Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

listener

addr

required:    false
scopable:    true

Example:

addr=1.2.3.4

The ip addr the daemon tls listener must listen on.

crl

required:    false
scopable:    false
default:     /var/lib/opensvc/certs/ca_crl

Example:

crl=https://crl.opensvc.com

The URL serving the certificate revocation list.

The default points to the path of the cluster CA CRL in {var}/certs/ca_crl.

dns_sock_gid

required:    false
scopable:    false
default:     953

The gid owning the unix socket serving the remote backend to the pdns authoritative server.

dns_sock_uid

required:    false
scopable:    false
default:     953

The uid owning the unix socket serving the remote backend to the pdns authoritative server.

openid_client_id

required:    false
scopable:    false
default:     om3

The openid client id used by om3-webapp.

openid_issuer

required:    false
scopable:    false

Example:

openid_issuer=https://keycloak.opensvc.com/auth/realms/clusters

The base URL of the identity issuer aka provider. It is used to detect the metadata location: openid_issuer/.well-known/openid-configuration.

If set, the http listener will try to validate the Bearer token provided in the requests headers.

If the token is valid,

  • the user name is fetched from the preferred_username claim (fallback on name)

  • the user grant list is obtained by joining the multiple entitlements claims.

The keyword replaced deprecated openid_well_known.

port

required:    false
scopable:    true
default:     1215
convert:     int

The port the daemon tls listener must listen on.

In pull action mode, the collector post request to notify there are actions to unqueue. The opensvc daemon executes the dequeue actions node action upon receive.

The listener.port value is sent to the collector on pushasset.

rate_limiter_burst

required:    false
scopable:    true
default:     100
convert:     int

The maximum number of inet listener requests to pass at the same moment. It additionally allows a number of requests to pass when rate limit is reached.

rate_limiter_expires

required:    false
scopable:    true
default:     60s
convert:     duration

The duration after that a inet listener rate limiter is cleaned up.

rate_limiter_rate

required:    false
scopable:    true
default:     20
convert:     int

The rate of inet listener requests allowed to pass per seconds.