Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Driver listener

Supported keywords:

  • addr
  • crl
  • dns_sock_gid
  • dns_sock_uid
  • max_peers
  • openid_client_id
  • openid_issuer
  • port
  • rate_limiter_burst
  • rate_limiter_expires
  • rate_limiter_rate

Keyword addr

required:    false
scopable:    true

Example:

addr=1.2.3.4

Description:

The ip addr the daemon tls listener must listen on.

Keyword crl

required:    false
scopable:    false
default:     /var/lib/opensvc/certs/ca_crl

Example:

crl=https://crl.opensvc.com

Description:

The URL serving the certificate revocation list.

The default points to the path of the cluster CA CRL in {var}/certs/ca_crl.

Keyword dns_sock_gid

required:    false
scopable:    false
default:     953

Description:

The gid owning the unix socket serving the remote backend to the pdns authoritative server.

Keyword dns_sock_uid

required:    false
scopable:    false
default:     953

Description:

The uid owning the unix socket serving the remote backend to the pdns authoritative server.

Keyword max_peers

required:    false
scopable:    false
convert:     int

Example:

max_peers=8

Description:

Keyword openid_client_id

required:    false
scopable:    false
default:     om3

Description:

The openid client id used by om3-webapp.

Keyword openid_issuer

required:    false
scopable:    false

Example:

openid_issuer=https://keycloak.opensvc.com/auth/realms/clusters

Description:

The base URL of the identity issuer aka provider. It is used to detect the metadata location: openid_issuer/.well-known/openid-configuration.

If set, the http listener will try to validate the Bearer token provided in the requests headers.

If the token is valid,

  • the user name is fetched from the preferred_username claim (fallback on name)

  • the user grant list is obtained by joining the multiple entitlements claims.

The keyword replaced deprecated openid_well_known.

Keyword port

required:    false
scopable:    true
default:     1215
convert:     int

Description:

The port the daemon tls listener must listen on.

In pull action mode, the collector post request to notify there are actions to unqueue. The opensvc daemon executes the dequeue actions node action upon receive.

The listener.port value is sent to the collector on pushasset.

Keyword rate_limiter_burst

required:    false
scopable:    true
default:     100
convert:     int

Description:

The maximum number of inet listener requests to pass at the same moment. It additionally allows a number of requests to pass when rate limit is reached.

Keyword rate_limiter_expires

required:    false
scopable:    true
default:     60s
convert:     duration

Description:

The duration after that a inet listener rate limiter is cleaned up.

Keyword rate_limiter_rate

required:    false
scopable:    true
default:     20
convert:     int

Description:

The rate of inet listener requests allowed to pass per seconds.