Configuration
The Tranquil DataTM Trusted Flow Edition is configured via environment variables that all start with the prefiex TRANQUIL. The only required variable is TRANQUIL_ROOT which specifies where durable state is kept.
Core Properties#
Core properties configure basic aspects of the how the service starts and operates.
| Property | Description | Default |
|---|---|---|
TRANQUIL_AUTH_CONFIG_FILENAME |
The (optional) Auth config file | |
TRANQUIL_CONTEXT_STORE |
The type of store to use for the context graph | postgres |
TRANQUIL_ROOT |
The directory where core, durable state is kept |
Valid values for CONTEXT_STORE are local, postgres, or dynamo. If the value is local then all context state will be stored within $TRANQUIL_ROOT/var.
Web Server Properties#
Web server properties dictate how the service exposes web-facing interfaces.
| Property | Description | Default |
|---|---|---|
TRANQUIL_HTTP_PORT |
The port where all UI and API endpoints are exposed | 8890 |
TRANQUIL_HTTPS_CERTIFICATE_FILE |
The (optional) location of a standard PEM-encoded certificate file | |
TRANQUIL_HTTPS_KEY_FILE |
The (optopnal) location of a standard PEM-encoded key for the certificate |
By default, the port exposed at TRANQUIL_HTTP_PORT is a non-secured HTTP interface. If a matching certificate and key file are provided, the network interface is upgraded to an HTTPS interface that runs server-authentication. Note that the service's peer identity is written to files in $TRANQUIL_ROOT/etc and may be used to enable HTTPS, but to use these files you must start the service in HTTP mode, shut it down, and then re-start pointing at the generated files.
Peer Identity
Note that the public key certificate in $TRANQUIL_ROOT/etc isn't only used for HTTPS authentication. It's primarily used as the identity for the peer when it is first provisioned in context. This means that the peer's identity cannot be changed by simply updating the local certificate file, even if you choose to use a new key-pair to secure the web interface.
Postgres Context Store Properties#
If the value of TRANQUIL_CONTEXT_STORE is postgres then these variables are used to interact with the PostgreSQL instance that acts as the Context Store.
| Property | Description | Default |
|---|---|---|
TRANQUIL_CONTEXT_POSTGRES_DATABASE |
The name of the database within the Postgres instance | tranquil_context_db |
TRANQUIL_CONTEXT_POSTGRES_HOST |
The host where the Postgres instance is running | localhost |
TRANQUIL_CONTEXT_POSTGRES_PORT |
The port where the Postgres instance is accessible | 5432 |
TRANQUIL_CONTEXT_POSTGRES_USER |
The user for the database instance | postgres |
TRANQUIL_CONTEXT_POSTGRES_PASSWORD |
The password for the database instance |
DynamoDB Context Store Properties#
If the value of TRANQUIL_CONTEXT_STORE is dynamo then these variables are used to interact with the DynamoDB instance that acts as the Context Store.
| Property | Description | Default |
|---|---|---|
TRANQUIL_CONTEXT_DYNAMODB_REGION |
The AWS region where DynamoDB should be used | |
TRANQUIL_CONTEXT_DYNAMODB_ENDPOINT |
The endpoint where DynamoDB should be accessed | |
TRANQUIL_CONTEXT_DYNAMODB_CRED_KEY_ID |
The Key ID used to access DynamoDB | |
TRANQUIL_CONTEXT_DYNAMODB_CRED_ACCESS_KEY |
The Access Key used to access DynamoDB |
Log and Trace Properties#
Logging and Decision Trace output are configured using the following variables.
| Property | Description | Default |
|---|---|---|
TRANQUIL_AUDIT_CONSOLE_LEVEL |
The log level to output the audit log to console |
panic |
TRANQUIL_AUDIT_FILE_DIRECTORY |
The directory where the audit log is written to files | |
TRANQUIL_AUDIT_FILE_LEVEL |
The log level to output the audit log to files |
info |
TRANQUIL_AUDIT_KAFKA_BROKERS |
A comma-separated set of brokers to use for streaming the audit log | |
TRANQUIL_AUDIT_KAFKA_LEVEL |
The log level to output the audit log to Kafka |
|
TRANQUIL_AUDIT_KAFKA_TOPIC |
The topic where the audit log should be written to Kafka | |
TRANQUIL_LOG_CONSOLE_LEVEL |
The log level to output the main log to console |
info |
TRANQUIL_LOG_FILE_DIRECTORY |
The directory where the main log is written to files | |
TRANQUIL_LOG_FILE_LEVEL |
The log level to output the main log to files |
info |
TRANQUIL_TRACE_CONSOLE_LEVEL |
The trace level to output decision trace to console |
none |
TRANQUIL_TRACE_FILE_DIRECTORY |
The directory where decision trace is written to files | |
TRANQUIL_TRACE_FILE_LEVEL |
The trace level to output decision trace to files |
failures |
TRANQUIL_TRACE_KAFKA_BROKERS |
A comma-separated set of brokers to use for streaming decision trace | |
TRANQUIL_TRACE_KAFKA_LEVEL |
The trace level to output decision trace to Kafka |
|
TRANQUIL_TRACE_KAFKA_TOPIC |
The topic where decision trace should be written to Kafka |
Valid log level values are info, warn, error, and panic. Valid trace level values are none, failures (which includes traces only for rejected or redacted requests), and all.
Change Data Capture Properties#
Change Data Capture output is configured using the following variables.
| Property | Description | Default |
|---|---|---|
TRANQUIL_CHANGE_FILE_NAME |
The absolute file path to write to for file output |
|
TRANQUIL_CHANGE_FILE_OVERWRITE |
Whether to truncate output on service restart | false |
TRANQUIL_CHANGE_KAFKA_BROKERS |
A comma-separated set of brokers to use for streaming CDC | localhost:9092 |
TRANQUIL_CHANGE_KAFKA_TOPIC |
The topic where CDC data should be written for kafka output |
com.tranquildata.cdc.changes |
TRANQUIL_CHANGE_OUTPUT_ANONYMOUS_CONTEXT |
Whether to include anonymous record context in the CDC data | false |
TRANQUIL_CHANGE_OUTPUT_TYPE |
The type of output to use for CDC data | none |
Valid values for TRANQUIL_CHANGE_OUTPUT_TYPE are kafka, file, or none.
Export Properties#
| Property | Description | Default |
|---|---|---|
TRANQUIL_CASSANDRA_BASE_PORT |
The first port to try opening for Cassandra proxies | 9042 |
TRANQUIL_DYNAMODB_BASE_PORT |
The first port to try opening for DynamoDB proxies | 8000 |
TRANQUIL_FHIR_BASE_PORT |
The first port to try opening for FHIR proxies | 8080 |
TRANQUIL_MONGODB_BASE_PORT |
The first port to try opening for MongoDB proxies | 27017 |
TRANQUIL_MYSQL_BASE_PORT |
The first port to try opening for MySQL proxies | 3306 |
TRANQUIL_PIPELINE_BASE_PORT |
The first port to try opening for Pipeline exports | 9000 |
TRANQUIL_POSTGRES_BASE_PORT |
The first port to try opening for Postgres proxies | 5432 |
TRANQUIL_REDIS_BASE_PORT |
The first port to try opening for Redis proxies | 6379 |
TRANQUIL_S3_BASE_PORT |
The first port to try opening for S3 proxies | 8081 |
TRANQUIL_CREATE_DATABASE |
For datastores that serve multiple named databases, whether to create the named database if it doesn't exist | true |
Note that the port numbers here are treated as a starting-point. When a back-end datastore is exported, the local peer will attempt to use the appropriate port. If that port is unavailable, the port one value higher is tried. This is done 128 times in total, until either a port is successfully opened or the attach operation fails.