From 7478d1cd0f9223ff72995c28e4cc28363475b3f1 Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg <160460847+zhihuapengtg@users.noreply.github.com> Date: Mon, 2 Sep 2024 13:54:57 +0800 Subject: [PATCH 01/26] Update configuration-parameters.adoc [DOC-2103] configuration-parameters about password policy --- .../pages/configuration-parameters.adoc | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/modules/reference/pages/configuration-parameters.adoc b/modules/reference/pages/configuration-parameters.adoc index 19eae568..ced0fdad 100644 --- a/modules/reference/pages/configuration-parameters.adoc +++ b/modules/reference/pages/configuration-parameters.adoc @@ -1190,6 +1190,30 @@ empty. You can use @/cert/file/path to pass the certificate from a file. |Security.SSO.SAML.SignatureAlgorithm |Signiture algorithm [rsa-sha1/rsa-sha256/rsa-sha384/rsa-sha512]: default rsa-sha256 |`rsa-sha256` + +|Security.UserPasswordPolicy.Enable |Enable/disable the password policy +|`false` + +|Security.UserPasswordPolicy.MinLength | Password min length +|`8` + +|Security.UserPasswordPolicy.UppercaseLetterRequired | Password require at Least One Uppercase Character +|`true` + +|Security.UserPasswordPolicy.LowercaseLetterRequired | Password require at Least One Lowercase Character +|`true` + +|Security.UserPasswordPolicy.DigitRequired | Password require at Least One Digit +|`true` + +|Security.UserPasswordPolicy.SpecialCharacterRequired | Password require at Least One special character . +|`true` + +|Security.UserPasswordPolicy.ExpirationDay |How long the password remains valid after it has been updated +|`90` + +|Security.UserPasswordPolicy.PasswordReuseThreshold |What is the minimum number of unique passwords required before a previously used password can be reused +|`5` |=== == System From 5ffb2ede08a7a53ca424fad5ad33a7f50c93dee9 Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg <160460847+zhihuapengtg@users.noreply.github.com> Date: Mon, 2 Sep 2024 14:00:11 +0800 Subject: [PATCH 02/26] Update configuration-parameters.adoc DOC-2103 --- modules/reference/pages/configuration-parameters.adoc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/reference/pages/configuration-parameters.adoc b/modules/reference/pages/configuration-parameters.adoc index ced0fdad..ff9ffa3f 100644 --- a/modules/reference/pages/configuration-parameters.adoc +++ b/modules/reference/pages/configuration-parameters.adoc @@ -1194,19 +1194,19 @@ empty. You can use @/cert/file/path to pass the certificate from a file. |Security.UserPasswordPolicy.Enable |Enable/disable the password policy |`false` -|Security.UserPasswordPolicy.MinLength | Password min length +|Security.UserPasswordPolicy.MinLength |Password min length |`8` -|Security.UserPasswordPolicy.UppercaseLetterRequired | Password require at Least One Uppercase Character +|Security.UserPasswordPolicy.UppercaseLetterRequired |Requires password must have at Least One Uppercase Character |`true` -|Security.UserPasswordPolicy.LowercaseLetterRequired | Password require at Least One Lowercase Character +|Security.UserPasswordPolicy.LowercaseLetterRequired |Requires password must have at Least One Lowercase Character |`true` -|Security.UserPasswordPolicy.DigitRequired | Password require at Least One Digit +|Security.UserPasswordPolicy.DigitRequired |Requires password must have at Least One Digit |`true` -|Security.UserPasswordPolicy.SpecialCharacterRequired | Password require at Least One special character . +|Security.UserPasswordPolicy.SpecialCharacterRequired |Requires password must have at Least One special character |`true` |Security.UserPasswordPolicy.ExpirationDay |How long the password remains valid after it has been updated From 3d0e62788284d5de4f63e464f1876c0c054b940f Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg <160460847+zhihuapengtg@users.noreply.github.com> Date: Mon, 2 Sep 2024 14:03:55 +0800 Subject: [PATCH 03/26] Update configuration-parameters.adoc DOC-2103 --- modules/reference/pages/configuration-parameters.adoc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/reference/pages/configuration-parameters.adoc b/modules/reference/pages/configuration-parameters.adoc index ff9ffa3f..1d9c8dd2 100644 --- a/modules/reference/pages/configuration-parameters.adoc +++ b/modules/reference/pages/configuration-parameters.adoc @@ -1197,16 +1197,16 @@ empty. You can use @/cert/file/path to pass the certificate from a file. |Security.UserPasswordPolicy.MinLength |Password min length |`8` -|Security.UserPasswordPolicy.UppercaseLetterRequired |Requires password must have at Least One Uppercase Character +|Security.UserPasswordPolicy.UppercaseLetterRequired |Requires password must have at least one uppercase character |`true` -|Security.UserPasswordPolicy.LowercaseLetterRequired |Requires password must have at Least One Lowercase Character +|Security.UserPasswordPolicy.LowercaseLetterRequired |Requires password must have at least one lowercase character |`true` -|Security.UserPasswordPolicy.DigitRequired |Requires password must have at Least One Digit +|Security.UserPasswordPolicy.DigitRequired |Requires password must have at least one digit |`true` -|Security.UserPasswordPolicy.SpecialCharacterRequired |Requires password must have at Least One special character +|Security.UserPasswordPolicy.SpecialCharacterRequired |Requires password must have at least one special character |`true` |Security.UserPasswordPolicy.ExpirationDay |How long the password remains valid after it has been updated From 9c227cd480dd637130aa655606193fa448836c96 Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg Date: Mon, 2 Sep 2024 14:53:56 +0800 Subject: [PATCH 04/26] [DOC-2278] login password combined togerther --- modules/security/nav.adoc | 5 +++-- modules/security/pages/login-password.adoc | 22 ++++++++++++++++++++++ 2 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 modules/security/pages/login-password.adoc diff --git a/modules/security/nav.adoc b/modules/security/nav.adoc index d18f23f4..fc5c69b8 100644 --- a/modules/security/nav.adoc +++ b/modules/security/nav.adoc @@ -4,5 +4,6 @@ ** xref:encrypting-data-at-rest.adoc[] ** xref:tigergraph-server:security:gsql-file-input-policy.adoc[] ** xref:file-output-policy.adoc[] -** xref:login-protection.adoc[Login Policy] -** xref:password-policy.adoc[] +** xref:login-password.adoc[Login and Password Policies] +*** xref:login-protection.adoc[] +*** xref:password-policy.adoc[] diff --git a/modules/security/pages/login-password.adoc b/modules/security/pages/login-password.adoc new file mode 100644 index 00000000..e801c13e --- /dev/null +++ b/modules/security/pages/login-password.adoc @@ -0,0 +1,22 @@ += Complexity password policy and Login protection +:description: Login, Password +:pp: {plus}{plus} +:page-aliases: README.adoc, readme.adoc + +Tigergraph provides complexity password policy and login protection to improve the security. + +== Password Policy + +Password Policy refers to a set of rules and requirements that dictate how passwords should be created and managed to ensure security. +See xref:tigergraph-server:security:password-policy[] for a detailed description + +== Login Protection + +Login Protection is a security feature that helps safeguard user accounts from unauthorized access. +See xref:tigergraph-server:security:login-protection[] for a detailed description + + + + + + From 73f756f8219b98ad845e5ae2b0b1564517dabdd5 Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg Date: Mon, 2 Sep 2024 15:14:44 +0800 Subject: [PATCH 05/26] password policy description --- modules/security/pages/password-policy.adoc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/security/pages/password-policy.adoc b/modules/security/pages/password-policy.adoc index f82a9abb..cdaadc1b 100644 --- a/modules/security/pages/password-policy.adoc +++ b/modules/security/pages/password-policy.adoc @@ -1,7 +1,9 @@ = Password Policy :description: Overview of password policy. -This guide provides instructions on how to configure and enforce password complexity policies. +The password policy allows administrators to flexibly set rules that must be followed when creating passwords, including password expiration, password rotation rules, and password complexity requirements. The purpose of this policy is to enhance system security, as administrators can establish different levels of password complexity requirements to reduce the risks of unauthorized access and data breaches. Through the password policy, the system can promote secure password management practices and strengthen overall system security. + +Building upon this, this guide provides instructions on how to configure and enforce password complexity policies. NOTE: Regardless of whether the password policy is enabled, no password can be an empty string or null. From 9ef029d24b8ccb68a4ee8ad17e7a6bbed1c8e7c3 Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg Date: Mon, 2 Sep 2024 15:25:14 +0800 Subject: [PATCH 06/26] login protection description --- modules/security/pages/login-password.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/security/pages/login-password.adoc b/modules/security/pages/login-password.adoc index e801c13e..e28494d9 100644 --- a/modules/security/pages/login-password.adoc +++ b/modules/security/pages/login-password.adoc @@ -7,12 +7,12 @@ Tigergraph provides complexity password policy and login protection to improve t == Password Policy -Password Policy refers to a set of rules and requirements that dictate how passwords should be created and managed to ensure security. +The password policy is a set of rules and requirements that dictate how passwords should be created, password expiration times, and password rotation rules to ensure security. See xref:tigergraph-server:security:password-policy[] for a detailed description == Login Protection -Login Protection is a security feature that helps safeguard user accounts from unauthorized access. +Login protection is a security feature that helps safeguard user accounts from unauthorized access, enhancing overall account security. See xref:tigergraph-server:security:login-protection[] for a detailed description From 7abacbd01e1c0346ac26ebb3b2e8826c6627dd80 Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg Date: Mon, 2 Sep 2024 17:45:12 +0800 Subject: [PATCH 07/26] add 3 missing fiels --- .../pages/configuration-parameters.adoc | 1308 ++++++++++++++++- 1 file changed, 1283 insertions(+), 25 deletions(-) diff --git a/modules/reference/pages/configuration-parameters.adoc b/modules/reference/pages/configuration-parameters.adoc index 1d9c8dd2..f40f0616 100644 --- a/modules/reference/pages/configuration-parameters.adoc +++ b/modules/reference/pages/configuration-parameters.adoc @@ -11,371 +11,691 @@ In addition, the last table is for runtime environment variables. Each component [cols="3", options="header",] |=== -|Name |Description |Example +|Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Admin.BasicConfig.Env | A list of `=` pairs, separated by `;` |`LD_LIBRARY_PATH=$LD_LIBRARY_PATH;` +|`string` +|`LD_LIBRARY_PATH=$LD_LIBRARY_PATH;` +| |Admin.BasicConfig.LogConfig.LogFileMaxDurationDay |The maximum number of days to retain old log files based on the timestamp encoded in their filename |`90` +|`int32` +|`90` +| |Admin.BasicConfig.LogConfig.LogFileMaxSizeMB |The maximum size in megabytes of the log file before it gets rotated |`100` +|`int32` +|`100` +| |Admin.BasicConfig.LogConfig.LogLevel |The log level(`INFO`,`WARN`,`ERROR`), default is `INFO` |`INFO` +|`string` +|`INFO` +| |Admin.BasicConfig.LogConfig.LogRotationFileNumber |The maximum number of old log files to retain |`100` +|`int32` +|`50` +| |Admin.BasicConfig.LogDirRelativePath |The relative path (to the System.LogRoot) of the log directory for Admin |`admin` +|`string` +|`admin` +| |Admin.BasicConfig.Nodes |The node list for Admin |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` +|`json` +|`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` +| |Admin.Port |The port for Admin |`12471` +|`int32` +|`12471` +| + |=== == Controller [width="100%",cols="34%,33%,33%",options="header",] |=== -|Name |Description |Example +|Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Controller.BasicConfig.Env | A list of `=` pairs, separated by `;` |`nan` +|`string` +|`` +| |Controller.BasicConfig.LogConfig.LogFileMaxDurationDay |The maximum number of days to retain old log files based on the timestamp encoded in their filename |`90` +|`int32` +|`90` +| |Controller.BasicConfig.LogConfig.LogFileMaxSizeMB |The maximum size in megabytes of the log file before it gets rotated |`100` +|`int32` +|`100` +| |Controller.BasicConfig.LogConfig.LogLevel |The log level(`DEBUG`,`INFO`,`WARN`,`ERROR`,`PANIC`,`FATAL`), default is INFO |`INFO` +|`string` +|`INFO` +| |Controller.BasicConfig.LogConfig.LogRotationFileNumber |The maximum number of old log files to retain |`100` +|`int32` +|`50` +| |Controller.BasicConfig.LogDirRelativePath |The relative path (to the System.LogRoot) of log directory for Controller |`controller` +|`string` +|`controller` +| |Controller.BasicConfig.Nodes |The nodes to deploy Controller |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` +|`json` +|`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` +| |Controller.ConfigRepoRelativePath |The relative path (to the System.DataRoot) of config repo where the service config files are stored |`configs` +|`string` +|`configs` +| |Controller.Connect.PrunerEnabled |Whether to automatically remove data that was already loaded by GSQL in Kafka. |`True` +|`bool` +|`true` +| |Controller.Connect.PruneIntervalMin |The wait time, in minutes, between each prune job that removes data already loaded by GSQL in Kafka. Accepts an integer from 1 to 59, inclusive.| `1` +|`int32` +|`1` +| |Controller.FileRepoRelativePath |The relative path (to the System.DataRoot) of the file repo for file management |`files` +|`string` +|`files` +| |Controller.FileRepoVersionNum |The maximum version of files to keep in the file repo |`3` +|`int32` +|`3` +| |Controller.LeaderElectionHeartBeatIntervalMS |The maximum interval(milliseconds) at which each service should call controller leader election service to be considered alive. |`6000` +|`int32` +|`6000` +| |Controller.LeaderElectionHeartBeatMaxMiss |The maximum number of heartbeats that can be missed before one service is considered dead by the controller |`5` +|`int32` +|`5` +| |Controller.Port |The serving gRPC (Google Remote Procedure Call) port for Controller |`9188` +|`int32` +|`9188` +| |=== == Dict [width="100%",cols="34%,33%,33%",options="header",] |=== -|Name |Description |Example +|Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Dict.BasicConfig.Env | A list of `=` pairs, separated by `;` |`LD_LIBRARY_PATH=$LD_LIBRARY_PATH;` +|`string` +|`LD_LIBRARY_PATH=$LD_LIBRARY_PATH;` +| |Dict.BasicConfig.LogConfig.LogFileMaxDurationDay |The maximum number of days to retain old log files based on the timestamp encoded in their filename |`90` +|`int32` +|`90` +| |Dict.BasicConfig.LogConfig.LogFileMaxSizeMB |The maximum size in megabytes of the log file before it gets rotated |`100` +|`int32` +|`100` +| |Dict.BasicConfig.LogConfig.LogRotationFileNumber |The maximum number of old log files to retain |`100` +|`int32` +|`50` +| |Dict.BasicConfig.LogDirRelativePath |The relative path (to the System.LogRoot) of log directory for Dict |`dict` +|`string` +|`dict` +| |Dict.BasicConfig.Nodes |The node list for Dict |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` +|`json` +|`{HostID: "m1", Replica: 1}` +| |Dict.Port |The port for Dict |`17797` +|`int32` +|`17797` +| + |=== == ETCD [width="100%",cols="34%,33%,33%",options="header",] |=== -|Name |Description |Example +|Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |ETCD.BasicConfig.Env | A list of `=` pairs, separated by `;` |`ETCD_UNSUPPORTED_ARCH=arm64` +|`string` +|`ETCD_UNSUPPORTED_ARCH=arm64` +| |ETCD.BasicConfig.LogConfig.LogFileMaxDurationDay |The maximum number of days to retain old log files based on the timestamp encoded in their filename |`90` +|`int32` +|`90` +| |ETCD.BasicConfig.LogConfig.LogFileMaxSizeMB |The maximum size in megabytes of the log file before it gets rotated |`100` +|`int32` +|`100` +| |ETCD.BasicConfig.LogConfig.LogLevel |The log level(`DEBUG`,`INFO`,`WARN`,`ERROR`,`PANIC`,`FATAL`), default is `INFO` |`INFO` +|`string` +|`INFO` +| |ETCD.BasicConfig.LogConfig.LogRotationFileNumber |The maximum number of old log files to retain |`100` +|`int32` +|`50` +| |ETCD.BasicConfig.LogDirRelativePath |The relative path (to the System.LogRoot) of the log directory for ETCD |`etcd` +|`string` +|`etcd` +| |ETCD.BasicConfig.Nodes |The node list for ETCD |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` +|`json` +|`{HostID: "m1", Replica: 1}` +| |ETCD.ClientPort |The port of ETCD to listen for client traffic |`20000` +|`int32` +|`20000` +| |ETCD.DataRelativePath |The data dir of etcd under `$DataRoot` |`etcd` +|`string` +|`etcd` +| |ETCD.ElectionTimeoutMS |Time (in milliseconds) for an election to timeout |`1000` +|`int32` +|`5000` +| |ETCD.HeartbeatIntervalMS |Time (in milliseconds) of a heartbeat interval |`100` +|`int32` +|`500` +|`` |ETCD.MaxRequestBytes |Maximum client request size in bytes the server will accept |`52428800` +|`int32` +|`52428800` +| |ETCD.MaxSnapshots |Maximum number of snapshot files to retain (0 is unlimited) |`5` +|`int32` +|`5` +| |ETCD.MaxTxnOps |Maximum number of operations permitted in a transaction |`8192` +|`int32` +|`8192` +| |ETCD.MaxWals |Maximum number of wal files to retain (0 is unlimited) |`5` +|`int32` +|`5` +| |ETCD.PeerPort |The port of ETCD to listen for peer traffic |`20001` +|`int32` +|`20001` +| |ETCD.SnapshotCount |Number of committed transactions to trigger a snapshot to disk |`50000` +|`int32` +|`50000` +| |=== == Executor [width="100%",cols="34%,33%,33%",options="header",] |=== -|Name |Description |Example +|Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Executor.BasicConfig.Env | A list of `=` pairs, separated by `;` |`nan` +|`string` +|empty string +| |Executor.BasicConfig.LogConfig.LogFileMaxDurationDay |The maximum number of days to retain old log files based on the timestamp encoded in their filename |`90` +|`int32` +|`90` +| |Executor.BasicConfig.LogConfig.LogFileMaxSizeMB |The maximum size in megabytes of the log file before it gets rotated |`100` +|`int32` +|`100` +| + |Executor.BasicConfig.LogConfig.LogLevel |The log level(`DEBUG`,`INFO`,`WARN`,`ERROR`,`PANIC`,`FATAL`), default is `INFO` |`INFO` +|`string` +|`INFO` +| |Executor.BasicConfig.LogConfig.LogRotationFileNumber |The maximum number of old log files to retain |`100` +|`int32` +|`50` +| |Executor.BasicConfig.LogDirRelativePath |The relative path (to the System.LogRoot) of log directory for Executor |`executor` +|`string` +|`executor` +| |Executor.BasicConfig.Nodes |The nodes to deploy Executors |`[{"HostID":"m1","Partition":1,"Replica":0},{"HostID":"m2","Partition":2,"Replica":0}]` +|`string` +|`[{"HostID":"m1","Partition":1},{"HostID":"m2","Partition":2}]` +| |Executor.DataRelativePath |The data dir of executor under $DataRoot |`executor` +|`string` +|`executor` +| |Executor.FileTransferConcurrency |The maximum concurrency for Executor file transfer |`10` +|`int32` +|`10` +| |Executor.FileTransferPort |The port for Executor to do file transfer |`9178` +|`int32` +|`9178` +| |Executor.FileVersionNum |The maximum version of files to keep |`10` +|`int32` +|`10` +| |Executor.Port |The serving port for Executor |`9177` +|`int32` +|`9177` +| |Executor.WatchDogIntervalMS |The process status check interval (ms) |`1000` +|`int32` +|`1000` +| |=== == FileLoader [width="100%",cols="34%,33%,33%",options="header",] |=== -|Name |Description |Example +|Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |FileLoader.BasicConfig.Env |A list of `=` pairs, separated by `;` |`nan` +|`string` +|empty string +| |FileLoader.BasicConfig.LogConfig.LogFileMaxDurationDay |The maximum number of days to retain old log files based on the timestamp encoded in their filename |`90` +|`int32` +|`90` +| |FileLoader.BasicConfig.LogConfig.LogFileMaxSizeMB |The maximum size in megabytes of the log file before it gets rotated |`100` +|`int32` +|`100` +| |FileLoader.BasicConfig.LogConfig.LogLevel |The log level(`OFF`, `BRIEF`, `DEBUG`, `VERBOSE`), default is `BRIEF` |`BRIEF` +|`string` +|`BRIEF` +| |FileLoader.BasicConfig.LogConfig.LogRotationFileNumber |The maximum number of old log files to retain |`100` +|`int32` +|`50` +| |FileLoader.BasicConfig.LogDirRelativePath |The relative path (to the System.LogRoot) of log directory for FileLoader |`fileLoader` +|`string` +|`fileLoader` +| |FileLoader.Factory.DefaultLoadingTimeoutSec |The default per request loading timeout (s) for FileLoader |`600` +|`int32` +|`600` +| |FileLoader.Factory.DefaultQueryTimeoutSec |The default query timeout (s) for FileLoader |`16` +|`int32` +|`16` +| |FileLoader.Factory.DynamicEndpointRelativePath |FileLoader’s relative (to data root) path to store the dynamic endpoint |`fileLoader/endpoint/` +|`string` +|`fileLoader/endpoint/` +| |FileLoader.Factory.DynamicSchedulerRelativePath |FileLoader’s relative (to data root) path to store the dynamic scheduler |`fileLoader/scheduler/` +|`string` +|`fileLoader/scheduler/` +| |FileLoader.Factory.EnableAuth |Enable authentication of FileLoader |`false` +|`string` +|`false` +| |FileLoader.Factory.HandlerCount |FileLoader’s handler count |`4` +|`int32` +|`4` +| |FileLoader.Factory.StatsIntervalSec |FileLoader’s time interval to collect stats (e.g. QPS) |`60` +|`int32` +|`60` +| |FileLoader.GPEResponseBasePort |The port of FileLoader to accept GPE response |`8400` +|`int32` +|`8400` +| |FileLoader.GSEResponseBasePort |The port of FileLoader to accept GSE response |`8500` +|`int32` +|`8500` +| |FileLoader.ReplicaNumber |The number of replicas of Fileloader per node |`1` +|`int32` +|`1` +| |=== == GPE [width="100%",cols="34%,33%,33%",options="header",] |=== -|Name |Description |Example +|Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |GPE.BasicConfig.Env |A list of `=` pairs, separated by `;` |`LD_PRELOAD=$LD_PRELOAD; LD_LIBRARY_PATH=$LD_LIBRARY_PATH; CPUPROFILE=/tmp/tg_cpu_profiler; CPUPROFILESIGNAL=34; MALLOC_CONF=prof:true,prof_active:false; ZMQ_KEEPALIVE=1` +|`string` +|`LD_PRELOAD=$LD_PRELOAD; LD_LIBRARY_PATH=$LD_LIBRARY_PATH; CPUPROFILE=/tmp/tg_cpu_profiler; CPUPROFILESIGNAL=34; MALLOC_CONF=prof:true,prof_active:false; ZMQ_KEEPALIVE=1` +| |GPE.BasicConfig.LogConfig.LogFileMaxDurationDay |The maximum number of days to retain old log files based on the timestamp encoded in their filename |`90` +|`int32` +|`90` +| |GPE.BasicConfig.LogConfig.LogFileMaxSizeMB |The maximum size in megabytes of the log file before it gets rotated |`100` +|`int32` +|`100` +| |GPE.BasicConfig.LogConfig.LogLevel |The log level (`OFF`, `BRIEF`, `DEBUG`, `VERBOSE`), default is `BRIEF` |`BRIEF` +|`string` +|`BRIEF` +| |GPE.BasicConfig.LogConfig.LogRotationFileNumber |The maximum number of old log files to retain |`100` +|`int32` +|`100` +| |GPE.BasicConfig.LogDirRelativePath |The relative path (to the System.LogRoot) of log directory for GPE |`gpe` +|`string` +|`gpe` +| |GPE.BasicConfig.Nodes |The node list for GPE |`[{"HostID":"m1","Partition":1,"Replica":1},{"HostID":"m2","Partition":1,"Replica":2}]` +|`string` +|`[{"HostID":"m1","Partition":1,"Replica":1},{"HostID":"m2","Partition":1,"Replica":2}]` +| |GPE.Disk.CompressMethod |The compression method of GPE disk data |`nan` +|`string` +|Empty string +| |GPE.Disk.DiskStoreRelativePath |The path (relative to temp root) to store GPE temporary disk data |`gpe/disks` +|`string` +|`gpe/disks` +| |GPE.Disk.LoadThreadNumber |The number of threads to load from disk |`1` +|`int32` +|`1` +| |GPE.Disk.SaveThreadNumber |The number of threads to save to disk |`1` +|`int32` +|`1` +| |GPE.EdgeDataMemoryLimit |The memory limit for edge data. |`-1` +|`int32` +|`-1` +| |GPE.GPE2GPEResponsePort |The GPE port for receiving response back from other GPEs |`7501` +|`int32` +|`7501` +| |GPE.GPERequestPort |The GPE port for receiving requests |`7502` +|`int32` +|`7502` +| |GPE.IdResponsePort |The GPE port for receiving id response from GSE |`7500` +|`int32` +|`7500` +| |GPE.Kafka.BatchMsgNumber |The number of messages to send in one batch when using async mode. The producer will wait until either this number of messages are ready to send or queue buffer max ms is reached. |`64` +|`int32` +|`64` +| |GPE.Kafka.CompressCodec |This parameter allows you to specify the compression codec for all data generated by this producer. Valid values are none, gzip and snappy. |`none` +|`string` +|`none` +| |GPE.Kafka.FetchErrorBackoffTimeMS |How long to postpone the next fetch request for a topic+partition in case of a fetch error. |`6` +|`int32` +|`6` +| |GPE.Kafka.FetchWaitMaxTimeMS |The maximum amount of time the server will block before answering the fetch request if there isn’t sufficient data to immediately satisfy fetch min bytes. |`10` +|`int32` +|`10` +| |GPE.Kafka.MsgMaxBytes |Maximum transmit message size. |`10485760` +|`float32` +|`10485760` +| |GPE.Kafka.QueueBufferMaxMsgNumber |The maximum number of unsent messages that can be queued up the producer when using async mode before either the producer must be blocked or data must be dropped. |`64` +|`int32` +|`64` +| |GPE.Kafka.QueueBufferMaxTimeMS |Maximum time to buffer data when using async mode. |`1` +|`int32` +|`1` +| |GPE.Kafka.QueueMinMsgNumber |Minimum number of messages per topic+partition in the local consumer queue. |`100000` +|`int32` +|`100000` +| |GPE.Kafka.RequestRequiredAcks |This field indicates how many acknowledgements the leader broker must receive from ISR brokers before responding to the request. |`1` +|`int32` +|`1` +| |GPE.LeaderElectionTTLSec |The time-to-live of a GPE election participant. A GPE will be kicked out of election if one GPE is not responsive after the TTL. |`30` +|`int32` +|`30` +| |GPE.MemoryLimitMB |The total topology memory limit. For graphs with large topology data, this parameter can limit the system memory used for topology data in order to free up memory for query processing. - This parameter takes precedence over the `EdgeDataMemoryLimit` and `VertexDataMemoryLimit` parameters. |`-1` +|`int32` +|`-1` +| |GPE.NumberOfHashBucketInBit |The number of bits used to represent hash bucket counts. |`5` +|`int32` +|`5` +| |GPE.RebuildThreadNumber |The number of rebuild threads for GPE |`3` +|`int32` +|`3` +| |GPE.StopTimeoutMS |Stop GPE timeout |`300000` +|`int32` +|`300000` +| |GPE.VertexDataMemoryLimit |The memory limit for vertex data in the topology.|`-1` +|`int32` +|`-1` +| |=== == GSE [width="100%",cols="34%,33%,33%",options="header",] |=== -|Name |Description |Example +|Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |GSE.BasicConfig.Env | A list of `=` pairs, separated by `;` Some of the environment variables: @@ -383,137 +703,272 @@ Some of the environment variables: `LicenseCheckInterval`: how often (in seconds) to check license violations, default/max value: 300; `UpdateGraphInterval`: how often (in seconds) to pull topology info from Zookeeper, default/max value: 300 |`LD_PRELOAD=$LD_PRELOAD; LD_LIBRARY_PATH=$LD_LIBRARY_PATH; CPUPROFILE=/tmp/tg_cpu_profiler; CPUPROFILESIGNAL=34; MALLOC_CONF=prof:true,prof_active:false` +|`string` +|`LD_PRELOAD=$LD_PRELOAD; LD_LIBRARY_PATH=$LD_LIBRARY_PATH; CPUPROFILE=/tmp/tg_cpu_profiler; CPUPROFILESIGNAL=34; MALLOC_CONF=prof:true,prof_active:false` +| |GSE.BasicConfig.LogConfig.LogFileMaxDurationDay |The maximum number of days to retain old log files based on the timestamp encoded in their filename |`90` +|`int32` +|`90` +| |GSE.BasicConfig.LogConfig.LogFileMaxSizeMB |The maximum size in megabytes of the log file before it gets rotated |`100` +|`int32` +|`100` +| |GSE.BasicConfig.LogConfig.LogLevel |The log level(``OFF'', ``BRIEF'', ``DEBUG'', ``VERBOSE''), default is BRIEF |`BRIEF` +|`string` +|`BRIEF` +| |GSE.BasicConfig.LogConfig.LogRotationFileNumber |The maximum number of old log files to retain |`100` +|`int32` +|`100` +| |GSE.BasicConfig.LogDirRelativePath |The relative path (to the System.LogRoot) of log directory for GSE |`gse` +|`string` +|`gse` +| |GSE.BasicConfig.Nodes |The node list for GSE |`[{"HostID":"m1","Partition":1,"Replica":1},{"HostID":"m2","Partition":1,"Replica":2}]` +|`json` +|`[{"HostID":"m1","Partition":1,"Replica":1},{"HostID":"m2","Partition":1,"Replica":2}]` +| |GSE.IdRequestPort |The id request serving port of GSE |`6500` +|`int32` +|`6500` +| |GSE.JournalTopicPrefix |Kafka Topic prefix of GSE journal storage/replication |`GSE_journal_` +|`string` +|`GSE_journal_` +| |GSE.LeaderElectionTTLSec |The time-to-live of a GSE election participant.A GSE will be kicked out of election if one GSE is not responsive after the TTL. |`30` +|`int32` +|`30` +| |GSE.RLSPort |The serving port of GSE RLS |`8900` +|`int32` +|`8900` +| |GSE.StopTimeoutMS |Stop GSE timeout |`300000` +|`int32` +|`300000` +| |=== == GSQL [width="100%",cols="34%,33%,33%",options="header",] |=== -|Name |Description |Example +|Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |GSQL.BasicConfig.Env |A list of `=` pairs, separated by `;` |`CPATH=$CPATH; LD_LIBRARY_PATH=$LD_LIBRARY_PATH;` +|`string` +|`CPATH=$CPATH; LD_LIBRARY_PATH=$LD_LIBRARY_PATH;` +| |GSQL.BasicConfig.LogConfig.LogFileMaxSizeMB |The maximum size in megabytes of the log file before it gets rotated |`100` +|`int32` +|`100` +| |GSQL.BasicConfig.LogConfig.LogLevel |GSQL log level: ERROR, INFO, DEBUG |`INFO` +|`string` +|`INFO` +| |GSQL.BasicConfig.LogConfig.LogRotationFileNumber |The maximum number of old log files to retain |`100` +|`int32` +|`100` +| |GSQL.BasicConfig.LogDirRelativePath |The relative path (to the System.LogRoot) of log directory for GSQL |`gsql` +|`string` +|`gsql` +| |GSQL.BasicConfig.Nodes |The node list for GSQL |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` +|`json` +|`[{"HostID":"m1", "Replica":1},{"HostID":"m2", "Replica":2}]` +| |GSQL.CatalogBackupFileMaxDurationDay |The maximum number of days for catalog backup files to retain |`30` +|`int32` +|`30` +| |GSQL.CatalogBackupFileMaxNumber |The maximum number of catalog backup files to retain |`20` +|`int32` +|`20` +| |GSQL.DataRelativePath |The data dir of gsql under $DataRoot |`gsql` +|`string` +|`gsql` +| |GSQL.EnableStringCompress |Enable string compress |`false` +|`boolean` +|`false` +| |GSQL.FileOutputPolicy |The policy to control file outputs in GSQL queries |`["/"]` +|`string[]` +|`["/"]` +| |GSQL.GithubBranch |The working branch in provided repository. Will use `master' as the default branch |`nan` +|`string` +|Empty string +| |GSQL.GithubPath |The path to the directory in the github that has TokenBank.cpp, ExprFunctions.hpp, ExprUtil.hpp, e.g. sample_code/src |`nan` +|`string` +|Empty string +| |GSQL.GithubRepository |The repository name, e.g. tigergraph/ecosys |`nan` +|`string` +|Empty string +| |GSQL.GithubUrl |The url that is used for github enterprise, e.g. https://api.github.com |`nan` +|`string` +|Empty string +| |GSQL.GithubUserAcessToken |The credential for github. Set it to `anonymous' for public access, or empty to not use github |`nan` +|`string` +|Empty string +| |GSQL.GrpcMessageMaxSizeMB |The maximum size of grpc message request of gsql |`40` +|`int32` +|`40` +| |GSQL.HA.BufferedReaderBufferSizeBytes |Customizes the buffer size (in bytes) for messages sent between GSQL servers in a HA cluster. |`8192` (bytes). If it is set below `8192`, GSQL will reset it to `8192`. Must be a positive 32-bit integer (less than `2147483647`). +|`int32` +|`8192` +| |GSQL.LoginLimit.InitialWaitTimeSec|The amount of time in seconds a user has to wait for the subsequent login after the number of successive failed login attempts reaches the initial threshold. | `10` +|`int32` +|`10` +| |GSQL.LoginLimit.InitialThreshold |The number of successive failed login attempts since the last successful login to apply the wait time for the subsequent login attempts. Set 0 to disable the rate limiting. | `5` +|`int32` +|`5` +| |GSQL.LoginLimit.SecondaryThreshold | The number of successive failed login attempts after reaching the initial threshold that the wait time will be doubled for every this number of successive failed login attempts afterward. | `2` +|`int32` +|`2` +| |GSQL.ManageCatalogTimeoutSec |GSQL connection timeout (second) to admin server when trying to download/upload/delete catalog. Default value: 20 | 20 +|`int32` +|`20` +| |GSQL.MaxAuthTokenLifeTimeSec |The maximum lifetime of auth token in seconds, 0 means unlimited |`0` +|`int32` +|`0` +| |GSQL.OutputTokenBufferSize |The buffer size for output token from GSQL |`16000000` +|`int32` +|`16000000` +| |GSQL.Port |The server port for GSQL |`8123` +|`int32` +|`8123` +| |GSQL.QueryResponseMaxSizeByte |Maximum response size in byte |`33554432` +|`int32` +|`33554432` +| |GSQL.RESTPPRefreshTimeoutSec |Refresh time in Seconds of Restpp |`60` +|`int32` +|`60` +| |GSQL.SchemaIndexFileNumber |File number |`10` +|`int32` +|`10` +| |GSQL.TokenCleaner.GraceTimeSec |The grace time (in seconds) for expired tokens to exist without being cleaned |`0` +|`int32` +|`0` +| |GSQL.TokenCleaner.IntervalTimeSec |The running interval of TokenCleaner in seconds |`10800` +|`int32` +|`10800` +| |GSQL.UDF.EnablePutTokenBank | Whether to enable the `PUT` command to upload a TokenBank file. |`false` +|`bool` +|`false` +| |GSQL.UDF.EnablePutExpr |Whether to enable the `PUT` command to upload an ExprFunction file. |`false` +|`bool` +|`false` +| |GSQL.UDF.Policy.Enable | Whether to enforce a policy on the contents of UDF files (see xref:security:index.adoc#_udf_file_scanning[UDF file scanning]). |`true` +|`bool` +|`true` +| |GSQL.UDF.Policy.HeaderAllowlist | A default set of C{plus}{plus} headers that are allowed to be included in a UDF file. |`["stdlib.h", "string", "tuple", @@ -524,400 +979,746 @@ in seconds |`10800` "iterator", "sstream", "algorithm", "math.h"]` +|`string[]` +|`["stdlib.h", "string", "tuple", +"vector", "list", "deque", "arrays", "forward_list", +"queue", "priority_queue", "stack", +"set", "multiset", "map", "multimap", +"unordered_set", "unordered_multiset", "unordered_map", "unordered_multimap", +"iterator", +"sstream", +"algorithm", "math.h"]` +| |GSQL.UserInfoLimit.TokenSizeLimit |The max number of tokens allowed |`60000` +|`int32` +|`60000` +| |GSQL.UserInfoLimit.UserCatalogFileMaxSizeByte |The file size limit for user metadata in byte |`2097152` +|`int32` +|`2097152` +| |GSQL.UserInfoLimit.UserSizeLimit |The max number of users allowed |`12000` +|`int32` +|`12000` +| |GSQL.WaitServiceOnlineTimeoutSec |Timeout to wait for all services online |`300` +|`int32` +|`300` +| |=== == GUI [width="100%",cols="34%,33%,33%",options="header",] |=== -|Name |Description |Example +|Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |GUI.BasicConfig.Env | A list of `=` pairs, separated by `;` |`nan` +|`string` +|Empty string +| |GUI.BasicConfig.LogConfig.LogFileMaxDurationDay |The maximum number of days to retain old log files based on the timestamp encoded in their filename |`90` +|`int32` +|`90` +| |GUI.BasicConfig.LogConfig.LogFileMaxSizeMB |The maximum size in megabytes of the log file before it gets rotated |`100` +|`int32` +|`100` +| |GUI.BasicConfig.LogConfig.LogLevel |The log level(`'DEBUG'`,`'INFO'`,`'WARN'`,`'ERROR'`,`'PANIC'`,`'FATAL'`), default is INFO |`INFO` +|`string` +|`INFO` +| |GUI.BasicConfig.LogConfig.LogRotationFileNumber |The maximum number of old log files to retain |`100` +|`int32` +|`100` +| |GUI.BasicConfig.LogDirRelativePath |The relative path (to the System.LogRoot) of log directory for GUI |`gui` +|`string` +|`gui` +| |GUI.BasicConfig.Nodes |The node list for GraphStudio |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` +|`json` +|`[{"HostID":"m1","Replica":1},{"HostID":"m2", "Replica":2}]` |GUI.ClientIdleTimeSec |The maximum idle time of client-side GraphStudio and AdminPortal before inactivity logout |`604800` +|`int32` +|`604800` +| |GUI.Cookie.DurationSec |GUI Cookie duration time in seconds |`86400` +|`int32` +|`86400` +| |GUI.Cookie.SameSite |Default mode: 1; Lax mode: 2; Strict mode: 3; None mode: 4 |`3` +|`int32` +|`3` +| |GUI.EnableConcurrentSession |Enable or disable concurrent sessions for GUI. Setting to `false` will disable concurrent sessions.The default value is `true`. - |`true` +|`bool` +|`true` +| |GUI.DataDirRelativePath |The relative path of gui data folder (to the System.DataRoot) |`gui` +|`string` +|`gui` +| |GUI.EnableDarkTheme |The boolean value on whether or not GUI should enable dark theme |`true` +|`bool` +|`true` +| |GUI.GraphQLConfig.SchemaRefreshPeriod |The schema refresh period of GraphQL service |`10` +|`int32` +|`10` +| + |GUI.GraphStatCheckIntervalSec |The internval(in seconds) GraphStudio wait before checking the graph statistics |`10` +|`int32` +|`10` +| |GUI.HTTPRequest.RetryMax |GUI http request max retry times |`4` +|`int32` +|`4` +| |GUI.HTTPRequest.RetryWaitMaxSec |GUI HTTP request max retry waiting time in seconds |`30` +|`int32` +|`30` +| |GUI.HTTPRequest.RetryWaitMinSec |GUI HTTP request minimum retry waiting time in seconds |`1` +|`int32` +|`1` +| |GUI.HTTPRequest.TimeoutSec |GUI HTTP request timeout in seconds |`604800` +|`int32` +|`604800` +| |GUI.Port |The serving port for GraphStudio Websocket communication |`14242` +|`int32` +|`14242` +| |GUI.RESTPPResponseMaxSizeBytes |The RESTPP response size limit bytes. |`33554432` +|`float32` +|`33554432` +| |GUI.TempDirRelativePath |The relative path of gui temp folder (to the System.TempRoot) |`gui` +|`string` +|`gui` +| |GUI.TempFileMaxDurationDay |GUI temp file max duration time in days |`7` +|`int32` +|`7` +| |=== == Gadmin [width="100%",cols="34%,33%,33%",options="header",] |=== -|Name |Description |Example +|Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Gadmin.StartServiceDefaultTimeoutMS |The start one service default timeout in milliseconds |`30000` +|`int32` +|`30000` +| |Gadmin.StartStopRequestTimeoutMS |The start/stop service default request timeout in milliseconds |`600000` +|`int32` +|`600000` +| |Gadmin.StopServiceDefaultTimeoutMS |The stop one service default request timeout in milliseconds |`30000` +|`int32` +|`30000` +| |=== == Informant [width="100%",cols="34%,33%,33%",options="header",] |=== -|Name |Description |Example +|Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Informant.BasicConfig.Env | A list of `=` pairs, separated by `; |`nan` +|`string` +|Empty string +| |Informant.BasicConfig.LogConfig.LogFileMaxDurationDay |The maximum number of days to retain old log files based on the timestamp encoded in their filename |`90` +|`int32` +|`90` +| |Informant.BasicConfig.LogConfig.LogFileMaxSizeMB |The maximum size in megabytes of the log file before it gets rotated |`100` +|`int32` +|`100` +| |Informant.BasicConfig.LogConfig.LogLevel |The log level(``DEBUG'',``INFO'',``WARN'',``ERROR'',``PANIC'',``FATAL''), default is INFO |`INFO` +|`string` +|`INFO` +| |Informant.BasicConfig.LogConfig.LogRotationFileNumber |The maximum number of old log files to retain |`100` +|`int32` +|`100` +| |Informant.BasicConfig.LogDirRelativePath |The relative path (to the System.LogRoot) of log directory for Informant |`informant` +|`string` +|`informant` +| |Informant.BasicConfig.Nodes |The nodes to deploy Informant |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` +|`json` +|`[{"HostID":"m1","Replica":1},{"HostID":"m2", "Replica"}]` +| |Informant.DBRelativePath |The relative path (to the System.DataRoot) of informant database source folder |`informant/db` +|`string` +|`informant/db` +| |Informant.GrpcPort |The grpc server port for Informant |`9166` +|`int32` +|`9166` +| |Informant.RestPort |The restful server port for Informant |`9167` +|`int32` +|`9167` +| |Informant.RetentionPeriodDay |The period in days for local data records to be kept, set to -1 for forever (not advised). Longer retention results in higher disk space usage and slower search for historical status |`7` (default. Prior to v3.9.2, the default was 30.) +|'int32' +|`7` +| |=== == Kafka [width="100%",cols="34%,33%,33%",options="header",] |=== -|Name |Description |Example +|Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Kafka.BasicConfig.Env | A list of `=` pairs, separated by `;` |`nan` +|`string` +|`JMX_PORT=29999;` +| |Kafka.BasicConfig.LogConfig.LogFileMaxSizeMB |The maximum size in megabytes of the log file before it gets rotated |`100` +|`int32` +|`100` +| |Kafka.BasicConfig.LogConfig.LogLevel |The log level for kafka (``TRACE'', ``DEBUG'', ``INFO'', ``WARN'', ``ERROR'', ``FATAL'' ``OFF'') |`INFO` +|`string` +|`INFO` +| |Kafka.BasicConfig.LogConfig.LogRotationFileNumber |The maximum number of old log files to retain |`100` +|`int32` +|`100` +| |Kafka.BasicConfig.LogDirRelativePath |The relative path (to the System.LogRoot) of log directory for Kafka |`kafka` +|`string` +|`kafka` +| |Kafka.BasicConfig.Nodes |The node list for Kafka |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` +|`json` +|`[{"HostID":"m1","Partition":0,"Replica":1},{HostID: "m2", Replica: 2}]` +| |Kafka.DataRelativePath |The data dir of kafka under $DataRoot |`kafka` +|`string` +|`kafka` +| |Kafka.IOThreads |The number of threads for Kafka IO |`2` +|`int32` +|`2` +| |Kafka.LogFlushIntervalMS |The threshold of time for flushing log (ms) |`10000` +|`int32` +|`10000` +| |Kafka.LogFlushIntervalMessage |The threshold of message for flushing log |`10000` +|`int32` +|`10000` +| |Kafka.MessageMaxSizeMB |The maximum size of a message of Kafka to be produced (megabytes) |`10` +|`int32` +|`10` +| |Kafka.MinInsyncReplicas |The minimal number of insync replicas that must acknowledge, when producer sets acks to `all' |`1` +|`int32` +|`1` +| |Kafka.NetworkThreads |The number of threads for Kafka Network |`4` +|`int32` +|`4` +| |Kafka.Port |The serving port for Kafka |`30002` +|`int32` +|`30002` +| |Kafka.RetentionHours |The minimum age of a log file of Kafka to be eligible for deletion (hours) |`168` +|`int32` +|`168` +| |Kafka.RetentionSizeGB |The minimum size of a log file of Kafka to be eligible for deletion (gigabytes) |`40` +|`int32` +|`40` +| |Kafka.StartTimeoutMS |Start kafka timeout |`300000` +|`int32` +|`300000` +| |Kafka.TopicReplicaFactor |The default replica number for each topic |`1` +|`int32` +|`1` +| |=== == KafkaConnect [width="100%",cols="34%,33%,33%",options="header",] |=== -|Name |Description |Example +|Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |KafkaConnect.AllowedTaskPerCPU |[v3.9.2+] Maximum number of allowed connector tasks = (#CPUs) x AllowedTaskPerCPU. Range is [0.5,10]. It is recommended to stay below 2.0. |`1.5` (default) +|`float32` +|`1.5` +| |KafkaConnect.BasicConfig.Env |A list of `=` pairs, separated by `;` |`nan` +|`string` +|`KAFKA_JVM_PERFORMANCE_OPTS=\"-server -XX:+UseShenandoahGC -XX:+ExplicitGCInvokesConcurrent -XX:MaxInlineLevel=15 -Djava.awt.headless=true` +| |KafkaConnect.BasicConfig.LogConfig.LogFileMaxSizeMB |The maximum size in megabytes of the log file before it gets rotated |`100` +|`int32` +|`100` +| |KafkaConnect.BasicConfig.LogConfig.LogLevel |The log level for kafka connect (``TRACE'', ``DEBUG'', ``INFO'', ``WARN'', ``ERROR'', ``FATAL'' ``OFF'') |`INFO` +|`string` +|`INFO` +| |KafkaConnect.BasicConfig.LogConfig.LogRotationFileNumber |The maximum number of old log files to retain |`100` +|`int32` +|`100` +| |KafkaConnect.BasicConfig.LogDirRelativePath |The relative path (to the System.LogRoot) of log directory for Kafka connect |`kafkaconn` +|`string` +|`kafkaconn` +| |KafkaConnect.BasicConfig.Nodes |The node list for Kafka connect |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` +|`json` +|`[{"HostID":"m1","Replica":1},{"HostID":"m2", "Replica":2}]` +| |KafkaConnect.MaxMemorySizeMB |The max memory usage limit of Kafka Connect in MB. |10240 +|`int32` +|`10240` +| //|KafkaConnect.MaxPollIntervalMS |The interval between Kafka connect poll //loop processing message |`900000` |KafkaConnect.MaxRequestSize |The max request size of kafka connect producer |`5242880` +|`int32` +|`5242880` +| |KafkaConnect.OffsetFlushIntervalMS |The interval at which Kafka connect tasks’ offsets are committed |`10000` +|`int32` +|`10000` +| |KafkaConnect.Port |The port used for kafka connect |`30003` +|`int32` +|`30003` +| |KafkaConnect.ReconnectBackoffMS |The amount of time to wait before attempting to reconnect to a given host |`500` +|`int32` +|`500` +| |KafkaConnect.RetryBackoffMS |The amount of time to wait before attempting to retry a failed fetch request to a given topic partition |`10000` +|`int32` +|`10000` +| |=== == KafkaLoader [width="100%",cols="34%,33%,33%",options="header",] |=== -|Name |Description |Example +|Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |KafkaLoader.BasicConfig.Env | A list of `=` pairs, separated by `;` |`nan` +|`string` +|Empty string +| |KafkaLoader.BasicConfig.LogConfig.LogFileMaxDurationDay |The maximum number of days to retain old log files based on the timestamp encoded in their filename |`90` +|`int32` +|`90` +| |KafkaLoader.BasicConfig.LogConfig.LogFileMaxSizeMB |The maximum size in megabytes of the log file before it gets rotated |`100` +|`int32` +|`100` +| |KafkaLoader.BasicConfig.LogConfig.LogLevel |The log level(``OFF'', ``BRIEF'', ``DEBUG'', ``VERBOSE''), default is BRIEF |`BRIEF` +|`string` +|`BRIEF` +| |KafkaLoader.BasicConfig.LogConfig.LogRotationFileNumber |The maximum number of old log files to retain |`100` +|`int32` +|`100` +| |KafkaLoader.BasicConfig.LogDirRelativePath |The relative path (to the System.LogRoot) of log directory for KafkaLoader |`kafkaLoader` +|`string` +|`kafkaLoader` +| |KafkaLoader.Factory.DefaultLoadingTimeoutSec |The default per request loading timeout (s) for KafkaLoader |`600` +|`int32` +|`600` +| |KafkaLoader.Factory.DefaultQueryTimeoutSec |The default query timeout (s) for KafkaLoader |`16` +|`int32` +|`16` +| |KafkaLoader.Factory.DynamicEndpointRelativePath |KafkaLoader’s relative (to data root) path to store the dynamic endpoint |`kafkaLoader/endpoint/` +|`string` +|`kafkaLoader/endpoint/` +| |KafkaLoader.Factory.DynamicSchedulerRelativePath |KafkaLoader’s relative (to data root) path to store the dynamic scheduler |`kafkaLoader/scheduler/` +|`string` +|`kafkaLoader/scheduler/` +| + |KafkaLoader.Factory.EnableAuth |Enable authentication of KafkaLoader |`false` +|`bool` +|`false` +| |KafkaLoader.Factory.HandlerCount |KafkaLoader’s handler count |`4` +|`int32` +|`4` +| |KafkaLoader.Factory.StatsIntervalSec |KafkaLoader’s time interval to collect stats (e.g. QPS) |`60` +|`int32` +|`60` +| |KafkaLoader.GPEResponseBasePort |The port of KafkaLoader to accept GPE response |`9400` +|`int32` +|`9400` +| |KafkaLoader.GSEResponseBasePort |The port of KafkaLoader to accept GSE response |`9500` +|`int32` +|`9500` +| |KafkaLoader.ReplicaNumber |The number of replica of kafkaloader per node |`1` +|`int32` +|`1` +| |=== == KafkaStreamLL [width="100%",cols="34%,33%,33%",options="header",] |=== -|Name |Description |Example +|Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |KafkaStreamLL.BasicConfig.Env | A list of `=` pairs, separated by `;` |`nan` +|`string` +|Empty string +| |KafkaStreamLL.BasicConfig.LogConfig.LogFileMaxSizeMB |The maximum size in megabytes of the log file before it gets rotated |`100` +|`int32` +|`100` +| |KafkaStreamLL.BasicConfig.LogConfig.LogLevel |The log level for Kafka stream LoadingLog (``TRACE'', ``DEBUG'', ``INFO'', ``WARN'', ``ERROR'', ``FATAL'' ``OFF'') |`INFO` +|`string` +|`INFO` +| |KafkaStreamLL.BasicConfig.LogConfig.LogRotationFileNumber |The maximum number of old log files to retain |`100` +|`int32` +|`100` +| |KafkaStreamLL.BasicConfig.LogDirRelativePath |The relative path (to the System.LogRoot) of log directory for Kafka stream LoadingLog |`kafkastrm-ll` +|`string` +|`kafkastrm-ll` +| |KafkaStreamLL.BasicConfig.Nodes |The node list for Kafka stream LoadingLog |`[{"HostID":"m1","Partition":1,"Replica":0},{"HostID":"m2","Partition":2,"Replica":0}]` +|`json` +|`[{"HostID":"m1","Partition":1},{"HostID":"m2","Partition":2}]` +| |KafkaStreamLL.MaxPartitionFetchBytes |Max partition fetch bytes size |`104857600` +|`int32` +|`104857600` +| |KafkaStreamLL.Port |The port used for Kafka stream LoadingLog |`30004` +|`int32` +|`30004` +| |KafkaStreamLL.ReplicaNumber |The number of standby replicas. Standby replicas are shadow copies of local state stores |`1` +|`int32` +|`1` +| |KafkaStreamLL.StateDirRelativePath |The relative folder path for Kafka stream LoadingLog state |`kafkastrm-ll` +|`string` +|`kafkastrm-ll` +| |=== == Nginx [width="100%",cols="34%,33%,33%",options="header",] |=== -|Name |Description |Example +|Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Nginx.AllowedCIDRList |The allowlist of IPv4/IPv6 CIDR blocks to restrict the application access, separate in comma. |`0.0.0.0/0, ::/0` +|`string` +|`0.0.0.0/0, ::/0` +| |Nginx.BasicConfig.LogConfig.LogFileMaxDurationDay |The maximum number of days to retain old log files based on the timestamp encoded in their filename |`90` +|`int32` +|`90` +| |Nginx.BasicConfig.LogConfig.LogFileMaxSizeMB |The maximum size in megabytes of the log file before it gets rotated |`100` +|`int32` +|`100` +| |Nginx.BasicConfig.LogConfig.LogRotationFileNumber |The maximum number of old log files to retain |`100` +|`int32` +|`100` +| |Nginx.BasicConfig.LogDirRelativePath |The relative path (to the System.LogRoot) of log directory for Nginx |`nginx` +|`string` +|`nginx` +| |Nginx.BasicConfig.Nodes |The node list for Nginx |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` +|`json` +|`[{"HostID":"m1","Replica":1},{"HostID":"m2","Replica":2}]` +| |Nginx.ClientMaxBodySize |The maximum request size for Nginx in MB |`200` +|`int32` +|`200` +| |Nginx.ConfigTemplate |The template to generate nginx config. Please use `@filepath` to parse template from file. Check the default template first at https://docs.tigergraph.com.(Warning: Don’t modify the reserved keywords(string like *UPPER_CASE*) in template.) |`worker_processes __WORKER_PROCESSES__;\ndaemon off;\npid __NGINX_PID_PATH__;\n\nevents {\n worker_connections 10240;\n}\n\nhttp {\n\n server_tokens off;\n\n map $request_uri $request_uri_path {\n \~^(?P\u003cpath\u003e[^?]*)(\\?.*)?$\" $path;\n }\n\n log_format combined_no_query '$remote_addr - $remote_user [$time_local] '\n '\"$request_method $request_uri_path $server_protocol\" $status $body_bytes_sent '\n '\"$http_referer\" \"$http_user_agent\"';\n\n\t#Set allowed CIDR blocks\n__CIDR_LIST__\n types {\n text/html html htm shtml;\n text/css css;\n text/xml xml;\n image/gif gif;\n image/jpeg jpeg jpg;\n application/javascript js;\n application/atom+xml atom;\n application/rss+xml rss;\n\n text/mathml mml;\n text/plain txt;\n text/vnd.sun.j2me.app-descriptor jad;\n text/vnd.wap.wml wml;\n text/x-component htc;\n\n image/png png;\n image/svg+xml svg svgz;\n image/tiff tif tiff;\n image/vnd.wap.wbmp wbmp;\n image/webp webp;\n image/x-icon ico;\n image/x-jng jng;\n image/x-ms-bmp bmp;\n\n font/woff woff;\n font/woff2 woff2;\n\n application/java-archive jar war ear;\n application/json json;\n application/mac-binhex40 hqx;\n application/msword doc;\n application/pdf pdf;\n application/postscript ps eps ai;\n application/rtf rtf;\n application/vnd.apple.mpegurl m3u8;\n application/vnd.google-earth.kml+xml kml;\n application/vnd.google-earth.kmz kmz;\n application/vnd.ms-excel xls;\n application/vnd.ms-fontobject eot;\n application/vnd.ms-powerpoint ppt;\n application/vnd.oasis.opendocument.graphics odg;\n application/vnd.oasis.opendocument.presentation odp;\n application/vnd.oasis.opendocument.spreadsheet ods;\n application/vnd.oasis.opendocument.text odt;\n application/vnd.openxmlformats-officedocument.presentationml.presentation\n pptx;\n application/vnd.openxmlformats-officedocument.spreadsheetml.sheet\n xlsx;\n application/vnd.openxmlformats-officedocument.wordprocessingml.document\n docx;\n application/vnd.wap.wmlc wmlc;\n application/x-7z-compressed 7z;\n application/x-cocoa cco;\n application/x-java-archive-diff jardiff;\n application/x-java-jnlp-file jnlp;\n application/x-makeself run;\n application/x-perl pl pm;\n application/x-pilot prc pdb;\n application/x-rar-compressed rar;\n application/x-redhat-package-manager rpm;\n application/x-sea sea;\n application/x-shockwave-flash swf;\n application/x-stuffit sit;\n application/x-tcl tcl tk;\n application/x-x509-ca-cert der pem crt;\n application/x-xpinstall xpi;\n application/xhtml+xml xhtml;\n application/xspf+xml xspf;\n application/zip zip;\n\n application/octet-stream bin exe dll;\n application/octet-stream deb;\n application/octet-stream dmg;\n application/octet-stream iso img;\n application/octet-stream msi msp msm;\n\n audio/midi mid midi kar;\n audio/mpeg mp3;\n audio/ogg ogg;\n audio/x-m4a m4a;\n audio/x-realaudio ra;\n\n video/3gpp 3gpp 3gp;\n video/mp2t ts;\n video/mp4 mp4;\n video/mpeg mpeg mpg;\n video/quicktime mov;\n video/webm webm;\n video/x-flv flv;\n video/x-m4v m4v;\n video/x-mng mng;\n video/x-ms-asf asx asf;\n video/x-ms-wmv wmv;\n video/x-msvideo avi;\n }\n default_type application/octet-stream;\n client_max_body_size __MAX_BODY_SIZE__;\n\n access_log __NGINX_LOG_PER_RESTPP__ combined_no_query;\n error_log __NGINX_ERR_PER_RESTPP__;\n fastcgi_temp_path __TEMP_ROOT__;\n fastcgi_buffers 256 8k;\n\n ###### [BEGIN] customized headers ######\n __HEADER_CONFIG__\n ###### [END] customized headers ######\n\n\n keepalive_timeout 900s;\n\n upstream fastcgi_backend {\n server unix:__FASTCGI_PASS__;\n keepalive 128;\n }\n\n # Use upstream derivative for listing all gsql server \n # that could be used in requesttoken proxy_pass\n __ENABLE_RESTPP_AUTH__ upstream gsql_token_server {\n __ENABLE_RESTPP_AUTH__ __GSQL_TOKEN_SERVER_LIST__\n __ENABLE_RESTPP_AUTH__ }\n\n # Use upstream derivative to list all informant server\n upstream informant_server {\n __INFORMANT_SERVER_LIST__\n }\n\n upstream gsql_server {\n server localhost:__GSQL_SERVER_PORT__ max_fails=10;\n }\n\n # Keep it for backward compatibility\n server {\n add_header Strict-Transport-Security \"max-age=63072000; includeSubdomains; preload\";\n ssl_protocols TLSv1.2;\n ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;\n ssl_prefer_server_ciphers on;\n listen __PORT_PER_RESTPP__ __GUI_CONNECTION_TYPE__;\n server_name localhost;\n large_client_header_buffers __LARGE_CLIENT_HEADER_BUFFER_NUM__ __LARGE_CLIENT_HEADER_BUFFER_SIZE__;\n\n fastcgi_read_timeout 72000s;\n fastcgi_send_timeout 72000s;\n\n __SSL_CERT_ATTR__ __SSL_CERT_PATH__; # if SSL is disabled, here should be '#'\n __SSL_KEY_ATTR__ __SSL_KEY_PATH__; # if SSL is disabled, here should be '#'\n\n\n location / {\n fastcgi_pass fastcgi_backend;\n fastcgi_keep_conn on;\n fastcgi_param REQUEST_METHOD $request_method;\n fastcgi_param CONTENT_TYPE $content_type;\n fastcgi_param CONTENT_LENGTH $content_length;\n fastcgi_param REQUEST_URI $request_uri;\n fastcgi_param GSQL_ASYNC $http_gsql_async;\n fastcgi_param GSQL_TIMEOUT $http_gsql_timeout;\n fastcgi_param GSQL_MEMLIMIT $http_gsql_memlimit;\n fastcgi_param RESPONSE_LIMIT $http_response_limit;\n }\n\n # To ensure the performance of RESTPP, this rule shouldn't be enabled\n # unless restpp.authentication is True.\n # And for performance consideration,\n #!!!!!!! DO NOT USE REGULAR EXPRESSION HERE !!!!!!!\n __ENABLE_RESTPP_AUTH__ location = /requesttoken {\n __ENABLE_RESTPP_AUTH__ proxy_ssl_verify __PROXY_SSL_VERIFY__;\n __ENABLE_RESTPP_AUTH__ proxy_set_header X-Real-IP $remote_addr;\n __ENABLE_RESTPP_AUTH__ proxy_pass __REQUEST_TOKEN_PROTOCOL__://gsql_token_server;\n __ENABLE_RESTPP_AUTH__ }\n }\n\n server {\n\t\tlisten __NGINX_SERVICES_PORT__ __GUI_CONNECTION_TYPE__;\n ssl_protocols TLSv1.2;\n\t\tlarge_client_header_buffers __LARGE_CLIENT_HEADER_BUFFER_NUM__ __LARGE_CLIENT_HEADER_BUFFER_SIZE__;\n\t\tproxy_buffer_size __PROXY_BUFFER_SIZE__;\n\t\tproxy_buffers __PROXY_BUFFERS_NUM__ __PROXY_BUFFERS_SIZE__;\n\t\tproxy_busy_buffers_size __PROXY_BUSY_BUFFERS_SIZE__;\n\n\t\t__SSL_CERT_ATTR__ __SSL_CERT_PATH__; # if SSL is disabled, here should be '#'\n\t\t__SSL_KEY_ATTR__ __SSL_KEY_PATH__; # if SSL is disabled, here should be '#'\n\n\t\tlocation / {\n\t\t\t# Set whether to enable compression\n\t\t\tgzip on;\n\t\t\tgzip_types\n\t\t\t\tapplication/javascript # works significantly with javascript files in GUI\n\t\t\t;\n\t\t\troot __TOOLS_STATIC_FOLDER__;\n\t\t\ttry_files $uri $uri/ @backend;\n\t\t}\n\n\t\tlocation /assets/img/user-uploaded-icons/ {\n\t\t\talias __GUI_DATA_FOLDER__/user_icons/;\n\t\t\ttry_files $uri $uri/ = 404;\n\t\t}\n\n location /gsql/ {\n\t\t\t# Set whether to enable compression\n\t\t\tgzip on;\n\t\t\tgzip_types\n\t\t\t\tapplication/javascript # works significantly with javascript files in GUI\n\t\t\t;\n\t\t\talias __GSHELL_STATIC_FOLDER__/;\n\t\t\ttry_files $uri $uri/ = 404;\n\t\t}\n\n location = /gsql {\n\t\t\trewrite /gsql /gsql/ last;\n\t\t}\n\n location ^~/insights/ {\n\t\t\t# Set whether to enable compression\n\t\t\tgzip on;\n\t\t\tgzip_types\n\t\t\t\tapplication/javascript # works significantly with javascript files in GUI\n\t\t\t;\n\t\t\talias __INSIGHTS_STATIC_FOLDER__/;\n\t\t\ttry_files $uri $uri/ /insights/index.html;\n\t\t}\n\n location = /insights {\n\t\t\trewrite /insights /insights/ last;\n\t\t}\n\n location /graphql/ {\n\t\t\t# Set whether to enable compression\n\t\t\tgzip on;\n\t\t\tgzip_types\n\t\t\t\tapplication/javascript # works significantly with javascript files in GUI\n\t\t\t;\n\t\t\talias __GRAPHQL_STATIC_FOLDER__/;\n\t\t\ttry_files $uri $uri/ = 404;\n\t\t}\n\n location = /graphql {\n\t\t\trewrite /graphql /graphql/ last;\n\t\t}\n\n location /studio/ {\n\t\t\t# Set whether to enable compression\n\t\t\tgzip on;\n\t\t\tgzip_types\n\t\t\t\tapplication/javascript # works significantly with javascript files in GUI\n\t\t\t;\n\t\t\talias __GST_STATIC_FOLDER__/;\n\t\t\ttry_files $uri $uri/ = 404;\n\t\t}\n\n location = /studio {\n\t\t\trewrite /studio /studio/ last;\n\t\t}\n\n\t\tlocation /admin/ {\n\t\t\t# Set whether to enable compression\n\t\t\tgzip on;\n\t\t\tgzip_types\n\t\t\t\tapplication/javascript # works significantly with javascript files in GUI\n\t\t\t;\n\t\t\talias __ADMIN_PORTAL_STATIC_FOLDER__/;\n\t\t\ttry_files $uri $uri/ = 404;\n\t\t}\n\n location = /admin {\n\t\t\trewrite /admin /admin/ last;\n\t\t}\n\n\t\tlocation @backend {\n\t\t\tproxy_read_timeout 604800s;\n\t\t\tproxy_set_header X-Real-IP $remote_addr;\n\t\t\tproxy_pass http://localhost:__GUI_WEBSERVER_PORT__;\n\t\t}\n\n\t\tlocation ~ ^/informant/(?\u003cinformant_uri\u003e.*) {\n \t\t\trewrite ^/informant/(.*) /$informant_uri break;\n \t\t\tproxy_read_timeout 3600s;\n \t\t\tproxy_set_header X-Real-IP $remote_addr;\n \t\t\tproxy_pass http://informant_server;\n \t\t}\n\n\t\tlocation ~ ^/gsqlserver/(?\u003cgsql_uri\u003e.*) {\t\n\t\t\trewrite ^/gsqlserver/(.*) /$gsql_uri break;\n\t\t\tproxy_read_timeout 604800s;\n\t\t\tproxy_set_header X-Real-IP $remote_addr;\n\t\t\tproxy_pass http://gsql_server;\n\t\t\tproxy_http_version 1.1;\n\t\t\tproxy_buffering off;\n\t\t}\n\n\t\t# This RESTPP endpoint shares the same security configuration\n\t\tfastcgi_read_timeout 72000s;\n\t\tfastcgi_send_timeout 72000s;\n\n\t\t__ENABLE_RESTPP_AUTH__ location ~ ^/restpp/(?\u003ctoken_uri\u003erequesttoken.*) {\n\t\t__ENABLE_RESTPP_AUTH__ rewrite ^/restpp/(.*) /$token_uri break;\n\t\t__ENABLE_RESTPP_AUTH__ proxy_ssl_verify __PROXY_SSL_VERIFY__;\n\t\t__ENABLE_RESTPP_AUTH__ proxy_set_header X-Real-IP $remote_addr;\n\t\t__ENABLE_RESTPP_AUTH__ proxy_pass __REQUEST_TOKEN_PROTOCOL__://gsql_token_server;\n\t\t__ENABLE_RESTPP_AUTH__ }\n\n\t\tlocation ~ ^/restpp/(.*) {\n\t\t\tfastcgi_pass fastcgi_backend;\n\t\t\tfastcgi_keep_conn on;\n\t\t\tfastcgi_param REQUEST_METHOD $request_method;\n\t\t\tfastcgi_param CONTENT_TYPE $content_type;\n\t\t\tfastcgi_param CONTENT_LENGTH $content_length;\n\t\t\tfastcgi_param REQUEST_URI $1?$query_string; # the url pattern matched above\n\t\t\tfastcgi_param GSQL_TIMEOUT $http_gsql_timeout;\n\t\t\tfastcgi_param GSQL_MEMLIMIT $http_gsql_memlimit;\n fastcgi_param GSQL_ASYNC $http_gsql_async;\n\t\t\tfastcgi_param RESPONSE_LIMIT $http_response_limit;\t \n\t\t}\n\t}\n}\n"` +|`string` +|`worker_processes __WORKER_PROCESSES__;\ndaemon off;\npid __NGINX_PID_PATH__;\n\nevents {\n worker_connections 10240;\n}\n\nhttp {\n\n server_tokens off;\n\n map $request_uri $request_uri_path {\n \~^(?P\u003cpath\u003e[^?]*)(\\?.*)?$\" $path;\n }\n\n log_format combined_no_query '$remote_addr - $remote_user [$time_local] '\n '\"$request_method $request_uri_path $server_protocol\" $status $body_bytes_sent '\n '\"$http_referer\" \"$http_user_agent\"';\n\n\t#Set allowed CIDR blocks\n__CIDR_LIST__\n types {\n text/html html htm shtml;\n text/css css;\n text/xml xml;\n image/gif gif;\n image/jpeg jpeg jpg;\n application/javascript js;\n application/atom+xml atom;\n application/rss+xml rss;\n\n text/mathml mml;\n text/plain txt;\n text/vnd.sun.j2me.app-descriptor jad;\n text/vnd.wap.wml wml;\n text/x-component htc;\n\n image/png png;\n image/svg+xml svg svgz;\n image/tiff tif tiff;\n image/vnd.wap.wbmp wbmp;\n image/webp webp;\n image/x-icon ico;\n image/x-jng jng;\n image/x-ms-bmp bmp;\n\n font/woff woff;\n font/woff2 woff2;\n\n application/java-archive jar war ear;\n application/json json;\n application/mac-binhex40 hqx;\n application/msword doc;\n application/pdf pdf;\n application/postscript ps eps ai;\n application/rtf rtf;\n application/vnd.apple.mpegurl m3u8;\n application/vnd.google-earth.kml+xml kml;\n application/vnd.google-earth.kmz kmz;\n application/vnd.ms-excel xls;\n application/vnd.ms-fontobject eot;\n application/vnd.ms-powerpoint ppt;\n application/vnd.oasis.opendocument.graphics odg;\n application/vnd.oasis.opendocument.presentation odp;\n application/vnd.oasis.opendocument.spreadsheet ods;\n application/vnd.oasis.opendocument.text odt;\n application/vnd.openxmlformats-officedocument.presentationml.presentation\n pptx;\n application/vnd.openxmlformats-officedocument.spreadsheetml.sheet\n xlsx;\n application/vnd.openxmlformats-officedocument.wordprocessingml.document\n docx;\n application/vnd.wap.wmlc wmlc;\n application/x-7z-compressed 7z;\n application/x-cocoa cco;\n application/x-java-archive-diff jardiff;\n application/x-java-jnlp-file jnlp;\n application/x-makeself run;\n application/x-perl pl pm;\n application/x-pilot prc pdb;\n application/x-rar-compressed rar;\n application/x-redhat-package-manager rpm;\n application/x-sea sea;\n application/x-shockwave-flash swf;\n application/x-stuffit sit;\n application/x-tcl tcl tk;\n application/x-x509-ca-cert der pem crt;\n application/x-xpinstall xpi;\n application/xhtml+xml xhtml;\n application/xspf+xml xspf;\n application/zip zip;\n\n application/octet-stream bin exe dll;\n application/octet-stream deb;\n application/octet-stream dmg;\n application/octet-stream iso img;\n application/octet-stream msi msp msm;\n\n audio/midi mid midi kar;\n audio/mpeg mp3;\n audio/ogg ogg;\n audio/x-m4a m4a;\n audio/x-realaudio ra;\n\n video/3gpp 3gpp 3gp;\n video/mp2t ts;\n video/mp4 mp4;\n video/mpeg mpeg mpg;\n video/quicktime mov;\n video/webm webm;\n video/x-flv flv;\n video/x-m4v m4v;\n video/x-mng mng;\n video/x-ms-asf asx asf;\n video/x-ms-wmv wmv;\n video/x-msvideo avi;\n }\n default_type application/octet-stream;\n client_max_body_size __MAX_BODY_SIZE__;\n\n access_log __NGINX_LOG_PER_RESTPP__ combined_no_query;\n error_log __NGINX_ERR_PER_RESTPP__;\n fastcgi_temp_path __TEMP_ROOT__;\n fastcgi_buffers 256 8k;\n\n ###### [BEGIN] customized headers ######\n __HEADER_CONFIG__\n ###### [END] customized headers ######\n\n\n keepalive_timeout 900s;\n\n upstream fastcgi_backend {\n server unix:__FASTCGI_PASS__;\n keepalive 128;\n }\n\n # Use upstream derivative for listing all gsql server \n # that could be used in requesttoken proxy_pass\n __ENABLE_RESTPP_AUTH__ upstream gsql_token_server {\n __ENABLE_RESTPP_AUTH__ __GSQL_TOKEN_SERVER_LIST__\n __ENABLE_RESTPP_AUTH__ }\n\n # Use upstream derivative to list all informant server\n upstream informant_server {\n __INFORMANT_SERVER_LIST__\n }\n\n upstream gsql_server {\n server localhost:__GSQL_SERVER_PORT__ max_fails=10;\n }\n\n # Keep it for backward compatibility\n server {\n add_header Strict-Transport-Security \"max-age=63072000; includeSubdomains; preload\";\n ssl_protocols TLSv1.2;\n ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;\n ssl_prefer_server_ciphers on;\n listen __PORT_PER_RESTPP__ __GUI_CONNECTION_TYPE__;\n server_name localhost;\n large_client_header_buffers __LARGE_CLIENT_HEADER_BUFFER_NUM__ __LARGE_CLIENT_HEADER_BUFFER_SIZE__;\n\n fastcgi_read_timeout 72000s;\n fastcgi_send_timeout 72000s;\n\n __SSL_CERT_ATTR__ __SSL_CERT_PATH__; # if SSL is disabled, here should be '#'\n __SSL_KEY_ATTR__ __SSL_KEY_PATH__; # if SSL is disabled, here should be '#'\n\n\n location / {\n fastcgi_pass fastcgi_backend;\n fastcgi_keep_conn on;\n fastcgi_param REQUEST_METHOD $request_method;\n fastcgi_param CONTENT_TYPE $content_type;\n fastcgi_param CONTENT_LENGTH $content_length;\n fastcgi_param REQUEST_URI $request_uri;\n fastcgi_param GSQL_ASYNC $http_gsql_async;\n fastcgi_param GSQL_TIMEOUT $http_gsql_timeout;\n fastcgi_param GSQL_MEMLIMIT $http_gsql_memlimit;\n fastcgi_param RESPONSE_LIMIT $http_response_limit;\n }\n\n # To ensure the performance of RESTPP, this rule shouldn't be enabled\n # unless restpp.authentication is True.\n # And for performance consideration,\n #!!!!!!! DO NOT USE REGULAR EXPRESSION HERE !!!!!!!\n __ENABLE_RESTPP_AUTH__ location = /requesttoken {\n __ENABLE_RESTPP_AUTH__ proxy_ssl_verify __PROXY_SSL_VERIFY__;\n __ENABLE_RESTPP_AUTH__ proxy_set_header X-Real-IP $remote_addr;\n __ENABLE_RESTPP_AUTH__ proxy_pass __REQUEST_TOKEN_PROTOCOL__://gsql_token_server;\n __ENABLE_RESTPP_AUTH__ }\n }\n\n server {\n\t\tlisten __NGINX_SERVICES_PORT__ __GUI_CONNECTION_TYPE__;\n ssl_protocols TLSv1.2;\n\t\tlarge_client_header_buffers __LARGE_CLIENT_HEADER_BUFFER_NUM__ __LARGE_CLIENT_HEADER_BUFFER_SIZE__;\n\t\tproxy_buffer_size __PROXY_BUFFER_SIZE__;\n\t\tproxy_buffers __PROXY_BUFFERS_NUM__ __PROXY_BUFFERS_SIZE__;\n\t\tproxy_busy_buffers_size __PROXY_BUSY_BUFFERS_SIZE__;\n\n\t\t__SSL_CERT_ATTR__ __SSL_CERT_PATH__; # if SSL is disabled, here should be '#'\n\t\t__SSL_KEY_ATTR__ __SSL_KEY_PATH__; # if SSL is disabled, here should be '#'\n\n\t\tlocation / {\n\t\t\t# Set whether to enable compression\n\t\t\tgzip on;\n\t\t\tgzip_types\n\t\t\t\tapplication/javascript # works significantly with javascript files in GUI\n\t\t\t;\n\t\t\troot __TOOLS_STATIC_FOLDER__;\n\t\t\ttry_files $uri $uri/ @backend;\n\t\t}\n\n\t\tlocation /assets/img/user-uploaded-icons/ {\n\t\t\talias __GUI_DATA_FOLDER__/user_icons/;\n\t\t\ttry_files $uri $uri/ = 404;\n\t\t}\n\n location /gsql/ {\n\t\t\t# Set whether to enable compression\n\t\t\tgzip on;\n\t\t\tgzip_types\n\t\t\t\tapplication/javascript # works significantly with javascript files in GUI\n\t\t\t;\n\t\t\talias __GSHELL_STATIC_FOLDER__/;\n\t\t\ttry_files $uri $uri/ = 404;\n\t\t}\n\n location = /gsql {\n\t\t\trewrite /gsql /gsql/ last;\n\t\t}\n\n location ^~/insights/ {\n\t\t\t# Set whether to enable compression\n\t\t\tgzip on;\n\t\t\tgzip_types\n\t\t\t\tapplication/javascript # works significantly with javascript files in GUI\n\t\t\t;\n\t\t\talias __INSIGHTS_STATIC_FOLDER__/;\n\t\t\ttry_files $uri $uri/ /insights/index.html;\n\t\t}\n\n location = /insights {\n\t\t\trewrite /insights /insights/ last;\n\t\t}\n\n location /graphql/ {\n\t\t\t# Set whether to enable compression\n\t\t\tgzip on;\n\t\t\tgzip_types\n\t\t\t\tapplication/javascript # works significantly with javascript files in GUI\n\t\t\t;\n\t\t\talias __GRAPHQL_STATIC_FOLDER__/;\n\t\t\ttry_files $uri $uri/ = 404;\n\t\t}\n\n location = /graphql {\n\t\t\trewrite /graphql /graphql/ last;\n\t\t}\n\n location /studio/ {\n\t\t\t# Set whether to enable compression\n\t\t\tgzip on;\n\t\t\tgzip_types\n\t\t\t\tapplication/javascript # works significantly with javascript files in GUI\n\t\t\t;\n\t\t\talias __GST_STATIC_FOLDER__/;\n\t\t\ttry_files $uri $uri/ = 404;\n\t\t}\n\n location = /studio {\n\t\t\trewrite /studio /studio/ last;\n\t\t}\n\n\t\tlocation /admin/ {\n\t\t\t# Set whether to enable compression\n\t\t\tgzip on;\n\t\t\tgzip_types\n\t\t\t\tapplication/javascript # works significantly with javascript files in GUI\n\t\t\t;\n\t\t\talias __ADMIN_PORTAL_STATIC_FOLDER__/;\n\t\t\ttry_files $uri $uri/ = 404;\n\t\t}\n\n location = /admin {\n\t\t\trewrite /admin /admin/ last;\n\t\t}\n\n\t\tlocation @backend {\n\t\t\tproxy_read_timeout 604800s;\n\t\t\tproxy_set_header X-Real-IP $remote_addr;\n\t\t\tproxy_pass http://localhost:__GUI_WEBSERVER_PORT__;\n\t\t}\n\n\t\tlocation ~ ^/informant/(?\u003cinformant_uri\u003e.*) {\n \t\t\trewrite ^/informant/(.*) /$informant_uri break;\n \t\t\tproxy_read_timeout 3600s;\n \t\t\tproxy_set_header X-Real-IP $remote_addr;\n \t\t\tproxy_pass http://informant_server;\n \t\t}\n\n\t\tlocation ~ ^/gsqlserver/(?\u003cgsql_uri\u003e.*) {\t\n\t\t\trewrite ^/gsqlserver/(.*) /$gsql_uri break;\n\t\t\tproxy_read_timeout 604800s;\n\t\t\tproxy_set_header X-Real-IP $remote_addr;\n\t\t\tproxy_pass http://gsql_server;\n\t\t\tproxy_http_version 1.1;\n\t\t\tproxy_buffering off;\n\t\t}\n\n\t\t# This RESTPP endpoint shares the same security configuration\n\t\tfastcgi_read_timeout 72000s;\n\t\tfastcgi_send_timeout 72000s;\n\n\t\t__ENABLE_RESTPP_AUTH__ location ~ ^/restpp/(?\u003ctoken_uri\u003erequesttoken.*) {\n\t\t__ENABLE_RESTPP_AUTH__ rewrite ^/restpp/(.*) /$token_uri break;\n\t\t__ENABLE_RESTPP_AUTH__ proxy_ssl_verify __PROXY_SSL_VERIFY__;\n\t\t__ENABLE_RESTPP_AUTH__ proxy_set_header X-Real-IP $remote_addr;\n\t\t__ENABLE_RESTPP_AUTH__ proxy_pass __REQUEST_TOKEN_PROTOCOL__://gsql_token_server;\n\t\t__ENABLE_RESTPP_AUTH__ }\n\n\t\tlocation ~ ^/restpp/(.*) {\n\t\t\tfastcgi_pass fastcgi_backend;\n\t\t\tfastcgi_keep_conn on;\n\t\t\tfastcgi_param REQUEST_METHOD $request_method;\n\t\t\tfastcgi_param CONTENT_TYPE $content_type;\n\t\t\tfastcgi_param CONTENT_LENGTH $content_length;\n\t\t\tfastcgi_param REQUEST_URI $1?$query_string; # the url pattern matched above\n\t\t\tfastcgi_param GSQL_TIMEOUT $http_gsql_timeout;\n\t\t\tfastcgi_param GSQL_MEMLIMIT $http_gsql_memlimit;\n fastcgi_param GSQL_ASYNC $http_gsql_async;\n\t\t\tfastcgi_param RESPONSE_LIMIT $http_response_limit;\t \n\t\t}\n\t}\n}\n"` +| |Nginx.Port |The serving port for Nginx |`14240` +|`int32` +|`14240` +| |Nginx.ResponseHeaders |The customized headers in HTTP Response |`[{"FieldName":"X-Frame-Options","FieldValue":"SAMEORIGIN"}]` +|`json` +|`[{"FieldName":"X-Frame-Options","FieldValue":"SAMEORIGIN"}]` +| |Nginx.SSL.Cert |Public certificate for SSL. (Could use @cert_file_path to parse the certificate from file) |`nan` +|`string` +|Empty string +| |Nginx.SSL.Enable |Enable SSL connection for all HTTP requests |`false` +|`bool` +|`false` +| |Nginx.SSL.Key |Private key for SSL. (Could use @key_file_path to parse the key from file) |`nan` +|`string` +|Empty string +| |Nginx.WorkerProcessNumber |The number of worker processes for Nginx |`4` +|`int32` +|`4` +| |=== [#_restpp] @@ -925,160 +1726,308 @@ the key from file) |`nan` [width="100%",cols="34%,33%,33%",options="header",] |=== -|Name |Description |Example +|Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |RESTPP.BasicConfig.Env | A list of `=` pairs, separated by `;` |`LD_PRELOAD=$LD_PRELOAD; LD_LIBRARY_PATH=$LD_LIBRARY_PATH; REPORT_FIRST_N_LINES=$REPORT_FIRST_N_LINES` +|`string` +|`LD_PRELOAD=$LD_PRELOAD; LD_LIBRARY_PATH=$LD_LIBRARY` +| |RESTPP.BasicConfig.LogConfig.LogFileMaxDurationDay |The maximum number of days to retain old log files based on the timestamp encoded in their filename |`90` +|`int32` +|`90` +| |RESTPP.BasicConfig.LogConfig.LogFileMaxSizeMB |The maximum size in megabytes of the log file before it gets rotated |`100` +|`int32` +|`100` +| |RESTPP.BasicConfig.LogConfig.LogLevel |The log level(``OFF'', ``BRIEF'', ``DEBUG'', ``VERBOSE''), default is BRIEF |`BRIEF` +|`string` +|`BRIEF` +| |RESTPP.BasicConfig.LogConfig.LogRotationFileNumber |The maximum number of old log files to retain |`100` +|`int32` +|`100` +| |RESTPP.BasicConfig.LogDirRelativePath |The relative path (to the System.LogRoot) of log directory for RESTPP |`restpp` +|`string` +|`restpp` +| |RESTPP.BasicConfig.Nodes |The node list for RESTPP |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` +|`json` +|`[{"HostID":"m1", "Replica":1},{"HostID":"m2"}, "Replica":2}]` +| |RESTPP.FCGISocketBackLogMaxCnt |RESTPP fcgi socket backlog max length which is the listen queue depth used in the listen() call. |`36864` +|`int32` +|`36864` +| |RESTPP.FCGISocketFileRelativePath |The relative path of FCGI socket for RESTPP-Nginx communitation under $TempRoot |`rest/restpp-nginx.fcgi.sock` +|`string` +|`rest/restpp-nginx.fcgi.sock` +| |RESTPP.Factory.DefaultLoadingTimeoutSec |The default per request loading timeout (s) for RESTPP |`600` +|`int32` +|`600` +| |RESTPP.Factory.DefaultQueryTimeoutSec |The default query timeout (s) for RESTPP |`16` +|`int32` +|`16` +| |RESTPP.Factory.DynamicEndpointRelativePath |RESTPP’s relative (to data root) path to store the dynamic endpoint |`restpp/endpoint/` +|`string` +|`restpp/endpoint/` +| |RESTPP.Factory.DynamicSchedulerRelativePath |RESTPP’s relative (to data root) path to store the dynamic scheduler |`restpp/scheduler/` +|`string` +|`restpp/scheduler/` +| |RESTPP.Factory.EnableAuth |Enable authentication of RESTPP |`false` +|`bool` +|`false` +| |RESTPP.Factory.HandlerCount |RESTPP’s handler count |`4` +|`int32` +|`4` +| |RESTPP.Factory.QueryMemoryLimitMB |The memory limit of query runs for container on disk. The default value is -1, meaning no limit |`-1` +|`int32` +|`-1` +| |RESTPP.Factory.StatsIntervalSec |RESTPP’s time interval to collect stats (e.g. QPS) |`60` +|`int32` +|`60` +| |RESTPP.GPEResponsePort |The port of RESTPP to accept GPE response |`5400` +|`int32` +|`5400` +| |RESTPP.GSEResponsePort |The port of RESTPP to accept GSE response |`5500` +|`int32` +|`5500` +| |RESTPP.HttpServer.Enable |Enable RESTPP’s http server |`false` +|`bool` +|`false` +| |RESTPP.HttpServer.Port |RESTPP’s http server port |`10000` +|`int32` +|`10000` +| |RESTPP.HttpServer.WorkerNum |RESTPP’s http server worker number |`2` +|`int32` +|`2` +| |RESTPP.LoadedOffsetTraceBackHr |The trace back time (hour) of loaded offset, offsets will not be reported beyond the specified time |`24` +|`int32` +|`24` +| |RESTPP.NginxPort |The port of RESTPP to accept upstream Nginx requests |`9000` +|`int32` +|`9000` +| |RESTPP.WorkLoadManager.MaxHeavyBuiltinQueries |The maximum number of concurrent “heavy“ built-in queries (kstep_expansion, searchvertex, allpaths, shortestpath) on a restpp server |`100` +|`int32` +|`100` +| |RESTPP.WorkLoadManager.MaxConcurrentQueries |The maximum number of concurrent queries allowed to run, *excluding* heavy queries | `50` +|`int32` +|`50` +| |RESTPP.WorkLoadManager.MaxDelayQueueSize |The maximum number of concurrent queries in the delay queue |`20` +|`int32` +|`20` +| |RESTPP.QueryRouting.Mode | Set the query routing mode (0=RoundRobin, 1=CPULoadAware) | `0` +|`int32` +|`0` +| |RESTPP.QueryRouting.TargetSelectionCPUThreshold| Set the query routing mode CPU usage threshold | `50` +|`int32` +|`50` +| |=== == Security [width="100%",cols="34%,33%,33%",options="header",] |=== -|Name |Description |Example +|Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values | Security.JWT.RSA.PublicKey | Configure a RSA public key for xref:tigergraph-server:user-access:jwt-token.adoc[]. | `gadmin config set Security.JWT.RSA.PublicKey ` +| `string` +| `gadmin config set Security.JWT.RSA.PublicKey ` +| | Security.JWT.HMAC.Secret | Configure a HMAC Secret for xref:tigergraph-server:user-access:jwt-token.adoc[]. | `gadmin config set Security.JWT.HMAC.Secret ` +| `string` +| `gadmin config set Security.JWT.HMAC.Secret ` +| | Security.JWT.Issuer | Configure the `iss` claim that will be verified against this configured value for xref:tigergraph-server:user-access:jwt-token.adoc[]. | `gadmin config set Security.JWT.Issuer ""` +| `string` +| `gadmin config set Security.JWT.Issuer ""` +| | Security.JWT.Audience | Configure this JWT Token authentication to verify if the `aud` (recipient for which the JWT is intended) defined in the JWT Token matches the configured one or not for xref:tigergraph-server:user-access:jwt-token.adoc[]. | `gadmin config set Security.JWT.Audience ""` +| `string` +| `gadmin config set Security.JWT.Audience ""` +| |Security.LDAP.AdminDN |Configure the DN of LDAP user who has read access to the base DN specified above. Empty if everyone has read access to LDAP data: default empty |`nan` +|`string` +|Empty string +| |Security.LDAP.AdminPassword |Configure the password of the admin DN specified above. Needed only when admin_dn is specified: default empty |`secret` +|`string` +|Empty string +| |Security.LDAP.BaseDN |Configure LDAP search base DN, the root node to start the LDAP search for user authentication: must specify |`nan` +|`string` +|Empty string +| |Security.LDAP.Enable |Enable LDAP authentication: default false |`false` +|`bool` +|`false` +| + |Security.LDAP.GroupFilter |list of group objects on LDAP server used to retrieve group hierarchy information, default value: (objectClass=group) |(objectClass=group) +|`string` +|`(objectClass=group)` +| |Security.LDAP.GroupHierarchyRefreshIntervalMin |Refresh time in minutes of ldap group hierarchy information. default 240 |60 +|`int32` +|`240` +| |Security.LDAP.Hostname |Configure LDAP server hostname: default localhost |`localhost` +|`string` +|`localhost` +| |Security.LDAP.Port |Configure LDAP server port: default 389 |`389` +|`int32` +|`389` +| |Security.LDAP.SearchFilter |Configure LDAP search base DN, the root node to start the LDAP search for user authentication. |`(objectClass=*)` +|`string` +|`(objectClass=*)` +| |Security.LDAP.Secure.Protocol |Enable SSL/StartTLS for LDAP connection [none/ssl/starttls]: default none |`none` +|`string` +|`none` +| |Security.LDAP.Secure.TrustAll |Configure to trust all LDAP servers (unsafe): default false |`false` +|`bool` +|`false` +| |Security.LDAP.Secure.TruststoreFormat |Configure the truststore format [JKS/PKCS12]: default JKS |`JKS` +|`string` +|`JSK` +| |Security.LDAP.Secure.TruststorePassword |Configure the truststore password: default changeit |`changeit` +|`string` +|`changeit` +| |Security.LDAP.Secure.TruststorePath |Configure the truststore absolute path for the certificates used in SSL: default empty |`nan` +|`string` +|Empty string +| |Security.LDAP.UsernameAttribute |Configure the username attribute name in LDAP server: default uid |`uid` +|`string` +|`uid` +| +|=== + +== Security (Advanced) | Security.SSO.OIDC.OP.AccessTokenURL | The API to request access token from OP. @@ -1089,29 +2038,51 @@ Type: `STRING` |Security.SSO.OIDC.BuiltinUser |The builtin user for OIDC, default: __GSQL__oidc |`__GSQL__oidc` +|`string` +|`__GSQL__oidc` +| |Security.SSO.OIDC.CallBackUrl |TigerGraph service provider callback URL: default http://127.0.0.1:14240 |`http://127.0.0.1:14240` +|`string` +|`http://127.0.0.1:14240` +| | Security.SSO.OIDC.ClaimAsUserID | The OIDC claim which will be used as username in TigerGraph Type: `STRING` | `email` +|`string` +|`email` +| |Security.SSO.OIDC.Enable |Enable OIDC based SSO [true/false]: default false |`false` +|`bool` +|`false` +| |Security.SSO.OIDC.OP.ClientId |The client id assigned by Openid Provider when registers TigerGraph |`nan` +|`string` +|Empty string +| + |Security.SSO.OIDC.OP.ClientSecret |The client secret generated by OIDC provider, this config is only needed if algorithm is HMAC type |`nan` +|`string` +|Empty string +| |Security.SSO.OIDC.OP.JWKSUrl |The url of the OpenID provider to retrieve the public JSON web key set, e.g. https://op.example.com/.well-known/jwks.json. It is only needed if algorithm is RSA type |`https://op.example.com/.well-known/jwks.json` +|`string` +|`https://op.example.com/.well-known/jwks.json` +| | Security.SSO.OIDC.OP.Issuer | Required, not needed for TG-Cloud. @@ -1119,25 +2090,43 @@ Entity that issues a set of claims. Type: `STRING` | https://example.issuer.tigergraph.com. +|`string` +|https://example.issuer.tigergraph.com.au/ +| |Security.SSO.OIDC.OP.SSOUrl |Single Sign-On URL: default https://op.example.com/oauth/authorize |`https://op.example.com/oauth/authorize` +|`string` +|https://op.example.com/oauth/authorize +| |Security.SSO.OIDC.OP.SigAlgorithm |Define the algorithm that OIDC provider used to sign the ID token, [RS256/HS256/…]: default RS256 |`RS256` +|`string` +|`RS256` +| |Security.SSO.OIDC.OrganizationId |The organization ID for cloud OpenId server |`nan` +|`string` +|Empty string +| |Security.SSO.OIDC.ResponseType |Define the kind of credential that OIDC provider will return [code/token/id_token/code id_token/…]: default code |`code` +|`string` +|`code` +| |Security.SSO.OIDC.Scope |Specifies the claims (or user attributes) to retrieve, separated by a space [openid email/openid profile/…]: default openid profile (means user’s full profile). |`openid profile` +|`string` +|`openid profile` +| | Security.SSO.OIDC.OP.UserInfoURL | Required for OIDC code flow, not needed for implicit flow. @@ -1145,75 +2134,144 @@ The API to request user information via an access token. Type: `STRING` | `https://op.example.com/userinfo` +|`string` +| `https://op.example.com/userinfo` +| |Security.SSO.SAML.AssertionSigned |Require Identity Provider to sign assertions: default true |`true` +|`bool` +|`true` +| |Security.SSO.SAML.AuthnRequestSigned |Sign AuthnRequests before sending to Identity Provider: default true |`true` +|`bool` +|`true` +| |Security.SSO.SAML.BuiltinUser |The builtin user for SAML |`__GSQL__saml` +|`string` +|`__GSQL__saml` +| |Security.SSO.SAML.Enable |Enable SAML2-based SSO: default false |`false` +|`bool` +|`false` +| |Security.SSO.SAML.IDP.EntityId |Identity Provider Entity ID: default http://idp.example.com |`http://idp.example.com` +|`string` +|`http://idp.example.com` +| |Security.SSO.SAML.IDP.SSOUrl |Single Sign-On URL: default http://idp.example.com/sso/saml |`http://idp.example.com/sso/saml` +|`string` +|http://idp.example.com/sso/saml +| |Security.SSO.SAML.IDP.X509Cert |Identity Provider’s x509 Certificate filepath: default empty. You can use @/cert/file/path to pass the certificate from a file. |`nan` +|`string` +|Empty string +| |Security.SSO.SAML.MetadataSigned |Sign Metadata: default true |`true` +|`bool` +|`true` +| |Security.SSO.SAML.RequestedAuthnContext |Authentication context (comma separate multiple values) |`nan` +|`string` +|Empty string +| |Security.SSO.SAML.ResponseSigned |Require Identity Provider to sign SAML responses: default true |`true` +|`bool` +|`true` +| |Security.SSO.SAML.SP.Hostname |TigerGraph Service Provider URL: default http://127.0.0.1:14240 |`http://127.0.0.1:14240` +|`string` +|`http://127.0.0.1:14240` +| |Security.SSO.SAML.SP.PrivateKey |Content of the host machine’s private key. Require PKCS#8 format (start with ``BEGIN PRIVATE KEY''). You can use @/privatekey/file/path to pass the certificate from a file. |`nan` +|`string` +|Empty string +| |Security.SSO.SAML.SP.X509Cert |Content of the x509 Certificate: default empty. You can use @/cert/file/path to pass the certificate from a file. |`nan` +|`string` +|Empty string +| |Security.SSO.SAML.SignatureAlgorithm |Signiture algorithm [rsa-sha1/rsa-sha256/rsa-sha384/rsa-sha512]: default rsa-sha256 |`rsa-sha256` +|`string` +|`rsa-sha256` +| |Security.UserPasswordPolicy.Enable |Enable/disable the password policy |`false` +|`bool` +|`false` +| |Security.UserPasswordPolicy.MinLength |Password min length |`8` +|`int32` +|`8` +| |Security.UserPasswordPolicy.UppercaseLetterRequired |Requires password must have at least one uppercase character |`true` +|`bool` +|`true` +| |Security.UserPasswordPolicy.LowercaseLetterRequired |Requires password must have at least one lowercase character |`true` +|`bool` +|`true` +| |Security.UserPasswordPolicy.DigitRequired |Requires password must have at least one digit |`true` +|`bool` +|`true` +| |Security.UserPasswordPolicy.SpecialCharacterRequired |Requires password must have at least one special character |`true` +|`bool` +|`true` +| |Security.UserPasswordPolicy.ExpirationDay |How long the password remains valid after it has been updated |`90` +|`int32` +|`90` +| |Security.UserPasswordPolicy.PasswordReuseThreshold |What is the minimum number of unique passwords required before a previously used password can be reused |`5` +|`int32` +|`5` +| |=== == System @@ -1221,177 +2279,339 @@ empty. You can use @/cert/file/path to pass the certificate from a file. [cols="3",options="header",] //[%autowidth,options="header",] |=== -|Name |Description |Example +|Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |System.AppRoot |The root directory for TigerGraph applications |`/home/tigergraph/tigergraph/app` +|`string` +|`/home/tigergraph/tigergraph/app` +| | System.Audit.Enable | Setting to enable audit logs. | `System.Audit.Enable true` +|`bool` +|`true` | System.Audit.DatabaseName | Modify the DataBaseName field in log file header. | `System.Audit.DataBaseName ` | System.Audit.LogDirRelativePath | Modify the relative audit log path. | `System.Audit.LogDirRelativePath ` +|`string` +| `System.Audit.LogDirRelativePath ` +| | System.Audit.LogConfig.LogFileMaxDurationDay | Modify the audit log file’s modification date. | `System.Audit.LogConfig.LogFileMaxDurationDay ` +|`int32` +| `90` +| | System.Audit.LogConfig.LogFileMaxSizeMB | Modify the audit log file’s max size. | `System.Audit.LogConfig.LogFileMaxSizeMB ` +|`int32` +|`100` +| | System.Audit.LogConfig.LogRotationFileNumber | Modify the max amount of Audit Log files in the Audit Log folder. | `System.Audit.LogConfig.LogRotationFileNumber ` +|`int32` +|`100` +| | System.Audit.MaskPII | Mask Sensitive data or PII in the audit log. Default value is: `true`. If it is `false`, the PII data will not be masked. | `System.Audit.MaskPII true` +|`bool` +|`true` +| |System.AuthToken |The authorization token for TigerGraph services |`Va2V7mdpTY5ErZRmTBBRqYtkgR7CiGbF` +|`string` +| random string of length 32 +| |System.Backup.CompressProcessNumber |The number of concurrent process for compression during backup. Value `10` means the number of processes used to compress equals the node CPU’s cores. |`10` +|`int32` +|`10` +| |System.Backup.DecompressProcessNumber | The number of concurrent processes for decompression during the restore. | `8` +|`int32` +|`8` +| |System.Backup.CompressionLevel |The backup compression level strikes a balance between size and speed. The better compression, the longer it takes. ("BestSpeed", "DefaultCompression", "BestCompression") | "DefaultCompression" +|`string` +|`DefaultCompression` +| |System.Backup.Local.Enable |Backup data to local path *IMPORTANT*: If set to `true`, this also enables a daily full backup at 12:00am UTC. |`false` +|`bool` +|`false` +| |System.Backup.Local.Path |The path to store the backup files |`nan` |System.Backup.S3.AWSAccessKeyID |The AWS access key ID for s3 bucket of backup |`nan` +|`string` +|Empty string +| |System.Backup.S3.AWSSecretAccessKey |The secret access key for s3 bucket |`nan` +|`string` +|Empty string +| |System.Backup.S3.RoleARN |The AWS role for accessing s3 bucket, its use is prioritized over the combination of access key id and secret access key in accessing s3. To understand what AWS role ARN is, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns[AWS role ARN doc]. *NOTE*: This is only for AWS S3, and TigerGraph assumes the credentials for using `sts:AssumeRole` have been set up. You can verify the credentials are ready by running link:https://docs.aws.amazon.com/cli/latest/reference/sts/assume-role.html#examples[aws sts assume-role]. One way to set up credentials is to configure access key id, secret access key and region with AWS CLI `aws configure`.|`nan` +|`string` +|Empty string +| |System.Backup.S3.BucketName |The S3 bucket name |`nan` +|`string` +|Empty string +| |System.Backup.S3.Enable |Backup data to S3 path |`false` +|`bool` +|`false` +| |System.Backup.S3.Endpoint | Endpoint to use instead of the S3 default endpoint. Must be a fully qualified URL. Typically used when operating in a private network or with a non-AWS S3-compatible endpoint. | null - +|`string` +|Empty string +| |System.Backup.TimeoutSec |The backup timeout in seconds |`18000` +|`int32` +|`18000` +| |System.CrossRegionReplication.Enabled |Enable Kafka Mirrormaker |`false` +|`bool` +|`false` +| |System.CrossRegionReplication.PrimaryKafkaIPs |Kafka mirrormaker primary cluster’s IPs, separator by `,' |`nan` +|`string` +|Empty string +| |System.CrossRegionReplication.PrimaryKafkaPort |Kafka mirrormaker primary cluster’s KafkaPort |`30002` +|`int32` +|`30002` +| |System.CrossRegionReplication.TopicPrefix |The prefix of GPE/GUI/GSQL Kafka Topic, by default is empty. |`nan` +|`string` +|Empty string +| |System.DataRoot |The root directory for data |`/home/tigergraph/tigergraph/data` +|`string` +|`/home/tigergraph/tigergraph/data` +| |System.Event.EventInputTopic |Kafka topic name of event input queue |`EventInputQueue` +|`string` +|`EventInputQueue` |System.Event.EventOffsetFolderRelativePath |The relative path (to the System.DataRoot) of the folder to keep track of Kafka offsets for event input/output queue |`offset` +|`string` +| `offset` +| |System.Event.EventOutputTopic |Kafka topic name of event output queue |`EventOutputQueue` +|`string` +|`EventOutputQueue` +| |System.Event.MetricsTopic |Kafka topic name of metrics event queue |`MetricsQueue` +|`string` +|`MetricsQueue` +| |System.HostList |The aliases and hostnames/IPs for nodes |`[{"ID":"m1","Hostname":"192.168.1.1","Region":"r1"},{"ID":"m2","Hostname":"192.168.1.2","Region":"r2"}]` +|`string` +|`[{"ID":"m1","Hostname":"192.168.1.1","Region":"r1"},{"ID":"m2","Hostname":"192.168.1.2","Region":"r2"}]` |System.License |The license key for TigerGraph system |`nan` +|`string` +|Empty string +| |System.LogRoot |The root directory for TigerGraph logs |`/home/tigergraph/tigergraph/log` +|`string` +|`/home/tigergraph/tigergraph/log` +| |System.Metrics.CPUIntervalSec |The CPU metric data collect interval (s) |`60` +|`int32` +|`60` +| |System.Metrics.DiskspaceIntervalSec |The diskspace metric data collect interval (s) |`300` +|`int32` +|`300` +| |System.Metrics.MemoryIntervalSec |The memory metric data collect interval (s) |`60` +|`int32` +|`60` +| |System.Metrics.NetworkIntervalSec |The network metric data collect interval (s) |`60` +|`int32` +|`60` +| |System.Metrics.QPSIntervalSec |The QPS metric data collect interval (s) +|`int32` |`60` +| |System.Metrics.IncludeHostName | If set to true, the hostname/ip will be included in all metrics output, in OpenMetrics format, as part of the variable labels. Otherwise, the default is `false` and the response will not include hostname/ip as part of the variable labels. As in the example xref:tigergraph-server:API:built-in-endpoints.adoc#_monitor_system_metrics_openmetrics_format[Monitor system metrics (OpenMetrics format)] | `System.Metrics.IncludeHostName true` +|`bool` +|`false` +| |System.SSH.ConfigFileRelativePath |The relative path (to the System.DataRoot) of SSH config file |`ssh/ssh_config` +|`string` +|`ssh/ssh_config` +| |System.SSH.Port |SSH port |`22` +|`int32` +|`22` +| |System.SSH.User.Password |OS User password (optional if using privatekey) |`tigergraph` +|`string` +|`tigergraph` +| |System.SSH.User.Privatekey |OS user private key path |`nan` +|`string` +|Empty string +| |System.SSH.User.Username |OS Username for TigerGraph database |`tigergraph` +|`string` +|`tigergraph` +| |System.TempRoot |The temporary directory for TigerGraph applications |`/home/tigergraph/tigergraph/tmp` +|`string` +|`/home/tigergraph/tigergraph/tmp` +| |=== == ZK [width="100%",cols="34%,33%,33%",options="header",] |=== -|Name |Description |Example +|Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |ZK.BasicConfig.Env | A list of `=` pairs, separated by `;` |`ZK_SERVER_HEAP=4096;` +|`string` +|`ZK_SERVER_HEAP=4096;` +| |ZK.BasicConfig.LogConfig.LogFileMaxSizeMB |The maximum size in megabytes of the log file before it gets rotated |`100` +|`int32` +|`100` +| |ZK.BasicConfig.LogConfig.LogLevel |The log level for zk (``TRACE'', ``DEBUG'', ``INFO'', ``WARN'', ``ERROR'', ``FATAL'' ``OFF'') |`INFO` +|`string` +|`INFO` +| |ZK.BasicConfig.LogConfig.LogRotationFileNumber |The maximum number of old log files to retain |`100` +|`int32` +|`100` +| |ZK.BasicConfig.LogDirRelativePath |The relative path (to the System.LogRoot) of log directory for ZK |`zk` +|`string` +|`zk` +| |ZK.BasicConfig.Nodes |The node list for Zookeeper |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` +|`string` +|`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` +| |ZK.DataRelativePath |The data dir of zookeeper under $DataRoot |`zk` +|`string` +|`zk` +| |ZK.ElectionPort |The port for Zookeeper to do leader election |`3888` +|`int32` +|`3888` +| |ZK.ForceSync |The force synchronize property of zookeeper |`false` +|`bool` +|`false` |ZK.InitLimit |The amount of time, in ticks(by default 2s for one tick), to allow followers to connect and sync to a leader. Increased this value as needed, if the amount of data managed by ZooKeeper is large |`30` +|`int32` +|`30` +| |ZK.Port |The serving port for Zookeeper |`19999` +|`int32` +|`19999` +| |ZK.QuorumPort |The port for Zookeeper to do peer communication |`2888` +|`int32` +|`2888` +| |ZK.StartTimeoutMS |Start zookeeper timeout |`120000` +|`int32` +|`120000` +| |=== == Environment Variables @@ -1402,17 +2622,23 @@ If you use `gadmin config set GPE.BasicConfig.Env` or `gadmin config entry GPE.B [cols="4",options="header",] |=== -|Component |Name |Description |Example +|Component |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values | GSQL |`GPE_DSC_APPLY_TIMEOUT_MINUTE`, GSQL.Basic.ConfigEnv | [v3.9.2+] Timeout (minutes) for dynamic schema change. Default = 30 | 30 +| `int32` +| `30` +| |RESPP | `SSL_CA_CERT`, RESETPP.BasicConfig.Env | Set the CA certificate `SSL_CA_CERT` to establish the connection with the URL being set with xref:tigergraph-server:user-access:jwt-token.adoc[]. | `SSL_CA_CERT=/home/tigergraph/cacertificate/example/;` +|`string` +|`SSL_CA_CERT=/home/tigergraph/cacertificate/example/;` +| |GPE | `SegmentMetaFlushAlways`, @@ -1424,6 +2650,12 @@ Default is set to `false`. * Setting this flag can ensure the most aggressive refresh logic, which can benefit Kafka retention and lower the disk usage most promptly. But it can cause slow scheduling in lower `WRITE IO` environment like `EFS`, `S3`, and not release the memory efficiently. | `SegmentMetaFlushAlways=true` +|`bool` +|`true` +| + +|GPE +| `SegmentMetaFlushIntervalSec`, || `SegmentMetaForceFlushIntervalSec`, GPE.BasicConfig.Env @@ -1436,6 +2668,11 @@ Default to 600 sec (10 minutes). * Lowering the interval value means a more aggressive refresh logic, which can benefit Kafka retention and lower the disk usage more promptly. But can cause slow scheduling in lower WRITE IO environment like EFS, S3, and memory not released efficiently. | `SegmentMetaForceFlushIntervalSec=600` +|`int32` +|`600` +| + +|GPE || `CDCKafkaFlushTimeoutMs`, GPE.BasicConfig.Env a| @@ -1444,27 +2681,46 @@ a| * When set to -1, there is an infinite timeout, which may slow the GPE shutdown. | `CDCKafkaFlushTimeoutMs=-1` +|`int32` +|`-1` +| || `CDCDeltaBufferCapInMB`, GPE.BasicConfig.Env | In-memory buffer limit for delta message in CDC service. | `CDCDeltaBufferCapInMB=10` +|`int32` +|`10` +| || `DIMDeltaBufferCapInMB`, GPE.BasicConfig.Env | In-memory buffer limit for “vertex-deletion“ delta message in deleted id map service. | `DIMDeltaBufferCapInMB=100` +|`int32` +|`100` +| || `DIMCacheLimitInMB`, GPE.BasicConfig.Env | In-memory cache limit for deleted id map. | `DIMCacheLimitInMB=1024` +|`int32` +|`1024` +| || `DIMPurgeIntervalInMin`, GPE.BasicConfig.Env | Interval for purging outdated entries in deleted id map. | `DIMPurgeIntervalInMin=30` +|`int32` +|`30` +| + +|GPE || `TransactionStoreMemLimit`, GPE.BasicConfig.Env | The value must be uint64_t type and in unit: Byte. The default value is 4194304, which means 4 MB. | `TransactionStoreMemLimit=4194304` +|`int32` +|`4194304` || `TransactionSizeLimit`, GPE.BasicConfig.Env a| @@ -1472,5 +2728,7 @@ a| * The default value is 0. When the value is 0, the threshold is dynamically decided by TigerGraph, based on current memory usage statistics. | `TransactionSizeLimit=1073741824` +|`int64` +|`1073741824` |=== From 32d7a11ef06aab0aed27e7f6891c7e0e617639aa Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg Date: Mon, 2 Sep 2024 17:49:44 +0800 Subject: [PATCH 08/26] update gadmin configuration --- modules/reference/pages/configuration-parameters.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/reference/pages/configuration-parameters.adoc b/modules/reference/pages/configuration-parameters.adoc index f40f0616..27549716 100644 --- a/modules/reference/pages/configuration-parameters.adoc +++ b/modules/reference/pages/configuration-parameters.adoc @@ -9,7 +9,7 @@ In addition, the last table is for runtime environment variables. Each component == Admin -[cols="3", options="header",] +[cols="6", options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Admin.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -2276,7 +2276,7 @@ empty. You can use @/cert/file/path to pass the certificate from a file. == System -[cols="3",options="header",] +[cols="6",options="header",] //[%autowidth,options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values From 7ec9eea1e1ff1822ef1f106bfb2d113ecf354a7a Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg Date: Mon, 2 Sep 2024 17:54:14 +0800 Subject: [PATCH 09/26] update gadmin configuration --- .../pages/configuration-parameters.adoc | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/modules/reference/pages/configuration-parameters.adoc b/modules/reference/pages/configuration-parameters.adoc index 27549716..8488b914 100644 --- a/modules/reference/pages/configuration-parameters.adoc +++ b/modules/reference/pages/configuration-parameters.adoc @@ -64,7 +64,7 @@ System.LogRoot) of the log directory for Admin |`admin` == Controller -[width="100%",cols="34%,33%,33%",options="header",] +[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Controller.BasicConfig.Env | A list of `=` pairs, separated by `;` |`nan` @@ -163,7 +163,7 @@ controller |`5` == Dict -[width="100%",cols="34%,33%,33%",options="header",] +[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Dict.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -212,7 +212,7 @@ System.LogRoot) of log directory for Dict |`dict` == ETCD -[width="100%",cols="34%,33%,33%",options="header",] +[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |ETCD.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -319,7 +319,7 @@ snapshot to disk |`50000` == Executor -[width="100%",cols="34%,33%,33%",options="header",] +[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Executor.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -404,7 +404,7 @@ file transfer |`10` == FileLoader -[width="100%",cols="34%,33%,33%",options="header",] +[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |FileLoader.BasicConfig.Env |A list of `=` pairs, separated by `;` |`nan` @@ -507,7 +507,7 @@ response |`8500` == GPE -[width="100%",cols="34%,33%,33%",options="header",] +[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |GPE.BasicConfig.Env |A list of `=` pairs, separated by `;` @@ -693,7 +693,7 @@ bucket counts. |`5` == GSE -[width="100%",cols="34%,33%,33%",options="header",] +[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |GSE.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -775,7 +775,7 @@ responsive after the TTL. |`30` == GSQL -[width="100%",cols="34%,33%,33%",options="header",] +[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |GSQL.BasicConfig.Env |A list of `=` pairs, separated by `;` @@ -1017,7 +1017,7 @@ online |`300` == GUI -[width="100%",cols="34%,33%,33%",options="header",] +[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |GUI.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -1161,7 +1161,7 @@ System.TempRoot) |`gui` == Gadmin -[width="100%",cols="34%,33%,33%",options="header",] +[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Gadmin.StartServiceDefaultTimeoutMS |The start one service default @@ -1185,7 +1185,7 @@ request timeout in milliseconds |`30000` == Informant -[width="100%",cols="34%,33%,33%",options="header",] +[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Informant.BasicConfig.Env | A list of `=` pairs, separated by `; @@ -1259,7 +1259,7 @@ Longer retention results in higher disk space usage and slower search for histor == Kafka -[width="100%",cols="34%,33%,33%",options="header",] +[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Kafka.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -1369,7 +1369,7 @@ eligible for deletion (gigabytes) |`40` == KafkaConnect -[width="100%",cols="34%,33%,33%",options="header",] +[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values @@ -1460,7 +1460,7 @@ attempting to retry a failed fetch request to a given topic partition == KafkaLoader -[width="100%",cols="34%,33%,33%",options="header",] +[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |KafkaLoader.BasicConfig.Env | A list of `=` pairs, separated by `;` |`nan` @@ -1564,7 +1564,7 @@ node |`1` == KafkaStreamLL -[width="100%",cols="34%,33%,33%",options="header",] +[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |KafkaStreamLL.BasicConfig.Env | A list of `=` pairs, separated by `;` |`nan` @@ -1631,7 +1631,7 @@ stream LoadingLog state |`kafkastrm-ll` == Nginx -[width="100%",cols="34%,33%,33%",options="header",] +[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Nginx.AllowedCIDRList |The allowlist of IPv4/IPv6 CIDR blocks to @@ -1724,7 +1724,7 @@ the key from file) |`nan` [#_restpp] == RESTPP -[width="100%",cols="34%,33%,33%",options="header",] +[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |RESTPP.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -1900,7 +1900,7 @@ concurrent queries in the delay queue |`20` == Security -[width="100%",cols="34%,33%,33%",options="header",] +[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values @@ -2538,7 +2538,7 @@ privatekey) |`tigergraph` == ZK -[width="100%",cols="34%,33%,33%",options="header",] +[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |ZK.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -2615,7 +2615,7 @@ as needed, if the amount of data managed by ZooKeeper is large |`30` |=== == Environment Variables -//[width="100%",cols="34%,33%,33%",options="header",] +//[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] An environment variable is set using its `xxx.Basic.ConfigEnv` configuration parameter, where `xxx` is the name of its associated component. If you use `gadmin config set GPE.BasicConfig.Env` or `gadmin config entry GPE.BasicConfig.Env`, users will be able to add entries for GPE runtime environment variables. From a3c53121398136074b7a7668959bde4b5cf6104c Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg Date: Mon, 2 Sep 2024 17:58:33 +0800 Subject: [PATCH 10/26] update configuration --- .../pages/configuration-parameters.adoc | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/modules/reference/pages/configuration-parameters.adoc b/modules/reference/pages/configuration-parameters.adoc index 8488b914..4c6f975f 100644 --- a/modules/reference/pages/configuration-parameters.adoc +++ b/modules/reference/pages/configuration-parameters.adoc @@ -64,7 +64,7 @@ System.LogRoot) of the log directory for Admin |`admin` == Controller -[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] +[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Controller.BasicConfig.Env | A list of `=` pairs, separated by `;` |`nan` @@ -163,7 +163,7 @@ controller |`5` == Dict -[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] +[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Dict.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -212,7 +212,7 @@ System.LogRoot) of log directory for Dict |`dict` == ETCD -[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] +[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |ETCD.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -319,7 +319,7 @@ snapshot to disk |`50000` == Executor -[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] +[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Executor.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -404,7 +404,7 @@ file transfer |`10` == FileLoader -[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] +[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |FileLoader.BasicConfig.Env |A list of `=` pairs, separated by `;` |`nan` @@ -507,7 +507,7 @@ response |`8500` == GPE -[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] +[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |GPE.BasicConfig.Env |A list of `=` pairs, separated by `;` @@ -693,7 +693,7 @@ bucket counts. |`5` == GSE -[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] +[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |GSE.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -775,7 +775,7 @@ responsive after the TTL. |`30` == GSQL -[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] +[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |GSQL.BasicConfig.Env |A list of `=` pairs, separated by `;` @@ -1017,7 +1017,7 @@ online |`300` == GUI -[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] +[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |GUI.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -1161,7 +1161,7 @@ System.TempRoot) |`gui` == Gadmin -[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] +[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Gadmin.StartServiceDefaultTimeoutMS |The start one service default @@ -1185,7 +1185,7 @@ request timeout in milliseconds |`30000` == Informant -[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] +[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Informant.BasicConfig.Env | A list of `=` pairs, separated by `; @@ -1259,7 +1259,7 @@ Longer retention results in higher disk space usage and slower search for histor == Kafka -[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] +[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Kafka.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -1369,7 +1369,7 @@ eligible for deletion (gigabytes) |`40` == KafkaConnect -[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] +[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values @@ -1460,7 +1460,7 @@ attempting to retry a failed fetch request to a given topic partition == KafkaLoader -[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] +[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |KafkaLoader.BasicConfig.Env | A list of `=` pairs, separated by `;` |`nan` @@ -1564,7 +1564,7 @@ node |`1` == KafkaStreamLL -[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] +[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |KafkaStreamLL.BasicConfig.Env | A list of `=` pairs, separated by `;` |`nan` @@ -1631,7 +1631,7 @@ stream LoadingLog state |`kafkastrm-ll` == Nginx -[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] +[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Nginx.AllowedCIDRList |The allowlist of IPv4/IPv6 CIDR blocks to @@ -1724,7 +1724,7 @@ the key from file) |`nan` [#_restpp] == RESTPP -[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] +[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |RESTPP.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -1900,7 +1900,7 @@ concurrent queries in the delay queue |`20` == Security -[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] +[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values @@ -2538,7 +2538,7 @@ privatekey) |`tigergraph` == ZK -[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] +[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |ZK.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -2615,7 +2615,7 @@ as needed, if the amount of data managed by ZooKeeper is large |`30` |=== == Environment Variables -//[width="100%"cols="17%,16.6%,16.6%,16.6%,16.6%,16.6%",options="header",] +//[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] An environment variable is set using its `xxx.Basic.ConfigEnv` configuration parameter, where `xxx` is the name of its associated component. If you use `gadmin config set GPE.BasicConfig.Env` or `gadmin config entry GPE.BasicConfig.Env`, users will be able to add entries for GPE runtime environment variables. From 532a203b03cf1ea402053ba0b7c572f7819b2731 Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg Date: Mon, 2 Sep 2024 18:02:08 +0800 Subject: [PATCH 11/26] update gadmin configuration --- modules/reference/pages/configuration-parameters.adoc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/reference/pages/configuration-parameters.adoc b/modules/reference/pages/configuration-parameters.adoc index 4c6f975f..19fbdf11 100644 --- a/modules/reference/pages/configuration-parameters.adoc +++ b/modules/reference/pages/configuration-parameters.adoc @@ -69,7 +69,7 @@ System.LogRoot) of the log directory for Admin |`admin` |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Controller.BasicConfig.Env | A list of `=` pairs, separated by `;` |`nan` |`string` -|`` +|Empty string | |Controller.BasicConfig.LogConfig.LogFileMaxDurationDay |The maximum @@ -2035,6 +2035,9 @@ Required for OIDC code flow, not needed for implicit flow. Type: `STRING` | `https://op.example.com/oauth/token` +|`string` +|`https://op.example.com/oauth/token` +| |Security.SSO.OIDC.BuiltinUser |The builtin user for OIDC, default: __GSQL__oidc |`__GSQL__oidc` From 3a6c7b071c7a4bd53746bb7de9877288ab9c4edb Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg Date: Mon, 2 Sep 2024 18:04:54 +0800 Subject: [PATCH 12/26] format --- modules/reference/pages/configuration-parameters.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/reference/pages/configuration-parameters.adoc b/modules/reference/pages/configuration-parameters.adoc index 19fbdf11..e9cd9902 100644 --- a/modules/reference/pages/configuration-parameters.adoc +++ b/modules/reference/pages/configuration-parameters.adoc @@ -1062,6 +1062,7 @@ System.LogRoot) of log directory for GUI |`gui` |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` |`json` |`[{"HostID":"m1","Replica":1},{"HostID":"m2", "Replica":2}]` +| |GUI.ClientIdleTimeSec |The maximum idle time of client-side GraphStudio and AdminPortal before inactivity logout |`604800` From 275d4eea622456fe628364a1f5156ff642c5f458 Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg Date: Mon, 2 Sep 2024 18:08:00 +0800 Subject: [PATCH 13/26] format --- modules/reference/pages/configuration-parameters.adoc | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/reference/pages/configuration-parameters.adoc b/modules/reference/pages/configuration-parameters.adoc index e9cd9902..13cd45cf 100644 --- a/modules/reference/pages/configuration-parameters.adoc +++ b/modules/reference/pages/configuration-parameters.adoc @@ -2026,9 +2026,6 @@ in LDAP server: default uid |`uid` |`string` |`uid` | -|=== - -== Security (Advanced) | Security.SSO.OIDC.OP.AccessTokenURL | The API to request access token from OP. From 49e7d43a74e9cd22e18418644889f245338051b7 Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg Date: Mon, 2 Sep 2024 18:10:48 +0800 Subject: [PATCH 14/26] format --- modules/reference/pages/configuration-parameters.adoc | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/modules/reference/pages/configuration-parameters.adoc b/modules/reference/pages/configuration-parameters.adoc index 13cd45cf..2872996d 100644 --- a/modules/reference/pages/configuration-parameters.adoc +++ b/modules/reference/pages/configuration-parameters.adoc @@ -2291,17 +2291,21 @@ empty. You can use @/cert/file/path to pass the certificate from a file. | System.Audit.Enable | Setting to enable audit logs. | `System.Audit.Enable true` |`bool` |`true` +| | System.Audit.DatabaseName | Modify the DataBaseName field in log file header. | `System.Audit.DataBaseName ` +|`string` +|`TigerGraph` +| | System.Audit.LogDirRelativePath | Modify the relative audit log path. | `System.Audit.LogDirRelativePath ` |`string` -| `System.Audit.LogDirRelativePath ` +|`auditlog` | | System.Audit.LogConfig.LogFileMaxDurationDay | Modify the audit log file’s modification date. | `System.Audit.LogConfig.LogFileMaxDurationDay ` |`int32` -| `90` +|`90` | | System.Audit.LogConfig.LogFileMaxSizeMB | Modify the audit log file’s max size. | `System.Audit.LogConfig.LogFileMaxSizeMB ` From 4d43fd4530a68589553ed7d09abc4d6594a5539e Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg Date: Mon, 2 Sep 2024 18:13:48 +0800 Subject: [PATCH 15/26] format --- modules/reference/pages/configuration-parameters.adoc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/reference/pages/configuration-parameters.adoc b/modules/reference/pages/configuration-parameters.adoc index 2872996d..28e6e40d 100644 --- a/modules/reference/pages/configuration-parameters.adoc +++ b/modules/reference/pages/configuration-parameters.adoc @@ -2357,6 +2357,10 @@ used to compress equals the node CPU’s cores. |`10` | |System.Backup.Local.Path |The path to store the backup files |`nan` +|`string` +|Empty string +| + |System.Backup.S3.AWSAccessKeyID |The AWS access key ID for s3 bucket of backup |`nan` |`string` From f7f72d97d23b9c7e7b2570666c29a6e1092f3b21 Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg Date: Mon, 2 Sep 2024 18:14:27 +0800 Subject: [PATCH 16/26] format --- modules/reference/pages/configuration-parameters.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/reference/pages/configuration-parameters.adoc b/modules/reference/pages/configuration-parameters.adoc index 28e6e40d..6b60e67a 100644 --- a/modules/reference/pages/configuration-parameters.adoc +++ b/modules/reference/pages/configuration-parameters.adoc @@ -2459,6 +2459,7 @@ input/output queue |`offset` |`[{"ID":"m1","Hostname":"192.168.1.1","Region":"r1"},{"ID":"m2","Hostname":"192.168.1.2","Region":"r2"}]` |`string` |`[{"ID":"m1","Hostname":"192.168.1.1","Region":"r1"},{"ID":"m2","Hostname":"192.168.1.2","Region":"r2"}]` +| |System.License |The license key for TigerGraph system |`nan` |`string` From ddb04fe444abd7caffc172b46de778a6db07a624 Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg Date: Mon, 2 Sep 2024 18:16:11 +0800 Subject: [PATCH 17/26] format --- modules/reference/pages/configuration-parameters.adoc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/reference/pages/configuration-parameters.adoc b/modules/reference/pages/configuration-parameters.adoc index 6b60e67a..e90b7d4d 100644 --- a/modules/reference/pages/configuration-parameters.adoc +++ b/modules/reference/pages/configuration-parameters.adoc @@ -2435,6 +2435,7 @@ Kafka Topic, by default is empty. |`nan` |`EventInputQueue` |`string` |`EventInputQueue` +| |System.Event.EventOffsetFolderRelativePath |The relative path (to the System.DataRoot) of the folder to keep track of Kafka offsets for event @@ -2496,7 +2497,8 @@ interval (s) |`60` |`60` | -|System.Metrics.QPSIntervalSec |The QPS metric data collect interval (s) +|System.Metrics.QPSIntervalSec |The QPS metric data collect interval (s) |`60` + |`int32` |`60` | From b540ea3e5111dc27fc131db703224bf3eceecd06 Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg Date: Mon, 2 Sep 2024 18:17:06 +0800 Subject: [PATCH 18/26] format --- modules/reference/pages/configuration-parameters.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/reference/pages/configuration-parameters.adoc b/modules/reference/pages/configuration-parameters.adoc index e90b7d4d..4601ca56 100644 --- a/modules/reference/pages/configuration-parameters.adoc +++ b/modules/reference/pages/configuration-parameters.adoc @@ -2602,6 +2602,7 @@ System.LogRoot) of log directory for ZK |`zk` |ZK.ForceSync |The force synchronize property of zookeeper |`false` |`bool` |`false` +| |ZK.InitLimit |The amount of time, in ticks(by default 2s for one tick), to allow followers to connect and sync to a leader. Increased this value From ea230d77ccf073986e0ae8677d4c5f352ff2274c Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg Date: Mon, 2 Sep 2024 18:17:55 +0800 Subject: [PATCH 19/26] format --- modules/reference/pages/configuration-parameters.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/reference/pages/configuration-parameters.adoc b/modules/reference/pages/configuration-parameters.adoc index 4601ca56..7520588b 100644 --- a/modules/reference/pages/configuration-parameters.adoc +++ b/modules/reference/pages/configuration-parameters.adoc @@ -2633,7 +2633,7 @@ An environment variable is set using its `xxx.Basic.ConfigEnv` configuration par If you use `gadmin config set GPE.BasicConfig.Env` or `gadmin config entry GPE.BasicConfig.Env`, users will be able to add entries for GPE runtime environment variables. -[cols="4",options="header",] +[cols="6",options="header",] |=== |Component |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values From 5256483e9bef17d659cfdecf885df325c41bd3c9 Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg Date: Mon, 2 Sep 2024 18:19:07 +0800 Subject: [PATCH 20/26] format --- modules/reference/pages/configuration-parameters.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/reference/pages/configuration-parameters.adoc b/modules/reference/pages/configuration-parameters.adoc index 7520588b..657021e4 100644 --- a/modules/reference/pages/configuration-parameters.adoc +++ b/modules/reference/pages/configuration-parameters.adoc @@ -2633,7 +2633,7 @@ An environment variable is set using its `xxx.Basic.ConfigEnv` configuration par If you use `gadmin config set GPE.BasicConfig.Env` or `gadmin config entry GPE.BasicConfig.Env`, users will be able to add entries for GPE runtime environment variables. -[cols="6",options="header",] +[cols="7",options="header",] |=== |Component |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values From 0ab4b7ecf40226fee65f116456f880c983388a5f Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg Date: Mon, 2 Sep 2024 18:22:58 +0800 Subject: [PATCH 21/26] format --- modules/reference/pages/configuration-parameters.adoc | 4 ---- 1 file changed, 4 deletions(-) diff --git a/modules/reference/pages/configuration-parameters.adoc b/modules/reference/pages/configuration-parameters.adoc index 657021e4..41ed8ff8 100644 --- a/modules/reference/pages/configuration-parameters.adoc +++ b/modules/reference/pages/configuration-parameters.adoc @@ -2667,10 +2667,6 @@ But it can cause slow scheduling in lower `WRITE IO` environment like `EFS`, `S3 |`true` | -|GPE -| `SegmentMetaFlushIntervalSec`, - - || `SegmentMetaForceFlushIntervalSec`, GPE.BasicConfig.Env a| * This entry is only effective when `SegmentMetaFlushAlways=false`. From 2b17583a2f3a79e5ce099b5c06265b7a38305844 Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg Date: Mon, 2 Sep 2024 18:24:58 +0800 Subject: [PATCH 22/26] format --- modules/reference/pages/configuration-parameters.adoc | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/reference/pages/configuration-parameters.adoc b/modules/reference/pages/configuration-parameters.adoc index 41ed8ff8..a03061ec 100644 --- a/modules/reference/pages/configuration-parameters.adoc +++ b/modules/reference/pages/configuration-parameters.adoc @@ -2681,8 +2681,6 @@ But can cause slow scheduling in lower WRITE IO environment like EFS, S3, and me |`600` | -|GPE - || `CDCKafkaFlushTimeoutMs`, GPE.BasicConfig.Env a| * When a GPE service shuts down, CDC will try to flush all generated cdc messages to external kafka. From 2e9a5a9ef85eb45a65914d47cd3fc91da1dc46e9 Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg Date: Mon, 2 Sep 2024 18:26:20 +0800 Subject: [PATCH 23/26] format --- modules/reference/pages/configuration-parameters.adoc | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/reference/pages/configuration-parameters.adoc b/modules/reference/pages/configuration-parameters.adoc index a03061ec..cf7944ab 100644 --- a/modules/reference/pages/configuration-parameters.adoc +++ b/modules/reference/pages/configuration-parameters.adoc @@ -2721,8 +2721,6 @@ a| |`30` | -|GPE - || `TransactionStoreMemLimit`, GPE.BasicConfig.Env | The value must be uint64_t type and in unit: Byte. The default value is 4194304, which means 4 MB. | `TransactionStoreMemLimit=4194304` From d716bfc65409b76cd6c63bc50f2627a099d75edb Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg Date: Mon, 2 Sep 2024 21:55:02 +0800 Subject: [PATCH 24/26] update format --- .../pages/configuration-parameters.adoc | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/modules/reference/pages/configuration-parameters.adoc b/modules/reference/pages/configuration-parameters.adoc index cf7944ab..0fa644b3 100644 --- a/modules/reference/pages/configuration-parameters.adoc +++ b/modules/reference/pages/configuration-parameters.adoc @@ -64,7 +64,7 @@ System.LogRoot) of the log directory for Admin |`admin` == Controller -[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] +[width="100%,"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Controller.BasicConfig.Env | A list of `=` pairs, separated by `;` |`nan` @@ -163,7 +163,7 @@ controller |`5` == Dict -[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] +[width="100%,"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Dict.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -212,7 +212,7 @@ System.LogRoot) of log directory for Dict |`dict` == ETCD -[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] +[width="100%,"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |ETCD.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -319,7 +319,7 @@ snapshot to disk |`50000` == Executor -[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] +[width="100%,"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Executor.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -404,7 +404,7 @@ file transfer |`10` == FileLoader -[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] +[width="100%,"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |FileLoader.BasicConfig.Env |A list of `=` pairs, separated by `;` |`nan` @@ -507,7 +507,7 @@ response |`8500` == GPE -[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] +[width="100%,"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |GPE.BasicConfig.Env |A list of `=` pairs, separated by `;` @@ -693,7 +693,7 @@ bucket counts. |`5` == GSE -[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] +[width="100%,"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |GSE.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -775,7 +775,7 @@ responsive after the TTL. |`30` == GSQL -[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] +[width="100%,"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |GSQL.BasicConfig.Env |A list of `=` pairs, separated by `;` @@ -1017,7 +1017,7 @@ online |`300` == GUI -[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] +[width="100%,"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |GUI.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -1162,7 +1162,7 @@ System.TempRoot) |`gui` == Gadmin -[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] +[width="100%,"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Gadmin.StartServiceDefaultTimeoutMS |The start one service default @@ -1186,7 +1186,7 @@ request timeout in milliseconds |`30000` == Informant -[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] +[width="100%,"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Informant.BasicConfig.Env | A list of `=` pairs, separated by `; @@ -1260,7 +1260,7 @@ Longer retention results in higher disk space usage and slower search for histor == Kafka -[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] +[width="100%,"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Kafka.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -1370,7 +1370,7 @@ eligible for deletion (gigabytes) |`40` == KafkaConnect -[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] +[width="100%,"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values @@ -1461,7 +1461,7 @@ attempting to retry a failed fetch request to a given topic partition == KafkaLoader -[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] +[width="100%,"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |KafkaLoader.BasicConfig.Env | A list of `=` pairs, separated by `;` |`nan` @@ -1565,7 +1565,7 @@ node |`1` == KafkaStreamLL -[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] +[width="100%,"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |KafkaStreamLL.BasicConfig.Env | A list of `=` pairs, separated by `;` |`nan` @@ -1632,7 +1632,7 @@ stream LoadingLog state |`kafkastrm-ll` == Nginx -[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] +[width="100%,"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |Nginx.AllowedCIDRList |The allowlist of IPv4/IPv6 CIDR blocks to @@ -1725,7 +1725,7 @@ the key from file) |`nan` [#_restpp] == RESTPP -[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] +[width="100%,"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |RESTPP.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -1901,7 +1901,7 @@ concurrent queries in the delay queue |`20` == Security -[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] +[width="100%,"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values @@ -2550,7 +2550,7 @@ privatekey) |`tigergraph` == ZK -[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] +[width="100%,"cols="17%,17%,17%,17%,16%,16%",options="header",] |=== |Name |Description |Example |Value types |Default value |Explanation of parameters that use complex values |ZK.BasicConfig.Env | A list of `=` pairs, separated by `;` @@ -2628,7 +2628,7 @@ as needed, if the amount of data managed by ZooKeeper is large |`30` |=== == Environment Variables -//[width="100%"cols="17%,17%,17%,17%,16%,16%",options="header",] +//[width="100%,"cols="17%,17%,17%,17%,16%,16%",options="header",] An environment variable is set using its `xxx.Basic.ConfigEnv` configuration parameter, where `xxx` is the name of its associated component. If you use `gadmin config set GPE.BasicConfig.Env` or `gadmin config entry GPE.BasicConfig.Env`, users will be able to add entries for GPE runtime environment variables. From 91286780e23a4e26770bad0e86a50a3777dcf76d Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg Date: Mon, 2 Sep 2024 22:49:43 +0800 Subject: [PATCH 25/26] update JSON description --- .../pages/configuration-parameters.adoc | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/modules/reference/pages/configuration-parameters.adoc b/modules/reference/pages/configuration-parameters.adoc index 0fa644b3..105491d7 100644 --- a/modules/reference/pages/configuration-parameters.adoc +++ b/modules/reference/pages/configuration-parameters.adoc @@ -53,7 +53,7 @@ System.LogRoot) of the log directory for Admin |`admin` |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` |`json` |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` -| +|`HostID`: the host ID; `Replica`: the Admin replica server id. |Admin.Port |The port for Admin |`12471` |`int32` @@ -108,7 +108,7 @@ System.LogRoot) of log directory for Controller |`controller` |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` |`json` |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` -| +|`HostID`: the host ID; `Replica`: the Controller replica server id. |Controller.ConfigRepoRelativePath |The relative path (to the System.DataRoot) of config repo where the service config files are @@ -201,7 +201,7 @@ System.LogRoot) of log directory for Dict |`dict` |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` |`json` |`{HostID: "m1", Replica: 1}` -| +|`HostID`: the host ID; `Replica`: the Dict replica server id. |Dict.Port |The port for Dict |`17797` |`int32` @@ -257,7 +257,7 @@ System.LogRoot) of the log directory for ETCD |`etcd` |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` |`json` |`{HostID: "m1", Replica: 1}` -| +|`HostID`: the host ID; `Replica`: the ETCD replica server id. |ETCD.ClientPort |The port of ETCD to listen for client traffic |`20000` |`int32` @@ -742,7 +742,7 @@ System.LogRoot) of log directory for GSE |`gse` |`[{"HostID":"m1","Partition":1,"Replica":1},{"HostID":"m2","Partition":1,"Replica":2}]` |`json` |`[{"HostID":"m1","Partition":1,"Replica":1},{"HostID":"m2","Partition":1,"Replica":2}]` -| +|`HostID`: the host ID; `Partition`: the partition id of GSE data; `Replica`: the GSE replica server id. |GSE.IdRequestPort |The id request serving port of GSE |`6500` |`int32` @@ -812,7 +812,7 @@ System.LogRoot) of log directory for GSQL |`gsql` |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` |`json` |`[{"HostID":"m1", "Replica":1},{"HostID":"m2", "Replica":2}]` -| +|`HostID`: the host ID; `Replica`: the GSQL replica server id. |GSQL.CatalogBackupFileMaxDurationDay |The maximum number of days for catalog backup files to retain |`30` @@ -1062,7 +1062,7 @@ System.LogRoot) of log directory for GUI |`gui` |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` |`json` |`[{"HostID":"m1","Replica":1},{"HostID":"m2", "Replica":2}]` -| +|`HostID`: the host ID; `Replica`: the GraphStudio replica server id. |GUI.ClientIdleTimeSec |The maximum idle time of client-side GraphStudio and AdminPortal before inactivity logout |`604800` @@ -1231,7 +1231,7 @@ System.LogRoot) of log directory for Informant |`informant` |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` |`json` |`[{"HostID":"m1","Replica":1},{"HostID":"m2", "Replica"}]` -| +|`HostID`: the host ID; `Replica`: the Informant replica server id. |Informant.DBRelativePath |The relative path (to the System.DataRoot) of informant database source folder |`informant/db` @@ -1298,7 +1298,7 @@ System.LogRoot) of log directory for Kafka |`kafka` |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` |`json` |`[{"HostID":"m1","Partition":0,"Replica":1},{HostID: "m2", Replica: 2}]` -| +|`HostID`: the host ID; `Replica`: the Kafka replica server id. |Kafka.DataRelativePath |The data dir of kafka under $DataRoot |`kafka` |`string` @@ -1414,7 +1414,7 @@ System.LogRoot) of log directory for Kafka connect |`kafkaconn` |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` |`json` |`[{"HostID":"m1","Replica":1},{"HostID":"m2", "Replica":2}]` -| +|`HostID`: the host ID; `Replica`: the Kafka connect replica server id. |KafkaConnect.MaxMemorySizeMB @@ -1604,7 +1604,7 @@ LoadingLog |`[{"HostID":"m1","Partition":1,"Replica":0},{"HostID":"m2","Partition":2,"Replica":0}]` |`json` |`[{"HostID":"m1","Partition":1},{"HostID":"m2","Partition":2}]` -| +|`HostID`: the host ID; `Replica`: the Kafka stream replica server id. |KafkaStreamLL.MaxPartitionFetchBytes |Max partition fetch bytes size |`104857600` @@ -1670,7 +1670,7 @@ System.LogRoot) of log directory for Nginx |`nginx` |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` |`json` |`[{"HostID":"m1","Replica":1},{"HostID":"m2","Replica":2}]` -| +|`HostID`: the host ID; `Replica`: the Nginx replica server id. |Nginx.ClientMaxBodySize |The maximum request size for Nginx in MB |`200` @@ -1696,7 +1696,7 @@ keywords(string like *UPPER_CASE*) in template.) |`[{"FieldName":"X-Frame-Options","FieldValue":"SAMEORIGIN"}]` |`json` |`[{"FieldName":"X-Frame-Options","FieldValue":"SAMEORIGIN"}]` -| +| `FieldName`: indicating head name; `FieldValue`: the value of this head. |Nginx.SSL.Cert |Public certificate for SSL. (Could use @cert_file_path to parse the certificate from file) |`nan` @@ -1768,8 +1768,8 @@ System.LogRoot) of log directory for RESTPP |`restpp` |RESTPP.BasicConfig.Nodes |The node list for RESTPP |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` |`json` -|`[{"HostID":"m1", "Replica":1},{"HostID":"m2"}, "Replica":2}]` -| +|`[{"HostID":"m1", "Replica":1},{"HostID":"m2", "Replica":2}]` +|`HostID`: the host ID; `Replica`: the RestApp replica server id. |RESTPP.FCGISocketBackLogMaxCnt |RESTPP fcgi socket backlog max length which is the listen queue depth used in the listen() call. |`36864` From be0e01e460a0b11fc5382b9c0ec59546f52d0995 Mon Sep 17 00:00:00 2001 From: zhihuapeng-tg Date: Mon, 2 Sep 2024 22:57:38 +0800 Subject: [PATCH 26/26] update JSON description --- .../reference/pages/configuration-parameters.adoc | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/reference/pages/configuration-parameters.adoc b/modules/reference/pages/configuration-parameters.adoc index 105491d7..c4486e8c 100644 --- a/modules/reference/pages/configuration-parameters.adoc +++ b/modules/reference/pages/configuration-parameters.adoc @@ -363,9 +363,9 @@ System.LogRoot) of log directory for Executor |`executor` |Executor.BasicConfig.Nodes |The nodes to deploy Executors |`[{"HostID":"m1","Partition":1,"Replica":0},{"HostID":"m2","Partition":2,"Replica":0}]` -|`string` +|`json` |`[{"HostID":"m1","Partition":1},{"HostID":"m2","Partition":2}]` -| +|`HostID`: the host ID; Partition: the partition id of the Executors. |Executor.DataRelativePath |The data dir of executor under $DataRoot |`executor` @@ -549,9 +549,9 @@ System.LogRoot) of log directory for GPE |`gpe` |GPE.BasicConfig.Nodes |The node list for GPE |`[{"HostID":"m1","Partition":1,"Replica":1},{"HostID":"m2","Partition":1,"Replica":2}]` -|`string` +|`json` |`[{"HostID":"m1","Partition":1,"Replica":1},{"HostID":"m2","Partition":1,"Replica":2}]` -| +|`HostID`: the host ID; `Partition`: the partition id of GPE data; `Replica`: the GPE replica server id. |GPE.Disk.CompressMethod |The compression method of GPE disk data |`nan` |`string` @@ -2585,9 +2585,9 @@ System.LogRoot) of log directory for ZK |`zk` |ZK.BasicConfig.Nodes |The node list for Zookeeper |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` -|`string` +|`json` |`[{"HostID":"m1","Partition":0,"Replica":1},{"HostID":"m2","Partition":0,"Replica":2}]` -| +|`HostID`: the host ID; `Replica`: the Zookeeper replica server id. |ZK.DataRelativePath |The data dir of zookeeper under $DataRoot |`zk` |`string`