Workspace Configuration
This page describes how to configure a Cloudomation workspace installation.
This options are only applicable for on-premise installations.
Configuration Options
Configuration is done using environment variables. See the table below for all recognized options and their description.
Main Settings
| Name | Description | Default value | Required |
|---|---|---|---|
LOG_LEVEL | The verbosity of the logging. One of CRITICAL, ERROR, WARNING, INFO, or DEBUG. | INFO | |
LOG_FORMAT | The format of the logging. text is human-readable, json contains more data. | json | |
LOGGING_CONF | Path to a Python logging configuration file. See https://docs.python.org/3/library/logging.config.html#logging-config-fileformat | ||
RESET_DEBUG_LOGLEVEL_MINUTES | After how many minutes a DEBUG log level should be reset to INFO | 60 | |
SOCKET and SANDBOX_SOCKET | Path to a writable unix-domain-socket file used for communication between the workspace and the sandbox. The workspace will create the file. | /socket/socket | |
SKIP_PROBES | If non-empty, the workspace will not create /alive and /ready REST endpoints for monitoring. | ||
LISTEN_IP | The IP address the REST API will bind to. | 0.0.0.0 | |
LISTEN_PORT | The port number the REST API will bind to. | 8080 | |
POSTGRES_HOST | The hostname of the Cloudomation database. | required | |
POSTGRES_PORT | The port number of the Cloudomation database. | 5432 | |
POSTGRES_DATABASE | The name of the Cloudomation database. | required | |
POSTGRES_USER | The username used to authenticate against the database. | required | |
POSTGRES_PASSWORD | The password used to authenticate against the database. | ||
POSTGRES_PASSWORD_FILE | Path to a file containing the database password. | required if POSTGRES_PASSWORD is unset | |
POSTGRES_SERVER_CA_FILE | Path to the databases certificate file. | ||
POSTGRES_CLIENT_CERT_FILE | Path to a database client certificate file. | ||
POSTGRES_CLIENT_KEY_FILE | Path to a database client certificate key file. | ||
TMP | Temporary path. | /tmp | |
TMP_GIT_TASK | Temporary path for the GIT connector. | /tmp | |
TMP_GIT_SYNC | Temporary path where the git repositories are synced to. | /c/tmp | |
SMTP_HOST | The hostname of the SMTP server used to send notifications. | ||
SMTP_PORT | The port number of the SMTP server. | 25 | |
SMTP_USE_TLS | If to use the SMTP "usetls" command. | true | |
SMTP_USER | The username used to authenticate against the SMTP server. | ||
SMTP_PASSWORD | The password used to authenticate against the SMTP server. | ||
NOTIFICATION_PATH | Path to a folder where internal notifications are written to. Only used when no SMTP connection is configured. | ||
REPORT_ENABLE | If to periodically write a usage report. | True | |
REPORT_PATH | The path where usage report is written to. | /tmp/report.csv | |
DOMAIN | The domain where your workspace is accessible. Used to generate links to the workspace in mails. | required | |
SUBDOMAIN | The subdomain where your workspace is accessible. Used to generate links to the workspace in mails. | required | |
SELF_URL | The FQDN to your workspace. Used to generate links to the workspace in mails. | required |
License Settings
| Name | Description | Required |
|---|---|---|
WORKSPACE_ID | The ID of the workspace installation. | required |
WORKSPACE_NAME | The name of the workspace. | required |
ORGANIZATION_ID | The ID of the organization. | required |
ORGANIZATION_NAME | The name of the organization. | required |
API_KEY | An API key used for the communication between the workspace and the license server. | required |
Security Settings
| Name | Description | Default value | Required |
|---|---|---|---|
LOGIN_TOKEN_VALIDITY_HOURS | The number of hours a login token remains valid after login. Cannot be more than 720 (30 days). | 720 | |
INVITATION_CODE_VALIDITY_HOURS | The number of hours an invitation code is valid. Cannot be more than 168 (7 days) | 168 | |
RECOVER_CODE_VALIDITY_HOURS | The number of hours a recovery code is valid. Cannot be more than 24 (1 day) | 1 | |
MAX_FAILED_AUTH_COUNT | Number of failed login attempts before a Cloudomation user is locked out. Cannot be less than 1 | 5 | |
JWT_PUBLIC_KEY | Path to the public RSA key used to verify login tokens. | required | |
JWT_PRIVATE_KEY | Path to the private RSA key used to generate login tokens. | required | |
JWT_PUBLIC_KEY_2 | Path to the previous public RSA key used to verify login tokens during key rotation. | ||
COOKIE_SAME_SITE | The value used for the SameSite cookie flag of login tokens. One of Strict, Lax, or unset | Lax | |
BOOTSTRAP_USER | The email address of the initial user of the workspace. This use cannot be renamed or deleted and has all permissions. | required | |
INACTIVE_IDLE_LIMIT_MINUTES | After how many minutes of inactivity development-mode executions will be paused. | 10 |
Performance Settings
| Name | Description | Default value |
|---|---|---|
DB_KEEPALIVE_INTERVAL | How often to register the process as "alive" in the database. If the database does not respond within this timeout the process will shut down. | 60 |
DB_KEEPALIVE_TIMEOUT | A process which did not register as "alive" after this timeout will be considered "dead" and removed from the database. | 120 |
SYNC_LOOP_INTERVAL | How often to synchronize git repositories (in seconds). | 600 (10 minutes) |
POLL_DELAY | The number of seconds between checks of the primary process. | 30 |
POLL_SLOW_DELAY | The number of seconds between database consistency checks. | 1800 (30 minutes) |
SYNC_LOOP_INTERVAL | Number of seconds to synchronize active executions between workspaces. This is only relevant for additional status updates. Newly started or ended executions are always synced immediately. | 30 |
CHUNK_SIZE | The number of bytes to read from a file at once. | 4194304 (4 MiB) |
SLEEP_MAX_SECONDS | Executions being idle longer than this setting will be unloaded from memory. | 60 |