Configuration files¶
The following configuration files are used by Beaker. Each setting in the configuration file has an explanatory comment, and the default value for the setting is shown commented out.
/etc/beaker/server.cfg¶
This is the main configuration file for beakerd and the web application, including database connection settings.
[global]
# This defines the URL prefix under which the Beaker web application will be
# served. This must match the prefix used in the Alias and WSGIScriptAlias
# directives in /etc/httpd/conf.d/beaker-server.conf.
# The default configuration places the application at: http://example.com/bkr/
server.webpath = "/bkr/"
# Database connection URI for Beaker's database, in the form:
# <driver>://<user>:<password>@<hostname>:<port>/<database>?<options>
# The charset=utf8 option is required for proper Unicode support.
# The pool_recycle setting is required for MySQL, which will (by default)
# terminate idle client connections after 10 hours.
sqlalchemy.dburi = "mysql://beaker:beaker@localhost/beaker?charset=utf8"
sqlalchemy.pool_recycle = 3600
# If you want to send read-only report queries to a separate backup
# database, configure it here. If not configured, report queries will
# fall back to using the main Beaker database (above).
#reports_engine.dburi = "mysql://beaker_ro:beaker_ro@dbbackup/beaker?charset=utf8"
#reports_engine.pool_recycle = 3600
# Set to True to enable sending emails.
#mail.on = False
# TurboMail transport to use. The default 'smtp' sends mails over SMTP to the
# server configured below. Other transports may be available as TurboMail
# extension packages.
#mail.transport = "smtp"
# SMTP server where mails should be sent. By default we assume there is an
# SMTP-capable MTA running on the local host.
#mail.smtp.server = "127.0.0.1"
# The address which will appear as the From: address in emails sent by Beaker.
#beaker_email = "root@localhost.localdomain"
# If this is set to a value greater than zero, Beaker will enforce a limit on
# the number of concurrently running power/provision commands in each lab. Set
# this option if you have a lab with many machines and are concerned about
# a flood of commands overwhelming your lab controller.
#beaker.max_running_commands = 10
# Timeout for authentication tokens. After this many minutes of inactivity
# users will be required to re-authenticate.
#visit.timeout = 360
# Secret key for encrypting authentication tokens. Set this to a very long
# random string and DO NOT disclose it. Changing this value will invalidate all
# existing tokens and force users to re-authenticate.
# If not set, a secret key will be generated and stored in /var/lib/beaker,
# however this configuration impacts performance therefore you should supply
# a secret key here.
#visit.token_secret_key = ""
# Enable LDAP for user account lookup and password authentication.
#identity.ldap.enabled = False
# URI of LDAP directory.
#identity.soldapprovider.uri = "ldaps://ldap.domain.com"
# Base DN for looking up user accounts.
#identity.soldapprovider.basedn = "dc=domain,dc=com"
# If set to True, Beaker user acounts will be automatically created on demand
# if they exist in LDAP. Account attributes are populated from LDAP.
#identity.soldapprovider.autocreate = False
# Timeout (seconds) for LDAP lookups.
#identity.soldapprovider.timeout = 20
# Server principal and keytab for Kerberos authentication. If using Kerberos
# authentication, this must match the mod_auth_kerb configuration in
# /etc/httpd/conf.d/beaker-server.conf.
#identity.krb_auth_principal = "HTTP/hostname@EXAMPLE.COM"
#identity.krb_auth_keytab = "/etc/krb5.keytab"
# Automatically create user accounts if the user successfully authenticates
# via Apache but there is no matching account in Beaker. The automatic creation
# will only happen if REMOTE_USER_FULLNAME and REMOTE_USER_EMAIL variables are
# also populated in the WSGI environment.
# mod_lookup_identity and mod_auth_mellon can be configured to do this.
#identity.autocreate = True
# These are used when generating absolute URLs (e.g. in e-mails sent by Beaker)
# You should only have to set this if socket.gethostname() returns the wrong
# name, for example if you are using CNAMEs.
#tg.url_domain = "beaker.example.com"
#tg.url_scheme = "http"
# If your scheduler is multi-homed and has a different hostname for your test
# machines you can use the tg.lab_domain variable here to specify it.
# If tg.lab_domain is not set it will fall back to tg.url_domain, and if that's
# not set it will fall back to socket.gethostname().
#tg.lab_domain = "this.hostname.from.lab.domain"
# Tag for distros which are considered "reliable".
# Broken system detection logic will be activated for distros with this tag
# (see the bkr.server.model:System.suspicious_abort method). Leave this unset
# to deactivate broken system detection.
#beaker.reliable_distro_tag = "RELEASED"
# The contents of this file will be displayed to users on every page in Beaker.
# If it exists, it must contain a valid HTML fragment (e.g. <span>...</span>).
#beaker.motd = "/etc/beaker/motd.xml"
# The URL of a page describing your organisation's policies for reserving
# Beaker machines. If configured, a message will appear on the reserve workflow
# page, warning users to adhere to the policy with a hyperlink to this URL. By
# default no message is shown.
#beaker.reservation_policy_url = "http://example.com/reservation-policy"
# These install options are used as global defaults for every provision. They
# can be overriden by options on the distro tree, the system, or the recipe.
#beaker.ks_meta = ""
#beaker.kernel_options = ""
#beaker.kernel_options_post = ""
# When generating MAC addresses for virtual systems, Beaker will always pick
# the lowest free address starting from this base address.
#beaker.base_mac_addr = "52:54:00:00:00:00"
# Beaker increases the priority of recipes when it detects that they match only
# one candidate system. You can disable this behaviour here.
#beaker.priority_bumping_enabled = True
# When generating RPM repos, we can configure what utility to use. The
# createrepo_c implementation is chosen by default: it is faster and more
# memory-efficient. The original createrepo command can also be used.
#beaker.createrepo_command = "createrepo_c"
# If you have set up a log archive server (with beaker-transfer) and it
# requires HTTP digest authentication for deleting old logs, set the username
# and password here.
#beaker.log_delete_user = "log-delete"
#beaker.log_delete_password = "examplepassword"
# If carbon.address is set, Beaker will send various metrics to carbon
# (collection daemon for Graphite) at the given address. The address must be
# a tuple of (hostname, port).
# The value of carbon.prefix is prepended to all names used by Beaker.
#carbon.address = ('graphite.example.invalid', 2023)
#carbon.prefix = 'beaker.'
# Use OpenStack for running recipes on dynamically created guests.
# Beaker uses the credentials given here to authenticate on OpenStack,
# when creating OpenStack instances on behalf of users.
#openstack.identity_api_url = 'https://openstack.example.com:13000/v3'
#openstack.dashboard_url = 'https://openstack.example.com/dashboard/'
#openstack.username = ""
#openstack.password = ""
# The user domain name when authenticating on OpenStack. If not provided, Beaker
# will not provide a domain name when connecting to OpenStack. This option is
# required if the OpenStack instance has been configured to require a domain name.
#openstack.user_domain_name = ""
# OpenStack external network name for the instance. If not provided, Beaker
# will search for an external network and use the first one it finds.
#openstack.external_network_name = ""
# Beaker will attempt to set up a floating IP address for a newly created
# instance by default. You can disable this behavior here. If set to False,
# the Beaker code will use the IP address assigned when the instance is
# created as the public IP address of the instance.
#openstack.create_floating_ip = True
# Set this to limit the Beaker web application's address space to the given
# size (in bytes). This may be helpful to catch excessive memory consumption by
# Beaker. On large deployments 1500000000 is a reasonable value.
# By default no address space limit is enforced.
#rlimit_as=
# These limits are applied to all running recipes. They are intended as
# a last-resort sanity check, to prevent a runaway task from accidentally
# producing so many results that it can cause problems elsewhere in Beaker (for
# example, excessive memory usage when rendering the results).
# Setting a limit to 0 means the limit will not be enforced.
#beaker.max_results_per_recipe = 7500
#beaker.max_logs_per_recipe = 7500
# OS major names to try (in order of preference) for running inventory jobs on systems.
# The default list includes RHEL, CentOS, and Fedora is suitable in most cases.
# If you have special systems which do not support any of RHEL, CentOS, or Fedora
# then you may need to extend the default list.
#beaker.inventory_osmajors = ['RedHatEnterpriseLinux7', ...]
# AMQ messaging
# If amq attributes are set, Beaker will send updates via AMQ messages
#amq.url = amqps://broker01.example.com
#amq.cert = /etc/beaker/cert.pem
#amq.key = /etc/beaker/key.pem
#amq.cacerts = /etc/pki/tls/certs/ca-bundle.crt
#amq.topic_prefix = VirtualTopic.eng.beaker
/etc/beaker/labcontroller.conf¶
The main configuration file for the lab controller daemons.
# Hub xml-rpc address.
#HUB_URL = "https://localhost:8080"
HUB_URL = "http://localhost/bkr"
# Hub authentication method. Example: krbv, password
AUTH_METHOD = "password"
#AUTH_METHOD = "krbv"
# Username and password
USERNAME = "host/localhost.localdomain"
PASSWORD = "password"
# Kerberos service prefix. Example: host, HTTP
KRB_SERVICE = "HTTP"
# Kerberos realm. If commented, last two parts of domain name are used. Example: MYDOMAIN.COM.
KRB_REALM = "DOMAIN.COM"
# By default, job logs are stored locally on the lab controller.
# If you have set up an archive server to store job logs, uncomment and
# configure the following settings. You will also need to enable the
# beaker-transfer daemon to move logs to the archive server.
#ARCHIVE_SERVER = "http://archive-example.domain.com/beaker"
#ARCHIVE_BASEPATH = "/var/www/html/beaker"
#ARCHIVE_RSYNC = "rsync://USER@HOST/var/www/html/beaker"
#RSYNC_FLAGS = "-ar --password-file /root/rsync-secret.txt"
# How often to renew our session on the server
#RENEW_SESSION_INTERVAL = 300
# Root directory served by the TFTP server. Netboot images and configs will be
# placed here.
TFTP_ROOT = "/var/lib/tftpboot"
# URL scheme used to generate absolute URLs for this lab controller.
# It is used for job logs served by Apache. Set it to 'https' if you have
# configured Apache for SSL and you want logs to be served over SSL.
#URL_SCHEME = "http"
# Fully qualified domain name of *this* system (not the Beaker server).
# Defaults to socket.gethostname(). Ordinarily that is sufficient, unless you
# have registered this lab controller with Beaker under a CNAME.
#URL_DOMAIN = "localhost.invalid"
# Location where the console logs are stored. Beaker will look in that
# directory for files that start with the Fully Qualified Domain Name (FQDN) of
# the system.
# For example:
# If CONSOLE_LOGS=/var/consoles/ and the FQDN=test.example.com
#
# Then the following files will be logged as console files:
# /var/consoles/test.example.com -> console.log
# /var/consoles/test.example.com-bmc -> console-bmc.log
# /var/consoles/test.example.com-serial2 -> console-serial2.log
#
#CONSOLE_LOGS = "/var/consoles"
Other configuration files installed by Beaker¶
The following configuration files are also installed by Beaker. The defaults provided by these files are suitable for most deployments, but you can tweak these settings if desired.
- /etc/httpd/conf.d/beaker-server.conf
- Apache configuration for serving the web application. You can modify this if you need to adjust authentication or mod_wsgi settings, or if you want to serve the web application at a path other than the default (/bkr/).
- /etc/httpd/conf.d/beaker-lab-controller.conf
- Apache configuration for serving job logs cached on the lab controller.
- /etc/cron.d/beaker, /etc/cron.hourly/beaker_expire_distros
- Scheduled jobs which are required for Beaker’s operation.
- /etc/rsyslog.d/beaker-server.conf, /etc/rsyslog.d/beaker-lab-controller.conf
- Configuration for rsyslog to send Beaker log messages to the relevant files in /var/log/beaker.
- /etc/logrotate.d/beaker
- Configuration for logrotate to rotate log files in /var/log/beaker.
- /etc/sudoers.d/beaker_proxy_clear_netboot
- Configuration for sudo to grant beaker-proxy heightened privileges to clear netboot configuration in /var/lib/tftpboot.