This repository has been archived by the owner on Dec 14, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathenv-sample
725 lines (650 loc) · 39.8 KB
/
env-sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
################################################################################################
# Axway API-Management solution connected to Elasticsearch
#
# This is the main configuration file, which is designed to run this solution with minimal
# configuration effort in a standard setup.
# Standard setup means:
# - All services are using HTTPS
# - Using an anonoymus user to communicate with Elasticsearch
#
# For a production environment it's recommended to configure
# - set the ELASTICSEARCH_CLUSTERNAME if the default: Axway APIM does not fit
# - setup the parameters: ES_JAVA_OPTS and LS_JAVA_OPTS
# - set the ELASTICSEARCH_CLUSTER_UUID
# - setup users in Elasticsearch and configure them in this configuration file.
# - set the GATEWAY_NAME for each API-Gateway running Filebeat
# - set the LOGSTASH_NODE_NAME when running multiple Logstash-Hosts
# - Consider to enable APM - See parameter APM_ENABLED
#
# It's also supported to run this solution with dedicated or existing services. For instance
# using an Elasticsearch-Cluster, Kibana (>=7.10.x) or Filebeat installed as a software
# installation (Filebeat should be 7.x).
# For that, just disable the services in this docker-compose file you don't need.
#
# All parameters are exposed as environment variables or mounted files, which makes it possible
# to run this solution in a Docker-Orchestrastion framework such as K8S, OpenShift, ...
#
################################################################################################
COMPOSE_PROJECT_NAME=axway-apim-elastic
################################################################################################
# Required parameters
################################################################################################
# ----------------------------------------------------------------------------------------------
# When running Filebeat as a Docker-Container direclty on the API-Gateway machines, these
# folders are mounted into the Filebeat Container to have access to the files.
# If you prefer to run Filebeat as a software installation, please make sure the you are using
# the filebeat config file: filebeat/filebeat.yml and the given directories are accessible.
# Used-By: Filebeat
APIGATEWAY_OPENTRAFFIC_FOLDER=/home/localuser/Axway-x.y.z/apigateway/logs/opentraffic
APIGATEWAY_TRACES_FOLDER=/home/localuser/Axway-x.y.z/apigateway/groups/group-2/instance-1/trace
APIGATEWAY_EVENTS_FOLDER=/home/localuser/Axway-x.y.z/apigateway/events
APIGATEWAY_AUDITLOGS_FOLDER=/home/localuser/Axway-x.y.z/apigateway/logs
APIGATEWAY_PAYLOADS_FOLDER=/home/localuser/Axway-x.y.z/apigateway/logs/payloads
# ----------------------------------------------------------------------------------------------
# Is used by almost all services to communicate with Elasticsearch. Either to send events,
# execute queries or send monitoring information.
# When using the default docker-compose.yaml the following default parameter will work as
# the Elasticsearch service is running with this service name.
# When running the ElasticSearch on a difference host (e.g. existing Elastic-Search cluster)
# this environment variable is used to locate the ElasticSearch cluster.
# You may provide a single host or an array of hosts.
# Example: ELASTICSEARCH_HOSTS=https://elasticsearch1:9200,https://elasticsearch2:9201
# Used-By: Filebeat, API-Builder, Logstash, Metricbeat
ELASTICSEARCH_HOSTS=https://elasticsearch1:9200
# ----------------------------------------------------------------------------------------------
# Used by Logstash to communicate with the Lookup-API, which is used to
# enrich documents before sending it to ElasticSearch.
# When using the default docker-compose.yml the default setting will work.
# But, if the API-Builder process is running somewhere else (e.g. in a K8S), you have to
# configure this environment variable correctly.
# Used-By: Logstash
API_BUILDER_URL=https://apibuilder4elastic:8443
# ----------------------------------------------------------------------------------------------
# Connection to the Admin-Node-Manager. Used by the API-Builder identify the current user.
# If you are using the solution based on the regional feature with multiple Admin-Node-Managers,
# then you need to specify the node managers accordingly to the configured regions.
# Please make sure that the corresponding region is also stored in the API Gateway traffic monitor.
# See: https://github.com/Axway-API-Management-Plus/apigateway-openlogging-elk#admin-node-manager-per-region
# IMPORTANT NOTE: All URLs must be reachable/resolvable from within the API-Builder
# Docker-Container!
# Used-By: API-Builder
# ADMIN_NODE_MANAGER=us|https://my-us-anm:8090, eu|https://my-eu-anm:8090
# ADMIN_NODE_MANAGER=dc1|https://my-anm-in-dc1:8090, dc2|https://my-anm-in-dc2:8090
ADMIN_NODE_MANAGER=https://172.17.0.1:8090
# ----------------------------------------------------------------------------------------------
# By default it's assumed, that the API-Manager is running on the same host as the ANM just
# on port 8075 instead of 8080.
# This user is used by API-Builder to lookup APIs & User-Information in API-Manager.
# Therefore it must be a user having "admin" role.
# The connection is validated during API-Builder start up.
# These credentials are used for all configured API-Managers.
# Used-By: API-Builder
API_MANAGER_USERNAME=apiadmin
API_MANAGER_PASSWORD=changeme
################################################################################################
# Paramaters required when anonoymus access is disabled
################################################################################################
# ----------------------------------------------------------------------------------------------
# This password is required by Filebeat to send monitoring information to Elasticsearch
# Used-By: Filebeat
#BEATS_SYSTEM_USERNAME=beats_system
#BEATS_SYSTEM_PASSWORD=
# ----------------------------------------------------------------------------------------------
# Account used by Kibana to communicate with Elasticsearch
# Used-By: Kibana
#KIBANA_SYSTEM_USERNAME=kibana_system
#KIBANA_SYSTEM_PASSWORD=
# ----------------------------------------------------------------------------------------------
# Account used by Logstash to send monitoring events
# Used-By: Logstash
#LOGSTASH_SYSTEM_USERNAME=logstash_system
#LOGSTASH_SYSTEM_PASSWORD=
# ----------------------------------------------------------------------------------------------
# Account used by Logstash pipeline to send events from the API-Management platform
# Used-By: Logstash
#LOGSTASH_USERNAME=elastic
#LOGSTASH_PASSWORD=
# ----------------------------------------------------------------------------------------------
# Account used by the API-Builder process to query Elasticsearch
# Used-By: API-Builder
#API_BUILDER_USERNAME=elastic
#API_BUILDER_PASSWORD=
# ----------------------------------------------------------------------------------------------
# Account used by the Metricbeat to send metrics to Elasticsearch and create the required
# configuration in Kibana and Elasticsearch
# Used-By: Metricbeat
#METRICBEAT_USERNAME=elastic
#METRICBEAT_PASSWORD=
# With this parameter set to false, anonymous access to Elasticsearch is no longer possible.
# All clients needs to send username and password.
# This toggle is internally used to set the parameter: xpack.security.authc.anonymous.username
# and xpack.security.authc.anonymous.roles
# Used-By: Elasticsearch
# ELASTICSEARCH_ANONYMOUS_ENABLED=false
# This parameter controls if Kibana is forcing users to authenticate. Activate this parameter
# once you have disabled anonymous access to Elasticsearch
# Used-By: Kibana
# KIBANA_SECURITY_ENABLED=true
################################################################################################
# Configure Multi-Node ES-Cluster
################################################################################################
# The following parameters are used to build and configure the Elasticsearch cluster.
# If you don't set this parameters the cluster is configured based on the configured
# ELASTICSEARCH_HOSTS.
#
# The publish host is used for internal cluster communication between each node. If must be
# set to a host that is reachable from other nodes.
# ELASTICSEARCH_PUBLISH_HOST1=elasticsearch1
# ELASTICSEARCH_PUBLISH_HOST2=elasticsearch2
# ELASTICSEARCH_PUBLISH_HOST3=elasticsearch3
# The ES REST-API listen socket and used to map the port outside of the docker container.
# ELASTICSEARCH_HOST1_HTTP=9200
# ELASTICSEARCH_HOST2_HTTP=9201
# ELASTICSEARCH_HOST3_HTTP=9202
# The ES Transport protocol listen socket and used to map the port outside of the docker container.
# ELASTICSEARCH_HOST1_TRANSPORT=9300
# ELASTICSEARCH_HOST2_TRANSPORT=9301
# ELASTICSEARCH_HOST3_TRANSPORT=9302
################################################################################################
# Optional / Advanced parameters
################################################################################################
# ----------------------------------------------------------------------------------------------
# API requests are made in a specific group (e.g. group-2) and possibly in a specific region.
# With this parameter you can control which API manager to use for lookup for which traffic
# origin.
# If the parameter is not specified, then it is assumed that the API manager is reached on the
# node manager. In this case, the same URL is used, but with port: 8075.
# IMPORTANT NOTES: These URLs must be reachable/resolveable from within the API-Builder
# Docker-Container!
# The same API-Manager credentials are used for all API-Managers.
# Used-By: API-Builder
# Examples:
# Use a single API-Manager for all kind of traffic no matter of the origin
# API_MANAGER=https://172.17.0.1:8075
# The API-Manager used is based on group-id of the traffic (e.g. when having
# multiple API-Manager in a single topology)
# API_MANAGER=group-2|https://api-manager-1:8075, group-5|https://api-manager-2:8275
# If a region is configured, perform the lookup on the API-Manager based on the region and group
# API_MANAGER=group-2|us|https://api-manager-1:8075, group-5|eu|https://api-manager-2:8275
# The same as before, but with a fallback API-Manager if region / group is not configured
# API_MANAGER=https://172.17.0.1:8075, group-2|us|https://api-manager-1:8075, group-2|eu|https://api-manager-2:8275
# Another way of fallback based on the group not having the region configured
# API_MANAGER=https://172.17.0.1:8075, group-2|https://api-manager-1:8075, group-2|eu|https://api-manager-2:8275
# If no API manager is in use, i.e. only API gateways, then you must disable it here.
# As a result, no more lookups are executed in the direction of the API manager, however you can
# still user local lookup files to provide context.
# Additional you need to disable user authorization or use external REST API. Otherwise,
# restricted users will not see any traffic. See parameter: AUTHZ_CONFIG
# Used-By: API-Builder
# API_MANAGER_ENABLED=false
# Additionally to the API-Manager(s) itself, the API-Builder can perform an API-Lookup against
# a local configuration file. This is useful if you would like to map natively exposed APIs
# (e.g. http://api-gateway:8080/healthcheck) to a real API-Name and Method.
# Additionally to the general lookup-file, it is also possible to create one lookup file per
# group or group/region. This makes it possible to define different information per group or region.
# The name of the groups or group-region file is derived from the main lookup file.
# The files are used in the following order:
# 1. the group/region
# - will not be used if no region is defined
# - Example: api-lookup.group-2.us.json
# 2. The group
# - in which the API call was made
# - Example: api-lookup.group-2.json
# 3. general lookup file
# - is always used if no match in 1 or 2.
# - Example: api-lookup.json
# If no file matches the API manager of the group/region is requested.
# This file contains the API-Details normally given by the API-Manager.
# The file must be relative to the API-Builder process within the container.
# Example:
# API_BUILDER_LOCAL_API_LOOKUP_FILE=./config/api-lookup.json
# ----------------------------------------------------------------------------------------------
# Option to disable custom properties. With that, custom properties are no longer looked up
# at the API-Manager neither indexed in Elasticsearch. If set, it is of course no longer
# possible to use these for example for a customized authorization.
# Defaults to false
# Used-By: API-Builder
# DISABLE_CUSTOM_PROPERTIES=true
# ----------------------------------------------------------------------------------------------
# Recommended to configure to see Filebeat statistics in the Elastic Stack monitoring.
# You can get your Cluster UUID with the following request: https://elasticsearch1:9200/
# Used-By: Filebeat (to send monitoring events)
ELASTICSEARCH_CLUSTER_UUID=
# ----------------------------------------------------------------------------------------------
# This is an optional parameter used by Filebeat to set a proper name. This allows for instance
# to identify the different Filebeat instances in the Kibana-Stack Monitoring dashboards.
# Defaults to: "API-Gateway"
# Used-By: Filebeat
# GATEWAY_NAME=API-Gateway 3
# ----------------------------------------------------------------------------------------------
# This parameter can be used to support multiple regions or datacenters. The key you give here
# is stored along with all the documents/transactions created by this Filebeat instance.
# In addition, based on this parameter, additional indices per region are created in Elastisearch,
# which stores the data of the region.
# It helps for instance to filter information on a specific region.
# If not given, all data is stored with the default value: All
# Whitespaces and special characters are not allowed
# Used-By: Filebeat, Elasticsearch
# GATEWAY_REGION=US
# or
# GATEWAY_REGION=US-DC1
# ----------------------------------------------------------------------------------------------
# This tells Filebeat where Logstash or multiple instances are running.
# When using the default docker-compose.yml the following default will work.
# If you are running Logstash somewhere else, e.g. as a service in K8S you need to change this
# parameter.
# Used-By: Filebeat
# LOGSTASH_HOSTS=logstash1:5044,logstash2:5044
LOGSTASH_HOSTS=logstash:5044
# ----------------------------------------------------------------------------------------------
# This parameter determines with which name a Logstash instance presents itself in Elastic
# Stack Monitoring. If you run multiple Logstash instances, it is recommended to set this
# parameter to identify the Logstash instances in the monitoring.
# Used-By: Logstash
# Defaults to Logstash-1
# LOGSTASH_NODE_NAME=Logstash-2
# ----------------------------------------------------------------------------------------------
# Define JVM-Heap size for Logstash. Both values should be the same and not more than 6GB.
# Additionally you may set the temp directory which should be used by Logstash.
# Defaults to -Xmx1g -Xms1g
# Used-By: Logstash
# LS_JAVA_OPTS=-Xmx6g -Xms6g
# Or use it to setup the temp directory for Logstash. Keep in mind, a directory within the
# container.
# LS_JAVA_OPTS=-Xmx6g -Xms6g -Djava.io.tmpdir=/var/tmp
# ----------------------------------------------------------------------------------------------
# With this parameter you tell the Logstash processing pipeline which memchached to use. It is
# used to cache the API-Details that has been looked up from the API-Manager via the API-Builder.
# Even if the API-Builder is already caching the result, this improves the Logstash pipeline
# processing performance.
# IMPORTANT NOTE: When memcached is running somewhere else, please avoid high latency between
# Logstash and memached.
# The default parameter works when using the docker-compose.yml
# Used-By: Logstash
MEMCACHED=memcached:11211
# ----------------------------------------------------------------------------------------------
# This parameter controls how long information looked up from API-Manager should stay in the
# cache. Currently used for API-, Application- and User-Details. The same cache timeout is used
# for API-Builder In-Memory-Cache and Logstash-Memcache.
# You may increase this timeout if you need to reduce the API-Manager REST-API calls performed
# during ingestion.
# Defaults to 600 (seconds)
# Used-By: Logstash, API-Builder
# LOOKUP_CACHE_TTL=1200
# ----------------------------------------------------------------------------------------------
# In case an API contains path parameters (e.g. /api/v2/pet/123456789), it may be advisable to
# configure them here to optimize caching. Especially if the path parameter is very variable
# (e.g. customer IDs). Due to the fact that the API request path is then always different
# Logstash cannot cache the looked up API-Details efficiently.
# Therefore, you configure a list of comma separated API paths here. The Logstash pipeline
# checks if the received API request path starts with one of the configured paths, if so, the
# API details are cached with the configured path (/api/v2/pet) instead of the received
# API path (/api/v2/pet/123456789).
# It is recommended to configure the most frequently called paths first in the list to avoid
# unnecessary iterations.
# You can also configure a shorter path. It is important to understand that based on this
# configured API path the API details are cached and of course there should not be any overlap
# between two actually different APIs.
# Defaults to null
# Used-By: Logstash
# CACHE_API_PATHS=/api/v2/petstore, /api/v1/user, ...
# ----------------------------------------------------------------------------------------------
# The maximum heap memory for ES. Xmx should be configured to 50% of the available memory, when
# running ES on a dedicated node. Both values should be same.
# It should not be bigger than 31GB. Defaults to 1GB by ES default which is in most cases not
# correct.
# Used-By: Elasticsearch
# ES_JAVA_OPTS=-Xms8g -Xmx8g
ES_JAVA_OPTS=-Xmx1g -Xms1g
# Or use it to setup the temp directory for Elasticsearch. Keep in mind, a directory within the
# container.
# ES_JAVA_OPTS=-Xms8g -Xmx8g -Djava.io.tmpdir=/var/tmp
# ----------------------------------------------------------------------------------------------
# The number of Filebeat worker threads sending data to Logstash. This should be sufficient in
# most cases (ap. up to 750 TPS). You may increase it, if you experience a delay in the Traffic-
# Monitor or Kibana dashboards, but it might even slow down the ingestion rate.
# And of course increasing worker threads for Filebeat will increase CPU-Load on the API-Gateway
# machine.
# Tests have proven, that two worker threads are optimal.
# See: https://www.elastic.co/guide/en/beats/filebeat/current/logstash-output.html
# Defaults to 2 threads.
# Used-By: Filebeat
# FILEBEAT_WORKER=4
# ----------------------------------------------------------------------------------------------
# The maximum number of events to bulk in a single Logstash request.
# See: https://www.elastic.co/guide/en/beats/filebeat/current/logstash-output.html
# Tests have shown, that 3072 results in the best ingestion rate.
# Defaults to 3072.
# Used-By: Filebeat
# FILEBEAT_BULK_MAX_SIZE=2048
# ----------------------------------------------------------------------------------------------
# This is setting up the Elasticsearch clustername, which is used by Elasticsearch to form
# the cluster.
# Nodes will only join the cluster if they have the same cluster name.
# Make sure that you don’t reuse the same cluster names in different environments, otherwise
# you might end up with nodes joining the wrong cluster.
# Good examples are: axway-apim-elasticsearch-prod, axway-apim-elasticsearch-qa, etc.
# Used-By: Elasticsearch
ELASTICSEARCH_CLUSTERNAME=Axway APIM
# ----------------------------------------------------------------------------------------------
# Define the version of the Elastic-Stack to use. Based on this version Docker images are pulled
# Used-By: Elasticsearch, Filebeat, Kibana, Logstash
ELASTIC_VERSION=7.17.3
# ----------------------------------------------------------------------------------------------
# With this parameter you can change the way the authorization for the traffic monitor is
# performed.
# By default, users who are not API-Gateway administrators are authorized to see traffic in
# the traffic monitor based on their API-Manager organization.
# You may configure another option as of today to perform an external HTTP-Call, which is used
# to adjust the Elastic-Query. For more details please see: config/authorization-config-sample.js
# It's recommended to create a copy the sample file and configure it with the following parameter:
# For example:
# Used-By: APIBuilder4Elastic
# AUTHZ_CONFIG=./config/my-authorization-config.js
# ----------------------------------------------------------------------------------------------
# Use this parameter to adjust the default solution retention time.
# You must pass a corresponding JSON configuration file to the parameter. You can find an
# example of this in the config/retention-period-config-sample.json folder.
# Create your own version of this file, customize the configuration as desired, and configure
# the file name here.
# To learn more: https://github.com/Axway-API-Management-Plus/apigateway-openlogging-elk#lifecycle-management
# Used-By: APIBuilder4Elastic
# For example:
# RETENTION_PERIOD_CONFIG=./config/my-retention-periods.json
# ----------------------------------------------------------------------------------------------
# With this parameter you control which user gets an unrestricted access to the traffic in the
# API gateway traffic monitor. This means that these users will see all traffic, regardless of
# which API Manager organization. Users who have these rights in the API Gateway traffic monitor
# do not need to be configured on the API Manager.
# If the parameter is not configured, then the default permission is: adminusers_modify, which
# in principle only full API Gateway administrators have.
# Example of multiple permissions. The user must have all these permissions:
# Used-By: API-Builder
# UNRESTRICTED_PERMISSIONS=traffic_monitor,adminusers,settings
# Example of a single permissions. Take care, as many people will have this permissions:
# UNRESTRICTED_PERMISSIONS=traffic_monitor
# ----------------------------------------------------------------------------------------------
# By default, the solution also provides the payload to the API gateway traffic monitor based on
# the exported payload.
# In other words, if the traffic monitor is first connected to the API Builder/Elasticsearch via
# the policy, then it will also try to obtain the payload via it. For this, of course, it is
# necessary to export the payload accordingly and make it available. More details about this:
# https://github.com/Axway-API-Management-Plus/apigateway-openlogging-elk#traffic-payload
# If it is not necessary for your use cases, then you can disable this feature in the API Builder
# process with this parameter. The traffic monitor will then retrieve the payload from the OBSDB
# as long as it is available.
# Used-By: API-Builder
# Defaults to true.
# PAYLOAD_HANDLING_ENABLED=false
# ----------------------------------------------------------------------------------------------
# By default, all generated trace messages are forwarded to Elasticsearch. No matter if DEBUG
# or DATA.
# If you do not want this, you can configure which trace levels should be dropped.
# For example, if you set DEBUG,DATA these two log levels will not be stored in ElasticSearch.
# Please note that this will of course result in the messages not appearing in the
# API Gateway traffic monitor. Also it is not possible to change this parameter afterwards and
# expect Trace-Messages are re-processed.
# Used-By: Logstash for Traffic and General-Trace messages
# Defaults to all levels are forwarded.
# DROP_TRACE_MESSAGE_LEVELS=DEBUG,DATA
# ----------------------------------------------------------------------------------------------
# If an API is called by a registered API-Manager application and no user is authenticated, then
# this application ID appears in the Subject column in the traffic monitor.
# Now, by default, the solution tries to convert the unhelpful application IDs passed in the
# authentication.subject.id attribute to the actual application name. This is done whenever the
# authentication subject ID is a UUID.
# However, if other UUIDs are used in your configuration in the authentication subject
# (for example, customer IDs), then the lookup is actually always incorrect and an unnecessary
# number of API requests are made. In this case, you should disable the function, since you have
# no use for it anyway.
# By the way, this has nothing to do with the application details, which are passed separately.
# Used-By: Logstash
# Defaults to true
# APPLICATION_LOOKUP_ENABLED=false
# ----------------------------------------------------------------------------------------------
# There is a possibility to exclude APIs from indexing in Elasticsearch, i.e. to ignore them.
# If you do not want to make use of this, i.e. do not want to ignore APIs, then you can
# completely deactivate the necessary Loookup, which is executed as part of the OpenTraffic
# pipeline, in order to further reduce the ingest latency, for example.
# Used-By: Logstash
# Defaults to true
# IGNORE_API_LOOKUP_ENABLED=false
# ----------------------------------------------------------------------------------------------
# Disables the setup flows in API-Builder that are used to configure Elasticsearch.
# If you run more than one API builder, you can set this parameter to true, as it is not
# necessary. However, it is technically not a problem to have multiple API-Builders running
# with setup flows enabled.
# Used-By: API-Builder
# Defaults to false.
# DISABLE_SETUP_FLOWS=true
# ----------------------------------------------------------------------------------------------
# The gzip compression level. Setting this value to 0 disables compression. The compression level
# must be in the range of 1 (best speed) to 9 (best compression).
# Increasing the compression level will reduce the network usage but will increase the CPU usage.
# Used-By: Filebeat
# Defaults to 3
# FILEBEAT_COMPRESSION_LEVEL=6
# ----------------------------------------------------------------------------------------------
# As of version 4.0.0, the solution stores API Managament KPIs in Elasticsearch and displays them
# in the dashboard: [Axway] API Management KPIs. To do this, the API Builder polls all configured
# API managers at hourly intervals and then stores the KPIs in the
# index: apigw-management-kpis-000001.
# You can use this parameter to disable this feature and feel free to enable it later.
# Used-By: API-Builder
# Defaults to true
# MANAGEMENT_KPIS_ENABLED=false
# ----------------------------------------------------------------------------------------------
# Especially during the setup of the solution it makes sense to increase the log level for the
# API builder. Also, if you find an error and want to report an issue, set the log level to
# debug if possible.
# Used-By: API-Builder
# Defaults to info
# API_BUILDER_LOG_LEVEL=debug
################################################################################################
# Metricbeat
################################################################################################
# By default the solution is using Metricbeat to collect information from all running components
# including running Docker-Containers. This is shown in Kibana Dashboards.
# With the following parameters you can control the stack monitoring to use either Self-Monitoring
# or Metricbeat. Both should not be activated at the same time.
# ----------------------------------------------------------------------------------------------
# Since the setup of Metricbeat requires some steps that depend on the exact deployment, it is not
# enabled by default. Nevertheless, it is recommended to use Metricbeat for monitoring the components.
# If you set this parameter to true, then please disable the parameter: SELF_MONITORING_ENABLED to
# avoid that the components report unnecessarily twice.
# Used-By: Metricbeat
# Defaults to false
#METRICBEAT_ENABLED=true
# ----------------------------------------------------------------------------------------------
# Self-monitoring is used to monitor the Elastic stack itself, for example to monitor Logstash,
# Filebeat, etc. in Kibana stack monitoring. If Metricbeat is activated, you should not activate
# Self-Monitoring, as Metricbeat will then already take over the job.
# So only activate this parameter if you dont use Metricbeat.
# Used-By: Filebeat, Logstash, Elasticsearch, Kibana
# Defaults to true
#SELF_MONITORING_ENABLED=false
# ----------------------------------------------------------------------------------------------
# Metricbeat is designed to monitor various services. For this purpose a Metricbeat instance runs
# on a host and based on activated modules the services are monitored.
# After the Elastic solution is deployed, the internal so-called self-monitoring is used. This means
# that services like Filebeat, Logstash, etc. send metrics to Elasticsearch themselves.
# However, the way is deprecated, so it is recommended to disable self-monitoring and use Metricbeat.
# For this, the solution is pre-configured as much as possible. You have to define per host which
# services (modules) should be activated and then start the Metricbeat Docker-Contaniner instance
# on each instance. Do not forget to deactivate the self-monitoring.
# Used-By: Metricbeat
# Defaults to true
# Examples:
# All modules enabled:
#METRICBEAT_MODULES=kibana,elasticsearch,logstash,filebeat,memcached,system,docker
# First Elasticsearch host also running Kibana:
#METRICBEAT_MODULES=kibana,elasticsearch,system,docker
# All other Elasticsearch nodes:
#METRICBEAT_MODULES=system,docker
# Logstash, API-Builder & Memcache running on one host:
#METRICBEAT_MODULES=logstash,memcached,system,docker
# Filebeat running at API-Gateway:
#METRICBEAT_MODULES=filebeat,system,docker
# ----------------------------------------------------------------------------------------------
# This is the name how metricbeat reports metric information back to Elasticsearch.
# Used-By: Metricbeat
# Examples
# METRICBEAT_NODE_NAME=Host-1
# METRICBEAT_NODE_NAME=API-Gateway-1
# ----------------------------------------------------------------------------------------------
# By default Metricbeat will upload all required Dashboards automatically into Kibana. Metricbeat
# will overwrite existing Dashboards with every restart. If you want to customize Metricbeat
# dashboards you should clone them.
# Use this parameter to disable loading of dashboards.
# Used-By: Metricbeat
# Defaults to true
#METRICBEAT_SETUP_DASHBOARDS=false
# ----------------------------------------------------------------------------------------------
# Currently, the KIBANA_HOST is only used by Metricbeat to automatically load the configured
# dashboards into Kibana. If the parameter is not specified, Kibana will try to contact the first
# Elasticsearch host and use it if available. You can change this behavior with the
# parameter: KIBANA_HOST. For authentication Metricbeat uses the user:
# METRICBEAT_USERNAME & METRICBEAT_PASSWORD.
# Used-By: Metricbeat
# Defaults to https://kibana:5601
#KIBANA_HOST=https://my.kibanahost.net:5601
################################################################################################
# APM
################################################################################################
# The solution can use APM from Elastic to monitor the behavior of the API-Builder process.
# ----------------------------------------------------------------------------------------------
# This is where Elastic-APM is enabled, which is an additional service before Elasticsearch. It
# is used by API Builder to pass application performance management data from the
# API Builder process. It can also be used by other API-Builder applications/microservices.
# Used-By: Elastic-APM, APIBuilder4Elastic
# Defaults to false
#APM_ENABLED=true
# ----------------------------------------------------------------------------------------------
# This is used by the API-Builder process for the APM-Server connection. It defaults to
# https://apm-server:8200 if not configured, which is the service-name when using docker-compose.
# Used-By: APM-Server, APIBuilder4Elastic
# APM_SERVER=https://my-apm-server:8200
# ----------------------------------------------------------------------------------------------
# Parameter used by API-Builder if the APM-Server certificate should be validated.
# Used-By: API-Builder4Elastic
# APM_VALIDATE_SERVER_CERT=false
# ----------------------------------------------------------------------------------------------
# Certificate authory used by API-Builder4Elastic to validate the APM server certificate.
# Used-By: API-Builder4Elastic
# Defaults to the CA used by all components.
# APM_SERVER_CA=config/certificates/ca.crt
# ----------------------------------------------------------------------------------------------
# Account used by the APM-Server for the Elasticsearch communication. For the initial setup it
# must have permissions to setup index templates.
# Used-By: APM-Server
#APM_USERNAME=elastic
#APM_PASSWORD=
################################################################################################
# Geo-IP Location
################################################################################################
# ----------------------------------------------------------------------------------------------
# Controls whether the IP address of the client should be translated into a geo-location. This is
# necessary so that the map dashboards can display corresponding data.
# Disable this function only if necessary. For example, if you find that ingest latency increases
# significantly and the solution no longer remains real-time.
# Used-By: Logstash (EventsPipeline.conf)
# Defaults to true
#GEOIP_ENABLED=false
# ----------------------------------------------------------------------------------------------
# The Logstash geoip plugin uses a cache to avoid having to re-read queried IP addresses from the
# database. Here you determine the appropriate cache size. More information:
# https://www.elastic.co/guide/en/logstash/current/plugins-filters-geoip.html#plugins-filters-geoip-cache_size
# Used-By: Logstash (EventsPipeline.conf)
# Defaults to 1000
#GEOIP_CACHE_SIZE=5000
# ----------------------------------------------------------------------------------------------
# You can specify the transaction event log custom attribute that contains the corresponding IP
# address.
# Used-By: Logstash (EventsPipeline.conf)
# Defaults to xForwardedFor
#GEOIP_CUSTOM_ATTRIBUTE=clientIp
# ----------------------------------------------------------------------------------------------
# If your Logstash instance cannot download the GEOIP-Database directly, you may configure a
# different endpoint here. Learn more:
# https://www.elastic.co/guide/en/logstash/current/plugins-filters-geoip.html#plugins-filters-geoip-manage_update
# Used-By: Logstash (Geo-IP Plugin)
# Defaults to none
#GEOIP_DOWNLOAD_ENDPOINT=
# ----------------------------------------------------------------------------------------------
# If you are using transaction event log custom properties and want them indexed in Elasticsearch,
# then you need to configure here accordingly. Only then, they will be available in queries.
# If you enable this parameter and have configured custom properties, then each document in
# Elasticsearch will be updated with the event log based on the correlation ID.
# Please observe the ingestion rate, as it results in an additional update of the ES-Document.
# Used-By: Logstash, APIBuilder4Elastic
# Defaults to none
#EVENTLOG_CUSTOM_ATTR=myProperty1, myProperty2, myCustomProperty:custom
################################################################################################
# Certificates and Certificate authorities
################################################################################################
# This CA-File is mounted into all applications and used to validate certificates for each component.
# For instance, when Filebeat is sending Metrics to Elasticsearch or the ANM communicates with
# the API-Builder.
# You can concatenet multiple certificates into one certificate file if you also use intermediate
# certificates. Learn more: https://bit.ly/3mxWDSu
# Example command to created the chained cert file:
# openssl pkcs7 -inform DER -in certificate.p7b -print_certs > certificate_bundle.cer
# Used-By: APIBuilder4Elastic, Elasticsearch, Kibana, Logstash, Filebeat, Admin-Node-Manager
ELASTICSEARCH_CA=config/certificates/ca.crt
# The following variables are used by API-Builder to define, which certificate is used
# to expose the HTTPS-Listen socket.
# You may use your own certificates by mounting them into the API-Builder Docker-Container
# and configure the path the key/cert and provide the password.
# Logstash is using the certificate for validation when performing API- or User-Lookups.
# Used-By: API-Builder, Logstash
API_BUILDER_SSL_KEY=config/certificates/apibuilder4elastic.key
API_BUILDER_SSL_CERT=config/certificates/apibuilder4elastic.crt
API_BUILDER_SSL_KEY_PASSWORD=
# Controls the APIBuilder4Elastic to Elasticsearch certificate validation mode
# Possible values: (true|false)
# Defaults to: true
# APIBUILDER_ELASTICSEARCH_SSL_VERIFICATIONMODE=false
# The following certificates and keys are mainly used by Elasticsearch to enable transport
# security on port: 9200.
# Logstash, Filebeat and kibana are using the certificate for validation.
# It's expected that the certificates are placed into the folder certificates as this folder
# is mounted into the Docker container.
# Certificate and key used by Elasticsearch to expose the HTTPS-Listen socket and Inter-Node
# communcation.
# Used-By: Elasticsearch
ELASTICSEARCH_KEY=config/certificates/elasticsearch1.key
ELASTICSEARCH_KEY_PASSPHRASE=
ELASTICSEARCH_CRT=config/certificates/elasticsearch1.crt
# Certificate and key used by Kibana to expose the HTTPS-Listen socket.
# Used-By: Kibana
KIBANA_KEY=config/certificates/kibana.key
KIBANA_CRT=config/certificates/kibana.crt
KIBANA_KEYPASSPHRASE=
# Controls the Kibana to Elasticsearch certificate validation mode
# Possible values: (full|certificate|none)
# Defaults to: full
# For more information please read
# https://www.elastic.co/guide/en/elasticsearch/reference/current/security-settings.html
# KIBANA_ELASTICSEARCH_SSL_VERIFICATIONMODE=none
APM_SERVER_KEY=config/certificates/apm-server.key
APM_SERVER_CRT=config/certificates/apm-server.crt
APM_SERVER_KEY_PASSPHRASE=
# Controls the APM-Server to Elasticsearch certificate validation mode
# Possible values: (full|strict|certificate|none)
# Defaults to: full
# For more information please read
# https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html
# APM_ELASTICSEARCH_SSL_VERIFICATIONMODE=none
# Controls the Logstash to Elasticsearch certificate validation mode for pipelines and monitoring
# Value certificate is translated into true for pipelines certificate validation. none into false
# Possible values: (certificate|none)
# Defaults to: certificate
# For more information please read
# https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-ssl_certificate_verification
# LOGSTASH_ELASTICSEARCH_SSL_VERIFICATIONMODE=none
# Controls the Filebeat to Elasticsearch certificate validation mode (for monitoring only)
# Possible values: (full|strict|certificate|none)
# Defaults to: full
# For more information please read
# https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html
# FILEBEAT_ELASTICSEARCH_SSL_VERIFICATIONMODE=none