8.2.10.2. Configuration / fichiers utiles¶
Les fichiers de configuration sont gérés par les procédures d’installation ou de mise à niveau de l’environnement VITAM. Se référer au DIN.
Les fichiers de configuration sont définis sous /vitam/conf/ihm-recette
.
8.2.10.2.1. Fichier access-external-client.conf
¶
Ce fichier permet de définir l’URL d’accès au service access-external.
serverHost: {{ vitam.accessexternal.host }}
serverPort: {{ vitam.accessexternal.port_service }}
secure: true
sslConfiguration :
keystore :
- keyPath: {{ vitam_folder_conf }}/keystore_{{ vitam_struct.vitam_component }}.p12
keyPassword: {{ keystores.client_external.ihm_recette }}
truststore :
- keyPath: {{ vitam_folder_conf }}/truststore_{{ vitam_struct.vitam_component }}.jks
keyPassword: {{ truststores.client_external }}
hostnameVerification: false
8.2.10.2.2. Fichier driver-location.conf
¶
driverLocation: {{ vitam_folder_lib }}
8.2.10.2.3. Fichier driver-mapping.conf
¶
driverMappingPath: {{ vitam_folder_data }}/
delimiter: ;
8.2.10.2.4. Fichier functional-administration-client.conf
¶
serverHost: {{ vitam.functional_administration.host }}
serverPort: {{ vitam.functional_administration.port_service }}
8.2.10.2.5. Fichier ihm-recette-client.conf
¶
serverHost: {{ vitam_struct.host }}
serverPort: {{ vitam_struct.port_service }}
8.2.10.2.6. Fichier ihm-recette.conf
¶
serverHost: {{ ip_service }}
port: {{ vitam_struct.port_service }}
baseUrl: "/{{ vitam_struct.baseuri }}"
baseUri: "/{{ vitam_struct.baseuri }}"
staticContent: "{{ vitam_struct.static_content }}"
jettyConfig: jetty-config.xml
authentication: true
enableXsrFilter: true
enableSession: true
secureMode:
{% for securemode in vitam_struct.secure_mode %}
- {{ securemode }}
{% endfor %}
sipDirectory: {{ vitam_folder_data }}/test-data
performanceReportDirectory: {{ vitam_folder_data }}/report/performance
testSystemSipDirectory: {{ vitam_folder_data }}/test-data/system
testSystemReportDirectory: {{ vitam_folder_data }}/report/system
ingestMaxThread: {{ ansible_processor_cores * ansible_processor_threads_per_core + 1 }}
#
workspaceUrl: {{vitam.workspace | client_url}}
# Configuration MongoDB
mongoDbNodes:
{% for server in groups['hosts_mongos_data'] %}
- dbHost: {{ hostvars[server]['ip_service'] }}
dbPort: {{ mongodb.mongos_port }}
{% endfor %}
# Actually need this field for compatibility
dbName: admin
# @integ: parametrize it !
masterdataDbName: masterdata
logbookDbName: logbook
metadataDbName: metadata
dbAuthentication: {{ mongodb.mongo_authentication }}
dbUserName: {{ mongodb['mongo-data']['admin']['user'] }}
dbPassword: {{ mongodb['mongo-data']['admin']['password'] }}
# ElasticSearch
clusterName: {{ vitam_struct.cluster_name }}
elasticsearchNodes:
{% for server in groups['hosts_elasticsearch_data'] %}
- hostName: {{ hostvars[server]['ip_service'] }}
httpPort: {{ elasticsearch.data.port_http }}
{% endfor %}
# ElasticSearch External Metadata Mapping
elasticsearchExternalMetadataMappings:
- collection: Unit
mappingFile: {{ vitam.ihm_recette.elasticsearch_mapping_dir }}/unit-es-mapping.json
- collection: ObjectGroup
mappingFile: {{ vitam.ihm_recette.elasticsearch_mapping_dir }}/og-es-mapping.json
# Functional Admin Configuration
functionalAdminAdmin:
functionalAdminServerHost: {{ vitam.functional_administration.host }}
functionalAdminServerPort: {{ vitam.functional_administration.port_admin }}
adminBasicAuth:
userName: {{ admin_basic_auth_user }}
password: {{ admin_basic_auth_password }}
# ES index configuration
functionalAdminIndexationSettings:
default_config:
number_of_shards: {{ vitam_elasticsearch_tenant_indexation.default_config.masterdata.number_of_shards }}
number_of_replicas: {{ vitam_elasticsearch_tenant_indexation.default_config.masterdata.number_of_replicas }}
{% for collection in ["accesscontract", "accessionregisterdetail", "accessionregistersummary", "accessionregistersymbolic", "agencies", "archiveunitprofile", "context", "fileformat", "filerules", "griffin", "ingestcontract", "managementcontract", "ontology", "preservationscenario", "profile", "securityprofile"] %}
{% if vitam_elasticsearch_tenant_indexation.masterdata[collection] is defined %}
{{collection}}:
{% if vitam_elasticsearch_tenant_indexation.masterdata[collection].number_of_shards is defined %}
number_of_shards: {{ vitam_elasticsearch_tenant_indexation.masterdata[collection].number_of_shards }}
{% endif %}
{% if vitam_elasticsearch_tenant_indexation.masterdata[collection].number_of_replicas is defined %}
number_of_replicas: {{ vitam_elasticsearch_tenant_indexation.masterdata[collection].number_of_replicas }}
{% endif %}
{% endif %}
{% endfor %}
metadataIndexationSettings:
default_config:
unit:
number_of_shards: {{ vitam_elasticsearch_tenant_indexation.default_config.unit.number_of_shards }}
number_of_replicas: {{ vitam_elasticsearch_tenant_indexation.default_config.unit.number_of_replicas }}
objectgroup:
number_of_shards: {{ vitam_elasticsearch_tenant_indexation.default_config.objectgroup.number_of_shards }}
number_of_replicas: {{ vitam_elasticsearch_tenant_indexation.default_config.objectgroup.number_of_replicas }}
{% if vitam_elasticsearch_tenant_indexation.dedicated_tenants is defined and vitam_elasticsearch_tenant_indexation.dedicated_tenants is not none %}
dedicated_tenants:
{% for entry in vitam_elasticsearch_tenant_indexation.dedicated_tenants %}
{% if (entry.unit is defined and (entry.unit.number_of_shards is defined or entry.unit.number_of_replicas is defined)) or
(entry.objectgroup is defined and (entry.objectgroup.number_of_shards is defined or entry.objectgroup.number_of_replicas is defined)) %}
- tenants: '{{ entry.tenants }}'
{% if entry.unit is defined %}
unit:
{% if entry.unit.number_of_shards is defined %}
number_of_shards: {{ entry.unit.number_of_shards }}
{% endif %}
{% if entry.unit.number_of_replicas is defined %}
number_of_replicas: {{ entry.unit.number_of_replicas }}
{% endif %}
{% endif %}
{% if entry.objectgroup is defined %}
objectgroup:
{% if entry.objectgroup.number_of_shards is defined %}
number_of_shards: {{ entry.objectgroup.number_of_shards }}
{% endif %}
{% if entry.objectgroup.number_of_replicas is defined %}
number_of_replicas: {{ entry.objectgroup.number_of_replicas }}
{% endif %}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
{% if vitam_elasticsearch_tenant_indexation.grouped_tenants is defined and vitam_elasticsearch_tenant_indexation.grouped_tenants is not none %}
grouped_tenants:
{% for entry in vitam_elasticsearch_tenant_indexation.grouped_tenants %}
{% if (entry.unit is defined and (entry.unit.number_of_shards is defined or entry.unit.number_of_replicas is defined)) or
(entry.objectgroup is defined and (entry.objectgroup.number_of_shards is defined or entry.objectgroup.number_of_replicas is defined)) %}
- name: '{{ entry.name }}'
tenants: '{{ entry.tenants }}'
{% if entry.unit is defined %}
unit:
{% if entry.unit.number_of_shards is defined %}
number_of_shards: {{ entry.unit.number_of_shards }}
{% endif %}
{% if entry.unit.number_of_replicas is defined %}
number_of_replicas: {{ entry.unit.number_of_replicas }}
{% endif %}
{% endif %}
{% if entry.objectgroup is defined %}
objectgroup:
{% if entry.objectgroup.number_of_shards is defined %}
number_of_shards: {{ entry.objectgroup.number_of_shards }}
{% endif %}
{% if entry.objectgroup.number_of_replicas is defined %}
number_of_replicas: {{ entry.objectgroup.number_of_replicas }}
{% endif %}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
logbookIndexationSettings:
default_config:
logbookoperation:
number_of_shards: {{ vitam_elasticsearch_tenant_indexation.default_config.logbookoperation.number_of_shards }}
number_of_replicas: {{ vitam_elasticsearch_tenant_indexation.default_config.logbookoperation.number_of_replicas }}
{% if vitam_elasticsearch_tenant_indexation.dedicated_tenants is defined and vitam_elasticsearch_tenant_indexation.dedicated_tenants is not none %}
dedicated_tenants:
{% for entry in vitam_elasticsearch_tenant_indexation.dedicated_tenants %}
{% if (entry.logbookoperation is defined and (entry.logbookoperation.number_of_shards is defined or entry.logbookoperation.number_of_replicas is defined)) %}
- tenants: '{{ entry.tenants }}'
logbookoperation:
{% if entry.logbookoperation.number_of_shards is defined %}
number_of_shards: {{ entry.logbookoperation.number_of_shards }}
{% endif %}
{% if entry.logbookoperation.number_of_replicas is defined %}
number_of_replicas: {{ entry.logbookoperation.number_of_replicas }}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
{% if vitam_elasticsearch_tenant_indexation.grouped_tenants is defined and vitam_elasticsearch_tenant_indexation.grouped_tenants is not none %}
grouped_tenants:
{% for entry in vitam_elasticsearch_tenant_indexation.grouped_tenants %}
{% if (entry.logbookoperation is defined and (entry.logbookoperation.number_of_shards is defined or entry.logbookoperation.number_of_replicas is defined)) %}
- name: '{{ entry.name }}'
tenants: '{{ entry.tenants }}'
logbookoperation:
{% if entry.logbookoperation.number_of_shards is defined %}
number_of_shards: {{ entry.logbookoperation.number_of_shards }}
{% endif %}
{% if entry.logbookoperation.number_of_replicas is defined %}
number_of_replicas: {{ entry.logbookoperation.number_of_replicas }}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
8.2.10.2.7. Fichier ingest-external-client.conf
¶
serverHost: {{ vitam.ingestexternal.host }}
serverPort: {{ vitam.ingestexternal.port_service }}
secure: true
sslConfiguration :
keystore :
- keyPath: {{ vitam_folder_conf }}/keystore_{{ vitam_struct.vitam_component }}.p12
keyPassword: {{ keystores.client_external.ihm_recette }}
truststore :
- keyPath: {{ vitam_folder_conf }}/truststore_{{ vitam_struct.vitam_component }}.jks
keyPassword: {{ truststores.client_external }}
hostnameVerification: false
8.2.10.2.8. Fichier shiro.ini
¶
[main]
{% if vitam_struct.secure_mode == 'x509' %}
x509 = fr.gouv.vitam.common.auth.web.filter.X509AuthenticationFilter
x509.useHeader = {{ vitam_ssl_user_header }}
x509credentialsMatcher = fr.gouv.vitam.common.auth.core.authc.X509CredentialsSha256Matcher
x509Realm = fr.gouv.vitam.common.auth.core.realm.X509KeystoreFileRealm
x509Realm.grantedKeyStoreName = {{ vitam_folder_conf }}/grantedstore_ihm-recette.jks
x509Realm.grantedKeyStorePassphrase = {{ password_grantedstore }}
x509Realm.trustedKeyStoreName = {{ vitam_folder_conf }}/truststore_ihm-recette.jks
x509Realm.trustedKeyStorePassphrase = {{ password_truststore }}
x509Realm.credentialsMatcher = $x509credentialsMatcher
securityManager.realm = $x509Realm
securityManager.subjectDAO.sessionStorageEvaluator.sessionStorageEnabled = false
[urls]
/v1/api/** = x509
{% else %}
# Objects and their properties are defined here,
# Such as the securityManager, Realms and anything
# else needed to build the SecurityManager
# credentialsMatcher
sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
iniRealm.credentialsMatcher = $sha256Matcher
# Cache Manager
builtInCacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
# Security Manager
securityManager.cacheManager = $builtInCacheManager
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionMode=native
securityManager.sessionManager.globalSessionTimeout = {{ vitam_struct.session_timeout }}
securityManager.sessionManager.sessionIdUrlRewritingEnabled = false
securityManager.sessionManager.sessionIdCookie.secure = {{ vitam_struct.secure_cookie }}
securityManager.rememberMeManager.cookie.secure = {{ vitam_struct.secure_cookie }}
securityManager.rememberMeManager.cookie.httpOnly = true
# Notice how we didn't define the class for the FormAuthenticationFilter ('authc') - it is instantiated and available already:
authc.loginUrl = /#!/login
[users]
# The 'users' section is for simple deployments
# when you only need a small number of statically-defined
# set of User accounts.
#username = password
{% for item in vitam_users %}
{% if item.role == "admin" %}
{{ item.login }}={{ item.password|hash('sha256') }}
{% endif %}
{% endfor %}
[roles]
# The 'roles' section is for simple deployments
# when you only need a small number of statically-defined
# roles.
[urls]
# make sure the end-user is authenticated. If not, redirect to the 'authc.loginUrl' above,
# and after successful authentication, redirect them back to the original account page they
# were trying to view:
/v1/api/login = anon
/v1/api/logout = logout
/v1/api/securemode = anon
/** = authc
{% endif %}
8.2.10.2.9. Fichier static-offer.json
¶
{% if vitam.storageofferdefault.https_enabled==true %}
{% set protocol = 'https' %}
{% else %}
{% set protocol = 'http' %}
{% endif %}
[
{% for item in all_used_offers %}
{
{% if item.id is defined %}
"id" : "{{ item.id }}",
{% else %}
"id" : "{{ item.name }}.service.{{ item.vitam_site_name |default(vitam_site_name) }}.{{ consul_domain }}",
{% endif %}
"baseUrl" : "{{ protocol }}://{{ item.name }}.service.{{ item.vitam_site_name |default(vitam_site_name) }}.{{ consul_domain }}:{{ vitam.storageofferdefault.port_service }}",
{% if item.asyncRead is defined %} "asyncRead": {{ item.asyncRead|lower }}, {% endif %}
"parameters" : {
{% if vitam.storageofferdefault.https_enabled==true %}
"keyStore-keyPath": "{{ vitam_folder_conf }}/keystore_storage.p12",
"keyStore-keyPassword": "{{ keystores.client_storage.storage }}",
"trustStore-keyPath": "{{ vitam_folder_conf }}/truststore_storage.jks",
"trustStore-keyPassword": "{{ truststores.client_storage }}"
{% endif %}
}
}
{% if not loop.last %},
{% endif %}
{% endfor %}
]
8.2.10.2.10. Fichier static-strategy.json
¶
[
{
"id" : "default",
"offers" : [
{% for item in vitam_strategy %}
{% if item.id is defined %}
{
"id" : "{{ item.id }}"{% if item.referent | default(false) | bool == true %}, "referent" : true{% endif %}{% if item.status is defined %}, "status" : "{{ item.status | upper }}" {% endif %}{% if item.rank is defined %}, "rank" : "{{ item.rank }}"{% endif %}
}{% if not loop.last %},{% endif %}
{% else %}
{
"id" : "{{ item.name }}.service.{{ item.vitam_site_name | default(vitam_site_name) }}.{{ consul_domain }}"{% if item.referent | default(false) | bool == true %}, "referent" : true{% endif %}{% if item.status is defined %}, "status" : "{{ item.status | upper }}" {% endif %}{% if item.rank is defined %}, "rank" : "{{ item.rank }}"{% endif %}
}{% if not loop.last %},{% endif %}
{% endif %}
{% endfor %}
]
}
{% if other_strategies is defined %}
{% for strategy_name, strategy_offers in other_strategies.items() %}
,
{
"id" : "{{ strategy_name }}",
"offers" : [
{% for strategy_offer in strategy_offers %}
{
"id" : "{{ strategy_offer.name }}.service.{{ strategy_offer.vitam_site_name | default(vitam_site_name) }}.{{ consul_domain }}"{% if strategy_offer.referent | default(false) | bool == true %}, "referent" : true{% endif %}{% if strategy_offer.status is defined %}, "status" : "{{ strategy_offer.status | upper }}" {% endif %}{% if strategy_offer.rank is defined %}, "rank" : "{{ strategy_offer.rank }}"{% endif %}
}{% if not loop.last %},{% endif %}
{% endfor %}
]
}
{% endfor %}
{% endif %}
]
8.2.10.2.11. Fichier storage-client.conf
¶
serverHost: {{ vitam.storageengine.host }}
serverPort: {{ vitam.storageengine.port_service }}
8.2.10.2.12. Fichier storage.conf
¶
urlWorkspace: {{ vitam.workspace | client_url }}
timeoutMsPerKB: 100
jettyConfig: jetty-config.xml
zippingDirecorty: {{ vitam_folder_data }}/storage_archives
loggingDirectory: {{ vitam_folder_log }}
8.2.10.2.13. Fichier storage-offer.conf
¶
strategy_name=[{% for item in vitam_strategy %}"{{ item.name }}.service.{{ consul_domain }}"{% if not loop.last %},{% endif %}{% endfor %}]
8.2.10.2.14. Fichier tnr.conf
¶
urlWorkspace: {{vitam.workspace | client_url}}
tenantsTest: [ "0" ]
vitamSecret: {{ plateforme_secret }}
tenants: [ "{{ vitam_tenant_ids | join('", "') }}" ]
adminTenant: {{ vitam_tenant_admin }}