# Automation Controller Nodes
# There are two valid node_types that can be assigned for this group.
# A node_type=control implies that the node will only be able to run
# project and inventory updates, but not regular jobs.
# A node_type=hybrid will have the ability to run everything.
# If you do not define the node_type, it defaults to hybrid.
#
# control.example node_type=control
# hybrid.example  node_type=hybrid
# hybrid2.example <- this will default to hybrid
[automationcontroller]

[automationcontroller:vars]
peers=execution_nodes


# Execution Nodes
# There are two valid node_types that can be assigned for this group.
# A node_type=hop implies that the node will forward jobs to an execution node.
# A node_type=execution implies that the node will be able to run jobs.
# If you do not define the node_type, it defaults to execution.
#
# hop.example        node_type=hop
# execution.example  node_type=execution
# execution2.example <- this will default to execution
[execution_nodes]

[automationhub]

[automationedacontroller]

[database]

# Single Sign-On
# If sso_redirect_host is set, that will be used for application to connect to
# SSO for authentication. This must be reachable from client machines.
#
# ssohost.example sso_redirect_host=<host/ip>
[sso]

[all:vars]
admin_password=''

pg_host=''
pg_port=5432

pg_database='awx'
pg_username='awx'
pg_password=''
pg_sslmode='prefer'  # set to 'verify-full' for client-side enforced SSL

# Managed Postgres Options

# If you wish to install AAP with a single managed postgres server and would
# like to modify the port for postgres, set the following variable. Note that 
# the *pg_port variables for the components should be changed to match the 
# value set by this variable if you wish to connect that component to this
# managed postgres database server.

# install_pg_port=5432

# Execution Environment Configuration
#

# Credentials for container registry to pull execution environment images from,
# registry_username and registry_password are required for registry.redhat.io
#
# When deployed with Automation Hub:
# - The installer will push execution environment images to Automation Hub and
#   configure Automation Controller to pull images from the Hub registry.
# - To make Hub to be the only registry to pull execution environment images from,
#   set 'ee_from_hub_only' to True. This is set to True by default when bundle
#   installer is used.

registry_url='registry.redhat.io'
registry_username=''
registry_password=''
# ee_from_hub_only =

# If you wish to add Ansible Engine 2.9 execution environment, set the following variable to true.
# However this is only available for x86_64 architecture.

# ee_29_enabled=false

# Receptor Configuration
#
receptor_listener_port=27199

# Automation Hub Configuration
#

automationhub_admin_password=''

automationhub_pg_host=''
automationhub_pg_port=5432

automationhub_pg_database='automationhub'
automationhub_pg_username='automationhub'
automationhub_pg_password=''
automationhub_pg_sslmode='prefer'

# Set to True to overwrite existing admin password.
#
# automationhub_force_change_admin_password = False

# The main automation hub URL that clients will connect to (e.g. https://<load balancer host>).
# If not specified, the first node in the [automationhub] group will be used when needed.
#
# automationhub_main_url = ''

# By default when one uploads collections to Automation Hub
# an admin needs to approve it before it is made available
# to the users. If one wants to disable the content approval
# flow, the following setting should be set to False.
#
# automationhub_require_content_approval = True

# At import time collections can go through a series of checks.
# Behaviour is driven by galaxy-importer.cfg configuration.
# Example are ansible-doc, ansible-lint, flake8, ...
#
# The following parameter allow one to drive this configuration.
# This variable is expected to be a dictionary.
#
# automationhub_importer_settings = None

# The default install will deploy a TLS enabled Automation Hub.
# If for some reason this is not the behavior wanted one can
# disable TLS enabled deployment.
#
# automationhub_disable_https = False

# The default install will deploy a TLS enabled Automation Hub.
# Unless specified otherwise the HSTS web-security policy mechanism
# will be enabled. This setting allows one to disable it if need be.
#
# automationhub_disable_hsts = False

# The default install will not create a signing service. If set to true
# a signing service will be created.

# automationhub_create_default_collection_signing_service = False
# automationhub_create_default_container_signing_service = False

# If a signing service is enabled, one must provide a signing script and a key.
# Note: these MUST be absolute paths.

# automationhub_collection_signing_service_key = /absolute/path/to/key/to/sign
# automationhub_collection_signing_service_script =  /absolute/path/to/script/that/signs

# automationhub_container_signing_service_key = /absolute/path/to/key/to/sign
# automationhub_container_signing_service_script =  /absolute/path/to/script/that/signs

# If a collection signing service is enabled, collections won't be signed automatically by default.
# The following parameter will have them signed by default.
#
# automationhub_auto_sign_collections = False

# If upgrading from Ansible Automation Platform 2.0 or earlier, you must either:
# - provide an existing Automation Hub token as 'automationhub_api_token' or
# - set 'generate_automationhub_token' to True to generate a new token
# Generating a new token will invalidate the existing token.
#
# automationhub_api_token=''
# generate_automationhub_token=

# Automation Hub LDAP configuration
#
# For Automation Hub to connect to LDAP directly the following variables
# need to be configured. The list of all possible configuration can be found here:
# https://django-auth-ldap.readthedocs.io/en/latest/reference.html#settings
# Extra parameters will need to be passed through an ansible ldap_extra_settings dictionary.
#
# automationhub_authentication_backend = "ldap"
#
# automationhub_ldap_server_uri = "ldap://ldap:10389"
# automationhub_ldap_bind_dn = "cn=admin,dc=ansible,dc=com"
# automationhub_ldap_bind_password = "GoodNewsEveryone"
# automationhub_ldap_user_search_base_dn = "ou=people,dc=ansible,dc=com"
# automationhub_ldap_group_search_base_dn = "ou=people,dc=ansible,dc=com"

# By default, bundle installer seeds certified and validated collections into
# Automation Hub. Set to False to disable the seeding.
#
# automationhub_seed_collections = True


# Automation EDA Controller Configuration
#

automationedacontroller_admin_password=''

automationedacontroller_pg_host=''
automationedacontroller_pg_port=5432

automationedacontroller_pg_database='automationedacontroller'
automationedacontroller_pg_username='automationedacontroller'
automationedacontroller_pg_password=''
automationedacontroller_pg_sslmode='prefer'

# Certificate and key to install in Automation EDa Controller 
# automationedacontroller_ssl_cert=/path/to/automationedacontroller.cert
# automationedacontroller_ssl_key=/path/to/automationedacontroller.key

# The full routeable URL used by EDA to connect to a controller host.
# This URL is required if there is no Automation Controller configured
# in inventory.
#
# Format example: automation_controller_main_url='https://<hostname>'
#
# automation_controller_main_url = '' 

# Boolean flag used to verify Automation Controller's
# web certificates when making calls from Automation EDA Controller.
#
# automationedacontroller_controller_verify_ssl = true

# SSL-related variables

# If set, this will install a custom CA certificate to the system trust store.
# custom_ca_cert=/path/to/ca.crt

# Certificate and key to install in nginx for the web UI and API
# web_server_ssl_cert=/path/to/tower.cert
# web_server_ssl_key=/path/to/tower.key

# Certificate and key to install in Automation Hub node
# automationhub_ssl_cert=/path/to/automationhub.cert
# automationhub_ssl_key=/path/to/automationhub.key

# Server-side SSL settings for PostgreSQL (when we are installing it).
# postgres_use_ssl=False
# postgres_ssl_cert=/path/to/pgsql.crt
# postgres_ssl_key=/path/to/pgsql.key

# Keystore file to install in SSO node
# sso_custom_keystore_file='/path/to/sso.jks'

# The default install will deploy SSO with sso_use_https=True
# Keystore password is required for https enabled SSO
sso_keystore_password=''

# Single-Sign-On configuration
sso_console_admin_password=''

# Hostname used for access to RH SSO server
# If SSO is not provided in inventory for configuration, then the SSO host 
# needs to be defined with the below.
# sso_host=''

# The default install will register node to the Red Hat Insights Service
# if the node is registered with Subscription Manager. Set to False to disable.
# enable_insights_collection = True
