Crazy Ivan can be configured from one or more sources:
The application gives priority to the values retrieved in the above order. This means that an environment variable setting will override any other setting.
Command Line arguments and Properties File keys are lower case, and separated by periods (ie. ‘section.key=’). Environment Variables, Vault, and Consul keys are all upper case, and are separated by underscores (ie. ‘SECTION_KEY=’).
All arguments are prefixed with the application name and profile name (ie. ‘section.key’ becomes ‘ivan.prod.section.key’). The profile name can be changed by providing the command line argument ‘profile’:
./crazy_ivan profile=dev
You can store multiple profiles in your configuration sources, and then specify which one to use on startup of each instance.
The ‘cluster’ option on the command line or in a properties file, or the ‘AOSSL_CLUSTER_NAME’ environment variable, will set the name of the cluster. A cluster is a grouping of Crazy Ivan instances, which have been assigned particular scenes to manage. Each Crazy Ivan instance is designed to manage a set number of scenes, and this allows for highly optimized streaming of object updates.
The cluster name will affect both how Crazy Ivan registers with Consul, if provided, as well as the names of cluster-specific security properties.
Vault Address - Starts Crazy Ivan against a Vault instance. Specified by a collection of arguments:
vault=http://localhost:8200
to use when communicating with Vault. You may also leave this blank to enable SSL encryption without providing a client certificate.
vault.cert=
used by Vault, currently supported options are ‘APPROLE’ and ‘BASIC’
vault.authtype=BASIC
authenticating with Vault
vault.un=test
authenticating with Vault
vault.pw=test
In addition, the Vault UN and PW can be loaded from files on disk, ‘vault_un.txt’ and ‘vault_pw.txt’. This is the recommended method to set authentication info in CI/CD processes within an application container.
Secure Properties can be loaded from a properties file for development purposes, but in a Production scenario should always be loaded from a Vault instance. Once Crazy Ivan is connected to a Vault instance, the following properties can be loaded:
Secure properties can be loaded from any configuration source, but when loaded from Vault they should be present at the default path (‘secret/’) in the v2 KV Store.
Consul Address - Starts Crazy Ivan against a Consul instance. Specified by either the consul command line argument or the AOSSL_CONSUL_ADDRESS environment variable.
./crazy_ivan consul=http://127.0.0.1:8500
We may also include the arguments:
SSL Certificate to use when communicating with Consul. You may also leave this blank to enable SSL encryption without providing a client certificate.
consul.cert=
This will enable property retrieval from Consul KV Store & registering with Consul on start up.
The Consul ACL Token can alternatively be generated from the Consul Secret Store in Vault.
consul.token.role=consul-role
Properties File - Starts Crazy Ivan against a Properties File. Specified by either the props command line argument or the AOSSL_PROPS_FILE environment variable. For example:
./crazy_ivan props=app.properties
If no properties file is specified, Crazy Ivan will look for one named app.properties in both the current working folder, and in /etc/ivan/.
The consul address can also be specified within the properties file, with the key consul.
SSL Context Configuration is performed on startup, if enabled. If the following properties are set, then SSL Certs for Crazy Ivan can be generated dynamically from Vault:
transaction.security.ssl.ca.vault.active=true
transaction.security.ssl.ca.vault.role_name=test-role
transaction.security.ssl.ca.vault.common_name=local
Otherwise, SSL Certificate Generation can be configured from a file in the current working directory called ‘ssl.properties’.
HTTPS must be enabled with the following parameter:
transaction.security.ssl.enabled=true
neo4j=neo4j://username:password@localhost:7687
In Production Scenarios it is recommended to use Neo4j Discovery. If it is set to true, then Crazy Ivan will use Consul to find a Neo4j instance, and will dynamically find new instances when it encounters many consecutive failures. This is controlled by the property:
neo4j.discover=true
When enabled, you will want to utilize the secure properties ‘NEO4J_AUTH_UN’ and ‘NEO4J_AUTH_PW’ in Vault, in order to store the authorization info for Neo4j securely.
There are a number of other options that Crazy Ivan can be provided on startup. Below is an overview of the remaining properties:
log.file=ivan.log
log.level=Debug
http.host=127.0.0.1
http.port=8766
udp.port=8764
event.security.aes.enabled=false
transaction.id.stamp=True
transaction.format=json
event.stream.method=udp
event.format=json