How to apply changes to the Server environment
Changes in the server-installation.yaml can be applied by running the install.sh script or the upgrade.sh script. Note that re-running the install.sh script will delete any database information that would have been stored previously.
Required fields in server-installation.yaml
| Variable Name |
Key Value |
Explanation of the Variable and Key Values |
server.host
|
String |
The server.host value needs to start with http:// or https://. The value can be an IP Address or a FQDN. This value needs to match the URL that Developers will use in a browser to access this server. |
server.org_name
|
String |
Used as an identifier for the Organization using vFunction |
server.admin.email
|
String |
Accepted characters include A-Z a-z 0-9 . _ % + - @ |
server.admin.name
|
String |
Used an an identifier for the logged in user in the vFunction Server UI |
server.admin.password
|
String |
Used for the Admin as the password for first logging into the Server UI. The Admin can then change the password from the Server UI if desired. Minimum requirements: 8 characters, lower & uppercase letter, number and a special character ! @ # $ % ^ & |
Sample server-installation.yaml with required fields
server:
host: http://10.0.0.143
org_name: myAppName
admin:
email: charlotte.lee@mycompany.com
name: Charlotte Lee
password: c0mpleX!
smtp:
authentication:
tls:
storage:
measurements:
S3:
networking:
security:
backup:
mysql:
S3:
logging:
monitoring:
custom_labels:
Optional fields in server-installation.yaml
backend.custom_<container>_service_port
| Server-Installation.yaml Configuration |
Details |
backend:
custom_vfapi_idp_service_port: 10001
custom_mysql_service_port: 10002
custom_vfapi_users_service_port: 10003
custom_vfapi_organizations_service_port: 10004
custom_vfapi_measurements_service_port: 10005
custom_vfapi_parser_service_port: 10006
|
The ports used to communicate with each vFunction Container can be customized as needed. The following details outline the default ports:
- vfapi-idp = 8005
- vfapi-measurements = 8003
- vfapi-organizations = 8001
- vfapi-parser = 8002
- vfapi-users = 8004
- mysql = 3306
|
backup.mysql.S3
| Installation.yaml Configuration |
Details |
backup:
mysql:
S3:
bucket: "awsBucket"
key: "awsKey"
secret:"awsSecret"
region: "awsRegion"
|
- The MySQL DB Persistent Volume can be backed up to an AWS S3 bucket if desired
|
logging.syslog
| Installation.yaml Configuration |
Details |
logging:
syslog:
server_host: syslogHost
server_port: 514
|
- Set the logging.syslog.server_host and logging.syslog.server_port to stream logs to an organization's existing syslog server
- To enable this feature, logging.use_fluentd must remain commented out or must be set to true
|
logging.use_fluentd
| Installation.yaml Configuration |
Details |
logging:
use_fluentd: false
|
- By default, this field is commented out. With it commented out, the value is set to TRUE
- Uncommenting this key and value and setting the value to FALSE will ensure that the fluentd driver is not used to fetch the vFunction Server Docker Container logs. Setting the value to FALSE ensures that the logs are not centralized under one filesystem folder
- If disabled, all logs can still be retrieved via "docker logs" commands for each container
|
measurements.S3
monitoring.custom_labels
| Server-Installation.yaml Configuration |
Details |
monitoring:
custom_labels:
- "OwnerContact=charlotte.lee@mycompany.com"
- "TeamName=vFunctionAppModernization"
|
- Used for adding specific details into a Container such as the Container's Owner for security scans
-
The Docker Container will be started with the command:
docker run --name vfunction-monit --label key1=value1 --label key2=value2
|
monitoring.use_monit
| Installation.yaml Configuration |
Details |
monitoring:
use_monit: false
|
- By default, this field is commented out. With it commented out, the value is set to TRUE
- Uncommenting this key and value and setting the value to FALSE will ensure that the vFunction Monit Container is not started for health checking, and reviving when needed, the other vFunction Server Containers
- If disabled, the best way to revive the system is to run upgrade.sh again
|
networking.bind_nginx_host_ip
networking.disable_ipv6
| Server-Installation.yaml Configuration |
Details |
networking:
disable_ipv6: true
|
- Used when IPv6 is disabled for the Docker Network
|
security.custom_containers_user
| Server-Installation.yaml Configuration |
Details |
security:
custom_containers_user: "1501:1501"
|
- Used to define a specific User ID and Group ID that will run the Docker Containers
-
To see the users under which the Docker Containers are run:
docker inspect $(docker ps -q) --format '{(.Config.User)} {(.Name)}'
|
security.custom_docker_binary_path
security.custom_network
| Server-Installation.yaml Configuration |
Details |
security:
custom_network: customNetwork
|
- By default, the installer creates a network called
vFunction for communication between Containers
-
To list all the networks for the Docker Containers, run:
docker network ls
|
security.custom_security_options
| Server-Installation.yaml Configuration |
Details |
security:
custom_security_options: "--security-opt seccomp=/path/to/seccomp/profile.json --cap-drop=all"
|
-
By default, the Docker containers run with the security option:
"--security-opt no-new-privileges --cap-drop=all"
|
server.authentication
| Server-Installation.yaml Configuration |
Details |
server:
authentication:
authority: https://accounts.google.com
client_id: clientID-xyz
client_secret: clientSecret-xyz
jwks_url: https://www.googleapis.com/oauth2/v3/certs
issuer: https://accounts.google.com
|
- By default, a vFunction Server allows users to authenticate with a built-in OAuth username and password workflow
- The authentication subkey is used to change the authentication workflow from this built-in OAuth username and password to integrate with an OpenID Connect identity provider
|
server.smtp
| Server-Installation.yaml Configuration |
Details |
server:
smtp:
user: notifications@mycompany.com
password: my$uperS3cr3t
identity:
url: smtp://smtp.gmail.com:587
|
- The vFunction Server can send notifications about upgrades, about Architectural Observability Events and about user onboarding
- The vFunction Server uses SMTP AUTH (RFC 2554) to send email messages
|
server.tls.use_lets_encrypt
storage.database
| Server-Installation.yaml Configuration |
Details |
storage:
database: /home/USERNAME/vfunction/db/
|
-
By default, the vFunction Server creates a 50gb Docker Volume for database storage in:
- Docker: /var/lib/docker/volumes/mysql_vol/
- Podman: $HOME/.local/share/container/storage/volumes/mysql_vol/
- Use this field to move the database volume storage field to another location where there is more space
- Docker: You will need to change the ownership on the directory you use to 999:999, e.g. chown -R 999:999 /home/USERNAME/vfunction_docker/db/
- Docker: Alternatively, move the Docker Root Directory to change the location of the Docker Volumes
- Podman / UBI: You will need to change the ownership on the directory you use to $SUBUID+27:$SUBGID+27, e.g. chown -R 10027:10027 /home/USERNAME/vfunction_podman/db/
- Podman: Alternatively, move the Podman Storage Root Directory to change the location of the Podman Volumes
|
storage.dm
| Server-Installation.yaml Configuration |
Details |
storage:
dm: /home/USERNAME/vfunction/dm/
|
-
By default, the vFunction Server creates a 50gb Docker Volume for Distributed Application's Measurement storage in:
- Docker: /var/lib/docker/volumes/vfapi_dm_storage_vol/
- Podman: $HOME/.local/share/container/storage/volumes/vfapi_dm_storage_vol/
- Use this field to move the DM volume storage field to another location where there is more space
- Docker: You will need to change the ownership on the directory you use to 1499:1499, e.g. chown -R 1499:1499 /home/USERNAME/vfunction_docker/dm/
- Docker: Alternatively, move the Docker Root Directory to change the location of the Docker Volumes
- Podman / UBI: You will need to change the ownership on the directory you use to $SUBUID+1499:$SUBGID+1499, e.g. chown -R 11499:11499 /home/USERNAME/vfunction_podman/dm/
- Podman: Alternatively, move the Podman Storage Root Directory to change the location of the Podman Volumes
|
storage.measurements
| Server-Installation.yaml Configuration |
Details |
storage:
measurements: /home/USERNAME/vfunction/measurements/
|
-
By default, the vFunction Server creates a 50gb Docker Volume for measurement storage in:
- Docker: /var/lib/docker/volumes/vfapi_measurements_storage_vol/
- Podman: $HOME/.local/share/container/storage/volumes/vfapi_measurements_storage_vol/
- Use this field to move the measurements volume storage field to another location where there is more space
- Docker: You will need to change the ownership on the directory you use to 1500:1500, e.g. chown -R 1500:1500 /home/USERNAME/vfunction/measurements/
- Docker: Alternatively, move the Docker Root Directory to change the location of the Docker Volumes
- Podman / UBI: Additionally, you will need to change the ownership on the directory you use to $SUBUID+1500:$SUBGID+1500, e.g. chown -R 11500:11500 /home/USERNAME/vfunction_podman/measurements/
- Podman: Alternatively, move the Podman Storage Root Directory to change the location of the Podman Volumes
|