Container Properties

This page contains the list of the parameters configurable at container level for the various Everyware Cloud components.

Common Parameters

Database connection parameters

These parameters control the database connection's configuration. They are available for all the containers with the exception of the Events Broker.

Environment Variable

Default Value

Description

DB_HOST

ec-mariadb

host where the database can be found

DB_PORT

3306

port where the database can be found

DB_NAME

kapuadb

name of the database

DB_SCHEMA_NAME

kapuadb

name of the database schema

DB_SCHEMA_UPDATE

true

whether or not the database should be updated

DB_USERNAME

<empty>

username to connect to the database

DB_PASSWORD

<empty>

password to connect to the database

DB_SSL

false

either to use or not TLS/SSL to connect to the database service

DB_SSL_PROTOCOLS

TLSv1.2

TLS/SSL protocol version(s) to be used to connect to the database service

DB_CONNECTION_SCHEME

jdbc:mariadb

connection scheme used to connect to the database. Should not be changed

DB_RESOLVER

MariaDB

resolver used for the database connection. Should not be changed

DB_DRIVER

org.mariadb.jdbc.Driver

driver used for the database connection. Should not be changed

Datastore connection parameters

These parameters control the datastore connection's configuration. They are available for all the containers with the exception of the Events Broker.

Environment Variable

Default Value

Description

STORAGE_HOST

ec-elasticsearch

host where the storage service can be found

STORAGE_PORT

9200

port where the storage service can be found

STORAGE_SSL

false

either to use or not TLS/SSL to connect to the storage service

STORAGE_PREFIX

<empty>

prefix for the indices in Elasticsearch

STORAGE_CLIENT

org.eclipse.kapua.service. datastore.client.rest. RestDatastoreClient

client implementation to use. Should not be changed.

Events broker connection parameters

These parameters control the events broker connection's configuration. They are available for all the containers with the exception of the Events Broker itself.

Environment Variable

Default Value

Description

EVENTS_BROKER_HOST

ec-events-broker

host where the events broker can be found

EVENTS_BROKER_PORT

5672

port where the events broker can be found

EVENTS_BROKER_USERNAME

<empty>

username used by the service to connect to the events broker

EVENTS_BROKER_PASSWORD

<empty>

password used by the service to connect to the events broker

Cache connection parameters

These parameters control the cache connection's configuration. They are available for all the containers with the exception of the Events Broker.

Environment Variable

Default Value

Description

REDIS_URL

redis://redis:6379

server address in host:port format (e.g. redis://redis:6379). Use rediss:// protocol for SSL connection

REDIS_PWD

null

password for the Redis server

REDIS_CLIENT_NAME

null

name of the client for the connection

REDIS_IDLE_CONN_TIMEOUT

10000

inactivity timeout in milliseconds. Should not be changed

REDIS_CONN_TIMEOUT

1000

idle connection timeout to the server in milliseconds. Should not be changed

REDIS_TIMEOUT

100

server response timeout, value in milliseconds. Should not be changed

REDIS_RETRY_ATTEMPTS

3

number of Redis command retry attempts. Should not be changed

REDIS_RETRY_INTERVAL

100

time interval between Redis command attempts in milliseconds. Should not be changed

JCACHE_TTL

30

duration of the entities in the cache in seconds

JCACHE_EXPIRY_POLICY

MODIFIED

cache expiry policy. Allowed values are: MODIFIED and TOUCHED. The MODIFIED policy invalidates the entity with both a creation and an update operation, while the TOUCHED one invalidates the entity also with an access operation

Transport connection parameters

These parameters control the internal MQTT connections between the Web Applications and the Message Broker. They are available for all the containers with the exception of the Events Broker and the VPN.

Environment Variable

Default Value

Description

TRANSPORT_USERNAME

<empty>

username used by the service to connect to the message broker

TRANSPORT_PASSWORD

<empty>

password used by the service to connect to the message broker

TLS parameters

These parameters control the TLS configuration of the containers endpoints. They are available for all the containers with the exception of the Events Broker.

Environment Variable

Default Value

Description

CERTIFICATES_PATH

tls

certificate path relative to the JETTY_BASE directory

EC_CRT

<empty>

certificate used for the SSL/TLS termination

EC_CA

<empty>

CA chain used for the SSL/TLS termination

EC_KEY

<empty>

certificate key used for the SSL/TLS termination

REST API, Web Console and Message Broker containers provide also the following environment variables.

Environment Variable

Default Value

Description

DISABLE_SSL

true

Disable TLS/SSL termination on the container.

KEYSTORE_NAME

ec.pkcs12

name of the keystore

KEYSTORE_PASS

changeit

password for the keystore

EC_KEYSTORE

<empty>

base64 representation of the keystore used for the SSL/TLS termination. When set, EC_CRT, EC_CA and EC_KEY are ignored.

EC_KEY_PASSWORD

<empty>

password of the keystore

Logging parameters

These parameters control the root log level in container logs. They are available for all the containers with the exception of the Events Broker.

Environment Variable

Default Value

Description

LOGBACK_LOG_LEVEL

info

logging level, allowed values are trace, debug, info, warn, error, all and off

Container specific parameters

REST API

These parameters are specific to the REST API container.

Environment Variable

Default Value

Description

MIN_HEAP

256m

Minimum size of the JVM Heap

MAX_HEAP

1024m

Maximum size of the JVM Heap

MAX_METASPACE_SIZE

256m

Maximum size of the JVM Metaspace

JAVA_ARGS

<empty>

Extra options to configure the JVM can be specified via this variable.

JAVA_OPTS

<empty>

Extra options to configure the REST APIs component.

Web Console

These are the environment variables available on the Web Console container.

Environment Variable

Default Value

Description

MIN_HEAP

256m

Minimum size of the JVM Heap

MAX_HEAP

1024m

Maximum size of the JVM Heap

MAX_METASPACE_SIZE

256m

Maximum size of the JVM Metaspace

JAVA_ARGS

<empty>

Extra options to configure the JVM can be specified via this variable.

JAVA_OPTS

<empty>

Extra options to configure the Console component.

CIPHER_KEY

<changeIt>

Secret containing the key to use for the AES cipher (used by the MFA authentication).

The following variables control the Multi Factor Authentication feature of the Web Console.

Environment Variable

Default Value

Description

MFA_TIME_STEP_SIZE

30

MFA time step size (in seconds, min > 0).

MFA_WINDOW_SIZE

3

Number of windows of size timeStepSizeInMillis checked during the MFA validation (min > 0).

MFA_SCRATCH_CODES_NUMBER

5

Number of MFA scratch codes (min is 0 max is 1000).

MFA_CODE_DIGITS_NUMBER

6

Number of digits in the generated MFA code (min is 6 max is 8).

The Web Console supports also Single-Sign-On trough three different OpenID Connect providers: Keycloak, AD FS and a generic one. These are the parameters which are common to the three providers:

Environment Variable

Default Value

Description

CONSOLE_URL

<empty>

Callback URL used by Keycloak.

CLIENT_SECRET

<empty>

Secret of the Client ID to use when connecting to the OpenID Connect provider (optional).

These are the parameters controlling the Keycloak connection.

Environment Variable

Default Value

Description

KEYCLOAK_URL

<empty>

URL of the Keycloak server.

KEYCLOAK_REALM

kapua

Realm used for Keycloak authentication.

KEYCLOAK_CLIENT_ID

console

Client ID to use when connecting to the Keycloak server.

These are the parameters controlling the AD FS connection.

Environment Variable

Default Value

Description

ADFS_URL

<empty>

URL of the AD FS server.

ADFS_CLIENT_ID

<empty>

Client ID to use when connecting to the AD FS server. (Required if setting ADFS_URL)

ADFS_JWT_ISSUER_ENDPOINT

<retrieved via well-known endpoint>

AD FS Jwt issuer endpoint suffix. (Optional)

ADFS_JWT_AUDIENCE_PREFIX

microsoft:identityserver:

AD FS Jwt audience prefix. (Optional)

ADFS_OPENID_CONF_WELLKNOWN_PATH

/adfs/.well-known/openid-configuration

AD FS well-known configuration path suffix. (Optional)

ADFS_OPENID_AUTH_ENDPOINT

/adfs/oauth2/authorize

AD FS auth endpoint suffix. (Optional)

ADFS_OPENID_TOKEN_ENDPOINT

/adfs/oauth2/token

AD FS token endpoint suffix. (Optional)

ADFS_OPENID_LOGOUT_ENDPOINT

/adfs/oauth2/logout

AD FS logout endpoint suffix. (Optional)

ADFS_OPENID_USER_ID_CUSTOM_CLAIM

sub

Claim to be extracted from the JWT as user identifier (Optional, if different than 'sub')

These are the parameters controlling the generic OpenID Connect provider connection.

Environment Variable

Default Value

Description

OPENID_JWT_ISSUER

<empty>

URL of the OpenID Connect provider.

OPENID_CLIENT_ID

console

Client ID to use when connecting to the OpenID Connect provider.

JWT_AUDIENCE

console

Jwt Audience to use when connecting to the OpenID Connect provider.

OPENID_AUTH_ENDPOINT

<retrieved via well-known endpoint>

Auth endpoint of the OpenID Connect provider. (Optional)

OPENID_LOGOUT_ENDPOINT

<retrieved via well-known endpoint>

Logout endpoint of the OpenID Connect provider. (Optional)

OPENID_TOKEN_ENDPOINT

<retrieved via well-known endpoint>

Token endpoint of the OpenID Connect provider. (Optional)

Message Broker

These are the environment variables specific to the Message Broker container.

Environment Variable

Default Value

Description

MIN_HEAP

768m

Minimum size of the JVM Heap

MAX_HEAP

2048m

Maximum size of the JVM Heap

MAX_METASPACE_SIZE

384m

Maximum size of the JVM Metaspace

BROKER_IP

$(hostname)

IP or URL announced by the broker when starting up

CLUSTER_NAME

ec-broker

Name of the cluster the broker belongs to

AMQ_SERIALIZABLE_PACKAGES

org.eclipse.kapua.*

Broker will serialise only classes matching this variable

ACTIVEMQ_OPTS

<empty>

Extra options to configure the Message Broker component.

CAMEL_DYNAMIC_BLACKLIST
_ENABLED

true

Enable/disable the feature (true is enabled)

CAMEL_DYNAMIC_BLACKLIST
_REFRESH_INTERVAL

300

Blacklist configuration reload task execution interval (in seconds)

CAMEL_DYNAMIC_BLACKLIST
_REFRESH_INITIAL_WAIT

30

Blacklist configuration reload task initial wait before start

CAMEL_DYNAMIC_BLACKLIST
_BLACKLISTED_NETWORKS

10.0.0.0/8,
172.16.0.0/12,
192.168.0.0/16,
127.0.0.0/8

Blacklisted networks (and/or ip)

CAMEL_DYNAMIC_BLACKLIST
_WHITELISTED_NETWORKS

<empty>

Whitelisted networks (and/or ip)

VPN Service

These are the environment variables specific to the VPN Server container.

Environment Variable

Default Value

Description

MIN_HEAP

256m

Minimum size of the JVM Heap

MAX_HEAP

1024m

Maximum size of the JVM Heap

MAX_METASPACE_SIZE

256m

Maximum size of the JVM Metaspace

VPN_SERVER_NAME

ec-vpn

Name of the VPN Server corresponding to the one seeded in the database.

JAVA_ARGS

<empty>

Extra options to configure the JVM can be specified via this variable.

JAVA_OPTS

<empty>

Extra options to configure the VPN component.

Events Broker

These are the environment variables specific to the Events Broker container.

Environment Variable

Default Value

Description

MIN_HEAP

512m

Minimum size of the JVM Heap

MAX_HEAP

2048m

Maximum size of the JVM Heap

MAX_METASPACE_SIZE

256m

Maximum size of the JVM Metaspace

ARTEMIS_USER

ec-user

Username used to connect to the events broker from the other service.

ARTEMIS_PASS

ec-pass

Password used to connect to the events broker from the other service.

ARTEMIS_CONFIGURATION

/opt/artemis/etc

Path of the events broker configuration folder. It's possible to mount a new configuration folder and use it to start the broker. This property should not be changed.

JAVA_ARGS

<empty>

Extra options to configure the JVM can be specified via this variable.