...
Directive | Description | Example | Mandatory |
---|---|---|---|
Repository Variables | |||
repo.[0..9]* | A Git repository that will be fetched on the target host being installed. Note: Repos are processed in order according to the numeric value. | [repo.1] [repo.2] | Yes. At least one repo is required. |
REPO_URI | The URI of the repository that will be exported. e.g. git archive --remote=${REPO_URI} ${theBranch} | tar -x -C /tmp/ | git@bitbucket.org:zibernetics/zinet.git | Yes |
REPO_BRANCH | The branch that will be fetched | master | No. If not provided the HEAD branch of the Git repo will be exported |
REPO_ROOT | The root of the git repo that will be fetched. e.g. git archive --remote=${REPO_URI} ${theBranch}:${REPO_ROOT} | tar -x -C /tmp/ | prod | No. If not provided the root of the Git branch will be exported. |
Global Variables | |||
global | A single entry containing global variables that are applied to each server entry. | [global] | Yes |
ziD | The ziNet identifier for the site. | zId=zibernetics | Yes |
ziTenantId | The tenant ID used by the OpenDJ module and SSHLDAP module. | ziTenantId=acme | Yes |
CA_HOST_NAME | The host name for the server running the CA | CA_HOST_NAME=ca.ops.zibernetics.io | No. If not defined, then server certificate requests can't be signed. i.e. no certs for SSL config. |
REPO_KEY_SCAN | The host name for the Git server. This will be used to perform a ssh-keyscan so that unattended Git exports can be performed. | REPO_KEY_SCAN=bitbucket.org | No |
DIR_MGR_DN | The OpenDJ module Directory Manager DN | DIR_MGR_DN="cn=Directory Manager" | Yes |
SEARCH_DOMAINS | A list of DNS search domains to configure servers with quoted and separated by spaces if more than one search domain. | SEARCH_DOMAINS="ops.zibernetics.io "zibernetics.io" | No |
Server Variables | |||
server.[0..9]* | A server that will be setup with one or more ziNet module. The directives See below for a individual module are heredirectives. | [server.10] | Yes |
Core ziNet Module Directives | |||
INSTALL_ZINET | Install the core ziNet module | INSTALL_ZINET=[ true | false ] | YesNo |
ZINET_TARGET_HOSTNAME | The host name to configure the server with. Note: DNS should be able to resolve the server. This merely set the Linux host name. | ZINET_TARGET_HOSTNAME=prod-itops1.ops.zibernetics.io | NoYes |
ZINET_STORAGE_DEV | This is a file system device attached to the server that may be used for storing ziNet configuration (i.e. the will be formatted using ext4. | ZINET_STORAGE_DEV=/dev/xvdb | No |
ZINET_DATA_DIR= | This is the mount point that will be used to symlink ziNet configuration directory in /etc/${ziD} directory). This must be known and is specific for the server being installed. When used in conjunction with ZINET_STORAGE_DEV, this has the effect of using a separate partition to hold all ziNet data. | ZINET_STORAGEDATA_DEV=/dev/xvdbNoDIR=/data | No |
ziNet PKI Module Directives | |||
INSTALL_PKI | Install the ziNet PKI Module | INSTALL_PKI=[ true | false ] | No |
PKI_CERT_SUBJECT_ALIASES | A comma separated list of DNS aliases to use when creating the SSL certificate request. | PKI_CERT_SUBJECT_ALIASES=prod-itops1,prod-ca1.ops.zibernetics.io,prod-ca1 | No |
PKI_CERT_SUBJECTNAME | The SSL certificate subject name to use when creating the SSL certificate request. | PKI_CERT_SUBJECTNAME=prod-itops1.ops.zibernetics.io | No. If not provided then the value returned from $(hostname) will be used. |
INSTALL_CA | Install a CA on the target server. | INSTALL_CA==[ true | false ] | No. However, at least one CA server should have been setup previously and identified with the global variable: CA_HOST_NAME |
zinet SSHLDAP Module Directives | |||
Script: deploy-sshldap.sh
...