forked from bottlerocket-os/bottlerocket
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Infra.toml.example
84 lines (74 loc) · 4.22 KB
/
Infra.toml.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# This is an example infrastructure configuration for pubsys, the tool that
# creates repos when you call `cargo make repo`. Save a copy as `Infra.toml`
# at the root of the repo, then edit the settings below to match your use case.
# You can have any number of repos defined and build a specific one by running like this:
# cargo make -e PUBLISH_REPO=myrepo repo
[repo.default]
# URL to your root role JSON file; can be a file:// URL for local files. If
# you don't specify one here, a file will be generated for you under /roles.
# For production use, you should store them somewhere safer.
root_role_url = "https://example.com/root.json"
# SHA512 checksum of your root role JSON file.
root_role_sha512 = "0123456789abcdef"
# For reference, this is the Bottlerocket root role:
#root_role_url = "https://cache.bottlerocket.aws/root.json"
#root_role_sha512 = "2ff1fbf99b20dd7ff5d2c84243a8e3b51701183b1f524b7d470a6b7a9b0172fbb36a0949b7e586ab7ccb6e348eb77125d6ed9fd1a638f4381e4f3f084ff38596"
# pubsys assumes a single publication key that signs the snapshot, targets,
# and timestamp roles. Here you specify where that key lives so we can sign
# the created repo. If you don't specify one here, a key will be generated for
# you under /keys. For production use, you should use a key stored in a
# trusted service like KMS or SSM.
# (Need inline table syntax until this is fixed: https://github.com/alexcrichton/toml-rs/issues/225)
signing_keys = { file = { path = "/home/user/key.pem" } }
#signing_keys = { kms = { key_id = "abc-def-123" } }
#signing_keys = { ssm = { parameter = "/my/parameter" } }
# If these URLs are uncommented, the repo will be pulled and used as a starting
# point, and your images (and related files) will be added as a new update in
# the created repo. Otherwise, we build a new repo from scratch.
metadata_base_url = "https://example.com/"
targets_url = "https://example.com/targets/"
[aws]
# The list of regions in which you want to publish AMIs. We register an AMI in
# the first region and copy it to all other regions.
regions = ["us-west-2", "us-east-1", "us-east-2"]
# If specified, we use this named profile from ~/.aws/credentials, rather than
# the default path of trying credentials from the environment, from a
# credential process, from the default profile, and then from an IAM instance
# profile.
profile = "my-profile"
# If specified, we assume this role before making any API calls.
role = "arn:aws:iam::012345678901:role/assume-global"
# If specified, this string will be prefixed on all parameter names published to SSM.
ssm_prefix = "/your/prefix/here"
[aws.region.us-west-2]
# If specified, we assume this role before making any API calls in this region.
# (This is assumed after the "global" aws.role, if that is also specified.)
role = "arn:aws:iam::012345678901:role/assume-regional"
[vmware]
# A list of datacenter names to which you would like to upload an OVA. These
# are "friendly" names, and do not need to be the actual name of the
# software-defined datacenter, but can be. For example, you may have have
# multiple vSphere instances with datacenters that still carry the default
# "SDDC-Datacenter" name; this field allows you to differentiate them.
datacenters = ["north", "south"]
# ***
# GOVC_* environment variables set in the current environment override any
# configuration set in the sections below!
# ***
# Optional common configuration
# This configuration allow values to be set in a single place if they are common in
# multiple datacenters. They can be overridden in the datacenter's block below.
[vmware.common]
network = "a_network"
# Datacenter specific configuration
# This specifies all of the values necessary to communicate with this
# datacenter via `govc`. Each value maps directly to the GOVC_* environment
# variable in the corresponding comment. If any of these values is missing and
# isn't in the environment, we will look for them in `vmware.common`.
[vmware.datacenter.north]
vsphere_url = "https://vcenter.1234.vmwarevmc.com" # GOVC_URL
datacenter = "SDDC-Datacenter" # GOVC_DATACENTER
datastore = "WorkloadDatastore" # GOVC_DATASTORE
network = "sddc-cgw-network-1" # GOVC_NETWORK
folder = "my_folder" # GOVC_FOLDER
resource_pool = "/SDDC-Datacenter/host/Cluster/Resources/Compute-ResourcePool" # GOVC_RESOURCE_POOL