josh
a0c0fb114f
CI / Lint + build + test (push) Has been cancelled
vetting-agent gains a `host` subcommand that runs as a systemd service
installed by the quick-register one-liner, POSTing every 30s to
/api/v1/hosts/{mac}/heartbeat so the dashboard tile shows "online" or
"Nm ago" without waiting on WoL. Ships dormant client code for the
Phase 2 reboot_for_vetting command so the server can flip it on later
without a binary redeploy.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
88 lines
2.6 KiB
YAML
88 lines
2.6 KiB
YAML
server:
|
|
bind: "127.0.0.1:8080"
|
|
# Base URL the orchestrator is reachable at from the operator's
|
|
# browser. Used as the click-through link in notifications, so it
|
|
# should be the *external* URL (e.g. https://vetting.lan:8443),
|
|
# not the bind address.
|
|
public_url: "http://127.0.0.1:8080"
|
|
tls:
|
|
enabled: false
|
|
cert_file: ""
|
|
key_file: ""
|
|
|
|
database:
|
|
path: "./var/vetting.db"
|
|
|
|
artifacts:
|
|
dir: "./var/artifacts"
|
|
# Days to keep per-run artifact files (report.html, report.json, fio,
|
|
# iperf, inventory.json, hold keys). DB rows are preserved. 0 = forever.
|
|
retention_days: 30
|
|
|
|
logs:
|
|
dir: "./var/logs"
|
|
# Days to keep per-run log files. 0 = forever.
|
|
retention_days: 30
|
|
|
|
janitor:
|
|
# Interval between cleanup sweeps. 0 defaults to 60.
|
|
interval_minutes: 60
|
|
|
|
dispatcher:
|
|
max_concurrent_runs: 3
|
|
|
|
# Fields below are populated in later phases and ignored in Phase 1.
|
|
|
|
pxe:
|
|
enabled: false
|
|
interface: "" # e.g. "eth0"
|
|
dhcp_range: "" # e.g. "10.77.0.100,10.77.0.200,12h"
|
|
orchestrator_url: "" # e.g. "http://10.77.0.1:8080"
|
|
tftp_root: "" # holds ipxe.efi + undionly.kpxe
|
|
live_dir: "" # holds vmlinuz + initrd.img; served at /live/*
|
|
|
|
agent:
|
|
# Directory containing vetting-agent-linux-amd64. The quick-register
|
|
# one-liner downloads from /assets/vetting-agent-linux-amd64 and
|
|
# installs it as a systemd service so the host keeps heartbeating.
|
|
# Leave empty to disable the /assets/* route.
|
|
asset_dir: "./var/assets"
|
|
|
|
# Notifications fire on StageFailed, SpecMismatch, HoldingOpened,
|
|
# RunCompleted. Declare one or more notifiers and route each event
|
|
# kind (and optionally severity) to a notifier by name. Delivery is
|
|
# fire-and-forget (one attempt per event, logged on failure).
|
|
#
|
|
# Example (uncomment and fill in):
|
|
#
|
|
# notifiers:
|
|
# - name: ops-ntfy
|
|
# type: ntfy
|
|
# server: https://ntfy.sh
|
|
# topic: vetting-YOUR-TOPIC
|
|
# - name: ops-discord
|
|
# type: discord
|
|
# webhook_url: https://discord.com/api/webhooks/XXX/YYY
|
|
# - name: ops-email
|
|
# type: smtp
|
|
# smtp:
|
|
# host: mail.lan
|
|
# port: 25
|
|
# from: vetting@lan.local
|
|
# to: [ops@lan.local]
|
|
#
|
|
# routes:
|
|
# # Critical events (failures / holds) fire on all three channels.
|
|
# - match_severity: [critical]
|
|
# notifier: ops-ntfy
|
|
# - match_severity: [critical]
|
|
# notifier: ops-discord
|
|
# - match_severity: [critical]
|
|
# notifier: ops-email
|
|
# # RunCompleted is informational — push to ntfy only.
|
|
# - match_kind: [RunCompleted]
|
|
# notifier: ops-ntfy
|
|
|
|
notifiers: []
|
|
routes: []
|