Settings Service Configuration

Introduction

The Infinite Scale Settings service

Default Values

  • Settings listens on port 9190 by default.

Configuration

Environment Variables

The settings service is configured via the following environment variables:

  • latest

  • 2.0.0

Environment variables for the settings service
Name Type Default Value Description

OCIS_TRACING_ENABLED
SETTINGS_TRACING_ENABLED

bool

false

Activates tracing.

OCIS_TRACING_TYPE
SETTINGS_TRACING_TYPE

string

The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now.

OCIS_TRACING_ENDPOINT
SETTINGS_TRACING_ENDPOINT

string

The endpoint of the tracing agent.

OCIS_TRACING_COLLECTOR
SETTINGS_TRACING_COLLECTOR

string

The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.

OCIS_LOG_LEVEL
SETTINGS_LOG_LEVEL

string

The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace".

OCIS_LOG_PRETTY
SETTINGS_LOG_PRETTY

bool

false

Activates pretty log output.

OCIS_LOG_COLOR
SETTINGS_LOG_COLOR

bool

false

Activates colorized log output.

OCIS_LOG_FILE
SETTINGS_LOG_FILE

string

The path to the log file. Activates logging to this file if set.

SETTINGS_DEBUG_ADDR

string

127.0.0.1:9194

Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.

SETTINGS_DEBUG_TOKEN

string

Token to secure the metrics endpoint.

SETTINGS_DEBUG_PPROF

bool

false

Enables pprof, which can be used for profiling.

SETTINGS_DEBUG_ZPAGES

bool

false

Enables zpages, which can be used for collecting and viewing in-memory traces.

SETTINGS_HTTP_ADDR

string

127.0.0.1:9190

The bind address of the HTTP service.

OCIS_HTTP_TLS_ENABLED

bool

false

Activates TLS for the http based services using the server certifcate and key configured via OCIS_HTTP_TLS_CERTIFICATE and OCIS_HTTP_TLS_KEY. If OCIS_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.

OCIS_HTTP_TLS_CERTIFICATE

string

Path/File name of the TLS server certificate (in PEM format) for the http services.

OCIS_HTTP_TLS_KEY

string

Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.

SETTINGS_HTTP_ROOT

string

/

Subdirectory that serves as the root for this HTTP service.

OCIS_CORS_ALLOW_ORIGINS
SETTINGS_CORS_ALLOW_ORIGINS

[]string

[*]

A comma-separated list of allowed CORS origins. See following chapter for more details: Access-Control-Allow-Origin at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

OCIS_CORS_ALLOW_METHODS
SETTINGS_CORS_ALLOW_METHODS

[]string

[GET POST PUT PATCH DELETE OPTIONS]

A comma-separated list of allowed CORS methods. See following chapter for more details: Access-Control-Request-Method at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method

OCIS_CORS_ALLOW_HEADERS
SETTINGS_CORS_ALLOW_HEADERS

[]string

[Authorization Origin Content-Type Accept X-Requested-With]

A comma-separated list of allowed CORS headers. See following chapter for more details: Access-Control-Request-Headers at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers.

OCIS_CORS_ALLOW_CREDENTIALS
SETTINGS_CORS_ALLOW_CREDENTIALS

bool

true

Allow credentials for CORS.See following chapter for more details: Access-Control-Allow-Credentials at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.

SETTINGS_GRPC_ADDR

string

127.0.0.1:9191

The bind address of the GRPC service.

SETTINGS_STORE_TYPE

string

metadata

Store type configures the persistency driver. Supported values are "metadata" and "filesystem".

SETTINGS_DATA_PATH

string

~/.ocis/settings

The directory where the filesystem storage will store ocis settings. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/settings.

STORAGE_GATEWAY_GRPC_ADDR

string

127.0.0.1:9215

GRPC address of the STORAGE-SYSTEM service.

STORAGE_GRPC_ADDR

string

127.0.0.1:9215

GRPC address of the STORAGE-SYSTEM service.

OCIS_SYSTEM_USER_ID
SETTINGS_SYSTEM_USER_ID

string

ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.

OCIS_SYSTEM_USER_IDP
SETTINGS_SYSTEM_USER_IDP

string

internal

IDP of the oCIS STORAGE-SYSTEM system user.

OCIS_SYSTEM_USER_API_KEY

string

API key for the STORAGE-SYSTEM system user.

SETTINGS_BUNDLES_PATH

string

The path to a JSON file with a list of bundles. If not definied, the default bundles will be loaded.

OCIS_ADMIN_USER_ID
SETTINGS_ADMIN_USER_ID

string

ID of the user that should receive admin privileges. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand.

OCIS_JWT_SECRET
SETTINGS_JWT_SECRET

string

The secret to mint and validate jwt tokens.

SETTINGS_SETUP_DEFAULT_ASSIGNMENTS
IDM_CREATE_DEMO_USERS

bool

false

The default role assignments the demo users should be setup.

Environment variables for the settings service
Name Type Default Value Description

OCIS_TRACING_ENABLED
SETTINGS_TRACING_ENABLED

bool

false

Activates tracing.

OCIS_TRACING_TYPE
SETTINGS_TRACING_TYPE

string

The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now.

OCIS_TRACING_ENDPOINT
SETTINGS_TRACING_ENDPOINT

string

The endpoint of the tracing agent.

OCIS_TRACING_COLLECTOR
SETTINGS_TRACING_COLLECTOR

string

The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.

OCIS_LOG_LEVEL
SETTINGS_LOG_LEVEL

string

The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace".

OCIS_LOG_PRETTY
SETTINGS_LOG_PRETTY

bool

false

Activates pretty log output.

OCIS_LOG_COLOR
SETTINGS_LOG_COLOR

bool

false

Activates colorized log output.

OCIS_LOG_FILE
SETTINGS_LOG_FILE

string

The path to the log file. Activates logging to this file if set.

SETTINGS_DEBUG_ADDR

string

127.0.0.1:9194

Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.

SETTINGS_DEBUG_TOKEN

string

Token to secure the metrics endpoint.

SETTINGS_DEBUG_PPROF

bool

false

Enables pprof, which can be used for profiling.

SETTINGS_DEBUG_ZPAGES

bool

false

Enables zpages, which can be used for collecting and viewing in-memory traces.

SETTINGS_HTTP_ADDR

string

127.0.0.1:9190

The bind address of the HTTP service.

OCIS_HTTP_TLS_ENABLED

bool

false

Activates TLS for the http based services using the server certifcate and key configured via OCIS_HTTP_TLS_CERTIFICATE and OCIS_HTTP_TLS_KEY. If OCIS_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.

OCIS_HTTP_TLS_CERTIFICATE

string

Path/File name of the TLS server certificate (in PEM format) for the http services.

OCIS_HTTP_TLS_KEY

string

Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.

SETTINGS_HTTP_ROOT

string

/

Subdirectory that serves as the root for this HTTP service.

SETTINGS_CACHE_TTL

int

604800

Browser cache control max-age value in seconds for settings Web UI assets.

OCIS_CORS_ALLOW_ORIGINS
SETTINGS_CORS_ALLOW_ORIGINS

[]string

[*]

A comma-separated list of allowed CORS origins. See following chapter for more details: Access-Control-Allow-Origin at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

OCIS_CORS_ALLOW_METHODS
SETTINGS_CORS_ALLOW_METHODS

[]string

[GET POST PUT PATCH DELETE OPTIONS]

A comma-separated list of allowed CORS methods. See following chapter for more details: Access-Control-Request-Method at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method

OCIS_CORS_ALLOW_HEADERS
SETTINGS_CORS_ALLOW_HEADERS

[]string

[Authorization Origin Content-Type Accept X-Requested-With]

A comma-separated list of allowed CORS headers. See following chapter for more details: Access-Control-Request-Headers at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers.

OCIS_CORS_ALLOW_CREDENTIALS
SETTINGS_CORS_ALLOW_CREDENTIALS

bool

true

Allow credentials for CORS.See following chapter for more details: Access-Control-Allow-Credentials at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.

SETTINGS_GRPC_ADDR

string

127.0.0.1:9191

The bind address of the GRPC service.

OCIS_GRPC_TLS_ENABLED

bool

false

Activates TLS for the grpc based services using the server certifcate and key configured via OCIS_GRPC_TLS_CERTIFICATE and OCIS_GRPC_TLS_KEY. If OCIS_GRPC_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with OCIS_GRPC_CLIENT_TLS_MODE=insecure.

OCIS_GRPC_TLS_CERTIFICATE

string

Path/File name of the TLS server certificate (in PEM format) for the grpc services.

OCIS_GRPC_TLS_KEY

string

Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the grpc services.

OCIS_GRPC_CLIENT_TLS_MODE

string

TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification.

OCIS_GRPC_CLIENT_TLS_CACERT

string

Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.

SETTINGS_STORE_TYPE

string

metadata

Store type configures the persistency driver. Supported values are "metadata" and "filesystem".

SETTINGS_DATA_PATH

string

~/.ocis/settings

The directory where the filesystem storage will store ocis settings. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/settings.

STORAGE_GATEWAY_GRPC_ADDR

string

127.0.0.1:9215

GRPC address of the STORAGE-SYSTEM service.

STORAGE_GRPC_ADDR

string

127.0.0.1:9215

GRPC address of the STORAGE-SYSTEM service.

OCIS_SYSTEM_USER_ID
SETTINGS_SYSTEM_USER_ID

string

ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.

OCIS_SYSTEM_USER_IDP
SETTINGS_SYSTEM_USER_IDP

string

internal

IDP of the oCIS STORAGE-SYSTEM system user.

OCIS_SYSTEM_USER_API_KEY

string

API key for the STORAGE-SYSTEM system user.

OCIS_ADMIN_USER_ID
SETTINGS_ADMIN_USER_ID

string

ID of the user that should receive admin privileges. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand.

SETTINGS_ASSET_PATH

string

Serve settings Web UI assets from a path on the filesystem instead of the builtin assets. Can be used for development and customization.

OCIS_JWT_SECRET
SETTINGS_JWT_SECRET

string

The secret to mint and validate jwt tokens.

SETTINGS_SETUP_DEFAULT_ASSIGNMENTS
ACCOUNTS_DEMO_USERS_AND_GROUPS

bool

false

The default role assignments the demo users should be setup.

YAML Example

Note that the filename shown below has been chosen on purpose.
See the Configuration File Naming for details when setting up your own configuration.

  • latest

  • 2.0.0

# Autogenerated
# Filename: settings-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9194
  token: ""
  pprof: false
  zpages: false
http:
  addr: 127.0.0.1:9190
  tls:
    enabled: false
    cert: ""
    key: ""
  root: /
  cors:
    allow_origins:
    - '*'
    allow_methods:
    - GET
    - POST
    - PUT
    - PATCH
    - DELETE
    - OPTIONS
    allow_headers:
    - Authorization
    - Origin
    - Content-Type
    - Accept
    - X-Requested-With
    allow_credentials: true
grpc:
  addr: 127.0.0.1:9191
  tls: null
grpc_client_tls: null
store_type: metadata
data_path: ~/.ocis/settings
metadata_config:
  gateway_addr: 127.0.0.1:9215
  storage_addr: 127.0.0.1:9215
  system_user_id: ""
  system_user_idp: internal
  system_user_api_key: ""
bundles_path: ""
admin_user_id: ""
token_manager:
  jwt_secret: ""
set_default_assignments: false
# Autogenerated
# Filename: settings-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9194
  token: ""
  pprof: false
  zpages: false
http:
  addr: 127.0.0.1:9190
  tls:
    enabled: false
    cert: ""
    key: ""
  root: /
  cache_ttl: 604800
  cors:
    allow_origins:
    - '*'
    allow_methods:
    - GET
    - POST
    - PUT
    - PATCH
    - DELETE
    - OPTIONS
    allow_headers:
    - Authorization
    - Origin
    - Content-Type
    - Accept
    - X-Requested-With
    allow_credentials: true
grpc:
  addr: 127.0.0.1:9191
  tls:
    enabled: false
    cert: ""
    key: ""
grpc_client_tls:
  mode: ""
  cacert: ""
store_type: metadata
data_path: ~/.ocis/settings
metadata_config:
  gateway_addr: 127.0.0.1:9215
  storage_addr: 127.0.0.1:9215
  system_user_id: ""
  system_user_idp: internal
  system_user_api_key: ""
admin_user_id: ""
asset:
  path: ""
token_manager:
  jwt_secret: ""
set_default_assignments: false