Configuration Parameters
When Control Center is started, it looks for the configuration parameters in the following order:
-
Java System properties, for example:
export JVM_OPTS="-Dserver.port=3004" -
The
application.propertiesfile in the working directory; -
The
application.ymlfile in the working directory; -
If the parameter is not found, the default value is used.
You can use one of the methods listed above to set configuration parameters.
Common Properties
| Parameter | Description | Default |
|---|---|---|
server.address |
Network address to which Control Center binds. |
|
server.port |
Control Center port. This port is used to access Control Center via a web browser. Clusters connect to this port as well. |
3000 |
account.signup.enabled |
Allow everyone to create an account. |
|
account.activation.enabled |
Enable account activation via email. After signing up, users will have to activate their account via email. Requires mail server properties. |
|
account.activation.timeout |
Activation timeout in milliseconds. |
1800000 |
account.activation.sendTimeout |
The timeout for sending activation email, in milliseconds. |
180000 |
account.anonymous.enabled |
Allows creating anonymous accounts with a link from the node log. |
true |
account.anonymous.cleanupTimeout |
Time until Control Center deletes anonymous accounts, in milliseconds. If 0, anonymous accounts will never be deleted. |
0 |
account.admin.email |
Administrator account email address. |
|
account.admin.password |
Administrator account password |
|
control.repositories.configurations.GccSessionCache.touchExpirationTimeout |
The number of milliseconds that the user session should be kept alive. Default value is 7 days. |
604_800_000 |
control.repositories.auto-migrate-enabled |
Enable automatic migration of internal storage. |
false |
control.metric.ttl |
The number of days until metrics are removed. If 0 metrics are not deleted. |
1 |
control.base-url |
Control Center url for links in notifications. |
|
control.browsers.allowed-origins |
Comma-separated allowed origins for WebSocket browsers endpoint. |
|
control.repositories.configurations.{cacheName}.dataRegionName |
Custom data region for the cache. The property can be used for storing browser sessions (GccSessionCache) in the in-memory data region. |
|
control.metric-collector.limit-enabled |
Metrics limit enabled flag. If false, all the metrics will be collected from a cluster. Otherwise, metrics will be collected on demand. |
true |
control.metric-collector.limit-file-path |
The path to yaml file with metric templates that must always be collected. Has no effect if limit-enabled is false. |
classpath:metrics.yml |
Rate Limitations
You can configure the number of messages in queue and remove candidates with too many messages.
| Parameter | Description | Default |
|---|---|---|
control.rate-limit.ban-duration-seconds |
Time of ban. |
|
control.rate-limit.candidates |
Number of candidates that would be banned with top statistics. |
|
control.rate-limit.hard-limit |
Maximum of messages in the queue. The queue will immediately be freed upon reaching this limit. |
|
control.rate-limit.soft-limit |
Maximum of messages in the queue. The queue will start to be cleaned when this limit is reached. |
|
control.rate-limit.disconnected-lifetime-seconds |
The duration of rate limit session being kept live without connection. |
|
control.rate-limit.update-interval-millis |
Scheduled interval for alert check. |
|
control.rate-limit.remove-session-interval-millis |
Scheduled interval for session removal check. |
Teams
| Parameter | Description | Default |
|---|---|---|
account.globalTeam.enabled |
If true, automatically creates a team called Global Team, which includes all active users (local or AD/LDAP-managed). |
false |
account.globalTeam.attachCluster |
If true, and if Global Team is enabled, automatically shares all clusters in the environment with that team. |
false |
SSL/TLS
You can enable SSL/TLS to encrypt communication between your cluster and Control Center.
| Parameter | Description | Default |
|---|---|---|
server.ssl.enabled |
Whether to enable SSL support. Takes effect only when a key store is provided. |
|
server.ssl.ciphers |
A list of SSL ciphers to use. |
|
server.ssl.client-auth |
Client authentication mode. Requires a trust store. Possible values:
|
|
server.ssl.enabled-protocols |
Enabled SSL protocols. |
|
server.ssl.key-alias |
The alias of the SSL certificate in the key store. |
|
server.ssl.key-password |
Password for the SSL certificate. |
|
server.ssl.key-store |
Path to the key store that holds the SSL certificate (typically a jks file). |
|
server.ssl.key-store-password |
Password for the key store. |
|
server.ssl.key-store-type |
The type of the key store. |
|
server.ssl.key-store-provider |
Provider for the key store. |
|
server.ssl.protocol |
The SSL protocol to use. |
TLS |
server.ssl.trust-store |
The trust store that holds SSL certificates. |
|
server.ssl.trust-store-password |
The password for the trust store. |
|
server.ssl.trust-store-type |
The type of the trust store. |
|
server.ssl.trust-store-provider |
Provider for the trust store. |
Mail Server
Control Center requires mail server parameters to send email notification and account confirmation emails.
| Parameter | Description | Default |
|---|---|---|
spring.mail.default-encoding |
Default MimeMessage encoding. |
|
spring.mail.host |
SMTP server host. For instance, |
|
spring.mail.jndi-name |
Session JNDI name. When set, takes precedence over other Session settings. |
|
spring.mail.password |
Login password of the SMTP server. |
|
spring.mail.port |
SMTP server port. |
|
spring.mail.properties |
Additional JavaMail Session properties. |
|
spring.mail.protocol |
Protocol used by the SMTP server. |
|
spring.mail.test-connection |
Test that the mail server is available on startup. |
|
spring.mail.username |
Login user of the SMTP server. |
|
spring.mail.from |
Used with SMTP server without authentication to set the reverse path for the "MAIL FROM" SMTP-command. |
SMS Provider
Control Center supports SMS alerts via Vonage communication provider.
-
Sign up at https://www.vonage.com/
-
Get your api key and api secret. See https://developer.nexmo.com/concepts/guides/authentication#api-key-and-secret.
-
Specify the api key and secret in the following properties:
| Parameter | Description | Default |
|---|---|---|
|
The API key |
|
|
The API secret. |
|
|
The name or number the message is sent from. |
Active Directory and LDAP
You can configure the Control Center to integrate with Active Directory or LDAP to store user data externally. As every authentication request leads to Active Directory or LDAP server and no caching is performed, it is possible to log in as a new user once it is created.
Active Directory and LDAP integrations have some limitations that you should be aware of before configuring the Control Center to use them. See the list of limitations below:
-
Users can only be created by adding them to the Active Directory or LDAP server when Active Directory or LDAP integration is enabled. Signing up and creating an admin user with a link from the backend log is not applicable.
-
To become admins, users need to be a part of a special group in Active Directory or LDAP. The group name can be specified using the corresponding configuration properties.
-
The list of users is not displayed on the admin screen when Active Directory or LDAP integration is enabled.
-
Profile information can be modified only on the Active Directory or LDAP server, not through the Control Center interface.
ACTIVE DIRECTORY
To enable Active Directory authentication, use the following parameters:
| Parameter | Required | Description | Example |
|---|---|---|---|
spring.activedirectory.urls |
Required |
URLs of the server, separated by comma. |
ldap://localhost:389,ldap://localhost:8389 |
spring.activedirectory.domain |
Optional |
Default domain name that can be added to the user login, if the domain is not specified. |
gridgain.org |
spring.activedirectory.rootDn |
Required |
Base path from which all operations should originate. |
dc=gridgain,dc=org |
spring.activedirectory.adminRole |
Optional |
The name of the user group with admin permissions. |
Domain Admins |
LDAP
To enable LDAP authentication, use the following parameters:
| Parameter | Required | Description | Example |
|---|---|---|---|
spring.ldap.urls |
Required |
LDAP URLs of the server, separated by comma. |
ldap://localhost:389,ldap://localhost:8389 |
spring.ldap.base |
Required |
Base path from which all operations should originate. |
dc=gridgain,dc=org |
spring.ldap.admin-role |
Optional |
The name of the user group with admin permissions. |
By default, the name of the user group is set to “admin” |
spring.ldap.bind-authenticator.enabled |
Optional |
Enables authenticator, which binds as a user. |
By default, it is set to “false” |
spring.ldap.password-comparison-authenticator.userDnPatterns |
Optional |
Sets the pattern that is used to supply a Distinguished Name for the user. The pattern argument {0} contains the username. |
spring.ldap.password-comparison-authenticator.userDnPatterns[0]="uid={0},ou=people" |
spring.ldap.password-comparison-authenticator.passwordAttributeName |
Optional |
The field name where the password is stored. |
By default, the field name is set to “userPassword” |
spring.ldap.user-details.groupRoleAttribute |
Optional |
The ID of the attribute that contains the role name for a group. |
By default, the ID is set to “cn” |
spring.ldap.user-details.groupMemberAttributeName |
Optional |
Name of the multi-valued attribute that holds the DNs of users who are members of a group. |
By default, the attribute name is set to “uniquemember” |
spring.ldap.user-details.groupSearchBase |
Optional |
The Distinguished Name under which groups are stored. |
ou=groups |
spring.ldap.user-details.userSearchBase |
The Distinguished Name under which users are stored. |
ou=people |
spring.ldap.user-details.userSearchFilter |
OpenID Configuration
You can set up the OpenID authentication as described in the Connecting to OpenID provider section. enable OpenID authentication, use the following parameters:
| Parameter | Required | Description | Example |
|---|---|---|---|
spring.security.oauth2.client.registration.{name} |
Required |
OpenID provider name. Can be anything, but must be consistent with spring.security.oauth2.client.provider.{name} and the name specified in redirect URI. |
|
spring.security.oauth2.client.registration.{name}.client-id |
Required |
Client ID for Control Center. Provided when you set up OpenID credentials. |
|
spring.security.oauth2.client.registration.{name}.client-secret |
Required |
Client secret for Control Center. Provided when you set up OpenID credentials. |
|
spring.security.oauth2.client.provider.{name} |
Required |
OpenID provider name. Can be anything, but must be consistent with spring.security.oauth2.client.registration.{name} and the name specified in redirect URI. |
|
spring.security.oauth2.client.provider.{name}.authorization-uri |
Required |
The endpoint that accepts authorization request. Usually provided in the |
|
spring.security.oauth2.client.provider.{name}.token-uri |
Required |
The endpoint that receives authorization information and returns authorization token. Usually prodived in the |
|
spring.security.oauth2.client.provider.{name}.jwk-set-uri |
Required |
The endpoint that holds public keys used to authorize users. Usually provided in the |
© 2023 GridGain Systems, Inc. All Rights Reserved. Privacy Policy | Legal Notices. GridGain® is a registered trademark of GridGain Systems, Inc.
Apache, Apache Ignite, the Apache feather and the Apache Ignite logo are either registered trademarks or trademarks of The Apache Software Foundation.