Skip to main content
Version: Next

Environment variables

To configure the Orchestrator, you can set the following environment variables, which should be passed to the Orchestrator container. The following list provides an overview of the available environment variables and their default values.

General parameters

  • LOG_LEVEL : Configure the root level of logs. The values follow the available Log4j2 levels. The default value is INFO.
  • LOGS_MONITOR_INTERVAL : The minimum time interval, in seconds, for checking changes in the log4j2 file configuration. The default value is 60 seconds.
  • DEBUG_MODE : Provides a way to start the orchestrator in debug mode, which allows a remote debugging. The default value is false.
  • TRANSACTION_DEBUG_MODE_ENABLED : Enables or disables transaction debug mode. When enabled, each operation is executed individually, and it checks if any changes were applied to the database. The default setting is false.
  • PERMISSION_CHECK_ENABLED : Enables or disables check of permissions for all requests. The default value is true.
  • VALIDITY_CHECK_ENABLED : Enables or disables the validity checker. The default value is false.
  • VERTX_OPTIONS_WORKER_POOL_SIZE : Sets the maximum number of worker threads that the Vert.x instance can use. These threads are dedicated to executing blocking code and running worker verticles. The default value is 20.
  • VERTX_OPTIONS_INTERNAL_BLOCKING_POOL_SIZE : Sets the maximum number of threads in the internal blocking pool, which is used for executing blocking operations. The default value is 20.
  • ACTIVITY_TIMEOUT : Specifies the user token timeout in milliseconds. If the user remains inactive, the token will be removed after this period. By default, the timeout is set to 28,800,000 milliseconds (8 hours).
  • ALLOWED_WS_ORIGINS : Allowed domains to connect to the WebSocket. By default, all HTTPS domains are allowed by setting the value to '.*' If you want to allow all domains (both with and without TLS), you can use the |. regular expression as the value. To allow only the example.olympe.io domain (with TLS only), set the value to example.olympe.io.
  • HEALTH_CHECK_PORT : The port of the health check service. By default, the port is set to 8082.
  • SESSION_RECOVERY_TIMEOUT : When a user loses the WebSocket connection, their session can be recovered within a specified timeout period. After this timeout, the session will be removed. The default value is 15,000 ms.
  • GENERIC_POOL_NUMBER_OF_EVENT_LOOP_THREADS : Configure the number of threads for the event loop. This determines how many threads the driver can use to handle network I/O and user events within the driver's I/O threads. By default, the number of threads is set to the number of available processor cores (NumberOfProcessors).
  • USER_EVENTS_ENABLED : Define if the user events feature is activated. The default value is true.

Database parameters

  • DB_HOSTNAME : You can configure the host where Neo4j is installed. By default, the value is set to host.docker.internal, which currently works only on macOS. This setting indicates that Neo4j is installed on the host machine via Docker.
  • DB_URI_SCHEME : The database connection schema. By default bolt.
  • DB_PORT : The neo4j port. Default value is 7687.
  • DB_USER : The username to connect to Neo4j. The default value is : neo4j
  • DB_PASSWORD : The password to connect to Neo4j. The default value is : neo4j
  • DB_NAME : The Neo4j database name. Default value is : neo4j.
  • LOG_NEO4J_LEAKED_SESSIONS : Enable logging for leaked Neo4j sessions. This feature is primarily intended for use in testing environments to diagnose session leaks. When enabled, it introduces additional overhead due to object finalization. The default value is true.
  • GENERIC_POOL_MAX_CONNECTION_POOL_SIZE : Configure the maximum number of connections in the connection pool for a single database. For a direct driver (created with a bolt URI), this setting limits the total number of connections in the pool. For a routing driver (created with a neo4j URI), it restricts the number of connections per cluster member. The default value is 50.
  • GENERIC_POOL_CONNECTION_ACQUISITION_TIMEOUT : Set the maximum time (in milliseconds) a connection acquisition attempt can wait to obtain a connection from the pool. This timeout is triggered when all existing connections are in use, and no additional connections can be created due to reaching the maximum pool size. The default value is 60000 milliseconds (60 seconds).
  • GENERIC_POOL_FETCH_SIZE : Specify how many records to fetch in each batch. Default value is 500.
  • WAIT_FOR_NEO4J : Wait for n seconds for neo4j before timeout (default 60s).
  • DB_RESET_OLYMPE_PROC : Set to true if the neo4j procedures should be use to reset database.
  • DB_RESET_OLYMPE_PROC_BATCH_SIZE : Set the batch size of the reset DB procedure.

Broker parameters

  • RABBITMQ_HOST : The Rabbitmq host to use for connections. By default it is "localhost".
  • RABBITMQ_PORT : The Rabbitmq port to use for connections. By default it is 5672.
  • RABBITMQ_ORCHESTRATOR_USER : he AMQP username to use when connecting to the broker. The default value is guest, but this can only be used for connections originating from localhost.
  • RABBITMQ_ORCHESTRATOR_PASSWORD : The password to use when connecting to the broker. By default it is guest
  • RABBITMQ_ORCHESTRATOR_VHOST : The virtual host to use when connecting to the broker.By default it is set to /.
  • RABBITMQ_VIRTUAL_HOST : The virtual host of the project.By default it is set to /.
  • RABBITMQ_USER_EVENT_VIRTUAL_HOST : The virtual host to use when connecting to the broker for user events.By default it is set to user-events.
  • RABBITMQ_QUEUE_TYPE : The type of queues declared by the orchestrator. Default value is quorum.
  • RABBITMQ_QUEUE_TTL : If a queue is not used by any consumer, it will be removed after this timeout in miliseconds. Default value is 600000ms.
  • RABBITMQ_SESSION_QUEUE_LENGTH_LIMIT : Set the max message length for session queues. Default value is 1000 messages.
  • RABBITMQ_CLIENT_PREFETCH_SIZE : The RabbitMQ prefetch value determines the number of messages sent to a client at the same time. These messages are cached by the RabbitMQ client (specifically, in the consumer) until they are processed. The value is applied per consumer. A prefetch value of 0 allows unlimited message delivery, but this can cause the client to exhaust memory and potentially crash. The default value is 100.
  • RABBITMQ_CONNECTION_TIMEOUT : Sets the rabbitMQ client TCP connection timeout, in milliseconds, zero for infinite. Default value is 120000ms.
  • RABBITMQ_AUTOMATIC_RECOVERY : Enable or disable the automatic recovery of connections and topology (queues, exchanges, bindings, and consumers). Default value is true.
  • RABBITMQ_RECOVERY_INTERVAL : Sets how long in milliseconds will automatic recovery wait before attempting to reconnect. Default value is 5000ms.
  • RABBITMQ_NUMBER_OF_CONNECTION_RETRIES : Sets the number of connection retries to attempt when connecting, the null value disables it. Default value is 60.
  • RABBITMQ_CONNECTION_RETRY_DELAY : Sets the delay in milliseconds between connection retries. Default value is 10000ms.
  • RABBITMQ_HANDSHAKE_TIMEOUT : Sets the AMQP 0-9-1 protocol handshake timeout, in milliseconds. Default value is 10000.
  • RABBITMQ_ALLOW_GUEST_USER_AUTHENTICATION : Specifies whether a Guest user is allowed to connect to the message bus from the application. By default, this option is set to false.
  • RABBITMQ_HEARTBEAT_INTERVAL : The bus heartbeat interval. The default value is 60s.
  • STATUS_MAX_RABBIT_MQ_RETRY_COUNT : Defines the number of reconnection attempts the orchestrator will make before marking the bus as down. If the orchestrator fails to establish a connection after the specified number of retries, it will consider the bus unavailable. The default retry count is set to 5.

Gateway parameters

  • GATEWAY_SERVICE_TOKEN_REFRESH_DELAY : The delay in milliseconds between two refresh token requests. This delay acts as a buffer to avoid refreshing the session token too frequently. The default value is 10,000 milliseconds (10 seconds).
  • GATEWAY_SERVICE_EXTRA_DURATION_BEFORE_WS_DISCONNECT : Extra delay in milliseconds after a session has timed out, after which the WebSocket connection is definitively closed. The default value is 300 000 milliseconds (5 minutes).
  • GET_CONTEXT_MAX_CONCURRENT_CALLS : The maximum limit of concurrent calls to the GetContext service. The default value is 5.
  • GET_CONTEXT_LIMIT_RATE_IN_SECONDS : The rate limit for calls per second to the GetContext service. The default value is 10 requests per second.
  • GRAPHDEF_MAX_CONCURRENT_CALLS : The maximum limit of concurrent calls to the Query service. The default value is 20.
  • GRAPHDEF_LIMIT_RATE_IN_SECONDS : The rate limit for calls per second to the GetContext service. The default value is 500 requests per second.
  • HTTP_COMPRESSION_LEVEL : The compression level for HTTP responses. Default value is 2
  • MAX_WEBSOCKET_FRAME_SIZE : The maximum WebSocket frames size in Bytes. Default value is 65536
  • MAX_WEBSOCKET_MESSAGE_SIZE : The maximum allowable message size in bytes, with a default value of 262,144 bytes. Before increasing this limit, carefully assess whether it is absolutely necessary. Larger transactions transmitted via WebSocket can significantly impact the performance of the Orchestrator, as it must process and compute notifications for these transactions, potentially leading to slower system performance.
  • MAX_HTTP_FORM_ATTRIBUTE_SIZE : The parameter refers to the maximum size (in bytes) allowed for a single attribute in an HTTP form submission. The default value is 102400b.

Authentication

  • ACTIVITY_TIMEOUT : The session token timeout in milliseconds. If there is no user activity, the token will be invalidate after this timeout. By default it is 28800000 (8 hourse).

SSO configuration

  • SSO_CONFIGURATIONS : Value is a JSON with sso configurations. Please note that for oAuth2 the user identifier is set to "sub" claim which is unique but it is random string. If you want to have something more user friendly, you can set the "userIdClaim": "email" for Keycloak and "userIdClaim": "upn" for Azure eg.
{
"saml":
{
// Enable the SAML
"enabled": true,
"config":
[
{
"idpName": "Azure",
"samlLogoutIDPEnabled": true,
"samlConsumerURL": "https://orchestrator-ci.eks-ci.olympe.io/OlympeServer/rest/acs",
"samlIssuerName": "orchestrator-ci",
"samlAllowGroups":["olympe"],
"userRoleTag": "ff011000000000000001",
"userPolicy": "CREATE_USERS_FROM_IDP",
"samlPublicKey": "-----BEGIN CERTIFICATE-----MY_CERTIFICATE-----END CERTIFICATE-----", # Optional, public signing key
"samlPrivateKey": "-----BEGIN PRIVATE KEY-----MY_RPIVATE_KEY-----END PRIVATE KEY-----" # Optional, private signing key
},
{
"idpName": "Saml-test",
"samlLogoutIDPEnabled": true,
"samlConsumerURL": "https://orchestrator-ci.eks-ci.olympe.io/OlympeServer/rest/acs",
"samlIssuerName": "orchestrator-ci",
"userRoleTag": "ff011000000000000001",
"userPolicy": "STATELESS_ASSIGN_TO_PREDEFINED_USER",
"userTag": "MySuperUserTag",
"samlMetaData": "saml_test_metadata.xml"
}
]
},
"oAuth2":
{

"enabled": true,
"config":
[
{
"idpName": "OpenID",
"providerURL": "https://sso.olympe.io/realms/Test",
"clientId": "test-openid",
"clientSecret": "9j07TiyQFX1YczwrFTfleX04zwpr3YoR",
"authorizationPath": "https://sso.olympe.io/realms/Test/protocol/openid-connect/auth",
"endSessionPath": "https://sso.olympe.io/realms/Test/protocol/openid-connect/logout",
"ssoLogoutPath": "https://sso.olympe.io/realms/Test/protocol/openid-connect/logout",
"revocationPath": "https://sso.olympe.io/realms/Test/protocol/openid-connect/revoke",
"tokenPath": "https://sso.olympe.io/realms/Test/protocol/openid-connect/token",
"userInfoPath": "https://sso.olympe.io/realms/Test/protocol/openid-connect/userinfo",
"jwksURI": "https://sso.olympe.io/realms/Test/protocol/openid-connect/certs",
"callbackPath": "https://orchestrator-ci.eks-ci.olympe.io/OlympeServer/rest/openid/<unique_callback_path>", # Plese note that this URL needs to be unique for each SSO configuration
"userPolicy": "CREATE_USERS_FROM_IDP",
"userTag": "014831d95fd7d12b8568",
"userIdClaim": "email", # Unique user identifier, please note that the claim depends on the SSO so for example "email" can work for Keycloak but for Azure you need to use for example "upn". By default Orchestrator will use "sub" claim.
"scope": "openid"
}
]
}
}

Backup Restore Service

  • FILE_SERVICE_RESTORE_TIMEOUT_MILLIS : Set the eventbus timeout in millis when Restore service sends a request to File Service in order to restore files. Default value is set to 60000 (1 minute).
  • ZIP_MIN_INFLATE_RATIO : Zip inflate ratio for zip bomb detection. Default value is 0.01.
  • ZIP_MAX_ENTRY_SIZE : Zip max entry size (Zip bomb detection). Defatul value is 31'457'280 (in Bytes)
  • ZIP_GRACE_ENTRY_SIZE : Zip grace entry size. Default value is 512 000 (in Bytes)

Query Service

  • QUERY_SERVICE_RECORDS_FETCH_SIZE : The batch size of records that will be streamed in the response. The default value is 1000.
  • BLOCK_RECURSION_LIMIT : The recursion limit for explicit graphDef recursion transformer. The default value is 100.

Transaction Service

  • IMPORT_PATCH_BATCH_SIZE : The import batch size for HTTP transactions and import patches. The default value is 10000.
  • TRANSACTION_DEBUG_MODE_ENABLED : Enables debug mode for the transaction service, causing all transaction operations to be executed sequentially. In the event of a failure, the failed operation will be logged for further analysis. This mode helps with troubleshooting but may impact performance due to the sequential execution of operations. The default setting is false.
  • UNDO_REDO_STACK_SIZE : The stack size for draw undo/redo feature. The default valus is 20.

Subscription Service

  • SUBSCRIPTION_GC_DELAY : Subscription garbage collection deplay in ms. The default value is 14400000.

Shell Service

  • SHELL_SERVICE_SESSION_TIMEOUT_MINUTES : The shell session timeout. The default value is 30min.
  • IMPORT_ORDER_FILE_NAME : Specifies the name of the file that contains the name of the file listing the projects to be imported. The default value is import_order.json.

JVM configurations

  • JVM_INITIAL_RAM_PERCENTAGE : Sets the initial heap size for the Java application as a percentage of the total memory available on the physical server or container. This value is controlled using the -XX:InitialRAMPercentage option. The default setting is 25%.
  • JVM_MAX_RAM_PERCENTAGE : Configures the maximum heap size for the Java application, expressed as a percentage of the total memory available on the physical server or container. This is controlled using the -XX:MaxRAMPercentage option. The default value is 50%.
  • JVM_GC : The GC used by JVM. The Default value is UseParallelGC;
  • JVM_GC_LOG_PARAM : The GC log by JVM. The Default value is -Xlog:gc*:/opt/orchestrator/logs/gc.log
  • JVM_OUT_OF_MEMORY_OPTION : When a Java Virtual Machine (JVM) runs out of memory, define the behaviour. The default value is -XX:+ExitOnOutOfMemoryError.
  • EXTRA_PARAMS : We can use this parameter if we want to add some extra params for JVM.

Logs

  • LOGS_FILE : The log file name. The default value is orchestrator.log.
  • LOGS_ARCHIVES_FILE_PATTERN : The log4j archive files pattern. The default value is orchestrator-%d{yyyy-MM-dd}.%i.log.gz.
  • LOGS_ROLLING_FILE_APPENDER_ENCODER_PATTERN : The log4j file appender pattern. The default value is %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n%throwable.
  • LOGS_CONSOLE_APPENDER_ENCODER_PATTERN : The log4j console appender pattern. The default value is %highlight{%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n%throwable}{FATAL=bg_red, ERROR=red, WARN=yellow, INFO=green, DEBUG=cyan}.

Dynamic configuration

  • DYNAMIC_CONFIG_ENABLED : When enabled, the orchestrator will periodically read a file for dynamic configuration updates. Currently, only changes to the Orchestrator role are supported as dynamic updates. The default setting is false.
  • DYNAMIC_CONFIG_REFRESH_INTERVAL : Specifies the interval, in seconds, at which the dynamic configuration file will be read. The default value is 60 seconds.
  • EXTRA_CONFIG_PATH : The path to the file with dynamic configuration.
  • EXTRA_CONFIG_KEY_PREFIX : The prefix of the parameters that should be ready from the dynamic config. The default value is app.olympe.io/.

Deployment options

  • PRODUCTION_MODE : Only the essential services required for the production environment will be deployed. The default setting is false.
  • EXCLUDED_VERTICLES : The list of services that should not be deployed. The default value is an empty list.

Volumes

With Orchestrator Docker image you can mount several volumes if you want to keep some files you saved on your local disk, even after killing your container :

  • /opt/orchestrator/file-service : for files you saved with file service
  • /opt/orchestrator/logs : for orchestrator application logs
  • /opt/orchestrator/auth-saml-service : to have access to the SAML IDP metadata file