-
Notifications
You must be signed in to change notification settings - Fork 11
/
configuration.yml
124 lines (116 loc) · 3.53 KB
/
configuration.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
#This config is YAML based and supports plush templating,
# https://github.com/gobuffalo/plush
#
# For support configuration resources, see,
# https://github.com/bmc-toolbox/bmclib/blob/master/cfgresources/
#
syslog:
server: ldaps.example.com
port: 514
enable: true #defaults to false if not specified
user:
- name: Administrator
# lookup_secret - requires 'secretsFromVault: true' in bmcbutler.yml
# note: double quotes required!
password: <%= lookup_secret("Administrator") %>
role: admin
enable: true
- name: Ops
password: <%= lookup_secret("Ops") %>
role: user
enable: false
ldap:
server: ldaps.example.com
port: 636
enable: true
baseDn: ou=People,dc=example,dc=com
userAttribute: uid
groupAttribute: memberUid
searchFilter: objectClass=posixAccount
ldapGroups:
- bin:
path: /path/to/your/script.sh
executor: /bin/bash/for/example
- groups:
- role: admin
group: cn=<%= vendor %>,cn=bmcAdmins
groupBaseDn: ou=Group,dc=example,dc=com #the baseDn to lookup group in.
enable: true
- role: user
group: cn=<%= vendor%>,cn=bmcUsers
groupBaseDn: ou=Group,dc=example,dc=com #the baseDn to lookup group in.
enable: false
- role: user
group: RemoveGroup
enable: false
# Declares configuration for HTTPS certs
# If any of the params below differ in the current cert,
# a CSR is generated on the BMC and passed to the signer (see bmcbutler.yml)
# the signed cert is then uploaded to the BMC.
httpsCert:
renewBeforeExpiry: 720h # accepts a time.Duration string
# by default only the cert expiry period is checked, to check other attributes list them here.
validateAttributes:
- commonName
- organizationName
- subjectAltName
attributes:
commonName: <%= serial %>.bmc.example.com #serial as part of CN
organizationName: Acme B.V.
organizationUnit: foo
locality: Amsterdam
stateName: Noord-Holland
countryCode: NL
email: [email protected]
subjectAltName: <%= ipaddress %> # IPAddress as SAN.
ntp:
enable: true
server1: ntp0.example.com
server2: ntp1.example.com
server3: ntp3.example.com
timezone: CET
network:
dnsFromDhcp: true #bmc to get its DNS address from dhcp
sshEnable: true
sshPort: 22
solEnable: true # SerialOverLan
ipmiEnable: true
ipmiPort: 623
dhcpEnable: true
kvmMediaPort: 17988 # KVM Virtual Media Port
kvmConsolePort: 17990 # KVM console port
DDNSEnable: false # dynamic dns
#an example of setting the license key based on vendor.
<%= if ( vendor == "hp" ) { %>
license:
key: ASDFKLAMDNARALKNBA123
<% } %>
#Bios configuration, declared per vendor, model.
bios:
dell:
idrac9bios:
PxeDev1EnDis: Enabled
PxeDev2EnDis: Disabled
PxeDev3EnDis: Disabled
PxeDev4EnDis: Disabled
#Chassis setup configuration to be declared only if various asset attributes match.
<%= if ( assetType == "chassis" &&
extra["company"] == "skynet" &&
extra["state"] == "needs-setup" &&
extra["liveAssets"] == "" ) { %>
setupChassis:
ipmiOverLan:
enable: true #applies to all blades in a chassis
flexAddress:
enable: false #applies to all blades in a chassis
dynamicPower:
enable: false #DPSE on M1000e, Dynamic power for the c7000.
addBladeBmcAdmins: #Add/Mod admin accounts to all blades in the chassis.
- name: Administrator
password: foobar123
- name: barbar
password: barbar
removeBladeBmcUsers: #Remove admin accounts from all blades in the chassis.
- name: olduser
- name: foo
<% } %>