jesus/provisioning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
provisioning/docs/src/user/configuration.md

760 lines
16 KiB
Markdown
Raw Normal View History

chore: update provisioning configuration and documentation Update configuration files, templates, and internal documentation for the provisioning repository system. Configuration Updates: - KMS configuration modernization - Plugin system settings - Service port mappings - Test cluster topologies - Installation configuration examples - VM configuration defaults - Cedar authorization policies Documentation Updates: - Library module documentation - Extension API guides - AI system documentation - Service management guides - Test environment setup - Plugin usage guides - Validator configuration documentation All changes are backward compatible.
2025-12-11 21:50:42 +00:00
# Configuration Guide
This comprehensive guide explains the configuration system of the Infrastructure Automation platform, helping you understand, customize, and manage all configuration aspects.
## What You'll Learn
- Understanding the configuration hierarchy and precedence
- Working with different configuration file types
- Configuration interpolation and templating
- Environment-specific configurations
- User customization and overrides
- Validation and troubleshooting
- Advanced configuration patterns
## Configuration Architecture
### Configuration Hierarchy
The system uses a layered configuration approach with clear precedence rules:
```
Runtime CLI arguments (highest precedence)
↓ (overrides)
Environment Variables
↓ (overrides)
Infrastructure Config (./.provisioning.toml)
↓ (overrides)
Project Config (./provisioning.toml)
↓ (overrides)
User Config (~/.config/provisioning/config.toml)
↓ (overrides)
System Defaults (config.defaults.toml) (lowest precedence)
```
### Configuration File Types
| File Type | Purpose | Location | Format |
|-----------|---------|----------|--------|
| **System Defaults** | Base system configuration | `config.defaults.toml` | TOML |
| **User Config** | Personal preferences | `~/.config/provisioning/config.toml` | TOML |
| **Project Config** | Project-wide settings | `./provisioning.toml` | TOML |
| **Infrastructure Config** | Infra-specific settings | `./.provisioning.toml` | TOML |
| **Environment Config** | Environment overrides | `config.{env}.toml` | TOML |
| **Infrastructure Definitions** | Infrastructure as Code | `settings.k`, `*.k` | KCL |
## Understanding Configuration Sections
### Core System Configuration
```toml
[core]
version = "1.0.0" # System version
name = "provisioning" # System identifier
```
### Path Configuration
The most critical configuration section that defines where everything is located:
```toml
[paths]
# Base directory - all other paths derive from this
base = "/usr/local/provisioning"
# Derived paths (usually don't need to change these)
kloud = "{{paths.base}}/infra"
providers = "{{paths.base}}/providers"
taskservs = "{{paths.base}}/taskservs"
clusters = "{{paths.base}}/cluster"
resources = "{{paths.base}}/resources"
templates = "{{paths.base}}/templates"
tools = "{{paths.base}}/tools"
core = "{{paths.base}}/core"
[paths.files]
# Important file locations
settings_file = "settings.k"
keys = "{{paths.base}}/keys.yaml"
requirements = "{{paths.base}}/requirements.yaml"
```
### Debug and Logging
```toml
[debug]
enabled = false # Enable debug mode
metadata = false # Show internal metadata
check = false # Default to check mode (dry run)
remote = false # Enable remote debugging
log_level = "info" # Logging verbosity
no_terminal = false # Disable terminal features
```
### Output Configuration
```toml
[output]
file_viewer = "less" # File viewer command
format = "yaml" # Default output format (json, yaml, toml, text)
```
### Provider Configuration
```toml
[providers]
default = "local" # Default provider
[providers.aws]
api_url = "" # AWS API endpoint (blank = default)
auth = "" # Authentication method
interface = "CLI" # Interface type (CLI or API)
[providers.upcloud]
api_url = "https://api.upcloud.com/1.3"
auth = ""
interface = "CLI"
[providers.local]
api_url = ""
auth = ""
interface = "CLI"
```
### Encryption (SOPS) Configuration
```toml
[sops]
use_sops = true # Enable SOPS encryption
config_path = "{{paths.base}}/.sops.yaml"
# Search paths for Age encryption keys
key_search_paths = [
"{{paths.base}}/keys/age.txt",
"~/.config/sops/age/keys.txt"
]
```
## Configuration Interpolation
The system supports powerful interpolation patterns for dynamic configuration values.
### Basic Interpolation Patterns
#### Path Interpolation
```toml
# Reference other path values
templates = "{{paths.base}}/my-templates"
custom_path = "{{paths.providers}}/custom"
```
#### Environment Variable Interpolation
```toml
# Access environment variables
user_home = "{{env.HOME}}"
current_user = "{{env.USER}}"
custom_path = "{{env.CUSTOM_PATH || /default/path}}" # With fallback
```
#### Date/Time Interpolation
```toml
# Dynamic date/time values
log_file = "{{paths.base}}/logs/app-{{now.date}}.log"
backup_dir = "{{paths.base}}/backups/{{now.timestamp}}"
```
#### Git Information Interpolation
```toml
# Git repository information
deployment_branch = "{{git.branch}}"
version_tag = "{{git.tag}}"
commit_hash = "{{git.commit}}"
```
#### Cross-Section References
```toml
# Reference values from other sections
database_host = "{{providers.aws.database_endpoint}}"
api_key = "{{sops.decrypted_key}}"
```
### Advanced Interpolation
#### Function Calls
```toml
# Built-in functions
config_path = "{{path.join(env.HOME, .config, provisioning)}}"
safe_name = "{{str.lower(str.replace(project.name, ' ', '-'))}}"
```
#### Conditional Expressions
```toml
# Conditional logic
debug_level = "{{debug.enabled && 'debug' || 'info'}}"
storage_path = "{{env.STORAGE_PATH || path.join(paths.base, 'storage')}}"
```
### Interpolation Examples
```toml
[paths]
base = "/opt/provisioning"
workspace = "{{env.HOME}}/provisioning-workspace"
current_project = "{{paths.workspace}}/{{env.PROJECT_NAME || 'default'}}"
[deployment]
environment = "{{env.DEPLOY_ENV || 'development'}}"
timestamp = "{{now.iso8601}}"
version = "{{git.tag || git.commit}}"
[database]
connection_string = "postgresql://{{env.DB_USER}}:{{env.DB_PASS}}@{{env.DB_HOST || 'localhost'}}/{{env.DB_NAME}}"
[notifications]
slack_channel = "#{{env.TEAM_NAME || 'general'}}-notifications"
email_subject = "Deployment {{deployment.environment}} - {{deployment.timestamp}}"
```
## Environment-Specific Configuration
### Environment Detection
The system automatically detects the environment using:
1. **PROVISIONING_ENV** environment variable
2. **Git branch patterns** (dev, staging, main/master)
3. **Directory patterns** (development, staging, production)
4. **Explicit configuration**
### Environment Configuration Files
Create environment-specific configurations:
#### Development Environment (`config.dev.toml`)
```toml
[core]
name = "provisioning-dev"
[debug]
enabled = true
log_level = "debug"
metadata = true
[providers]
default = "local"
[cache]
enabled = false # Disable caching for development
[notifications]
enabled = false # No notifications in dev
```
#### Testing Environment (`config.test.toml`)
```toml
[core]
name = "provisioning-test"
[debug]
enabled = true
check = true # Default to check mode in testing
log_level = "info"
[providers]
default = "local"
[infrastructure]
auto_cleanup = true # Clean up test resources
resource_prefix = "test-{{git.branch}}-"
```
#### Production Environment (`config.prod.toml`)
```toml
[core]
name = "provisioning-prod"
[debug]
enabled = false
log_level = "warn"
[providers]
default = "aws"
[security]
require_approval = true
audit_logging = true
encrypt_backups = true
[notifications]
enabled = true
critical_only = true
```
### Environment Switching
```bash
# Set environment for session
export PROVISIONING_ENV=dev
provisioning env
# Use environment for single command
provisioning --environment prod server create
# Switch environment permanently
provisioning env set prod
```
## User Configuration Customization
### Creating Your User Configuration
```bash
# Initialize user configuration from template
provisioning init config
# Or copy and customize
cp config-examples/config.user.toml ~/.config/provisioning/config.toml
```
### Common User Customizations
#### Developer Setup
```toml
[paths]
base = "/Users/alice/dev/provisioning"
[debug]
enabled = true
log_level = "debug"
[providers]
default = "local"
[output]
format = "json"
file_viewer = "code"
[sops]
key_search_paths = [
"/Users/alice/.config/sops/age/keys.txt"
]
```
#### Operations Engineer Setup
```toml
[paths]
base = "/opt/provisioning"
[debug]
enabled = false
log_level = "info"
[providers]
default = "aws"
[output]
format = "yaml"
[notifications]
enabled = true
email = "ops-team@company.com"
```
#### Team Lead Setup
```toml
[paths]
base = "/home/teamlead/provisioning"
[debug]
enabled = true
metadata = true
log_level = "info"
[providers]
default = "upcloud"
[security]
require_confirmation = true
audit_logging = true
[sops]
key_search_paths = [
"/secure/keys/team-lead.txt",
"~/.config/sops/age/keys.txt"
]
```
## Project-Specific Configuration
### Project Configuration File (`provisioning.toml`)
```toml
[project]
name = "web-application"
description = "Main web application infrastructure"
version = "2.1.0"
team = "platform-team"
[paths]
# Project-specific path overrides
infra = "./infrastructure"
templates = "./custom-templates"
[defaults]
# Project defaults
provider = "aws"
region = "us-west-2"
environment = "development"
[cost_controls]
max_monthly_budget = 5000.00
alert_threshold = 0.8
[compliance]
required_tags = ["team", "environment", "cost-center"]
encryption_required = true
backup_required = true
[notifications]
slack_webhook = "https://hooks.slack.com/services/..."
team_email = "platform-team@company.com"
```
### Infrastructure-Specific Configuration (`.provisioning.toml`)
```toml
[infrastructure]
name = "production-web-app"
environment = "production"
region = "us-west-2"
[overrides]
# Infrastructure-specific overrides
debug.enabled = false
debug.log_level = "error"
cache.enabled = true
[scaling]
auto_scaling_enabled = true
min_instances = 3
max_instances = 20
[security]
vpc_id = "vpc-12345678"
subnet_ids = ["subnet-12345678", "subnet-87654321"]
security_group_id = "sg-12345678"
[monitoring]
enabled = true
retention_days = 90
alerting_enabled = true
```
## Configuration Validation
### Built-in Validation
```bash
# Validate current configuration
provisioning validate config
# Detailed validation with warnings
provisioning validate config --detailed
# Strict validation mode
provisioning validate config strict
# Validate specific environment
provisioning validate config --environment prod
```
### Custom Validation Rules
Create custom validation in your configuration:
```toml
[validation]
# Custom validation rules
required_sections = ["paths", "providers", "debug"]
required_env_vars = ["AWS_REGION", "PROJECT_NAME"]
forbidden_values = ["password123", "admin"]
[validation.paths]
# Path validation rules
base_must_exist = true
writable_required = ["paths.base", "paths.cache"]
[validation.security]
# Security validation
require_encryption = true
min_key_length = 32
```
## Troubleshooting Configuration
### Common Configuration Issues
#### Issue 1: Path Not Found Errors
```bash
# Problem: Base path doesn't exist
# Check current configuration
provisioning env | grep paths.base
# Verify path exists
ls -la /path/shown/above
# Fix: Update user config
nano ~/.config/provisioning/config.toml
# Set correct paths.base = "/correct/path"
```
#### Issue 2: Interpolation Failures
```bash
# Problem: {{env.VARIABLE}} not resolving
# Check environment variables
env | grep VARIABLE
# Check interpolation
provisioning validate interpolation test
# Debug interpolation
provisioning --debug validate interpolation validate
```
#### Issue 3: SOPS Encryption Errors
```bash
# Problem: Cannot decrypt SOPS files
# Check SOPS configuration
provisioning sops config
# Verify key files
ls -la ~/.config/sops/age/keys.txt
# Test decryption
sops -d encrypted-file.k
```
#### Issue 4: Provider Authentication
```bash
# Problem: Provider authentication failed
# Check provider configuration
provisioning show providers
# Test provider connection
provisioning provider test aws
# Verify credentials
aws configure list # For AWS
```
### Configuration Debugging
```bash
# Show current configuration hierarchy
provisioning config show --hierarchy
# Show configuration sources
provisioning config sources
# Show interpolated values
provisioning config interpolated
# Debug specific section
provisioning config debug paths
provisioning config debug providers
```
### Configuration Reset
```bash
# Reset to defaults
provisioning config reset
# Reset specific section
provisioning config reset providers
# Backup current config before reset
provisioning config backup
```
## Advanced Configuration Patterns
### Dynamic Configuration Loading
```toml
[dynamic]
# Load configuration from external sources
config_urls = [
"https://config.company.com/provisioning/base.toml",
"file:///etc/provisioning/shared.toml"
]
# Conditional configuration loading
load_if_exists = [
"./local-overrides.toml",
"../shared/team-config.toml"
]
```
### Configuration Templating
```toml
[templates]
# Template-based configuration
base_template = "aws-web-app"
template_vars = {
region = "us-west-2"
instance_type = "t3.medium"
team_name = "platform"
}
# Template inheritance
extends = ["base-web", "monitoring", "security"]
```
### Multi-Region Configuration
```toml
[regions]
primary = "us-west-2"
secondary = "us-east-1"
[regions.us-west-2]
providers.aws.region = "us-west-2"
availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]
[regions.us-east-1]
providers.aws.region = "us-east-1"
availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
```
### Configuration Profiles
```toml
[profiles]
active = "development"
[profiles.development]
debug.enabled = true
providers.default = "local"
cost_controls.enabled = false
[profiles.staging]
debug.enabled = true
providers.default = "aws"
cost_controls.max_budget = 1000.00
[profiles.production]
debug.enabled = false
providers.default = "aws"
security.strict_mode = true
```
## Configuration Management Best Practices
### 1. Version Control
```bash
# Track configuration changes
git add provisioning.toml
git commit -m "feat(config): add production settings"
# Use branches for configuration experiments
git checkout -b config/new-provider
```
### 2. Documentation
```toml
# Document your configuration choices
[paths]
# Using custom base path for team shared installation
base = "/opt/team-provisioning"
[debug]
# Debug enabled for troubleshooting infrastructure issues
enabled = true
log_level = "debug" # Temporary while debugging network problems
```
### 3. Validation
```bash
# Always validate before committing
provisioning validate config
git add . && git commit -m "update config"
```
### 4. Backup
```bash
# Regular configuration backups
provisioning config export --format yaml > config-backup-$(date +%Y%m%d).yaml
# Automated backup script
echo '0 2 * * * provisioning config export > ~/backups/config-$(date +\%Y\%m\%d).yaml' | crontab -
```
### 5. Security
- Never commit sensitive values in plain text
- Use SOPS for encrypting secrets
- Rotate encryption keys regularly
- Audit configuration access
```bash
# Encrypt sensitive configuration
sops -e settings.k > settings.encrypted.k
# Audit configuration changes
git log -p -- provisioning.toml
```
## Configuration Migration
### Migrating from Environment Variables
```bash
# Old: Environment variables
export PROVISIONING_DEBUG=true
export PROVISIONING_PROVIDER=aws
# New: Configuration file
[debug]
enabled = true
[providers]
default = "aws"
```
### Upgrading Configuration Format
```bash
# Check for configuration updates needed
provisioning config check-version
# Migrate to new format
provisioning config migrate --from 1.0 --to 2.0
# Validate migrated configuration
provisioning validate config
```
## Next Steps
Now that you understand the configuration system:
1. **Create your user configuration**: `provisioning init config`
2. **Set up environment-specific configs** for your workflow
3. **Learn CLI commands**: [CLI Reference](cli-reference.md)
4. **Practice with examples**: [Examples and Tutorials](examples/)
5. **Troubleshoot issues**: [Troubleshooting Guide](troubleshooting-guide.md)
You now have complete control over how provisioning behaves in your environment!
Reference in New Issue Copy Permalink