... | @@ -3,7 +3,7 @@ The configuraton file of Jetconf is formatted in YAML with a simple, 2-level onl |
... | @@ -3,7 +3,7 @@ The configuraton file of Jetconf is formatted in YAML with a simple, 2-level onl |
|
|
|
|
|
## Common sections
|
|
## Common sections
|
|
### Section "GLOBAL":
|
|
### Section "GLOBAL":
|
|
```
|
|
```yaml
|
|
GLOBAL:
|
|
GLOBAL:
|
|
TIMEZONE: GMT
|
|
TIMEZONE: GMT
|
|
LOGFILE: -
|
|
LOGFILE: -
|
... | @@ -17,68 +17,68 @@ GLOBAL: |
... | @@ -17,68 +17,68 @@ GLOBAL: |
|
BACKEND_PACKAGE: jetconf_jukebox
|
|
BACKEND_PACKAGE: jetconf_jukebox
|
|
```
|
|
```
|
|
|
|
|
|
```
|
|
```yaml
|
|
TIMEZONE
|
|
TIMEZONE:
|
|
```
|
|
```
|
|
*Default:* `GMT`
|
|
*Default:* `GMT`
|
|
A timezone of the Jetconf server. This is necessary because all timestamps returned in HTTP response headers need to be returned in GMT.
|
|
A timezone of the Jetconf server. This is necessary because all timestamps returned in HTTP response headers need to be returned in GMT.
|
|
|
|
|
|
```
|
|
```yaml
|
|
LOGFILE
|
|
LOGFILE:
|
|
```
|
|
```
|
|
*Default:* `-`
|
|
*Default:* `-`
|
|
A location of Jetconf's log file. This can be either a path on the filesystem or a "-". If configured as a "-", Jetconf server will run in foreground and all logging information will be written to stdout (suitable for testing).
|
|
A location of Jetconf's log file. This can be either a path on the filesystem or a "-". If configured as a "-", Jetconf server will run in foreground and all logging information will be written to stdout (suitable for testing).
|
|
|
|
|
|
```
|
|
```yaml
|
|
PIDFILE:
|
|
PIDFILE:
|
|
```
|
|
```
|
|
*Default:* `/tmp/jetconf.pid`
|
|
*Default:* `/tmp/jetconf.pid`
|
|
A location of Jetconf's process ID file.
|
|
A location of Jetconf's process ID file.
|
|
|
|
|
|
```
|
|
```yaml
|
|
PERSISTENT_CHANGES
|
|
PERSISTENT_CHANGES:
|
|
```
|
|
```
|
|
*Default:* `true`
|
|
*Default:* `true`
|
|
This option specifies if the changes commited to datastore will also be synchronized to the filesystem (JSON file defined by the DATA_JSON_FILE option). It should be set to true in most cases, but can be turned off for i.e. testing purposes. If turned off, the Jetconf datastore will contain exactly the same initial data at every startup.
|
|
This option specifies if the changes commited to datastore will also be synchronized to the filesystem (JSON file defined by the DATA_JSON_FILE option). It should be set to true in most cases, but can be turned off for i.e. testing purposes. If turned off, the Jetconf datastore will contain exactly the same initial data at every startup.
|
|
|
|
|
|
```
|
|
```yaml
|
|
LOG_LEVEL
|
|
LOG_LEVEL:
|
|
```
|
|
```
|
|
*Default:* `info`
|
|
*Default:* `info`
|
|
Defines the Jetconf's log verbosity. Possible values are: `debug`, `info`, `warning` and `error`.
|
|
Defines the Jetconf's log verbosity. Possible values are: `debug`, `info`, `warning` and `error`.
|
|
|
|
|
|
```
|
|
```yaml
|
|
LOG_DBG_MODULES
|
|
LOG_DBG_MODULES:
|
|
```
|
|
```
|
|
*Default:* `[*]`
|
|
*Default:* `[*]`
|
|
When LOG_LEVEL is set to "debug", this options defines list of Python modules which will write out debugging information. This is useful to prevent flooding the log with debugging messages from irrelevant modules. I.e. when debugging "usr_conf_data_handlers" module, you may not be interested with debug information from the "nacm". Can be set to wildcard `*`.
|
|
When LOG_LEVEL is set to "debug", this options defines list of Python modules which will write out debugging information. This is useful to prevent flooding the log with debugging messages from irrelevant modules. I.e. when debugging "usr_conf_data_handlers" module, you may not be interested with debug information from the "nacm". Can be set to wildcard `*`.
|
|
|
|
|
|
```
|
|
```yaml
|
|
YANG_LIB_DIR
|
|
YANG_LIB_DIR:
|
|
```
|
|
```
|
|
*Default:* `yang-data/`
|
|
*Default:* `yang-data/`
|
|
Specifies the location of YANG library. This is the directory containing .yang files, it must also contain the "yang-library-data.json" file with configuration and description of all present YANG modules (see example).
|
|
Specifies the location of YANG library. This is the directory containing .yang files, it must also contain the "yang-library-data.json" file with configuration and description of all present YANG modules (see example).
|
|
|
|
|
|
```
|
|
```yaml
|
|
DATA_JSON_FILE
|
|
DATA_JSON_FILE:
|
|
```
|
|
```
|
|
*Default:* `data.json`
|
|
*Default:* `data.json`
|
|
A path to JSON file containing the datastore data. This file will be loaded at Jetconf startup. If PERSISTENT_CHANGES is set to true, all changes made to the datastore will be also stored to this file.
|
|
A path to JSON file containing the datastore data. This file will be loaded at Jetconf startup. If PERSISTENT_CHANGES is set to true, all changes made to the datastore will be also stored to this file.
|
|
|
|
|
|
```
|
|
```yaml
|
|
VALIDATE_TRANSACTIONS
|
|
VALIDATE_TRANSACTIONS:
|
|
```
|
|
```
|
|
*Default:* `true`
|
|
*Default:* `true`
|
|
This option defines if the datastore data should be validated according to YANG data model after a transaction is commited. It should be set to true except for testing and debugging purposes.
|
|
This option defines if the datastore data should be validated according to YANG data model after a transaction is commited. It should be set to true except for testing and debugging purposes.
|
|
|
|
|
|
```
|
|
```yaml
|
|
BACKEND_PACKAGE
|
|
BACKEND_PACKAGE:
|
|
```
|
|
```
|
|
*Default:* `jetconf_jukebox`
|
|
*Default:* `jetconf_jukebox`
|
|
This option selects the package with backend bindings that Jetconf will use. An exact name of the Python package has to be specified here, and also the package has to be installed in Python's environment.
|
|
This option selects the package with backend bindings that Jetconf will use. An exact name of the Python package has to be specified here, and also the package has to be installed in Python's environment.
|
|
|
|
|
|
### Section "HTTP_SERVER":
|
|
### Section "HTTP_SERVER":
|
|
```
|
|
```yaml
|
|
HTTP_SERVER:
|
|
HTTP_SERVER:
|
|
DOC_ROOT: doc-root
|
|
DOC_ROOT: doc-root
|
|
DOC_DEFAULT_NAME: index.html
|
|
DOC_DEFAULT_NAME: index.html
|
... | @@ -88,92 +88,106 @@ HTTP_SERVER: |
... | @@ -88,92 +88,106 @@ HTTP_SERVER: |
|
UPLOAD_SIZE_LIMIT: 1
|
|
UPLOAD_SIZE_LIMIT: 1
|
|
LISTEN_LOCALHOST_ONLY: False
|
|
LISTEN_LOCALHOST_ONLY: False
|
|
PORT: 8443
|
|
PORT: 8443
|
|
|
|
DISABLE_SSL: False
|
|
SERVER_SSL_CERT: server.crt
|
|
SERVER_SSL_CERT: server.crt
|
|
SERVER_SSL_PRIVKEY: server.key
|
|
SERVER_SSL_PRIVKEY: server.key
|
|
CA_CERT: ca.pem
|
|
CA_CERT: ca.pem
|
|
DBG_DISABLE_CERTS: False
|
|
DBG_DISABLE_CERTS: False
|
|
```
|
|
```
|
|
|
|
|
|
```
|
|
```yaml
|
|
DOC_ROOT
|
|
DOC_ROOT:
|
|
```
|
|
```
|
|
*Default:* `doc-root`
|
|
*Default:* `doc-root`
|
|
A root directory where regular files will be placed. All HTTP GET requests outside API_ROOT are considered as requests for regular files on filesystem.
|
|
A root directory where regular files will be placed. All HTTP GET requests outside API_ROOT are considered as requests for regular files on filesystem.
|
|
|
|
|
|
```
|
|
```yaml
|
|
DOC_DEFAULT_NAME
|
|
DOC_DEFAULT_NAME:
|
|
```
|
|
```
|
|
*Default:* `index.html`
|
|
*Default:* `index.html`
|
|
A default filename in DOC_ROOT and its subdirectories.
|
|
A default filename in DOC_ROOT and its subdirectories.
|
|
|
|
|
|
```
|
|
```yaml
|
|
API_ROOT
|
|
API_ROOT:
|
|
```
|
|
```
|
|
*Default:* `/restconf`
|
|
*Default:* `/restconf`
|
|
Defines the base URI of RESTCONF data. All requests for resources inside API_ROOT will be considered as RESTCONF requests. It is usually not needed to change this value. Example: `/restconf` -> `https://localhost/restconf/ns:some_resouce`
|
|
Defines the base URI of RESTCONF data. All requests for resources inside API_ROOT will be considered as RESTCONF requests. It is usually not needed to change this value. Example: `/restconf` -> `https://localhost/restconf/ns:some_resouce`
|
|
|
|
|
|
```
|
|
```yaml
|
|
API_ROOT_STAGING
|
|
API_ROOT_STAGING:
|
|
```
|
|
```
|
|
*Default:* `/restconf_staging`
|
|
*Default:* `/restconf_staging`
|
|
Same as above, except this is for staging data (data edited by user, but not commited yet).
|
|
Same as above, except this is for staging data (data edited by user, but not commited yet).
|
|
|
|
|
|
```
|
|
```yaml
|
|
SERVER_NAME
|
|
SERVER_NAME:
|
|
```
|
|
```
|
|
*Default:* `jetconf-h2`
|
|
*Default:* `jetconf-h2`
|
|
A value returned in "Server: " header of HTTP response.
|
|
A value returned in "Server: " header of HTTP response.
|
|
|
|
|
|
```
|
|
```yaml
|
|
UPLOAD_SIZE_LIMIT
|
|
UPLOAD_SIZE_LIMIT:
|
|
```
|
|
```
|
|
*Default:* `1`
|
|
*Default:* `1`
|
|
A maximum size of incoming data in PUT or POST body (in megabytes), which the server can handle.
|
|
A maximum size of incoming data in PUT or POST body (in megabytes), which the server can handle.
|
|
|
|
|
|
```
|
|
```yaml
|
|
LISTEN_LOCALHOST_ONLY
|
|
LISTEN_LOCALHOST_ONLY:
|
|
```
|
|
```
|
|
*Default:* `false`
|
|
*Default:* `false`
|
|
If set to true, the Jetconf HTTP server will only accept incoming connections from localhost.
|
|
If set to true, the Jetconf HTTP server will only accept incoming connections from localhost.
|
|
|
|
|
|
```
|
|
```yaml
|
|
PORT
|
|
PORT:
|
|
```
|
|
```
|
|
*Default:* `8443`
|
|
*Default:* `8443`
|
|
The TCP port of Jetconf server.
|
|
The TCP port of Jetconf server.
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
DISABLE_SSL:
|
|
```
|
|
```
|
|
SERVER_SSL_CERT
|
|
*Default:* `false`
|
|
|
|
If enabled, the user authentication system based on client certificates will be turned off and user data will be parsed from http headers. For instance, this change allows you to run Jetconf behind a load balancer where the TLS connection is terminated and and http request is forwarded to Jetconf server with relevant headers. Can be combined with DBG_DISABLE_CERT.
|
|
|
|
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
SERVER_SSL_CERT:
|
|
```
|
|
```
|
|
*Default:* `server.crt`
|
|
*Default:* `server.crt`
|
|
The location of server SSL certificate in PEM format.
|
|
The location of server SSL certificate in PEM format.
|
|
|
|
|
|
```
|
|
```yaml
|
|
SERVER_SSL_PRIVKEY
|
|
SERVER_SSL_PRIVKEY:
|
|
```
|
|
```
|
|
*Default:* `server.key`
|
|
*Default:* `server.key`
|
|
The location of server SSL private key in PEM format.
|
|
The location of server SSL private key in PEM format.
|
|
|
|
|
|
```
|
|
```yaml
|
|
CA_CERT
|
|
CA_CERT:
|
|
```
|
|
```
|
|
*Default:* `ca.pem`
|
|
*Default:* `ca.pem`
|
|
The location of certification authority certificate, which is used for issuing client certificates.
|
|
The location of certification authority certificate, which is used for issuing client certificates.
|
|
|
|
|
|
```
|
|
```yaml
|
|
DBG_DISABLE_CERTS
|
|
DBG_DISABLE_CERTS:
|
|
```
|
|
```
|
|
*Default:* `false`
|
|
*Default:* `false`
|
|
If enabled, the user authentication system based on client certificates will be turned off and every incoming connection will default to "test-user" username. This should never be turned on in real environment, it is only intended for testing and benchmarking purposes (no HTTP/2 benchmarking tools support client certificates at this moment).
|
|
If enabled, the user authentication system based on client certificates will be turned off and every incoming connection will default to "test-user" username. This should never be turned on in real environment, it is only intended for testing and benchmarking purposes (no HTTP/2 benchmarking tools support client certificates at this moment). Can be combined with DISABLE_SSL.
|
|
|
|
|
|
### Section "NACM":
|
|
### Section "NACM":
|
|
```
|
|
```yaml
|
|
NACM:
|
|
NACM:
|
|
ALLOWED_USERS: [lojza@mail.tld]
|
|
ALLOWED_USERS: [lojza@mail.tld]
|
|
```
|
|
```
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
ENABLED:
|
|
```
|
|
```
|
|
ALLOWED_USERS
|
|
*Default:* `true`
|
|
|
|
If set to false, NACM rules will not be applied.
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
ALLOWED_USERS:
|
|
```
|
|
```
|
|
*Default:* `[lojza@mail.tld]` (example, should always be configured)
|
|
*Default:* `[lojza@mail.tld]` (example, should always be configured)
|
|
A list of superusers allowed to edit NACM data.
|
|
A list of superusers allowed to edit NACM data.
|
... | @@ -182,13 +196,13 @@ A list of superusers allowed to edit NACM data. |
... | @@ -182,13 +196,13 @@ A list of superusers allowed to edit NACM data. |
|
## Application-specific sections
|
|
## Application-specific sections
|
|
### Section "KNOT":
|
|
### Section "KNOT":
|
|
Required by `jetconf_knot` backend package
|
|
Required by `jetconf_knot` backend package
|
|
```
|
|
```yaml
|
|
KNOT:
|
|
KNOT:
|
|
SOCKET: /tmp/knot.sock
|
|
SOCKET: /tmp/knot.sock
|
|
```
|
|
```
|
|
|
|
|
|
```
|
|
```yaml
|
|
SOCKET
|
|
SOCKET:
|
|
```
|
|
```
|
|
*Default:* `/tmp/knot.sock`
|
|
*Default:* `/tmp/knot.sock`
|
|
A path to KnotDNS control socket. |
|
A path to KnotDNS control socket. |