sam
4e9bd7cc5a
Sets mem_limit on every service to cap the OOM/swap-exhaustion risk (the lab host had only 5 MiB swap free). The three heavy services (psql, kafka, psql-app) read their limits from .env so production can raise them; the rest use lab-appropriate fixed values. Total ~25 GB, leaving headroom on the 31 GB lab host. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
63 lines
2.5 KiB
Plaintext
63 lines
2.5 KiB
Plaintext
# OpenBMP stack configuration — copy to .env and fill in.
|
|
# cp .env.example .env && $EDITOR .env && ./setup.sh
|
|
# The real .env is git-ignored and never committed.
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# Core deployment
|
|
# ---------------------------------------------------------------------------
|
|
# Host path for all persistent data (postgres, kafka, grafana, authelia, ...).
|
|
OBMP_DATA_ROOT=/var/openbmp
|
|
|
|
# IP of this host that routers and external clients connect to
|
|
# (Kafka external listener, BMP source, ExaBGP peering).
|
|
HOST_IP=changeme
|
|
|
|
# Public domain fronting Grafana / Authelia / portal (TLS terminates upstream).
|
|
OBMP_DOMAIN=changeme.example.com
|
|
|
|
# Authelia session-cookie domain — the parent domain of OBMP_DOMAIN so the
|
|
# cookie is valid across subpaths/subdomains.
|
|
OBMP_COOKIE_DOMAIN=example.com
|
|
|
|
# Container memory limits. Lab defaults shown; raise for production
|
|
# (see docs/production-sizing.md). psql-app's limit must exceed its MEM heap.
|
|
PSQL_MEM_LIMIT=6g
|
|
PSQL_APP_MEM_LIMIT=4g
|
|
KAFKA_MEM_LIMIT=4g
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# ExaBGP route injector (test profile)
|
|
# ---------------------------------------------------------------------------
|
|
EXABGP_LOCAL_IP=changeme
|
|
EXABGP_LOCAL_AS=65100
|
|
EXABGP_API_PORT=5050
|
|
# Semicolon-separated peer list, each entry "ip:peer_as:description".
|
|
EXABGP_PEERS=10.100.0.100:65020:CML-R9K-CORE-01;10.100.0.200:65020:CML-R9K-CORE-02
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# CML lab API + IOS-XR NETCONF (used by cml/ automation scripts)
|
|
# ---------------------------------------------------------------------------
|
|
PROX-CML_URL=http://changeme
|
|
PROX-CML_USERNAME=changeme
|
|
PROX-CML_PASSWORD=changeme
|
|
|
|
# Default IOS-XR NETCONF credentials, plus the admin-tier override for routers
|
|
# that use a separate account.
|
|
IOSXR_NETCONF_USER=changeme
|
|
IOSXR_NETCONF_PASS=changeme
|
|
IOSXR_NETCONF_ADMIN_USER=changeme
|
|
IOSXR_NETCONF_ADMIN_PASS=changeme
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# Integrations
|
|
# ---------------------------------------------------------------------------
|
|
GITEA_API_KEY=changeme
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# Authelia secrets — leave BLANK; setup.sh generates them with openssl on a
|
|
# fresh host and appends them here. Existing values are never overwritten.
|
|
# ---------------------------------------------------------------------------
|
|
AUTHELIA_SESSION_SECRET=
|
|
AUTHELIA_JWT_SECRET=
|
|
AUTHELIA_STORAGE_ENCRYPTION_KEY=
|