8000
[dhcp.lease_db]
local = false
host = cluster-dhcp-rw.nv-config-manager.svc.cluster.local
port = 5432
database = kea_dhcp
user = dhcp
password = <secret>
# =============================================================================
# ZTP SERVICE
# =============================================================================
[ztp]
# Internal endpoint for service-to-service calls
api_service = http://nv-config-manager-network-ztp-api:9000
# External URL for user-facing links
api_url = https://ztp.config-manager.example.com
# User domain for workflow context
user_domain = prod.config-manager.example.com
use_internal_endpoint = false