Settings Service Configuration

Introduction

The Infinite Scale Settings service

Configuration

Environment Variables

The settings extension is configured via the following environment variables:

  • latest

  • 2.0.0

Environment variables for the settings service
Name Type Default Value Description

OCIS_TRACING_ENABLED
SETTINGS_TRACING_ENABLED

bool

false

Activates tracing.

OCIS_TRACING_TYPE
SETTINGS_TRACING_TYPE

string

The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now.

OCIS_TRACING_ENDPOINT
SETTINGS_TRACING_ENDPOINT

string

The endpoint of the tracing agent.

OCIS_TRACING_COLLECTOR
SETTINGS_TRACING_COLLECTOR

string

The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.

OCIS_LOG_LEVEL
SETTINGS_LOG_LEVEL

string

The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace".

OCIS_LOG_PRETTY
SETTINGS_LOG_PRETTY

bool

false

Activates pretty log output.

OCIS_LOG_COLOR
SETTINGS_LOG_COLOR

bool

false

Activates colorized log output.

OCIS_LOG_FILE
SETTINGS_LOG_FILE

string

The path to the log file. Activates logging to this file if set.

SETTINGS_DEBUG_ADDR

string

127.0.0.1:9194

Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.

SETTINGS_DEBUG_TOKEN

string

Token to secure the metrics endpoint.

SETTINGS_DEBUG_PPROF

bool

false

Enables pprof, which can be used for profiling.

SETTINGS_DEBUG_ZPAGES

bool

false

Enables zpages, which can be used for collecting and viewing in-memory traces.

SETTINGS_HTTP_ADDR

string

127.0.0.1:9190

The bind address of the HTTP service.

OCIS_HTTP_TLS_ENABLED

bool

false

Activates TLS for the http based services using the server certifcate and key configured via OCIS_HTTP_TLS_CERTIFICATE and OCIS_HTTP_TLS_KEY. If OCIS_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.

OCIS_HTTP_TLS_CERTIFICATE

string

Path/File name of the TLS server certificate (in PEM format) for the http services.

OCIS_HTTP_TLS_KEY

string

Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.

SETTINGS_HTTP_ROOT

string

/

Subdirectory that serves as the root for this HTTP service.

SETTINGS_CACHE_TTL

int

604800

Browser cache control max-age value in seconds for settings Web UI assets.

OCIS_CORS_ALLOW_ORIGINS
SETTINGS_CORS_ALLOW_ORIGINS

[]string

[*]

A comma-separated list of allowed CORS origins. See following chapter for more details: Access-Control-Allow-Origin at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

OCIS_CORS_ALLOW_METHODS
SETTINGS_CORS_ALLOW_METHODS

[]string

[GET POST PUT PATCH DELETE OPTIONS]

A comma-separated list of allowed CORS methods. See following chapter for more details: Access-Control-Request-Method at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method

OCIS_CORS_ALLOW_HEADERS
SETTINGS_CORS_ALLOW_HEADERS

[]string

[Authorization Origin Content-Type Accept X-Requested-With]

A comma-separated list of allowed CORS headers. See following chapter for more details: Access-Control-Request-Headers at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers.

OCIS_CORS_ALLOW_CREDENTIALS
SETTINGS_CORS_ALLOW_CREDENTIALS

bool

true

Allow credentials for CORS.See following chapter for more details: Access-Control-Allow-Credentials at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.

SETTINGS_GRPC_ADDR

string

127.0.0.1:9191

The bind address of the GRPC service.

OCIS_GRPC_TLS_ENABLED

bool

false

Activates TLS for the grpc based services using the server certifcate and key configured via OCIS_GRPC_TLS_CERTIFICATE and OCIS_GRPC_TLS_KEY. If OCIS_GRPC_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with OCIS_GRPC_CLIENT_TLS_MODE=insecure.

OCIS_GRPC_TLS_CERTIFICATE

string

Path/File name of the TLS server certificate (in PEM format) for the grpc services.

OCIS_GRPC_TLS_KEY

string

Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the grpc services.

OCIS_GRPC_CLIENT_TLS_MODE

string

TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification.

OCIS_GRPC_CLIENT_TLS_CACERT

string

Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.

SETTINGS_STORE_TYPE

string

metadata

Store type configures the persistency driver. Supported values are "metadata" and "filesystem".

SETTINGS_DATA_PATH

string

~/.ocis/settings

The directory where the filesystem storage will store ocis settings. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/settings.

STORAGE_GATEWAY_GRPC_ADDR

string

127.0.0.1:9215

GRPC address of the STORAGE-SYSTEM service.

STORAGE_GRPC_ADDR

string

127.0.0.1:9215

GRPC address of the STORAGE-SYSTEM service.

OCIS_SYSTEM_USER_ID
SETTINGS_SYSTEM_USER_ID

string

ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.

OCIS_SYSTEM_USER_IDP
SETTINGS_SYSTEM_USER_IDP

string

internal

IDP of the oCIS STORAGE-SYSTEM system user.

OCIS_SYSTEM_USER_API_KEY

string

API key for the STORAGE-SYSTEM system user.

OCIS_ADMIN_USER_ID
SETTINGS_ADMIN_USER_ID

string

ID of the user that should receive admin privileges.

SETTINGS_ASSET_PATH

string

Serve settings Web UI assets from a path on the filesystem instead of the builtin assets. Can be used for development and customization.

OCIS_JWT_SECRET
SETTINGS_JWT_SECRET

string

The secret to mint and validate jwt tokens.

SETTINGS_SETUP_DEFAULT_ASSIGNMENTS
ACCOUNTS_DEMO_USERS_AND_GROUPS

bool

false

The default role assignments the demo users should be setup.

Environment variables for the settings service
Name Type Default Value Description

OCIS_TRACING_ENABLED
SETTINGS_TRACING_ENABLED

bool

false

Activates tracing.

OCIS_TRACING_TYPE
SETTINGS_TRACING_TYPE

string

The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now.

OCIS_TRACING_ENDPOINT
SETTINGS_TRACING_ENDPOINT

string

The endpoint of the tracing agent.

OCIS_TRACING_COLLECTOR
SETTINGS_TRACING_COLLECTOR

string

The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.

OCIS_LOG_LEVEL
SETTINGS_LOG_LEVEL

string

The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace".

OCIS_LOG_PRETTY
SETTINGS_LOG_PRETTY

bool

false

Activates pretty log output.

OCIS_LOG_COLOR
SETTINGS_LOG_COLOR

bool

false

Activates colorized log output.

OCIS_LOG_FILE
SETTINGS_LOG_FILE

string

The path to the log file. Activates logging to this file if set.

SETTINGS_DEBUG_ADDR

string

127.0.0.1:9194

Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.

SETTINGS_DEBUG_TOKEN

string

Token to secure the metrics endpoint.

SETTINGS_DEBUG_PPROF

bool

false

Enables pprof, which can be used for profiling.

SETTINGS_DEBUG_ZPAGES

bool

false

Enables zpages, which can be used for collecting and viewing in-memory traces.

SETTINGS_HTTP_ADDR

string

127.0.0.1:9190

The bind address of the HTTP service.

OCIS_HTTP_TLS_ENABLED

bool

false

Activates TLS for the http based services using the server certifcate and key configured via OCIS_HTTP_TLS_CERTIFICATE and OCIS_HTTP_TLS_KEY. If OCIS_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.

OCIS_HTTP_TLS_CERTIFICATE

string

Path/File name of the TLS server certificate (in PEM format) for the http services.

OCIS_HTTP_TLS_KEY

string

Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.

SETTINGS_HTTP_ROOT

string

/

Subdirectory that serves as the root for this HTTP service.

SETTINGS_CACHE_TTL

int

604800

Browser cache control max-age value in seconds for settings Web UI assets.

OCIS_CORS_ALLOW_ORIGINS
SETTINGS_CORS_ALLOW_ORIGINS

[]string

[*]

A comma-separated list of allowed CORS origins. See following chapter for more details: Access-Control-Allow-Origin at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

OCIS_CORS_ALLOW_METHODS
SETTINGS_CORS_ALLOW_METHODS

[]string

[GET POST PUT PATCH DELETE OPTIONS]

A comma-separated list of allowed CORS methods. See following chapter for more details: Access-Control-Request-Method at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method

OCIS_CORS_ALLOW_HEADERS
SETTINGS_CORS_ALLOW_HEADERS

[]string

[Authorization Origin Content-Type Accept X-Requested-With]

A comma-separated list of allowed CORS headers. See following chapter for more details: Access-Control-Request-Headers at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers.

OCIS_CORS_ALLOW_CREDENTIALS
SETTINGS_CORS_ALLOW_CREDENTIALS

bool

true

Allow credentials for CORS.See following chapter for more details: Access-Control-Allow-Credentials at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.

SETTINGS_GRPC_ADDR

string

127.0.0.1:9191

The bind address of the GRPC service.

OCIS_GRPC_TLS_ENABLED

bool

false

Activates TLS for the grpc based services using the server certifcate and key configured via OCIS_GRPC_TLS_CERTIFICATE and OCIS_GRPC_TLS_KEY. If OCIS_GRPC_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with OCIS_GRPC_CLIENT_TLS_MODE=insecure.

OCIS_GRPC_TLS_CERTIFICATE

string

Path/File name of the TLS server certificate (in PEM format) for the grpc services.

OCIS_GRPC_TLS_KEY

string

Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the grpc services.

OCIS_GRPC_CLIENT_TLS_MODE

string

TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification.

OCIS_GRPC_CLIENT_TLS_CACERT

string

Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.

SETTINGS_STORE_TYPE

string

metadata

Store type configures the persistency driver. Supported values are "metadata" and "filesystem".

SETTINGS_DATA_PATH

string

~/.ocis/settings

The directory where the filesystem storage will store ocis settings. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/settings.

STORAGE_GATEWAY_GRPC_ADDR

string

127.0.0.1:9215

GRPC address of the STORAGE-SYSTEM service.

STORAGE_GRPC_ADDR

string

127.0.0.1:9215

GRPC address of the STORAGE-SYSTEM service.

OCIS_SYSTEM_USER_ID
SETTINGS_SYSTEM_USER_ID

string

ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.

OCIS_SYSTEM_USER_IDP
SETTINGS_SYSTEM_USER_IDP

string

internal

IDP of the oCIS STORAGE-SYSTEM system user.

OCIS_SYSTEM_USER_API_KEY

string

API key for the STORAGE-SYSTEM system user.

OCIS_ADMIN_USER_ID
SETTINGS_ADMIN_USER_ID

string

ID of the user that should receive admin privileges.

SETTINGS_ASSET_PATH

string

Serve settings Web UI assets from a path on the filesystem instead of the builtin assets. Can be used for development and customization.

OCIS_JWT_SECRET
SETTINGS_JWT_SECRET

string

The secret to mint and validate jwt tokens.

SETTINGS_SETUP_DEFAULT_ASSIGNMENTS
ACCOUNTS_DEMO_USERS_AND_GROUPS

bool

false

The default role assignments the demo users should be setup.

YAML Example

  • latest

  • 2.0.0

# Autogenerated
# Filename: settings-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9194
  token: ""
  pprof: false
  zpages: false
http:
  addr: 127.0.0.1:9190
  tls:
    enabled: false
    cert: ""
    key: ""
  root: /
  cache_ttl: 604800
  cors:
    allow_origins:
    - '*'
    allow_methods:
    - GET
    - POST
    - PUT
    - PATCH
    - DELETE
    - OPTIONS
    allow_headers:
    - Authorization
    - Origin
    - Content-Type
    - Accept
    - X-Requested-With
    allow_credentials: true
grpc:
  addr: 127.0.0.1:9191
  tls:
    enabled: false
    cert: ""
    key: ""
grpc_client_tls:
  mode: ""
  cacert: ""
store_type: metadata
data_path: ~/.ocis/settings
metadata_config:
  gateway_addr: 127.0.0.1:9215
  storage_addr: 127.0.0.1:9215
  system_user_id: ""
  system_user_idp: internal
  system_user_api_key: ""
admin_user_id: ""
asset:
  path: ""
token_manager:
  jwt_secret: ""
set_default_assignments: false
# Autogenerated
# Filename: settings-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9194
  token: ""
  pprof: false
  zpages: false
http:
  addr: 127.0.0.1:9190
  tls:
    enabled: false
    cert: ""
    key: ""
  root: /
  cache_ttl: 604800
  cors:
    allow_origins:
    - '*'
    allow_methods:
    - GET
    - POST
    - PUT
    - PATCH
    - DELETE
    - OPTIONS
    allow_headers:
    - Authorization
    - Origin
    - Content-Type
    - Accept
    - X-Requested-With
    allow_credentials: true
grpc:
  addr: 127.0.0.1:9191
  tls:
    enabled: false
    cert: ""
    key: ""
grpc_client_tls:
  mode: ""
  cacert: ""
store_type: metadata
data_path: ~/.ocis/settings
metadata_config:
  gateway_addr: 127.0.0.1:9215
  storage_addr: 127.0.0.1:9215
  system_user_id: ""
  system_user_idp: internal
  system_user_api_key: ""
admin_user_id: ""
asset:
  path: ""
token_manager:
  jwt_secret: ""
set_default_assignments: false