Yorc Server Configuration¶
Yorc has various configuration options that could be specified either by command-line flags, configuration file or environment variables.
If an option is specified several times using flags, environment and config file, command-line flag will have the precedence then the environment variable and finally the value defined in the configuration file.
Globals Command-line options¶
--ansible_use_openssh
: Prefer OpenSSH over Paramiko a Python implementation of SSH (the default) to provision remote hosts. OpenSSH have several optimization like reusing connections that should improve preformance but may lead to issues on older systems.
--ansible_debug
: Prints massive debug information from Ansible especially about connections
--ansible_connection_retries
: Number of retries in case of Ansible SSH connection failure.
--ansible_cache_facts
: If set to true, caches Ansible facts (values fetched on remote hosts about network/hardware/OS/virtualization configuration) so that these facts are not recomputed each time a new operation is a run for a given deployment (false by default: no caching).
--ansible_archive_artifacts
: If set to true, archives operation bash/python scripts locally, copies this archive and unarchives it on remote hosts (requires tar to be installed on remote hosts), to avoid multiple time consuming remote copy operations of individual scripts (false by default: no archive).
--ansible_keep_generated_recipes
: If set to true, generated Ansible recipes on Yorc server are not deleted. (false by default: generated recipes are deleted).
--operation_remote_base_dir
: Specify an alternative working directory for Ansible on provisioned Compute.
--config
or-c
: Specify an alternative configuration file. By default Yorc will look for a file named config.yorc.json in/etc/yorc
directory then if not found in the current directory.
--consul_address
: Specify the address (using the format host:port) of Consul. Consul default is used if not provided.
--consul_token
: Specify the security token to use with Consul. No security token used by default.
--consul_datacenter
: Specify the Consul’s datacenter to use. Consul default (dc1) is used by default.
--consul_key_file
: Specify the Consul client’s key to use when commuicating over TLS.
--consul_cert_file
: Specify the Consul client’s certificate to use when commuicating over TLS.
--consul_ca_cert
: Specify the CA used to sign Consul certificates.
--consul_ca_path
: Specify the path to the CA used to sign Consul certificates
--consul_ssl
: If set to true, enable SSL (false by default).
--consul_ssl_verify
: If set to false, disable Consul certificate checking (true by default is ssl enabled).
--terraform_keep_generated_files
: If set to true, generated Terraform infrastructures files on Yorc server are not deleted. (false by default: generated files are deleted).
--consul_publisher_max_routines
: Maximum number of parallelism used to store key/values in Consul. If you increase the default value you may need to tweak the ulimit max open files. If set to 0 or less the default value (500) will be used.
--graceful_shutdown_timeout
: Timeout to wait for a graceful shutdown of the Yorc server. After this delay the server immediately exits. The default is5m
.
--wf_step_graceful_termination_timeout
: Timeout to wait for a graceful termination of a workflow step during concurrent workflow step failure. After this delay the step is set on error. The default is2m
.
--http_address
: Restrict the listening interface for the Yorc HTTP REST API. By default Yorc listens on all available interfaces
--http_port
: Port number for the Yorc HTTP REST API. If omitted or set to ‘0’ then the default port number is used, any positive integer will be used as it, and finally any negative value will let use a random port.
--keep_operation_remote_path
: If set to true, do not delete temporary artifacts on provisioned Compute at the end of deployment (false by default for deployment temporary artifacts cleanup).
--key_file
: File path to a PEM-encoded private key. The key is used to enable SSL for the Yorc HTTP REST API. This must be provided along with cert_file. If one of key_file or cert_file is not provided then SSL is disabled.
--cert_file
: File path to a PEM-encoded certificate. The certificate is used to enable SSL for the Yorc HTTP REST API. This must be provided along with key_file. If one of key_file or cert_file is not provided then SSL is disabled.
--ca_file
: If set to true, enable TLS certificate checking. Must be provided with cert_file ; key_file and ca_file. Disabled by default.
--ssl_verify
: If set to true, enable TLS certificate checking for clients of the Yorc’s API. Must be provided with cert_file ; key_file and ca_file. Disabled by default.
--plugins_directory
: The name of the plugins directory of the Yorc server. The default is to use a directory named plugins in the current directory.
--resources_prefix
: Specify a prefix that will be used for names when creating resources such as Compute instances or volumes. Defaults toyorc-
.
--workers_number
: Yorc instances use a pool of workers to handle deployment tasks. This option defines the size of this pool. If not set the default value of 3 will be used.
--working_directory
or-w
: Specify an alternative working directory for Yorc. The default is to use a directory named work in the current directory.
--server_id
: Specify the server ID used to identify the server node in a cluster. The default isserver_0
.
Configuration files¶
Configuration files are either JSON or YAML formatted as a single object containing the following configuration options.
By default Yorc will look for a file named config.yorc.json in /etc/yorc
directory then if not found in the current directory.
The –config command line flag allows to specify an alternative configuration file.
Below is an example of configuration file.
{
"resources_prefix": "yorc1-",
"infrastructures": {
"openstack": {
"auth_url": "http://your-openstack:5000/v2.0",
"tenant_name": "your-tenant",
"user_name": "os-user",
"password": "os-password",
"private_network_name": "default-private-network",
"default_security_groups": ["default"]
}
}
}
Below is an example of configuration file with TLS enabled.
{
"resources_prefix": "yorc1-",
"key_file": "/etc/pki/tls/private/yorc.key",
"cert_file": "/etc/pki/tls/certs/yorc.crt",
"infrastructures": {
"openstack": {
"auth_url": "http://your-openstack:5000/v2.0",
"tenant_name": "your-tenant",
"user_name": "os-user",
"password": "os-password",
"private_network_name": "default-private-network",
"default_security_groups": ["default"]
}
}
}
server_graceful_shutdown_timeout
: Equivalent to –graceful_shutdown_timeout command-line flag.
wf_step_graceful_termination_timeout
: Equivalent to –wf_step_graceful_termination_timeout command-line flag.
http_address
: Equivalent to –http_address command-line flag.
http_port
: Equivalent to –http_port command-line flag.
key_file
: Equivalent to –key_file command-line flag.
cert_file
: Equivalent to –cert_file command-line flag.
ssl_verify
: Equivalent to –ssl_verify command-line flag.
ca_file
: Equivalent to –ca_file command-line flag.
plugins_directory
: Equivalent to –plugins_directory command-line flag.
resources_prefix
: Equivalent to –resources_prefix command-line flag.
workers_number
: Equivalent to –workers_number command-line flag.
working_directory
: Equivalent to –working_directory command-line flag.
server_id
: Equivalent to –server_id command-line flag.
Ansible configuration¶
Below is an example of configuration file with Ansible configuration options.
{
"resources_prefix": "yorc1-",
"infrastructures": {
"openstack": {
"auth_url": "http://your-openstack:5000/v2.0",
"tenant_name": "your-tenant",
"user_name": "os-user",
"password": "os-password",
"private_network_name": "default-private-network",
"default_security_groups": ["default"]
}
},
"ansible": {
"use_openssh": true,
"connection_retries": 3,
"hosted_operations": {
"unsandboxed_operations_allowed": false,
"default_sandbox": {
"image": "jfloff/alpine-python:2.7-slim",
"entrypoint": ["python", "-c"],
"command": ["import time;time.sleep(31536000);"]
}
}
}
}
All available configuration options for Ansible are:
use_openssh
: Equivalent to –ansible_use_openssh command-line flag.
debug
: Equivalent to –ansible_debug command-line flag.
connection_retries
: Equivalent to –ansible_connection_retries command-line flag.
cache_facts
: Equivalent to –ansible_cache_facts command-line flag.
archive_artifacts
: Equivalent to –ansible_archive_artifacts command-line flag.
operation_remote_base_dir
: Equivalent to –operation_remote_base_dir command-line flag.
keep_operation_remote_path
: Equivalent to –keep_operation_remote_path command-line flag.
keep_generated_recipes
: Equivalent to –ansible_keep_generated_recipes command-line flag.
hosted_operations
: This is a complex structure that allow to define the behavior of a Yorc server when it executes an hosted operation. For more information about hosted operation please see The hosted operations paragraph in the TOSCA support section. This structure contains the following configuration options:
unsandboxed_operations_allowed
: This option control if operations can be executed directly on the system that hosts Yorc if no default sandbox is defined. This is not permitted by default.
default_sandbox
: This complex structure allows to define the default docker container to use to sandbox orchestrator-hosted operations. Bellow configuration optionsentrypoint
andcommand
should be carefully set to run the container and make it sleep until operations are executed on it. Defaults options will run a python inline script that sleeps for 1 year.
image
: This is the docker image identifier (in the docker format[repository/]name[:tag]
) is option is required.
entrypoint
: This allows to override the default image entrypoint. If bothentrypoint
andcommand
are empty the default value forentrypoint
is["python", "-c"]
.
command
: This allows to run a command within the container. If bothentrypoint
andcommand
are empty the default value forcommand
is["import time;time.sleep(31536000);"]
.
env
: An optional list environment variables to set when creating the container. The format of each variable isvar_name=value
.
Ansible performance considerations¶
As described in TOSCA Supported Operations implementations, Yorc supports these builtin implementations for operations to execute on remote hosts :
- Bash scripts
- Python scripts
- Ansible Playbooks
It is recommended to implement operations as Ansible Playbooks to get the best execution performance.
When operations are not implemented using Ansible playbooks, see the Performance section on TOSCA Operations to improve the performance of scripts execution on remote hosts.
Consul configuration¶
Below is an example of configuration file with Consul configuration options.
{
"resources_prefix": "yorc1-",
"infrastructures": {
"openstack": {
"auth_url": "http://your-openstack:5000/v2.0",
"tenant_name": "your-tenant",
"user_name": "os-user",
"password": "os-password",
"private_network_name": "default-private-network",
"default_security_groups": ["default"]
}
},
"consul": {
"address": "http://consul-host:8500",
"datacenter": "dc1",
"publisher_max_routines": 500
}
}
All available configuration options for Consul are:
address
: Equivalent to –consul_address command-line flag.
token
: Equivalent to –consul_token command-line flag.
datacenter
: Equivalent to –consul_datacenter command-line flag.
key_file
: Equivalent to –consul_key_file command-line flag.
cert_file
: Equivalent to –consul_cert_file command-line flag.
ca_cert
: Equivalent to –consul_ca_cert command-line flag.
ca_path
: Equivalent to –consul_ca_path command-line flag.
ssl
: Equivalent to –consul_ssl command-line flag.
ssl_verify
: Equivalent to –consul_ssl_verify command-line flag.
publisher_max_routines
: Equivalent to –consul_publisher_max_routines command-line flag.
Terraform configuration¶
Below is an example of configuration file with Terraform configuration options.
{
"resources_prefix": "yorc1-",
"infrastructures": {
"openstack": {
"auth_url": "http://your-openstack:5000/v2.0",
"tenant_name": "your-tenant",
"user_name": "os-user",
"password": "os-password",
"private_network_name": "default-private-network",
"default_security_groups": ["default"]
}
},
"terraform": {
"keep_generated_files": false
}
}
All available configuration options for Terraform are:
keep_generated_files
: Equivalent to –terraform_keep_generated_files command-line flag.
Telemetry configuration¶
Telemetry configuration can only be done via the configuration file. By default telemetry data are only stored in memory. See Yorc Telemetry for more information about telemetry.
Below is an example of configuration file with telemetry metrics forwarded to a Statsd
instance and with a Prometheus
HTTP endpoint exposed.
{
"resources_prefix": "yorc1-",
"infrastructures": {
"openstack": {
"auth_url": "http://your-openstack:5000/v2.0",
"tenant_name": "your-tenant",
"user_name": "os-user",
"password": "os-password",
"private_network_name": "default-private-network",
"default_security_groups": ["default"]
}
},
"telemetry": {
"statsd_address": "127.0.0.1:8125",
"expose_prometheus_endpoint": true
}
}
All available configuration options for telemetry are:
service_name
: Metrics keys prefix, defaults toyorc
.
disable_hostname
: Specifies if gauge values should not be prefixed with the local hostname. Defaults tofalse
.
disable_go_runtime_metrics
: Specifies Go runtime metrics (goroutines, memory, …) should not be published. Defaults tofalse
.
statsd_address
: Specify the address (in form <address>:<port>) of a statsd server to forward metrics data to.
statsite_address
: Specify the address (in form <address>:<port>) of a statsite server to forward metrics data to.
expose_prometheus_endpoint
: Specify if an HTTP Prometheus endpoint should be exposed allowing Prometheus to scrape metrics.
Deprecated configuration options¶
Deprecated since version 3.0.0.
ansible_use_openssh
: Equivalent to –ansible_use_openssh command-line flag.
ansible_debug
: Equivalent to –ansible_debug command-line flag.
ansible_connection_retries
: Equivalent to –ansible_connection_retries command-line flag.
operation_remote_base_dir
: Equivalent to –operation_remote_base_dir command-line flag.
keep_operation_remote_path
: Equivalent to –keep_operation_remote_path command-line flag.
consul_address
: Equivalent to –consul_address command-line flag.
consul_token
: Equivalent to –consul_token command-line flag.
consul_datacenter
: Equivalent to –consul_datacenter command-line flag.
consul_key_file
: Equivalent to –consul_key_file command-line flag.
consul_cert_file
: Equivalent to –consul_cert_file command-line flag.
consul_ca_cert
: Equivalent to –consul_ca_cert command-line flag.
consul_ca_path
: Equivalent to –consul_ca_path command-line flag.
consul_ssl
: Equivalent to –consul_ssl command-line flag.
consul_ssl_verify
: Equivalent to –consul_ssl_verify command-line flag.
consul_publisher_max_routines
: Equivalent to –consul_publisher_max_routines command-line flag.
Environment variables¶
YORC_ANSIBLE_USE_OPENSSH
: Equivalent to –ansible_use_openssh command-line flag.
YORC_ANSIBLE_DEBUG
: Equivalent to –ansible_debug command-line flag.
YORC_ANSIBLE_CONNECTION_RETRIES
: Equivalent to –ansible_connection_retries command-line flag.
YORC_ANSIBLE_CACHE_FACTS
: Equivalent to –ansible_cache_facts command-line flag.
YORC_ANSIBLE_ARCHIVE_ARTIFACTS
: Equivalent to –ansible_archive_artifacts command-line flag.
YORC_ANSIBLE_KEEP_GENERATED_RECIPES
: Equivalent to –ansible_keep_generated_recipes command-line flag.
YORC_OPERATION_REMOTE_BASE_DIR
: Equivalent to –operation_remote_base_dir command-line flag.
YORC_CONSUL_ADDRESS
: Equivalent to –consul_address command-line flag.
YORC_CONSUL_TOKEN
: Equivalent to –consul_token command-line flag.
YORC_CONSUL_DATACENTER
: Equivalent to –consul_datacenter command-line flag.
YORC_CONSUL_KEY_FILE
: Equivalent to –consul_key_file command-line flag.
YORC_CONSUL_CERT_FILE
: Equivalent to –consul_cert_file command-line flag.
YORC_CONSUL_CA_CERT
: Equivalent to –consul_ca_cert command-line flag.
YORC_CONSUL_CA_PATH
: Equivalent to –consul_ca_path command-line flag.
YORC_CONSUL_SSL
: Equivalent to –consul_ssl command-line flag.
YORC_CONSUL_SSL_VERIFY
: Equivalent to –consul_ssl_verify command-line flag.
YORC_CONSUL_PUBLISHER_MAX_ROUTINES
: Equivalent to –consul_publisher_max_routines command-line flag.
YORC_SERVER_GRACEFUL_SHUTDOWN_TIMEOUT
: Equivalent to –graceful_shutdown_timeout command-line flag.
YORC_WF_STEP_GRACEFUL_TERMINATION_TIMEOUT
: Equivalent to –wf_step_graceful_termination_timeout command-line flag.
YORC_HTTP_ADDRESS
: Equivalent to –http_address command-line flag.
YORC_HTTP_PORT
: Equivalent to –http_port command-line flag.
YORC_KEEP_OPERATION_REMOTE_PATH
: Equivalent to –keep_operation_remote_path command-line flag.
YORC_KEY_FILE
: Equivalent to –key_file command-line flag.
YORC_CERT_FILE
: Equivalent to –cert_file command-line flag.
YORC_SSL_VERIFY
: Equivalent to –ssl_verify command-line flag.
YORC_CA_FILE
: Equivalent to –ca_file command-line flag.
YORC_PLUGINS_DIRECTORY
: Equivalent to –plugins_directory command-line flag.
YORC_RESOURCES_PREFIX
: Equivalent to –resources_prefix command-line flag.
YORC_WORKERS_NUMBER
: Equivalent to –workers_number command-line flag.
YORC_WORKING_DIRECTORY
: Equivalent to –working_directory command-line flag.
YORC_SERVER_ID
: Equivalent to –server_id command-line flag.
YORC_LOG
: If set to1
orDEBUG
, enables debug logging for Yorc.
YORC_TERRAFORM_KEEP_GENERATED_FILES
: Equivalent to –terraform_keep_generated_files command-line flag.
Infrastructures configuration¶
Due to the pluggable nature of infrastructures support in Yorc their configuration differ from other configurable options. An infrastructure configuration option could be specified by either a its configuration placeholder in the configuration file, a command line flag or an environment variable.
The general principle is for a configurable option option_1
for infrastructure infra1
it should be specified in the configuration file as following:
{
"infrastructures": {
"infra1": {
"option_1": "value"
}
}
}
Similarly a command line flag with the name --infrastructure_infra1_option_1
and an environment variable with the name YORC_INFRA_INFRA1_OPTION_1
will be
automatically supported and recognized. The default order of precedence apply here.
Builtin infrastructures configuration¶
OpenStack¶
OpenStack infrastructure key name is openstack
in lower case.
Option Name | Description | Data Type | Required | Default |
---|---|---|---|---|
auth_url |
Specify the authentication url for OpenStack (should be the Keystone endpoint ie: http://your-openstack:5000/v2.0). | string | yes | |
tenant_id |
Specify the OpenStack tenant id to use. | string | Either this or tenant_name should be provided. |
|
tenant_name |
Specify the OpenStack tenant name to use. | string | Either this or tenant_id should be provided. |
|
user_name |
Specify the OpenStack user name to use. | string | yes | |
password |
Specify the OpenStack password to use. | string | yes | |
region |
Specify the OpenStack region to use | string | no | RegionOne |
private_network_name |
Specify the name of private network to use as primary adminstration network between Yorc and Compute instances. It should be a private network accessible by this instance of Yorc. | string | Required to use the PRIVATE keyword for TOSCA
admin networks |
|
provisioning_over_fip_allowed |
This allows to perform the provisioning of a Compute over the associated floating IP if it exists. This is useful when Yorc is not deployed on the same private network than the provisioned Compute. | boolean | no | false |
default_security_groups |
Default security groups to be used when creating a Compute instance. It should be a comma-separated list of security group names | list of strings | no | |
insecure |
Trust self-signed SSL certificates | boolean | no | false |
cacert_file |
Specify a custom CA certificate when communicating over SSL. You can specify either a path to the file or the contents of the certificate | string | no | |
cert |
Specify client certificate file for SSL client authentication. You can specify either a path to the file or the contents of the certificate | string | no | |
key |
Specify client private key file for SSL client authentication. You can specify either a path to the file or the contents of the key | string | no |
Kubernetes¶
Kubernetes infrastructure key name is kubernetes
in lower case.
Option Name | Description | Data Type | Required | Default |
---|---|---|---|---|
master_url |
URL of the HTTP API of Kubernetes is exposed. Format: https://<host>:<port> |
string | yes | |
ca_file |
Path to a trusted root certificates for server | string | no | |
cert_file |
Path to the TLS client certificate used for authentication | string | no | |
key_file |
Path to the TLS client key used for authentication | string | no | |
insecure |
Server should be accessed without verifying the TLS certificate (testing only) | boolean | no |
Google Cloud Platform¶
Google Cloud Platform infrastructure key name is google
in lower case.
Option Name | Description | Data Type | Required | Default |
---|---|---|---|---|
project |
ID of the project to apply any resources to | string | yes | |
application_credentials |
Path of file containing credentials* | string | no | Google Application Default Credentials |
credentials |
Content of file containing credentials | string | no | Google Application Default Credentials |
region |
The region to operate under | string | no |
application_credentials
is the path (accessible to Yorc server) of a file containing service account private keys in JSON format.
This file can be downloaded from the Google Cloud Console at Google Cloud service account file.
If no file path is specified in application_credentials
and no file content is specified in credentials
, the orchestrator will fall back to using the Google Application Default Credentials if any.
AWS¶
AWS infrastructure key name is aws
in lower case.
Option Name | Description | Data Type | Required | Default |
---|---|---|---|---|
access_key |
Specify the AWS access key credential. | string | yes | |
secret_key |
Specify the AWS secret key credential. | string | yes | |
region |
Specify the AWS region to use. | string | yes |
Slurm¶
Slurm infrastructure key name is slurm
in lower case.
Option Name | Description | Data Type | Required | Default |
---|---|---|---|---|
user_name |
SSH Username to be used to connect to the Slurm Client’s node | string | yes | |
password |
SSH Password to be used to connect to the Slurm Client’s node | string | Either this or private_key should be provided |
|
private_key |
SSH Private key to be used to connect to the Slurm Client’s node | string | Either this or password should be provided |
|
url |
IP address of the Slurm Client’s node | string | yes | |
port |
SSH Port to be used to connect to the Slurm Client’s node | string | yes | |
default_job_name |
Default name for the job allocation. | string | no |
Vault configuration¶
Due to the pluggable nature of vaults support in Yorc their configuration differ from other configurable options. A vault configuration option could be specified by either its configuration placeholder in the configuration file, a command line flag or an environment variable.
The general principle is for a configurable option option_1
it should be specified in the configuration file as following:
{
"vault": {
"type": "vault_implementation",
"option_1": "value"
}
}
Similarly a command line flag with the name --vault_option_1
and an environment variable with the name YORC_VAULT_OPTION_1
will be
automatically supported and recognized. The default order of precedence apply here.
type
is the only mandatory option for all vaults configurations, it allows to select the vault implementation by specifying it’s ID. If the
type
option is not present either in the config file, as a command line flag or as an environment variable, Vault configuration will be ignored.
The integration with a Vault is totally optional and this configuration part may be leave empty.
Builtin Vaults configuration¶
HashiCorp’s Vault¶
This is the only builtin supported Vault implementation.
Implementation ID to use with the vault type configuration parameter is hashicorp
.
Bellow are recognized configuration options for Vault:
Option Name | Description | Data Type | Required | Default |
---|---|---|---|---|
address |
Address is the address of the Vault server. This should be a complete URL such as “https://vault.example.com”. | string | yes | |
max_retries |
MaxRetries controls the maximum number of times to retry when a 5xx error occurs. Set to 0 or less to disable retrying. | integer | no | 0 |
timeout |
Timeout is for setting custom timeout parameter in the HttpClient. | string | no | |
ca_cert |
CACert is the path to a PEM-encoded CA cert file to use to verify the Vault server SSL certificate. | string | no | |
ca_path |
CAPath is the path to a directory of PEM-encoded CA cert files to verify the Vault server SSL certificate. | string | no | |
client_cert |
ClientCert is the path to the certificate for Vault communication. | string | no | |
client_key |
ClientKey is the path to the private key for Vault communication | string | no | |
tls_server_name |
TLSServerName, if set, is used to set the SNI host when connecting via TLS. | string | no | |
tls_skip_verify |
Disables SSL verification | boolean | no | false |
token |
Specifies the access token to use to connect to vault. This is highly discouraged to this option in the configuration file as the token is a sensitive data and should not be written on disk. Prefer the associated environment variable | string | no |
Yorc Client CLI Configuration¶
This section is dedicated to the CLI part of yorc that covers everything except the server configuration detailed above. It focus on configuration options commons to all the commands. Sub commands may have additional options please use the cli help command to see them.
Just like for its server part Yorc Client CLI has various configuration options that could be specified either by command-line flags, configuration file or environment variables.
If an option is specified several times using flags, environment and config file, command-line flag will have the precedence then the environment variable and finally the value defined in the configuration file.
Command-line options¶
--ca_file
: This provides a file path to a PEM-encoded certificate authority. This implies the use of HTTPS to connect to the Yorc REST API.
--ca_path
: Path to a directory of PEM-encoded certificates authorities. This implies the use of HTTPS to connect to the Yorc REST API.
--cert_file
: File path to a PEM-encoded client certificate used to authenticate to the Yorc API. This must be provided along with key-file. If one of key-file or cert-file is not provided then SSL authentication is disabled. If both cert-file and key-file are provided this implies the use of HTTPS to connect to the Yorc REST API.
-c
or--config
: config file (default is /etc/yorc/yorc-client.[json|yaml])
--key_file
: File path to a PEM-encoded client private key used to authenticate to the Yorc API. This must be provided along with cert-file. If one of key-file or cert-file is not provided then SSL authentication is disabled. If both cert-file and key-file are provided this implies the use of HTTPS to connect to the Yorc REST API.
--skip_tls_verify
: Controls whether a client verifies the server’s certificate chain and host name. If set to true, TLS accepts any certificate presented by the server and any host name in that certificate. In this mode, TLS is susceptible to man-in-the-middle attacks. This should be used only for testing. This implies the use of HTTPS to connect to the Yorc REST API.
-s
or--ssl_enabled
: Use HTTPS to connect to the Yorc REST API. This is automatically implied if one of--ca_file
,--ca_path
,--cert_file
,--key_file
or--skip_tls_verify
is provided.
--yorc_api
: specify the host and port used to join the Yorc’ REST API (default “localhost:8800”)
Configuration files¶
Configuration files are either JSON or YAML formatted as a single object containing the following configuration options.
By default Yorc will look for a file named yorc-client.json or yorc-client.yaml in /etc/yorc
directory then if not found in the current directory.
The –config command line flag allows to specify an alternative configuration file.
ca_file
: Equivalent to –ca_file command-line flag.
ca_path
: Equivalent to –ca_path command-line flag.
cert_file
: Equivalent to –cert_file command-line flag.
key_file
: Equivalent to –key_file command-line flag.
skip_tls_verify
: Equivalent to –skip_tls_verify command-line flag.
ssl_enabled
: Equivalent to –ssl_enabled command-line flag.
yorc_api
: Equivalent to –yorc_api command-line flag.
Environment variables¶
YORC_CA_FILE
: Equivalent to –ca_file command-line flag.
YORC_CA_PATH
: Equivalent to –ca_path command-line flag.
YORC_CERT_FILE
: Equivalent to –cert_file command-line flag.
YORC_KEY_FILE
: Equivalent to –key_file command-line flag.
YORC_SKIP_TLS_VERIFY
: Equivalent to –skip_tls_verify command-line flag.
YORC_SSL_ENABLED
: Equivalent to –ssl_enabled command-line flag.
YORC_API
: Equivalent to –yorc_api command-line flag.