Appendix B: vars.yml
Autonomous Identity has a configuration file where you can set the analytics data and configuration directories,
private IP address mapping, LDAP/SSO options, and session duration during installation.
The file is created when running the create-template
command during the installation and is located in the
/autoid-config
directory.
The file is as follows:
ai_product: auto-id # Product name domain_name: forgerock.com # Default domain name target_environment: autoid # Default namespace analytics_data_dir: /data # Default data directory analytics_conf_dir: /data/conf # Default config directory for analytics # set to true for air-gap installation offline_mode: false # choose the DB Type : cassandra| mongo db_driver_type: cassandra # Needed only if private and public IP address of # target nodes are different. If cloud VMs the private # is different than the IP address (public ip) used for # SSH. Private IP addresses are used by various services # to reach other services in the cluster # Example: # private_ip_address_mapping: # 35.223.33.21: "10.128.0.5" # 108.59.83.132: "10.128.0.37" # ... private_ip_address_mapping: # private and external IP mapping #private_ip_address_mapping-ip-addesses# api: authentication_option: "Local" # Values: "Local", "SSO", "LocalAndSSO" access_log_enabled: true # Enable access logs jwt_expiry: "30 minutes" # Default session duration jwt_secret_file: "{{ install_path }}/jwt/secret.txt" # Location of JWT secret file jwt_audience: "http://my.service" oidc_jwks_url: "na" local_auth_mode_password: Welcome123 session_secret: "q0civ3L33W" # set the following API parameters when # SSO and LdapAndSSO properties # authentication_option is SSO or LdapAndSSO # oidc_issuer: # oidc_auth_url # oidc_token_url: # oidc_user_info_url: # oidc_callback_url: # oidc_jwks_url: # oidc_client_scope: # oidc_groups_attribute: # oidc_uid_attribute: # oidc_client_id: # oidc_client_secret: # admin_object_id: # entitlement_owner_object_id: # executive_object_id: # supervisor_object_id: # user_object_id: # application_owner_object_id: # role_owner_object_id: # role_engineer_object_id: # oidc_end_session_endpoint: # oidc_logout_redirect_url: # mongo config starts # uncomment below for mongo with replication enabled. Not needed for # single node deployments # mongodb_replication_replset: mongors # custom key # password for inter-process authentication # # please regenerate this file on production environment with command 'openssl rand -base64 741' #mongodb_keyfile_content: | # 8pYcxvCqoe89kcp33KuTtKVf5MoHGEFjTnudrq5BosvWRoIxLowmdjrmUpVfAivh # CHjqM6w0zVBytAxH1lW+7teMYe6eDn2S/O/1YlRRiW57bWU3zjliW3VdguJar5i9 # Z+1a8lI+0S9pWynbv9+Ao0aXFjSJYVxAm/w7DJbVRGcPhsPmExiSBDw8szfQ8PAU # 2hwRl7nqPZZMMR+uQThg/zV9rOzHJmkqZtsO4UJSilG9euLCYrzW2hdoPuCrEDhu # Vsi5+nwAgYR9dP2oWkmGN1dwRe0ixSIM2UzFgpaXZaMOG6VztmFrlVXh8oFDRGM0 # cGrFHcnGF7oUGfWnI2Cekngk64dHA2qD7WxXPbQ/svn9EfTY5aPw5lXzKA87Ds8p # KHVFUYvmA6wVsxb/riGLwc+XZlb6M9gqHn1XSpsnYRjF6UzfRcRR2WyCxLZELaqu # iKxLKB5FYqMBH7Sqg3qBCtE53vZ7T1nefq5RFzmykviYP63Uhu/A2EQatrMnaFPl # TTG5CaPjob45CBSyMrheYRWKqxdWN93BTgiTW7p0U6RB0/OCUbsVX6IG3I9N8Uqt # l8Kc+7aOmtUqFkwo8w30prIOjStMrokxNsuK9KTUiPu2cj7gwYQ574vV3hQvQPAr # hhb9ohKr0zoPQt31iTj0FDkJzPepeuzqeq8F51HB56RZKpXdRTfY8G6OaOT68cV5 # vP1O6T/okFKrl41FQ3CyYN5eRHyRTK99zTytrjoP2EbtIZ18z+bg/angRHYNzbgk # lc3jpiGzs1ZWHD0nxOmHCMhU4usEcFbV6FlOxzlwrsEhHkeiununlCsNHatiDgzp # ZWLnP/mXKV992/Jhu0Z577DHlh+3JIYx0PceB9yzACJ8MNARHF7QpBkhtuGMGZpF # T+c73exupZFxItXs1Bnhe3djgE3MKKyYvxNUIbcTJoe7nhVMrwO/7lBSpVLvC4p3 # wR700U0LDaGGQpslGtiE56SemgoP # mongo config ends elastic_heap_size: 1g # sets the heap size (1g|2g|3g) for the Elastic Servers jas: auth_enabled: true auth_type: 'jwt' signiture_key_id: 'service1-hmac' signiture_algorithm: 'hmac-sha256' max_memory: 4096M mapping_entity_type: /common/mappings datasource_entity_type: /common/datasources mongo_port: 27017 # Port where Mongo is running mongo_ldap: false # Specify if Mongo is authenticated against an LDAP elastic_host: 10.128.0.28 # IP Address of master node where Opensearch is running elastic_port: 9200 # Port of master node where Opensearch is running elastic_user: elasticadmin # Opensearch username kibana_host: 10.128.0.28 # IP Address of node where Opensearch Dashboard is running apache_livy: dest_dir: /home/ansible/livy # Folder where livy is installed. AutoID copies analytics files to this directory. cassandra: # Cassandra Nodes details. enable_ssl: "true" # Set if SSL is enabled. contact_points: # Comma seperated list of ip addresses - first ip is master# port: 9042 # Port where cassandra node is running username: zoranuser # User created for AutoID to seed Schema cassandra_keystore_password: "Acc#1234" # Keystore Password cassandra_truststore_password: "Acc#1234" # Truststore Password ssl_client_key_file: "zoran-cassandra-client-key.pem" # Cassandra Client Key File ssl_client_cert_file: "zoran-cassandra-client-cer.pem" # Cassandra Client Cert File ssl_ca_file: "zoran-cassandra-server-cer.pem" # Cassandra Server Root CA File server_truststore_jks: "zoran-cassandra-server-truststore.jks" # Server Truststore file for services to connect client_truststore_jks: "zoran-cassandra-client-truststore.jks" # Client Truststore file for services to connect client_keystore_jks: "zoran-cassandra-client-keystore.jks" # Client Keystore file for services to use