Configuration reference | Tarantool
Tooling Tarantool Cluster Manager Configuration reference

Configuration reference

Enterprise Edition

Tarantool Cluster Manager is a part of the Enterprise Edition.

This topic describes configuration parameters of Tarantool Cluster Manager.

There are the following groups of TCM configuration parameters:

The cluster group defines parameters of TCM interaction with connected Tarantool clusters.

cluster.connection-rate-limit

A rate limit for connections to Tarantool instances.


Type: uint
Default: 512
Environment variable: TCM_CLUSTER_CONNECTION_RATE_LIMIT
Command-line option: --cluster.connection-rate-limit
cluster.tarantool-timeout

A timeout for receiving a response from Tarantool instances.


Type: time.Duration
Default: 10s
Environment variable: TCM_CLUSTER_TARANTOOL_TIMEOUT
Command-line option: --cluster.tarantool-timeout
cluster.tarantool-ping-timeout

A timeout for receiving a ping response from Tarantool instances.


Type: time.Duration
Default: 5s
Environment variable: TCM_CLUSTER_TARANTOOL_PING_TIMEOUT
Command-line option: --cluster.tarantool-ping-timeout
cluster.tt-command

The command that runs the tt utility on hosts with cluster instances.


Type: string
Default: tt
Environment variable: TCM_CLUSTER_TT_COMMAND
Command-line option: --cluster.tt-command
cluster.refresh-state-period

The time interval for refreshing the cluster instances state on the Stateboard.


Type: time.Duration
Default: 5s
Environment variable: TCM_CLUSTER_REFRESH_STATE_PERIOD
Command-line option: --cluster.refresh-state-period
cluster.refresh-state-timeout

The time limit for refreshing an instance state. If this limit is reached, an error is shown.


Type: time.Duration
Default: 4s
Environment variable: TCM_CLUSTER_REFRESH_STATE_TIMEOUT
Command-line option: --cluster.refresh-state-timeout
cluster.discovery-period

The time interval for checking the leadership in replica sets.


Type: time.Duration
Default: 4s
Environment variable: TCM_CLUSTER_DISCOVERY_PERIOD
Command-line option: --cluster.discovery-period
cluster.sharding-index

The name of the space field that is used as a sharding key.


Type: string
Default: bucket_id
Environment variable: TCM_CLUSTER_SHARDING_INDEX
Command-line option: --cluster.sharding-index
cluster.skew-time

The maximum time skew between any two cluster instances. If this limit is reached, a warning is shown.


Type: time.Duration
Default: 30s
Environment variable: TCM_CLUSTER_SKEW_TIME
Command-line option: --cluster.skew-time
cluster.fragmentation-threshold

The count of allocated slabs that reflects high memory fragmentation. When this number is reached, a warning is shown.

See also: Storing data with memtx


Type: int
Default: 40
Environment variable: TCM_CLUSTER_FRAGMENTATION_THRESHOLD
Command-line option: --cluster.fragmentation-threshold

The http group defines parameters of HTTP connections between TCM and clients.

http.network

An addressing scheme that TCM uses.

Possible values:

  • tcp: IPv4 address
  • tcp6: IPv6 address
  • unix: Unix domain socket

Type: string
Default: tcp
Environment variable: TCM_HTTP_NETWORK
Command-line option: --http.network
http.host

A host name on which TCM serves.


Type: string
Default: 127.0.0.1
Environment variable: TCM_HTTP_HOST
Command-line option: --http.host
http.port

A port on which TCM serves.


Type: int
Default: 8080
Environment variable: TCM_HTTP_PORT
Command-line option: --http.port
http.request-size

The maximum size (in bytes) of a client HTTP request to TCM.


Type: int64
Default: 1572864
Environment variable: TCM_HTTP_REQUEST_SIZE
Command-line option: --http.request-size
http.websocket.read-buffer-size

The size (in bytes) of the read buffer for WebSocket connections.


Type: int
Default: 16384
Environment variable: TCM_HTTP_WEBSOCKET_READ_BUFFER_SIZE
Command-line option: --http.websocket.read-buffer-size
http.websocket.write-buffer-size

The size (in bytes) of the write buffer for WebSocket connections.


Type: int
Default: 16384
Environment variable: TCM_HTTP_WEBSOCKET_WRITE_BUFFER_SIZE
Command-line option: --http.websocket.write-buffer-size
http.websocket.keepalive-ping-interval

The time interval for sending WebSocket keepalive pings.


Type: time.Duration
Default: 20s
Environment variable: TCM_HTTP_WEBSOCKET_KEEPALIVE_PING_INTERVAL
Command-line option: --http.websocket.keepalive-ping-interval
http.websocket.handshake-timeout

The time limit for completing a WebSocket opening handshake with a client.


Type: time.Duration
Default: 10s
Environment variable: TCM_HTTP_WEBSOCKET_HANDSHAKE_TIMEOUT
Command-line option: --http.websocket.handshake-timeout
http.websocket.init-timeout

The time limit for establishing a WebSocket connection with a client.


Type: time.Duration
Default: 15s
Environment variable: TCM_HTTP_WEBSOCKET_INIT_TIMEOUT
Command-line option: --http.websocket.init-timeout
http.websession-cookie.name

The name of the cookie that TCM sends to clients.

This value is used as the cookie name in the Set-Cookie HTTP response header.


Type: string
Default: tcm
Environment variable: TCM_HTTP_WEBSESSION_COOKIE_NAME
Command-line option: ---http.websession-cookie.name
http.websession-cookie.path

The URL path that must be present in the requested URL in order to send the cookie.

This value is used in the Path attribute of the Set-Cookie HTTP response header.


Type: string
Default: “”
Environment variable: TCM_HTTP_WEBSESSION_COOKIE_PATH
Command-line option: ---http.websession-cookie.path
http.websession-cookie.domain

The domain to which the cookie can be sent.

This value is used in the Domain attribute of the Set-Cookie HTTP response header.


Type: string
Default: “”
Environment variable: TCM_HTTP_WEBSESSION_COOKIE_DOMAIN
Command-line option: ---http.websession-cookie.domain
http.websession-cookie.ttl

The maximum lifetime of the TCM cookie.

This value is used in the Max-Age attribute of the Set-Cookie HTTP response header.


Type: time.Duration
Default: 2h0m0s
Environment variable: TCM_HTTP_WEBSESSION_COOKIE_TTL
Command-line option: ---http.websession-cookie.ttl
http.websession-cookie.secure

Indicates whether the cookie can be sent only over the HTTPS protocol. In this case, it’s never sent over the unencrypted HTTP, therefore preventing man-in-the-middle attacks.

When true, the Secure attribute is added to the Set-Cookie HTTP response header.


Type: bool
Default: false
Environment variable: TCM_HTTP_WEBSESSION_COOKIE_SECURE
Command-line option: ---http.websession-cookie.secure
http.websession-cookie.http-only

Indicates that the cookie can’t be accessed from the JavaScript Document.cookie API. This helps mitigate cross-site scripting attacks.

When true, the HttpOnly attribute is added to the Set-Cookie HTTP response header.


Type: bool
Default: true
Environment variable: TCM_HTTP_WEBSESSION_COOKIE_HTTP_ONLY
Command-line option: ---http.websession-cookie.http-only
http.websession-cookie.same-site

Indicates if it is possible to send the TCM cookie along with cross-site requests. Possible values are the Go’s http.SameSite constants:

  • SameSiteDefaultMode
  • SameSiteLaxMode
  • SameSiteStrictMode
  • SameSiteNoneMode

For details on SameSite modes, see the Set-Cookie header documentation in the MDN web docs.

This value is used in the SameSite attribute of the Set-Cookie HTTP response header.


Type: http.SameSite
Default: SameSiteDefaultMode
Environment variable: TCM_HTTP_WEBSESSION_COOKIE_SAME_SITE
Command-line option: ---http.websession-cookie.same-site
http.cors.enabled

Indicates whether to use the Cross-Origin Resource Sharing (CORS).


Type: bool
Default: false
Environment variable: TCM_HTTP_CORS_ENABLED
Command-line option: --http.cors.enabled
http.cors.allowed-origins

The origins with which the HTTP response can be shared, separated by semicolons.

The specified values are sent in the Access-Control-Allow-Origin HTTP response headers.


Type: []string
Default: []
Environment variable: TCM_HTTP_CORS_ALLOWED_ORIGINS
Command-line option: --http.cors.allowed-origins
http.cors.allowed-methods

HTTP request methods that are allowed when accessing a resource, separated by semicolons.

The specified values are sent in the Access-Control-Allow-Methods HTTP header of a response to a CORS preflight request.


Type: []string
Default: []
Environment variable: TCM_HTTP_CORS_ALLOWED_METHODS
Command-line option: --http.cors.allowed-methods
http.cors.allowed-headers

HTTP headers that are allowed during the actual request, separated by semicolons.

The specified values are sent in the Access-Control-Allow-Headers HTTP header of a response to a CORS preflight request.


Type: []string
Default: []
Environment variable: TCM_HTTP_CORS_ALLOWED_HEADERS
Command-line option: --http.cors.allowed-headers
http.cors.exposed-headers

Response headers that should be made available to scripts running in the browser, in response to a cross-origin request, separated by semicolons.

The specified values are sent in the Access-Control-Expose-Headers HTTP response headers.


Type: []string
Default: []
Environment variable: TCM_HTTP_CORS_EXPOSED_HEADERS
Command-line option: --http.cors.exposed-headers
http.cors.allow-credentials

Whether to expose the response to the frontend JavaScript code when the request’s credentials mode is include.

When true, the Access-Control-Allow-Credentials HTTP response header is sent.


Type: bool
Default: false
Environment variable: TCM_HTTP_CORS_ALLOW_CREDENTIALS
Command-line option: --http.cors.allow-credentials
http.cors.debug

For debug purposes.


Type: bool
Default: false
http.tls.enabled

Indicates whether TLS is enabled for client connections to TCM.


Type: bool
Default: false
Environment variable: TCM_HTTP_TLS_ENABLED
Command-line option: --http.tls.enabled
http.tls.cert-file

A path to a TLS certificate file. Mandatory when TLS is enabled.


Type: string
Default: “”
Environment variable: TCM_HTTP_TLS_CERT_FILE
Command-line option: --http.tls.cert-file
http.tls.key-file

A path to a TLS private key file. Mandatory when TLS is enabled.


Type: string
Default: “”
Environment variable: TCM_HTTP_TLS_KEY_FILE
Command-line option: --http.tls.key-file
http.tls.server

The TLS server.


Type: string
Default: “”
Environment variable: TCM_HTTP_TLS_SERVER
Command-line option: --http.tls.server
http.tls.min-version

The minimum version of the TLS protocol.


Type: uint16
Default: 0
Environment variable: TCM_HTTP_TLS_MIN_VERSION
Command-line option: --http.tls.min-version
http.tls.max-version

The maximum version of the TLS protocol.


Type: uint16
Default: 0
Environment variable: TCM_HTTP_TLS_MAX_VERSION
Command-line option: --http.tls.max-version
http.tls.curve-preferences

Elliptic curves that are used for TLS connections. Possible values are the Go’s tls.CurveID constants:

  • CurveP256
  • CurveP384
  • CurveP521
  • X25519

Type: []tls.CurveID
Default: []
Environment variable: TCM_HTTP_TLS_CURVE_PREFERENCES
Command-line option: --http.tls.curve-preferences
http.tls.cipher-suites

Enabled TLS cipher suites. Possible values are the Golang tls.TLS_* constants.


Type: []uint16
Default: []
Environment variable: TCM_HTTP_TLS_CIPHER_SUITES
Command-line option: --http.tls.cipher-suites
http.read-timeout

A timeout for reading an incoming request.


Type: time.Duration
Default: 30s
Environment variable: TCM_HTTP_READ_TIMEOUT
Command-line option: --http.read-timeout
http.read-header-timeout

A timeout for reading headers of an incoming request.


Type: time.Duration
Default: 30s
Environment variable: TCM_HTTP_READ_HEADER_TIMEOUT
Command-line option: --http.read-header-timeout
http.write-timeout

A timeout for writing a response.


Type: time.Duration
Default: 30s
Environment variable: TCM_HTTP_WRITE_TIMEOUT
Command-line option: --http.write-timeout
http.idle-timeout

The timeout for idle connections.


Type: time.Duration
Default: 30s
Environment variable: TCM_HTTP_IDLE_TIMEOUT
Command-line option: --http.idle-timeout
http.disable-general-options-handler

Whether the client requests with the OPTIONS HTTP method are allowed.


Type: bool
Default: false
Environment variable: TCM_HTTP_DISABLE_GENERAL_OPTIONS_HANDLER
Command-line option: --http.disable-general-options-handler
http.max-header-bytes

The maximum size (in bytes) of a header in a client’s request to TCM.


Type: int
Default: 0
Environment variable: TCM_HTTP_MAX_HEADER_BYTES
Command-line option: --http.max-header-bytes
http.api-timeout

The stateboard update timeout.


Type: time.Duration
Default: 8s
Environment variable: TCM_HTTP_API_TIMEOUT
Command-line option: --http.api-timeout
http.api-update-interval

The stateboard update interval.


Type: time.Duration
Default: 5s
Environment variable: TCM_HTTP_API_UPDATE_INTERVAL
Command-line option: --http.api-update-interval
http.frontend-dir

The directory with custom TCM frontend files (for development purposes).


Type: string
Default: “”
Environment variable: TCM_HTTP_FRONTEND_DIR
Command-line option: --http.frontend-dir
http.show-stack-trace

Whether error stack traces are shown in the web UI.


Type: bool
Default: true
Environment variable: TCM_HTTP_SHOW_STACK_TRACE
Command-line option: --http.show-stack-trace
http.trace

Whether all query tracing information is written in logs.


Type: bool
Default: false
Environment variable: TCM_HTTP_TRACE
Command-line option: --http.trace
http.max-static-size

The maximum size (in bytes) of a static content sent to TCM.


Type: int
Default: 104857600
Environment variable: TCM_HTTP_MAX_STATIC_SIZE
Command-line option: --http.max-static-size
http.graphql.complexity

The maximum complexity of GraphQL queries that TCM processes. If this value is exceeded, TCM returns an error.


Type: int
Default: 40
Environment variable: TCM_HTTP_GRAPHQL_COMPLEXITY
Command-line option: --http.graphql.complexity

The log section defines the TCM logging parameters.

log.default.add-source

Whether sources are added to the TCM log.


Type: bool
Default: false
Environment variable: TCM_LOG_DEFAULT_ADD_SOURCE
Command-line option: --log.default.add-source
log.default.show-stack-trace

Whether stack traces are added to the TCM log.


Type: bool
Default: false
Environment variable: TCM_LOG_DEFAULT_SHOW_STACK_TRACE
Command-line option: --log.default.show-stack-trace
log.default.level

The default TCM logging level.

Possible values:

  • VERBOSE
  • INFO
  • WARN
  • ALARM

Type: string
Default: INFO
Environment variable: TCM_LOG_DEFAULT_LEVEL
Command-line option: --log.default.level
log.default.format

TCM log entries format.

Possible values:

  • struct
  • json

Type: string
Default: struct
Environment variable: TCM_LOG_DEFAULT_FORMAT
Command-line option: --log.default.format
log.default.output

The output used for TCM log.

Possible values:

  • stdout
  • stderr
  • file
  • syslog

Type: string
Default: stdout
Environment variable: TCM_LOG_DEFAULT_OUTPUT
Command-line option: --log.default.output
log.default.no-colorized

Whether the stdout log is not colorized.


Type: bool
Default: false
Environment variable: TCM_LOG_DEFAULT_NO_COLORIZED
Command-line option: --log.default.no-colorized
log.default.file.name

The name of the TCM log file.


Type: string
Default: “”
Environment variable: TCM_LOG_DEFAULT_FILE_NAME
Command-line option: --log.default.file.name
log.default.file.maxsize

The maximum size (in bytes) of the TCM log file.


Type: int
Default: 0
Environment variable: TCM_LOG_DEFAULT_FILE_MAXSIZE
Command-line option: --log.default.file.maxsize
log.default.file.maxage

The maximum age of a TCM log file, in days.


Type: int
Default: 0
Environment variable: TCM_LOG_DEFAULT_FILE_MAXAGE
Command-line option: --log.default.file.maxage
log.default.file.maxbackups

The maximum number of users in TCM.


Type: int
Default: 0
Environment variable: TCM_LOG_DEFAULT_FILE_MAXBACKUPS
Command-line option: --log.default.file.maxbackups
log.default.file.compress

Indicated that TCM compresses log files upon rotation.


Type: bool
Default: false
Environment variable: TCM_LOG_DEFAULT_FILE_COMPRESS
Command-line option: --log.default.file.compress
log.default.syslog.protocol

The network protocol used for connecting to the syslog server. Typically, it’s tcp, udp, or unix. All possible values are listed in the Go’s net.Dial documentation.


Type: string
Default: tcp
Environment variable: TCM_LOG_DEFAULT_SYSLOG_PROTOCOL
Command-line option: --log.default.syslog.protocol
log.default.syslog.output

The syslog server URI.


Type: string
Default: 127.0.0.1:5514
Environment variable: TCM_LOG_DEFAULT_SYSLOG_OUTPUT
Command-line option: --log.default.syslog.output
log.default.syslog.priority

The syslog severity level.


Type: string
Default: “”
Environment variable: TCM_LOG_DEFAULT_SYSLOG_PRIORITY
Command-line option: --log.default.syslog.priority
log.default.syslog.facility

The syslog facility.


Type: string
Default: “”
Environment variable: TCM_LOG_DEFAULT_SYSLOG_FACILITY
Command-line option: --log.default.syslog.facility
log.default.syslog.tag

The syslog tag.


Type: string
Default: “”
Environment variable: TCM_LOG_DEFAULT_SYSLOG_TAG
Command-line option: --log.default.syslog.tag
log.default.syslog.timeout

The timeout for connecting to the syslog server.


Type: time.Duration
Default: 10s
Environment variable: TCM_LOG_DEFAULT_SYSLOG_TIMEOUT
Command-line option: --log.default.syslog.timeout
log.outputs

An array of log outputs that TCM uses in addition to the default one that is defined by the log.default.* parameters. Each array item can include the parameters of the log.default group. If a parameter is skipped, its value is taken from log.default.


Type: []LogOuputConfig
Default: []
Environment variable: TCM_LOG_OUTPUTS
Command-line option: --log-outputs

The storage section defines the parameters of the TCM backend store.

etcd backend store parameters:

Tarantool backend store parameters:

storage.provider

The type of the storage used for storing TCM configuration.

Possible values:

  • etcd
  • tarantool

Type: string
Default: etcd
Environment variable: TCM_STORAGE_PROVIDER
Command-line option: --storage.provider
storage.etcd.prefix

A prefix for the TCM configuration parameters in etcd.


Type: string
Default: “/tcm”
Environment variable: TCM_STORAGE_ETCD_PREFIX
Command-line option: --storage.etcd.prefix
storage.etcd.endpoints

An array of node URIs of the etcd cluster where the TCM configuration is stored, separated by semicolons (;).


Type: []string
Default: [“http://127.0.0.1:2379”]
Environment variable: TCM_STORAGE_ETCD_ENDPOINTS
Command-line option: --storage.etcd.endpoints
storage.etcd.dial-timeout

An etcd dial timeout.


Type: time.Duration
Default: 10s
Environment variable: TCM_STORAGE_ETCD_DIAL_TIMEOUT
Command-line option: --storage.etcd.dial-timeout
storage.etcd.auto-sync-interval

An automated sync interval.


Type: time.Duration
Default: 0 (disabled)
Environment variable: TCM_STORAGE_ETCD_AUTO_SYNC_INTERVAL
Command-line option: --storage.etcd.auto-sync-interval
storage.etcd.dial-keep-alive-time

A dial keep-alive time.


Type: time.Duration
Default: 30s
Environment variable: TCM_STORAGE_ETCD_DIAL_KEEP_ALIVE_TIME
Command-line option: --storage.etcd.dial-keep-alive-time
storage.etcd.dial-keep-alive-timeout

A dial keep-alive timeout.


Type: time.Duration
Default: 30s
Environment variable: TCM_STORAGE_ETCD_DIAL_KEEP_ALIVE_TIMEOUT
Command-line option: --storage.etcd.dial-keep-alive-timeout
storage.etcd.bootstrap-timeout

A bootstrap timeout.


Type: time.Duration
Default: 30s
Environment variable: TCM_STORAGE_ETCD_BOOTSTRAP_TIMEOUT
Command-line option: --storage.etcd.bootstrap-timeout
storage.etcd.max-call-send-msg-size

The maximum size (in bytes) of a transaction between TCM and etcd.


Type: int
Default: 2097152
Environment variable: TCM_STORAGE_ETCD_MAX_CALL_SEND_MSG_SIZE
Command-line option: --storage.etcd.max-call-send-msg-size
storage.etcd.username

A username for accessing the etcd storage.


Type: string
Default: “”
Environment variable: TCM_STORAGE_ETCD_USERNAME
Command-line option: --storage.etcd.username
storage.etcd.password

A password for accessing the etcd storage.


Type: string
Default: “”
Environment variable: TCM_STORAGE_ETCD_PASSWORD
Command-line option: --storage.etcd.password
storage.etcd.password-file

A path to the file with a password for accessing the etcd storage.


Type: string
Default: “”
Environment variable: TCM_STORAGE_ETCD_PASSWORD_FILE
Command-line option: --storage.etcd.password-file
storage.etcd.tls.enabled

Indicates whether TLS is enabled for etcd connections.


Type: bool
Default: false
Environment variable: TCM_STORAGE_ETCD_TLS_ENABLED
Command-line option: --storage.etcd.tls.enabled
storage.etcd.tls.auto

Use generated certificates for etcd connections.


Type: bool
Default: false
Environment variable: TCM_STORAGE_ETCD_TLS_AUTO
Command-line option: --storage.etcd.tls.auto
storage.etcd.tls.cert-file

A path to a TLS certificate file to use for etcd connections.


Type: string
Default: “”
Environment variable: TCM_STORAGE_ETCD_TLS_CERT_FILE
Command-line option: --storage.etcd.tls.cert-file
storage.etcd.tls.key-file

A path to a TLS private key file to use for etcd connections.


Type: string
Default: “”
Environment variable: TCM_STORAGE_ETCD_TLS_KEY_FILE
Command-line option: --storage.etcd.tls.key-file
storage.etcd.tls.trusted-ca-file

A path to a trusted CA certificate file to use for etcd connections.


Type: string
Default: “”
Environment variable: TCM_STORAGE_ETCD_TLS_TRUSTED_CA_FILE
Command-line option: --storage.etcd.tls.trusted-ca-file
storage.etcd.tls.client-cert-auth

Indicates whether client cert authentication is enabled.


Type: bool
Default: false
Environment variable: TCM_STORAGE_ETCD_TLS_CLIENT_CERT_AUTH
Command-line option: --storage.etcd.tls.client-cert-auth
storage.etcd.tls.crl-file

A path to the client certificate revocation list file.


Type: string
Default: “”
Environment variable: TCM_STORAGE_ETCD_TLS_CRL_FILE
Command-line option: --storage.etcd.tls.crl-file
storage.etcd.tls.insecure-skip-verify

Skip checking client certificate in etcd connections.


Type: bool
Default: false
Environment variable: TCM_STORAGE_ETCD_TLS_INSECURE_SKIP_VERIFY
Command-line option: --storage.etcd.tls.insecure-skip-verify
storage.etcd.tls.skip-client-san-verify

Skip verification of SAN field in client certificate for etcd connections.


Type: bool
Default: false
Environment variable: TCM_STORAGE_ETCD_TLS_SKIP_CLIENT_SAN_VERIFY
Command-line option: --storage.etcd.tls.skip-client-san-verify
storage.etcd.tls.server-name

Name of the TLS server for etcd connections.


Type: string
Default: “”
Environment variable: TCM_STORAGE_ETCD_TLS_SERVER_NAME
Command-line option: --storage.etcd.tls.server-name
storage.etcd.tls.cipher-suites

TLS cipher suites for etcd connections. Possible values are the Golang tls.TLS_* constants.


Type: []uint16
Default: []
Environment variable: TCM_STORAGE_ETCD_TLS_CIPHER_SUITES
Command-line option: --storage.etcd.tls.cipher-suites
storage.etcd.tls.allowed-cn

An allowed common name for authentication in etcd connections.


Type: string
Default: “”
Environment variable: TCM_STORAGE_ETCD_TLS_ALLOWED_CN
Command-line option: --storage.etcd.tls.allowed-cn
storage.etcd.tls.allowed-hostname

An allowed TLS certificate name for authentication in etcd connections.


Type: string
Default: “”
Environment variable: TCM_STORAGE_ETCD_TLS_ALLOWED_HOSTNAME
Command-line option: --storage.etcd.tls.allowed-hostname
storage.etcd.tls.empty-cn

Whether the empty common name is allowed in etcd connections.


Type: bool
Default: false
Environment variable: TCM_STORAGE_ETCD_TLS_EMPTY_CN
Command-line option: --storage.etcd.tls.empty-cn
storage.etcd.permit-without-stream

Whether keepalive pings can be send to the etcd server without active streams.


Type: bool
Default: false
Environment variable: TCM_STORAGE_ETCD_PERMIT_WITHOUT_STREAM
Command-line option: --storage.etcd.permit-without-stream

The storage.etcd.embed group defines the configuration of the embedded etcd cluster to use as a TCM backend store. This cluster can be used for development purposes when the production or testing etcd cluster is not available or not needed.

See also Embedded backend store.

storage.tarantool.prefix

A prefix for the TCM configuration parameters in the Tarantool-based configuration storage.


Type: string
Default: “/tcm”
Environment variable: TCM_STORAGE_TARANTOOL_PREFIX
Command-line option: --storage.tarantool.prefix
storage.tarantool.addr

The URI for connecting to the Tarantool-based configuration storage.


Type: string
Default: “unix/:/tmp/tnt_config_instance.sock”
Environment variable: TCM_STORAGE_TARANTOOL_ADDR
Command-line option: --storage.tarantool.addr
storage.tarantool.addrs

An array of the Tarantool-based configuration storage URIs.


Type: []string
Default: [“unix/:/tmp/tnt_config_instance.sock”]
Environment variable: TCM_STORAGE_TARANTOOL_ADDRS
Command-line option: --storage.tarantool.addrs
storage.tarantool.auth

An authentication method for the Tarantool-based configuration storage.

Possible values are the Go’s go-tarantool/Auth constants:

  • AutoAuth (0)
  • ChapSha1Auth
  • PapSha256Auth

Type: int
Default: 0
Environment variable: TCM_STORAGE_TARANTOOL_AUTH
Command-line option: --storage.tarantool.auth
storage.tarantool.timeout

A request timeout for the Tarantool-based configuration storage.

See also go-tarantool.Opts.


Type: time.Duration
Default: 0s
Environment variable: TCM_STORAGE_TARANTOOL_TIMEOUT
Command-line option: --storage.tarantool.timeout
storage.tarantool.reconnect

A timeout between reconnect attempts for the Tarantool-based configuration storage.

See also go-tarantool.Opts.


Type: time.Duration
Default: 0s
Environment variable: TCM_STORAGE_TARANTOOL_RECONNECT
Command-line option: --storage.tarantool.reconnect
storage.tarantool.max-reconnects

The maximum number of reconnect attempts for the Tarantool-based configuration storage.

See also go-tarantool.Opts.


Type: int
Default: 0
Environment variable: TCM_STORAGE_TARANTOOL_MAX_RECONNECTS
Command-line option: --storage.tarantool.max-reconnects
storage.tarantool.username

A username for connecting to the Tarantool-based configuration storage.

See also go-tarantool.Opts.


Type: string
Default: “”
Environment variable: TCM_STORAGE_TARANTOOL_USERNAME
Command-line option: --storage.tarantool.username
storage.tarantool.password

A password for connecting to the Tarantool-based configuration storage.

See also go-tarantool.Opts.


Type: string
Default: “”
Environment variable: TCM_STORAGE_TARANTOOL_PASSWORD
Command-line option: --storage.tarantool.password
storage.tarantool.password-file

A path to the file with a password for connecting to the Tarantool-based configuration storage.


Type: string
Default: “”
Environment variable: TCM_STORAGE_TARANTOOL_PASSWORD_FILE
Command-line option: --storage.tarantool.password-file
storage.tarantool.rate-limit

A rate limit for connecting to the Tarantool-based configuration storage.

See also go-tarantool.Opts.


Type: int
Default: 0
Environment variable: TCM_STORAGE_TARANTOOL_RATE_LIMIT
Command-line option: --storage.tarantool.rate-limit
storage.tarantool.rate-limit-action

An action to perform when the storage.tarantool.rate-limit is reached.

See also go-tarantool.Opts.


Type: int
Default: 0
Environment variable: TCM_STORAGE_TARANTOOL_RATE_LIMIT_ACTION
Command-line option: --storage.tarantool.rate-limit-action
storage.tarantool.concurrency

An amount of separate mutexes for request queues and buffers inside of a connection to the Tarantool TCM configuration storage.

See also go-tarantool.Opts.


Type: int
Default: 0
Environment variable: TCM_STORAGE_TARANTOOL_CONCURRENCY
Command-line option: --storage.tarantool.concurrency
storage.tarantool.skip-schema

Whether the schema is loaded from the Tarantool TCM configuration storage.

See also go-tarantool.Opts.


Type: bool
Default: true
Environment variable: TCM_STORAGE_TARANTOOL_SKIP_SCHEMA
Command-line option: --storage.tarantool.skip-schema
storage.tarantool.transport

The connection type for the Tarantool TCM configuration storage.

See also go-tarantool.Opts.


Type: string
Default: “”
Environment variable: TCM_STORAGE_TARANTOOL_TRANSPORT
Command-line option: --storage.tarantool.transport
storage.tarantool.ssl.key-file

A path to a TLS private key file to use for connecting to the Tarantool TCM configuration storage.

See also: Securing connections with SSL.


Type: string
Default: “”
Environment variable: TCM_STORAGE_TARANTOOL_SSL_KEY_FILE
Command-line option: --storage.tarantool.ssl.key-file
storage.tarantool.ssl.cert-file

A path to an SSL certificate to use for connecting to the Tarantool TCM configuration storage.

See also: Securing connections with SSL.


Type: string
Default: “”
Environment variable: TCM_STORAGE_TARANTOOL_SSL_CERT_FILE
Command-line option: --storage.tarantool.ssl.cert-file
storage.tarantool.ssl.ca-file

A path to a trusted CA certificate to use for connecting to the Tarantool TCM configuration storage.

See also: Securing connections with SSL.


Type: string
Default: “”
Environment variable: TCM_STORAGE_TARANTOOL_SSL_CA_FILE
Command-line option: --storage.tarantool.ssl.ca-file
storage.tarantool.ssl.ciphers

A list of SSL cipher suites that can be used for connecting to the Tarantool TCM configuration storage. Possible values are listed in <uri>.params.ssl_ciphers.

See also: Securing connections with SSL.


Type: string
Default: “”
Environment variable: TCM_STORAGE_TARANTOOL_SSL_CIPHERS
Command-line option: --storage.tarantool.ssl.ciphers
storage.tarantool.ssl.password

A password for an encrypted private SSL key to use for connecting to the Tarantool TCM configuration storage.

See also: Securing connections with SSL.


Type: string
Default: “”
Environment variable: TCM_STORAGE_TARANTOOL_SSL_PASSWORD
Command-line option: --storage.tarantool.ssl.password
storage.tarantool.ssl.password-file

A text file with passwords for encrypted private SSL keys to use for connecting to the Tarantool TCM configuration storage.

See also: Securing connections with SSL.


Type: string
Default: “”
Environment variable: TCM_STORAGE_TARANTOOL_SSL_PASSWORD_FILE
Command-line option: --storage.tarantool.ssl.password-file
storage.tarantool.required-protocol-info.auth

An authentication method for the Tarantool TCM configuration storage.

Possible values are the Go’s go-tarantool/Auth constants:

  • AutoAuth (0)
  • ChapSha1Auth
  • PapSha256Auth

See also go-tarantool.ProtocolInfo.


Type: int
Default: 0
Environment variable: TCM_STORAGE_TARANTOOL_SSL_REQUIRED_PROTOCOL_INFO_AUTH
Command-line option: --storage.tarantool.required-protocol-info.auth
storage.tarantool.required-protocol-info.version

A Tarantool protocol version.

See also go-tarantool.ProtocolInfo.


Type: uint64
Default: 0
Environment variable: TCM_STORAGE_TARANTOOL_SSL_REQUIRED_PROTOCOL_INFO_VERSION
Command-line option: --storage.tarantool.required-protocol-info.version
storage.tarantool.required-protocol-info.features

An array of Tarantool protocol features.

See also go-tarantool.ProtocolInfo.


Type: []int
Default: []
Environment variable: TCM_STORAGE_TARANTOOL_SSL_REQUIRED_PROTOCOL_INFO_FEATURES
Command-line option: --storage.tarantool.required-protocol-info.features

The storage.tarantool.embed group parameters define the configuration of the embedded Tarantool cluster to use as a TCM backend store. This cluster can be used for development purposes when the production or testing cluster is not available or not needed.

See also Embedded backend store.

The addon section defines settings related to TCM add-ons.

addon.enabled

Whether to enable the add-on functionality in TCM.


Type: bool
Default: false
Environment variable: TCM_ADDON_ENABLED
Command-line option: --addon.enabled
addon.addons-dir

The directory from which TCM takes add-ons.


Type: string
Default: addons
Environment variable: TCM_ADDON_ADDONS_DIR
Command-line option: --addon.addons-dir
addon.max-upload-size

The maximum size (in bytes) of addon to upload to TCM.


Type: int64
Default: 104857600
Environment variable: TCM_ADDON_MAX_UPLOAD_SIZE
Command-line option: --addon.max-upload-size
addon.dev-addons-dir

Additional add-on directories for development purposes, separated by semicolons (;).


Type: []string
Default: []
Environment variable: TCM_ADDON_DEV_ADDONS_DIR
Command-line option: --addon.dev-addons-dir

The limits section defines limits on various TCM objects and relations between them.

limits.users-count

The maximum number of users in TCM.


Type: int
Default: 1000
Environment variable: TCM_LIMITS_USERS_COUNT
Command-line option: --limits.users-count
limits.clusters-count

The maximum number of clusters in TCM.


Type: int
Default: 10
Environment variable: TCM_LIMITS_CLUSTERS_COUNT
Command-line option: --limits.clusters-count
limits.roles-count

The maximum number of roles in TCM.


Type: int
Default: 100
Environment variable: TCM_LIMITS_ROLES_COUNT
Command-line option: --limits.roles-count
limits.webhooks-count

The maximum number of webhooks in TCM.


Type: int
Default: 200
Environment variable: TCM_LIMITS_WEBHOOKS_COUNT
Command-line option: --limits.webhooks-count
limits.user-secrets-count

The maximum number secrets that a TCM user can have.


Type: int
Default: 10
Environment variable: TCM_LIMITS_USER_SECRETS_COUNT
Command-line option: --limits.user-secrets-count
limits.user-websessions-count

The maximum number of open sessions that a TCM user can have.


Type: int
Default: 10
Environment variable: TCM_LIMITS_USER_WEBSESSIONS_COUNT
Command-line option: --limits.user-websessions-count
limits.linked-cluster-users

The maximum number of clusters to which a single user can have access.


Type: int
Default: 10
Environment variable: TCM_LIMITS_LINKED_CLUSTER_USERS
Command-line option: --limits.linked-cluster-users

The security section defines the security parameters of TCM.

security.auth

Ways to log into TCM.

Possible values:

  • local
  • ldap

Type: []string
Default: [local]
Environment variable: TCM_SECURITY_AUTH
Command-line option: --security.auth
security.hash-cost

A hash cost for hashing users’ passwords.


Type: int
Default: 12
Environment variable: TCM_SECURITY_HASH_COST
Command-line option: --security.hash-cost
security.encryption-key

An encryption key for passwords used by TCM for accessing Tarantool and etcd clusters.


Type: string
Default: “”
Environment variable: TCM_SECURITY_ENCRYPTION_KEY
Command-line option: --security.encryption-key
security.encryption-key-file

A path to the file with the encryption key for passwords used by TCM for accessing Tarantool and etcd clusters.


Type: string
Default: “”
Environment variable: TCM_SECURITY_ENCRYPTION_KEY_FILE
Command-line option: --security.encryption-key-file
security.bootstrap-password

A password for the first login of the admin user. Only for testing purposes.


Type: string
Default: “”
Environment variable: TCM_SECURITY_BOOTSTRAP_PASSWORD
Command-line option: --security.bootstrap-password
security.bootstrap-api-token

A default API token for the admin user. Only for testing purposes.


Type: string
Default: “”
Environment variable: TCM_SECURITY_BOOTSTRAP_API_TOKEN
Command-line option: --security.bootstrap-api-token
security.integrity-check

Whether to check the digital signature. If true, the error is raised in case an incorrect signature is detected.


Type: bool
Default: false
Environment variable: TCM_SECURITY_INTEGRITY_CHECK
Command-line option: --security.integrity-check
security.signature-private-key-file

A path to a file with the private key to sign TCM data.


Type: string
Default: “”
Environment variable: TCM_SECURITY_SIGNATURE_PRIVATE_KEY_FILE
Command-line option: --security.signature-private-key-file

mode

The TCM mode: production, development, or test.


Type: string
Default: production
Environment variable: TCM_MODE
Command-line option: --mode

The feature section defines the security parameters of TCM.

feature.ttgraph

Whether Tarantool Graph DB integration is enabled.


Type: bool
Default: false
Environment variable: TCM_FEATURE_TTGRAPH
Command-line option: --feature.ttgraph
feature.column-store

Whether Tarantool Column Store integration is enabled.


Type: bool
Default: false
Environment variable: TCM_FEATURE_COLUMN_STORE
Command-line option: --feature.column-store
feature.tqe

Whether Tarantool Queue Enterprise integration is enabled.


Type: bool
Default: false
Environment variable: TCM_FEATURE_TQE
Command-line option: --feature.tqe
feature.api-token

Whether the use of API tokens is enabled.


Type: bool
Default: false
Environment variable: TCM_FEATURE_API_TOKEN
Command-line option: --feature.api-token

The initial-settings group defines entities that are created automatically upon the first TCM startup.

See also Initial settings.

Important

The initial-settings.* configuration options can be set in the YAML configuration file only. There are no environment variables nor command-line options for them.

initial-settings.clusters

An array of clusters to create in TCM automatically upon the first startup.

See also Initial settings.


Type: []Cluster
Default: []
initial-settings.clusters.<cluster>.id

Cluster ID. Skip this option to generate an ID automatically. Specify the value 00000000-0000-0000-0000-000000000000 to customize the default cluster upon TCM startup.


Type: string
Default: “” (ID is generated automatically)
initial-settings.clusters.<cluster>.name

Cluster name.


Type: string
Default: “”
initial-settings.clusters.<cluster>.description

Cluster description.


Type: string
Default: “”
initial-settings.clusters.<cluster>.color

A color to highlight the cluster in TCM. Possible values:

  • dark
  • gray
  • red
  • pink
  • grape
  • violet
  • indigo
  • blue
  • cyan
  • green
  • lime
  • yellow
  • orange
  • teal
  • empty string (no color)

Type: string
Default: “” (no color)
initial-settings.clusters.<cluster>.urls

URLs of additional services for the cluster. See also Adding a new cluster.


Type: []ClusterUrl
Default: []
initial-settings.clusters.<cluster>.<url>.label

URL label to show in TCM. Typically, this is the linked service name.


Type: string
Default: “”
initial-settings.clusters.<cluster>.<url>.url

The URL address of the linked service.


Type: string
Default: “”
initial-settings.clusters.<cluster>.storage-connection.provider

The type of the storage used for storing the cluster configuration.

Possible values:

  • etcd
  • tarantool
  • empty string (undefined)

Type: string
Default: “”
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.endpoints

An array of node URIs of the etcd cluster where the Tarantool cluster configuration is stored.


Type: []string
Default: []
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.auto-sync-interval

An automated sync interval.


Type: time.Duration
Default: 0 (disabled)
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.dial-timeout

An etcd dial timeout.


Type: time.Duration
Default: 0 (not set)
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.dial-keep-alive-time

A dial keep-alive time.


Type: time.Duration
Default: 0 (not set)
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.dial-keep-alive-timeout

A dial keep-alive timeout.


Type: time.Duration
Default: 0 (not set)
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.max-call-send-msg-size

The maximum size (in bytes) of a request from the cluster to its etcd configuration storage.


Type: int
Default: 2097152
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.max-call-recv-msg-size

The maximum size (in bytes) of a response to the cluster from its etcd configuration storage.


Type: int
Default: 0 (unlimited)
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.username

A username for accessing the cluster’s etcd storage.


Type: string
Default: “”
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.password

A password for accessing the cluster’s etcd storage.


Type: string
Default: “”
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.reject-old-cluster

Whether etcd should refuse to create a client against an outdated cluster.


Type: bool
Default: false
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.permit-without-stream

Whether keepalive pings can be send to the etcd server without active streams.


Type: bool
Default: false
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.prefix

A prefix for the cluster configuration parameters in etcd.


Type: string
Default: “”
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.tls.enabled

Indicates whether TLS is enabled for connections to the cluster’s etcd storage.


Type: bool
Default: false
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.tls.cert-file

A path to a TLS certificate file to use for etcd connections.


Type: string
Default: “”
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.tls.key-file

A path to a TLS private key file to use for etcd connections.


Type: string
Default: “”
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.tls.trusted-ca-file

A path to a trusted CA certificate file to use for etcd connections.


Type: string
Default: “”
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.tls.client-cert-auth

Indicates whether client cert authentication is enabled.


Type: bool
Default: false
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.tls.crl-file

A path to the client certificate revocation list file.


Type: string
Default: “”
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.tls.insecure-skip-verify

Skip checking client certificate in etcd connections.


Type: bool
Default: false
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.tls.skip-client-san-verify

Skip verification of SAN field in client certificate for etcd connections.


Type: bool
Default: false
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.tls.server-name

Name of the TLS server for etcd connections.


Type: string
Default: “”
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.tls.cipher-suites

TLS cipher suites for etcd connections. Possible values are the Golang tls.TLS_* constants.


Type: []uint16
Default: []
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.tls.allowed-cn

An allowed common name for authentication in etcd connections.


Type: string
Default: “”
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.tls.allowed-hostname

An allowed TLS certificate name for authentication in etcd connections.


Type: string
Default: “”
initial-settings.clusters.<cluster>.storage-connection.etcd-connection.tls.empty-cn

Whether the empty common name is allowed in etcd connections.


Type: bool
Default: false
initial-settings.clusters.<cluster>.storage-connection.tarantool-connection.username

A username for connecting to the cluster’s Tarantool-based configuration storage.


Type: string
Default: “”
initial-settings.clusters.<cluster>.storage-connection.tarantool-connection.password

A password for connecting to the cluster’s Tarantool-based configuration storage.


Type: string
Default: “”
initial-settings.clusters.<cluster>.storage-connection.tarantool-connection.endpoints

An array of the cluster’s Tarantool-based configuration storage URIs.


Type: []string
Default: []
initial-settings.clusters.<cluster>.storage-connection.tarantool-connection.method

An authentication method for the cluster’s Tarantool-based configuration storage.

Possible values are the Go’s go-tarantool/Auth constants:

  • AutoAuth (0)
  • ChapSha1Auth
  • PapSha256Auth

Type: string
Default: “”
initial-settings.clusters.<cluster>.storage-connection.tarantool-connection.prefix

A prefix for the cluster configuration parameters in the Tarantool-based configuration storage.


Type: string
Default: “”
initial-settings.clusters.<cluster>.storage-connection.tarantool-connection.ssl.key-file

A path to a TLS private key file to use for connecting to the cluster’s Tarantool-based configuration storage.

See also: Securing connections with SSL.


Type: string
Default: “”
initial-settings.clusters.<cluster>.storage-connection.tarantool-connection.ssl.cert-file

A path to an SSL certificate to use for connecting to the cluster’s Tarantool-based configuration storage.

See also: Securing connections with SSL.


Type: string
Default: “”
initial-settings.clusters.<cluster>.storage-connection.tarantool-connection.ssl.ca-file

A path to a trusted CA certificate to use for connecting to the cluster’s Tarantool-based configuration storage.

See also: Securing connections with SSL.


Type: string
Default: “”
initial-settings.clusters.<cluster>.storage-connection.tarantool-connection.ssl.ciphers

A list of SSL cipher suites that can be used for connecting to the cluster’s Tarantool-based configuration storage. Possible values are listed in <uri>.params.ssl_ciphers.

See also: Securing connections with SSL.


Type: string
Default: “”
initial-settings.clusters.<cluster>.storage-connection.tarantool-connection.ssl.enabled

A password for an encrypted private SSL key to use for connecting to the cluster’s Tarantool-based configuration storage.

See also: Securing connections with SSL.


Type: string
Default: “”
initial-settings.clusters.<cluster>.storage-connection.tarantool-connection.ssl.password-file

A text file with passwords for encrypted private SSL keys to use for connecting to the cluster’s Tarantool-based configuration storage.

See also: Securing connections with SSL.


Type: string
Default: “”
initial-settings.clusters.<cluster>.tarantool-connection.username

A username for connecting to the cluster instances.


Type: string
Default: “”
initial-settings.clusters.<cluster>.tarantool-connection.password

A password for connecting to the cluster instances.


Type: string
Default: “”
initial-settings.clusters.<cluster>.tarantool-connection.method

An authentication method for connecting to the cluster.

Possible values are the Go’s go-tarantool/Auth constants:

  • AutoAuth (0)
  • ChapSha1Auth
  • PapSha256Auth

Type: string
Default: “”
initial-settings.clusters.<cluster>.tarantool-connection.timeout

The cluster request timeout.


Type: time.Duration
Default: 0 (not set)
initial-settings.clusters.<cluster>.tarantool-connection.rate-limit

The cluster rate limit.


Type: uint
Default: 0 (not set)
initial-settings.clusters.<cluster>.tarantool-connection.ssl.key-file

A path to a TLS private key file to use for connecting to the cluster instances.

See also: Securing connections with SSL.


Type: string
Default: “”
initial-settings.clusters.<cluster>.tarantool-connection.ssl.cert-file

A path to an SSL certificate to use for connecting to the cluster instances.

See also: Securing connections with SSL.


Type: string
Default: “”
initial-settings.clusters.<cluster>.tarantool-connection.ssl.ca-file

A path to a trusted CA certificate to use for connecting to the cluster instances.

See also: Securing connections with SSL.


Type: string
Default: “”
initial-settings.clusters.<cluster>.tarantool-connection.ssl.ciphers

A list of SSL cipher suites that can be used for connecting to the cluster instances. Possible values are listed in <uri>.params.ssl_ciphers.

See also: Securing connections with SSL.


Type: string
Default: “”
initial-settings.clusters.<cluster>.tarantool-connection.ssl.enabled

A password for an encrypted private SSL key to use for connecting to the cluster instances.

See also: Securing connections with SSL.


Type: string
Default: “”
initial-settings.clusters.<cluster>.tarantool-connection.ssl.password-file

A text file with passwords for encrypted private SSL keys to use for connecting to the cluster instances.

See also: Securing connections with SSL.


Type: string
Default: “”
Found what you were looking for?
Feedback