Settings Service Configuration

Introduction

The Infinite Scale Settings service provides functionality for other services to register new settings as well as storing and retrieving the respective settings' values.

Default Values

  • Settings listens on port 9190 by default.

Settings Managed

The settings service is currently used for managing the:

  • users' profile settings like the language and the email notification settings,

  • possible user roles and their respective permissions,

  • assignment of roles to users.

As an example, user profile settings that can be changed in the Web UI must be persistent.

The settings service supports two different backends for persisting the data. The backend can be set via the SETTINGS_STORE_TYPE environment variable. Supported values are:

  • metadata: The default. This backend persists the settings data via the storage-system service.

  • filesystem: This backend persists the settings data in a directory on the local filesystem. The directory can be configured with SETTINGS_DATA_PATH. This backend is not suitable for running multiple intances of the settings service in a scale-out deployment and should be therefore considered deprecated.

Caching

When using SETTINGS_STORE_TYPE=metadata, the settings service caches the results of queries against the storage backend to provide faster responses. The content of this cache is independent of the cache used in the storage-system service as it caches directory listing and settings content stored in files.

The settings service can use a configured store via the global OCIS_CACHE_STORE environment variable.

Note that for each global environment variable, a service-based one might be available additionally. For precedences see Environment Variable Notes. Check the configuration section below. Supported stores are:

Store Type Description

memory

Basic in-memory store and the default.

redis-sentinel

Stores data in a configured Redis Sentinel cluster.

nats-js-kv

Stores data using key-value-store feature of NATS JetStream

noop

Stores nothing. Useful for testing. Not recommended in production environments.

ocmem

(deprecated) Advanced in-memory store allowing max size.

redis

(deprecated) Stores data in a configured Redis cluster.

etcd

(deprecated) Stores data in a configured etcd cluster.

nats-js

(deprecated) Stores data using the key-value-store feature of NATS JetStream.

Other store types may work but are currently not supported.

The settings service can only be scaled if not using the memory store and the stores are configured identically over all instances!
If you have used one of the deprecated stores of a former version, you should reconfigure to use one of the supported ones as the deprecated stores will be removed in a later version.
Store specific notes
  • When using redis-sentinel:
    The Redis master to use is configured via e.g. OCIS_CACHE_STORE_NODES in the form of <sentinel-host>:<sentinel-port>/<redis-master> like 10.10.0.200:26379/mymaster.

  • When using nats-js-kv:

    • It is recommended to set OCIS_CACHE_STORE_NODES to the same value as OCIS_EVENTS_ENDPOINT. That way the cache uses the same nats instance as the event bus.

    • Authentication can be added, if configured, via OCIS_CACHE_AUTH_USERNAME and OCIS_CACHE_AUTH_PASSWORD.

    • It is possible to set OCIS_CACHE_DISABLE_PERSISTENCE to instruct nats to not persist cache data on disc.

Settings Management

Infinite Scale services can register settings bundles with the settings service.

Settings Usage

Services can set or query Infinite Scale setting values of a user from settings bundles.

Service Accounts

The settings service needs to know the IDs of service accounts but it doesn’t need their secrets. Currently only one service account can be configured which has the admin role. This can be set with the SETTINGS_SERVICE_ACCOUNT_ID_ADMIN envvar, but it will also pick up the global OCIS_SERVICE_ACCOUNT_ID envvar. Also see the auth-service service description for additional details.

Default Language

The default language can be defined via the OCIS_DEFAULT_LANGUAGE environment variable. If this variable is not defined, English will be used as default. The value has the ISO 639-1 format ("de", "en", etc.) and is limited to the list of supported languages. This setting can be used to set the default language for notification and invitation emails.

The OCIS_DEFAULT_LANGUAGE setting impacts the notification and userlog services and the WebUI. Note that translations must exist for all named components to be presented correctly.

  • If OCIS_DEFAULT_LANGUAGE is not set, the expected behavior is:

    • The notification and userlog services and the Web UI use English by default, until a user sets another language in the Web UI via Account  Language.

    • If a user sets another language in the Web UI in Account  Language, then the notification and userlog services and Web UI use the language defined by the user. If no translation is found, it falls back to English.

  • If OCIS_DEFAULT_LANGUAGE is set, the expected behavior is:

    • The notification and userlog services and the Web UI use OCIS_DEFAULT_LANGUAGE by default, until a user sets another language in the Web UI via Account  Language.

    • If a user sets another language in the Web UI in Account  Language, the notification and userlog services and Web UI use the language defined by the user. If no translation is found, it falls back to OCIS_DEFAULT_LANGUAGE and then to English.

Configuration

Environment Variables

The settings service is configured via the following environment variables. Read the Environment Variable Types documentation for important details.

  • master

Environment variables for the settings service
Name Type Default Value Description

OCIS_TRACING_ENABLED
SETTINGS_TRACING_ENABLED

bool

false

Activates tracing.

OCIS_TRACING_TYPE
SETTINGS_TRACING_TYPE

string

The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.

OCIS_TRACING_ENDPOINT
SETTINGS_TRACING_ENDPOINT

string

The endpoint of the tracing agent.

OCIS_TRACING_COLLECTOR
SETTINGS_TRACING_COLLECTOR

string

The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.

OCIS_LOG_LEVEL
SETTINGS_LOG_LEVEL

string

The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.

OCIS_LOG_PRETTY
SETTINGS_LOG_PRETTY

bool

false

Activates pretty log output.

OCIS_LOG_COLOR
SETTINGS_LOG_COLOR

bool

false

Activates colorized log output.

OCIS_LOG_FILE
SETTINGS_LOG_FILE

string

The path to the log file. Activates logging to this file if set.

SETTINGS_DEBUG_ADDR

string

127.0.0.1:9194

Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.

SETTINGS_DEBUG_TOKEN

string

Token to secure the metrics endpoint.

SETTINGS_DEBUG_PPROF

bool

false

Enables pprof, which can be used for profiling.

SETTINGS_DEBUG_ZPAGES

bool

false

Enables zpages, which can be used for collecting and viewing in-memory traces.

SETTINGS_HTTP_ADDR

string

127.0.0.1:9190

The bind address of the HTTP service.

OCIS_HTTP_TLS_ENABLED

bool

false

Activates TLS for the http based services using the server certifcate and key configured via OCIS_HTTP_TLS_CERTIFICATE and OCIS_HTTP_TLS_KEY. If OCIS_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.

OCIS_HTTP_TLS_CERTIFICATE

string

Path/File name of the TLS server certificate (in PEM format) for the http services.

OCIS_HTTP_TLS_KEY

string

Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.

SETTINGS_HTTP_ROOT

string

/

Subdirectory that serves as the root for this HTTP service.

OCIS_CORS_ALLOW_ORIGINS
SETTINGS_CORS_ALLOW_ORIGINS

[]string

[*]

A list of allowed CORS origins. See following chapter for more details: Access-Control-Allow-Origin at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.

OCIS_CORS_ALLOW_METHODS
SETTINGS_CORS_ALLOW_METHODS

[]string

[GET POST PUT PATCH DELETE OPTIONS]

A list of allowed CORS methods. See following chapter for more details: Access-Control-Request-Method at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.

OCIS_CORS_ALLOW_HEADERS
SETTINGS_CORS_ALLOW_HEADERS

[]string

[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id]

A list of allowed CORS headers. See following chapter for more details: Access-Control-Request-Headers at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.

OCIS_CORS_ALLOW_CREDENTIALS
SETTINGS_CORS_ALLOW_CREDENTIALS

bool

true

Allow credentials for CORS.See following chapter for more details: Access-Control-Allow-Credentials at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.

SETTINGS_GRPC_ADDR

string

127.0.0.1:9191

The bind address of the GRPC service.

SETTINGS_STORE_TYPE

string

metadata

Store type configures the persistency driver. Supported values are 'metadata' and 'filesystem'. Note that the value 'filesystem' is considered deprecated.

SETTINGS_DATA_PATH

string

/var/lib/ocis/settings

The directory where the filesystem storage will store ocis settings. If not defined, the root directory derives from $OCIS_BASE_DATA_PATH:/settings.

STORAGE_GATEWAY_GRPC_ADDR

string

com.owncloud.api.storage-system

GRPC address of the STORAGE-SYSTEM service.

STORAGE_GRPC_ADDR

string

com.owncloud.api.storage-system

GRPC address of the STORAGE-SYSTEM service.

OCIS_SYSTEM_USER_ID
SETTINGS_SYSTEM_USER_ID

string

ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.

OCIS_SYSTEM_USER_IDP
SETTINGS_SYSTEM_USER_IDP

string

internal

IDP of the oCIS STORAGE-SYSTEM system user.

OCIS_SYSTEM_USER_API_KEY

string

API key for the STORAGE-SYSTEM system user.

OCIS_CACHE_STORE
SETTINGS_CACHE_STORE

string

memory

The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details.

OCIS_CACHE_STORE_NODES
SETTINGS_CACHE_STORE_NODES

[]string

[127.0.0.1:9233]

A list of nodes to access the configured store. This has no effect when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.

OCIS_CACHE_DATABASE

string

settings-cache

The database name the configured store should use.

SETTINGS_FILE_CACHE_TABLE

string

settings_files

The database table the store should use for the file cache.

SETTINGS_DIRECTORY_CACHE_TABLE

string

settings_dirs

The database table the store should use for the directory cache.

OCIS_CACHE_TTL
SETTINGS_CACHE_TTL

Duration

10m0s

Default time to live for entries in the cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details.

OCIS_CACHE_SIZE
SETTINGS_CACHE_SIZE

int

0

The maximum quantity of items in the cache. Only applies when store type 'ocmem' is configured. Defaults to 512 which is derived from the ocmem package though not exclicitely set as default.

OCIS_CACHE_DISABLE_PERSISTENCE
SETTINGS_CACHE_DISABLE_PERSISTENCE

bool

false

Disables persistence of the cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false.

OCIS_CACHE_AUTH_USERNAME
SETTINGS_CACHE_AUTH_USERNAME

string

The username to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured.

OCIS_CACHE_AUTH_PASSWORD
SETTINGS_CACHE_AUTH_PASSWORD

string

The password to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured.

SETTINGS_BUNDLES_PATH

string

The path to a JSON file with a list of bundles. If not defined, the default bundles will be loaded.

OCIS_ADMIN_USER_ID
SETTINGS_ADMIN_USER_ID

string

ID of the user that should receive admin privileges. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand.

OCIS_JWT_SECRET
SETTINGS_JWT_SECRET

string

The secret to mint and validate jwt tokens.

SETTINGS_SETUP_DEFAULT_ASSIGNMENTS
IDM_CREATE_DEMO_USERS

bool

false

The default role assignments the demo users should be setup.

SETTINGS_SERVICE_ACCOUNT_IDS
OCIS_SERVICE_ACCOUNT_ID

[]string

[service-user-id]

The list of all service account IDs. These will be assigned the hidden 'service-account' role. Note: When using 'OCIS_SERVICE_ACCOUNT_ID' this will contain only one value while 'SETTINGS_SERVICE_ACCOUNT_IDS' can have multiple. See the 'auth-service' service description for more details about service accounts.

OCIS_DEFAULT_LANGUAGE

string

The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details.

YAML Example

  • master

# Autogenerated
# Filename: settings-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9194
  token: ""
  pprof: false
  zpages: false
http:
  addr: 127.0.0.1:9190
  tls:
    enabled: false
    cert: ""
    key: ""
  root: /
  cors:
    allow_origins:
    - '*'
    allow_methods:
    - GET
    - POST
    - PUT
    - PATCH
    - DELETE
    - OPTIONS
    allow_headers:
    - Authorization
    - Origin
    - Content-Type
    - Accept
    - X-Requested-With
    - X-Request-Id
    allow_credentials: true
grpc:
  addr: 127.0.0.1:9191
  tls: null
grpc_client_tls: null
store_type: metadata
data_path: /var/lib/ocis/settings
metadata_config:
  gateway_addr: com.owncloud.api.storage-system
  storage_addr: com.owncloud.api.storage-system
  system_user_id: ""
  system_user_idp: internal
  system_user_api_key: ""
  cache:
    store: memory
    addresses:
    - 127.0.0.1:9233
    database: settings-cache
    files_table: settings_files
    directories_table: settings_dirs
    ttl: 10m0s
    size: 0
    disable_persistence: false
    username: ""
    password: ""
bundles_path: ""
admin_user_id: ""
token_manager:
  jwt_secret: ""
set_default_assignments: false
service_account_ids:
- service-user-id
default_language: ""