OCS Service Configuration

Introduction

The Infinite Scale OCS service provides the OCS API which is required by some ownCloud clients.

Configuration

Environment Variables

The ocs extension is configured via the following environment variables:

  • latest

  • 2.0.0

Environment variables for the ocs service
Name Type Default Value Description

OCIS_TRACING_ENABLED
OCS_TRACING_ENABLED

bool

false

Activates tracing.

OCIS_TRACING_TYPE
OCS_TRACING_TYPE

string

The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now.

OCIS_TRACING_ENDPOINT
OCS_TRACING_ENDPOINT

string

The endpoint of the tracing agent.

OCIS_TRACING_COLLECTOR
OCS_TRACING_COLLECTOR

string

The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.

OCIS_LOG_LEVEL
OCS_LOG_LEVEL

string

The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace".

OCIS_LOG_PRETTY
OCS_LOG_PRETTY

bool

false

Activates pretty log output.

OCIS_LOG_COLOR
OCS_LOG_COLOR

bool

false

Activates colorized log output.

OCIS_LOG_FILE
OCS_LOG_FILE

string

The path to the log file. Activates logging to this file if set.

OCIS_CACHE_STORE_TYPE
OCS_CACHE_STORE_TYPE

string

The type of the cache store. Valid options are "noop", "ocmem", "etcd" and "memory"

OCIS_CACHE_STORE_ADDRESS
OCS_CACHE_STORE_ADDRESS

string

A comma-separated list of addresses to connect to. Only valid if the above setting is set to "etcd"

OCIS_CACHE_STORE_SIZE
OCS_CACHE_STORE_SIZE

int

0

Maximum number of items per table in the ocmem cache store. Other cache stores will ignore the option and can grow indefinitely.

OCS_DEBUG_ADDR

string

127.0.0.1:9114

Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.

OCS_DEBUG_TOKEN

string

Token to secure the metrics endpoint.

OCS_DEBUG_PPROF

bool

false

Enables pprof, which can be used for profiling.

OCS_DEBUG_ZPAGES

bool

false

Enables zpages, which can be used for collecting and viewing in-memory traces.

OCS_HTTP_ADDR

string

127.0.0.1:9110

The bind address of the HTTP service.

OCS_HTTP_ROOT

string

/ocs

Subdirectory that serves as the root for this HTTP service.

OCIS_CORS_ALLOW_ORIGINS
OCS_CORS_ALLOW_ORIGINS

[]string

[*]

A comma-separated list of allowed CORS origins. See following chapter for more details: Access-Control-Allow-Origin at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

OCIS_CORS_ALLOW_METHODS
OCS_CORS_ALLOW_METHODS

[]string

[GET POST PUT PATCH DELETE OPTIONS]

A comma-separated list of allowed CORS methods. See following chapter for more details: Access-Control-Request-Method at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method

OCIS_CORS_ALLOW_HEADERS
OCS_CORS_ALLOW_HEADERS

[]string

[Authorization Origin Content-Type Accept X-Requested-With]

A comma-separated list of allowed CORS headers. See following chapter for more details: Access-Control-Request-Headers at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers.

OCIS_CORS_ALLOW_CREDENTIALS
OCS_CORS_ALLOW_CREDENTIALS

bool

true

Allow credentials for CORS.See following chapter for more details: Access-Control-Allow-Credentials at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.

OCIS_HTTP_TLS_ENABLED

bool

false

Activates TLS for the http based services using the server certifcate and key configured via OCIS_HTTP_TLS_CERTIFICATE and OCIS_HTTP_TLS_KEY. If OCIS_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.

OCIS_HTTP_TLS_CERTIFICATE

string

Path/File name of the TLS server certificate (in PEM format) for the http services.

OCIS_HTTP_TLS_KEY

string

Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.

OCIS_JWT_SECRET
OCS_JWT_SECRET

string

The secret to mint and validate jwt tokens.

REVA_GATEWAY

string

127.0.0.1:9142

The CS3 gateway endpoint.

OCIS_GRPC_CLIENT_TLS_MODE

string

TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification.

OCIS_GRPC_CLIENT_TLS_CACERT

string

Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.

OCIS_GRPC_CLIENT_TLS_MODE

string

TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification.

OCIS_GRPC_CLIENT_TLS_CACERT

string

Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.

OCIS_URL
OCIS_OIDC_ISSUER
OCS_IDM_ADDRESS

string

https://localhost:9200

URL of the OIDC issuer. It defaults to URL of the builtin IDP.

OCIS_MACHINE_AUTH_API_KEY
OCS_MACHINE_AUTH_API_KEY

string

Machine auth API key used to validate internal requests necessary to access resources from other services.

Environment variables for the ocs service
Name Type Default Value Description

OCIS_TRACING_ENABLED
OCS_TRACING_ENABLED

bool

false

Activates tracing.

OCIS_TRACING_TYPE
OCS_TRACING_TYPE

string

The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now.

OCIS_TRACING_ENDPOINT
OCS_TRACING_ENDPOINT

string

The endpoint of the tracing agent.

OCIS_TRACING_COLLECTOR
OCS_TRACING_COLLECTOR

string

The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.

OCIS_LOG_LEVEL
OCS_LOG_LEVEL

string

The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace".

OCIS_LOG_PRETTY
OCS_LOG_PRETTY

bool

false

Activates pretty log output.

OCIS_LOG_COLOR
OCS_LOG_COLOR

bool

false

Activates colorized log output.

OCIS_LOG_FILE
OCS_LOG_FILE

string

The path to the log file. Activates logging to this file if set.

OCIS_CACHE_STORE_TYPE
OCS_CACHE_STORE_TYPE

string

The type of the cache store. Valid options are "noop", "ocmem", "etcd" and "memory"

OCIS_CACHE_STORE_ADDRESS
OCS_CACHE_STORE_ADDRESS

string

A comma-separated list of addresses to connect to. Only valid if the above setting is set to "etcd"

OCIS_CACHE_STORE_SIZE
OCS_CACHE_STORE_SIZE

int

0

Maximum number of items per table in the ocmem cache store. Other cache stores will ignore the option and can grow indefinitely.

OCS_DEBUG_ADDR

string

127.0.0.1:9114

Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.

OCS_DEBUG_TOKEN

string

Token to secure the metrics endpoint.

OCS_DEBUG_PPROF

bool

false

Enables pprof, which can be used for profiling.

OCS_DEBUG_ZPAGES

bool

false

Enables zpages, which can be used for collecting and viewing in-memory traces.

OCS_HTTP_ADDR

string

127.0.0.1:9110

The bind address of the HTTP service.

OCS_HTTP_ROOT

string

/ocs

Subdirectory that serves as the root for this HTTP service.

OCIS_CORS_ALLOW_ORIGINS
OCS_CORS_ALLOW_ORIGINS

[]string

[*]

A comma-separated list of allowed CORS origins. See following chapter for more details: Access-Control-Allow-Origin at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

OCIS_CORS_ALLOW_METHODS
OCS_CORS_ALLOW_METHODS

[]string

[GET POST PUT PATCH DELETE OPTIONS]

A comma-separated list of allowed CORS methods. See following chapter for more details: Access-Control-Request-Method at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method

OCIS_CORS_ALLOW_HEADERS
OCS_CORS_ALLOW_HEADERS

[]string

[Authorization Origin Content-Type Accept X-Requested-With]

A comma-separated list of allowed CORS headers. See following chapter for more details: Access-Control-Request-Headers at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers.

OCIS_CORS_ALLOW_CREDENTIALS
OCS_CORS_ALLOW_CREDENTIALS

bool

true

Allow credentials for CORS.See following chapter for more details: Access-Control-Allow-Credentials at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.

OCIS_HTTP_TLS_ENABLED

bool

false

Activates TLS for the http based services using the server certifcate and key configured via OCIS_HTTP_TLS_CERTIFICATE and OCIS_HTTP_TLS_KEY. If OCIS_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.

OCIS_HTTP_TLS_CERTIFICATE

string

Path/File name of the TLS server certificate (in PEM format) for the http services.

OCIS_HTTP_TLS_KEY

string

Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.

OCIS_JWT_SECRET
OCS_JWT_SECRET

string

The secret to mint and validate jwt tokens.

REVA_GATEWAY

string

127.0.0.1:9142

The CS3 gateway endpoint.

OCIS_GRPC_CLIENT_TLS_MODE

string

TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification.

OCIS_GRPC_CLIENT_TLS_CACERT

string

Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.

OCIS_GRPC_CLIENT_TLS_MODE

string

TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification.

OCIS_GRPC_CLIENT_TLS_CACERT

string

Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.

OCIS_URL
OCIS_OIDC_ISSUER
OCS_IDM_ADDRESS

string

https://localhost:9200

URL of the OIDC issuer. It defaults to URL of the builtin IDP.

OCIS_MACHINE_AUTH_API_KEY
OCS_MACHINE_AUTH_API_KEY

string

Machine auth API key used to validate internal requests necessary to access resources from other services.

YAML Example

  • latest

  • 2.0.0

# Autogenerated
# Filename: ocs-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
cache_store:
  type: ""
  address: ""
  size: 0
debug:
  addr: 127.0.0.1:9114
  token: ""
  pprof: false
  zpages: false
http:
  addr: 127.0.0.1:9110
  root: /ocs
  cors:
    allow_origins:
    - '*'
    allow_methods:
    - GET
    - POST
    - PUT
    - PATCH
    - DELETE
    - OPTIONS
    allow_headers:
    - Authorization
    - Origin
    - Content-Type
    - Accept
    - X-Requested-With
    allow_credentials: true
  tls:
    enabled: false
    cert: ""
    key: ""
token_manager:
  jwt_secret: ""
reva:
  address: 127.0.0.1:9142
  tls:
    mode: ""
    cacert: ""
grpc_client_tls:
  mode: ""
  cacert: ""
identity_management:
  address: https://localhost:9200
machine_auth_api_key: ""
# Autogenerated
# Filename: ocs-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
cache_store:
  type: ""
  address: ""
  size: 0
debug:
  addr: 127.0.0.1:9114
  token: ""
  pprof: false
  zpages: false
http:
  addr: 127.0.0.1:9110
  root: /ocs
  cors:
    allow_origins:
    - '*'
    allow_methods:
    - GET
    - POST
    - PUT
    - PATCH
    - DELETE
    - OPTIONS
    allow_headers:
    - Authorization
    - Origin
    - Content-Type
    - Accept
    - X-Requested-With
    allow_credentials: true
  tls:
    enabled: false
    cert: ""
    key: ""
token_manager:
  jwt_secret: ""
reva:
  address: 127.0.0.1:9142
  tls:
    mode: ""
    cacert: ""
grpc_client_tls:
  mode: ""
  cacert: ""
identity_management:
  address: https://localhost:9200
machine_auth_api_key: ""