-
Notifications
You must be signed in to change notification settings - Fork 2
/
config.yaml.example
42 lines (37 loc) · 1.69 KB
/
config.yaml.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
%YAML 1.2
---
# CPPM Defaults:
# -- grant_type: client_credentials
# -- webserver: port: 8080
# -- username: nul (must provide value if grant_type: password)
# -- password: nul (must provide value if grant_type: password)
# -- FQDN can be VIP all servers in cluster with hostname in SAN will get cert
CPPM:
fqdn: cppm.arubalab.net
client_id: Full API Client
client_secret: ClearPass-API-Client-Secret-Goes-Here
https_cert_p12: cppm.arubalab.net.p12 # used as final portion of webserver full url, and as last part of local cert path
https_cert_passphrase: reD@cted!!
webserver:
base_url: http://omv.arubalab.net # ip or fqdn cppm would use to access server hosting the cert (this system or external)
port: 8080
path: "certs"
# The above will result in "http://omv.arubalab.net:8080/certs/cppm.arubalab.net.p12" being used as the full path where CPPM can get the cert
cert_dir: "/export/FileDump/certificates/LetsEncrypt"
# -- // used in pol-elements-from-csv.py \\ --
in_file: in/adgroup2tunnel.csv
authz_src: "arubalabAD"
role_name_pfx: "VPN-"
enf_profile_pfx: "Assign Tunnel "
role_mapping_name: "ANYCONNECT_ROLE_MAPPING"
role_mapping_description: "MAP Tips Role (VPN TUNNEL) Based on AD Group Membership"
enf_policy_name: "ANYCONNECT_ENFOREMENT_POLICY"
enf_policy_description: "Return Radius Accept if user Authorized for selected Tunnel"
# -- service: PushBullet is only valid service currently
# -- Remove this section to disable Notification
# -- Notifications only occur if Update or error (not if no update required)
NOTIFY:
service: PushBullet
api_key: "pushbullet-api-key-goes-here"
# -- additional logging
debug: false