generated from xmidt-org/.go-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
glaukos.yaml
316 lines (285 loc) · 11.8 KB
/
glaukos.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
---
prometheus:
defaultNamespace: xmidt
defaultSubsystem: glaukos
log:
level: debug
development: true
encoderConfig:
messageKey: msg
levelKey: level
servers:
primary:
address: :4200
disableHTTPKeepAlives: true
header:
X-Xmidt-Server:
- glaukos
X-Xmidt-Version:
- development
metrics:
address: :4201
disableHTTPKeepAlives: true
header:
X-Xmidt-Server:
- glaukos
X-Xmidt-Version:
- development
health:
address: :4202
disableHTTPKeepAlives: true
header:
X-Xmidt-Server:
- glaukos
X-Xmidt-Version:
- development
########################################
# Authorization Related Configuration
########################################
# secret contains information for finding the secret on incoming requests. If
# both header and webhook secret are empty, no authentication is done on
# incoming requests to Glaukos. Otherwise, the value at the header provided
# should hold a sha1 hash of the request body. It should be in the format:
#
# Sha1<delimiter><hash>
#
# (Optional)
secret:
# header provides the header key where the hash is expected.
# (Optional)
header: "X-Webpa-Signature"
# delimiter provides the string that is expected between "Sha1" and the hash.
# (Optional)
delimiter: "="
########################################
# Webhook Registration Related Configuration
########################################
# webhook provides the information needed to register to a webhook. If the
# urls and event regex aren't empty and the interval is greater than 0,
# registration occurs.
# (Optional)
webhook:
# registrationInterval provides the time to wait between each registration to
# the webhook. If this is set to 0, no registration is done.
# (Optional)
registrationInterval: "4m"
# timeout provides the length of time the request should wait before timing
# out.
timeout: "1m"
# registrationURL provides the place to register the webhook.
registrationURL: "http://caduceus:6000/hook"
# request provides the information passed in the webhook registration request.
request:
# config provides configuration values for the requests to the webhook
# receiver.
config:
# url provides the server the webhook should send the events to. If this
# value isn't set, no registration happens.
url: "http://glaukos:4200/api/v1/events"
# contentType provides the content type Glaukos expects from the requests
# it receives.
# (Optional) defaults to "wrp"
#contentType: "wrp"
# secret provides the key for hashing the messages the webhook sends.
# If this is empty, no authentication is done later for incoming requests
# to Glaukos.
# (Optional)
secret: "super secret"
# maxRetryCount is the number of times to retry on a failure.
# (Optional)
maxRetryCount: 1
# alternativeURLs provides endpoints to round robin through on a failure
# to send an event. This is only used if the maxRetryCount is greater
# than 0.
# (Optional)
#AlternativeURLs: []
# events provides a list of regular expressions that tells the webhook
# which endpoints to send to Glaukos. If the destination of an event
# matches a regular expression in this list, it is sent to Glaukos
events:
# - ""
# matcher provides regular expressions to match against the event source.
# (Optional) default is [".*"]
# matcher:
# deviceID: [".*"]
# the below configuration values provide a way to add an Authorization header
# to the request to the webhook. If both basic and sat contain empty values,
# no header is sent. sat takes priority over basic if both are set.
# basic provides a way to use Basic Authorization when registering to a
# webhook. If this value is provided and sat isn't, the following header is
# added to the registration request:
#
# Authorization Basic {basic}
#
# (Optional)
basic: "Basic dXNlcjpwYXNz"
# jwt provides a way to use Bearer Authorization when registering to a
# webhook. If the below values are all provided, a request is made to the
# URL to get the token to be used in the registration request. The
# header would look like:
#
# Authorization Bearer {token}
#
# (Optional)
# jwt:
# requestHeaders are added to the request for the token.
# (Optional)
# requestHeaders:
# "": ""
# authURL is the URL to access for the token.
# authURL: ""
# timeout is how long the request to get the token will take before
# timing out.
# timeout: "1m"
# buffer is the length of time before a token expires to get a new token.
# (Optional)
# buffer: "5s"
codex:
address: localhost:7000
# maxRetryCount is the max number of retries when making the request to codex. Retries will be sent every 30 seconds.
maxRetryCount: 0
rateLimit:
# requests is the max number of requests per duration that glaukos should send to codex. If this is 0, then requests
# are not rate-limited.
requests: 1
# tick configures the limits for the time window of the rate limiter.
tick: "1s"
# circuit breaker settings
circuitBreaker:
# The maximum number of requests allowed to pass through when the CircuitBreaker is half-open.
# If MaxRequests is 0, CircuitBreaker allows only 1 request.
maxRequests: 0
# the cyclic period of the closed state for CircuitBreaker to clear the internal Counts.
# If Interval is 0, CircuitBreaker doesn't clear the internal Counts during the closed state.
interval: "2m"
# Timeout is the period of the open state, after which the state of CircuitBreaker becomes half-open.
# If Timeout is 0, the timeout value of CircuitBreaker is set to 60 seconds.
timeout: "1m"
# Number of consecutive failures allowed per interval before circuit breaker switches to open state.
# Must be at least 1
consecutiveFailuresAllowed: 1
auth:
# basic provides a way to use Basic Authorization when registering to a
# webhook. If this value is provided and sat isn't, the following header is
# added to the registration request:
#
# Authorization Basic {basic}
#
# (Optional)
basic: ""
# jwt provides a way to use Bearer Authorization when registering to a
# webhook. If the below values are all provided, a request is made to the
# URL to get the token to be used in the registration request. The
# header would look like:
#
# Authorization Bearer {token}
#
# (Optional)
jwt:
# requestHeaders are added to the request for the token.
# (Optional)
# requestHeaders:
# "": ""
# authURL is the URL to access for the token.
authURL: ""
# timeout is how long the request to get the token will take before
# timing out.
timeout: "1m"
# buffer is the length of time before a token expires to get a new token.
# (Optional)
buffer: "5s"
queue:
# queueSize provides the maximum number of events that can be added to the
# queue. Once events are taken off the queue, they are parsed for metrics.
# If a value below 5 is chosen, it defaults to 5.
# (Optional) defaults to 5
queueSize: 5
# maxWorkers provides the maximum number of workers parsing events at a
# time. If a value below 5 is chosen, it defaults to 5.
# (Optional) defaults to 5
maxWorkers: 5
# eventMetrics deals with various settings for parsers used to parse metrics from incoming events
eventMetrics:
# birthdateValidFrom is a negative time duration used when checking if an incoming event's birthdate is valid or not.
# A birthdate is deemed valid if it is between (current time - birthdateValidFrom) and (current time + birthdateValidTo).
# If a birthdate is deemed invalid, it will be replaced with the current time.
birthdateValidFrom: "-12h"
# birthdateValidTo is a positive time duration used when checking if an incoming event's birthdate is valid or not.
# A birthdate is deemed valid if it is between (current time - birthdateValidFrom) and (current time + birthdateValidTo).
# If a birthdate is deemed invalid, it will be replaced with the current time.
birthdateValidTo: "1h"
# rebootDurationParser details the configuration for the reboot duration parser
rebootDurationParser:
# eventValidators are validators that validate each event from the last cycle.
eventValidators:
# boot-time-validation validates that the boot-time is within a certain time frame
- key: "boot-time-validation"
bootTimeValidator:
validFrom: "-8766h" # 1 year
validTo: "1h"
minValidYear: 2015
# valid-event-type validates that the event destination has an event type that is part of the validEventTypes list
- key: "valid-event-type"
validEventTypes:
- "reboot-pending"
- "offline"
- "online"
- "operational"
- "fully-manageable"
# min-boot-duration validates that a timestamp in an event's destination is at least a certain amount of time after the boot-time
- key: "min-boot-duration"
minBootDuration: "10s"
# birthdate-alignment validates that a timestamp in an event's destination is within certain time frame of the birthdate
- key: "birthdate-alignment"
birthdateAlignmentDuration: "60s"
# consistent-device-id validates that all device id occurances in an event's destination, metadata, and source are consistent
- key: "consistent-device-id"
# cycleValidators are validators that validate a list of events (a cycle). There are two types of cycles that will be
# validated: events with the boot-time just before the current event's boot-time and the cycle containing reboot events.
# cycleType options: boot-time or reboot
# boot-time: informs glaukos that this validator should validate events from the last cycle only
# reboot: informs glaukos that this validator should validate reboot events only
cycleValidators:
# consistent-metadata checks that the metadata values for the keys listed are the same among a cycle
- key: "consistent-metadata"
cycleType: "boot-time"
metadataValidators:
- "/hw-mac"
- "/hw-manufacturer"
- "/hw-model"
- "/hw-serial-number"
- "/partner-id"
- "/fw-name"
- "/hw-last-reboot-reason"
- "/webpa-protocol"
# unique-transaction-id ensures that all the transaction uuids in a cycle are unique
- key: "unique-transaction-id"
cycleType: "boot-time"
# session-online ensures that every session id in a cycle has an online event
- key: "session-online"
cycleType: "boot-time"
# session-offline ensures that every session id in a cycle has an offline event
- key: "session-offline"
cycleType: "boot-time"
# event-order validates that a cycle has the given events in the proper order. The cycle
# will be sorted from decending boot-time, followed by birthdate.
- key: "event-order"
cycleType: "reboot"
eventOrder:
- "fully-manageable"
- "operational"
- "online"
- "offline"
- "reboot-pending"
# timeElapesdCalculations are the events that time elapsed durations should be calculated for and added to a histogram.
# Time elapsed refers to the time duration between the fully-manageable event and another event.
timeElapsedCalculations:
# name refers to the name of the histogram metric. There cannot be duplicates in the list,
# and 'boot_to_mangeable' is already taken by another metric.
- name: "reboot_to_manageable"
# sessionType refers to which session glaukos should use when searching for the event
# options: previous or current
# previous refers to the cycle with the previous boot-time, while current refers to the cycle with the current boot-time.
sessionType: "previous"
# eventType is the event that glaukos should look for
eventType: "reboot-pending"