path: root/defaults/sfconfig.yaml

---
# fqdn of the deployment used by authentication and in notification
fqdn: sftests.com

# The name of the default tenant
default-tenant-name: "local"

# Enable services debug mode
debug: false

network:
  smtp_relay:
  # NTP main reference server
  ntp_main_server: pool.ntp.org

  # Set mail forward to your personal address to receive notification
  # Default to root mailbox on managesf node
  admin_mail_forward: root@localhost

  static_hostnames: []
  # Define static hostnames
  # - "8.8.8.8 google-dns.com"

  # Define a koji host to be accessible through fqdn/koji
  koji_host: ""

  # Disable gerrit replication and nodepool providers
  disable_external_resources: false

  # Path of user provided certicate files, e.g. in /etc/software-factory/ssl
  # tls_challenge_alias is needed for tls renew challenges
  tls_cert_file: ""
  tls_chain_file: ""
  tls_key_file: ""
  tls_challenge_alias_path: ""
  apache_server_status: false

# Special deployment mode where zuul and nodepool is not running locally
tenant-deployment:
  # name: tenant-name
  # master-sf: main-sf-url

config-locations:
  # When not set, the config repositories are hosted locally
  config-repo:
  jobs-repo:
  strategy:
    # How remote location are maintained (push or patch)
    sync: push
    # The user to use for submitting changes
    user: git

authentication:
  admin_password: CHANGE_ME
  # timeout of sessions in seconds
  sso_session_timeout: 43200

  # Enforce authentication for all services (such as etherpad and pastebin that doesn't require authentication by default)
  authenticated_only: false

  oauth2:
    # This section is left as a transitional step to ease in the migration to
    # Keycloak. In future releases of Software Factory, the recommended way to
    # set up social login will be through Keycloak's CLI or UI directly.
    github:
      disabled: true
      client_id:
      client_secret:

custom_links:
  documentation_links: []
    # - name: Custom Link
    #   link: "https://domain.com"
  status_links: []
  contact_links: []

# add httpd directories
gateway_directories: []
#  - name: dir_name
#    path: dir_path
#    options:
#        - "option 1"
#        - "option 2"

nodepool:
  # Add default k1s containers
  k1s_default_pods: true
  # Copy a clouds.yaml to /etc/software-factory and reference its path here
  clouds_file:
  # Copy a .kube/config to /etc/software-factory and reference its path here
  kube_file:
  # Copy a ibm credentials env file to /etc/software-factory and reference its path here
  ibm_credentials_file:
  # Copy a .aws/config to /etc/software-factory and reference its path here
  aws_file:

  # OR list the OpenStack provider here (deprecated, provides a clouds.yaml instead)
  providers: []
  #  - name: default
  #    auth_url:
  #    project_name: tenantname
  #    username: username
  #    password: secret
  #    # to specify the image format uploaded: raw, qcow2
  #    # image_format: raw
  #     region_name: regionOne
  #    regions: []
  #    # These must be set when using a keystone v3 auth endpoint
  #    # user_domain_name: Default
  #    # project_domain_name: Default
  dib_reg_passwords: []
  #  - image_name: rhel
  #    reg_password: rhsm_password

opensearch:
  maximum_heap_size: 512m
  minimum_heap_size: 128m
  replicas: 0

## Uncomment below lines if you are using EXTERNAL Elasticsearch service.
#external_opensearch:
#  host: https://opensearch-host-2:9200
#  cacert_path: /etc/opensearch/certs/localCA.pem
#  suffix: sftests_com
#  users:
#    logstash_sftests_com:
#      password: logstash
#      role: logstash
#    kibana_sftests_com:
#      password: kibana
#      role: readonly

## Uncomment below lines if you are using EXTERNAL Opensearch dashboards service.
opensearch_dashboards:
  # You can choose None, Basic or JWT
  readonly_user_autologin: Basic
#  host_url: https://kibana-host-2:5601

logs:
  # 2 months log expiry
  expiry: 60

zuul:
  default_nodeset_name: container
  default_nodeset_label: runc-centos
  default_retry_attempts: 3
  # Mail address to contact when post or periodic pipeline job failed
  periodic_pipeline_mail_rcpt: "root@localhost"
  # Set custom zuul log url, the url will be expaned using the build parameters
  #  Default is: https://fqdn/logs/{build.uuid}/
  success_log_url: ""

  ara_report: true

  # Require review for github gate pipeline
  github_gate_require_review: true

  # Set custom zuul log url, the url will be expaned using the build parameters
  #  Default is: https://fqdn/logs/{build.uuid}/
  failure_log_url: ""

  # Regular Expressions used by pre-release and release pipelines
  prerelease_regexp: '([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9alpha|beta|rc.-]+))?(?:\+([0-9a-zA-Z.-]+))?'
  release_regexp: '([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9a-zA-Z.-]+))?(?:\+([0-9a-zA-Z.-]+))?'

  # Define here any third party OpenID Connect Identity Providers to make available to zuul.
  external_authenticators: []
  #  - name: "redhat_sso"
  #    realm: redhat
  #    issuer_id: https://keycloak/auth/realms/redhat
  #    client_id: zuul

  # Set external gerrit connections to act as third party CI
  gerrit_connections: []
  #  - name: "external_gerrit"
  #    hostname: external-gerrit-hostname
  #    port: 29418
  #    puburl: https://external-gerrit-host-name/r/
  #    username: external-gerrit-user-name
  #    # optional canonical_hostname
  #    # canonical_hostname: git.hostname

  github_connections: []
  #  - name: "github.com"
  #    hostname: github.com
  #    # optional canonical_hostname
  #    # canonical_hostname: git.hostname
  #
  #    # GitHub App settings
  #    # See https://softwarefactory-project.io/docs/operator/zuul_operator.html#zuul-github-app-operator
  #    app_id: XXX
  #    # Webhook secret defined during the setup of the app.
  #    webhook_token: XXX
  #    # Set app-name to enable gate configuration
  #    app_name: XXX
  #    # Set to enforce a label presence for gate pipeline
  #    label_name: XXX
  #    # In Github this is known as Private key and it must be collected when generated
  #    # Copy the file to the install-server and set the key path here:
  #    app_key: /etc/software-factory/github_app_key.pem
  #
  #    # Github Webhook settings (When using Webhook, no need to configure the App settings above)
  #    api_token: XXX # See https://help.github.com/articles/creating-an-access-token-for-command-line-use/
  #    webhook_token: XXX # see https://developer.github.com/webhooks/securing/

  git_connections: []
  #    - name: "git.openstack.org"
  #      # project name will be appended to it.
  #      baseurl: "https://git.openstack.org/"
  #      # refresh rate in second
  #      poll_delay: 7200

  # To use openstack-infra/zuul-jobs, review.openstack.org needs to be added to gerrit_connections list too
  upstream_zuul_jobs: false
  opensearch_connections: []
##  Add other Elasticsearch services that Zuul service will send
##  NOTE: by adding index name: zuul, zuul will push the data to the
##  Elasticsearch with convention:
##  <index-name>.<tenant-name>-<YYYY>.<MM>.<DD>. More info:
##  https://zuul-ci.org/docs/zuul/reference/drivers/elasticsearch.html
##  report to it. For example:
#   - name: elastic_rdo
#     username: zuul
#     password: zuul1234
#     host: 169.254.169.254
#     port: 9200
#     use_ssl: true
#     ca_certs: /etc/pki/ca-trust/source/anchors/elastic_rdo.pem
#     index: zuul

gerritbot:
  disabled: true
  ircserver: irc.freenode.net
  ircport: 6667
  botname: sfbot
  password: null

mumble:
  password: false

gerrit:
  # Additional parameters that should be included in projects.config file
  # in All-Projects repository.
  all_projects_config:
    - name: plugin.reviewers-by-blame.maxReviewers
      value: 5
    - name: plugin.reviewers-by-blame.ignoreDrafts
      value: true
    - name: plugin.reviewers-by-blame.ignoreSubjectRegEx
      value: "'(WIP|DNM)(.*)'"