Autonomous Identity

Appendix B: vars.yml

PingOne Autonomous Identity has a configuration file where you can set the analytics data and configuration directories, private IP address mapping, LDAP/SSO options, and session duration during installation. The file is created when running the create-template command during the installation and is located in the /autoid-config directory.

The file is as follows:

ai_product: auto-id                       # Product name
domain_name: forgerock.com                # Default domain name
target_environment: autoid                # Default namespace
analytics_data_dir: /data                 # Default data directory
analytics_conf_dir: /data/conf            # Default config directory for analytics

# set to true for air-gap installation
offline_mode: false

# choose the DB Type : cassandra| mongo
db_driver_type: cassandra

# Needed only if private and public IP address of
# target nodes are different. If cloud VMs the private
# is different than the IP address (public ip) used for
# SSH. Private IP addresses are used by various services
# to reach other services in the cluster
# Example:
# private_ip_address_mapping:
#   35.223.33.21: "10.128.0.5"
#   108.59.83.132: "10.128.0.37"
#   ...
private_ip_address_mapping:                        # private and external IP mapping
#private_ip_address_mapping-ip-addesses#

api:
 authentication_option: "Local"                   # Values: "Local", "SSO", "LocalAndSSO"
 access_log_enabled: true                         # Enable access logs
 jwt_expiry: "30 minutes"                         # Default session duration
 jwt_secret_file: "{{ install_path }}/jwt/secret.txt"   # Location of JWT secret file
 jwt_audience: "http://my.service"
 oidc_jwks_url: "na"
 local_auth_mode_password: Welcome123
 session_secret: "q0civ3L33W"

# set the following API parameters when           # SSO and LdapAndSSO properties
# authentication_option is SSO or LdapAndSSO
#  oidc_issuer:
#  oidc_auth_url
#  oidc_token_url:
#  oidc_user_info_url:
#  oidc_callback_url:
#  oidc_jwks_url:
#  oidc_client_scope:
#  oidc_groups_attribute:
#  oidc_uid_attribute:
#  oidc_client_id:
#  oidc_client_secret:
#  admin_object_id:
#  entitlement_owner_object_id:
#  executive_object_id:
#  supervisor_object_id:
#  user_object_id:
#  application_owner_object_id:
#  role_owner_object_id:
#  role_engineer_object_id:
#  oidc_end_session_endpoint:
#  oidc_logout_redirect_url:

# mongo config starts
# uncomment below for mongo with replication enabled. Not needed for
#   single node deployments
# mongodb_replication_replset: mongors

# custom key
# password for inter-process authentication
#
# please regenerate this file on production environment with command 'openssl rand -base64 741'
#mongodb_keyfile_content: |
#  8pYcxvCqoe89kcp33KuTtKVf5MoHGEFjTnudrq5BosvWRoIxLowmdjrmUpVfAivh
#  CHjqM6w0zVBytAxH1lW+7teMYe6eDn2S/O/1YlRRiW57bWU3zjliW3VdguJar5i9
#  Z+1a8lI+0S9pWynbv9+Ao0aXFjSJYVxAm/w7DJbVRGcPhsPmExiSBDw8szfQ8PAU
#  2hwRl7nqPZZMMR+uQThg/zV9rOzHJmkqZtsO4UJSilG9euLCYrzW2hdoPuCrEDhu
#  Vsi5+nwAgYR9dP2oWkmGN1dwRe0ixSIM2UzFgpaXZaMOG6VztmFrlVXh8oFDRGM0
#  cGrFHcnGF7oUGfWnI2Cekngk64dHA2qD7WxXPbQ/svn9EfTY5aPw5lXzKA87Ds8p
#  KHVFUYvmA6wVsxb/riGLwc+XZlb6M9gqHn1XSpsnYRjF6UzfRcRR2WyCxLZELaqu
#  iKxLKB5FYqMBH7Sqg3qBCtE53vZ7T1nefq5RFzmykviYP63Uhu/A2EQatrMnaFPl
#  TTG5CaPjob45CBSyMrheYRWKqxdWN93BTgiTW7p0U6RB0/OCUbsVX6IG3I9N8Uqt
#  l8Kc+7aOmtUqFkwo8w30prIOjStMrokxNsuK9KTUiPu2cj7gwYQ574vV3hQvQPAr
#  hhb9ohKr0zoPQt31iTj0FDkJzPepeuzqeq8F51HB56RZKpXdRTfY8G6OaOT68cV5
#  vP1O6T/okFKrl41FQ3CyYN5eRHyRTK99zTytrjoP2EbtIZ18z+bg/angRHYNzbgk
#  lc3jpiGzs1ZWHD0nxOmHCMhU4usEcFbV6FlOxzlwrsEhHkeiununlCsNHatiDgzp
#  ZWLnP/mXKV992/Jhu0Z577DHlh+3JIYx0PceB9yzACJ8MNARHF7QpBkhtuGMGZpF
#  T+c73exupZFxItXs1Bnhe3djgE3MKKyYvxNUIbcTJoe7nhVMrwO/7lBSpVLvC4p3
#  wR700U0LDaGGQpslGtiE56SemgoP

# mongo config ends

elastic_heap_size: 1g   # sets the heap size (1g|2g|3g) for the Elastic Servers

jas:
 auth_enabled: true
 auth_type: 'jwt'
 signiture_key_id: 'service1-hmac'
 signiture_algorithm: 'hmac-sha256'
 max_memory: 4096M
 mapping_entity_type: /common/mappings
 datasource_entity_type: /common/datasources

mongo_port: 27017   # Port where Mongo is running
mongo_ldap: false   # Specify if Mongo is authenticated against an LDAP

elastic_host: 10.128.0.28     # IP Address of master node where Opensearch is running
elastic_port: 9200            # Port of master node where Opensearch is running
elastic_user: elasticadmin    # Opensearch username

kibana_host: 10.128.0.28      # IP Address of node where Opensearch Dashboard is running

apache_livy:
 dest_dir: /home/ansible/livy # Folder where livy is installed. AutoID copies analytics files to this directory.

cassandra:                                                               # Cassandra Nodes details.
 enable_ssl: "true"                                                      # Set if SSL is enabled.
 contact_points:                                                         # Comma seperated list of ip addresses - first ip is master#
 port: 9042                                                              # Port where cassandra node is running
 username: zoranuser                                                     # User created for AutoID to seed Schema
 cassandra_keystore_password: "Acc#1234"                                 # Keystore Password
 cassandra_truststore_password: "Acc#1234"                               # Truststore Password
 ssl_client_key_file: "zoran-cassandra-client-key.pem"                   # Cassandra Client Key File
 ssl_client_cert_file: "zoran-cassandra-client-cer.pem"                  # Cassandra Client Cert File
 ssl_ca_file: "zoran-cassandra-server-cer.pem"                           # Cassandra Server Root CA File
 server_truststore_jks: "zoran-cassandra-server-truststore.jks"          # Server Truststore file for services to connect
 client_truststore_jks: "zoran-cassandra-client-truststore.jks"          # Client Truststore file for services to connect
 client_keystore_jks: "zoran-cassandra-client-keystore.jks"              # Client Keystore file for services to use