GridGain Developers Hub

Configuration Parameters

When Control Center is started, it looks for the configuration parameters in the following order:

  1. Java System properties, for example:

    export JVM_OPTS="-Dserver.port=3004"
  2. The application.properties file in the Control Center root folder;

  3. The application.yml file in the Control Center root folder;

  4. If the parameter is not found, the default value is used.

Use one of the above methods to set configuration parameters.

Common Properties

Parameter Description Default

account.activation.enabled

Enable account activation via email. After signing up, users will have to activate their account via email. Requires Mail Server properties.

false

account.activation.timeout

Activation link’s timeout in milliseconds.

86400000

account.activation.send-timeout

The timeout for sending activation email, in milliseconds.

180000

account.admin.email

Email address in the administrator’s account.

account.admin.password

Administrator account’s password.

account.authentication.interval

The interval, in milliseconds, between login attempts. Increases exponentially based on the number of failed attempts.

100

account.authentication.max-attempts

The maximum number of failed attempts allowed before preventing login.

5

account.signup.enabled

Whether self-signup is enabled. If disabled, the Signup page is hidden in the UI. Only the registered users, as well as LDAP and Open ID Connect users, can sign in.

true

compute.grid.task-execution-timeout

Task execution timeout in milliseconds.

60000

compute.grid.task-pull-timeout

Task pull timeout in milliseconds.

60000

control.base-url

Control Center url for links in notifications.

control.browsers.allowed-origins

Comma-separated allowed origins for WebSocket browsers endpoint.

control.repositories.auto-migrate-enabled

Enable automatic migration of internal storage (required for updates).

false

control.repositories.configurations.{cacheName}.dataRegionName

Custom data region for the cache. The property can be used for storing browser sessions (GccSessionCache) in the in-memory data region.

control.repositories.configurations.GccSessionCache.touchExpirationTimeout

The number of milliseconds that the user session should be kept alive. Default value is 7 days.

604800000

control.repositories.configurations.QuerySessionCache.create-expiration-timeout

The period (in seconds) after which cache entities (key-value pairs) are removed from QuerySessionCache to preclude uncontrolled growth of the persistent cache size.

604800000

server.address

Network address to which Control Center binds.

0.0.0.0

server.port

Control Center port. This port is used to access Control Center via a web browser. Clusters connect to this port as well.

3000

Sessions

Parameter Description Default

spring.session.cache-name

The name of the cache for storing web sessions.

IgniteSessionCache

spring.session.timeout

The maximum inactive interval between requests before newly created sessions start getting invalidated (in milliseconds).

604800000

Teams

Parameter Description Default

account.globalTeam.enabled

If true, automatically creates a team called Global Team, which includes all active users (local or AD/LDAP-managed).

false

account.globalTeam.attachCluster

If true, and if Global Team is enabled, automatically shares all clusters in the environment with that team.

false

SSL/TLS

You can enable SSL/TLS to encrypt communication between your cluster and Control Center.

Parameter Description Default

server.ssl.enabled

Whether to enable SSL support. Takes effect only when a key store is provided.

true

server.ssl.ciphers

A list of SSL ciphers to use.

server.ssl.client-auth

Client authentication mode. Requires a trust store. Possible values:

  • NEED - Client authentication is needed and mandatory.

  • NONE - Client authentication is not wanted.

  • WANT - Client authentication is wanted but not mandatory.

server.ssl.enabled-protocols

Enabled SSL protocols.

server.ssl.key-alias

The alias of the SSL certificate in the key store.

server.ssl.key-password

Password for the SSL certificate.

server.ssl.key-store

Path to the key store that holds the SSL certificate (typically a jks file).

server.ssl.key-store-password

Password for the key store.

server.ssl.key-store-type

The type of the key store.

server.ssl.key-store-provider

Provider for the key store.

server.ssl.protocol

The SSL protocol to use.

TLS

server.ssl.trust-store

The trust store that holds SSL certificates.

server.ssl.trust-store-password

The password for the trust store.

server.ssl.trust-store-type

The type of the trust store.

server.ssl.trust-store-provider

Provider for the trust store.

Mail Server

Control Center requires mail server parameters to send email notification and account confirmation emails.

Parameter Description Default

spring.mail.default-encoding

Default MimeMessage encoding.

UTF-8

spring.mail.host

SMTP server host. For instance, smtp.example.com.

spring.mail.jndi-name

Session JNDI name. When set, takes precedence over other Session settings.

spring.mail.password

Login password of the SMTP server.

spring.mail.port

SMTP server port.

spring.mail.properties

Additional JavaMail Session properties.

spring.mail.protocol

Protocol used by the SMTP server.

spring.mail.test-connection

Test that the mail server is available on startup.

false

spring.mail.username

Login user of the SMTP server.

spring.mail.from

Used with SMTP server without authentication to set the reverse path for the "MAIL FROM" SMTP-command.

SMS Provider

Control Center supports SMS alerts via Vonage communication provider.

  1. Sign up at https://www.vonage.com/

  2. Get your api key and api secret. See https://developer.nexmo.com/concepts/guides/authentication#api-key-and-secret.

  3. Specify the api key and secret in the following properties:

Parameter Description

nexmo.creds.api-key

The API key.

nexmo.creds.api-secret

The API secret.

nexmo.creds.from

The name or number the message is sent from.

Active Directory and LDAP

You can configure the Control Center to integrate with Active Directory or LDAP to store user data externally. As every authentication request leads to Active Directory or LDAP server and no caching is performed, it is possible to log in as a new user once it is created.

Active Directory and LDAP integrations have some limitations that you should be aware of before configuring the Control Center to use them. See the list of limitations below:

  • Users can only be created by adding them to the Active Directory or LDAP server when Active Directory or LDAP integration is enabled. Signing up and creating an admin user with a link from the backend log is not applicable.

  • To become admins, users need to be a part of a special group in Active Directory or LDAP. The group name can be specified using the corresponding configuration properties.

  • The list of users is not displayed on the admin screen when Active Directory or LDAP integration is enabled.

  • Profile information can be modified only on the Active Directory or LDAP server, not through the Control Center interface.

ACTIVE DIRECTORY

To enable Active Directory authentication, use the following parameters:

Parameter Required Description Example

spring.activedirectory.admin-role

Optional

The name of the user group with admin permissions.

Domain Admins

spring.activedirectory.domain

Optional

The default domain name to be added to the user login (if no domain is specified).

gridgain.org

spring.activedirectory.root-dn

Required

The distinguished name.

dc=gridgain,dc=org

spring.activedirectory.urls

Required

Comma-separated server URLs.

ldap://localhost:389,ldap://localhost:8389

LDAP

To enable LDAP authentication, use the following parameters:

Parameter Required Description Example

spring.ldap.admin-role

Optional

The name of the user group with admin permissions.

By default, the name of the user group is set to “admin”

spring.ldap.base

Required

Base path from which all operations should originate.

dc=gridgain,dc=org

spring.ldap.bind-authenticator.enabled

Optional

Enables authenticator, which binds as a user.

By default, it is set to “false”

spring.ldap.password-comparison-authenticator.passwordAttributeName

Optional

The field name where the password is stored.

By default, the field name is set to “userPassword”

spring.ldap.password-comparison-authenticator.userDnPatterns

Optional

Sets the pattern that is used to supply a Distinguished Name for the user. The pattern argument {0} contains the username.

spring.ldap.password-comparison-authenticator.userDnPatterns[0]="uid={0},ou=people"

spring.ldap.urls

Required

LDAP URLs of the server, separated by comma.

ldap://localhost:389,ldap://localhost:8389

spring.ldap.user-details.groupMemberAttributeName

Optional

Name of the multi-valued attribute that holds the DNs of users who are members of a group.

By default, the attribute name is set to “uniquemember”

spring.ldap.user-details.groupRoleAttribute

Optional

The ID of the attribute that contains the role name for a group.

By default, the ID is set to “cn”

spring.ldap.user-details.groupSearchBase

Optional

The Distinguished Name under which groups are stored.

ou=groups

spring.ldap.user-details.userSearchBase

Optional

The Distinguished Name under which users are stored.

ou=people

spring.ldap.user-details.userSearchFilter

Optional

The filter expression used in the user search. This is an LDAP search filter (as defined in 'RFC 2254') with optional arguments.

uid={0}

OpenID Configuration

You can set up the OpenID authentication as described in the Connecting to OpenID provider section. enable OpenID authentication, use the following parameters:

Parameter Required Description

spring.security.oauth2.client.provider.{name}

Required

OpenID provider name. Can be anything, but must be consistent with spring.security.oauth2.client.registration.{name} and the name specified in redirect URI.

spring.security.oauth2.client.provider.{name}.authorization-uri

Required

The endpoint that accepts authorization request. Usually provided in the authorization_endpoint field of the OpenID Discovery document.

spring.security.oauth2.client.provider.{name}.jwk-set-uri

Required

The endpoint that holds public keys used to authorize users. Usually provided in the jwks_uri field of the OpenID Discovery document.

spring.security.oauth2.client.provider.{name}.token-uri

Required

The endpoint that receives authorization information and returns authorization token. Usually provided in the token_endpoint field of the OpenID Discovery document.

spring.security.oauth2.client.registration.{name}

Required

OpenID provider name. Can be anything, but must be consistent with spring.security.oauth2.client.provider.{name} and the name specified in redirect URI.

spring.security.oauth2.client.registration.{name}.client-id

Required

Client ID for Control Center. Provided when you set up OpenID credentials.

spring.security.oauth2.client.registration.{name}.client-secret

Required

Client secret for Control Center. Provided when you set up OpenID credentials.