The configuraton file of Jetconf is formatted in YAML with a simple, 2-level only syntax. The purpose of this document is to describe all configuration options of Jetconf. If any of the possible options is not explicitly present in the configuraton file, a default value will be used instead. The configuration file can be passed to Jetconf with
-c /path/to/config.yaml command line argument.
GLOBAL: TIMEZONE: GMT LOGFILE: - PIDFILE: /tmp/jetconf.pid PERSISTENT_CHANGES: True LOG_LEVEL: info LOG_DBG_MODULES: [*] YANG_LIB_DIR: yang-data/ DATA_JSON_FILE: data.json VALIDATE_TRANSACTIONS: True, CLIENT_CN: False BACKEND_PACKAGE: jetconf_jukebox
A timezone of the Jetconf server. This is necessary because all timestamps returned in HTTP response headers need to be returned in GMT.
A location of Jetconf's log file. This can be either a path on the filesystem or a "-". If configured as a "-", Jetconf server will run in foreground and all logging information will be written to stdout (suitable for testing).
A location of Jetconf's process ID file.
This option specifies if the changes commited to datastore will also be synchronized to the filesystem (JSON file defined by the DATA_JSON_FILE option). It should be set to true in most cases, but can be turned off for i.e. testing purposes. If turned off, the Jetconf datastore will contain exactly the same initial data at every startup.
Defines the Jetconf's log verbosity. Possible values are:
When LOG_LEVEL is set to "debug", this options defines list of Python modules which will write out debugging information. This is useful to prevent flooding the log with debugging messages from irrelevant modules. I.e. when debugging "usr_conf_data_handlers" module, you may not be interested with debug information from the "nacm". Can be set to wildcard
Specifies the location of YANG library. This is the directory containing .yang files, it must also contain the "yang-library-data.json" file with configuration and description of all present YANG modules (see example).
A path to JSON file containing the datastore data. This file will be loaded at Jetconf startup. If PERSISTENT_CHANGES is set to true, all changes made to the datastore will be also stored to this file.
This option defines if the datastore data should be validated according to YANG data model after a transaction is commited. It should be set to true except for testing and debugging purposes.
If enabled, Jetconf will use
commonName of certificate as clients's username. By default Jetconf is using
emailAddress as client's username
This option selects the package with backend bindings that Jetconf will use. An exact name of the Python package has to be specified here, and also the package has to be installed in Python's environment.
HTTP_SERVER: DOC_ROOT: doc-root DOC_DEFAULT_NAME: index.html API_ROOT: /restconf API_ROOT_STAGING: /restconf_staging SERVER_NAME: jetconf-h2 UPLOAD_SIZE_LIMIT: 1 LISTEN_LOCALHOST_ONLY: False PORT: 8443 DISABLE_SSL: False SERVER_SSL_CERT: server.crt SERVER_SSL_PRIVKEY: server.key CA_CERT: ca.pem DBG_DISABLE_CERTS: False
A root directory where regular files will be placed. All HTTP GET requests outside API_ROOT are considered as requests for regular files on filesystem.
A default filename in DOC_ROOT and its subdirectories.
Defines the base URI of RESTCONF data. All requests for resources inside API_ROOT will be considered as RESTCONF requests. It is usually not needed to change this value. Example:
Same as above, except this is for staging data (data edited by user, but not commited yet).
A value returned in "Server: " header of HTTP response.
A maximum size of incoming data in PUT or POST body (in megabytes), which the server can handle.
If set to true, the Jetconf HTTP server will only accept incoming connections from localhost.
The TCP port of Jetconf server.
If enabled, the user authentication system based on client certificates will be turned off and user data will be parsed from http headers. For instance, this change allows you to run Jetconf behind a load balancer where the TLS connection is terminated and and http request is forwarded to Jetconf server with relevant headers. Can be combined with DBG_DISABLE_CERT.
The location of server SSL certificate in PEM format.
The location of server SSL private key in PEM format.
The location of certification authority certificate, which is used for issuing client certificates.
If enabled, the user authentication system based on client certificates will be turned off and every incoming connection will default to "test-user" username. This should never be turned on in real environment, it is only intended for testing and benchmarking purposes (no HTTP/2 benchmarking tools support client certificates at this moment). Can be combined with DISABLE_SSL.
NACM: ALLOWED_USERS: [firstname.lastname@example.org]
If set to false, NACM rules will not be applied.
[email@example.com] (example, should always be configured)
A list of superusers allowed to edit NACM data.
jetconf_knot backend package
KNOT: SOCKET: /tmp/knot.sock
A path to KnotDNS control socket.