b599c7249d
The Zuul admin can configure authenticators with an optional "max_validity_time" field, which is the maximum age in seconds for a valid authentication token. By default there is no maximum age set for tokens, except the one deduced from the token's "exp" claim. If "max_validity" is set, tokens without an "iat" claim will be rejected. This is meant as an extra security to avoid accidentally issueing very long lived tokens through the CLI. The "skew" field can be used to mitigate clocks discrepancies between Zuul and a JWT emitter. Change-Id: I9351ca016b60050b5f3b3950b840d5f719e919ce
83 lines
1.4 KiB
Plaintext
83 lines
1.4 KiB
Plaintext
[gearman]
|
|
server=127.0.0.1
|
|
;port=4730
|
|
;ssl_ca=/path/to/ca.pem
|
|
;ssl_cert=/path/to/client.pem
|
|
;ssl_key=/path/to/client.key
|
|
|
|
[statsd]
|
|
server=127.0.0.1
|
|
|
|
[zookeeper]
|
|
hosts=127.0.0.1:2181
|
|
|
|
[gearman_server]
|
|
start=true
|
|
;ssl_ca=/path/to/ca.pem
|
|
;ssl_cert=/path/to/server.pem
|
|
;ssl_key=/path/to/server.key
|
|
;port=4730
|
|
|
|
[scheduler]
|
|
tenant_config=/etc/zuul/main.yaml
|
|
log_config=/etc/zuul/logging.conf
|
|
pidfile=/var/run/zuul/zuul.pid
|
|
state_dir=/var/lib/zuul
|
|
|
|
[merger]
|
|
git_dir=/var/lib/zuul/git
|
|
;git_user_email=zuul@example.com
|
|
;git_user_name=zuul
|
|
|
|
[executor]
|
|
default_username=zuul
|
|
trusted_ro_paths=/opt/zuul-scripts:/var/cache
|
|
trusted_rw_paths=/opt/zuul-logs
|
|
|
|
[web]
|
|
listen_address=127.0.0.1
|
|
port=9000
|
|
static_cache_expiry=0
|
|
status_url=https://zuul.example.com/status
|
|
|
|
[webclient]
|
|
url=https://zuul.example.com
|
|
verify_ssl=true
|
|
|
|
[auth zuul_operator]
|
|
driver=HS256
|
|
allow_authz_override=true
|
|
realm=zuul.example.com
|
|
default=true
|
|
client_id=zuul.example.com
|
|
issuer_id=zuul_operator
|
|
secret=NoDanaOnlyZuul
|
|
max_validity_time=36000
|
|
skew=0
|
|
|
|
[connection gerrit]
|
|
driver=gerrit
|
|
server=review.example.com
|
|
;baseurl=https://review.example.com/r
|
|
user=jenkins
|
|
sshkey=/home/jenkins/.ssh/id_rsa
|
|
;keepalive=60
|
|
|
|
[connection smtp]
|
|
driver=smtp
|
|
server=localhost
|
|
port=25
|
|
default_from=zuul@example.com
|
|
default_to=you@example.com
|
|
|
|
[connection mqtt]
|
|
driver=mqtt
|
|
server=localhost
|
|
user=zuul
|
|
password=zuul
|
|
;keepalive=60
|
|
|
|
[connection mydatabase]
|
|
driver=sql
|
|
dburi=mysql+pymysql://user@localhost/zuul
|