3.2. Hub Configuration¶
3.2.1. Settings¶
The main configuration file for Ngenea Hub is at /etc/sysconfig/ngeneahub.
This is an environment file which holds the information required for connecting
to the various backend services.
3.2.1.1. Mandatory Settings¶
Setting |
Description |
|---|---|
DJANGO_SECRET |
Secret string used secure signed data within django |
POSTGRES_DB |
Internal database name |
POSTGRES_USER |
Internal database username |
POSTGRES_PASSWORD |
Internal database password |
3.2.1.2. Optional settings¶
Setting |
Description |
|---|---|
REDIS_HOST |
Address of the Redis queue results store. Defaults to the container service address. |
WORKERS |
The number of gunicorn workers to spawn for serving API requests. Default to 8. |
CONSUMER_TIMEOUT |
The timeout for rabbitmq consumer delivery acknowledgement in seconds. Default: 10800000 (3 hours) |
HUB_PORT |
User configurable hub port |
WEB_BIND_IP |
User configurable web bind IP |
PUBLIC_URL |
User configurable base url for the hub stack to be served from, must not end in a trailing slash. |
WORKER_THREADS |
The default number of celery concurrency threads to deal with multiple queued tasks for all celery based containers. This can be overwritten by container specific settings. Defaults to 2. |
CELERY_THREADS |
The number of main celery container concurrency threads to deal with multiple queued internal tasks. More threads means that more internal tasks and system tasks can run in parallel. |
DAG_THREADS |
The number of celery-dag container concurrency threads to deal with multiple queued DAG based tasks. Defaults to 7. More threads result in faster task resolutions for all job types and more frequent job updates. |
EVENT_THREADS |
The number of celery-events container concurrency threads to deal with multiple queued event reporting tasks. More threads ensure that snapdiff events can be reported to the hub faster. |
RESULT_THREADS |
The number of celery-results container concurrency threads to deal with multiple queued result reporting tasks. More threads mean streamed task results can report the the hub faster. |
HEARTBEAT |
(bool) Key for Disabling/Enabling celery heartbeats, default: true (enabled) |
GOSSIP |
(bool) Key for Disabling/Enabling celery gossip, default: false (disabled) |
MINGLE |
(bool) Key for Disabling/Enabling celery mingle, default: false (disabled) |
REDIS_HEALTH_CHECK_INTERVAL |
(int) The Redis backend supports health checks. This value must be set as an integer whose value is the number of seconds between health checks. default: 60 |
REDIS_TCP_BACKLOG |
(int) In high requests-per-second environments you need a high backlog in order to avoid slow client connections issues to redis. Default: 511 |
REDIS_SOCKET_TIMEOUT |
(int) When there are network issues redis backend connection sockets can become stale, this timeout setting will reset the socket connection after this value in seconds after becoming idle and resume operation. Default: 60 |
CELERY_SOCKET_TIMEOUT |
(int) When there are network issues redis broker sockets can become stale, this timeout setting will re-acquire the socket after becoming idle for this value in seconds and resume operation. Default: 60 |
CELERY_CONNECTION_TIMEOUT |
(int) When there are network issues redis broker connection via the acquired sockets can become stale, this timeout setting will reset the connection after becoming idle for this value in seconds and resume operation. Default: 60 |
EXPIRE_OLD_JOBS_INTERVAL |
(cron) schedule for when old job expiration will be run. When the task runs, jobs older than the configured jobs_ttl will be expired. Default: 0 0 * * * (minutes can be random from 0-59) |
REMOVE_OLD_SEARCH_RESULTS_INTERVAL |
(cron) schedule for when search result removal will run. When the task runs, search results older than the configured search_result_ttl will be expired. Default: 0 0 * * * (minutes can be random from 0-59) |
INVALIDATE_CANCELLED_JOB_TASKS_INTERVAL |
(cron) schedule for when cancelled jobs are revoked. When the task runs, any tasks still active in a cancelled job will be automatically cancelled. Default: 0 * * * * (minutes can be random from 0-59) |
CLEANUP_OLD_EVENTS_INTERVAL |
(cron) schedule for when old snapdiff events will be cleaned up. When the task runs, events for all but the 2 most recent completed snapdiff jobs per workflow will be deleted. Default: 0 * * * * (minutes can be random from 0-59) |
INACTIVE_TASKS_INTERVAL |
(cron) schedule for when inactive tasks will be invalidated. When the task runs, any STARTED task which is not actually running in a worker will be marked as FAILED. Default: 0 * * * * (minutes can be random from 0-59) |
SYNC_SITE_SETTINGS_INTERVAL |
(cron) schedule for when sync of the site settings will be run. When the task runs, the site settings will be created or updated in the DB. Default: 0 * * * * (minutes can be random from 0-59) |
SYNC_GLOBAL_SETTINGS_INTERVAL |
(cron) schedule for when sync of the global settings will be run. When the task runs, the global settings will be sent to sites to be in sync. Default: 0 * * * * (minutes can be random from 0-59) |
REFRESH_SITE_ANALYTICS_INTERVAL |
(cron) schedule for when refresh of the site analytics will be run. When the task runs, refresh of site analytics will be triggered. Default: 37 */12 * * * |
SYNC_STORAGE_POOLS_INTERVAL |
(cron) schedule for when sync of the storage pools will be run. When the task runs, storage pools will be synced. Default: */30 * * * * |
SYNC_REMOTE_SERVERS_INTERVAL |
(cron) schedule for when sync of the remote servers will be run. When the task runs, remote servers will be synced. Default: 0 0 * * * (minutes can be random from 0-59) |
SYNC_SPACES_QUOTA_INTERVAL |
(cron) schedule for when sync of the spaces' quotas will be run. When the task runs, spaces' quotas will be synced. Default: */30 * * * * |
SYNC_SPACES_INTERVAL |
(cron) schedule for when sync of spaces will be run. When the task runs, spaces will be synced. Default: 0 * * * * (minutes can be random from 0-59) |
SYNC_ALERTS_INTERVAL |
(cron) schedule for when sync of alerts will be run. When the task runs, alerts will be fetched from all sites. Default: * * * * * |
3.2.2. Enabling LDAP/Active Directory Authentication¶
To enable LDAP/Active Directory Authentication, provide the following settings in the /etc/sysconfig/ngeneahub configuration file.
Setting |
Description |
|---|---|
LDAP_ENABLED |
(bool) Key for Disabling/Enabling LDAP/Active Directory Authentication. default: false (disabled) |
LDAP_HOSTNAME |
The hostname of the LDAP/AD server |
LDAP_USERNAME |
The username to use for the LDAP/AD bind |
LDAP_PASSWORD |
The LDAP/AD bind password |
LDAP_USER_SEARCH |
An LDAPSearch object that identifies the set of relevant user objects. E.G. cn=Users,dc=MYDOMAIN,dc=MYCOMPANY,dc=COM |
LDAP_GROUP_SEARCH |
An LDAPSearch object that identifies the set of relevant group object. E.G. ou=Security,ou=OurGroups,dc=MYCOMAIN,dc=MYCOMPANY,dc=COM |
LDAP_MIRROR_GROUPS |
(bool) If AUTH_LDAP_MIRROR_GROUPS is True, then every time a user logs in, LDAPBackend will update the database with the user’s LDAP groups. default: false (disabled) |
3.2.3. Server Configurations¶
Some settings are stored in the Ngenea Hub DB.
They can be viewed and changed via the REST API /api/configurations/ endpoint.
See Configuration for more details.
3.2.4. Docker Compose configuration¶
The docker-compose file is stored in /usr/share/ngeneahub/docker/docker-compose.yml.
This can be extended by creating an override file at /usr/share/ngeneahub/docker/docker-compose.override.yml.