mirror of
https://github.com/ovh/the-bastion.git
synced 2025-01-08 00:12:10 +08:00
52 lines
2.6 KiB
Text
52 lines
2.6 KiB
Text
###################################################################
|
|
## Config for /opt/bastion/bin/admin/osh-sync-watcher.sh, the daemon
|
|
## responsible for ensuring secondaries bastions are kept up to date
|
|
## from the primary.
|
|
## As it'll be sourced, THIS FILE MUST BE A VALID SHELL SCRIPT.
|
|
###################################################################
|
|
#
|
|
# > Logging
|
|
# >> These options configure the way the daemon logs its actions
|
|
#
|
|
# logdir (string)
|
|
# DESC: Directory where the logs will be written to. Note that using this configuration option, the script will directly write to a file, without using syslog. If empty, won't log directly to a file.
|
|
# DEFAULT: ""
|
|
logdir=""
|
|
#
|
|
# syslog (string)
|
|
# DESC: The syslog facility to use for logging the script output. If set to the empty string, we'll not log through syslog at all. If this configuration option is missing from your config file altogether, the default value will be used (local6), which means that we'll log to syslog.
|
|
# DEFAULT: "local6"
|
|
syslog="local6"
|
|
#
|
|
# > Daemon setup
|
|
# >> These options configure whether the synchronization daemon is enabled
|
|
#
|
|
# enabled (int)
|
|
# DESC: If set to anything else than ``1``, the daemon will refuse to start (e.g. you don't have secondary bastions). You can set this to ``1`` when you've configured and tested the primary/secondaries setup.
|
|
# DEFAULT: 0
|
|
enabled=0
|
|
#
|
|
# timeout (int > 0)
|
|
# DESC: The maximum delay, in seconds, after which we'll forcefully synchronize our data to the secondaries, even if no change was detected.
|
|
# DEFAULT: 120
|
|
timeout=120
|
|
#
|
|
# > Remote synchronization
|
|
# >> These options configure how the primary bastion should push its configuration to the secondaries
|
|
#
|
|
# rshcmd (string)
|
|
# DESC: This value will be passed as the ``--rsh`` parameter of ``rsync`` (don't use ``-p`` to specify the port heree, use the ``remotehostlist`` config below instead), this can be used to specify which SSH key to use, for example. Note that this option is mandatory (if you don't have anything to specify here, you can just say ``ssh``).
|
|
# DEFAULT: ""
|
|
# EXAMPLE: "ssh -q -i /root/.ssh/id_master2slave"
|
|
rshcmd=""
|
|
#
|
|
# remoteuser (string)
|
|
# DESC: The remote user to connect as, using ``ssh`` while rsyncing to secondaries. You probably don't need to change this.
|
|
# DEFAULT: "bastionsync"
|
|
remoteuser="bastionsync"
|
|
#
|
|
# remotehostlist (space-separated list of strings, each string being either 'ip' or 'ip:port')
|
|
# DESC: The list of the secondary bastions to push our data to. If this list is empty, the daemon won't do anything.
|
|
# DEFAULT: ""
|
|
# EXAMPLE: "192.0.2.17 192.0.2.12:2244"
|
|
remotehostlist=""
|