8.2.10.2. Configuration / fichiers utiles¶
Les fichiers de configuration sont gérés par les procédures d’installation ou de mise à niveau de l’environnement VITAM. Se référer au DIN.
Les fichiers de configuration sont définis sous /vitam/conf/ihm-recette.
8.2.10.2.1. Fichier access-external-client.conf¶
Ce fichier permet de définir l’URL d’accès au service access-external.
serverHost: {{ vitam.access_external.host }}
serverPort: {{ vitam.access_external.port_service }}
secure: true
sslConfiguration:
keystore:
- keyPath: {{ vitam_folder_conf }}/keystore_{{ vitam_struct.vitam_component }}.p12
keyPassword: {{ keystores.client_external.ihm_recette }}
truststore:
- keyPath: {{ vitam_folder_conf }}/truststore_{{ vitam_struct.vitam_component }}.jks
keyPassword: {{ truststores.client_external }}
hostnameVerification: false
8.2.10.2.2. Fichier driver-location.conf¶
driverLocation: {{ vitam_folder_lib }}
8.2.10.2.3. Fichier driver-mapping.conf¶
driverMappingPath: {{ vitam_folder_data }}/
delimiter: ;
8.2.10.2.4. Fichier functional-administration-client.conf¶
serverHost: {{ vitam.functional_administration.host }}
serverPort: {{ vitam.functional_administration.port_service }}
8.2.10.2.5. Fichier ihm-recette-client.conf¶
serverHost: {{ vitam_struct.host }}
serverPort: {{ vitam_struct.port_service }}
8.2.10.2.6. Fichier ihm-recette.conf¶
#jinja2: lstrip_blocks: True
jettyConfig: jetty-config.xml
serverHost: {{ ip_service }}
port: {{ vitam_struct.port_service }}
baseUrl: /{{ vitam_struct.baseuri }}
baseUri: /{{ vitam_struct.baseuri }}
authentication: true
enableXsrFilter: true
enableSession: true
secureMode:
{% for securemode in vitam_struct.secure_mode %}
- {{ securemode }}
{% endfor %}
sipDirectory: {{ vitam_folder_data }}/test-data
performanceReportDirectory: {{ vitam_folder_data }}/report/performance
testSystemSipDirectory: {{ vitam_folder_data }}/test-data/system
testSystemReportDirectory: {{ vitam_folder_data }}/report/system
ingestMaxThread: {{ ansible_processor_cores * ansible_processor_threads_per_core + 1 }}
urlWorkspace: {{ vitam.workspace | client_url }}
# MongoDB configuration
mongoDbNodes:
{% for server in groups['hosts_mongos_data'] %}
- dbHost: {{ hostvars[server]['ip_service'] }}
dbPort: {{ mongodb.mongos_port }}
{% endfor %}
# Actually need this field for compatibility
dbName: admin
# @integ: parametrize it !
masterdataDbName: masterdata
logbookDbName: logbook
metadataDbName: metadata
dbAuthentication: {{ mongodb.mongo_authentication | bool | lower }}
dbUserName: {{ mongodb['mongo-data']['admin']['user'] }}
dbPassword: {{ mongodb['mongo-data']['admin']['password'] }}
# ElasticSearch configuration
clusterName: {{ vitam_struct.cluster_name }}
elasticsearchNodes:
{% for server in groups['hosts_elasticsearch_data'] %}
- hostName: {{ hostvars[server]['ip_service'] }}
httpPort: {{ elasticsearch.data.port_http }}
{% endfor %}
# Functional Admin Configuration
functionalAdminAdmin:
functionalAdminServerHost: {{ vitam.functional_administration.host }}
functionalAdminServerPort: {{ vitam.functional_administration.port_admin }}
adminBasicAuth:
userName: {{ admin_basic_auth_user }}
password: {{ admin_basic_auth_password }}
# ES index configuration
functionalAdminIndexationSettings:
default_config:
number_of_shards: {{ vitam_elasticsearch_tenant_indexation.default_config.masterdata.number_of_shards | default('1') }}
number_of_replicas: {{ vitam_elasticsearch_tenant_indexation.default_config.masterdata.number_of_replicas | default('2') }}
{% for collection in ["accesscontract", "accessionregisterdetail", "accessionregistersummary", "accessionregistersymbolic", "agencies", "archiveunitprofile", "context", "fileformat", "filerules", "griffin", "ingestcontract", "managementcontract", "ontology", "preservationscenario", "profile", "securityprofile","schema"] %}
{% if vitam_elasticsearch_tenant_indexation.masterdata[collection] is defined %}
{{ collection }}:
{% if vitam_elasticsearch_tenant_indexation.masterdata[collection].number_of_shards is defined %}
number_of_shards: {{ vitam_elasticsearch_tenant_indexation.masterdata[collection].number_of_shards }}
{% endif %}
{% if vitam_elasticsearch_tenant_indexation.masterdata[collection].number_of_replicas is defined %}
number_of_replicas: {{ vitam_elasticsearch_tenant_indexation.masterdata[collection].number_of_replicas }}
{% endif %}
{% endif %}
{% endfor %}
metadataIndexationSettings:
default_config:
unit:
number_of_shards: {{ vitam_elasticsearch_tenant_indexation.default_config.unit.number_of_shards | default('1') }}
number_of_replicas: {{ vitam_elasticsearch_tenant_indexation.default_config.unit.number_of_replicas | default('2') }}
mappingFile: {{ vitam.ihm_recette.elasticsearch_mapping_dir }}/unit-es-mapping.json
objectgroup:
number_of_shards: {{ vitam_elasticsearch_tenant_indexation.default_config.objectgroup.number_of_shards | default('1') }}
number_of_replicas: {{ vitam_elasticsearch_tenant_indexation.default_config.objectgroup.number_of_replicas | default('2') }}
mappingFile: {{ vitam.ihm_recette.elasticsearch_mapping_dir }}/og-es-mapping.json
{% if vitam_elasticsearch_tenant_indexation.dedicated_tenants is defined and vitam_elasticsearch_tenant_indexation.dedicated_tenants is not none %}
dedicated_tenants:
{% for entry in vitam_elasticsearch_tenant_indexation.dedicated_tenants %}
- tenants: '{{ entry.tenants }}'
{% if entry.unit is defined %}
unit:
{% if entry.unit.number_of_shards is defined %}
number_of_shards: {{ entry.unit.number_of_shards }}
{% endif %}
{% if entry.unit.number_of_replicas is defined %}
number_of_replicas: {{ entry.unit.number_of_replicas }}
{% endif %}
{% endif %}
{% if entry.objectgroup is defined %}
objectgroup:
{% if entry.objectgroup.number_of_shards is defined %}
number_of_shards: {{ entry.objectgroup.number_of_shards }}
{% endif %}
{% if entry.objectgroup.number_of_replicas is defined %}
number_of_replicas: {{ entry.objectgroup.number_of_replicas }}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
{% if vitam_elasticsearch_tenant_indexation.grouped_tenants is defined and vitam_elasticsearch_tenant_indexation.grouped_tenants is not none %}
grouped_tenants:
{% for entry in vitam_elasticsearch_tenant_indexation.grouped_tenants %}
- name: '{{ entry.name }}'
tenants: '{{ entry.tenants }}'
{% if entry.unit is defined %}
unit:
{% if entry.unit.number_of_shards is defined %}
number_of_shards: {{ entry.unit.number_of_shards }}
{% endif %}
{% if entry.unit.number_of_replicas is defined %}
number_of_replicas: {{ entry.unit.number_of_replicas }}
{% endif %}
{% endif %}
{% if entry.objectgroup is defined %}
objectgroup:
{% if entry.objectgroup.number_of_shards is defined %}
number_of_shards: {{ entry.objectgroup.number_of_shards }}
{% endif %}
{% if entry.objectgroup.number_of_replicas is defined %}
number_of_replicas: {{ entry.objectgroup.number_of_replicas }}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
elasticsearchConfigurationFile: {{ vitam_folder_conf }}/elasticsearch-settings/elasticsearch-configuration.json
logbookIndexationSettings:
default_config:
logbookoperation:
number_of_shards: {{ vitam_elasticsearch_tenant_indexation.default_config.logbookoperation.number_of_shards | default('1') }}
number_of_replicas: {{ vitam_elasticsearch_tenant_indexation.default_config.logbookoperation.number_of_replicas | default('2') }}
{% if vitam_elasticsearch_tenant_indexation.dedicated_tenants is defined and vitam_elasticsearch_tenant_indexation.dedicated_tenants is not none %}
dedicated_tenants:
{% for entry in vitam_elasticsearch_tenant_indexation.dedicated_tenants %}
- tenants: '{{ entry.tenants }}'
{% if entry.logbookoperation is defined %}
logbookoperation:
{% if entry.logbookoperation.number_of_shards is defined %}
number_of_shards: {{ entry.logbookoperation.number_of_shards }}
{% endif %}
{% if entry.logbookoperation.number_of_replicas is defined %}
number_of_replicas: {{ entry.logbookoperation.number_of_replicas }}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
{% if vitam_elasticsearch_tenant_indexation.grouped_tenants is defined and vitam_elasticsearch_tenant_indexation.grouped_tenants is not none %}
grouped_tenants:
{% for entry in vitam_elasticsearch_tenant_indexation.grouped_tenants %}
- name: '{{ entry.name }}'
tenants: '{{ entry.tenants }}'
{% if entry.logbookoperation is defined %}
logbookoperation:
{% if entry.logbookoperation.number_of_shards is defined %}
number_of_shards: {{ entry.logbookoperation.number_of_shards }}
{% endif %}
{% if entry.logbookoperation.number_of_replicas is defined %}
number_of_replicas: {{ entry.logbookoperation.number_of_replicas }}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
8.2.10.2.7. Fichier ingest-external-client.conf¶
serverHost: {{ vitam.ingest_external.host }}
serverPort: {{ vitam.ingest_external.port_service }}
secure: true
sslConfiguration:
keystore:
- keyPath: {{ vitam_folder_conf }}/keystore_{{ vitam_struct.vitam_component }}.p12
keyPassword: {{ keystores.client_external.ihm_recette }}
truststore:
- keyPath: {{ vitam_folder_conf }}/truststore_{{ vitam_struct.vitam_component }}.jks
keyPassword: {{ truststores.client_external }}
hostnameVerification: false
8.2.10.2.8. Fichier shiro.ini¶
#jinja2: lstrip_blocks: True
[main]
{% if vitam_struct.secure_mode == 'x509' %}
x509 = fr.gouv.vitam.common.auth.web.filter.X509AuthenticationFilter
x509.useHeader = {{ vitam_defaults.vitam_ssl_user_header | default(false) }}
x509credentialsMatcher = fr.gouv.vitam.common.auth.core.authc.X509CredentialsSha256Matcher
x509Realm = fr.gouv.vitam.common.auth.core.realm.X509KeystoreFileRealm
x509Realm.grantedKeyStoreName = {{ vitam_folder_conf }}/grantedstore_ihm-recette.jks
x509Realm.grantedKeyStorePassphrase = {{ password_grantedstore }}
x509Realm.trustedKeyStoreName = {{ vitam_folder_conf }}/truststore_ihm-recette.jks
x509Realm.trustedKeyStorePassphrase = {{ password_truststore }}
x509Realm.credentialsMatcher = $x509credentialsMatcher
securityManager.realm = $x509Realm
securityManager.subjectDAO.sessionStorageEvaluator.sessionStorageEnabled = false
[urls]
/v1/api/** = x509
{% else %}
# Objects and their properties are defined here,
# Such as the securityManager, Realms and anything
# else needed to build the SecurityManager
# credentialsMatcher
sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
iniRealm.credentialsMatcher = $sha256Matcher
# Cache Manager
builtInCacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
# Security Manager
securityManager.cacheManager = $builtInCacheManager
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionMode=native
# User session timeout in milliseconds
securityManager.sessionManager.globalSessionTimeout = {{ vitam_struct.session_timeout | default(1800000) }}
securityManager.sessionManager.sessionIdUrlRewritingEnabled = false
securityManager.sessionManager.sessionIdCookie.secure = {{ vitam_struct.secure_cookie | default(true) | bool | lower }}
securityManager.rememberMeManager.cookie.secure = {{ vitam_struct.secure_cookie | default(true) | bool | lower }}
securityManager.rememberMeManager.cookie.httpOnly = true
# Notice how we didn't define the class for the FormAuthenticationFilter ('authc') - it is instantiated and available already:
authc.loginUrl = /#!/login
[users]
# The 'users' section is for simple deployments
# when you only need a small number of statically-defined set of User accounts.
# username = password
{% for item in vitam_users %}
{% if item.role == "admin" %}
{{ item.login }}={{ item.password|hash('sha256') }}
{% endif %}
{% endfor %}
[roles]
# The 'roles' section is for simple deployments
# when you only need a small number of statically-defined
# roles.
[urls]
# make sure the end-user is authenticated. If not, redirect to the 'authc.loginUrl' above,
# and after successful authentication, redirect them back to the original account page they
# were trying to view:
/v1/api/login = anon
/v1/api/logout = logout
/v1/api/securemode = anon
/** = authc
{% endif %}
8.2.10.2.9. Fichier static-offer.json¶
#jinja2: lstrip_blocks: True
[
{% for item in all_used_offers %}
{
{% if item.id is defined %}
"id": "{{ item.id }}",
{% else %}
"id": "{{ item.name }}.service.{{ item.vitam_site_name | default(vitam_site_name) }}.{{ consul_domain }}",
{% endif %}
"baseUrl": "http{% if vitam.offer.https_enabled | bool %}s{% endif %}://{{ item.name }}.service.{{ item.vitam_site_name | default(vitam_site_name) }}.{{ consul_domain }}:{{ vitam.offer.port_service }}",
{% if item.asyncRead is defined %} "asyncRead": {{ item.asyncRead | bool | lower }},{% endif %}
"parameters": {
{% if vitam.offer.https_enabled | bool %}
"keyStore-keyPath": "{{ vitam_folder_conf }}/keystore_storage.p12",
"keyStore-keyPassword": "{{ keystores.client_storage.storage }}",
"trustStore-keyPath": "{{ vitam_folder_conf }}/truststore_storage.jks",
"trustStore-keyPassword": "{{ truststores.client_storage }}"
{% endif %}
}
}{% if not loop.last %},{% endif %}
{% endfor %}
]
8.2.10.2.10. Fichier static-strategy.json¶
#jinja2: lstrip_blocks: True
[
{
"id": "default",
"offers": [
{% for item in vitam_strategy %}
{
{% if item.id is defined %}
"id": "{{ item.id }}",
{% else %}
"id": "{{ item.name }}.service.{{ item.vitam_site_name | default(vitam_site_name) }}.{{ consul_domain }}",
{% endif %}
"referent": {{ item.referent | default(false) | bool | lower }},
"status": "{{ item.status | default('ACTIVE') | upper }}",
"rank": {{ item.rank }}
}{% if not loop.last %},{% endif %}
{% endfor %}
]
}
{% if other_strategies is defined %}
{% for strategy_name, strategy_offers in other_strategies.items() %}
, {
"id": "{{ strategy_name }}",
"offers": [
{% for strategy_offer in strategy_offers %}
{
"id": "{{ strategy_offer.name }}.service.{{ strategy_offer.vitam_site_name |default(vitam_site_name) }}.{{ consul_domain }}",
"referent": {{ strategy_offer.referent | default(false) | bool | lower }},
"status": "{{ strategy_offer.status | default('ACTIVE') | upper }}",
"rank": {{ strategy_offer.rank }}
}{% if not loop.last %},{% endif %}
{% endfor %}
]
}
{% endfor %}
{% endif %}
]
8.2.10.2.11. Fichier storage-client.conf¶
serverHost: {{ vitam.storage.host }}
serverPort: {{ vitam.storage.port_service }}
8.2.10.2.12. Fichier storage.conf¶
urlWorkspace: {{ vitam.workspace | client_url }}
timeoutMsPerKB: 100
jettyConfig: jetty-config.xml
zippingDirecorty: {{ vitam_folder_data }}/storage_archives
loggingDirectory: {{ vitam_folder_log }}
8.2.10.2.13. Fichier storage-offer.conf¶
strategy_name=[{% for item in vitam_strategy %}"{{ item.name }}.service.{{ consul_domain }}"{% if not loop.last %},{% endif %}{% endfor %}]
8.2.10.2.14. Fichier tnr.conf¶
urlWorkspace: {{ vitam.workspace | client_url }}
tenantsTest: [ "0" ]
vitamSecret: {{ plateforme_secret }}
tenants: {{ vitam_tenant_ids | expand_list }}
adminTenant: {{ vitam_tenant_admin }}