Configuration reference

The following settings are configurable via Hiera in your Bolt project.

To update Continuous Delivery with new configuration values, make edits to data/common.yaml and run the cd4peadm::apply_configuration plan.

  • targets: A map containing three keys, one for each Continuous Delivery component: backend, database, and ui. Each value is an array of the targets on which to install each of the components.
    We only support an all-in-one install, so all components must be installed on the same single target. When running the cd4peadm::install plan, these are populated with the selected target from the inventory.
  • admin_db_password: The overarching root password for managing a Postgres database. Can be automatically configured by the bootstrap plan.
  • cd4pe_db_username: The username for the database that stores the main app data. Defaults to cd4pe
  • cd4pe_db_password: The password for the database that stores the main app data.
  • query_db_username: The username for the database that stores data for the Nodes page. Defaults to query.
  • query_db_password: The password for the database that stores data for the Nodes page.
  • root_username: The username for the root Continuous Delivery account. Defaults to admin
  • root_password: The password to the root Continuous Delivery account.
  • runtime: The container runtime to use on the target host. Can be docker or podman. Defaults to docker
  • secret_key: The key used to encrypt secret data in the database. Automatically generated.
  • backup_dir: The directory where backups are stored. Defaults to /var/lib/puppetlabs/cd4pe/backups.
  • containers: A map containing four keys, one for each of the component containers:
    • pipelinesinfra: The container for the backend application. Has the following options:
      • log_level: Configures backend logging. Value can be info, debug, or trace. Defaults to info
      • max_log_size_mb: The size a log file can grow to before rotation, in megabytes. Defaults to 200MB.
      • keep_log_files: The number of past log files to keep after rotation. Defaults to 5.
      • extra_parameters: Extra flags to pass to the command that runs this container.
    • teams_ui: The container for the web UI. Has the following options:
      • max_log_size_mb: The size a log file can grow to before rotation, in megabytes. Defaults to 100MB.
      • keep_log_files: The number of past log files to keep after rotation. Defaults to 3.
      • extra_parameters: Extra flags to pass to the command that runs this container.
    • postgres: The container for the database. Has the following options:
      • log_level: Configures database logging. Value can be INFO, NOTICE, WARNING, or ERROR. Defaults to ERROR.
      • max_log_size_mb: The size a log file can grow to before rotation, in megabytes. Defaults to 100MB.
      • keep_log_files: The number of past log files to keep after rotation. Defaults to 3.
      • extra_parameters: Extra flags to pass to the command that runs this container.
    • query: The container for the query service, which backs the Nodes page. Has the following options:
      • log_level: Configures query service logging. Value can be INFO, DEBUG, or TRACE. Defaults to DEBUG
      • max_log_size_mb: The size a log file can grow to before rotation, in megabytes. Defaults to 100MB.
      • keep_log_files: The number of past log files to keep after rotation. Defaults to 3.
      • extra_parameters: Extra flags to pass to the command that runs this container.
  • java_args: Arguments to pass to the JVM that runs Continuous Delivery's backend. Defaults to -Xmx1024M -Xms1024M

  • webhook_port: Port to use for the webhook service. Defaults to 8000.

  • enable_ssl_webhooks: Whether to enable SSL for webhooks. Defaults to false.

  • job_http_read_timeout_mins: The timeout for web requests made from jobs. Defaults to 29 minutes.
  • job_global_timeout_mins: The overall timeout for a running job. Defaults to 30 minutes.
  • bolt_pcp_timeout_secs: The timeout for Bolt's PCP transport. Used during jobs to contact the PE Orchestrator. Defaults to 60 seconds.
  • http_connection_timeout_secs: The connection timeout for external HTTP requests. Defaults to 120 seconds.
  • http_read_timeout_secs: The read timeout for external HTTP requests. Defaults to 120 seconds.
  • http_write_timeout_secs: The write timeout for external HTTP requests. Defaults to 120 seconds.
  • http_request_timeout_secs: The total amount of time an external HTTP request stays open. Defaults to 300 seconds.
  • puppetdb_connection_timeout_secs: The total amount of time a connection to PuppetDB stays open. Defaults to the value of http_connection_timeout_secs
  • repo_caching: Whether to enable Git repository caching, which can improve job performance if the repos are large. Defaults to false.
  • repo_cache_retrieval_timeout_mins: The timeout for a thread waiting to access a cached repo. Only used when repo caching is enabled. Defaults to 28 minutes.
  • pipelines_data_retention_period_days: The number of days to retain historical pipelines data, which includes pipeline runs, deployments, jobs, job logs, and impact analysis reports. When this is set to a value other than 0, Continuous Delivery runs a task on startup and every 24 hours which deletes data older than the configured retention period. By default this is set to 0, which retains historical pipelines data indefinitely.
  • value_reporting_data_retention_period_days: The number of days to retain historical value reporting data, which only includes the daily activity data on the Value reporting page. When this is set to a value other than 0, Continuous Delivery runs a task on startup and every 24 hours which deletes data older than the configured retention period. By default this is set to 0, which retains historical value reporting data indefinitely.
  • max_login_attempts: The max number of login attempts before locking out a user. Defaults to 10.
  • failed_login_attempt_period_mins: The amount of time to watch for failed login attempts by a user. Defaults to 15 minutes.
  • lockout_period_mins: The amount of time to lock out a user from attempting to log in. Defaults to 120 minutes.

  • nginx_proxy_timeout_secs: The timeout for how long NGINX waits for requests made to the Continuous Delivery backend service to complete. For example, the requests jobs make to download the control repo to the job runner. Defaults to 300 seconds.

  • query_complexity_limit: Controls compound filtering in the query service, sometimes tuned for performance reasons. Defaults to 100.
    The ssl_cert_chain, ssl_crl, and ssl_private_key are used for custom TLS certificates.
  • ssl_cert_chain: User-provided certificate chain including a CA and leaf certificates for the Continuous Delivery host.
  • ssl_crl: The CRL that the provided CA is associated with.
  • ssl_private_key: The private key used to sign the provided certificate chain.
  • enable_ssl_webhooks: Enables SSL verification on webhooks. Defaults to false.