UNPKG

cloudelements-petit/doc/config.md

Version:

10.4 kBMarkdownView Raw

1# Cloud Elements On-Prem Config File
2
3This document describes the On-Prem Connector
4[toml](https://github.com/toml-lang/toml) config file, which lives on
5both the client and server. When the On-Prem Connector starts up (either
6the client or server), it will create a file with default values if one
7does not already exist. The 'init' command for both `petit-server` and
8`petit-client` will do nothing but create this file.
9
10All client and server commands, and the clientd and serverd daemons
11themselves, accept a `-c {path}` command-line option to specify a config
12file. Otherwise, the default `{user_home}/.petit/config.toml` will be
13used.
14
15### Server
16
17The server section of the config file is used only by `petit-server` or
18`petit-serverd`, and is indicated by the section headers
19
20    [server]
21    [server.vitae]
22
23#### Section `[server]`
24
25The `[server]` section has only five properies:
26
27* `proxyPort`: This is the port where the petit server will listen to
28  HTTP requests, which it will then forward to the proper proxied port.
29  `8090` is the default.
30
31* `secureProxyPort`: Similar to `proxyPort`, this is the port where the
32  petit server will listen to HTTPS requests, which it will then forward
33  to the proper proxied port. `8453` is the default.
34
35* `backPort`: This server port listens for client backchannel
36  communication; it should match the `backPort` value in the clients
37  which wish to talk to this server. `3014` is the default.
38
39* `listenPort`: The server will listen to commands on this port
40  (`petit-server` will send commands to this port on localhost). This
41  should be an open port on the server: `3016` is the default.
42
43* `registryfile`: The server maintains a table of all registered
44  clients, and the keys and ports for each. This file is where the
45  table is stored.
46
47  Like all file properties, it can start with `./` or `../` to indicate
48  a path relative to the config file itself. `./registry` is the
49  default. The registry file is a JSON file kept up-to-date by the
50  serverd process. It looks something like this:
51
52      {
53        "version": 1,
54        "maxRegisteredId": 1005,
55        "maxRegisteredPort": 11085,
56        "registeredIds": {
57          "1001": {
58            "port": 11081,
59            "key": "(...public key data...)",
60            "vitae": {
61              "ip": "::ffff:127.0.0.1"
62            }
63          }
64        }
65      }
66
67#### Section `[server.vitae]`
68
69The `[server.vitae]` section contains information about the server's
70environment which is sent to each client. It currently has two useful
71properties:
72
73* `environment`: This is the name of the environment type. It is
74  generally a simple lower-case identifying string such as `"local"`,
75  `"staging"` or `"production"`, etc.
76
77* `endpoint`: This is the http or https endpoint that would be used to
78  connect to a particular client, and should be a URL that reaches
79  the server. The exact string `REGID` is used in place of the client's
80  registration ID. For example:
81  `https://REGID.g2c-staging.cloud-elements.com` could be used on the
82  staging Ground2Cloud server.
83
84#### Additional Values
85
86In addition to these properties, there are some values that are fixed:
87they don't show up in the config file, nor can they be altered:
88
89* `./patches`: The location where the server stores its patches. The
90  `index.json` file here lists where all the patches are.
91
92* `./server.lock` is the name of the file which is used to ensure that
93  only one server daemon is running at a time. It is a zero-byte file
94  whose mere existance indicates that a server is running.
95
96* `./server.pid` is a JSON file whose contents contain the PID and
97  listen port of the currently running server daemon, like this:
98
99      {"pid":46510,"listen":3016}
100
101  Under normal circumstances, this file will exist if and only if its
102  sibling `./server.lock` also exists.
103
104* `./logs/server.log` is the log file where logs are stored. This contains
105  all logging and debugging info for particular server runs. While not
106  strictly a JSON file, it is a
107  [winston](https://github.com/winstonjs/winston)-style JSON log output.
108  For example:
109
110      {"address":"::","family":"IPv6","port":3016,"level":"info","message":"Command listening on","timestamp":"2016-01-22T21:09:24.295Z"}
111      {"address":"::","family":"IPv6","port":3014,"level":"info","message":"Backchannel listening on","timestamp":"2016-01-22T21:09:24.298Z"}
112      {"level":"info","message":"Proxy connected.","timestamp":"2016-01-22T21:09:24.299Z"}
113
114  To minimize storage footprint, if the log exceeds 50,000 bytes, then a
115  new log file is started, and the previous one will be suffixed with a
116  counter (e.g. `./server1.log`), and only the last three log files will
117  be kept.
118
119* `./certificates`: only if this directory exists and contains the three
120  files `server.key`, `server.crt` and `ca.bundle` (all PEM key/cert
121  files) will HTTPS requests be serviced at `secureProxyPort`.
122
123### Client
124
125The client section of the config file is used only by `petit-client` or
126`petit-clientd`, and is indicated by the section headers
127
128    [client]
129    [client.vitae]
130    [client.local]
131
132#### Section `[client]`
133
134The `[client]` header indicates general-purpose values for the client to
135start up.
136
137* `host`: The hostname of where the server is located. `localhost` is
138  a good default for testing, but this should be changed to a valid
139  server host in most environments.
140
141* `port`: The active _sshd_ port on the server. This should almost
142  always be set to `22`, the default value.
143
144* `backPort`: The active _backchannel_ port on the server. This should
145  match the `backPort` value on the server: default is `3014`.
146
147* `username`: The ssh username to connect to. In most situations, this
148  should match the username the petit server is running as.
149
150* `listenPort`: The client will listen to commands on this port
151  (`petit-client` will send commands to this port on localhost). This
152  should be an open port on the server: `3015` is usually a good
153  default.
154
155* `logLevel`: The startup log level, which must be one of `"warn"`,
156  `"info"` or `"debug"`. This level takes effect immediately at startup.
157  Runtime changes to the logging level (for example with `petit-client
158  log [level]`) aren't permanent, since they don't save to the config
159  file.
160
161* `bindAddr`: This specifies the client-specified Bind Address property
162  of the reverse SSH tunnel, which determines what address connections
163  are allowed to connect. The default is `0.0.0.0`, which permits all
164  IPv4 addresses. Other values could be `localhost`, which permits only
165  local connections (useful if you want to secure access via the HTTP
166  proxy only); `::` to permit any IPv6 connection; or any specific IP to
167  limit connections there.
168
169#### Section `[client.vitae]`
170
171The `[client.vitae]` section contains information about the client's
172environment which is sent to the server. It currently has two useful
173properties:
174
175* `brand`: This is the name of the brand for "branded" clients, and is
176  usually set to the customer name who is using the G2C client (e.g.
177  `"swiftpage"`). Evaluation or Cloud-Elements branded clients should
178  use the value `"ce"`.
179
180* `bundle`: Set to `"quickbooks"` for client applications distributed in
181  the QuickBooks-bundled installer. Do not include at all for the
182  unbundled version.
183
184#### Section `[client.local]`
185
186The `[client.local]` section has values that correspond to the local
187service which a cloud element instance connects to. There are only two
188properties:
189
190* `host`: The hostname where the local service lives. `localhost` is a
191  good default, since the On-Prem Connector is often installed on the
192  same machine as the local service. However, any reachable hostname can
193  be used, if for example, you want the On-Prem Connector to live in a
194  different intranet zone.
195
196* `port`: The port where local service is reached. The default of `8080`
197  is appropriate for other Cloud Elements connection services (for
198  example, the native QuickBooks connector runs on port 8080), but might
199  be changed for other services.
200
201These `[client.local]` values may be overriden per-tenant in each
202tenant's own `config.toml` file, which contains its own `[local]`
203section with a `host` and `port` value.
204
205#### Additional Values
206
207In addition to these properties, there are some values that are fixed:
208they don't show up in the config file, nor can they be altered:
209
210* `./key`: The location of the client's private key. The `register`
211  command, if successful, may write the key to this path, and the
212  key will be used both for the initial backchannel handshake and ssh
213  login when petit starts.
214
215* `./tenants`: The location of the tenant registration, which has a
216  a list of directories, each of which has its own registration file.
217
218* `./upgrades`: A directory where the client temporarily stores
219  downloaded patches to run.
220
221* `./client.lock` is the name of the file which is used to ensure that
222  only one client daemon is running at a time. It is a zero-byte file
223  whose mere existance indicates that a client is running.
224
225* `./client.pid` is a JSON file whose contents contain the PID and
226  listen port of the currently running client daemon, like this:
227
228      {"pid":46510,"listen":3016}
229
230  Under normal circumstances, this file will exist if and only if its
231  sibling `./client.lock` also exists.
232
233* `./client.log` is the log file where logs are stored. This contains
234  all logging and debugging info for particular client runs. While not
235  strictly a JSON file, it is a
236  [winston](https://github.com/winstonjs/winston)-style JSON log output.
237  For example:
238
239      {"address":"::","family":"IPv6","port":3015,"level":"info","message":"Command listening on","timestamp":"2016-01-22T18:55:24.259Z"}
240      {"level":"info","message":"Client listening.","timestamp":"2016-01-22T18:55:24.260Z"}
241      {"level":"warn","message":"Unable to connect to server at \"localhost:3014\".","timestamp":"2016-01-22T18:55:24.266Z"}
242      {"level":"info","message":"Client closed.","timestamp":"2016-01-22T18:55:24.266Z"}
243      {"level":"info","message":"Backchannel closed.","timestamp":"2016-01-22T18:55:24.266Z"}
244
245  To minimize the installation footprint, if the log exceeds 50,000
246  bytes, then a new log file is started, and the previous one will be
247  suffixed with a counter (e.g. `./client1.log`), and only the last
248  three log files will be kept.
249

1	`# Cloud Elements On-Prem Config File`
2
3	`This document describes the On-Prem Connector`
4	`[toml](https://github.com/toml-lang/toml) config file, which lives on`
5	`both the client and server. When the On-Prem Connector starts up (either`
6	`the client or server), it will create a file with default values if one`
7	does not already exist. The 'init' command for both `petit-server` and
8	`petit-client` will do nothing but create this file.
9
10	`All client and server commands, and the clientd and serverd daemons`
11	themselves, accept a `-c {path}` command-line option to specify a config
12	file. Otherwise, the default `{user_home}/.petit/config.toml` will be
13	`used.`
14
15	`### Server`
16
17	The server section of the config file is used only by `petit-server` or
18	`petit-serverd`, and is indicated by the section headers
19
20	`[server]`
21	`[server.vitae]`
22
23	#### Section `[server]`
24
25	The `[server]` section has only five properies:
26
27	* `proxyPort`: This is the port where the petit server will listen to
28	`HTTP requests, which it will then forward to the proper proxied port.`
29	`8090` is the default.
30
31	* `secureProxyPort`: Similar to `proxyPort`, this is the port where the
32	`petit server will listen to HTTPS requests, which it will then forward`
33	to the proper proxied port. `8453` is the default.
34
35	* `backPort`: This server port listens for client backchannel
36	communication; it should match the `backPort` value in the clients
37	which wish to talk to this server. `3014` is the default.
38
39	* `listenPort`: The server will listen to commands on this port
40	(`petit-server` will send commands to this port on localhost). This
41	should be an open port on the server: `3016` is the default.
42
43	* `registryfile`: The server maintains a table of all registered
44	`clients, and the keys and ports for each. This file is where the`
45	`table is stored.`
46
47	Like all file properties, it can start with `./` or `../` to indicate
48	a path relative to the config file itself. `./registry` is the
49	`default. The registry file is a JSON file kept up-to-date by the`
50	`serverd process. It looks something like this:`
51
52	`{`
53	`"version": 1,`
54	`"maxRegisteredId": 1005,`
55	`"maxRegisteredPort": 11085,`
56	`"registeredIds": {`
57	`"1001": {`
58	`"port": 11081,`
59	`"key": "(...public key data...)",`
60	`"vitae": {`
61	`"ip": "::ffff:127.0.0.1"`
62	`}`
63	`}`
64	`}`
65	`}`
66
67	#### Section `[server.vitae]`
68
69	The `[server.vitae]` section contains information about the server's
70	`environment which is sent to each client. It currently has two useful`
71	`properties:`
72
73	* `environment`: This is the name of the environment type. It is
74	generally a simple lower-case identifying string such as `"local"`,
75	`"staging"` or `"production"`, etc.
76
77	* `endpoint`: This is the http or https endpoint that would be used to
78	`connect to a particular client, and should be a URL that reaches`
79	the server. The exact string `REGID` is used in place of the client's
80	`registration ID. For example:`
81	`https://REGID.g2c-staging.cloud-elements.com` could be used on the
82	`staging Ground2Cloud server.`
83
84	`#### Additional Values`
85
86	`In addition to these properties, there are some values that are fixed:`
87	`they don't show up in the config file, nor can they be altered:`
88
89	* `./patches`: The location where the server stores its patches. The
90	`index.json` file here lists where all the patches are.
91
92	* `./server.lock` is the name of the file which is used to ensure that
93	`only one server daemon is running at a time. It is a zero-byte file`
94	`whose mere existance indicates that a server is running.`
95
96	* `./server.pid` is a JSON file whose contents contain the PID and
97	`listen port of the currently running server daemon, like this:`
98
99	`{"pid":46510,"listen":3016}`
100
101	`Under normal circumstances, this file will exist if and only if its`
102	sibling `./server.lock` also exists.
103
104	* `./logs/server.log` is the log file where logs are stored. This contains
105	`all logging and debugging info for particular server runs. While not`
106	`strictly a JSON file, it is a`
107	`[winston](https://github.com/winstonjs/winston)-style JSON log output.`
108	`For example:`
109
110	`{"address":"::","family":"IPv6","port":3016,"level":"info","message":"Command listening on","timestamp":"2016-01-22T21:09:24.295Z"}`
111	`{"address":"::","family":"IPv6","port":3014,"level":"info","message":"Backchannel listening on","timestamp":"2016-01-22T21:09:24.298Z"}`
112	`{"level":"info","message":"Proxy connected.","timestamp":"2016-01-22T21:09:24.299Z"}`
113
114	`To minimize storage footprint, if the log exceeds 50,000 bytes, then a`
115	`new log file is started, and the previous one will be suffixed with a`
116	counter (e.g. `./server1.log`), and only the last three log files will
117	`be kept.`
118
119	* `./certificates`: only if this directory exists and contains the three
120	files `server.key`, `server.crt` and `ca.bundle` (all PEM key/cert
121	files) will HTTPS requests be serviced at `secureProxyPort`.
122
123	`### Client`
124
125	The client section of the config file is used only by `petit-client` or
126	`petit-clientd`, and is indicated by the section headers
127
128	`[client]`
129	`[client.vitae]`
130	`[client.local]`
131
132	#### Section `[client]`
133
134	The `[client]` header indicates general-purpose values for the client to
135	`start up.`
136
137	* `host`: The hostname of where the server is located. `localhost` is
138	`a good default for testing, but this should be changed to a valid`
139	`server host in most environments.`
140
141	* `port`: The active _sshd_ port on the server. This should almost
142	always be set to `22`, the default value.
143
144	* `backPort`: The active _backchannel_ port on the server. This should
145	match the `backPort` value on the server: default is `3014`.
146
147	* `username`: The ssh username to connect to. In most situations, this
148	`should match the username the petit server is running as.`
149
150	* `listenPort`: The client will listen to commands on this port
151	(`petit-client` will send commands to this port on localhost). This
152	should be an open port on the server: `3015` is usually a good
153	`default.`
154
155	* `logLevel`: The startup log level, which must be one of `"warn"`,
156	`"info"` or `"debug"`. This level takes effect immediately at startup.
157	Runtime changes to the logging level (for example with `petit-client
158	log [level]`) aren't permanent, since they don't save to the config
159	`file.`
160
161	* `bindAddr`: This specifies the client-specified Bind Address property
162	`of the reverse SSH tunnel, which determines what address connections`
163	are allowed to connect. The default is `0.0.0.0`, which permits all
164	IPv4 addresses. Other values could be `localhost`, which permits only
165	`local connections (useful if you want to secure access via the HTTP`
166	proxy only); `::` to permit any IPv6 connection; or any specific IP to
167	`limit connections there.`
168
169	#### Section `[client.vitae]`
170
171	The `[client.vitae]` section contains information about the client's
172	`environment which is sent to the server. It currently has two useful`
173	`properties:`
174
175	* `brand`: This is the name of the brand for "branded" clients, and is
176	`usually set to the customer name who is using the G2C client (e.g.`
177	`"swiftpage"`). Evaluation or Cloud-Elements branded clients should
178	use the value `"ce"`.
179
180	* `bundle`: Set to `"quickbooks"` for client applications distributed in
181	`the QuickBooks-bundled installer. Do not include at all for the`
182	`unbundled version.`
183
184	#### Section `[client.local]`
185
186	The `[client.local]` section has values that correspond to the local
187	`service which a cloud element instance connects to. There are only two`
188	`properties:`
189
190	* `host`: The hostname where the local service lives. `localhost` is a
191	`good default, since the On-Prem Connector is often installed on the`
192	`same machine as the local service. However, any reachable hostname can`
193	`be used, if for example, you want the On-Prem Connector to live in a`
194	`different intranet zone.`
195
196	* `port`: The port where local service is reached. The default of `8080`
197	`is appropriate for other Cloud Elements connection services (for`
198	`example, the native QuickBooks connector runs on port 8080), but might`
199	`be changed for other services.`
200
201	These `[client.local]` values may be overriden per-tenant in each
202	tenant's own `config.toml` file, which contains its own `[local]`
203	section with a `host` and `port` value.
204
205	`#### Additional Values`
206
207	`In addition to these properties, there are some values that are fixed:`
208	`they don't show up in the config file, nor can they be altered:`
209
210	* `./key`: The location of the client's private key. The `register`
211	`command, if successful, may write the key to this path, and the`
212	`key will be used both for the initial backchannel handshake and ssh`
213	`login when petit starts.`
214
215	* `./tenants`: The location of the tenant registration, which has a
216	`a list of directories, each of which has its own registration file.`
217
218	* `./upgrades`: A directory where the client temporarily stores
219	`downloaded patches to run.`
220
221	* `./client.lock` is the name of the file which is used to ensure that
222	`only one client daemon is running at a time. It is a zero-byte file`
223	`whose mere existance indicates that a client is running.`
224
225	* `./client.pid` is a JSON file whose contents contain the PID and
226	`listen port of the currently running client daemon, like this:`
227
228	`{"pid":46510,"listen":3016}`
229
230	`Under normal circumstances, this file will exist if and only if its`
231	sibling `./client.lock` also exists.
232
233	* `./client.log` is the log file where logs are stored. This contains
234	`all logging and debugging info for particular client runs. While not`
235	`strictly a JSON file, it is a`
236	`[winston](https://github.com/winstonjs/winston)-style JSON log output.`
237	`For example:`
238
239	`{"address":"::","family":"IPv6","port":3015,"level":"info","message":"Command listening on","timestamp":"2016-01-22T18:55:24.259Z"}`
240	`{"level":"info","message":"Client listening.","timestamp":"2016-01-22T18:55:24.260Z"}`
241	`{"level":"warn","message":"Unable to connect to server at \"localhost:3014\".","timestamp":"2016-01-22T18:55:24.266Z"}`
242	`{"level":"info","message":"Client closed.","timestamp":"2016-01-22T18:55:24.266Z"}`
243	`{"level":"info","message":"Backchannel closed.","timestamp":"2016-01-22T18:55:24.266Z"}`
244
245	`To minimize the installation footprint, if the log exceeds 50,000`
246	`bytes, then a new log file is started, and the previous one will be`
247	suffixed with a counter (e.g. `./client1.log`), and only the last
248	`three log files will be kept.`
249