OpenSVC

listener

addr

required:    false
scopable:    true
default:     The ipaddr resolved for the nodename.

Example:

addr = 1.2.3.4

The addr to use to connect a peer. Use scoping to define each non-default address.

crl

required:    false
scopable:    false
default:     /var/lib/opensvc/certs/ca_crl

Example:

crl = https://crl.opensvc.com

The URL serving the certificate revocation list.

The default points to the path of the cluster CA CRL in {var}/certs/ca_crl.

dns_sock_gid

required:    false
scopable:    false
default:     953

The gid owning the unix socket serving the remote backend to the pdns authoritative server.

dns_sock_uid

required:    false
scopable:    false
default:     953

The uid owning the unix socket serving the remote backend to the pdns authoritative server.

openid_well_known

required:    false
scopable:    false

Example:

openid_well_known = https://keycloak.opensvc.com/auth/realms/clusters/.well-known/openid-configuration

The URL serving the well-known configuration of an openid provider.

If set, the http listener will try to validate the Bearer token provided in the requests headers.

If the token is valid,

the user name is fetched from the preferred_username claim (fallback on name)
the user grant list is obtained by joining the multiple grant claims.

port

required:    false
scopable:    true
default:     1215
convert:     int

The port the daemon tls listener must listen on.

In pull action mode, the collector post request to notify there are actions to unqueue. The opensvc daemon executes the dequeue actions node action upon receive.

The listener.port value is sent to the collector on pushasset.