Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

listener

addr

required:    false
scopable:    true

Example:

addr=1.2.3.4

The ip addr the daemon tls listener must listen on.

crl

required:    false
scopable:    false
default:     /var/lib/opensvc/certs/ca_crl

Example:

crl=https://crl.opensvc.com

The URL serving the certificate revocation list.

The default points to the path of the cluster CA CRL in {var}/certs/ca_crl.

dns_sock_gid

required:    false
scopable:    false
default:     953

The gid owning the unix socket serving the remote backend to the pdns authoritative server.

dns_sock_uid

required:    false
scopable:    false
default:     953

The uid owning the unix socket serving the remote backend to the pdns authoritative server.

openid_client_id

required:    false
scopable:    false
default:     om3

The openid client id used by om3-webapp.

openid_issuer

required:    false
scopable:    false

Example:

openid_issuer=https://keycloak.opensvc.com/auth/realms/clusters

The base URL of the identity issuer aka provider. It is used to detect the metadata location: openid_issuer/.well-known/openid-configuration.

If set, the http listener will try to validate the Bearer token provided in the requests headers.

If the token is valid,

  • the user name is fetched from the preferred_username claim (fallback on name)

  • the user grant list is obtained by joining the multiple entitlements claims.

The keyword replaced deprecated openid_well_known.

port

required:    false
scopable:    true
default:     1215
convert:     int

The port the daemon tls listener must listen on.

In pull action mode, the collector post request to notify there are actions to unqueue. The opensvc daemon executes the dequeue actions node action upon receive.

The listener.port value is sent to the collector on pushasset.