8.2.9.2. Configuration / fichiers utiles¶
Les fichiers de configuration sont gérés par les procédures d’installation ou de mise à niveau de l’environnement VITAM. Se référer au DIN.
Les fichiers de configuration sont définis sous /vitam/conf/ihm-recette.
8.2.9.2.1. Fichier access-external-client.conf¶
ce fichier permet de définir l’URL d’accès au access server.
serverHost: {{ vitam.accessexternal.host }}
serverPort: {{ vitam.accessexternal.port_service }}
secure: true
sslConfiguration :
keystore :
- keyPath: {{ vitam_folder_conf }}/keystore_{{ vitam_struct.vitam_component }}.p12
keyPassword: {{ keystores.client_external.ihm_recette }}
truststore :
- keyPath: {{ vitam_folder_conf }}/truststore_{{ vitam_struct.vitam_component }}.jks
keyPassword: {{ truststores.client_external }}
hostnameVerification: false
8.2.9.2.2. Fichier driver-location.conf¶
driverLocation: {{ vitam_folder_lib }}
8.2.9.2.3. Fichier driver-mapping.conf¶
driverMappingPath: {{ vitam_folder_data }}/
delimiter: ;
8.2.9.2.4. Fichier functional-administration-client.conf¶
serverHost: {{ vitam.functional_administration.host }}
serverPort: {{ vitam.functional_administration.port_service }}
8.2.9.2.5. Fichier ihm-recette-client.conf¶
serverHost: {{ vitam_struct.host }}
serverPort: {{ vitam_struct.port_service }}
8.2.9.2.6. Fichier ihm-recette.conf¶
serverHost: {{ ip_service }}
port: {{ vitam_struct.port_service }}
baseUrl: "/{{ vitam_struct.baseuri }}"
baseUri: "/{{ vitam_struct.baseuri }}"
staticContent: "{{ vitam_struct.static_content }}"
jettyConfig: jetty-config.xml
authentication: true
enableXsrFilter: true
enableSession: true
secureMode:
{% for securemode in vitam_struct.secure_mode %}
- {{ securemode }}
{% endfor %}
sipDirectory: {{ vitam_folder_data }}/test-data
performanceReportDirectory: {{ vitam_folder_data }}/report/performance
testSystemSipDirectory: {{ vitam_folder_data }}/test-data/system
testSystemReportDirectory: {{ vitam_folder_data }}/report/system
ingestMaxThread: {{ ansible_processor_cores * ansible_processor_threads_per_core + 1 }}
#
workspaceUrl: {{vitam.workspace | client_url}}
# Configuration MongoDB
mongoDbNodes:
{% for server in groups['hosts_mongos_data'] %}
- dbHost: {{ hostvars[server]['ip_service'] }}
dbPort: {{ mongodb.mongos_port }}
{% endfor %}
# Actually need this field for compatibility
dbName: admin
# @integ: parametrize it !
masterdataDbName: masterdata
logbookDbName: logbook
metadataDbName: metadata
dbAuthentication: {{ mongodb.mongo_authentication }}
dbUserName: {{ mongodb['mongo-data']['admin']['user'] }}
dbPassword: {{ mongodb['mongo-data']['admin']['password'] }}
# ElasticSearch
clusterName: {{ vitam_struct.cluster_name }}
elasticsearchNodes:
{% for server in groups['hosts_elasticsearch_data'] %}
- hostName: {{ hostvars[server]['ip_service'] }}
httpPort: {{ elasticsearch.data.port_http }}
{% endfor %}
# Functional Admin Configuration
functionalAdminAdmin:
functionalAdminServerHost: {{ vitam.functional_administration.host }}
functionalAdminServerPort: {{ vitam.functional_administration.port_admin }}
adminBasicAuth:
userName: {{ admin_basic_auth_user }}
password: {{ admin_basic_auth_password }}
8.2.9.2.7. Fichier ingest-external-client.conf¶
serverHost: {{ vitam.ingestexternal.host }}
serverPort: {{ vitam.ingestexternal.port_service }}
secure: true
sslConfiguration :
keystore :
- keyPath: {{ vitam_folder_conf }}/keystore_{{ vitam_struct.vitam_component }}.p12
keyPassword: {{ keystores.client_external.ihm_recette }}
truststore :
- keyPath: {{ vitam_folder_conf }}/truststore_{{ vitam_struct.vitam_component }}.jks
keyPassword: {{ truststores.client_external }}
hostnameVerification: false
8.2.9.2.8. Fichier shiro.ini¶
[main]
{% if vitam_struct.secure_mode == 'x509' %}
x509 = fr.gouv.vitam.common.auth.web.filter.X509AuthenticationFilter
x509.useHeader = {{ vitam_ssl_user_header }}
x509credentialsMatcher = fr.gouv.vitam.common.auth.core.authc.X509CredentialsSha256Matcher
x509Realm = fr.gouv.vitam.common.auth.core.realm.X509KeystoreFileRealm
x509Realm.grantedKeyStoreName = {{ vitam_folder_conf }}/grantedstore_ihm-recette.jks
x509Realm.grantedKeyStorePassphrase = {{ password_grantedstore }}
x509Realm.trustedKeyStoreName = {{ vitam_folder_conf }}/truststore_ihm-recette.jks
x509Realm.trustedKeyStorePassphrase = {{ password_truststore }}
x509Realm.credentialsMatcher = $x509credentialsMatcher
securityManager.realm = $x509Realm
securityManager.subjectDAO.sessionStorageEvaluator.sessionStorageEnabled = false
[urls]
/v1/api/** = x509
{% else %}
# Objects and their properties are defined here,
# Such as the securityManager, Realms and anything
# else needed to build the SecurityManager
# credentialsMatcher
sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
iniRealm.credentialsMatcher = $sha256Matcher
# Cache Manager
builtInCacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
# Security Manager
securityManager.cacheManager = $builtInCacheManager
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionMode=native
securityManager.sessionManager.globalSessionTimeout = {{ vitam_struct.session_timeout }}
securityManager.sessionManager.sessionIdUrlRewritingEnabled = false
securityManager.sessionManager.sessionIdCookie.secure = {{ vitam_struct.secure_cookie }}
securityManager.rememberMeManager.cookie.secure = {{ vitam_struct.secure_cookie }}
securityManager.rememberMeManager.cookie.httpOnly = true
# Notice how we didn't define the class for the FormAuthenticationFilter ('authc') - it is instantiated and available already:
authc.loginUrl = /#!/login
[users]
# The 'users' section is for simple deployments
# when you only need a small number of statically-defined
# set of User accounts.
#username = password
{% for item in vitam_users %}
{% if item.role == "admin" %}
{{ item.login }}={{ item.password|hash('sha256') }}
{% endif %}
{% endfor %}
[roles]
# The 'roles' section is for simple deployments
# when you only need a small number of statically-defined
# roles.
[urls]
# make sure the end-user is authenticated. If not, redirect to the 'authc.loginUrl' above,
# and after successful authentication, redirect them back to the original account page they
# were trying to view:
/v1/api/login = anon
/v1/api/logout = logout
/v1/api/securemode = anon
/** = authc
{% endif %}
8.2.9.2.9. Fichier static-offer.json¶
{% if vitam.storageofferdefault.https_enabled==true %}
{% set protocol = 'https' %}
{% else %}
{% set protocol = 'http' %}
{% endif %}
[
{% for item in vitam_strategy %}
{
"id" : "{{ item.name }}.service.{{ item.vitam_site_name |default(vitam_site_name) }}.{{ consul_domain }}",
"baseUrl" : "{{ protocol }}://{{ item.name }}.service.{{ item.vitam_site_name |default(vitam_site_name) }}.{{ consul_domain }}:{{ vitam.storageofferdefault.port_service }}",
{% if item.asyncRead is defined %} "asyncRead": {{item.asyncRead|lower }}, {% endif %}
"parameters" : {
{% if vitam.storageofferdefault.https_enabled==true %}
"keyStore-keyPath": "{{ vitam_folder_conf }}/keystore_storage.p12",
"keyStore-keyPassword": "{{ keystores.client_storage.storage }}",
"trustStore-keyPath": "{{ vitam_folder_conf }}/truststore_storage.jks",
"trustStore-keyPassword": "{{ truststores.client_storage }}"
{% endif %}
}
}
{% if not loop.last %},
{% endif %}
{% endfor %}
]
8.2.9.2.10. Fichier static-strategy.json¶
[
{
"id" : "default",
"offers" : [
{% for item in vitam_strategy %}
{"id" : "{{ item.name }}.service.{{ item.vitam_site_name |default(vitam_site_name) }}.{{ consul_domain }}"{% if item.referent is defined %}{% if item.referent|lower == "true" %}, "referent" : true{% endif %}{% endif %}{% if item.status is defined %}, "status" : "{{ item.status| upper }}" {% endif %}}{% if not loop.last %},{% endif %}
{% endfor %}
]
}
{% if other_strategies is defined %}
{% for strategy_name, strategy_offers in other_strategies.iteritems() %}
,
{
"id" : "{{ strategy_name }}",
"offers" : [
{% for strategy_offer in strategy_offers %}
{"id" : "{{ strategy_offer.name }}.service.{{ strategy_offer.vitam_site_name |default(vitam_site_name) }}.{{ consul_domain }}"{% if strategy_offer.status is defined %}, "status" : "{{ strategy_offer.status| upper }}" {% endif %}}{% if not loop.last %},{% endif %}
{% endfor %}
]
}
{% endfor %}
{% endif %}
]
8.2.9.2.11. Fichier storage-client.conf¶
serverHost: {{ vitam.storageengine.host }}
serverPort: {{ vitam.storageengine.port_service }}
8.2.9.2.12. Fichier storage.conf¶
urlWorkspace: {{ vitam.workspace | client_url }}
timeoutMsPerKB: 100
jettyConfig: jetty-config.xml
zippingDirecorty: {{ vitam_folder_data }}/storage_archives
loggingDirectory: {{ vitam_folder_log }}
8.2.9.2.13. Fichier storage-offer.conf¶
strategy_name=[{% for item in vitam_strategy %}"{{ item.name }}.service.{{ consul_domain }}"{% if not loop.last %},{% endif %}{% endfor %}]
8.2.9.2.14. Fichier tnr.conf¶
urlWorkspace: {{vitam.workspace | client_url}}
tenantsTest: [ "0" ]
vitamSecret: {{ plateforme_secret }}
tenants: [ "{{ vitam_tenant_ids | join('", "') }}" ]
adminTenant: {{ vitam_tenant_admin }}