GridGain Developers Hub

Configuration Parameters

This page describes configuration parameters for a self-hosted Control Center.

When Control Center is started, it looks for the configuration parameters as follows:

  1. Java System property

    export JVM_OPTS="-Dserver.port=3004"
  2. The application.properties file in the working directory

  3. The application.yml file in the working directory

  4. If the parameter is not found, the default value is used

You can use one of the methods listed above to set configuration parameters.

Common Properties

Parameter Description Default

server.address

Network address to which Control Center binds.

0.0.0.0

server.port

Control Center port. This port is used to access Control Center via a web-browser. Clusters connect to this port as well.

3000

account.signup.enabled

Allow everyone to create an account.

true

account.activation.enabled

Enable account activation via email. After signing up, users will have to activate their account via email. Requires mail server properties.

false

account.activation.timeout

Activation timeout in milliseconds.

1800000

account.activation.sendTimeout

The timeout for sending activation email, in milliseconds.

180000

SSL/TLS

You can enable SSL/TLS to encrypt communication between your cluster and Control Center.

Parameter Description Default

server.ssl.enabled

Whether to enable SSL support. Takes effect only when a key store is provided.

true

server.ssl.ciphers

A list of SSL ciphers to use.

server.ssl.client-auth

Client authentication mode. Requires a trust store. Possible values:

  • NEED - Client authentication is needed and mandatory.

  • NONE - Client authentication is not wanted.

  • WANT - Client authentication is wanted but not mandatory.

server.ssl.enabled-protocols

Enabled SSL protocols.

server.ssl.key-alias

The alias of the SSL certificate in the key store.

server.ssl.key-password

Password for the SSL certificate.

server.ssl.key-store

Path to the key store that holds the SSL certificate (typically a jks file).

server.ssl.key-store-password

Password for the key store.

server.ssl.key-store-type

The type of the key store.

server.ssl.protocol

The SSL protocol to use.

TLS

server.ssl.trust-store

The trust store that holds SSL certificates.

server.ssl.trust-store-password

The password for the trust store.

server.ssl.trust-store-type

The type of the trust store.

Mail Server

Control Center requires mail server parameters to send email notification and account confirmation emails.

Parameter Description Default

spring.mail.default-encoding

Default MimeMessage encoding.

UTF-8

spring.mail.host

SMTP server host. For instance, smtp.example.com.

spring.mail.jndi-name

Session JNDI name. When set, takes precedence over other Session settings.

spring.mail.password

Login password of the SMTP server.

spring.mail.port

SMTP server port.

spring.mail.protocol

Protocol used by the SMTP server.

spring.mail.test-connection

Test that the mail server is available on startup.

false

spring.mail.username

Login user of the SMTP server.

spring.mail.from

Used with SMTP server without authentication to set the reverse path for the "MAIL FROM" SMTP-command.

SMS Provider

Control Center supports SMS alerts via Vonage communication provider.

  1. Sign up at https://www.vonage.com/

  2. Get your api key and api secret. See https://developer.nexmo.com/concepts/guides/authentication#api-key-and-secret.

  3. Specify the api key and secret in the following properties:

Parameter Description Default

nexmo.creds.apiKey

The API key

nexmo.creds.apiSecret

The API secret.

nexmo.creds.from

The name or number the message is sent from.

Active Directory and LDAP

You can configure the Control Center to integrate with Active Directory or LDAP to store user data externally. As every authentication request leads to Active Directory or LDAP server and no caching is performed, it is possible to log in as a new user once it is created.

Active Directory and LDAP integrations have some limitations that you should be aware of before configuring the Control Center to use them. See the list of limitations below:

  • Users can only be created by adding them to the Active Directory or LDAP server when Active Directory or LDAP integration is enabled. Signing up and creating an admin user with a link from the backend log is not applicable.

  • To become admins, users need to be a part of a special group in Active Directory or LDAP. The group name can be specified using the corresponding configuration properties.

  • The list of users is not displayed on the admin screen when Active Directory or LDAP integration is enabled.

  • Profile information can be modified only on the Active Directory or LDAP server, not through the Control Center interface.

ACTIVE DIRECTORY

To enable Active Directory authentication, use the following parameters:

Parameter Required Description Example

spring.activedirectory.urls

Required

URLs of the server, separated by comma.

ldap://localhost:389,ldap://localhost:8389

spring.activedirectory.domain

Optional

Default domain name that can be added to the user login, if the domain is not specified.

gridgain.org

spring.activedirectory.rootDn

Required

Base path from which all operations should originate.

dc=gridgain,dc=org

spring.activedirectory.adminRole

Optional

The name of the user group with admin permissions.

Domain Admins

LDAP

To enable LDAP authentication, use the following parameters:

Parameter Required Description Example

spring.ldap.urls

Required

LDAP URLs of the server, separated by comma.

ldap://localhost:389,ldap://localhost:8389

spring.ldap.base

Required

Base path from which all operations should originate.

dc=gridgain,dc=org

spring.ldap.admin-role

Optional

The name of the user group with admin permissions.

By default, the name of the user group is set to “admin”

spring.ldap.bind-authenticator.enabled

Optional

Enables authenticator, which binds as a user.

By default, it is set to “false”

spring.ldap.password-comparison-authenticator.userDnPatterns

Optional

Sets the pattern that is used to supply a Distinguished Name for the user. The pattern argument {0} contains the username.

spring.ldap.password-comparison-authenticator.userDnPatterns[0]="uid={0},ou=people"

spring.ldap.password-comparison-authenticator.passwordAttributeName

Optional

The field name where the password is stored.

By default, the field name is set to “userPassword”

spring.ldap.user-details.groupRoleAttribute

Optional

The ID of the attribute that contains the role name for a group.

By default, the ID is set to “cn”

spring.ldap.user-details.groupMemberAttributeName

Optional

Name of the multi-valued attribute that holds the DNs of users who are members of a group.

By default, the attribute name is set to “uniquemember”

spring.ldap.user-details.groupSearchBase

Optional

The Distinguished Name under which groups are stored.

ou=groups

OpenID Configuration

You can set up the OpenID authentication as described in the Connecting to OpenID provider section. enable OpenID authentication, use the following parameters:

Parameter Required Description Example

spring.security.oauth2.client.registration.{name}

Required

OpenID provider name. Can be anything, but must be consistent with spring.security.oauth2.client.provider.{name} and the name specified in redirect URI.

spring.security.oauth2.client.registration.{name}.client-id

Required

Client ID for Control Center. Provided when you set up OpenID credentials.

spring.security.oauth2.client.registration.{name}.client-secret

Required

Client secret for Control Center. Provided when you set up OpenID credentials.

spring.security.oauth2.client.provider.{name}

Required

OpenID provider name. Can be anything, but must be consistent with spring.security.oauth2.client.registration.{name} and the name specified in redirect URI.

spring.security.oauth2.client.provider.{name}.authorization-uri

Required

The endpoint that accepts authorization request. Usually provided in the authorization_endpoint field of the OpenID Discovery document.

spring.security.oauth2.client.provider.{name}.token-uri

Required

The endpoint that receives authorization information and returns authorization token. Usually prodived in the token_endpoint field of the OpenID Discovery document.

spring.security.oauth2.client.provider.{name}.jwk-set-uri

Required

The endpoint that holds public keys used to authorize users. Usually provided in the jwks_uri field of the OpenID Discovery document.