AMT Control Center Config File
The YAML cc-config.yaml file is used to configure the AMT Control Center. Each key and setting found in this file is described below.
Base Configuration
| Settings | Description | Accepted Values | Examples |
| version | The version of this configuration file. | <version> | version: v1 |
| name | The name of the AMT environment. | <name> | name: AMT Java |
| environment | The description for this AMT environment. | <description> | environment: prod |
Secure Storage
The settings for the Secure Storage provider, which relate to the database settings further down.
| Settings | Description | Accepted Values | Examples |
| vaultType | The vault type used to secure credentials. It is possible to add multiple Secure Storage configurations and use them simultaneously.
|
Azure GCP HashiCorp Custom Simple |
vaultType: Azure |
| azureCredentialType (only for Microsoft Azure) | Only used if 'vaultType' is set to 'Azure'. Set the Azure credential type. |
Environment ... |
azureCredentialType: Environment |
| azureVaultName (only for Microsoft Azure) | Only used if 'vaultType' is set to 'Azure'. Enter the name of the Azure vault. | <key vault name> | azureVaultName: app-keyvault |
| gcpProjectId (only for Google Cloud Platform) | Only used if 'vaultType' is set to 'GCP'. Set the GCP vault ID. | <GCP vault ID> | gcpProjectId: vault-33 |
| securePath (only for HashiCorp) | Only used if 'vaultType' is set to 'HashiCorp'. Set this to the folder path containing the secrets for the HashiCorp Vault. | <folder path> | securePath: "C:\\AMT\HashiCorp" |
| engineVersion (only for HashiCorp) |
Only used if 'vaultType' is set to 'HashiCorp'. '2' is the default value if the engine version is not specified. | 1 2 |
engineVersion: 2 |
| vaultClass (custom) | Optional. Used when vaultType is set to "Custom" to use a custom impelementation. | <vault class> | |
| vaultFilePath | Only used if 'vaultType' is set to 'Simple'. Set this to the file path of the file containing the credentials of the system database. Not recommended for use in production.Also see page: File: Key Vault. |
<folder path> | vaultConfiguration: securePath: "C:\\AMT\SimpleVault\\cc-secrets.txt" |
Authentication
In the sample config file, the client name is "rest" – this can be named anything, as long as it is unique when defining multiple clients.
| Settings | Description | Available Options | Examples |
| type | The type of authentication used. OpenID Connect (OIDC) is the only available option. | OIDC | type: OIDC |
| issuerURL | The URL of the OpenID provider. | <provider url> | issuerURL: https://login.microsoftonline.com/<ID>/v2.0 |
| clientID | The ID of the application registered at the OpenID provider to identify the application when authentication requests are made. | <client ID> | clientID: <client ID> |
| claimUserRoles | Optional, but must be set when using OAuth. |
amt (default) <user roles> |
claimUserRoles: amt |
| claimRolesKey | Must be set when claimUserRoles is set. | <roles key> | claimRolesKey: <key> |
Control Center Node
Settings for the Control Center REST server.
| Settings | Description | Accepted Values | Examples |
| host | The server address of the host of the Control Center. | <ip address or server name> | mode: SINGLE_NODE |
| restPort | Set the REST port of the host. | <port number> | restPort: 9001 |
| httpOnly | If set to True, the system only uses the HTTP protocol for communication between nodes in the cluster. | true false |
httpOnly: false |
Control Center Managed AMT Applications
Add and configure the applications that the Control Center manages.
| Settings | Description | Accepted Values | Examples |
| <application name> | The name of the application to be managed. | <application name> | CUSTOMER_MANAGEMENT |
| host | The server address. | <ip address or server name> | host: 0.0.0.0 |
| gRPCPort | The server port number. | <port number> | gRPCPort: 9090 |
| httpOnly | If set to True, the system only uses the HTTP protocol for communication. Disables TLS if set to true. | true false |
httpOnly: false |
Database Configuration
The Database configuration section. First, the database kind needs to be defined. Use 'systemDatabase' for the Control Center and 'transactionDatabase' for Transactions.
All of the database settings can be stored in the key vault. A dollar sign $ prefixing a value denotes the use of a key stored in the key vault file.
| Settings | Description | Accepted Values | Examples |
| type | Set the type of database. |
POSTGRES (default) ORACLE MSSQL DB2 |
type: POSTGRES |
| name | Enter the name of the System Database. | <system database> |
name: CUSTOMER_MANAGEMENT name: $systemDb name: $transactionDb |
| schema | Enter the name of the Schema of the System Database. The Schema name must be exactly the same as the Database name. | <system database schema> |
schema: CUSTOMER_MANAGEMENT schema: $systemDbSchema schema: $transactionDbSchema |
| username | Set the name of the user authorized to access the System Database. | <username> |
username: amtuser username: $appDbUser |
| password | Set the Password of the user. | <password> |
password: amtpassword password: $appDbPassword |
| driverClassname | Set the driver for the database.
|
org.postgresql.Driver oracle.jdbc.driver com.ibm.db2.jcc.DB2Driver <custom> |
driverClassname: org.postgresql.Driver |
| url | Set the server database URL. This must be configured according to the type of database used:
|
jdbc:postgresql://<Server>:<Port>/<Database> jdbc:oracle://<Server>:<Port>/<TNS> jdbc:db2://<Server>:<Port>/amtsys |
url: jdbc:postgresql://<Server>:<Port>/<Database> |
| hibernateDialect | Set the database dialect for the Hibernate framework.
|
org.hibernate.dialect.PostgreSQLDialect org.hibernate.dialect.DB2Dialect |
hibernateDialect: org.hibernate.dialect.PostgreSQLDialect |
| hibernateShowSql | If set to true, this enables the logging of all the generated SQL statements to the console and a log file. | true false |
hibernateShowSQL: false |
| connectionPoolSize | The maximum number of onnections to the connection pool. | <integer> | connectionPoolSize: 200 |
| lockTimeoutSeconds | The number of seconds before a database is unlocked. | <integer> | lockTimeoutSeconds: 20 |
| lockTimeoutReportsProgramsSeconds | The number of seconds before a database is unlocked. If the lock is not released after the timeout, the report or program will retry several times. | <integer> | lockTimeoutReportsProgramsSeconds: 5 |
| sqlCommandTimeout | The number of seconds for a screen or report to wait for a SQL command to be performed. | <integer> | sqlCommandTimeout: 30 |
| nlsLanguage (Oracle databases only) | Set the language for an Oracle client connection. | <language> | nlsLanguage: AMERICAN |
Sample File
---
####################################################################################################
#
# CONTROL-CENTER CONFIGURATION
# General Control-Center related configuration items.
#
####################################################################################################
version: v1
name: AMT Control Center Java Configuration Template
environment: DEV
####################################################################################################
#
# SECURE STORAGE
# Settings related to the secure storage provider. This ties into the database settings later on.
#
####################################################################################################
secureStorage:
# Secure Storage can be configured in a couple of different ways.
# See the Secure Storage Wiki page for more information.
vaultType: Simple
vaultConfiguration:
vaultFilePath: C:/AMT/cc-secrets.txt
####################################################################################################
#
# AUTHENTICATION CONFIGURATION SECTION
# Settings related to the external authentication provider.
# Defaults are added for a simple KeyCloak setup, if another authentication provider is required,
# then you need to add the correct issuerURL & clientID.
#
####################################################################################################
authentication:
type: OIDC
clients:
rest:
settings:
issuerURL: http://localhost:8080/realms/AMTRealm
clientID: AMT
#claimUserRoles: amt # "oauth". When using OAuth, claimRolesKey and rolemapping needs to be configured
#claimRolesKey: # Key to roles in OAth token. For Azure e.g. it is "groups",
# where for keycloak it is "resource_access;AMT;roles", it is 3 layers deep, using ; separates the keys.
#roleMapping:
#role1: amt_role1
####################################################################################################
#
# SERVER CERTIFICATE CONFIGURATION
# Paths to the server key and certificate (file or classpath resource).
# If not set, the default key and certificate will be loaded from the classpath (/certs/server1.key and /certs/server1.pem)
#
####################################################################################################
serverCertificate:
# Can be a file path or classpath resource.
####################################################################################################
#
# CONTROL-CENTER NODE
# Settings related to the Control-Center REST server.
#
####################################################################################################
node:
host: 0.0.0.0
restPort: 9001
httpOnly: false # Will disable TLS if set to true.
####################################################################################################
#
# SUPPORTED APPLICATIONS
# Configure any application that the Control-Center will be managing.
#
####################################################################################################
applications:
smoketest:
host: localhost
gRPCPort: 8080
httpOnly: false # Will disable TLS if set to true.
####################################################################################################
#
# SYSTEM DATABASE CONFIGURATION
# Settings related to the system database. Values can be keys for the configured key vault
# from the Secure Storage section up above.
#
####################################################################################################
systemDatabase:
type: POSTGRES
settings:
name: amtsystem
schema: amtsystem
username: amtsystem
password: amtsystem
driverClassname: org.postgresql.Driver
url: jdbc:postgresql://localhost/amtsystem
hibernateDialect: org.hibernate.dialect.PostgreSQLDialect
# Uncomment these if you want to override the default values.
#hibernateShowSql: false
#connectionPoolSize: 200
#lockTimeoutSeconds: 20
#lockTimeoutReportsProgramsSeconds: 5
#sqlCommandTimeout: 30
####################################################################################################
#
# TRANSACTION DATABASE CONFIGURATION (ENABLE & USE WHEN CONFIGURING A TRANSACTION DATABASE)
# Settings related to the transaction database. Values can be keys for the configured key vault
# from the Secure Storage section up above.
#
####################################################################################################
#transactionDatabase:
# type: POSTGRES
# settings:
# name: amtsystransaction <Create name>
# schema: amtsystransaction <Create schema>
# username: amtsystransactionUser <username from secrets file>
# password: amtsystransactionPassword <password from secrets file>
# driverClassname: org.postgresql.Driver
# url: jdbc:postgresql://localhost/amtsystransaction
# hibernateDialect: org.hibernate.dialect.PostgreSQLDialect
# # Uncomment these if you want to override the default values.
# #hibernateShowSql: false
# #connectionPoolSize: 200
# #lockTimeoutSeconds: 20
# #lockTimeoutReportsProgramsSeconds: 5
# #sqlCommandTimeout: 30
...