Role Variables#

The following variables can be set to control the squirro-ansible roles behavior.

activity_tracking_cache_ttl#: Type: str

Default: 1d

Sets the TTL for the activity tracking cache. See confval:default_cache_ttl for details.

activity_tracking_cache_type#: Type: str (choices: Redis, MemoryLRU, Memory, Noop)

Default: ‘{{default_cache_type}}’

Sets the cache type for the activity tracking cache. See default_cache_type for details.

anyscale_key#: Type: str

Default: null

If set SquirroGPT is configured to leverage this Anyscale key (e.g. for Mistral).

auth_cache_ttl#: Type: str

Default: ‘{{default_cache_ttl}}’

Sets the TTL for the authentication cache. See confval:default_cache_ttl for details.

auth_cache_type#: Type: str (choices: Redis, MemoryLRU, Memory, Noop)

Default: MemoryLRU

Sets the cache type for the authentication cache. See default_cache_type for details.

build_number#: Type: str

Default: normal

This is of relevance if this ansible role is used to build images, e.g. via packer or in a CI/CD pipeline. If set to “packer” or “docker”, the behavior of the role is changed to support these use cases, e.g. services will not be started, log files will be cleared etc. Do only use the default “normal” mode in production as data loss can occur.

community_cache_ttl#: Type: str

Default: 60m

Sets the TTL for the community cache. See confval:default_cache_ttl for details.

community_cache_type#: Type: str (choices: Redis, MemoryLRU, Memory, Noop)

Default: ‘{{default_cache_type}}’

Sets the cache type for the community cache. See default_cache_type for details.

community_subscriptions_cache_ttl#: Type: str

Default: 60m

Sets the TTL for the community subscriptions cache. See confval:default_cache_ttl for details.

community_subscriptions_cache_type#: Type: str (choices: Redis, MemoryLRU, Memory, Noop)

Default: ‘{{default_cache_type}}’

Sets the cache type for the community subscriptions cache. See default_cache_type for details.

config_decrypt_command#: Type: str

Default: null

Can be set to a command line utility that will be called when the Squirro .ini files encounter prefix.

confluence_client_id#: Type: str

Default: null

If set the confluence_client_id value in the [dataloader] section of /etc/squirro/common.ini is set.

confluence_client_secret#: Type: str

Default: null

If set the confluence_client_secret value in the [dataloader] section of /etc/squirro/common.ini is set.

current_squirro_version#: Type: str

Default: null

Which Squirro version is currently installed. This is only relevant if squirro_mode is set to upgrade or reconfigure.

custom_pip_index_url#: Type: str

Default: ‘’

If custom pip index-url for the squirro virtualenv. This is only of relevance if additional pip packages/wheel need to be installed and the installation cannot reach the internet / pypi.

custom_rpm_packages#: Type: list

Default: null

database_type#: Type: str (choices: mysql, postgres)

Default: mysql

Set the SQL database Squirro is using. mysql is default and recommended. postgres support is currently experimental.

default_cache_ttl#: Type: str

Default: 5m

It specifies how long cache keys are re-used. The default value is 5 minutes. The supported suffixed are m -> minutes, h -> hours, d -> days. This is only the default setting, and can be overridden via other variables named *_cache_ttl. While its tempting to set very high cache times, we generally recommend lower values to avoid stale data. The default value is a good starting point.

default_cache_type#: Type: str (choices: Redis, MemoryLRU, Memory, Noop)

Default: MemoryLRU

Specify the default cache type for the various caching groups. The recommended value in production is always Redis. MemoryLRU can make sense in local development environments. This is only the default setting, and can be overridden via other variables named *_cache_type.

direct_attached_nvme_data_types#: Type: list (choices: elasticsearch)

Default: [elasticsearch]

Specify the data types that should be stored on the additional NVMe device. Currently only elasticsearch is supported. If you want to use this feature, you also need to specify the direct_attached_nvme_device and direct_attached_nvme_device_mount_point. Further data types will be added in the future, e.g. plumber for various tmp folders. Note: Due to the ephemeral nature of the NVMe devices, it is not recommended to operate elasticsearch indices without replicas on this devices. frequent snapshots are recommended.

direct_attached_nvme_device#: Type: str

Default: null

Specify an additional NVMe device for data storage. This is intended for directly attached NVMe devices, e.g. on AWS i3 instances, or regular instances with the d suffix on AWS (c5d, m5d, r5d). Typically these are ephemeral devices, meaning that the content is lost when the instance is stopped, but these have the advantage of being very fast. If you want to use this feature, you also need to specify the direct_attached_nvme_device_mount_point. The device will be formatted with xfs and mounted at the specified mount point before any services start.

direct_attached_nvme_device_mount_point#: Type: str

Default: /mnt/nvme

Specify the mount point for the additional NVMe device for data storage. This is intended for directly attached NVMe devices, e.g. on AWS i3 instances, or regular instances with the d suffix on AWS (c5d, m5d, r5d). Typically these are ephemeral devices, meaning that the content is lost when the instance is stopped, but these have the advantage of being very fast. If you want to use this feature, you also need to specify the direct_attached_nvme_device The device will be formatted with xfs and mounted at the specified mount point before any services start.

dropbox_app_key#: Type: str

Default: null

If set the dropbox_app_key value in the [dataloader] section of /etc/squirro/common.ini is set.

dropbox_app_secret#: Type: str

Default: null

If set the dropbox_app_secret value in the [dataloader] section of /etc/squirro/common.ini is set.

dropbox_client_id#: Type: str

Default: null

If set the dropbox_client_id value in the [dataloader] section of /etc/squirro/common.ini is set.

dropbox_client_secret#: Type: str

Default: null

If set the dropbox_client_secret value in the [dataloader] section of /etc/squirro/common.ini is set.

elasticsearch_cluster_nodes#: Type: list

Default: [127.0.0.1]

List of hostname or ip addresses of all elasticsearch nodes. This is only relevant if elasticsearch_discovery_type is set to zen.

elasticsearch_concurrent_recoveries#: Type: int

Default: 10

Number of concurrent recoveries that Elasticsearch is allowed to perform.

elasticsearch_daily_snapshot_cron_day#: Type: str

Default: ‘*’

Cron day string for daily snapshots. Only relevant if elasticsearch_snapshot_repository_name is set.

elasticsearch_daily_snapshot_cron_hour#: Type: str

Default: 1-23

Cron hour string for daily snapshots. Only relevant if elasticsearch_snapshot_repository_name is set.

elasticsearch_daily_snapshot_cron_minute#: Type: str

Default: ‘0’

Cron minute string for daily snapshots. Only relevant if elasticsearch_snapshot_repository_name is set.

elasticsearch_daily_snapshot_cron_month#: Type: str

Default: ‘*’

Cron weekday string for daily snapshots. Only relevant if elasticsearch_snapshot_repository_name is set.

elasticsearch_daily_snapshot_cron_weekday#: Type: str

Default: ‘*’

Cron month string for daily snapshots. Only relevant if elasticsearch_snapshot_repository_name is set.

elasticsearch_daily_snapshots_to_keep#: Type: int

Default: 48

How many daily snapshots to keep in the snapshot repository. Only relevant if elasticsearch_snapshot_repository_name is set.

elasticsearch_data_dir#: Type: str

Default: /var/lib/elasticsearch

Location of the elasticsearch data folder. Use this to place the elasticsearch indices onto dedicated storage volumes. e.g. on AWS you can use this to locate the data onto the ephemeral but very fast NVMe drives if you use a m5d, r5d or c5d instance type. Note that you cannot change this after the initial deployment. If you have multiple volumes, you can gain extra performance by letting elasticsearch span all of the volumes, in this case use elasticsearch_data_dirs.

elasticsearch_data_dirs#: Type: list

Default: [‘{{ elasticsearch_data_dir }}’]

Location of the elasticsearch data folders. See elasticsearch_data_dir for details. If both elasticsearch_data_dir and elasticsearch_data_dirs is set, the latter is used.

elasticsearch_discovery_type#: Type: str (choices: single-node, zen, ec2)

Default: zen

Set the Elasticsearch discovery mode.

elasticsearch_file_auth#: Type: bool

Default: false

Enable Elasticsearch file based authentication. This is recommended in a multi-node setup. If set to false, the default Elasticsearch authentication is used, which is not recommended, because the default authentication is stored in the cluster state, which can lead to difficult bootstrapping issues when the cluster state is lost/reset.

elasticsearch_file_auth_hashed_password#

Type: str

Default: null

Elasticsearch file based password hash. This is only relevant if elasticsearch_file_auth is set to true.

To create this hash, use the following command: echo '<some_password>' | htpasswd -nbiB -C 10 squirro | cut -c 9-

The password needs to be the value set in es_auth_password, otherwise the Squirro services will not be able to connect to Elasticsearch.

elasticsearch_file_auth_user#: Type: str

Default: squirro

Elasticsearch file based authentication username. This is only relevant if elasticsearch_file_auth is set to true. This value needs to be in sync with es_auth_user, otherwise the squirro services will not be able to connect to Elasticsearch. Note that the value cannot be elastic, as this is a reserved user for the native authentication realm.

elasticsearch_heap_size#: Type: int

Default: null

Set the RAM that elasticsearch allocates in gigabytes. If not set ansible will detect the total RAM available and will try to find a good setting. On a dedicated machine you should use no more than 50% of the available RAM, but not more than 32 gigabytes. On a machine with clusternode and storagenode, giving 25% of RAM to elasticsearch is a good starting point. In general less is more. A machine starved out of RAM will not perform well.

elasticsearch_hourly_snapshot_cron#: Type: str

Default: null

Cron schedule for the hourly Elasticsearch snapshot. This is only relevant if elasticsearch_snapshot_repository_name is set. The cronjob will be setup on all nodes, but will only go trough on the master node.

elasticsearch_hourly_snapshot_cron_day#: Type: str

Default: ‘*’

Cron day string for hourly snapshots. Only relevant if elasticsearch_snapshot_repository_name is set.

elasticsearch_hourly_snapshot_cron_hour#: Type: str

Default: 1-23

Cron hour string for hourly snapshots. Only relevant if elasticsearch_snapshot_repository_name is set.

elasticsearch_hourly_snapshot_cron_minute#: Type: str

Default: ‘0’

Cron minute string for hourly snapshots. Only relevant if elasticsearch_snapshot_repository_name is set.

elasticsearch_hourly_snapshot_cron_month#: Type: str

Default: ‘*’

Cron weekday string for hourly snapshots. Only relevant if elasticsearch_snapshot_repository_name is set.

elasticsearch_hourly_snapshots_to_keep#: Type: int

Default: 48

How many hourly snapshots to keep in the snapshot repository. Only relevant if elasticsearch_snapshot_repository_name is set.

elasticsearch_http_p12_base64_string#: Type: str

Default: null

Base64 encoded string of the http.p12 file. This is only relevant if elasticsearch_security is set to true. You can provision the file with other means, but this is the recommended way, as you can safely retrieve it from ansible vault or other secure storage. See the README_SSL.md for details on how to create the p12 files.

elasticsearch_http_p12_password#: Type: str

Default: null

Password for the http.p12 file. This is only relevant if elasticsearch_security is set to true.

elasticsearch_http_p12_path#: Type: str

Default: certs/http.p12

Path to the Elasticsearch http.p12 file. This is only relevant if elasticsearch_security is set to true. This is used by elasticsearch_http_p12_base64_string to provision the file, or needs to correspond to the path where the file is provisioned with other means. The path is relative to the elasticsearch config directory.

elasticsearch_install_aws_plugins#: Type: bool

Default: false

Install the AWS elasticsearch plugins. Note that this is an experimental feature and will need additional work. For example this can currently fail upgrades and will not work in offline mode.

elasticsearch_install_azure_plugins#: Type: bool

Default: false

Install the azure elasticsearch plugins. Note that this is an experimental feature and will need additional work. For example this can currently fail upgrades and will not work in offline mode.

elasticsearch_install_google_plugins#: Type: bool

Default: false

Install the Google elasticsearch plugins. Note that this is an experimental feature and will need additional work. For example this can currently fail upgrades and will not work in offline mode.

elasticsearch_max_concurrent_files_chunks#: Type: int

Default: 8

Maximum number of concurrent file chunks that Elasticsearch is allowed to use for recoveries.

elasticsearch_max_mb_per_sec#: Type: int

Default: 250

Maximum throughput in MB/s that Elasticsearch is allowed to use for recoveries.

elasticsearch_memory_lock#: Type: bool

Default: true

Should Elasticsearch lock all memory to prevent memory fragmentation. This should always be set to True unless in test / dev environment with extremely low RAM. Setting this to FALSE will have a severe performance impact.

elasticsearch_network_interface#: Type: str

Default: null

Only use a given network interface, e.g. eth0 or eth1.

elasticsearch_network_ip_protocol#: Type: str (choices: ipv4, ipv6)

Default: ipv4

Should elasticsearch listen to IPV4 or IPV6.

elasticsearch_password#: Type: str

Default: null

Elasticsearch bootstrapping password.

elasticsearch_replica_count#: Type: int

Default: 9

Number of elasticsearch index shards replicas. In multi-node deployments set at least to 1 to ensure fault tolerance.

elasticsearch_repo_paths#: Type: list

Default: []

List of paths where the Elasticsearch snapshot can be located. This is only relevant if you use shared filesystem snapshots. See https://www.elastic.co/guide/en/elasticsearch/reference/cu rrent/snapshots-filesystem-repository.html for details.

elasticsearch_security#: Type: bool

Default: false

Enable Elasticsearch security features on the node. If set to false, security features are disabled, which is not recommended. This is currently set to false, not to break existing instances that rely on unsecured Elasticsearch. However, in the future the security features are going to by enabled by default, so this value is going to change to true.

elasticsearch_shards_number#: Type: int

Default: 6

Number of elasticsearch index shards for new indices.

elasticsearch_snapshot_repository_name#: Type: str

Default: null

Name of the Elasticsearch snapshot repository. Used to schedule snapshots. This role does not create the initial repository, but will use it if it exists.

elasticsearch_squirro_cluster_name#: Type: str

Default: squirro-cluster-{{ ansible_hostname | to_uuid }}

Name of the elasticsearch cluster. Set a unique string if you intend to run a multi-node setup.

elasticsearch_transport_p12_base64_string#: Type: str

Default: null

Base64 encoded string of the transport.p12 file. This is only relevant if elasticsearch_security is set to true. You can provision the file with other means, but this is the recommended way, as you can safely retrieve it from ansible vault or other secure storage. See the README_SSL.md for details on how to create the p12 files.

elasticsearch_transport_p12_password#: Type: str

Default: null

Password for the transport.p12 file. This is only relevant if elasticsearch_security is set to true.

elasticsearch_transport_p12_path#: Type: str

Default: certs/transport.p12

Path to the Elasticsearch transport.p12 file. This is only relevant if elasticsearch_security is set to true. This is used by elasticsearch_transport_p12_base64_string to provision the file, or needs to correspond to the path where the file is provisioned with other means. The path is relative to the elasticsearch config directory.

es_auth_password#: Type: str

Default: null

Elasticsearch authentication password. Used by the squirro services to connect to Elasticsearch. If this value is changed, the corresponding hash In elasticsearch_file_auth_hashed_password needs to be updated as well with a new hash if file based authentication is enabled.

es_auth_user#: Type: str

Default: elastic

Elasticsearch authentication username. Used by the squirro services to connect to Elasticsearch. This value needs to be in sync with elasticsearch_file_auth_user, if file based authentication is enabled. Note that if elasticsearch_file_auth is set to true, this value cannot because elastic, as this is a reserved user for the native authentication realm.

es_auth_verify_certs#: Type: bool

Default: true

If set to false, the python elasticsearch client will not verify the Elasticsearch SSL/TLS certificate. This is only recommended for testing not in production.

es_index_servers#: Type: list

Default: [’https://localhost:9200’]

List of Elasticsearch servers to use for index operations.

es_pem_path#: Type: str

Default: /etc/ssl/certs/ca-bundle.trust.crt

Path to the Elasticsearch CA SSL/TLS certificate. This is only relevant if es_auth_verify_certs is set to true and if Elasticsearch is using a self-signed certificate. In this case, the certificate needs to be added to the CA trust store, e.g. by copying it to /etc/pki/ca-trust/source/anchors/ and running update-ca-trust. Alternatively you can specify a custom CA pem file here.

exchange_client_id#: Type: str

Default: null

If set the exchange_client_id value in the [dataloader] section of /etc/squirro/common.ini is set.

exchange_client_secret#: Type: str

Default: null

If set the exchange_client_secret value in the [dataloader] section of /etc/squirro/common.ini is set.

expiring_sessions#: Type: bool

Default: null

If set the expiring_sessions value in the security.expiring_sessions section of /etc/squirro/configuration.d/sessions.json is set.

force_squirro_install#: Type: bool

Default: false

If set to true, the squirro_mode detection results in install, no matter what the detection is. Note that force_squirro_install if also set to true will overrule install. This setting is useful if the install failed in a unexpected way and a install has to be re-attempted.

force_squirro_upgrade#: Type: bool

Default: false

If set to true, the squirro_mode detect results in upgrade, no matter what the detection is. This setting is useful if the upgrade failed in a unexpected way and a upgrade has to be re- attempted.

frontend_flask_secret_key#: Type: str

Default: null

If set the flask secret key for squirro session is set to this value. Once set, if this value is unset the previous value remains in the frontend.ini file

frontend_oauth2_middleman_url#: Type: str

Default: null

If set the confluence_client_id value in the [dataloader] section of /etc/squirro/common.ini is set.

get_item_api_cache_ttl#: Type: str

Default: ‘{{default_cache_ttl}}’

Sets the TTL for the get item api. See confval:default_cache_ttl for details.

get_item_api_cache_type#: Type: str (choices: Redis, MemoryLRU, Memory, Noop)

Default: 60m

Sets the cache type for the get item api cache. See default_cache_type for details.

gmail_client_id#: Type: str

Default: null

If set the gmail_client_id value in the [dataloader] section of /etc/squirro/common.ini is set.

gmail_client_secret#: Type: str

Default: null

If set the gmail_client_secret value in the [dataloader] section of /etc/squirro/common.ini is set.

googledrive_client_id#: Type: str

Default: null

If set the googledrive_client_id value in the [dataloader] section of /etc/squirro/common.ini is set.

googledrive_client_secret#: Type: str

Default: null

If set the googledrive_client_secret value in the [dataloader] section of /etc/squirro/common.ini is set.

jira_client_id#: Type: str

Default: null

If set the jira_client_id value in the [dataloader] section of /etc/squirro/common.ini is set.

jira_client_secret#: Type: str

Default: null

If set the jira_client_secret value in the [dataloader] section of /etc/squirro/common.ini is set.

memory_cache_max_items#: Type: int

Default: 1000

Specify the maximum number of items that can be stored in *_cache_type Memory and MemoryLRU. This setting has no effect on *_cache_type Redis. This setting affects all cache types of type Memory and MemoryLRU.

metadata_cache_ttl#: Type: str

Default: ‘{{default_cache_ttl}}’

Sets the TTL for the authentication cache. See confval:default_cache_ttl for details.

metadata_cache_type#: Type: str (choices: Redis, MemoryLRU, Memory, Noop)

Default: MemoryLRU

Sets the cache type for the metadata cache. See default_cache_type for details.

mode#: Type: str (choices: install, upgrade)

Default: install

Is an installation or upgrade performed. This option is marked for deprecation.

monitoring_project_cache_ttl#: Type: str

Default: 5m

Sets the TTL for the community subscriptions cache. See confval:default_cache_ttl for details.

monitoring_project_cache_type#: Type: str (choices: Redis, MemoryLRU, Memory, Noop)

Default: ‘{{default_cache_type}}’

Sets the cache type for the monitoring project cache. See default_cache_type for details.

mysql_configuration_password#: Type: str

Default: ‘{{ mysql_shared_service_password }}’

Password used for the configuration service sql connection.

mysql_data_dir#: Type: str

Default: /var/lib/mysql

Path where the local mysql data folder needs to be placed. This only works if set before the MariaDB server is installed.

mysql_datasource_password#: Type: str

Default: ‘{{ mysql_shared_service_password }}’

Password used for the datasource service sql connection.

mysql_emailsender_password#: Type: str

Default: ‘{{ mysql_shared_service_password }}’

Password used for the emailsender service sql connection.

mysql_filtering_password#: Type: str

Default: ‘{{ mysql_shared_service_password }}’

Password used for the filtering service sql connection.

mysql_fingerprint_password#: Type: str

Default: ‘{{ mysql_shared_service_password }}’

Password used for the fingerprint service sql connection.

mysql_host#: Type: str

Default: null

Hostname of the remote MySQL/MariaDB server. Example: yourproject-db.abcdefghij.eu-central-1.rds.amazonaws.com. Only relevant if remote_mysql_server is set to True

mysql_machinelearning_password#: Type: str

Default: ‘{{ mysql_shared_service_password }}’

Password used for the machinelearning service sql connection.

mysql_notes_password#: Type: str

Default: ‘{{ mysql_shared_service_password }}’

Password used for the notes service sql connection.

mysql_plumber_password#: Type: str

Default: ‘{{ mysql_shared_service_password }}’

Password used for the plumber service sql connection.

mysql_port#: Type: int

Default: 3306

TCP port of the remote MySQL/MariaDB server. Only relevant if remote_mysql_server is set to True

mysql_root_password#: Type: str

Default: null

Password of the remote MySQL/MariaDB server root user. Only relevant if remote_mysql_server is set to True.

mysql_root_user#: Type: str

Default: null

Username of the remote MySQL/MariaDB server root user. Only relevant if remote_mysql_server is set to True.

mysql_scheduler_password#: Type: str

Default: ‘{{ mysql_shared_service_password }}’

Password used for the scheduler service sql connection.

mysql_shared_service_password#: Type: str

Default: squirro/4u

Default password to use for the various squirro services. Note that options exist to have a unique password for each services.

mysql_shared_service_user_hostname#: Type: str

Default: null

Username hostname string. This is required for some MySQL/MariaDB deployment, e.g. on Microsoft Azure. See the Azure example playbook as well.

mysql_ssl#: Type: bool

Default: false

Use SSL for the MySQL/MariaDB connection.

mysql_ssl_ca_certs#: Type: str

Default: <python site-packages path>/certifi/cacert.pem

Path to the ca certificate file used for the MySQL/MariaDB connections.

mysql_topic_password#: Type: str

Default: ‘{{ mysql_shared_service_password }}’

Password used for the topic service sql connection.

mysql_trends_password#: Type: str

Default: ‘{{ mysql_shared_service_password }}’

Password used for the trends service sql connection.

mysql_user_password#: Type: str

Default: ‘{{ mysql_shared_service_password }}’

Password used for the user service sql connection.

nginx_primary_http_port#: Type: int

Default: null

If set, the primary nginx http port tcp 80 will be changed to this port

nlp_remote_services#: Type: list

Default: null

If set the nlp_remote_services value in the topic.nlp.remote- services-connection section of /etc/squirro/configuration.d/nlp_remote_services.json is set.

onedrive_client_id#: Type: str

Default: null

If set the onedrive_client_id value in the [dataloader] section of /etc/squirro/common.ini is set.

onedrive_client_secret#: Type: str

Default: null

If set the onedrive_client_secret value in the [dataloader] section of /etc/squirro/common.ini is set.

openai_key#: Type: str

Default: null

If set SquirroGPT is configured to leverage this OpenAI key (for ChatGPT).

postgres_configuration_password#: Type: str

Default: ‘{{ postgres_shared_service_password }}’

Password used for the configuration service sql connection.

postgres_datasource_password#: Type: str

Default: ‘{{ postgres_shared_service_password }}’

Password used for the datasource service sql connection.

postgres_emailsender_password#: Type: str

Default: ‘{{ postgres_shared_service_password }}’

Password used for the emailsender service sql connection.

postgres_filtering_password#: Type: str

Default: ‘{{ postgres_shared_service_password }}’

Password used for the filtering service sql connection.

postgres_fingerprint_password#: Type: str

Default: ‘{{ postgres_shared_service_password }}’

Password used for the fingerprint service sql connection.

postgres_host#: Type: str

Default: null

Hostname of the remote PostgreSQL server. Example: yourproject-db.abcdefghij.eu-central-1.rds.amazonaws.com. Only relevant if remote_postgres_server is set to True.

postgres_machinelearning_password#: Type: str

Default: ‘{{ postgres_shared_service_password }}’

Password used for the machinelearning service sql connection.

postgres_notes_password#: Type: str

Default: ‘{{ postgres_shared_service_password }}’

Password used for the notes service sql connection.

postgres_plumber_password#: Type: str

Default: ‘{{ postgres_shared_service_password }}’

Password used for the plumber service sql connection.

postgres_port#: Type: int

Default: 5432

TCP port of the remote PostgreSQL server. Only relevant if remote_postgres_server is set to True

postgres_scheduler_password#: Type: str

Default: ‘{{ postgres_shared_service_password }}’

Password used for the scheduler service sql connection.

postgres_shared_service_password#: Type: str

Default: squirro/4u

Default password to use for the various squirro services. Note that options exist to have a unique password for each services.

postgres_topic_password#: Type: str

Default: ‘{{ postgres_shared_service_password }}’

Password used for the topic service sql connection.

postgres_trends_password#: Type: str

Default: ‘{{ postgres_shared_service_password }}’

Password used for the trends service sql connection.

postgres_user_password#: Type: str

Default: ‘{{ postgres_shared_service_password }}’

Password used for the user service sql connection.

project_index_stats_cache_ttl#: Type: str

Default: 60m

Sets the TTL for the community subscriptions cache. See confval:default_cache_ttl for details.

project_index_stats_cache_type#: Type: str (choices: Redis, MemoryLRU, Memory, Noop)

Default: ‘{{default_cache_type}}’

Sets the cache type for the project index stats cache. See default_cache_type for details.

python_ssl_ca_bundle#: Type: str

Default: null

If squirro or any python code in the virtualenv needs to communicate via untrusted ssl sources You can set this variable and point it a bundle of root and chain certificates. This leverages the update-ca-trust command of the underlying os. If you have already integrated the custom ca cert into /etc/pki/ca-trust/source/anchors/ and called update-ca-trust, then simply set this variable to /etc/pki/ca- trust/extracted/openssl/ca-bundle.trust.crt. Otherwise just point it at your custom ca pem file and squirro-ansible will take care of the rest.Python will then trust certificates issues by these authorities. Best practice is to place the .pem file into /etc/pki/ca-trust/source/anchors/, e.g /etc/pki/ca-trust/source/anchors/squirro.pem and then call update-ca-trust. This way both python and the OS (e.g. via curl) will trust the custom certificates. The pem file must be world readable.

query_embedding_cache_ttl#: Type: str

Default: 60m

Sets the TTL for the query embedding cache. See confval:default_cache_ttl for details.

query_embedding_cache_type#: Type: str (choices: Redis, MemoryLRU, Memory, Noop)

Default: ‘{{default_cache_type}}’

Sets the cache type for the query embedding cache. See default_cache_type for details.

query_strategy_cache_ttl#: Type: str

Default: ‘{{default_cache_ttl}}’

Sets the TTL for the query_strategy cache. See confval:default_cache_ttl for details.

query_strategy_cache_type#: Type: str (choices: Redis, MemoryLRU, Memory, Noop)

Default: ‘{{default_cache_type}}’

Sets the cache type for the query_strategy cache. See default_cache_type for details.

redis_cache_host#: Type: str

Default: null

Hostname of the remote Redis server for caching. Example: master.storage-abcdefgh.euc1.cache.amazonaws.com. Only relevant if remote_redis_server is set to True.

redis_cache_password#: Type: str

Default: null

Password of the remote Redis server for caching. Only relevant if remote_redis_server is set to True.

redis_cache_port#: Type: int

Default: null

TCP port of the remote Redis server for caching. Only relevant if remote_redis_server is set to True.

redis_data_dir#: Type: str

Default: /var/lib/redis

Path where the local redis data folder needs to be placed. This only works if set before the Redis servers are installed.

redis_ssl#: Type: bool

Default: false

Use SSL/TLS for the Redis connections

redis_ssl_ca_certs#: Type: str

Default: <python site-packages path>/certifi/cacert.pem

Path to the ca certificate file used for the Redis connections.

redis_ssl_verify#: Type: bool

Default: true

Set to False if the Redis server SSL/TLS certificate is self signed and/or otherwise untrusted or invalid.

redis_storage_host#: Type: str

Default: null

Hostname of the remote Redis server for persistent storage. Example: master.storage-abcdefgh.euc1.cache.amazonaws.com. Only relevant if remote_redis_server is set to True.

redis_storage_password#: Type: str

Default: null

Password of the remote Redis server for persistent storage. Only relevant if remote_redis_server is set to True.

redis_storage_port#: Type: int

Default: null

TCP port of the remote Redis server for persistent storage. Only relevant if remote_redis_server is set to True.

remote_filesystem#: Type: bool

Default: false

Set to true if the various Squirro assets must be placed on a remote/shared filesystem. Examples are NFS, EFS, SMB. This must be set before the first run, and cannot be changed later.

remote_filesystem_path#

Type: str

Default: null

Path to the already mounted remote filesystem. Only relevant if remote_filesystem is set to True. This must be set before the first run, and cannot be changed later.

Example: /mnt/efs/squirro

remote_mysql_server#: Type: bool

Default: false

Set to True if you want to leverage a remote MySQL/MariaDB server. e.g. via AWS RDS.

remote_postgres_server#: Type: bool

Default: false

Set to True if you want to leverage a remote PostgreSQL server. e.g. via AWS RDS.

remote_redis_server#: Type: bool

Default: false

Set to True if you want to leverage remote Redis servers. e.g. via AWS ElastiCache or Redis lib_squirro_storage.stat.isdir

remove_squirro_service_group#: Type: bool

Default: false

Same logic as remove_squirro_service_users, but deletes the squirro group after the installation.

remove_squirro_service_users#: Type: bool

Default: false

If set and the squirro_service_user is not “default”, all squirro sq* linux users are deleted after the installation. This make only sense in a setup where squirro is never upgraded, but new instances/container are created for upgrades. This will fail upgrade runs, unless the rpm package squirro-cluster-node-users is re-installed beforehand.

run_query_api_cache_ttl#: Type: str

Default: ‘{{default_cache_ttl}}’

Sets the TTL for the run query api cache. See confval:default_cache_ttl for details.

run_query_api_cache_type#: Type: str (choices: Redis, MemoryLRU, Memory, Noop)

Default: ‘{{default_cache_type}}’

Sets the cache type for the run query api cache. See default_cache_type for details.

salescloud_client_id#: Type: str

Default: null

If set the salescloud_client_id value in the [dataloader] section of /etc/squirro/common.ini is set.

salescloud_client_secret#: Type: str

Default: null

If set the salescloud_client_secret value in the [dataloader] section of /etc/squirro/common.ini is set.

scoring_profile_cache_ttl#: Type: str

Default: 60m

Sets the TTL for the scoring profile cache. See confval:default_cache_ttl for details.

scoring_profile_cache_type#: Type: str (choices: Redis, MemoryLRU, Memory, Noop)

Default: ‘{{default_cache_type}}’

Sets the cache type for the scoring profile cache. See default_cache_type for details.

service_endpoint_baseurl#: Type: str

Default: http://localhost:81

Can be set to a different service endpoint protocol, hostname and port. This is only of relevance if a custom nginx server needs to be used.

servicecloud_client_id#: Type: str

Default: null

If set the servicecloud_client_id value in the [dataloader] section of /etc/squirro/common.ini is set.

servicecloud_client_secret#: Type: str

Default: null

If set the servicecloud_client_secret value in the [dataloader] section of /etc/squirro/common.ini is set.

session_permanent#: Type: bool

Default: null

If set the session_permanent value in the [frontend] section of /etc/squirro/frontend.ini is set.

sharepoint_client_id#: Type: str

Default: null

If set the sharepoint_client_id value in the [dataloader] section of /etc/squirro/common.ini is set.

sharepoint_client_secret#: Type: str

Default: null

If set the sharepoint_client_secret value in the [dataloader] section of /etc/squirro/common.ini is set.

squirro_channel#: Type: str (choices: stable, testing, unstable, unstable-dev)

Default: stable

Which Squirro release channel from the mirror to use for the installation. Only applies when squirro_install_mode is set to online.

squirro_clusternode#: Type: bool

Default: false

If set to True the squirro-clusternode package is installed

squirro_genainode#: Type: bool

Default: false

If set to True the SquirroGPT/genai service is installed

squirro_install_mode#: Type: str (choices: online, offline, filesystem, custom_url)

Default: online

Where is ansible taking the packages from. online: Packages are retrieved from mirror.squirro.net. offline: Package is installed from a tar.gz file that can be downloaded from https://mirror.squirro.net. filesystem: Same as offline, but the tar.gz file is already extracted. custom_url: If you have a custom http(s) url that is not mirror.squirro.net for example via artifactory, you can use this option.

squirro_packages_tar#: Type: str

Default: null

Location of a installation tar.gz file downloaded from https://mirror.squirro.net. Only relevant if squirro_install_mode is set to offline

squirro_service_group#: Type: str

Default: null

This parameter is related to ‘squirro_service_user’. See there for further details, all squirro related files will get this gid, when squirro_service_user is set to a custom value.

squirro_service_user#: Type: str

Default: null

Set the linux uid that is used to run all the squirro python services. If not set (default), then each service is run with it own dedicated user (sqfront, sqtopic, etc) as provided by the squirro packages, if set any other value, all services run with this specific user. The user and its group (see squirro_service_group) needs to pre- exist. This action cannot be reverted, as information about detailed file ownership is lost in the process. This is only recommended in scenarios where updates are not run in place, but the instances or containers are discarded frequently (Cloud Instances, Docker, K8S, etc.)

squirro_storagenode#: Type: bool

Default: false

If set to True the squirro-storagenode package is installed

squirro_version#: Type: str

Default: latest

Which Squirro version to install. Next to specific version numbers you can also use the strings latest (for the latest bi-weekly release) or x.y-lts (e.g., 3.4-lts for the latest LTS release in the 3.4 series).

template_query_cache_ttl#: Type: str

Default: ‘{{default_cache_ttl}}’

Sets the TTL for the template query cache. See confval:default_cache_ttl for details.

template_query_cache_type#: Type: str (choices: Redis, MemoryLRU, Memory, Noop)

Default: ‘{{default_cache_type}}’

Sets the cache type for the authentication cache. See default_cache_type for details.

user_data_cache_ttl#: Type: str

Default: ‘{{default_cache_ttl}}’

Sets the TTL for the user cache. See confval:default_cache_ttl for details.

user_data_cache_type#: Type: str (choices: Redis, MemoryLRU, Memory, Noop)

Default: ‘{{default_cache_type}}’

Sets the cache type for the authentication cache. See default_cache_type for details.

yum_password#: Type: str

Default: null

Password for https://mirror.squirro.net. Only relevant if squirro_install_mode is set to offline. Reach out to support@squirro.com if you don’t have this information.

yum_repo_folder#: Type: str

Default: null

Path to the extracted contents of the offline installer tar.tz file downloaded from mirror.squirro.net Only relevant if squirro_install_mode is set to filesystem.

yum_user#: Type: str

Default: null

Username for https://mirror.squirro.net. Only relevant if squirro_install_mode is set to offline. Reach out to support@squirro.com if you don’t have this information.