gramps/namaste
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
main
namaste/config/namaste.xml
gramps 373ebc8c93 Archive: Namaste PHP AMQP framework v1.0 (2017-2020) 
952 days continuous production uptime, 40k+ tp/s single node.
Original corpo Bitbucket history not included — clean archive commit.
2026-04-05 09:49:30 -07:00

563 lines
26 KiB
XML
Raw Permalink Blame History

<?xml version="1.0" encoding="utf-8"?>
<!--
Remember - this is the production level XML definition and values here are expected to be
over-written by a specific environment XML file which, by design, is not checked
into source.
@author: mike@givingassistant.org
@version: 1.0
HISTORY:
========
06-07-17 mks original coding
12-06-17 mks CORE-591: re-configured for env.xml layering
cache log-buffering params
04-09-18 mks _INF-188: cool storage (warehousing) configuration changes
05-31-18 mks CORE-1011: update for new XML broker services configuration
06-08-18 mks CORE-1035: deprecated prodBox tag
07-03-18 mks CORE-797: syslog over consoleLog option
02-04-19 mks DB-107: added AUDIT to meta client list
09-24-19 mks DB-136: support for new admin brokers, removal of syslog setting
01-29-20 mks DB-144: tercero activation
10-14-20 mks DB-168: removed db-level isLocal tags, which are replaced with root-level tags
{service}{isLocal} && {service}{active} as the authoritative declaration
for mongo configuration by service
12-07-20 mks DB-180: Support for segundo::CONS broker (cBroker)
-->
<application>
<id>
<envName>production</envName> <!-- must be: production staging or development -->
<version>1.0</version> <!-- used in forming cache key names, matched git version tag on master -->
<wbid>ga</wbid> <!-- white box corporate identifier: always 2 chars -->
</id>
<syslog>1</syslog> <!-- enable syslog over console log for production -->
<debug>0</debug> <!-- disable debug-level logging -->
<auditOn>1</auditOn> <!-- enables auditing micro-service overrides template setting -->
<journalOn>1</journalOn> <!-- enables journaling micro-service overrides template setting -->
<!-- if a service is defined below, that service must have it's own section in the next block to define -->
<!-- locality and it's active state. -->
<services> <!-- defines the services supported by this framework -->
<subEntry>appServer</subEntry> <!-- namaste is an alias for appServer -->
<subEntry>admin</subEntry> <!-- admin service handles administrative events on a discrete node -->
<subEntry>segundo</subEntry> <!-- segundo operates the cool-storage warehousing service -->
<subEntry>tercero</subEntry> <!-- tercero is TBD as a service... -->
</services>
<!-- services settings (configuration setting reflects appServer on prod) -->
<!-- configuring a service as local means the service is running on the current running instance -->
<!-- configuring a service as active means that the service exists in the current Namaste cluster -->
<appServer>
<isLocal>1</isLocal>
<active>1</active> <!-- DO NOT CHANGE! -->
</appServer>
<admin>
<isLocal>0</isLocal>
<active>1</active> <!-- DO NOT CHANGE! -->
</admin>
<segundo>
<isLocal>0</isLocal>
<active>1</active>
</segundo>
<tercero>
<isLocal>0</isLocal>
<active>1</active>
</tercero>
<!-- session settings -->
<sessions>
<allowMultipleUserSessions>1</allowMultipleUserSessions> <!-- allows multiple simultaneous logins -->
<!-- one, of the next two, settings must be a non-zero value -->
<sessionDurationDays>7</sessionDurationDays> <!-- defines days before session expires (set to 0 if not used) -->
<sessionDurationHours>0</sessionDurationHours> <!-- defines hours before session expires (set to 0 is not used) -->
<sessionDelaySeconds>15</sessionDelaySeconds> <!-- pause for how-long after an unsuccessful login -->
</sessions>
<!-- defines shared-file system resource (may not be in-use) -->
<fileSys>
<sharedFS>/dev/shm</sharedFS>
</fileSys>
<!-- defines the external caching service end-point -->
<cache>
<expires>300</expires>
<isCluster>0</isCluster>
<logBuffer>0</logBuffer>
<logBufferCount>25</logBufferCount>
<server>
<hostName>HOSTNAME</hostName>
<portNum>PORTNUM</portNum>
<weight>50</weight>
<persistentID>production</persistentID>
</server>
</cache>
<!-- defines the database(s) used -->
<database>
<!-- values can be overwritten by individual schemas - these are the defaults -->
<queryRecordLimit>100</queryRecordLimit>
<queryWarnings>1</queryWarnings>
<queryTimers>1</queryTimers>
<queryTimerSlowQueryAlert>1000</queryTimerSlowQueryAlert>
<queryTimerSlowQueryWarning>800</queryTimerSlowQueryWarning>
<Ddb>
<enabled>0</enabled> <!-- todo: CORE-666: go back and add/refactor availability checks -->
<dbProduct>DynamoDB</dbProduct>
<rcu>10</rcu>
<wcu>10</wcu>
<appServer>
<enabled>0</enabled>
<useSSL>0</useSSL>
<dsn>HOSTNAME</dsn>
<port>PORT</port>
<region>us-west-2</region>
<version>latest</version>
<key_id>KEY_ID_HERE</key_id>
<access_key>ACCESS_KEY_HERE</access_key>
<sequence_collection_name>sequence_seq</sequence_collection_name>
</appServer>
<admin>
<enabled>0</enabled>
</admin>
<coolStorage>
<enabled>0</enabled>
</coolStorage>
</Ddb>
<mongodb>
<enabled>1</enabled> <!-- if either admin or namaste is enabled, then this must be enabled -->
<adminUser>gaAdmin</adminUser>
<adminPassword>SET_PASSWORD_IN_ENV_FILE</adminPassword>
<admin>
<enabled>1</enabled> <!-- use only 0 or 1 -->
<isLocal>0</isLocal>
<user>ADMIN_MONGO_USER</user>
<password>ADMIN_MONGO_PASSWORD</password>
<appname>admin</appname>
<useSSL>0</useSSL>
<useReadSecondary>1</useReadSecondary>
<useAuth>1</useAuth>
<authSource>givva_namaste_admin</authSource>
<host>HOSTNAME</host>
<port>PORTNUM</port>
<!-- do not edit the next two values -->
<readPreference>secondaryPreferred</readPreference>
<secondaryReadPreference>primaryPreferred</secondaryReadPreference>
<!-- cannot be less than 500, a value of 0 => disabled -->
<heartbeatFrequencyMS>5000</heartbeatFrequencyMS>
<mongo_db>givva_namaste_admin</mongo_db>
<queryWarnings>1</queryWarnings>
<queryTimers>1</queryTimers>
<wtimeout>0</wtimeout> <!-- write timeout choose value carefully for prod! -->
<journal>1</journal> <!-- journaling should be on for all non-dev envs -->
<replSet>
<enabled>0</enabled>
<replSetDSN>
<subEntry>HOSTNAME:PORTNUM</subEntry>
<subEntry>HOSTNAME:PORTNUM</subEntry>
</replSetDSN>
<replSetName>REPL_SET_NAME</replSetName>
</replSet>
<sharding>
<enabled>1</enabled> <!-- implies only that you connect to mongos instead of mongod -->
<mongosNodes>
<!-- mongos services list - one entry for each mongos service -->
<subEntry>HOSTNAME:PORTNUM</subEntry>
</mongosNodes>
</sharding>
</admin>
<appServer>
<enabled>1</enabled> <!-- use only 0 or 1 -->
<isLocal>0</isLocal>
<user>MONGO_USER_NAME</user>
<password>MONGO_USER_PASSWORD</password>
<appname>admin</appname>
<useSSL>0</useSSL>
<useReadSecondary>1</useReadSecondary>
<useAuth>1</useAuth>
<authSource>givva_namaste</authSource> <!-- db where the user creds are stored -->
<!-- stand-alone instance host/port : will be ignored if sharding or repl-set is on -->
<host>HOSTNAME</host>
<port>PORTNUM</port>
<!-- read-preferences affect all service types -->
<readPreference>primaryPreferred</readPreference>
<secondaryReadPreference>secondaryPreferred</secondaryReadPreference>
<!-- cannot be less than 500, a value of 0 => disabled -->
<heartbeatFrequencyMS>5000</heartbeatFrequencyMS>
<mongo_db>givva_namaste</mongo_db>
<queryWarnings>1</queryWarnings>
<queryTimers>1</queryTimers>
<wtimeout>0</wtimeout> <!-- write timeout choose value carefully for prod! -->
<journal>0</journal> <!-- journaling should be off for all non-prod envs -->
<replSet>
<enabled>0</enabled>
<replSetDSN>
<!-- repl-set members are listed here -->
<subEntry>HOSTNAME:PORTNUM</subEntry>
<subEntry>HOSTNAME:PORTNUM</subEntry>
<subEntry>HOSTNAME:PORTNUM</subEntry>
</replSetDSN>
<replSetName>REPL_SET_NAME</replSetName>
</replSet>
<sharding>
<enabled>1</enabled>
<mongosNodes>
<!-- mongos services list -->
<subEntry>HOSTNAME:PORTNUM</subEntry>
</mongosNodes>
</sharding>
</appServer>
<segundo>
<enabled>1</enabled> <!-- use only 0 or 1 -->
<isLocal>0</isLocal>
<user>MONGO_USER_NAME</user>
<password>MONGO_USER_PASSWORD</password>
<appname>coolStorage</appname>
<useSSL>0</useSSL>
<useReadSecondary>1</useReadSecondary>
<useAuth>1</useAuth>
<authSource>givva_namaste_segundo</authSource> <!-- db where the user creds are stored -->
<!-- stand-alone instance host/port : will be ignored if sharding or repl-set is on -->
<host>HOSTNAME</host>
<port>PORTNUM</port>
<!-- read-preferences affect all service types -->
<readPreference>secondaryPreferred</readPreference>
<secondaryReadPreference>primaryPreferred</secondaryReadPreference>
<!-- cannot be less than 500, a value of 0 => disabled -->
<heartbeatFrequencyMS>5000</heartbeatFrequencyMS>
<mongo_db>givva_namaste_segundo</mongo_db>
<queryWarnings>1</queryWarnings>
<queryTimers>1</queryTimers>
<wtimeout>0</wtimeout> <!-- write timeout choose value carefully for prod! -->
<journal>0</journal> <!-- journaling should be off for all non-prod envs -->
<replSet>
<enabled>0</enabled>
<replSetDSN>
<!-- repl-set members are listed here -->
<subEntry>HOSTNAME:PORTNUM</subEntry>
<subEntry>HOSTNAME:PORTNUM</subEntry>
<subEntry>HOSTNAME:PORTNUM</subEntry>
</replSetDSN>
<replSetName>REPL_SET_NAME</replSetName>
</replSet>
<sharding>
<enabled>1</enabled>
<mongosNodes>
<!-- mongos services list -->
<subEntry>HOSTNAME:PORTNUM</subEntry>
</mongosNodes>
</sharding>
</segundo>
<tercero>
<enabled>1</enabled> <!-- use only 0 or 1 -->
<isLocal>0</isLocal>
<user>MONGO_USER_NAME</user>
<password>MONGO_USER_PASSWORD</password>
<appname>userStorage</appname>
<useSSL>0</useSSL>
<useReadSecondary>1</useReadSecondary>
<useAuth>1</useAuth>
<authSource>givva_namaste_users</authSource> <!-- db where the user creds are stored -->
<!-- stand-alone instance host/port : will be ignored if sharding or repl-set is on -->
<host>HOSTNAME</host>
<port>PORTNUM</port>
<!-- read-preferences affect all service types -->
<readPreference>secondaryPreferred</readPreference>
<secondaryReadPreference>primaryPreferred</secondaryReadPreference>
<!-- cannot be less than 500, a value of 0 => disabled -->
<heartbeatFrequencyMS>5000</heartbeatFrequencyMS>
<mongo_db>givva_namaste_users</mongo_db>
<queryWarnings>1</queryWarnings>
<queryTimers>1</queryTimers>
<wtimeout>0</wtimeout> <!-- write timeout choose value carefully for prod! -->
<journal>0</journal> <!-- journaling should be off for all non-prod envs -->
<replSet>
<enabled>0</enabled>
<replSetDSN>
<!-- repl-set members are listed here -->
<subEntry>HOSTNAME:PORTNUM</subEntry>
<subEntry>HOSTNAME:PORTNUM</subEntry>
<subEntry>HOSTNAME:PORTNUM</subEntry>
</replSetDSN>
<replSetName>REPL_SET_NAME</replSetName>
</replSet>
<sharding>
<enabled>1</enabled>
<mongosNodes>
<!-- mongos services list -->
<subEntry>HOSTNAME:PORTNUM</subEntry>
</mongosNodes>
</sharding>
</tercero>
</mongodb>
<PDO> <!-- aka: mysql, aka mariadb: supports only repl sets/stand-alone, not sharding -->
<enabled>1</enabled>
<appServer>
<enabled>1</enabled>
<useReadSecondary>1</useReadSecondary>
<PDO_master>
<db_hostname>HOSTNAME</db_hostname>
<db_username>MYSQL_USER_NAME</db_username>
<db_password>MYSQL_USER_PASSWORD</db_password>
<db_port>PORTNUM</db_port>
<db_database>givva_namaste</db_database>
<db_charset>charset=utf8mb4</db_charset>
<queryWarnings>1</queryWarnings>
<queryTimers>1</queryTimers>
</PDO_master>
<PDO_secondary>
<db_hostname>HOSTNAME</db_hostname>
<db_username>MYSQL_USER_NAME</db_username>
<db_password>MYSQL_USER_PASSWORD</db_password>
<db_port>PORTNUM</db_port>
<db_charset>charset=utf8mb4</db_charset>
<queryWarnings>1</queryWarnings>
<queryTimers>1</queryTimers>
</PDO_secondary>
</appServer>
<segundo>
<enabled>0</enabled>
<useReadSecondary>1</useReadSecondary>
<PDO_master>
<db_hostname>HOSTNAME</db_hostname>
<db_username>MYSQL_USER_NAME</db_username>
<db_password>MYSQL_USER_PASSWORD</db_password>
<db_port>PORTNUM</db_port>
<db_database>givva_namaste_segundo</db_database>
<db_charset>charset=utf8mb4</db_charset>
<queryWarnings>1</queryWarnings>
<queryTimers>1</queryTimers>
</PDO_master>
<PDO_secondary>
<db_hostname>HOSTNAME</db_hostname>
<db_username>MYSQL_USER_NAME</db_username>
<db_password>MYSQL_USER_PASSWORD</db_password>
<db_port>PORTNUM</db_port>
<db_charset>charset=utf8mb4</db_charset>
<queryWarnings>1</queryWarnings>
<queryTimers>1</queryTimers>
</PDO_secondary>
</segundo>
<tercero>
<enabled>0</enabled>
<useReadSecondary>1</useReadSecondary>
<PDO_master>
<db_hostname>HOSTNAME</db_hostname>
<db_username>MYSQL_USER_NAME</db_username>
<db_password>MYSQL_USER_PASSWORD</db_password>
<db_port>PORTNUM</db_port>
<db_database>givva_namaste_users</db_database>
<db_charset>charset=utf8mb4</db_charset>
<queryWarnings>1</queryWarnings>
<queryTimers>1</queryTimers>
</PDO_master>
<PDO_secondary>
<db_hostname>HOSTNAME</db_hostname>
<db_username>MYSQL_USER_NAME</db_username>
<db_password>MYSQL_USER_PASSWORD</db_password>
<db_port>PORTNUM</db_port>
<db_charset>charset=utf8mb4</db_charset>
<queryWarnings>1</queryWarnings>
<queryTimers>1</queryTimers>
</PDO_secondary>
</tercero>
</PDO>
</database>
<!-- the MQ resource definitions -->
<brokerServices>
<!-- some broker services have consistent tags across all services -->
<queueTag>prod_</queueTag>
<vhost>prod</vhost>
<timerViolation>3000</timerViolation>
<recordsPerXfer>5000</recordsPerXfer>
<keepalive>1</keepalive>
<heartbeat>60</heartbeat>
<useSSL>0</useSSL>
<certPath>/etc/rabbitmq</certPath> <!-- do not overwrite this value in another broker config! -->
<debug>0</debug>
<!-- by default, the appServer tag defines the Namaste broker resource -->
<appServer>
<host>HOSTNAME</host>
<port>PORT</port>
<apiPort>15672</apiPort>
<user>RMQ_USER_NAME</user>
<pass>RQM_USER_PASS</pass>
<RPI>50</RPI>
<Instances>
<rBroker>2</rBroker>
<wBroker>2</wBroker>
<mBroker>0</mBroker>
</Instances>
<primeInstances>
<!--
if there's a non-standard instance to be run on prime, then declare it here...
for example, if you do create an off-site namaste instance where events can be forwarded to the
remote site, then you should declare the local broker/handler that consumes (and re-packages) those
events in this section.
-->
</primeInstances>
</appServer>
<!-- admin server is a required component -->
<admin>
<!-- the administrative MQ service -->
<host>HOSTNAME</host>
<port>PORTNUM</port>
<user>RMQ_USER_NAME</user>
<pass>RMQ_USER_PASS</pass>
<RPI>50</RPI>
<Instances>
<adminBrokerIn>2</adminBrokerIn>
<adminBrokerOut>4</adminBrokerOut>
<adminLogsBroker>4</adminLogsBroker>
<adminSyslogBroker>4</adminSyslogBroker>
<adminGraphBroker>4</adminGraphBroker>
</Instances>
</admin>
<!-- this is the configuration for segundo - which is the Namaste WH broker and lives on a server separate -->
<!-- from both the appServer (Namaste) and admin services. -->
<!-- Override these settings in the env.xml file on the segundo server. -->
<segundo>
<host>HOSTNAME</host>
<port>PORTNUM</port>
<user>RMQ_USER_NAME</user>
<pass>RMQ_USER_PASS</pass>
<RPI>50</RPI>
<Instances>
<whBroker>2</whBroker>
<cBroker>4</cBroker>
</Instances>
</segundo>
<tercero>
<host>HOSTNAME</host>
<port>PORTNUM</port>
<user>RMQ_USER_NAME</user>
<pass>RMQ_USER_PASS</pass>
<RPI>50</RPI>
<Instances>
<uBroker>2</uBroker>
<sBroker>2</sBroker>
</Instances>
</tercero>
</brokerServices>
<!-- here, we define how secret-squirrel we need to be -->
<security>
<useRestrictedList>1</useRestrictedList> <!-- emails limited to addresses in this list -->
<useBannedList>1</useBannedList> <!-- no one on this list gets emails -->
<hashAlgo>PASSWORD_ARGON2I</hashAlgo> <!-- hashing algorithm for passwords -->
<requiresTLS>
<mq>0</mq>
<mongo>0</mongo>
<PDO>0</PDO>
<cache>0</cache>
</requiresTLS>
<mq>
<sslDir>/etc/ssl/</sslDir>
<sslFile>ca-chain.cert.pem</sslFile>
<pemFile>www.host.com.cert.pem</pemFile>
<allowSelfSigned>0</allowSelfSigned>
<verifyPeer>1</verifyPeer>
<verifyPeerName>1</verifyPeerName>
<verifyExpiry>1</verifyExpiry>
</mq>
<nosql>
<sslDir>/etc/ssl/</sslDir>
<sslFile>ca-chain.cert.pem</sslFile>
<pemFile>www.host.com.cert.pem</pemFile>
<allowSelfSigned>0</allowSelfSigned>
<verifyPeer>1</verifyPeer>
<verifyPeerName>1</verifyPeerName>
<verifyExpiry>1</verifyExpiry>
</nosql>
<cache>
<sslDir>/etc/ssl/</sslDir>
<sslFile>ca-chain.cert.pem</sslFile>
<pemFile>www.host.com.cert.pem</pemFile>
<allowSelfSigned>0</allowSelfSigned>
<verifyPeer>1</verifyPeer>
<verifyPeerName>1</verifyPeerName>
<verifyExpiry>1</verifyExpiry>
</cache>
</security>
<!-- if it's required to email-out from the framework, then configure it here -->
<email>
<testFromAddress>No-Reply@givva.com</testFromAddress>
<fromName>Namaste by Givva</fromName>
<prodFromAddress>No-Reply@givva.com</prodFromAddress>
<noReplyAddress>No-Reply@givva.com</noReplyAddress>
<developerEmail>mike@givingassistant.org</developerEmail>
<developerName>Namaste Developers</developerName>
<managerEmail>sysadmin@givingassistant.org</managerEmail>
<managerName>GA Engineering Managers</managerName>
<bcc_enabled>0</bcc_enabled>
<bccAddress>scott@givingassistant.org</bccAddress>
<apiLogin>sysadmin@givingassistant.org</apiLogin>
<apiPassword>#wj7SUU3ueJtr8E</apiPassword>
<apiKey>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</apiKey>
<passwordValidityInDays>30</passwordValidityInDays>
<testApiKey>NONE</testApiKey>
<timerViolation>5000</timerViolation>
</email>
<!-- requests to the framework can require meta-data elements: this section defines what those elements are -->
<!-- and which service requires what elements to be bundled into the meta-data payload for every request. -->
<meta>
<!-- customer service account -->
<csr>
<sessionIP>1</sessionIP>
<sessionID>1</sessionID>
<client>1</client>
<clientIP>0</clientIP>
<csrRole>1</csrRole>
</csr>
<SMAX>
<sessionIP>0</sessionIP>
<sessionID>0</sessionID>
<client>1</client>
<clientIP>1</clientIP>
<csrRole>0</csrRole>
</SMAX>
<SMAXUser>
<sessionIP>0</sessionIP>
<sessionID>0</sessionID>
<client>1</client>
<authToken>1</authToken>
<clientIP>1</clientIP>
<csrRole>0</csrRole>
</SMAXUser>
<!-- end-user/client account -->
<client>
<sessionIP>0</sessionIP>
<sessionID>0</sessionID>
<client>1</client>
<clientIP>0</clientIP>
<csrRole>0</csrRole>
</client>
<!-- namaste (internal) account -->
<system>
<sessionIP>0</sessionIP>
<sessionID>0</sessionID>
<client>1</client>
<clientIP>0</clientIP>
<csrRole>0</csrRole>
</system>
<!-- unit testing requests -->
<unitTest>
<sessionIP>0</sessionIP>
<sessionID>0</sessionID>
<client>1</client>
<clientIP>0</clientIP>
<csrRole>0</csrRole>
</unitTest>
<!-- audit requests -->
<audit>
<sessionIP>0</sessionIP>
<sessionID>0</sessionID>
<client>1</client>
<clientIP>0</clientIP>
<csrRole>0</csrRole>
</audit>
</meta>
</application>
Reference in New Issue View Git Blame Copy Permalink