GridGain Developers Hub

Configuration Parameters

When Control Center is started, it looks for the configuration parameters in the following order:

  1. Java System properties, for example:

    export JVM_OPTS="-Dserver.port=3004"
  2. The application.properties file in the working directory;

  3. The application.yml file in the working directory;

  4. If the parameter is not found, the default value is used.

You can use one of the methods listed above to set configuration parameters.

Common Properties

Parameter Description Default

server.address

Network address to which Control Center binds.

0.0.0.0

server.port

Control Center port. This port is used to access Control Center via a web browser. Clusters connect to this port as well.

3000

account.signup.enabled

Allow everyone to create an account.

true

account.activation.enabled

Enable account activation via email. After signing up, users will have to activate their account via email. Requires mail server properties.

false

account.activation.timeout

Activation timeout in milliseconds.

1800000

account.activation.sendTimeout

The timeout for sending activation email, in milliseconds.

180000

account.anonymous.enabled

Allows creating anonymous accounts with a link from the node log.

true

account.anonymous.cleanupTimeout

Time until Control Center deletes anonymous accounts, in milliseconds. If 0, anonymous accounts will never be deleted.

0

account.admin.email

Administrator account email address.

account.admin.password

Administrator account password

control.repositories.configurations.GccSessionCache.touchExpirationTimeout

The number of milliseconds that the user session should be kept alive. Default value is 7 days.

604_800_000

control.repositories.auto-migrate-enabled

Enable automatic migration of internal storage.

false

control.metric.ttl

The number of days until metrics are removed. If 0 metrics are not deleted.

1

control.base-url

Control Center url for links in notifications.

control.browsers.allowed-origins

Comma-separated allowed origins for WebSocket browsers endpoint.

control.repositories.configurations.{cacheName}.dataRegionName

Custom data region for the cache. The property can be used for storing browser sessions (GccSessionCache) in the in-memory data region.

control.metric-collector.limit-enabled

Metrics limit enabled flag. If false, all the metrics will be collected from a cluster. Otherwise, metrics will be collected on demand.

true

control.metric-collector.limit-file-path

The path to yaml file with metric templates that must always be collected. Has no effect if limit-enabled is false.

classpath:metrics.yml

Rate Limitations

You can configure the number of messages in queue and remove candidates with too many messages.

Parameter Description Default

control.rate-limit.ban-duration-seconds

Time of ban.

control.rate-limit.candidates

Number of candidates that would be banned with top statistics.

control.rate-limit.hard-limit

Maximum of messages in the queue. The queue will immediately be freed upon reaching this limit.

control.rate-limit.soft-limit

Maximum of messages in the queue. The queue will start to be cleaned when this limit is reached.

control.rate-limit.disconnected-lifetime-seconds

The duration of rate limit session being kept live without connection.

control.rate-limit.update-interval-millis

Scheduled interval for alert check.

control.rate-limit.remove-session-interval-millis

Scheduled interval for session removal check.

Teams

Parameter Description Default

account.globalTeam.enabled

If true, automatically creates a team called Global Team, which includes all active users (local or AD/LDAP-managed).

false

account.globalTeam.attachCluster

If true, and if Global Team is enabled, automatically shares all clusters in the environment with that team.

false

SSL/TLS

You can enable SSL/TLS to encrypt communication between your cluster and Control Center.

Parameter Description Default

server.ssl.enabled

Whether to enable SSL support. Takes effect only when a key store is provided.

true

server.ssl.ciphers

A list of SSL ciphers to use.

server.ssl.client-auth

Client authentication mode. Requires a trust store. Possible values:

  • NEED - Client authentication is needed and mandatory.

  • NONE - Client authentication is not wanted.

  • WANT - Client authentication is wanted but not mandatory.

server.ssl.enabled-protocols

Enabled SSL protocols.

server.ssl.key-alias

The alias of the SSL certificate in the key store.

server.ssl.key-password

Password for the SSL certificate.

server.ssl.key-store

Path to the key store that holds the SSL certificate (typically a jks file).

server.ssl.key-store-password

Password for the key store.

server.ssl.key-store-type

The type of the key store.

server.ssl.key-store-provider

Provider for the key store.

server.ssl.protocol

The SSL protocol to use.

TLS

server.ssl.trust-store

The trust store that holds SSL certificates.

server.ssl.trust-store-password

The password for the trust store.

server.ssl.trust-store-type

The type of the trust store.

server.ssl.trust-store-provider

Provider for the trust store.

Mail Server

Control Center requires mail server parameters to send email notification and account confirmation emails.

Parameter Description Default

spring.mail.default-encoding

Default MimeMessage encoding.

UTF-8

spring.mail.host

SMTP server host. For instance, smtp.example.com.

spring.mail.jndi-name

Session JNDI name. When set, takes precedence over other Session settings.

spring.mail.password

Login password of the SMTP server.

spring.mail.port

SMTP server port.

spring.mail.properties

Additional JavaMail Session properties.

spring.mail.protocol

Protocol used by the SMTP server.

spring.mail.test-connection

Test that the mail server is available on startup.

false

spring.mail.username

Login user of the SMTP server.

spring.mail.from

Used with SMTP server without authentication to set the reverse path for the "MAIL FROM" SMTP-command.

SMS Provider

Control Center supports SMS alerts via Vonage communication provider.

  1. Sign up at https://www.vonage.com/

  2. Get your api key and api secret. See https://developer.nexmo.com/concepts/guides/authentication#api-key-and-secret.

  3. Specify the api key and secret in the following properties:

Parameter Description Default

nexmo.creds.apiKey

The API key

nexmo.creds.apiSecret

The API secret.

nexmo.creds.from

The name or number the message is sent from.

Active Directory and LDAP

You can configure the Control Center to integrate with Active Directory or LDAP to store user data externally. As every authentication request leads to Active Directory or LDAP server and no caching is performed, it is possible to log in as a new user once it is created.

Active Directory and LDAP integrations have some limitations that you should be aware of before configuring the Control Center to use them. See the list of limitations below:

  • Users can only be created by adding them to the Active Directory or LDAP server when Active Directory or LDAP integration is enabled. Signing up and creating an admin user with a link from the backend log is not applicable.

  • To become admins, users need to be a part of a special group in Active Directory or LDAP. The group name can be specified using the corresponding configuration properties.

  • The list of users is not displayed on the admin screen when Active Directory or LDAP integration is enabled.

  • Profile information can be modified only on the Active Directory or LDAP server, not through the Control Center interface.

ACTIVE DIRECTORY

To enable Active Directory authentication, use the following parameters:

Parameter Required Description Example

spring.activedirectory.urls

Required

URLs of the server, separated by comma.

ldap://localhost:389,ldap://localhost:8389

spring.activedirectory.domain

Optional

Default domain name that can be added to the user login, if the domain is not specified.

gridgain.org

spring.activedirectory.rootDn

Required

Base path from which all operations should originate.

dc=gridgain,dc=org

spring.activedirectory.adminRole

Optional

The name of the user group with admin permissions.

Domain Admins

LDAP

To enable LDAP authentication, use the following parameters:

Parameter Required Description Example

spring.ldap.urls

Required

LDAP URLs of the server, separated by comma.

ldap://localhost:389,ldap://localhost:8389

spring.ldap.base

Required

Base path from which all operations should originate.

dc=gridgain,dc=org

spring.ldap.admin-role

Optional

The name of the user group with admin permissions.

By default, the name of the user group is set to “admin”

spring.ldap.bind-authenticator.enabled

Optional

Enables authenticator, which binds as a user.

By default, it is set to “false”

spring.ldap.password-comparison-authenticator.userDnPatterns

Optional

Sets the pattern that is used to supply a Distinguished Name for the user. The pattern argument {0} contains the username.

spring.ldap.password-comparison-authenticator.userDnPatterns[0]="uid={0},ou=people"

spring.ldap.password-comparison-authenticator.passwordAttributeName

Optional

The field name where the password is stored.

By default, the field name is set to “userPassword”

spring.ldap.user-details.groupRoleAttribute

Optional

The ID of the attribute that contains the role name for a group.

By default, the ID is set to “cn”

spring.ldap.user-details.groupMemberAttributeName

Optional

Name of the multi-valued attribute that holds the DNs of users who are members of a group.

By default, the attribute name is set to “uniquemember”

spring.ldap.user-details.groupSearchBase

Optional

The Distinguished Name under which groups are stored.

ou=groups

spring.ldap.user-details.userSearchBase

The Distinguished Name under which users are stored.

ou=people

spring.ldap.user-details.userSearchFilter

OpenID Configuration

You can set up the OpenID authentication as described in the Connecting to OpenID provider section. enable OpenID authentication, use the following parameters:

Parameter Required Description Example

spring.security.oauth2.client.registration.{name}

Required

OpenID provider name. Can be anything, but must be consistent with spring.security.oauth2.client.provider.{name} and the name specified in redirect URI.

spring.security.oauth2.client.registration.{name}.client-id

Required

Client ID for Control Center. Provided when you set up OpenID credentials.

spring.security.oauth2.client.registration.{name}.client-secret

Required

Client secret for Control Center. Provided when you set up OpenID credentials.

spring.security.oauth2.client.provider.{name}

Required

OpenID provider name. Can be anything, but must be consistent with spring.security.oauth2.client.registration.{name} and the name specified in redirect URI.

spring.security.oauth2.client.provider.{name}.authorization-uri

Required

The endpoint that accepts authorization request. Usually provided in the authorization_endpoint field of the OpenID Discovery document.

spring.security.oauth2.client.provider.{name}.token-uri

Required

The endpoint that receives authorization information and returns authorization token. Usually prodived in the token_endpoint field of the OpenID Discovery document.

spring.security.oauth2.client.provider.{name}.jwk-set-uri

Required

The endpoint that holds public keys used to authorize users. Usually provided in the jwks_uri field of the OpenID Discovery document.