Configuration reference

cluster

The cluster group defines parameters of TCM interaction with connected Tarantool clusters.

• on-air-limit
• connection-rate-limit
• tarantool-timeout
• tarantool-ping-timeout

cluster.on-air-limit¶

The maximum number of on-air requests from TCM to all connected clusters.

Type: int64

Default: 4096

Environment variable: TCM_CLUSTER_ON_AIR_LIMIT

Command-line option: --cluster-on-air-limit

cluster.connection-rate-limit¶

A rate limit for connections to Tarantool instances.

Type: uint

Default: 512

Environment variable: TCM_CLUSTER_CONNECTION_RATE_LIMIT

Command-line option: --cluster-connection-rate-limit

cluster.tarantool-timeout¶

A timeout for receiving a response from Tarantool instances.

Type: time.Duration

Default: 10s

Environment variable: TCM_CLUSTER_TARANTOOL_TIMEOUT

Command-line option: --cluster-tarantool-timeout

cluster.tarantool-ping-timeout¶

A timeout for receiving a ping response from Tarantool instances.

Type: time.Duration

Default: 5s

Environment variable: TCM_CLUSTER_TARANTOOL_PING_TIMEOUT

Command-line option: --cluster-tarantool-ping-timeout

http

The http group defines parameters of HTTP connections between TCM and clients.

• http.basic_auth.enabled
• http.network
• http.host
• http.port
• http.request-size
• http.websocket.read-buffer-size
• http.websocket.write-buffer-size
• http.websocket.keepalive-ping-interval
• http.websocket.handshake-timeout
• http.websocket.init-timeout
• http.websession-cookie.name
• http.websession-cookie.path
• http.websession-cookie.domain
• http.websession-cookie.ttl
• http.websession-cookie.secure
• http.websession-cookie.http-only
• http.websession-cookie.same-site
• http.cors.enabled
• http.cors.allowed-origins
• http.cors.allowed-methods
• http.cors.allowed-headers
• http.cors.exposed-headers
• http.cors.allow-credentials
• http.cors.debug
• http.metrics-endpoint
• http.tls.enabled
• http.tls.cert-file
• http.tls.key-file
• http.tls.server
• http.tls.min-version
• http.tls.max-version
• http.tls.curve-preferences
• http.tls.cipher-suites
• http.read-timeout
• http.read-header-timeout
• http.write-timeout
• http.idle-timeout
• http.idle-timeout
• http.disable-general-options-handler
• http.max-header-bytes
• http.api-timeout
• http.api-update-interval
• http.frontend-dir
• http.show-stack-trace
• http.trace
• http.max-static-size
• http.graphql.complexity

http.basic_auth.enabled¶

Whether to use the HTTP basic authentication.

Type: bool

Default: false

Environment variable: TCM_HTTP_BASIC_AUTH_ENABLED

Command-line option: --http-basic-auth-enabled

http.network¶

An addressing scheme that TCM uses.

Possible values:

• tcp: IPv4 address
• tcp6: IPv6 address
• unix: Unix domain socket

Type: string

Default: tcp

Environment variable: TCM_HTTP_NETWORK

Command-line option: --http-network

http.host¶

A host name on which TCM serves.

Type: string

Default: 127.0.0.1

Environment variable: TCM_HTTP_HOST

Command-line option: --http-host

http.port¶

A port on which TCM serves.

Type: int

Default: 8080

Environment variable: TCM_HTTP_PORT

Command-line option: --http-port

http.request-size¶

The maximum size (in bytes) of a client HTTP request to TCM.

Type: int64

Default: 1572864

Environment variable: TCM_HTTP_REQUEST_SIZE

Command-line option: --http-request-size

http.websocket.read-buffer-size¶

The size (in bytes) of the read buffer for WebSocket connections.

Type: int

Default: 16384

Environment variable: TCM_HTTP_WEBSOCKET_READ_BUFFER_SIZE

Command-line option: --http-websocket-read-buffer-size

http.websocket.write-buffer-size¶

The size (in bytes) of the write buffer for WebSocket connections.

Type: int

Default: 16384

Environment variable: TCM_HTTP_WEBSOCKET_WRITE_BUFFER_SIZE

Command-line option: --http-websocket-write-buffer-size

http.websocket.keepalive-ping-interval¶

The time interval for sending WebSocket keepalive pings.

Type: time.Duration

Default: 20s

Environment variable: TCM_HTTP_WEBSOCKET_KEEPALIVE_PING_INTERVAL

Command-line option: --http-websocket-keepalive-ping-interval

http.websocket.handshake-timeout¶

The time limit for completing a WebSocket opening handshake with a client.

Type: time.Duration

Default: 10s

Environment variable: TCM_HTTP_WEBSOCKET_HANDSHAKE_TIMEOUT

Command-line option: --http-websocket-handshake-timeout

http.websocket.init-timeout¶

The time limit for establishing a WebSocket connection with a client.

Type: time.Duration

Default: 15s

Environment variable: TCM_HTTP_WEBSOCKET_INIT_TIMEOUT

Command-line option: --http-websocket-init-timeout

http.websession-cookie.name¶

The name of the cookie that TCM sends to clients.

This value is used as the cookie name in the Set-Cookie HTTP response header.

Type: string

Default: tcm

Environment variable: TCM_HTTP_WEBSESSION_COOKIE_NAME

Command-line option: --http-websession-cookie-name

http.websession-cookie.path¶

The URL path that must be present in the requested URL in order to send the cookie.

This value is used in the Path attribute of the Set-Cookie HTTP response header.

Type: string

Default: “”

Environment variable: TCM_HTTP_WEBSESSION_COOKIE_PATH

Command-line option: --http-websession-cookie-path

http.websession-cookie.domain¶

The domain to which the cookie can be sent.

This value is used in the Domain attribute of the Set-Cookie HTTP response header.

Type: string

Default: “”

Environment variable: TCM_HTTP_WEBSESSION_COOKIE_DOMAIN

Command-line option: --http-websession-cookie-domain

http.websession-cookie.ttl¶

The maximum lifetime of the TCM cookie.

This value is used in the Max-Age attribute of the Set-Cookie HTTP response header.

Type: time.Duration

Default: 2h0m0s

Environment variable: TCM_HTTP_WEBSESSION_COOKIE_TTL

Command-line option: --http-websession-cookie-ttl

http.websession-cookie.secure¶

Indicates whether the cookie can be sent only over the HTTPS protocol. In this case, it’s never sent over the unencrypted HTTP, therefore preventing man-in-the-middle attacks.

When true, the Secure attribute is added to the Set-Cookie HTTP response header.

Type: bool

Default: false

Environment variable: TCM_HTTP_WEBSESSION_COOKIE_SECURE

Command-line option: --http-websession-cookie-secure

http.websession-cookie.http-only¶

Indicates that the cookie can’t be accessed from the JavaScript Document.cookie API. This helps mitigate cross-site scripting attacks.

When true, the HttpOnly attribute is added to the Set-Cookie HTTP response header.

Type: bool

Default: true

Environment variable: TCM_HTTP_WEBSESSION_COOKIE_HTTP_ONLY

Command-line option: --http-websession-cookie-http-only

http.websession-cookie.same-site¶

Indicates if it is possible to send the TCM cookie along with cross-site requests. Possible values are the Go’s http.SameSite constants:

• SameSiteDefaultMode
• SameSiteLaxMode
• SameSiteStrictMode
• SameSiteNoneMode

For details on SameSite modes, see the Set-Cookie header documentation in the MDN web docs.

This value is used in the SameSite attribute of the Set-Cookie HTTP response header.

Type: http.SameSite

Default: SameSiteDefaultMode

Environment variable: TCM_HTTP_WEBSESSION_COOKIE_SAME_SITE

Command-line option: --http-websession-cookie-same-site

http.cors.enabled¶

Indicates whether to use the Cross-Origin Resource Sharing (CORS).

Type: bool

Default: false

Environment variable: TCM_HTTP_CORS_ENABLED

Command-line option: --http-cors-enabled

http.cors.allowed-origins¶

The origins with which the HTTP response can be shared, separated by semicolons.

The specified values are sent in the Access-Control-Allow-Origin HTTP response headers.

Type: []string

Default: []

Environment variable: TCM_HTTP_CORS_ALLOWED_ORIGINS

Command-line option: --http-cors-allowed-origins

http.cors.allowed-methods¶

HTTP request methods that are allowed when accessing a resource, separated by semicolons.

The specified values are sent in the Access-Control-Allow-Methods HTTP header of a response to a CORS preflight request.

Type: []string

Default: []

Environment variable: TCM_HTTP_CORS_ALLOWED_METHODS

Command-line option: --http-cors-allowed-methods

http.cors.allowed-headers¶

HTTP headers that are allowed during the actual request, separated by semicolons.

The specified values are sent in the Access-Control-Allow-Headers HTTP header of a response to a CORS preflight request.

Type: []string

Default: []

Environment variable: TCM_HTTP_CORS_ALLOWED_HEADERS

Command-line option: --http-cors-allowed-headers

http.cors.exposed-headers¶

Response headers that should be made available to scripts running in the browser, in response to a cross-origin request, separated by semicolons.

The specified values are sent in the Access-Control-Expose-Headers HTTP response headers.

Type: []string

Default: []

Environment variable: TCM_HTTP_CORS_EXPOSED_HEADERS

Command-line option: --http-cors-exposed-headers

http.cors.allow-credentials¶

Whether to expose the response to the frontend JavaScript code when the request’s credentials mode is include.

When true, the Access-Control-Allow-Credentials HTTP response header is sent.

Type: bool

Default: false

Environment variable: TCM_HTTP_CORS_ALLOW_CREDENTIALS

Command-line option: --http-cors-allow-credentials

http.cors.debug¶

For debug purposes.

Type: bool

Default: false

http.metrics-endpoint¶

The HTTP endpoint for TCM metrics in the Prometheus format.

Type: string

Default: /metrics

Environment variable: TCM_HTTP_METRICS_ENDPOINT

Command-line option: --http-metrics-endpoint

http.tls.enabled¶

Indicates whether TLS is enabled for client connections to TCM.

Type: bool

Default: false

Environment variable: TCM_HTTP_TLS_ENABLED

Command-line option: --http-tls-enabled

http.tls.cert-file¶

A path to a TLS certificate file. Mandatory when TLS is enabled.

Type: string

Default: “”

Environment variable: TCM_HTTP_TLS_CERT_FILE

Command-line option: --http-tls-cert-file

http.tls.key-file¶

A path to a TLS private key file. Mandatory when TLS is enabled.

Type: string

Default: “”

Environment variable: TCM_HTTP_TLS_KEY_FILE

Command-line option: --http-tls-key-file

http.tls.server¶

The TSL server.

Type: string

Default: “”

Environment variable: TCM_HTTP_TLS_SERVER

Command-line option: --http-tls-server

http.tls.min-version¶

The minimum version of the TLS protocol.

Type: uint16

Default: 0

Environment variable: TCM_HTTP_TLS_MIN_VERSION

Command-line option: --http-tls-min-version

http.tls.max-version¶

The maximum version of the TLS protocol.

Type: uint16

Default: 0

Environment variable: TCM_HTTP_TLS_MAX_VERSION

Command-line option: --http-tls-max-version

http.tls.curve-preferences¶

Elliptic curves that are used for TLS connections. Possible values are the Go’s tls.CurveID constants:

• CurveP256
• CurveP384
• CurveP521
• X25519

Type: []tls.CurveID

Default: []

Environment variable: TCM_HTTP_TLS_CURVE_PREFERENCES

Command-line option: --http-tls-curve-preferences

http.tls.cipher-suites¶

Enabled TLS cipher suites. Possible values are the Golang tls.TLS_* constants.

Type: []uint16

Default: []

Environment variable: TCM_HTTP_TLS_CIPHER_SUITES

Command-line option: --http-tls-cipher-suites

http.read-timeout¶

A timeout for reading an incoming request.

Type: time.Duration

Default: 30s

Environment variable: TCM_HTTP_READ_TIMEOUT

Command-line option: --http-read-timeout

http.read-header-timeout¶

A timeout for reading headers of an incoming request.

Type: time.Duration

Default: 30s

Environment variable: TCM_HTTP_READ_HEADER_TIMEOUT

Command-line option: --http-read-header-timeout

http.write-timeout¶

A timeout for writing a response.

Type: time.Duration

Default: 30s

Environment variable: TCM_HTTP_WRITE_TIMEOUT

Command-line option: --http-write-timeout

http.idle-timeout¶

The timeout for idle connections.

Type: time.Duration

Default: 30s

Environment variable: TCM_HTTP_IDLE_TIMEOUT

Command-line option: --http-idle-timeout

http.disable-general-options-handler¶

Whether the client requests with the OPTIONS HTTP method are allowed.

Type: bool

Default: false

Environment variable: TCM_HTTP_DISABLE_GENERAL_OPTIONS_HANDLER

Command-line option: --http-disable-general-options-handler

http.max-header-bytes¶

The maximum size (in bytes) of a header in a client’s request to TCM.

Type: int

Default: 0

Environment variable: TCM_HTTP_MAX_HEADER_BYTES

Command-line option: --http-max-header-bytes

http.api-timeout¶

The stateboard update timeout.

Type: time.Duration

Default: 8s

Environment variable: TCM_HTTP_API_TIMEOUT

Command-line option: --http-api-timeout

http.api-update-interval¶

The stateboard update interval.

Type: time.Duration

Default: 5s

Environment variable: TCM_HTTP_API_UPDATE_INTERVAL

Command-line option: --http-api-update-interval

http.frontend-dir¶

The directory with custom TCM frontend files (for development purposes).

Type: string

Default: “”

Environment variable: TCM_HTTP_FRONTEND_DIR

Command-line option: --http-frontend-dir

http.show-stack-trace¶

Whether error stack traces are shown in the web UI.

Type: bool

Default: true

Environment variable: TCM_HTTP_SHOW_STACK_TRACE

Command-line option: --http-show-stack-trace

http.trace¶

Whether all query tracing information is written in logs.

Type: bool

Default: false

Environment variable: TCM_HTTP_TRACE

Command-line option: --http-trace

http.max-static-size¶

The maximum size (in bytes) of a static content sent to TCM.

Type: int

Default: 104857600

Environment variable: TCM_HTTP_MAX_STATIC_SIZE

Command-line option: --http-max-static-size

http.graphql.complexity¶

The maximum complexity of GraphQL queries that TCM processes. If this value is exceeded, TCM returns an error.

Type: int

Default: 40

Environment variable: TCM_HTTP_GRAPHQL_COMPLEXITY

Command-line option: --http-graphql-complexity

log

The log section defines the TCM logging parameters.

• log.default.add-source
• log.default.show-stack-trace
• log.default.level
• log.default.format
• log.default.output
• log.default.no-colorized
• log.default.file.name
• log.default.file.maxsize
• log.default.file.maxage
• log.default.file.maxbackups
• log.default.file.compress
• log.default.syslog.protocol
• log.default.syslog.output
• log.default.syslog.priority
• log.default.syslog.facility
• log.default.syslog.tag
• log.default.syslog.timeout
• log.outputs

log.default.add-source¶

Whether sources are added to the TCM log.

Type: bool

Default: false

Environment variable: TCM_LOG_DEFAULT_ADD_SOURCE

Command-line option: --log-default-add-source

log.default.show-stack-trace¶

Whether stack traces are added to the TCM log.

Type: bool

Default: false

Environment variable: TCM_LOG_DEFAULT_SHOW_STACK_TRACE

Command-line option: --log-default-show-stack-trace

log.default.level¶

The default TCM logging level.

Possible values:

• VERBOSE
• INFO
• WARN
• ALARM

Type: string

Default: INFO

Environment variable: TCM_LOG_DEFAULT_LEVEL

Command-line option: --log-default-level

log.default.format¶

TCM log entries format.

Possible values:

• struct
• json

Type: string

Default: struct

Environment variable: TCM_LOG_DEFAULT_FORMAT

Command-line option: --log-default-format

log.default.output¶

The output used for TCM log.

Possible values:

• stdout
• stderr
• file
• syslog

Type: string

Default: stdout

Environment variable: TCM_LOG_DEFAULT_OUTPUT

Command-line option: --log-default-output

log.default.no-colorized¶

Whether the stdout log is not colorized.

Type: bool

Default: false

Environment variable: TCM_LOG_DEFAULT_NO_COLORIZED

Command-line option: --log-default-no-colorized

log.default.file.name¶

The name of the TCM log file.

Type: string

Default: “”

Environment variable: TCM_LOG_DEFAULT_FILE_NAME

Command-line option: --log-default-file-name

log.default.file.maxsize¶

The maximum size (in bytes) of the TCM log file.

Type: int

Default: 0

Environment variable: TCM_LOG_DEFAULT_FILE_MAXSIZE

Command-line option: --log-default-file-maxsize

log.default.file.maxage¶

The maximum age of a TCM log file, in days.

Type: int

Default: 0

Environment variable: TCM_LOG_DEFAULT_FILE_MAXAGE

Command-line option: --log-default-file-maxage

log.default.file.maxbackups¶

The maximum number of users in TCM.

Type: int

Default: 0

Environment variable: TCM_LOG_DEFAULT_FILE_MAXBACKUPS

Command-line option: --log-default-file-maxbackups

log.default.file.compress¶

Indicated that TCM compresses log files upon rotation.

Type: bool

Default: false

Environment variable: TCM_LOG_DEFAULT_FILE_COMPRESS

Command-line option: --log-default-file-compress

log.default.syslog.protocol¶

The network protocol used for connecting to the syslog server. Typically, it’s tcp, udp, or unix. All possible values are listed in the Go’s net.Dial documentation.

Type: string

Default: tcp

Environment variable: TCM_LOG_DEFAULT_SYSLOG_PROTOCOL

Command-line option: --log-default-syslog-protocol

log.default.syslog.output¶

The syslog server URI.

Type: string

Default: 127.0.0.1:5514

Environment variable: TCM_LOG_DEFAULT_SYSLOG_OUTPUT

Command-line option: --log-default-syslog-output

log.default.syslog.priority¶

The syslog severity level.

Type: string

Default: “”

Environment variable: TCM_LOG_DEFAULT_SYSLOG_PRIORITY

Command-line option: --log-default-syslog-priority

log.default.syslog.facility¶

The syslog facility.

Type: string

Default: “”

Environment variable: TCM_LOG_DEFAULT_SYSLOG_FACILITY

Command-line option: --log-default-syslog-facility

log.default.syslog.tag¶

The syslog tag.

Type: string

Default: “”

Environment variable: TCM_LOG_DEFAULT_SYSLOG_TAG

Command-line option: --log-default-syslog-tag

log.default.syslog.timeout¶

The timeout for connecting to the syslog server.

Type: time.Duration

Default: 10s

Environment variable: TCM_LOG_DEFAULT_SYSLOG_TIMEOUT

Command-line option: --log-default-syslog-timeout

log.outputs¶

An array of log outputs that TCM uses in addition to the default one that is defined by the log.default.* parameters. Each array item can include the parameters of the log.default group. If a parameter is skipped, its value is taken from log.default.

Type: []LogOuputConfig

Default: []

Environment variable: TCM_LOG_OUTPUTS

Command-line option: --log-outputs

storage

The storage section defines the parameters of the configuration storage that TCM uses for connected clusters.

• storage.provider

etcd storage parameters:

• storage.etcd.prefix
• storage.etcd.endpoints
• storage.etcd.dial-timeout
• storage.etcd.auto-sync-interval
• storage.etcd.dial-keep-alive-time
• storage.etcd.dial-keep-alive-timeout
• storage.etcd.bootstrap-timeout
• storage.etcd.max-call-send-msg-size
• storage.etcd.username
• storage.etcd.password
• storage.etcd.tls.enabled
• storage.etcd.tls.auto
• storage.etcd.tls.cert-file
• storage.etcd.tls.key-file
• storage.etcd.tls.trusted-ca-file
• storage.etcd.tls.client-cert-auth
• storage.etcd.tls.crl-file
• storage.etcd.tls.insecure-skip-verify
• storage.etcd.tls.skip-client-san-verify
• storage.etcd.tls.server-name
• storage.etcd.tls.cipher-suites
• storage.etcd.tls.allowed-cn
• storage.etcd.tls.allowed-hostname
• storage.etcd.tls.empty-cn
• storage.etcd.permit-without-stream
• storage.etcd.embed.enabled
• storage.etcd.embed.endpoints
• storage.etcd.embed.advertises
• storage.etcd.embed.tls.enabled
• storage.etcd.embed.tls.auto
• storage.etcd.embed.tls.cert-file
• storage.etcd.embed.tls.key-file
• storage.etcd.embed.tls.trusted-ca-file
• storage.etcd.embed.tls.client-cert-auth
• storage.etcd.embed.tls.crl-file
• storage.etcd.embed.tls.insecure-skip-verify
• storage.etcd.embed.tls.skip-client-san-verify
• storage.etcd.embed.tls.server-name
• storage.etcd.embed.tls.cipher-suites
• storage.etcd.embed.tls.allowed-cn
• storage.etcd.embed.tls.allowed-hostname
• storage.etcd.embed.tls.empty-cn
• storage.etcd.embed.peer-endpoints
• storage.etcd.embed.peer-advertises
• storage.etcd.embed.peer-tls.enabled
• storage.etcd.embed.peer-tls.auto
• storage.etcd.embed.peer-tls.cert-file
• storage.etcd.embed.peer-tls.key-file
• storage.etcd.embed.peer-tls.trusted-ca-file
• storage.etcd.embed.peer-tls.client-cert-auth
• storage.etcd.embed.peer-tls.crl-file
• storage.etcd.embed.peer-tls.insecure-skip-verify
• storage.etcd.embed.peer-tls.skip-client-san-verify
• storage.etcd.embed.peer-tls.server-name
• storage.etcd.embed.peer-tls.cipher-suites
• storage.etcd.embed.peer-tls.allowed-cn
• storage.etcd.embed.peer-tls.allowed-hostname
• storage.etcd.embed.peer-tls.empty-cn
• storage.etcd.embed.grpc-keep-alive-timeout
• storage.etcd.embed.grpc-keep-alive-interval
• storage.etcd.embed.grpc-keep-alive-min-time
• storage.etcd.embed.workdir
• storage.etcd.embed.waldir
• storage.etcd.embed.max-request-bytes
• storage.etcd.embed.debug
• storage.etcd.embed.start-timeout
• storage.etcd.embed.log-level
• storage.etcd.embed.initial-cluster
• storage.etcd.embed.initial-cluster-token
• storage.etcd.embed.name
• storage.etcd.embed.initial-cluster-state
• storage.etcd.embed.self-signed-cert-validity

Tarantool storage parameters:

• storage.tarantool.prefix
• storage.tarantool.addr
• storage.tarantool.auth
• storage.tarantool.reconnect
• storage.tarantool.max-reconnects
• storage.tarantool.user
• storage.tarantool.pass
• storage.tarantool.rate-limit
• storage.tarantool.rate-limit-action
• storage.tarantool.concurrency
• storage.tarantool.skip-schema
• storage.tarantool.transport
• storage.tarantool.ssl.key-file
• storage.tarantool.ssl.cert-file
• storage.tarantool.ssl.ca-file
• storage.tarantool.ssl.ciphers
• storage.tarantool.ssl.password
• storage.tarantool.required-protocol-info.auth
• storage.tarantool.required-protocol-info.version
• storage.tarantool.required-protocol-info.features
• storage.tarantool.embed.enabled
• storage.tarantool.embed.workdir
• storage.tarantool.embed.executable
• storage.tarantool.embed.config-filename
• storage.tarantool.embed.config
• storage.tarantool.embed.args
• storage.tarantool.embed.env

storage.provider¶

The type of the storage used for storing TCM configuration.

Possible values:

• etcd
• tarantool

Type: string

Default: etcd

Environment variable: TCM_STORAGE_PROVIDER

Command-line option: --storage-provider

storage.etcd.prefix¶

A prefix for the TCM configuration parameters in etcd.

Type: string

Default: “/tcm”

Environment variable: TCM_STORAGE_ETCD_PREFIX

Command-line option: --storage-etcd-prefix

storage.etcd.endpoints¶

An array of node URIs of the etcd cluster where the TCM configuration is stored, separated by semicolons (;).

Type: []string

Default: [“http://127.0.0.1:2379”]

Environment variable: TCM_STORAGE_ETCD_ENDPOINTS

Command-line option: --storage-etcd-endpoints

storage.etcd.dial-timeout¶

An etcd dial timeout.

Type: time.Duration

Default: 10s

Environment variable: TCM_STORAGE_ETCD_DIAL_TIMEOUT

Command-line option: --storage-etcd-dial-timeout

storage.etcd.auto-sync-interval¶

An automated sync interval.

Type: time.Duration

Default: 0s

Environment variable: TCM_STORAGE_ETCD_AUTO_SYNC_INTERVAL

Command-line option: --storage-etcd-auto-sync-interval

storage.etcd.dial-keep-alive-time¶

A dial keep-alive time.

Type: time.Duration

Default: 30s

Environment variable: TCM_STORAGE_ETCD_DIAL_KEEP_ALIVE_TIME

Command-line option: --storage-etcd-dial-keep-alive-time

storage.etcd.dial-keep-alive-timeout¶

A dial keep-alive timeout.

Type: time.Duration

Default: 30s

Environment variable: TCM_STORAGE_ETCD_DIAL_KEEP_ALIVE_TIMEOUT

Command-line option: --storage-etcd-dial-keep-alive-timeout

storage.etcd.bootstrap-timeout¶

A bootstrap timeout.

Type: time.Duration

Default: 30s

Environment variable: TCM_STORAGE_ETCD_BOOTSTRAP_TIMEOUT

Command-line option: --storage-etcd-bootstrap-timeout

storage.etcd.max-call-send-msg-size¶

The maximum size (in bytes) of a transaction between TCM and etcd.

Type: int

Default: 2097152

Environment variable: TCM_STORAGE_ETCD_MAX_CALL_SEND_MSG_SIZE

Command-line option: --storage-etcd-max-call-send-msg-size

storage.etcd.username¶

A username for accessing the etcd storage.

Type: string

Default: “”

Environment variable: TCM_STORAGE_ETCD_USERNAME

Command-line option: --storage-etcd-username

storage.etcd.password¶

A password for accessing the etcd storage.

Type: string

Default: “”

Environment variable: TCM_STORAGE_ETCD_PASSWORD

Command-line option: --storage-etcd-password

storage.etcd.tls.enabled¶

Indicates whether TLS is enabled for etcd connections.

Type: bool

Default: false

Environment variable: TCM_STORAGE_ETCD_TLS_ENABLED

Command-line option: --storage-etcd-tls-enabled

storage.etcd.tls.auto¶

Use generated certificates for etcd connections.

Type: bool

Default: false

Environment variable: TCM_STORAGE_ETCD_TLS_AUTO

Command-line option: --storage-etcd-tls-auto

storage.etcd.tls.cert-file¶

A path to a TLS certificate file to use for etcd connections.

Type: string

Default: “”

Environment variable: TCM_STORAGE_ETCD_TLS_CERT_FILE

Command-line option: --storage-etcd-tls-cert-file

storage.etcd.tls.key-file¶

A path to a TLS private key file to use for etcd connections.

Type: string

Default: “”

Environment variable: TCM_STORAGE_ETCD_TLS_KEY_FILE

Command-line option: --storage-etcd-tls-key-file

storage.etcd.tls.trusted-ca-file¶

A path to a trusted CA certificate file to use for etcd connections.

Type: string

Default: “”

Environment variable: TCM_STORAGE_ETCD_TLS_TRUSTED_CA_FILE

Command-line option: --storage-etcd-tls-trusted-ca-file

storage.etcd.tls.client-cert-auth¶

Indicates whether client cert authentication is enabled.

Type: bool

Default: false

Environment variable: TCM_STORAGE_ETCD_TLS_CLIENT_CERT_AUTH

Command-line option: --storage-etcd-tls-client-cert-auth

storage.etcd.tls.crl-file¶

A path to the client certificate revocation list file.

Type: string

Default: “”

Environment variable: TCM_STORAGE_ETCD_TLS_CRL_FILE

Command-line option: --storage-etcd-tls-crl-file

storage.etcd.tls.insecure-skip-verify¶

Skip checking client certificate in etcd connections.

Type: bool

Default: false

Environment variable: TCM_STORAGE_ETCD_TLS_INSECURE_SKIP_VERIFY

Command-line option: --storage-etcd-tls-insecure-skip-verify

storage.etcd.tls.skip-client-san-verify¶

Skip verification of SAN field in client certificate for etcd connections.

Type: bool

Default: false

Environment variable: TCM_STORAGE_ETCD_TLS_SKIP_CLIENT_SAN_VERIFY

Command-line option: --storage-etcd-tls-skip-client-san-verify

storage.etcd.tls.server-name¶

Name of the TLS server for etcd connections.

Type: string

Default: “”

Environment variable: TCM_STORAGE_ETCD_TLS_SERVER_NAME

Command-line option: --storage-etcd-tls-server-name

storage.etcd.tls.cipher-suites¶

TLS cipher suites for etcd connections. Possible values are the Golang tls.TLS_* constants.

Type: []uint16

Default: []

Environment variable: TCM_STORAGE_ETCD_TLS_CIPHER_SUITES

Command-line option: --storage-etcd-tls-cipher-suites

storage.etcd.tls.allowed-cn¶

An allowed common name for authentication in etcd connections.

Type: string

Default: “”

Environment variable: TCM_STORAGE_ETCD_TLS_ALLOWED_CN

Command-line option: --storage-etcd-tls-allowed-cn

storage.etcd.tls.allowed-hostname¶

An allowed TLS certificate name for authentication in etcd connections.

Type: string

Default: “”

Environment variable: TCM_STORAGE_ETCD_TLS_ALLOWED_HOSTNAME

Command-line option: --storage-etcd-tls-allowed-hostname

storage.etcd.tls.empty-cn¶

Whether the empty common name is allowed in etcd connections.

Type: bool

Default: false

Environment variable: TCM_STORAGE_ETCD_TLS_EMPTY_CN

Command-line option: --storage-etcd-tls-empty-cn

storage.etcd.permit-without-stream¶

Whether keepalive pings can be send to the etcd server without active streams.

Type: bool

Default: false

Environment variable: TCM_STORAGE_ETCD_PERMIT_WITHOUT_STREAM

Command-line option: --storage-etcd-permit-without-stream

addon

The addon section defines settings related to TCM add-ons.

• addon.enabled
• addon.addons-dir
• addon.max-upload-size
• addon.dev-addons-dir

addon.enabled¶

Whether to enable the add-on functionality in TCM.

Type: bool

Default: false

Environment variable: TCM_ADDON_ENABLED

Command-line option: --addon-enabled

addon.addons-dir¶

The directory from which TCM takes add-ons.

Type: string

Default: addons

Environment variable: TCM_ADDON_ADDONS_DIR

Command-line option: --addon-addons-dir

addon.max-upload-size¶

The maximum size (in bytes) of addon to upload to TCM.

Type: int64

Default: 104857600

Environment variable: TCM_ADDON_MAX_UPLOAD_SIZE

Command-line option: --addon-max-upload-size

addon.dev-addons-dir¶

Additional add-on directories for development purposes, separated by semicolons (;).

Type: []string

Default: []

Environment variable: TCM_ADDON_DEV_ADDONS_DIR

Command-line option: --addon-dev-addons-dir

limits

The limits section defines limits on various TCM objects and relations between them.

• limits.users-count
• limits.clusters-count
• limits.roles-count
• limits.user-secrets-count
• limits.user-websessions-count
• limits.linked-cluster-users

limits.users-count¶

The maximum number of users in TCM.

Type: int

Default: 1000

Environment variable: TCM_LIMITS_USERS_COUNT

Command-line option: --limits-users-count

limits.clusters-count¶

The maximum number of clusters in TCM.

Type: int

Default: 10

Environment variable: TCM_LIMITS_CLUSTERS_COUNT

Command-line option: --limits-clusters-count

limits.roles-count¶

The maximum number of roles in TCM.

Type: int

Default: 100

Environment variable: TCM_LIMITS_ROLES_COUNT

Command-line option: --limits-roles-count

limits.user-secrets-count¶

The maximum number secrets that a TCM user can have.

Type: int

Default: 10

Environment variable: TCM_LIMITS_USER_SECRETS_COUNT

Command-line option: --limits-user-secrets-count

limits.user-websessions-count¶

The maximum number of open sessions that a TCM user can have.

Type: int

Default: 10

Environment variable: TCM_LIMITS_USER_WEBSESSIONS_COUNT

Command-line option: --limits-user-websessions-count

limits.linked-cluster-users¶

The maximum number of clusters to which a single user can have access.

Type: int

Default: 10

Environment variable: TCM_LIMITS_LINKED_CLUSTER_USERS

Command-line option: --limits-linked-cluster-users

security

The security section defines the security parameters of TCM.

• security.auth
• security.hash-cost
• security.encryption-key
• security.encryption-key-file
• security.bootstrap-password
• security.integrity-check
• security.signature-private-key-file

security.auth¶

Ways to log into TCM.

Possible values:

• local
• ldap

Type: []string

Default: [local]

Environment variable: TCM_SECURITY_AUTH

Command-line option: --security-auth

security.hash-cost¶

A hash cost for hashing users’ passwords.

Type: int

Default: 12

Environment variable: TCM_SECURITY_HASH_COST

Command-line option: --security-hash-cost

security.encryption-key¶

An encryption key for passwords used by TCM for accessing Tarantool and etcd clusters.

Type: string

Default: “”

Environment variable: TCM_SECURITY_ENCRYPTION_KEY

Command-line option: --security-encryption-key

security.encryption-key-file¶

A path to the file with the encryption key for passwords used by TCM for accessing Tarantool and etcd clusters.

Type: string

Default: “”

Environment variable: TCM_SECURITY_ENCRYPTION_KEY_FILE

Command-line option: --security-encryption-key-file

security.bootstrap-password¶

A password for the first login of the admin user. Must be changed after the successful login. Only for testing purposes.

Type: string

Default: “”

Environment variable: TCM_SECURITY_BOOTSTRAP_PASSWORD

Command-line option: --security-bootstrap-password

security.signature-private-key-file¶

A path to a file with the private key to sign TCM data.

Type: string

Default: “”

Environment variable: TCM_SECURITY_SIGNATURE_PRIVATE_KEY_FILE

Command-line option: --security-signature-private-key-file

security.integrity-check¶

Whether to check the digital signature. If true, the error is raised in case an incorrect signature is detected.

Type: bool

Default: false

Environment variable: TCM_SECURITY_INTEGRITY_CHECK

Command-line option: --security-integrity-check

mode

mode¶

The TCM mode: production, development, or test.

Type: string

Default: production

Environment variable: TCM_MODE

Command-line option: --mode