#**********************************************************************************
# This file is the overload of the /etc/shinken/synchronizer.cfg file
# IMPORTANT: You MUST edit this file instead of the /etc/shinken/synchronizer.cfg
# as the /etc/shinken file can be overwrite by an update
#
# To set a value, just uncomment it and it will take precedence over the
# /etc/shinken/synchronizer.cfg one
#**********************************************************************************
#==================================================================================
#======== logging =========
# The synchronizer daemon log
#local_log=/var/log/shinken/synchronizerd.log
# ─────────────────────────────────────────────────────────────────────────────────────────────────────── #
# This comment is used by Shinken to recognize this file, please do not edit or remove it.
# If done so, several parts of Shinken, like sanitize, may not work properly.
# __OVERRIDE_TYPE__ synchronizer_cfg_overload
# ─────────────────────────────────────────────────────────────────────────────────────────────────────── #
# ┌─────────────────────────────────────────────────────────────────────────────────────────────────────┐ #
# │ ────────────────────────────────── DAEMON LOGS PARAMETERS ─────────────────────────────────── │ #
# └─────────────────────────────────────────────────────────────────────────────────────────────────────┘ #
# ─── The synchronizer daemon log ───
# ─── ───
# local_log=/var/log/shinken/synchronizerd.log
# ─── If you disable, the timestamp will be an epoch integer instead of a human date ───
# # If you disable, the timestamp will be an epoch integer instead of a human date
#human_timestamp_log=1
#==================================================================================
#==================================================================================
#======== Listening address (daemon) =========
───
# ... : 0 => timestamp ───
# ... : 1 => human date ───
# ─── ───
# human_timestamp_log=1
# ─── Set logging level for the Synchronizer daemon. ───
# ───
# ... : accepted values: DEBUG,INFO,WARNING,ERROR,CRITICAL ───
# Default : INFO ( info, warning and error logs will be shown ) ───
# ─── ───
# log_level=INFO
# ┌─────────────────────────────────────────────────────────────────────────────────────────────────────┐ #
# │ ────────────────────────── EXTERNAL AUTHENTICATION LOGS PARAMETERS ────────────────────────── │ #
# └─────────────────────────────────────────────────────────────────────────────────────────────────────┘ #
# ─── Log the synchronizer authentication and Session history in a file ───
# ───
# ... : 1 => Enable ───
# Default : 0 => Disable ───
# ─── ───
# synchronizer__log_users__enabled=0
# ─── File use for log authentication and Session history ───
# ─── ───
# synchronizer__log_users__file_path=/var/log/shinken/synchronizer/log_users.log
# ─── Add user name to log ───
# ───
# ... : 1 => Enable ───
# Default : 0 => Disable ───
# ─── ───
# synchronizer__log_users__add_user_name=0
# ─── The logs files will be daily rotated up to the number of configurated days. ───
# ─── All log files older than the configured number of days will be deleted automatically. ───
# ───
# Default : 7 (days) ───
# ─── ───
# synchronizer__log_users__logs_rotation__nb_days_before_deletion=7
# ┌─────────────────────────────────────────────────────────────────────────────────────────────────────┐ #
# │ ──────────────────────────────────── SYSTEM AND SECURITY ──────────────────────────────────── │ #
# └─────────────────────────────────────────────────────────────────────────────────────────────────────┘ #
# ── System daemon parameters (user, group, pid, ...) ───────────────────────────────────────────────── #
# ─── Run or not the daemon ───
# ───
# ... : 0 => Disable ───
# ... : 1 => Enable ───
# ─── ───
# daemon_enabled=1
# ─── Lock file (with pid) for the synchronizer daemon ───
# ─── ───
# lock_file=/var/run/shinken/synchronizerd.pid
# ─── User used by the synchronizer ───
# ─── ───
# shinken_user=shinken
# ─── ───
# shinken_group=shinken
# ─── The path to the modules directory ───
# ─── ───
# modules_dir=/var/lib/shinken/modules
# ─── The path to the share files ───
# ─── ───
# share_dir=/var/lib/shinken/share
# ───────────── Listening address (daemon) ──────────────────────────────────────────────────────────── #
# ─── Which HTTP backend to start the listening daemon with. ───
# ─── Currently only auto is managed ───
# ─── ───
# http_backend=auto
# ─── Which address to bind for the synchronizer daemon. ───
# ───
# Default : 0.0.0.0 => (all interfaces) ───
# ─── ───
# bind_addr=0.0.0.0
# ─── Enable HTTPS. ───
# ───
# ... : 1 => Use HTTPS ───
# Default : 0 => Use HTTP ───
# ─── ───
# use_ssl=0
# ─── Paths to pem/cert and key files ───
# ─── Note: default pem/cert and key files are for sample only. You need to generate ───
# ─── your own with your PKI. ───
# ─── ───
# ca_cert=/etc/shinken/certs/ca.pem
# ─── ───
# server_cert=/etc/shinken/certs/server.cert
# ─── ───
# server_key=/etc/shinken/certs/server.key
# ─── Force the HTTPS certificates name checks by the synchronizer connections ───
# ─── If enabled and a distant certificate is not the same as the daemon address, then ───
# ─── the connection will be refused. ───
# ───
# ... : 0 => Disable ───
# Default : 1 => Enable ───
# ─── ───
# hard_ssl_name_check=0
# ┌─────────────────────────────────────────────────────────────────────────────────────────────────────┐ #
# │ ──────────────────────────────── MONGODB DATABASE CONNECTION ──────────────────────────────── │ #
# └─────────────────────────────────────────────────────────────────────────────────────────────────────┘ #
# ─── Database type. currently only mongodb is managed. ───
# ─── ───
# data_backend=mongodb
# ─── mongodb uri definition for connecting to the mongodb database. You can find the mongodb uri ───
# ─── syntax at https://docs.mongodb.com/manual/reference/connection-string/ ───
# ─── ───
# mongodb_uri=mongodb://localhost/?safe=false
# ─── Mongodb database to use for this daemon. ───
# ─── ───
# mongodb_database=synchronizer
# ─── username/password to authenticate to MongoDB. ───
# ─── Both parameters must be provided for authentication to function correctly. ───
# ─── ───
# synchronizer__database__username=
# ─── ───
# synchronizer__database__password=
# ─── Secure your mongodb connection ───
# ─── enable the ssh that will ───
# ─── allow all mongodb to be encrypted & authenticated with SSH ───
# ───
# ... : 1 => Enable ───
# Default : 0 => Disable ───
# ─── ───
# mongodb_use_ssh_tunnel=0
# ─── If the SSH connection goes wrong, ───
# ─── then retry use_ssh_retry_failure time ───
# ───
# ... : 0 => Disable ───
# Default : 1 => Enable ───
# ─── ───
# mongodb_use_ssh_retry_failure=1
# ─── SSH user/keyfile in order to connect to the mongodb server ───
# ─── ───
# mongodb_ssh_user=shinken
# ─── ───
# mongodb_ssh_keyfile=~shinken/.ssh/id_rsa
# ─── SSH Timeout used to test if the SSH tunnel is viable or not, in seconds ───
# ───
# Default : 2 (in seconds) ───
# ─── ───
# mongodb_ssh_tunnel_timeout=2
# ─── By default bailout the synchronizer if cannot contact mongodb for more than 120s ───
# ───
# Default : 120 (in seconds) ───
# ─── ───
# mongodb_retry_timeout=120
# ─── Each database request will be tried X times before considering it as an error and abort ───
# ───
# Default : 15 (in seconds) ───
# ─── ───
# If enabled, the synchronizer daemon will listen in HTTPS instead of HTTP protocol.
synchronizer__database__retry_connection_X_times_before_considering_an_error=15
# ─── We will wait X seconds between each try or any database request ───
# # Note: default pem/cert and key files are for sample only. You need to generate
───
# #Default your: own5 with(in yourseconds) PKI.
# by default: 0 (disabled)
#use_ssl=0
#ca_cert=/etc/shinken/certs/ca.pem
#server_cert=/etc/shinken/certs/server.cert
#server_key=/etc/shinken/certs/server.key
───
# ─── # Should the synchronizer connections will force the HTTPS certificates name checks
───
# synchronizer__database__wait_X_seconds_before_reconnect=5
# ─── The time the history will be kept for synchronizations into database # If enabled and a───
distant certificate is not# the same as the daemon address, then
# the connection will be refused.
#hard_ssl_name_check=0
───
# Default : 1440 (in #minutes) Which HTTP backend to start the listening daemon with.
# Currently───
only auto is managed
#http_backend=auto
# ─── # Which address to bind for the synchronizer daemon
───
# sync_history_lifespan=1440
# ┌─────────────────────────────────────────────────────────────────────────────────────────────────────┐ #
# │ ─────────────────────────────────── # by default: 0.0.0.0 (all interfaces)
#bind_addr=0.0.0.0
#==================================================================================
#==================================================================================
#======== ADDRESS AND SECURITY ──────────────────────────────────── │ #
# └─────────────────────────────────────────────────────────────────────────────────────────────────────┘ #
# ──── Listening address (Configuration interface) =========
──────────────────────────────────────────────────── #
# ─── Http(s) port to listen the Configuration interface. ───
# Http(s) port to listen the Configuration interface
#http_port=7766
─── # Select the lang that will be used───
by default on the UIs# http_port=7766
# ─── set the Configuration interface into HTTPs or not (disabled by default). ───
# # Currently managed:
# -en (english)
───
# ... : 1 => Use HTTPS # -fr (francais)
#lang=en
# set the Configuration interface into HTTPs or───
not (disabled by default)
#http_use_ssl=0
# Default : 0 => Use HTTP # Mandatory is SSL is enabled: server key and certificate
#http_ssl_cert=/etc/shinken/certs/server.cert
#http_ssl_key=/etc/shinken/certs/server.key
───
# ─── # Cookie secret password. Is used to crypt cookies
#auth_secret=YOUR-VALUE
# Master key for CLI access
#master_key=YOUR-VALUE
───
# http_use_ssl=0
# ─── Mandatory is SSL is enabled: server key and certificate. ───
# ─── Remote application authentication
# if 1: allow the user to be load from a HTTP Header
#http_remote_user_enable=0
───
# http_ssl_cert=/etc/shinken/certs/server.cert
# ─── # which HTTP header to get user name if remote_user_enable is 1
#http_remote_user_variable=X-Remote-User
# if remote_user_enable is 1,
───
# http_ssl_key=/etc/shinken/certs/server.key
# ──────────────────── Cypher keys ──────────────────────────────────────────────────────────────────── #
# ─── Cookie secret password. Is used to crypt cookies. # http_remote_user_case_sensitive to 1 enable case check on remote user login
───
# ─── # http_remote_user_case_sensitive to 0 disable case check on remote user login
# default value : 1,───
login is case sensitive
#http_remote_user_case_sensitive=1
#==================================================================================
#==================================================================================
#======== INTERNAL OPTIONS =========
# On source page, some errors or warnings may concern many elements. A summary is shown
# for this error and you can set the number of message who are in this summary.
#number_of_message_in_source_summary=5
#==================================================================================
#==================================================================================
#======== Mongodb database connection =========
# auth_secret=TO_CHANGE
# ─── Master key for CLI access. ───
# ─── ───
# master_key=TO_CHANGE
# ───────────────── SSO authentication ──────────────────────────────────────────────────────────────── #
# ─── Remote application authentication. ───
# ───
# ... : 1 => allow the user to be load from a HTTP Header # database type. currently only───
mongodb is managed.
#data_backend=mongodb
# Default : 0 => Disable # mongodb uri definition for connecting to the mongodb database. You can find the mongodb uri
───
# ─── # syntax at https://docs.mongodb.com/manual/reference/connection-string/
#mongodb_uri=mongodb://localhost/?safe=false
# mongodb database to use for this daemon.
#mongodb_database=synchronizer───
# http_remote_user_enable=0
# ─── From which HTTP header get user name if remote_user_enable is 1. ───
# ─── # If you want to secure your mongodb connection you can enable the ssh use_ssh_tunnel that will
# allow all mongodb to be encrypted & authenticated with SSH
───
# http_remote_user_variable=X-Remote-User
# ─── Case sensitivity of login if remote_user_enable is 1. # Should use a SSH tunnel (Default 0=False)
#mongodb_use_ssh_tunnel=0
───
# # If the SSH connection goes wrong, then retry use_ssh_retry_failure time
# Default: 1
#mongodb_use_ssh_retry_failure=1
───
# ... : 0 => disable case check on remote user login # SSH user/keyfile in order to connect to the mongodb server.
───
# Default : 1 => enable case check on remote user login # Default: shinken
#mongodb_ssh_user=shinken
───
# ─── # Default: ~shinken/.ssh/id_rsa
#mongodb_ssh_keyfile=~shinken/.ssh/id_rsa
# SSH Timeout used to test if the SSH tunnel───
is viable or not, in seconds# http_remote_user_case_sensitive=1
# ┌─────────────────────────────────────────────────────────────────────────────────────────────────────┐ #
# │ ──────────────────────────── INTERFACE CONFIGURATION PARAMETERS ───────────────────────────── │ #
# └─────────────────────────────────────────────────────────────────────────────────────────────────────┘ #
# ────────────────────── Language ───────────────────────────────────────────────────────────────────── #
# ─── Select the lang that will be used by default #on Default: 2
#mongodb_ssh_tunnel_timeout=2
the UIs. ───
# ─── # By default bailout the synchronizer if cannot contact mongodb for more than 120s
#mongodb_retry_timeout=120
Currently managed: # The time the history will be kept for synchronizations into database (in minutes)
#sync_history_lifespan=1440
#==================================================================================
#==================================================================================
#=============== Protected fields security ====================
───
# ───
# ... : en => (english) ───
# Encryption for protected fields
#protect_fields__activate_encryption=0
... : fr => (francais) # File containing the encryption key
#protect_fields__encryption_keyfile=/etc/shinken/secrets/protected_fields_key
───
# ─── # List of words contained in protected fields names
───
# lang=fr
# Default────────────────────── values : PASSWORD,PASSPHRASE,PASSE,DOMAINUSER,MSSQLUSER,MYSQLUSER,ORACLE_USER,SSH_USER,LOGIN
#protect_fields__substrings_matching_fields=PASSWORD,PASSPHRASE,PASSE,DOMAINUSER,MSSQLUSER,MYSQLUSER,ORACLE_USER,SSH_USER,LOGIN
#==================================================================================
#=============== Synchronizer Authentication External Log ====================
Sources ────────────────────────────────────────────────────────────────────── #
# ─── On source page, some errors or warnings may concern many elements. ───
# ─── A summary is shown for this error and you can set the number ───
# ─── of message who are in this summary. # Log the synchronizer authentication history in a file
───
# ─── # Enable authentication log or not.
#───
by default: 0 (disabled)
# synchronizernumber_of_logmessage_usersin_source_enabledsummary=05
# ────────────────── Production page ────────────────────────────────────────────────────────────────── #
# ─── Timeout for the Arbiter to load a new configuration # File use for log authentication history
# synchronizer__log_users__file_path=/var/log/shinken/synchronizer/log_users.log
───
# ─── # Add user name to log.
───
# by default: 0 (disabled)
# synchronizer__logproduction_users_apply_addnew_userconfiguration_nametimeout=030
|