8.2.4.2. Configuration / fichiers utiles

Les fichiers de configuration sont gérés par les procédures d’installation ou de mise à niveau de l’environnement VITAM. Se référer au DIN.

Les fichiers de configuration sont définis sous /vitam/conf/ihm-recette.

8.2.4.2.1. Fichier access-external-client.conf

ce fichier permet de définir l’URL d’accès au access server.

serverHost: {{ vitam.accessexternal.host }}
serverPort: {{ vitam.accessexternal.port_service }}
secure: true
sslConfiguration :
 keystore :
  - keyPath: {{ vitam_folder_conf }}/keystore_{{ vitam_struct.vitam_component }}.p12
    keyPassword: {{ keystores.client_external.ihm_recette }}
 truststore :
  - keyPath: {{ vitam_folder_conf }}/truststore_{{ vitam_struct.vitam_component }}.jks
    keyPassword: {{ truststores.client_external }}
hostnameVerification: false

8.2.4.2.2. Fichier driver-location.conf

driverLocation: {{ vitam_folder_lib }}

8.2.4.2.3. Fichier driver-mapping.conf

driverMappingPath: {{ vitam_folder_data }}/
delimiter: ;

8.2.4.2.4. Fichier functional-administration-client.conf

serverHost: {{ vitam.functional_administration.host }}
serverPort: {{ vitam.functional_administration.port_service }}

8.2.4.2.5. Fichier ihm-recette-client.conf

serverHost: {{ vitam_struct.host }}
serverPort: {{ vitam_struct.port_service }}

8.2.4.2.6. Fichier ihm-recette.conf

serverHost: {{ ip_service }}
port: {{ vitam_struct.port_service }}

baseUrl: "/{{ vitam_struct.baseuri }}"
baseUri: "/{{ vitam_struct.baseuri }}"
staticContent: "{{ vitam_struct.static_content }}"

jettyConfig: jetty-config.xml
authentication: true
enableXsrFilter: true
enableSession: true

secureMode:
{% for securemode in vitam_struct.secure_mode %}
- {{ securemode }}
{% endfor %}
sipDirectory: {{ vitam_folder_data }}/test-data
performanceReportDirectory: {{ vitam_folder_data }}/report/performance

testSystemSipDirectory: {{ vitam_folder_data }}/test-data/system
testSystemReportDirectory: {{ vitam_folder_data }}/report/system
ingestMaxThread: {{ ansible_processor_cores * ansible_processor_threads_per_core + 1 }}

#
workspaceUrl: {{vitam.workspace | client_url}}

# Configuration MongoDB
mongoDbNodes:
{% for server in groups['hosts_mongos_data'] %}
- dbHost: {{ hostvars[server]['ip_service'] }}
  dbPort: {{ mongodb.mongos_port }}
{% endfor %}
# Actually need this field for compatibility
dbName: admin
# @integ: parametrize it !
masterdataDbName: masterdata
logbookDbName: logbook
metadataDbName: metadata
dbAuthentication: {{ mongodb.mongo_authentication }}
dbUserName: {{ mongodb['mongo-data']['admin']['user'] }}
dbPassword: {{ mongodb['mongo-data']['admin']['password'] }}

# ElasticSearch
clusterName: {{ vitam_struct.cluster_name }}
elasticsearchNodes:
{% for server in groups['hosts_elasticsearch_data'] %}
- hostName: {{ hostvars[server]['ip_service'] }}
  httpPort: {{ elasticsearch.data.port_http }}
{% endfor %}

# ElasticSearch External Metadata Mapping
elasticsearchExternalMetadataMappings:
- collection: Unit
  mappingFile: {{ vitam.ihm_recette.elasticsearch_mapping_dir }}/unit-es-mapping.json
- collection: ObjectGroup
  mappingFile: {{ vitam.ihm_recette.elasticsearch_mapping_dir }}/og-es-mapping.json

# Functional Admin Configuration
functionalAdminAdmin:
   functionalAdminServerHost: {{ vitam.functional_administration.host }}
   functionalAdminServerPort: {{ vitam.functional_administration.port_admin }}
   adminBasicAuth:
      userName: {{ admin_basic_auth_user }}
      password: {{ admin_basic_auth_password }}

# ES index configuration
functionalAdminIndexationSettings:
  default_config:
    number_of_shards: {{ vitam_elasticsearch_tenant_indexation.default_config.masterdata.number_of_shards }}
    number_of_replicas: {{ vitam_elasticsearch_tenant_indexation.default_config.masterdata.number_of_replicas }}

{% for collection in ["accesscontract", "accessionregisterdetail", "accessionregistersummary", "accessionregistersymbolic", "agencies", "archiveunitprofile", "context", "fileformat", "filerules", "griffin", "ingestcontract", "managementcontract", "ontology", "preservationscenario", "profile", "securityprofile"] %}
{% if vitam_elasticsearch_tenant_indexation.masterdata[collection] is defined %}
  {{collection}}:
{% if vitam_elasticsearch_tenant_indexation.masterdata[collection].number_of_shards is defined %}
    number_of_shards: {{ vitam_elasticsearch_tenant_indexation.masterdata[collection].number_of_shards }}
{% endif %}
{% if vitam_elasticsearch_tenant_indexation.masterdata[collection].number_of_replicas is defined %}
    number_of_replicas: {{ vitam_elasticsearch_tenant_indexation.masterdata[collection].number_of_replicas }}
{% endif %}
{% endif %}
{% endfor %}

metadataIndexationSettings:

  default_config:
    unit:
      number_of_shards: {{ vitam_elasticsearch_tenant_indexation.default_config.unit.number_of_shards }}
      number_of_replicas: {{ vitam_elasticsearch_tenant_indexation.default_config.unit.number_of_replicas }}
    objectgroup:
      number_of_shards: {{ vitam_elasticsearch_tenant_indexation.default_config.objectgroup.number_of_shards }}
      number_of_replicas: {{ vitam_elasticsearch_tenant_indexation.default_config.objectgroup.number_of_replicas }}

{% if vitam_elasticsearch_tenant_indexation.dedicated_tenants is defined and vitam_elasticsearch_tenant_indexation.dedicated_tenants is not none %}
  dedicated_tenants:
{% for entry in vitam_elasticsearch_tenant_indexation.dedicated_tenants %}
{% if (entry.unit is defined and (entry.unit.number_of_shards is defined or entry.unit.number_of_replicas is defined)) or
      (entry.objectgroup is defined and (entry.objectgroup.number_of_shards is defined or entry.objectgroup.number_of_replicas is defined)) %}
  - tenants: '{{ entry.tenants }}'
{% if entry.unit is defined %}
    unit:
{% if entry.unit.number_of_shards is defined %}
      number_of_shards: {{ entry.unit.number_of_shards }}
{% endif %}
{% if entry.unit.number_of_replicas is defined %}
      number_of_replicas: {{ entry.unit.number_of_replicas }}
{% endif %}
{% endif %}
{% if entry.objectgroup is defined %}
    objectgroup:
{% if entry.objectgroup.number_of_shards is defined %}
      number_of_shards: {{ entry.objectgroup.number_of_shards }}
{% endif %}
{% if entry.objectgroup.number_of_replicas is defined %}
      number_of_replicas: {{ entry.objectgroup.number_of_replicas }}
{% endif %}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}

{% if vitam_elasticsearch_tenant_indexation.grouped_tenants is defined and vitam_elasticsearch_tenant_indexation.grouped_tenants is not none %}
  grouped_tenants:
{% for entry in vitam_elasticsearch_tenant_indexation.grouped_tenants %}
{% if (entry.unit is defined and (entry.unit.number_of_shards is defined or entry.unit.number_of_replicas is defined)) or
      (entry.objectgroup is defined and (entry.objectgroup.number_of_shards is defined or entry.objectgroup.number_of_replicas is defined)) %}
  - name: '{{ entry.name }}'
    tenants: '{{ entry.tenants }}'
{% if entry.unit is defined %}
    unit:
{% if entry.unit.number_of_shards is defined %}
      number_of_shards: {{ entry.unit.number_of_shards }}
{% endif %}
{% if entry.unit.number_of_replicas is defined %}
      number_of_replicas: {{ entry.unit.number_of_replicas }}
{% endif %}
{% endif %}
{% if entry.objectgroup is defined %}
    objectgroup:
{% if entry.objectgroup.number_of_shards is defined %}
      number_of_shards: {{ entry.objectgroup.number_of_shards }}
{% endif %}
{% if entry.objectgroup.number_of_replicas is defined %}
      number_of_replicas: {{ entry.objectgroup.number_of_replicas }}
{% endif %}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}

logbookIndexationSettings:
  default_config:
    logbookoperation:
      number_of_shards: {{ vitam_elasticsearch_tenant_indexation.default_config.logbookoperation.number_of_shards }}
      number_of_replicas: {{ vitam_elasticsearch_tenant_indexation.default_config.logbookoperation.number_of_replicas }}

{% if vitam_elasticsearch_tenant_indexation.dedicated_tenants is defined and vitam_elasticsearch_tenant_indexation.dedicated_tenants is not none %}
  dedicated_tenants:
{% for entry in vitam_elasticsearch_tenant_indexation.dedicated_tenants %}
{% if (entry.logbookoperation is defined and (entry.logbookoperation.number_of_shards is defined or entry.logbookoperation.number_of_replicas is defined)) %}
  - tenants: '{{ entry.tenants }}'
    logbookoperation:
{% if entry.logbookoperation.number_of_shards is defined %}
      number_of_shards: {{ entry.logbookoperation.number_of_shards }}
{% endif %}
{% if entry.logbookoperation.number_of_replicas is defined %}
      number_of_replicas: {{ entry.logbookoperation.number_of_replicas }}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}

{% if vitam_elasticsearch_tenant_indexation.grouped_tenants is defined and vitam_elasticsearch_tenant_indexation.grouped_tenants is not none %}
  grouped_tenants:
{% for entry in vitam_elasticsearch_tenant_indexation.grouped_tenants %}
{% if (entry.logbookoperation is defined and (entry.logbookoperation.number_of_shards is defined or entry.logbookoperation.number_of_replicas is defined)) %}
  - name: '{{ entry.name }}'
    tenants: '{{ entry.tenants }}'
    logbookoperation:
{% if entry.logbookoperation.number_of_shards is defined %}
      number_of_shards: {{ entry.logbookoperation.number_of_shards }}
{% endif %}
{% if entry.logbookoperation.number_of_replicas is defined %}
      number_of_replicas: {{ entry.logbookoperation.number_of_replicas }}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}

8.2.4.2.7. Fichier ingest-external-client.conf

serverHost: {{ vitam.ingestexternal.host }}
serverPort: {{ vitam.ingestexternal.port_service }}
secure: true
sslConfiguration :
 keystore :
  - keyPath: {{ vitam_folder_conf }}/keystore_{{ vitam_struct.vitam_component }}.p12
    keyPassword: {{ keystores.client_external.ihm_recette }}
 truststore :
  - keyPath: {{ vitam_folder_conf }}/truststore_{{ vitam_struct.vitam_component }}.jks
    keyPassword: {{ truststores.client_external }}
hostnameVerification: false

8.2.4.2.8. Fichier shiro.ini

[main]

{% if vitam_struct.secure_mode == 'x509' %}
x509 = fr.gouv.vitam.common.auth.web.filter.X509AuthenticationFilter

x509.useHeader = {{ vitam_ssl_user_header }}

x509credentialsMatcher = fr.gouv.vitam.common.auth.core.authc.X509CredentialsSha256Matcher

x509Realm = fr.gouv.vitam.common.auth.core.realm.X509KeystoreFileRealm
x509Realm.grantedKeyStoreName = {{ vitam_folder_conf }}/grantedstore_ihm-recette.jks
x509Realm.grantedKeyStorePassphrase = {{ password_grantedstore }}
x509Realm.trustedKeyStoreName = {{ vitam_folder_conf }}/truststore_ihm-recette.jks
x509Realm.trustedKeyStorePassphrase = {{ password_truststore }}
x509Realm.credentialsMatcher = $x509credentialsMatcher
securityManager.realm = $x509Realm
securityManager.subjectDAO.sessionStorageEvaluator.sessionStorageEnabled = false
[urls]
/v1/api/** = x509

{% else %}
# Objects and their properties are defined here,
# Such as the securityManager, Realms and anything
# else needed to build the SecurityManager
# credentialsMatcher
sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
iniRealm.credentialsMatcher = $sha256Matcher
# Cache Manager
builtInCacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
# Security Manager
securityManager.cacheManager = $builtInCacheManager
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionMode=native
securityManager.sessionManager.globalSessionTimeout = {{ vitam_struct.session_timeout }}
securityManager.sessionManager.sessionIdUrlRewritingEnabled = false 
securityManager.sessionManager.sessionIdCookie.secure = {{ vitam_struct.secure_cookie }}
securityManager.rememberMeManager.cookie.secure = {{ vitam_struct.secure_cookie }}
securityManager.rememberMeManager.cookie.httpOnly = true
# Notice how we didn't define the class for the FormAuthenticationFilter ('authc') - it is instantiated and available already:
authc.loginUrl = /#!/login
[users]
# The 'users' section is for simple deployments
# when you only need a small number of statically-defined
# set of User accounts.
#username = password
{% for item in vitam_users %}
{% if item.role == "admin" %}
{{ item.login }}={{ item.password|hash('sha256') }}
{% endif %}
{% endfor %}
[roles]
# The 'roles' section is for simple deployments
# when you only need a small number of statically-defined
# roles.
[urls]
# make sure the end-user is authenticated.  If not, redirect to the 'authc.loginUrl' above,
# and after successful authentication, redirect them back to the original account page they
# were trying to view:
/v1/api/login = anon
/v1/api/logout = logout
/v1/api/securemode = anon
/** = authc

{% endif %}

8.2.4.2.9. Fichier static-offer.json

{% if vitam.storageofferdefault.https_enabled==true %}
    {% set protocol = 'https' %}
{% else %}
    {% set protocol = 'http' %}
{% endif %}
[
{% for item in all_used_offers %}
{
{% if item.id is defined %}
    "id" : "{{ item.id }}",
{% else %}
    "id" : "{{ item.name }}.service.{{ item.vitam_site_name |default(vitam_site_name) }}.{{ consul_domain }}",
{% endif %}
    "baseUrl" : "{{ protocol }}://{{ item.name }}.service.{{ item.vitam_site_name |default(vitam_site_name) }}.{{ consul_domain }}:{{ vitam.storageofferdefault.port_service }}",
    {% if item.asyncRead is defined %} "asyncRead": {{item.asyncRead|lower }}, {% endif %}
    "parameters" : {
        {% if vitam.storageofferdefault.https_enabled==true %}
        "keyStore-keyPath": "{{ vitam_folder_conf }}/keystore_storage.p12",
        "keyStore-keyPassword": "{{ keystores.client_storage.storage }}",
        "trustStore-keyPath": "{{ vitam_folder_conf }}/truststore_storage.jks",
        "trustStore-keyPassword": "{{ truststores.client_storage }}"
        {% endif %}
    }
}
{% if not loop.last %},
{% endif %}
{% endfor %}
]

8.2.4.2.10. Fichier static-strategy.json

[
    {
        "id" : "default",
        "offers" : [
{% for item in vitam_strategy %}
{% if item.id is defined %}
            {"id" : "{{ item.id }}"{% if item.referent is defined %}{% if item.referent|lower == "true" %}, "referent" : true{% endif %}{% endif %}{% if item.status is defined %}, "status" :  "{{ item.status| upper }}" {% endif %}}{% if not loop.last %},{% endif %}
{% else %}
            {"id" : "{{ item.name }}.service.{{ item.vitam_site_name |default(vitam_site_name) }}.{{ consul_domain }}"{% if item.referent is defined %}{% if item.referent|lower == "true" %}, "referent" : true{% endif %}{% endif %}{% if item.status is defined %}, "status" :  "{{ item.status| upper }}" {% endif %}}{% if not loop.last %},{% endif %}
{% endif %}
{% endfor %}
        ]
    }
    {% if other_strategies is defined %}
    {% for strategy_name, strategy_offers in other_strategies.iteritems() %}
    ,
    {
        "id" : "{{ strategy_name }}",
        "offers" : [
            {% for strategy_offer in strategy_offers %}
            {"id" : "{{ strategy_offer.name }}.service.{{ strategy_offer.vitam_site_name |default(vitam_site_name) }}.{{ consul_domain }}"{% if strategy_offer.referent is defined %}{% if strategy_offer.referent|lower == "true" %}, "referent" : true{% endif %}{% endif %}{% if strategy_offer.status is defined %}, "status" :  "{{ strategy_offer.status| upper }}" {% endif %}}{% if not loop.last %},{% endif %}
            {% endfor %}
        ]
    }
    {% endfor %}
    {% endif %}

]

8.2.4.2.11. Fichier storage-client.conf

serverHost: {{ vitam.storageengine.host }}
serverPort: {{ vitam.storageengine.port_service }}

8.2.4.2.12. Fichier storage.conf

urlWorkspace: {{ vitam.workspace | client_url }}
timeoutMsPerKB: 100
jettyConfig: jetty-config.xml
zippingDirecorty: {{ vitam_folder_data }}/storage_archives
loggingDirectory: {{ vitam_folder_log }}

8.2.4.2.13. Fichier storage-offer.conf

strategy_name=[{% for item in vitam_strategy %}"{{ item.name }}.service.{{ consul_domain }}"{% if not loop.last %},{% endif %}{% endfor %}]

8.2.4.2.14. Fichier tnr.conf

urlWorkspace: {{vitam.workspace | client_url}}
tenantsTest: [ "0" ]
vitamSecret: {{ plateforme_secret }}
tenants: [ "{{ vitam_tenant_ids | join('", "') }}" ]
adminTenant: {{ vitam_tenant_admin }}