Configuration reference

The following settings are configurable via Hiera in your Bolt project.

To update Continuous Delivery with new configuration values, make edits to data/common.yaml and run the cd4peadm::apply_configuration plan.

  • targets: A map containing three keys, one for each Continuous Delivery component: backend, database, and ui. Each value is an array of the targets on which to install each of the components.
    We only support an all-in-one install, so all components must be installed on the same single target. When running the cd4peadm::install plan, these are populated with the selected target from the inventory.
  • admin_db_password: The overarching root password for managing a Postgres database. Can be automatically configured by the bootstrap plan.
  • cd4pe_db_username: The username for the database that stores the main app data. Defaults to cd4pe
  • cd4pe_db_password: The password for the database that stores the main app data.
  • query_db_username: The username for the database that stores data for the Nodes page. Defaults to query.
  • query_db_password: The password for the database that stores data for the Nodes page.
  • root_username: The username for the root Continuous Delivery account. Defaults to admin
  • root_password: The password to the root Continuous Delivery account.
  • runtime: The container runtime to use on the target host. Can be docker or podman. Defaults to docker
  • secret_key: The key used to encrypt secret data in the database. Automatically generated.
  • backup_dir: The directory where backups are stored. Defaults to /var/lib/puppetlabs/cd4pe/backups.
  • containers: A map containing four keys, one for each of the component containers:
    • pipelinesinfra: The container for the backend application. Has the following options:
      • log_level: Configures backend logging. Value can be info, debug, or trace. Defaults to info
      • max_log_size_mb: The size a log file can grow to before rotation, in megabytes. Defaults to 200MB.
      • keep_log_files: The number of past log files to keep after rotation. Defaults to 5.
      • extra_parameters: Extra flags to pass to the command that runs this container.
    • teams_ui: The container for the web UI. Has the following options:
      • max_log_size_mb: The size a log file can grow to before rotation, in megabytes. Defaults to 100MB.
      • keep_log_files: The number of past log files to keep after rotation. Defaults to 3.
      • extra_parameters: Extra flags to pass to the command that runs this container.
    • postgres: The container for the database. Has the following options:
      • log_level: Configures database logging. Value can be INFO, NOTICE, WARNING, or ERROR. Defaults to ERROR.
      • max_log_size_mb: The size a log file can grow to before rotation, in megabytes. Defaults to 100MB.
      • keep_log_files: The number of past log files to keep after rotation. Defaults to 3.
      • extra_parameters: Extra flags to pass to the command that runs this container.
    • query: The container for the query service, which backs the Nodes page. Has the following options:
      • log_level: Configures query service logging. Value can be INFO, DEBUG, or TRACE. Defaults to DEBUG
      • max_log_size_mb: The size a log file can grow to before rotation, in megabytes. Defaults to 100MB.
      • keep_log_files: The number of past log files to keep after rotation. Defaults to 3.
      • extra_parameters: Extra flags to pass to the command that runs this container.
  • java_args: Arguments to pass to the JVM that runs Continuous Delivery's backend. Defaults to -Xmx1024M -Xms1024M
  • webhook_port: Port to use for the webhook service. Defaults to 8000.

  • enable_ssl_webhooks: Whether to enable SSL for webhooks. Defaults to false.

  • job_http_read_timeout_mins: The timeout for web requests made from jobs. Defaults to 29 minutes.
  • job_global_timeout_mins: The overall timeout for a running job. Defaults to 30 minutes.
  • bolt_pcp_timeout_secs: The timeout for Bolt's PCP transport. Used during jobs to contact the PE Orchestrator. Defaults to 60 seconds.
  • http_connection_timeout_secs: The connection timeout for external HTTP requests. Defaults to 120 seconds.
  • http_read_timeout_secs: The read timeout for external HTTP requests. Defaults to 120 seconds.
  • http_write_timeout_secs: The write timeout for external HTTP requests. Defaults to 120 seconds.
  • http_request_timeout_secs: The total amount of time an external HTTP request stays open. Defaults to 300 seconds.
  • puppetdb_connection_timeout_secs: The total amount of time a connection to PuppetDB stays open. Defaults to the value of http_connection_timeout_secs
  • repo_caching: Whether to enable Git repository caching, which can improve job performance if the repos are large. Defaults to false.
  • repo_cache_retrieval_timeout_mins: The timeout for a thread waiting to access a cached repo. Only used when repo caching is enabled. Defaults to 28 minutes.
  • max_login_attempts: The max number of login attempts before locking out a user. Defaults to 10.
  • failed_login_attempt_period_mins: The amount of time to watch for failed login attempts by a user. Defaults to 15 minutes.
  • lockout_period_mins: The amount of time to lock out a user from attempting to log in. Defaults to 120 minutes.
  • query_complexity_limit: Controls compound filtering in the query service, sometimes tuned for performance reasons. Defaults to 100.
    The ssl_cert_chain, ssl_crl, and ssl_private_key are used for custom TLS certificates.
  • ssl_cert_chain: User-provided certificate chain including a CA and leaf certificates for the Continuous Delivery host.
  • ssl_crl: The CRL that the provided CA is associated with.
  • ssl_private_key: The private key used to sign the provided certificate chain.
  • enable_ssl_webhooks: Enables SSL verification on webhooks. Defaults to false.