Userlog Service Configuration

Introduction

The Infinite Scale userlog service is a mediator between the eventhistory service and clients who want to be informed about user-related events. It provides an API to retrieve those.

Prerequisites

Running the userlog service without running the eventhistory service is not possible.

Storing

The userlog service persists information via the configured store in USERLOG_STORE_TYPE. Possible stores are:

Store Type Description

mem

Basic in-memory store and the default.

ocmem

Advanced in-memory store allowing max size.

redis

Stores data in a configured Redis cluster.

etcd

Stores data in a configured etcd cluster.

nats-js

Stores data using the key-value-store feature of NATS JetStream.

noop

Stores nothing. Useful for testing. Not recommended in productive environments.

  1. Note that in-memory stores are by nature not reboot persistent.

  2. Though usually not necessary, a database name and a database table can be configured for event stores if the event store supports this. Generally, this does not apply to stores of type in-memory. These settings are blank by default which means that the standard settings of the configured store applies.

  3. The userlog service can be scaled if not using in-memory stores and the stores are configured identically over all instances.

Configuring Events

Currently, the configuration which user-related events are of interest is hard-coded and cannot be changed.

Retrieving

The userlog service provides an API to retrieve configured events. For now, this API is mostly following the ownCloud Server notification GET API.

Deleting

To delete events for an user, use a DELETE request to:

https://<your-ocis-instance>/ocs/v2.php/apps/notifications/api/v1/notification

containing the IDs to delete.

Translations

The userlog service has embedded translations sourced via transifex to provide a basic set of translated languages. These embedded translations are available for all deployment scenarios. In addition, the service supports custom translations, though it is currently not possible to just add custom translations to embedded ones. If custom translations are configured, the embedded ones are not used. To configure custom translations, the USERLOG_TRANSLATION_PATH environment variable needs to point to a base folder that will contain the translation files. This path must be available from all instances of the userlog service, a shared storage is recommended. Translation files must be of type .po or .mo. For each language, the filename needs to be userlog.po (or userlog.mo) and stored in a folder structure defining the language code. In general the path/name pattern for a translation file needs to be:

{USERLOG_TRANSLATION_PATH}/{language-code}/LC_MESSAGES/userlog.po

The language code pattern is composed of language[_territory] where language is the base language and _territory is optional and defines a country.

For example, for the language de_DE, one needs to place the corresponding translation files to

{USERLOG_TRANSLATION_PATH}/de_DE/LC_MESSAGES/userlog.po

Translation Rules

  • If a requested language code is not available, the service tries to fall back to the base language if available. For example, if de_DE is not available, the service tries to fall back to translations in the de folder.

  • If the base language de is also not available, the service falls back to the system’s default English (en), which is the source of the texts provided by the code.

Configuration

Environment Variables

The userlog service is configured via the following environment variables:

  • latest

Environment variables for the userlog service
Name Type Default Value Description

OCIS_LOG_LEVEL
USERLOG_LOG_LEVEL

string

The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace".

OCIS_LOG_PRETTY
USERLOG_LOG_PRETTY

bool

false

Activates pretty log output.

OCIS_LOG_COLOR
USERLOG_LOG_COLOR

bool

false

Activates colorized log output.

OCIS_LOG_FILE
USERLOG_LOG_FILE

string

The path to the log file. Activates logging to this file if set.

USERLOG_DEBUG_ADDR

string

Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.

USERLOG_DEBUG_TOKEN

string

Token to secure the metrics endpoint.

USERLOG_DEBUG_PPROF

bool

false

Enables pprof, which can be used for profiling.

USERLOG_DEBUG_ZPAGES

bool

false

Enables zpages, which can be used for collecting and viewing in-memory traces.

USERLOG_HTTP_ADDR

string

127.0.0.1:0

The bind address of the HTTP service.

USERLOG_HTTP_ROOT

string

/

Subdirectory that serves as the root for this HTTP service.

OCIS_CORS_ALLOW_ORIGINS
USERLOG_CORS_ALLOW_ORIGINS

[]string

[*]

A comma-separated list of allowed CORS origins. See following chapter for more details: Access-Control-Allow-Origin at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

OCIS_CORS_ALLOW_METHODS
USERLOG_CORS_ALLOW_METHODS

[]string

[GET]

A comma-separated list of allowed CORS methods. See following chapter for more details: Access-Control-Request-Method at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method

OCIS_CORS_ALLOW_HEADERS
USERLOG_CORS_ALLOW_HEADERS

[]string

[Authorization Origin Content-Type Accept X-Requested-With]

A comma-separated list of allowed CORS headers. See following chapter for more details: Access-Control-Request-Headers at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers.

OCIS_CORS_ALLOW_CREDENTIALS
USERLOG_CORS_ALLOW_CREDENTIALS

bool

true

Allow credentials for CORS.See following chapter for more details: Access-Control-Allow-Credentials at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.

OCIS_HTTP_TLS_ENABLED

bool

false

Activates TLS for the http based services using the server certifcate and key configured via OCIS_HTTP_TLS_CERTIFICATE and OCIS_HTTP_TLS_KEY. If OCIS_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.

OCIS_HTTP_TLS_CERTIFICATE

string

Path/File name of the TLS server certificate (in PEM format) for the http services.

OCIS_HTTP_TLS_KEY

string

Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.

OCIS_JWT_SECRET
USERLOG_JWT_SECRET

string

The secret to mint and validate jwt tokens.

OCIS_MACHINE_AUTH_API_KEY
USERLOG_MACHINE_AUTH_API_KEY

string

Machine auth API key used to validate internal requests necessary to access resources from other services.

REVA_GATEWAY

string

127.0.0.1:9142

CS3 gateway used to look up user metadata

USERLOG_TRANSLATION_PATH

string

(optional) Set this to a path with custom translations to overwrite the builtin translations. See the documentation for more details.

USERLOG_EVENTS_ENDPOINT

string

127.0.0.1:9233

The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.

USERLOG_EVENTS_CLUSTER

string

ocis-cluster

The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.

OCIS_INSECURE
USERLOG_EVENTS_TLS_INSECURE

bool

false

Whether to verify the server TLS certificates.

USERLOG_EVENTS_TLS_ROOT_CA_CERTIFICATE

string

The root CA certificate used to validate the server’s TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false.

OCIS_EVENTS_ENABLE_TLS
USERLOG_EVENTS_ENABLE_TLS

bool

false

Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services..

OCIS_PERSISTENT_STORE
USERLOG_STORE
USERLOG_STORE_TYPE

string

memory

The type of the userlog store. Supported values are: 'memory', 'ocmem', 'etcd', 'redis', 'redis-sentinel', 'nats-js', 'noop'. See the text description for details.

OCIS_PERSISTENT_STORE_NODES
USERLOG_STORE_ADDRESSES

[]string

[]

A comma separated list of nodes to access the configured store. This has no effect when 'in-memory' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store.

USERLOG_STORE_DATABASE

string

userlog

The database name the configured store should use.

USERLOG_STORE_TABLE

string

events

The database table the store should use.

OCIS_PERSISTENT_STORE_TTL
USERLOG_STORE_TTL

Duration

336h0m0s

Time to live for events in the store. The duration can be set as number followed by a unit identifier like s, m or h. Defaults to '336h' (2 weeks).

OCIS_PERSISTENT_STORE_SIZE
USERLOG_STORE_SIZE

int

0

The maximum quantity of items in the store. Only applies when store type 'ocmem' is configured. Defaults to 512.

YAML Example

Note that the filename shown below has been chosen on purpose.
See the Configuration File Naming for details when setting up your own configuration.

  • latest

# Autogenerated
# Filename: userlog-config-example.yaml

log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: ""
  token: ""
  pprof: false
  zpages: false
http:
  addr: 127.0.0.1:0
  root: /
  cors:
    allow_origins:
    - '*'
    allow_methods:
    - GET
    allow_headers:
    - Authorization
    - Origin
    - Content-Type
    - Accept
    - X-Requested-With
    allow_credentials: true
  tls:
    enabled: false
    cert: ""
    key: ""
grpc_client_tls: null
token_manager:
  jwt_secret: ""
machine_auth_api_key: ""
reva_gateway: 127.0.0.1:9142
translation_path: ""
events:
  endpoint: 127.0.0.1:9233
  cluster: ocis-cluster
  tls_insecure: false
  tls_root_ca_certificate: ""
  enable_tls: false
persistence:
  store: memory
  nodes: []
  database: userlog
  table: events
  ttl: 336h0m0s
  size: 0