1 | # Cloud Elements On-Prem Config File
|
2 |
|
3 | This document describes the On-Prem Connector
|
4 | [toml](https://github.com/toml-lang/toml) config file, which lives on
|
5 | both the client and server. When the On-Prem Connector starts up (either
|
6 | the client or server), it will create a file with default values if one
|
7 | does not already exist. The 'init' command for both `petit-server` and
|
8 | `petit-client` will do nothing but create this file.
|
9 |
|
10 | All client and server commands, and the clientd and serverd daemons
|
11 | themselves, accept a `-c {path}` command-line option to specify a config
|
12 | file. Otherwise, the default `{user_home}/.petit/config.toml` will be
|
13 | used.
|
14 |
|
15 | ### Server
|
16 |
|
17 | The server section of the config file is used only by `petit-server` or
|
18 | `petit-serverd`, and is indicated by the section headers
|
19 |
|
20 | [server]
|
21 | [server.vitae]
|
22 |
|
23 | #### Section `[server]`
|
24 |
|
25 | The `[server]` section has only five properies:
|
26 |
|
27 | * `proxyPort`: This is the port where the petit server will listen to
|
28 | HTTP requests, which it will then forward to the proper proxied port.
|
29 | `8090` is the default.
|
30 |
|
31 | * `secureProxyPort`: Similar to `proxyPort`, this is the port where the
|
32 | petit server will listen to HTTPS requests, which it will then forward
|
33 | to the proper proxied port. `8453` is the default.
|
34 |
|
35 | * `backPort`: This server port listens for client backchannel
|
36 | communication; it should match the `backPort` value in the clients
|
37 | which wish to talk to this server. `3014` is the default.
|
38 |
|
39 | * `listenPort`: The server will listen to commands on this port
|
40 | (`petit-server` will send commands to this port on localhost). This
|
41 | should be an open port on the server: `3016` is the default.
|
42 |
|
43 | * `registryfile`: The server maintains a table of all registered
|
44 | clients, and the keys and ports for each. This file is where the
|
45 | table is stored.
|
46 |
|
47 | Like all file properties, it can start with `./` or `../` to indicate
|
48 | a path relative to the config file itself. `./registry` is the
|
49 | default. The registry file is a JSON file kept up-to-date by the
|
50 | serverd process. It looks something like this:
|
51 |
|
52 | {
|
53 | "version": 1,
|
54 | "maxRegisteredId": 1005,
|
55 | "maxRegisteredPort": 11085,
|
56 | "registeredIds": {
|
57 | "1001": {
|
58 | "port": 11081,
|
59 | "key": "(...public key data...)",
|
60 | "vitae": {
|
61 | "ip": "::ffff:127.0.0.1"
|
62 | }
|
63 | }
|
64 | }
|
65 | }
|
66 |
|
67 | #### Section `[server.vitae]`
|
68 |
|
69 | The `[server.vitae]` section contains information about the server's
|
70 | environment which is sent to each client. It currently has two useful
|
71 | properties:
|
72 |
|
73 | * `environment`: This is the name of the environment type. It is
|
74 | generally a simple lower-case identifying string such as `"local"`,
|
75 | `"staging"` or `"production"`, etc.
|
76 |
|
77 | * `endpoint`: This is the http or https endpoint that would be used to
|
78 | connect to a particular client, and should be a URL that reaches
|
79 | the server. The exact string `REGID` is used in place of the client's
|
80 | registration ID. For example:
|
81 | `https://REGID.g2c-staging.cloud-elements.com` could be used on the
|
82 | staging Ground2Cloud server.
|
83 |
|
84 | #### Additional Values
|
85 |
|
86 | In addition to these properties, there are some values that are fixed:
|
87 | they don't show up in the config file, nor can they be altered:
|
88 |
|
89 | * `./patches`: The location where the server stores its patches. The
|
90 | `index.json` file here lists where all the patches are.
|
91 |
|
92 | * `./server.lock` is the name of the file which is used to ensure that
|
93 | only one server daemon is running at a time. It is a zero-byte file
|
94 | whose mere existance indicates that a server is running.
|
95 |
|
96 | * `./server.pid` is a JSON file whose contents contain the PID and
|
97 | listen port of the currently running server daemon, like this:
|
98 |
|
99 | {"pid":46510,"listen":3016}
|
100 |
|
101 | Under normal circumstances, this file will exist if and only if its
|
102 | sibling `./server.lock` also exists.
|
103 |
|
104 | * `./logs/server.log` is the log file where logs are stored. This contains
|
105 | all logging and debugging info for particular server runs. While not
|
106 | strictly a JSON file, it is a
|
107 | [winston](https://github.com/winstonjs/winston)-style JSON log output.
|
108 | For example:
|
109 |
|
110 | {"address":"::","family":"IPv6","port":3016,"level":"info","message":"Command listening on","timestamp":"2016-01-22T21:09:24.295Z"}
|
111 | {"address":"::","family":"IPv6","port":3014,"level":"info","message":"Backchannel listening on","timestamp":"2016-01-22T21:09:24.298Z"}
|
112 | {"level":"info","message":"Proxy connected.","timestamp":"2016-01-22T21:09:24.299Z"}
|
113 |
|
114 | To minimize storage footprint, if the log exceeds 50,000 bytes, then a
|
115 | new log file is started, and the previous one will be suffixed with a
|
116 | counter (e.g. `./server1.log`), and only the last three log files will
|
117 | be kept.
|
118 |
|
119 | * `./certificates`: only if this directory exists and contains the three
|
120 | files `server.key`, `server.crt` and `ca.bundle` (all PEM key/cert
|
121 | files) will HTTPS requests be serviced at `secureProxyPort`.
|
122 |
|
123 | ### Client
|
124 |
|
125 | The client section of the config file is used only by `petit-client` or
|
126 | `petit-clientd`, and is indicated by the section headers
|
127 |
|
128 | [client]
|
129 | [client.vitae]
|
130 | [client.local]
|
131 |
|
132 | #### Section `[client]`
|
133 |
|
134 | The `[client]` header indicates general-purpose values for the client to
|
135 | start up.
|
136 |
|
137 | * `host`: The hostname of where the server is located. `localhost` is
|
138 | a good default for testing, but this should be changed to a valid
|
139 | server host in most environments.
|
140 |
|
141 | * `port`: The active _sshd_ port on the server. This should almost
|
142 | always be set to `22`, the default value.
|
143 |
|
144 | * `backPort`: The active _backchannel_ port on the server. This should
|
145 | match the `backPort` value on the server: default is `3014`.
|
146 |
|
147 | * `username`: The ssh username to connect to. In most situations, this
|
148 | should match the username the petit server is running as.
|
149 |
|
150 | * `listenPort`: The client will listen to commands on this port
|
151 | (`petit-client` will send commands to this port on localhost). This
|
152 | should be an open port on the server: `3015` is usually a good
|
153 | default.
|
154 |
|
155 | * `logLevel`: The startup log level, which must be one of `"warn"`,
|
156 | `"info"` or `"debug"`. This level takes effect immediately at startup.
|
157 | Runtime changes to the logging level (for example with `petit-client
|
158 | log [level]`) aren't permanent, since they don't save to the config
|
159 | file.
|
160 |
|
161 | * `bindAddr`: This specifies the client-specified Bind Address property
|
162 | of the reverse SSH tunnel, which determines what address connections
|
163 | are allowed to connect. The default is `0.0.0.0`, which permits all
|
164 | IPv4 addresses. Other values could be `localhost`, which permits only
|
165 | local connections (useful if you want to secure access via the HTTP
|
166 | proxy only); `::` to permit any IPv6 connection; or any specific IP to
|
167 | limit connections there.
|
168 |
|
169 | #### Section `[client.vitae]`
|
170 |
|
171 | The `[client.vitae]` section contains information about the client's
|
172 | environment which is sent to the server. It currently has two useful
|
173 | properties:
|
174 |
|
175 | * `brand`: This is the name of the brand for "branded" clients, and is
|
176 | usually set to the customer name who is using the G2C client (e.g.
|
177 | `"swiftpage"`). Evaluation or Cloud-Elements branded clients should
|
178 | use the value `"ce"`.
|
179 |
|
180 | * `bundle`: Set to `"quickbooks"` for client applications distributed in
|
181 | the QuickBooks-bundled installer. Do not include at all for the
|
182 | unbundled version.
|
183 |
|
184 | #### Section `[client.local]`
|
185 |
|
186 | The `[client.local]` section has values that correspond to the local
|
187 | service which a cloud element instance connects to. There are only two
|
188 | properties:
|
189 |
|
190 | * `host`: The hostname where the local service lives. `localhost` is a
|
191 | good default, since the On-Prem Connector is often installed on the
|
192 | same machine as the local service. However, any reachable hostname can
|
193 | be used, if for example, you want the On-Prem Connector to live in a
|
194 | different intranet zone.
|
195 |
|
196 | * `port`: The port where local service is reached. The default of `8080`
|
197 | is appropriate for other Cloud Elements connection services (for
|
198 | example, the native QuickBooks connector runs on port 8080), but might
|
199 | be changed for other services.
|
200 |
|
201 | These `[client.local]` values may be overriden per-tenant in each
|
202 | tenant's own `config.toml` file, which contains its own `[local]`
|
203 | section with a `host` and `port` value.
|
204 |
|
205 | #### Additional Values
|
206 |
|
207 | In addition to these properties, there are some values that are fixed:
|
208 | they don't show up in the config file, nor can they be altered:
|
209 |
|
210 | * `./key`: The location of the client's private key. The `register`
|
211 | command, if successful, may write the key to this path, and the
|
212 | key will be used both for the initial backchannel handshake and ssh
|
213 | login when petit starts.
|
214 |
|
215 | * `./tenants`: The location of the tenant registration, which has a
|
216 | a list of directories, each of which has its own registration file.
|
217 |
|
218 | * `./upgrades`: A directory where the client temporarily stores
|
219 | downloaded patches to run.
|
220 |
|
221 | * `./client.lock` is the name of the file which is used to ensure that
|
222 | only one client daemon is running at a time. It is a zero-byte file
|
223 | whose mere existance indicates that a client is running.
|
224 |
|
225 | * `./client.pid` is a JSON file whose contents contain the PID and
|
226 | listen port of the currently running client daemon, like this:
|
227 |
|
228 | {"pid":46510,"listen":3016}
|
229 |
|
230 | Under normal circumstances, this file will exist if and only if its
|
231 | sibling `./client.lock` also exists.
|
232 |
|
233 | * `./client.log` is the log file where logs are stored. This contains
|
234 | all logging and debugging info for particular client runs. While not
|
235 | strictly a JSON file, it is a
|
236 | [winston](https://github.com/winstonjs/winston)-style JSON log output.
|
237 | For example:
|
238 |
|
239 | {"address":"::","family":"IPv6","port":3015,"level":"info","message":"Command listening on","timestamp":"2016-01-22T18:55:24.259Z"}
|
240 | {"level":"info","message":"Client listening.","timestamp":"2016-01-22T18:55:24.260Z"}
|
241 | {"level":"warn","message":"Unable to connect to server at \"localhost:3014\".","timestamp":"2016-01-22T18:55:24.266Z"}
|
242 | {"level":"info","message":"Client closed.","timestamp":"2016-01-22T18:55:24.266Z"}
|
243 | {"level":"info","message":"Backchannel closed.","timestamp":"2016-01-22T18:55:24.266Z"}
|
244 |
|
245 | To minimize the installation footprint, if the log exceeds 50,000
|
246 | bytes, then a new log file is started, and the previous one will be
|
247 | suffixed with a counter (e.g. `./client1.log`), and only the last
|
248 | three log files will be kept.
|
249 |
|