Environment Variables for TIBCO OI Hawk RedTail Components
Each component of
TIBCO OI Hawk RedTail can be configured using the environment variables. These environment variables can be provided in a YAML
file.
Hawk Agent Environment Variables
Environment Variable | Description | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
The
Mandatory: No Suggested Value: "none" |
|||||||||
|
The
Mandatory: No Suggested Value: Hostname of |
|||||||||
|
Note: By default, the
auto_config_dir is created in the
hkce_agent container. Since any file or folder created in the container has a transient nature, removing
hkce_agent container might lead to loss of rulebases that were stored in the directory specified in
auto_config_dir . Thus, to avoid this issue, use the Docker volume to persist the rulebases and set the
auto_config_dir to the destination of the Docker volume within the
hkce_agent container.
Mandatory: No Suggested Value: None |
|||||||||
|
Mandatory: No Suggested Value: None |
|||||||||
|
The
Mandatory: No Suggested Value: "default" |
|||||||||
|
The
Mandatory: No Suggested Value: - |
|||||||||
|
The
log_level environment variable identifies the log level. The values of the
log_level environment variable are:
Mandatory: No Suggested Value: 7 |
|||||||||
|
The
Mandatory: No Suggested Value: |
|||||||||
grpc_session
|
The
Mandatory: Yes Suggested Value: |
|||||||||
grpc_max_reconnect_attempts
|
Specifies the number of attempts that must be made by the Hawk agent to re-establish communication with the Hawk RedTail Console using gRPC Transport.
Mandatory: No Suggested Value: 100 |
|||||||||
grpc_reconnect_interval
|
Specifies the interval (in milliseconds) between reconnection attempts
Mandatory: No Suggested Value: 5000 |
|||||||||
Environment Variables for gRPC Transport TLS Configuration | ||||||||||
grpc_enable_tls
|
Specifies whether the communication must be done over TLS for gRPC transport
Mandatory: No Suggested Value: false |
|||||||||
grpc_server_ca
|
Path to truststore containing the certificates of Hawk RedTail Console that the agent is connecting to through gRPC
Mandatory: No Suggested Value: Path to truststore containing the certificates of Hawk RedTail Console that the agent is connecting to through gRPC |
|||||||||
grpc_server_hostname
|
Host name of the
Mandatory: No Suggested Value: Path to the Hawk RedTail Console private key in PKCS8 format |
|||||||||
grpc_client_certificate
|
Path to Hawk agent TLS certificate for the gRPC transport
Mandatory: No Suggested Value: Path to the Hawk agent TLS certificate |
|||||||||
grpc_client_key
|
Path to Hawk agent TLS private key for the gRPC transport Note: PKCS8 is the only supported format for the private key.
Mandatory: No Suggested Value: Path to the Hawk agent private key in PKCS8 format |
|||||||||
Environment Variables for TCP Transport TLS Configuration | ||||||||||
tcp_key_store
|
Path of the key store file.
Mandatory: No Suggested Value: None |
|||||||||
tcp_trust_store
|
Path of the trust store file
Mandatory: No Suggested Value: None |
|||||||||
tcp_key_store_
password
|
Password for the key store file
Mandatory: No Suggested Value: None |
|||||||||
tcp_trust_
store_password
|
Password for the trust store file
Mandatory: No Suggested Value: None |
|||||||||
tcp_key_
password
|
Encrypted key password
Mandatory: No Suggested Value: None |
|||||||||
tcp_ssl_
protocol
|
Protocol for a secure connection
Mandatory: No Suggested Value: TLSv1.2 |
|||||||||
tcp_enabled_
algorithms
|
Algorithm to be used for the security protocol. You can specify multiple algorithms as comma-separated list without space.
Mandatory: No Suggested Value: |
|||||||||
Environment variables for Email Configurations | ||||||||||
|
The
Mandatory: No Suggested Value: None |
|||||||||
|
The
Mandatory: No Suggested Value: 25 |
|||||||||
|
The
Mandatory: No Suggested Value: false |
|||||||||
|
The
Mandatory: No Suggested Value: false |
|||||||||
email_smtp_tls_trust
|
Skips certificate validation of SMTP server. If set to "*", all hosts are trusted hosts. If set to a whitespace separated list of hosts, those hosts are trusted. Otherwise, trust depends on the certificate the server presents.
Mandatory: No Suggested Value: - |
|||||||||
|
The
Mandatory: No Suggested Value: 25 |
|||||||||
|
The
Mandatory: No Suggested Value: None |
|||||||||
|
The
Mandatory: No Suggested Value: None |
ZooKeeper Environment Variables
Port: 9600
Things to consider when configuring the ZooKeeper environment variables:
• | Mount the volume for the path /data/zk/ to persist the ZooKeeper data. |
• | Configure the keystore and truststore cacert by mounting the files to the volume and mapping the keys to the locations given in the zoo.cfg file (/conf/certs ). |
Configure the zoo.cfg
file as following:
dataDir=/data/zk/
# the maximum number of client connections.
# increase this if you need to handle more clients
#maxClientCnxns=500
#
# Be sure to read the maintenance section of the
# administrator guide before turning on autopurge.
#
# http://zookeeper.apache.org/doc/current/zookeeperAdmin.html
#sc_maintenance
#
# The number of snapshots to retain in dataDir
autopurge.snapRetainCount=5
# Purge task interval in hours
# Set to "0" to disable auto purge feature
autopurge.purgeInterval=24
# the port at which the clients will connect
secureClientPort=9600
serverCnxnFactory=org.apache.zookeeper.server.
NettyServerCnxnF
actory
authProvider.x509=org.apache.zookeeper.server.auth.X509Au
thenticationProvider
ssl.keyStore.location=/conf/certs/zookeeper-keystore.p12
ssl.keyStore.password=changeit
ssl.trustStore.location=/conf/certs/zookeeper-truststore.pem
ssl.hostnameVerification=false
ssl.keyStore.type=PKCS12
ssl.trustStore.type=PEM
ssl.clientAuth=need
Hawk RedTail Console Environment Variables
Port: 9687
Environment Variable | Description | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Host and port of ZooKeeper
Mandatory: Yes Suggested Value: |
|||||||||||||||
ZK_CLIENT_KEY_FILE
|
Path to the ZooKeeper client private key
Mandatory: Yes Suggested Value: |
|||||||||||||||
ZK_CLIENT_KEY_PASSWORD
|
Password of the ZooKeeper client key
Mandatory: Yes Suggested Value: |
|||||||||||||||
ZK_CLIENT_CACERT_FILE
|
Path to CA certificate file used for generating the key
Mandatory: Yes Suggested Value: |
|||||||||||||||
ZK_CLIENT_CERT_FILE
|
Path to the ZooKeeper client certificate
Mandatory: Yes Suggested Value: |
|||||||||||||||
ZK_CLIENT_TRUSTSTORE_FILE
|
Path to the ZooKeeper client truststore. This truststore must contain the certificate of the CA which issued the certificate to the ZooKeeper server. The supported truststore types are PEM, PKCS12, and JKS.
To create a PKCS12 trust store without a key and use it as zookeeper, then you must use Java’s keytool utility so that a java based application can understand them. For example: keytool -import -alias mycert -file certificate.pem -keystore truststore.p12 -storetype PKCS12 -storepass password
Mandatory: Yes Suggested Value: |
|||||||||||||||
ZK_CLIENT_TRUSTSTORE_PASSWORD
|
Applicable only if the ZooKeeper trust store is password protected
Mandatory: No Suggested Value: |
|||||||||||||||
ZK_CLIENT_TRUSTSTORE_TYPE
|
Specifies the type of truststore if the file defined in the environment variable
Mandatory: No Suggested Value: |
|||||||||||||||
|
Flag to indicate whether to load variables from environment variables or to use predefined default values
Mandatory: Yes Suggested Value: TRUE |
|||||||||||||||
|
Services after which the
Mandatory: Yes Suggested Value: |
|||||||||||||||
grpc_session_port
|
Port that the Hawk RedTail Console component container uses to listen to incoming transport request from Hawk agents
Mandatory: No Suggested Value: 9697 |
|||||||||||||||
|
The Hawk domain name.
Mandatory: Yes Suggested Value: |
|||||||||||||||
hawk_domain_platform
|
Platform of the domain mentioned in property
Mandatory: No Suggested Value: |
|||||||||||||||
|
The service name of the
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Internal component ID
Mandatory: Yes Suggested Value: machine-0000000000 |
|||||||||||||||
|
Host IP for
Mandatory: Yes Suggested Value: 0.0.0.0 |
|||||||||||||||
|
Listen port for Hawk RedTail Console REST communication
Mandatory: Yes Suggested Value: 9687 |
|||||||||||||||
|
These are JVM properties which can be configured to tune the JVM process For example,
Mandatory: No Suggested Value: <JVM Defaults> |
|||||||||||||||
|
Grafana URL
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Supported Cipher Suites
Mandatory: Yes Suggested Value: |
|||||||||||||||
REST_TLS_PROTOCOL
|
Supported TLS protocols
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Key pair used for setting up REST TLS communication
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Password to key pair used for REST TLS communication
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Certificate used for REST TLS communication
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Certificate of the CA used to sign the REST TLS certificate
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Skip certificate verification
Mandatory: No Suggested Value: false |
|||||||||||||||
|
Skip host name verification
Mandatory: No Suggested Value: true |
|||||||||||||||
|
Path to JWT signing key
Mandatory: No Suggested Value: |
|||||||||||||||
|
Password to JWT signing key
Mandatory: No Suggested Value: |
|||||||||||||||
|
JWT token time to live value (in minutes)
Mandatory: No Suggested Value: 300 |
|||||||||||||||
|
Path to the CA cert which signed Prometheus server certificate. This is required for Prometheus to securely connect with the Hawk RedTail Console for scraping metrics
Mandatory: No Suggested Value: |
|||||||||||||||
|
Common name defined in Prometheus certificate. This is required for Prometheus to securely connect with Hawk RedTail Console for scraping metrics
Mandatory: No Suggested Value: Prometheus |
|||||||||||||||
|
Path to the Grafana CA certificate. This is valid in case where Grafana is secured with TLS
Mandatory: No Suggested Value: NA |
|||||||||||||||
|
Connection URL to PostgreSQL server
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
JDBC class name
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Database user name
Mandatory: Yes Suggested Value: postgres |
|||||||||||||||
|
Database password
Mandatory: Yes Suggested Value: mypassword |
|||||||||||||||
|
Database Connection pool size at start up
Mandatory: No Suggested Value: "10" |
|||||||||||||||
|
Maximum number of idle connections allowed in the database connection pool
Mandatory: No Suggested Value: "20" |
|||||||||||||||
|
Maximum number of active connections allowed in the database connection pool
Mandatory: No Suggested Value: 100 |
|||||||||||||||
|
Path to the database CA certificate. This is valid if PostgreSQL is secured with TLS.
Mandatory: No Suggested Value: |
|||||||||||||||
|
Skip host name verification while communicating with database over TLS
Mandatory: No Suggested Value: true |
|||||||||||||||
|
Skip certificate verification while communicating with database over TLS
Mandatory: No Suggested Value: false |
|||||||||||||||
|
Type of store where the users are stored
Mandatory: Yes Suggested Value: database, ldap |
|||||||||||||||
LDAP Configuration (All variables are mandatory if the variable user_store_type is ldap)
|
||||||||||||||||
|
Host name for the LDAP server
Mandatory: No Suggested Value: NA |
|||||||||||||||
|
Port of the LDAP server
Mandatory: No Suggested Value: NA |
|||||||||||||||
|
Admin user DN
Mandatory: No Suggested Value: NA |
|||||||||||||||
|
Admin user password
Mandatory: No Suggested Value: NA |
|||||||||||||||
|
LDAP Base DN Mandatory: No Suggested Value: NA |
|||||||||||||||
|
Attribute to use as a user name
Mandatory: No Suggested Value: CN |
|||||||||||||||
|
Set to true, if communication with LDAP is over SSL
Mandatory: No Suggested Value: false |
|||||||||||||||
|
Skip LDAP server host name verification
Mandatory: No Suggested Value: true |
|||||||||||||||
|
Path to the CA certificate of LDAP server
Mandatory: No Suggested Value: NA |
|||||||||||||||
TLS Configuration | ||||||||||||||||
|
Path to For example, if Grafana is configured with a reverse proxy using TLS via mutual authentication.
Mandatory: No Suggested Value: NA |
|||||||||||||||
|
Password to
Mandatory: No Suggested Value: NA |
|||||||||||||||
|
Path to
Mandatory: No Suggested Value: NA |
|||||||||||||||
|
Specifies the level of diagnostic information stored in the logs. The following are the logging levels:
Mandatory: No Suggested Value: INFO |
|||||||||||||||
Environment Variables for gRPC Transport TLS Configuration | ||||||||||||||||
grpc_enable_tls
|
Specifies whether TLS should be enabled for gRPC communication
Mandatory: No Suggested Value: false |
|||||||||||||||
grpc_server_certificate
|
Path to the Hawk RedTail Console certificate
Mandatory: No Suggested Value: |
|||||||||||||||
grpc_server_key
|
Path to Hawk RedTail Console private key for the gRPC Transport. Note: PKCS8 is the only supported format for the private key.
Mandatory: No Suggested Value: |
|||||||||||||||
grpc_client_ca
|
Path to truststore containing the certificates of Hawk agents that are connecting to the Hawk RedTail Console through gRPC
Mandatory: No Suggested Value: |
Grafana component Environment Variables
Port: 3000
Environment Variable | Description |
---|---|
waitForServices
|
Specifies the services after which the Grafana component must start
Mandatory: Yes Suggested Value: |
|
When set to Default:
Mandatory: Yes Suggested Value: false |
|
When set to When set to Default:
Mandatory: Yes Suggested Value: true |
|
The role new users are assigned for the main organization (if
Mandatory: Yes Suggested Value: Editor |
|
Set the default UI theme:
Mandatory: Yes Suggested Value: light |
|
Set to true, for Grafana to let a HTTP reverse proxy handle authentication. For TIBCO OI Hawk RedTail, this value must be true.
Mandatory: Yes Suggested Value: true |
|
HTTP Header name that contains the user name
Mandatory: Yes Suggested Value: X-WEBAUTH-USER |
|
HTTP Header property, defaults to
Mandatory: Yes Suggested Value: |
|
Set to
Mandatory: Yes Suggested Value: true |
|
This setting is only used in as a part of the
Mandatory: Yes Suggested Value: |
|
The port to bind to; defaults to 3000
Mandatory: Yes Suggested Value: 3000 |
|
This is the full URL used to access Grafana from a web browser
Mandatory: Yes Suggested Value: |
|
Basic auth is enabled by default and works with built-in Grafana. For TIBCO OI Hawk RedTail, basic auth must be enabled.
Mandatory: Yes Suggested Value: true |
|
Default: When false, the X-Frame-Options: deny HTTP header is set in the Grafana HTTP responses. Thus, browsers do not allow rendering Grafana in <frame>, <iframe>, <embed>, or <object>. For TIBCO OI Hawk RedTail, set this value to
Mandatory: Yes Suggested Value: true |
|
Directory where Grafana automatically scans and looks for plug-ins. Manually or automatically install any plug-ins here.
Mandatory: Yes Suggested Value: |
|
Type of database where Grafana stores all the data
Mandatory: Yes Suggested Value: postgres |
|
Host and IP port of the database
Mandatory: Yes Suggested Value: |
|
Name of the database
Mandatory: Yes Suggested Value: grafana |
|
Database user name
Mandatory: Yes Suggested Value: postgres |
|
Database user password
Mandatory: Yes Suggested Value: |
|
Skips verification of the certificate chain and
Mandatory: Yes Suggested Value: require |
|
Database CA certificate
Mandatory: Yes Suggested Value: |
Query node Environment variables
Port: 9681
Environment Variable | Description | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Host and port of ZooKeeper
Mandatory: Yes Suggested Value: |
|||||||||||||||
ZK_CLIENT_KEY_FILE
|
Path to the ZooKeeper client private key
Mandatory: Yes Suggested Value: |
|||||||||||||||
ZK_CLIENT_KEY_PASSWORD
|
Password of the ZooKeeper client key
Mandatory: Yes Suggested Value: |
|||||||||||||||
ZK_CLIENT_CACERT_FILE
|
Path to CA certificate file used for generating the key
Mandatory: Yes Suggested Value: |
|||||||||||||||
ZK_CLIENT_CERT_FILE
|
Path to the ZooKeeper client certificate
Mandatory: Yes Suggested Value: |
|||||||||||||||
ZK_CLIENT_TRUSTSTORE_FILE
|
Path to the ZooKeeper client truststore. This truststore must contain the certificate of the CA which issued the certificate to the ZooKeeper server. The supported truststore types are PEM, PKCS12, and JKS.
To create a PKCS12 trust store without a key and use it as ZooKeeper, then you must use Java’s keytool utility so that a java based application can understand them. For example: keytool -import -alias mycert -file certificate.pem -keystore truststore.p12 -storetype PKCS12 -storepass password
Mandatory: Yes Suggested Value: |
|||||||||||||||
ZK_CLIENT_TRUSTSTORE_PASSWORD
|
Applicable only if the Zoo Keeper trust store is password protected
Mandatory: No Suggested Value: |
|||||||||||||||
ZK_CLIENT_TRUSTSTORE_TYPE
|
Specifies the type of truststore if the file defined in the environment variable
Mandatory: No Suggested Value: |
|||||||||||||||
|
Flag to indicate whether to load variables from environment variables or to use predefined default values.
Mandatory: Yes Suggested Value: TRUE |
|||||||||||||||
|
Services after which Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Machine identification Recommend value: machine-0000000000.
Mandatory: Yes Suggested Value: machine-0000000000 |
|||||||||||||||
|
Host address of
Mandatory: Yes Suggested Value: 0.0.0.0 |
|||||||||||||||
|
Port on which query listen to HTTP request
Mandatory: Yes Suggested Value: 9681 |
|||||||||||||||
|
Maximum number of search results shown on the search page
Mandatory: Yes Suggested Value: 1000000 |
|||||||||||||||
|
Query Node self host IP which gets registered with ZooKeeper
Mandatory: Yes Suggested Value: 0.0.0.0 |
|||||||||||||||
|
Query Node self port which gets registered with ZooKeeper
Mandatory: Yes Suggested Value: 9620 |
|||||||||||||||
|
Internal cache for storing query results for each cached query
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Defines maximum size of file for H2 file splitting
Mandatory: Yes Suggested Value: 31 |
|||||||||||||||
|
Max number of queries that can be executed concurrently
Mandatory: Yes Suggested Value: 25 |
|||||||||||||||
|
Supported Cipher Suites
Mandatory: Yes Suggested Value: |
|||||||||||||||
REST_TLS_PROTOCOL
|
Supported TLS protocol
Mandatory: Yes Suggested Value: TLSv1.2, TLSv1.3 |
|||||||||||||||
|
Key pair used for setting up REST TLS communication
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Password to key pair used for REST TLS communication
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Certificate used for REST TLS communication
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Certificate of the CA used to sign the REST TLS certificate
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Host name of the Prometheus server
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Port of the Prometheus server
Mandatory: Yes Suggested Value: 9090 |
|||||||||||||||
|
Set to true, if communication with Prometheus server needs to happen over TLS protocol
Mandatory: No Suggested Value: false |
|||||||||||||||
|
CA certificate of Prometheus server
Mandatory: No Suggested Value: |
|||||||||||||||
|
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Mandatory: Yes Suggested Value: 9687 |
|||||||||||||||
|
True, if communication with Prometheus server needs to happen over TLS protocol
Mandatory: Yes Suggested Value: true |
|||||||||||||||
|
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Path to
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Password to
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Path to
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Skip certificate verification
Mandatory: No Suggested Value: false |
|||||||||||||||
|
Skip host name verification
Mandatory: No Suggested Value: true |
|||||||||||||||
|
Mandatory: No Suggested Value: Extracts out public key of the keypair |
|||||||||||||||
|
Specifies the level of diagnostic information stored in the logs. The following are the logging levels:
Mandatory: No Suggested Value: INFO |
|||||||||||||||
|
These are JVM properties which can be configured to tune the JVM process. For example,
Mandatory: No Suggested Value: <JVM Defaults> |
Database node Environment Variables
Port: 5432
Environment Variable | Description | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
Authentication mechanism to be used with the PostgreSQL server
Mandatory: Yes Suggested Value: |
|||||||||
|
PostgreSQL server root user's password
Mandatory: Yes Suggested Value: mypassword |
|||||||||
MYSQL_MIGRATION_SERVER_HOST_PORT
|
Host name and port of the MySQL server from where the data is to be migrated. For migrating the data from MySQL to PostgreSQL ensure that the following conditions are met before starting TIBCO OI Hawk RedTail:
Mandatory: No Suggested Value: |
|||||||||
MYSQL_MIGRATION_SERVER_PASSWORD
|
MySQL server root user's password from where the data is to be migrated
Mandatory: No Suggested Value: mypassword |
/var/lib/postgresql/data
For setting up TLS for accessing PostgreSQL, you need to configure a "special" config file within PostgreSQL: /etc/postgresql/postgresql.conf
.
You can create a new configuration with the following content and map it to /etc/postgresql/postgresql.conf
:
ssl=on
ssl_key_file='/etc/postgresql/certs/db-server-key.pem'
ssl_cert_file='/etc/postgresql/certs/db-server-cert.pem'
ssl_ca_file='/etc/postgresql/certs/db-ca.pem'
hba_file='/etc/postgresql/pg_hba.conf'
The key and certificate are prebuilt in the TIBCO OI Hawk RedTail PostgreSQL image.
You can re-configure the ca, certificate, and key for TLS by mapping the volume:
- ../build-images/build-context/redtail/conf/certs/dbcacert:/etc/postgresql/certs/db-ca.pem
- ../build-images/build-context/redtail/conf/certs/dbkey:/etc/postgresql/certs/db-server-key.pem
- ../build-images/build-context/redtail/conf/certs/dbcertificate:/etc/postgresql/certs/db-server-cert.pem
Prometheus Environment Variables
Port: 9090
Consider the following aspects when configuring the prometheus.yml
file:
• | To persist the Prometheus data, mount the volume for the path: /prometheus . |
• | You can configure the cacert, client certificate and key by mounting the files to the volume and mapping the keys to the locations given in the prometheus.yml file (/etc/prometheus/* ). |
Configure the prometheus.yml
file with the following content:
# Global config global: scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute. evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute. # scrape_timeout is set to the global default (10s). # Alertmanager configuration alerting: alertmanagers: - static_configs: - targets: # - alertmanager:9093 # Load rules once and periodically evaluate them according to the global 'evaluation_interval'. rule_files: # - "first_rules.yml" # - "second_rules.yml" # A scrape configuration containing exactly one endpoint to scrape: # Here it's Prometheus itself. scrape_configs: # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config. - job_name: 'redtailmetrics' scheme: https honor_labels: true tls_config: insecure_skip_verify: true ca_file: '/etc/prometheus/hkc-cacert' cert_file: '/etc/prometheus/prom-certificate' key_file: '/etc/prometheus/prom-key' file_sd_configs: - files: - /etc/hawkprometheus-discovery/hawktargets.json
Prometheus Discovery Service Environment Variables
Environment Variable | Description |
---|---|
|
The certificate which is going to be used for TLS communication with the Hawk RedTail Console
Mandatory: Yes Suggested Value: |
|
The key which is going to be used for TLS communication with the Hawk RedTail Console
Mandatory: Yes Suggested Value: |
hawkconsole_ca
|
The CA certificate of the Hawk RedTail Console
Mandatory: Yes Suggested Value: |
hawkconsole_url
|
URL of the Hawk RedTail Console
Mandatory: Yes Suggested Value: |
target_output_file
|
Path to the file where the discovered Prometheus targets are stored
Mandatory: Yes Suggested Value: |
/redtail/prometheus_discovery/out
.Webapp Environment Variables
Port: 9680
Environment Variable | Description | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Flag to indicate whether to load variables from environment variables or to use predefined default values
Mandatory: Yes Suggested Value: TRUE |
|||||||||||||||
|
Services after which the Webapp starts
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Internal component ID
Mandatory: Yes Suggested Value: machine-0000000000 |
|||||||||||||||
|
Host IP for Webapp REST communication
Mandatory: Yes Suggested Value: 0.0.0.0 |
|||||||||||||||
|
Host port for Webapp REST communication
Mandatory: Yes Suggested Value: 9680 |
|||||||||||||||
|
Grafana URL
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Mandatory: No Suggested Value: Extracts out public key of the key pair |
|||||||||||||||
|
Specifies the level of diagnostic information stored in the logs. The following are the logging levels:
Mandatory: Yes Suggested Value: info |
|||||||||||||||
|
URL IP of Database server. For example, the value of this variable can be following:
Where, - The DB user name and password are set only once, and they are provided at the beginning of the URL. The user name and password should be the same for all hosts. These parameters are optional. They can be empty. - The hosts and ports are a set of keys and values for the different IP addresses where the databases are present. - The DB name is the name of the database that must be accessed.
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
The maximum number of connections that can be created at once
Mandatory: Yes Suggested Value: 5 |
|||||||||||||||
|
Number of milliseconds a client must sit idle in the pool and not be checked out before it is disconnected from the backend and discarded. Default is 10000 (10 seconds) - set to 0 to disable auto-disconnection of idle clients.
Mandatory: Yes Suggested Value: 10000 |
|||||||||||||||
|
True, if communication with database is over TLS
Mandatory: Yes Suggested Value: true |
|||||||||||||||
|
Path to the database CA certificate
Mandatory: No Suggested Value: |
|||||||||||||||
|
Key pair used for setting up REST TLS communication
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Certificate used for REST TLS communication
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Certificate of the CA used to sign the REST TLS certificate
Mandatory: Yes Suggested Value: |
|||||||||||||||
REST_TLS_PROTOCOL
|
Supported TLS protocol
Mandatory: Yes Suggested Value: TLSv1.3 |
|||||||||||||||
|
Password to key pair used for REST TLS communication
Mandatory: Yes Suggested Value: <password> |
|||||||||||||||
|
Supported Cipher suites
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Query node CA certificate. Required for TLS communication with the Query node
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
The
Mandatory: Yes Suggested Value: |
|||||||||||||||
|
Grafana CA certificate. Required for TLS communication with Grafana.
Mandatory: No Suggested Value: |
|||||||||||||||
|
Path for webapp client key. Required for mutual authentication with any other component/ client. For example, if Grafana is configured with a reverse proxy using TLS via mutual authentication.
Mandatory: No Suggested Value: |
|||||||||||||||
|
Path of Webapp client certificate
Mandatory: No Suggested Value: |
|||||||||||||||
|
Password to webapp client key
Mandatory: No Suggested Value: <password> |
|||||||||||||||
TLS_SKIP_CERTIFICATE_VERIFICATION
|
Specifies whether the webapp must skip certificate verification while communicating with other TIBCO OI Hawk RedTail nodes
Mandatory: Yes Suggested Value: false |
|||||||||||||||
TLS_SKIP_HOSTNAME_VERIFICATION
|
Specifies whether the Webapp must skip host name verification while communicating with other TIBCO OI Hawk RedTail nodes
Mandatory: Yes Suggested Value: true |