Container Properties
This page contains the list of the parameters configurable at container level for the various Everyware Cloud components.
Common Parameters
Database connection parameters
These parameters control the database connection's configuration. They are available for all the containers with the exception of the Events Broker.
| Environment Variable | Default Value | Description |
|---|---|---|
| DB_HOST | ec-mariadb | host where the database can be found |
| DB_PORT | 3306 | port where the database can be found |
| DB_NAME | kapuadb | name of the database |
| DB_SCHEMA_NAME | kapuadb | name of the database schema |
| DB_SCHEMA_UPDATE | true | whether or not the database schema should be updated |
| DB_USERNAME | <empty> | username to connect to the database |
| DB_PASSWORD | <empty> | password to connect to the database |
| DB_SSL | false | either to use or not TLS/SSL to connect to the database service |
| DB_SSL_PROTOCOLS | TLSv1.2 | TLS/SSL protocol version(s) to be used to connect to the database service |
| DB_CONNECTION_SCHEME | jdbc:mariadb | connection scheme used to connect to the database. Should not be changed |
| DB_RESOLVER | MariaDB | resolver used for the database connection. Should not be changed |
| DB_DRIVER | org.mariadb.jdbc.Driver | driver used for the database connection. Should not be changed |
Datastore connection parameters
These parameters control the Datastore connection's configuration. They are available for all the containers with the exception of the Events Broker.
| Environment Variable | Default Value | Description |
|---|---|---|
| STORAGE_DISABLE | false | Disable connection to the Elasticsearch engine |
| STORAGE_NODES | ec-elasticsearch:9200 | Comma separated list of nodes (host:port) of the Elasticsearch instance where requests will be submitted |
| STORAGE_SSL | false | Whether to use or not TLS/SSL to connect to the storage service |
| STORAGE_PREFIX | <empty> | Prefix for the indices in Elasticsearch |
| STORAGE_SHARDS | 1 | Number of shards for the indices in Elasticsearch |
| STORAGE_REPLICAS | 0 | Number of replicas for the indices in Elasticsearch |
| STORAGE_WINDOW | week | Time bucket assigned to data indices |
| STORAGE_CLIENT | org.eclipse.kapua.service. datastore.client.rest. RestDatastoreClient | Client implementation to use. Should not be changed. |
Logstore connection parameters
These parameters control the Logstore connection's configuration. They are available for all the containers with the exception of the Events Broker.
| Environment Variable | Default Value | Description |
|---|---|---|
| LOGSTORE_DISABLE | false | Disable connection to the Elasticsearch engine |
| LOGSTORE_NODES | ec-elasticsearch:9200 | Comma separated list of nodes (host:port) of the Elasticsearch instance where requests will be submitted |
| LOGSTORE_SSL | false | Whether to use or not TLS/SSL to connect to the storage service |
| LOGSTORE_PREFIX | <empty> | Prefix for the indices in Elasticsearch |
| LOGSTORE_SHARDS | 1 | Number of shards for the indices in Elasticsearch |
| LOGSTORE_REPLICAS | 0 | Number of replicas for the indices in Elasticsearch |
| LOGSTORE_WINDOW | week | Time bucket assigned to data indices |
| LOGSTORE_CLIENT | org.eclipse.kapua.service. datastore.client.rest. RestDatastoreClient | Client implementation to use. Should not be changed. |
Events broker connection parameters
These parameters control the events broker connection's configuration. They are available for all the containers with the exception of the Events Broker itself.
| Environment Variable | Default Value | Description |
|---|---|---|
| EVENTS_BROKER_HOST | ec-events-broker | host where the events broker can be found |
| EVENTS_BROKER_PORT | 5672 | port where the events broker can be found |
| EVENTS_BROKER_USERNAME | <empty> | username used by the service to connect to the events broker |
| EVENTS_BROKER_PASSWORD | <empty> | password used by the service to connect to the events broker |
Cache connection parameters
These parameters control the cache connection's configuration. They are available for all the containers with the exception of the Events Broker.
| Environment Variable | Default Value | Description |
|---|---|---|
| REDIS_URL | redis://redis:6379 | server address in host:port format (e.g. redis://redis:6379). Use rediss:// protocol for SSL connection |
| REDIS_PWD | null | password for the Redis server |
| REDIS_CLIENT_NAME | null | name of the client for the connection |
| REDIS_IDLE_CONN_TIMEOUT | 10000 | inactivity timeout in milliseconds. Should not be changed |
| REDIS_CONN_TIMEOUT | 1000 | idle connection timeout to the server in milliseconds. Should not be changed |
| REDIS_TIMEOUT | 100 | server response timeout, value in milliseconds. Should not be changed |
| REDIS_RETRY_ATTEMPTS | 3 | number of Redis command retry attempts. Should not be changed |
| REDIS_RETRY_INTERVAL | 100 | time interval between Redis command attempts in milliseconds. Should not be changed |
| JCACHE_TTL | 30 | duration of the entities in the cache in seconds |
| JCACHE_EXPIRY_POLICY | MODIFIED | cache expiry policy. Allowed values are: MODIFIED and TOUCHED. The MODIFIED policy invalidates the entity with both a creation and an update operation, while the TOUCHED one invalidates the entity also with an access operation |
Transport connection parameters
These parameters control the internal MQTT connections between the Web Applications and the Message Broker. They are available for all the containers with the exception of the Events Broker and the VPN.
| Environment Variable | Default Value | Description |
|---|---|---|
| TRANSPORT_USERNAME | <empty> | username used by the service to connect to the message broker |
| TRANSPORT_PASSWORD | <empty> | password used by the service to connect to the message broker |
TLS parameters
These parameters control the TLS configuration of the containers endpoints. They are available for all the containers with the exception of the Events Broker.
| Environment Variable | Default Value | Description |
|---|---|---|
| CERTIFICATES_PATH | tls | certificate path relative to the JETTY_BASE directory |
| EC_CRT | <empty> | certificate used for the SSL/TLS termination |
| EC_CA | <empty> | CA chain used for the SSL/TLS termination |
| EC_KEY | <empty> | certificate key used for the SSL/TLS termination |
REST API, Web Console and Message Broker containers provide also the following environment variables.
| Environment Variable | Default Value | Description |
|---|---|---|
| DISABLE_SSL | false | Disable TLS/SSL termination on the container. |
| KEYSTORE_NAME | ec.pkcs12 | name of the keystore |
| KEYSTORE_PASS | changeit | password for the keystore |
| EC_KEYSTORE | <empty> | base64 representation of the keystore used for the SSL/TLS termination. When set, EC_CRT, EC_CA and EC_KEY are ignored. |
| EC_KEY_PASSWORD | <empty> | password of the keystore |
Logging parameters
These parameters control the root log level in container logs. They are available for all the containers with the exception of the Events Broker.
| Environment Variable | Default Value | Description |
|---|---|---|
| LOGBACK_LOG_LEVEL | info | logging level, allowed values are trace, debug, info, warn, error, all and off |
Container specific parameters
REST API
These parameters are specific to the REST API container.
| Environment Variable | Default Value | Description |
|---|---|---|
| MIN_HEAP | 256m | Minimum size of the JVM Heap |
| MAX_HEAP | 1024m | Maximum size of the JVM Heap |
| MAX_METASPACE_SIZE | 256m | Maximum size of the JVM Metaspace |
| JAVA_ARGS | <empty> | Extra options to configure the JVM can be specified via this variable. |
| JAVA_OPTS | <empty> | Extra options to configure the REST APIs component. |
| API_CORS_ORIGINS_ALLOWED | Comma separated list of CORS origins allowed at the instance level. |
Web Console
These are the environment variables available on the Web Console container.
| Environment Variable | Default Value | Description |
|---|---|---|
| MIN_HEAP | 256m | Minimum size of the JVM Heap |
| MAX_HEAP | 1024m | Maximum size of the JVM Heap |
| MAX_METASPACE_SIZE | 256m | Maximum size of the JVM Metaspace |
| JAVA_ARGS | <empty> | Extra options to configure the JVM can be specified via this variable. |
| JAVA_OPTS | <empty> | Extra options to configure the Console component. |
| CIPHER_KEY | <changeIt> | Secret containing the key to use for the AES cipher (used by the MFA authentication). |
The following variables control the Multi Factor Authentication feature of the Web Console.
| Environment Variable | Default Value | Description |
|---|---|---|
| MFA_TIME_STEP_SIZE | 30 | MFA time step size (in seconds, min > 0). |
| MFA_WINDOW_SIZE | 3 | Number of windows of size timeStepSizeInMillis checked during the MFA validation (min > 0). |
| MFA_SCRATCH_CODES_NUMBER | 5 | Number of MFA scratch codes (min is 0 max is 1000). |
| MFA_CODE_DIGITS_NUMBER | 6 | Number of digits in the generated MFA code (min is 6 max is 8). |
The Web Console supports also Single-Sign-On trough three different OpenID Connect providers: Keycloak, AD FS and a generic one. These are the parameters which are common to the three providers:
| Environment Variable | Default Value | Description |
|---|---|---|
| CONSOLE_URL | <empty> | Callback URL used by Keycloak. |
| CLIENT_SECRET | <empty> | Secret of the Client ID to use when connecting to the OpenID Connect provider (optional). |
These are the parameters controlling the Keycloak connection.
| Environment Variable | Default Value | Description |
|---|---|---|
| KEYCLOAK_URL | <empty> | URL of the Keycloak server. |
| KEYCLOAK_REALM | kapua | Realm used for Keycloak authentication. |
| KEYCLOAK_CLIENT_ID | console | Client ID to use when connecting to the Keycloak server. |
These are the parameters controlling the AD FS connection.
| Environment Variable | Default Value | Description |
|---|---|---|
| ADFS_URL | <empty> | URL of the AD FS server. |
| ADFS_CLIENT_ID | <empty> | Client ID to use when connecting to the AD FS server. (Required if setting ADFS_URL) |
| ADFS_JWT_ISSUER_ENDPOINT | <retrieved via well-known endpoint> | AD FS Jwt issuer endpoint suffix. (Optional) |
| ADFS_JWT_AUDIENCE_PREFIX | microsoft:identityserver: | AD FS Jwt audience prefix. (Optional) |
| ADFS_OPENID_CONF_WELLKNOWN_PATH | /adfs/.well-known/openid-configuration | AD FS well-known configuration path suffix. (Optional) |
| ADFS_OPENID_AUTH_ENDPOINT | /adfs/oauth2/authorize | AD FS auth endpoint suffix. (Optional) |
| ADFS_OPENID_TOKEN_ENDPOINT | /adfs/oauth2/token | AD FS token endpoint suffix. (Optional) |
| ADFS_OPENID_LOGOUT_ENDPOINT | /adfs/oauth2/logout | AD FS logout endpoint suffix. (Optional) |
| ADFS_OPENID_USER_ID_CUSTOM_CLAIM | sub | Claim to be extracted from the JWT as user identifier (Optional, if different than 'sub') |
These are the parameters controlling the generic OpenID Connect provider connection.
| Environment Variable | Default Value | Description |
|---|---|---|
| OPENID_JWT_ISSUER | <empty> | URL of the OpenID Connect provider. |
| OPENID_CLIENT_ID | console | Client ID to use when connecting to the OpenID Connect provider. |
| JWT_AUDIENCE | console | Jwt Audience to use when connecting to the OpenID Connect provider. |
| OPENID_AUTH_ENDPOINT | <retrieved via well-known endpoint> | Auth endpoint of the OpenID Connect provider. (Optional) |
| OPENID_LOGOUT_ENDPOINT | <retrieved via well-known endpoint> | Logout endpoint of the OpenID Connect provider. (Optional) |
| OPENID_TOKEN_ENDPOINT | <retrieved via well-known endpoint> | Token endpoint of the OpenID Connect provider. (Optional) |
| OPENID_USERINFO_ENDPOINT | <retrieved via well-known endpoint> | UserInfo endpoint of the OpenID Connect provider. (Optional) |
| OPENID_USERNAME_CLAIM | preferred_username | Claim to be extracted from the JWT as user name (Optional, if different than 'preferred_username') |
Message Broker
These are the environment variables specific to the Message Broker container.
| Environment Variable | Default Value | Description |
|---|---|---|
| MIN_HEAP | 768m | Minimum size of the JVM Heap |
| MAX_HEAP | 2048m | Maximum size of the JVM Heap |
| MAX_METASPACE_SIZE | 384m | Maximum size of the JVM Metaspace |
| BROKER_IP | $(hostname) | IP or URL announced by the broker when starting up |
| CLUSTER_NAME | ec-broker | Name of the cluster the broker belongs to |
| AMQ_SERIALIZABLE_PACKAGES | org.eclipse.kapua.* | Broker will serialise only classes matching this variable |
| ACTIVEMQ_OPTS | <empty> | Extra options to configure the Message Broker component. |
| CAMEL_DYNAMIC_BLACKLIST _ENABLED | true | Enable/disable the feature (true is enabled) |
| CAMEL_DYNAMIC_BLACKLIST _REFRESH_INTERVAL | 300 | Blacklist configuration reload task execution interval (in seconds) |
| CAMEL_DYNAMIC_BLACKLIST _REFRESH_INITIAL_WAIT | 30 | Blacklist configuration reload task initial wait before start |
| CAMEL_DYNAMIC_BLACKLIST _BLACKLISTED_NETWORKS | 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8 | Comma-separated list of blacklisted networks (and/or ip) |
| CAMEL_DYNAMIC_BLACKLIST _WHITELISTED_NETWORKS | <empty> | Comma-separated list of whitelisted networks (and/or ip) |
VPN Service
These are the environment variables specific to the VPN Server container.
| Environment Variable | Default Value | Description |
|---|---|---|
| MIN_HEAP | 256m | Minimum size of the JVM Heap |
| MAX_HEAP | 1024m | Maximum size of the JVM Heap |
| MAX_METASPACE_SIZE | 256m | Maximum size of the JVM Metaspace |
| VPN_SERVER_NAME | ec-vpn | Name of the VPN Server corresponding to the one seeded in the database. |
| JAVA_ARGS | <empty> | Extra options to configure the JVM can be specified via this variable. |
| JAVA_OPTS | <empty> | Extra options to configure the VPN component. |
Events Broker
These are the environment variables specific to the Events Broker container.
| Environment Variable | Default Value | Description |
|---|---|---|
| MIN_HEAP | 512m | Minimum size of the JVM Heap |
| MAX_HEAP | 2048m | Maximum size of the JVM Heap |
| MAX_METASPACE_SIZE | 256m | Maximum size of the JVM Metaspace |
| ARTEMIS_USER | ec-user | Username used to connect to the events broker from the other service. |
| ARTEMIS_PASS | ec-pass | Password used to connect to the events broker from the other service. |
| ARTEMIS_CONFIGURATION | /opt/artemis/etc | Path of the events broker configuration folder. It's possible to mount a new configuration folder and use it to start the broker. This property should not be changed. |
| JAVA_ARGS | <empty> | Extra options to configure the JVM can be specified via this variable. |
Updated about 2 years ago