OKA Parameter Reference

Here are all the parameters that can be configured to customize the OKA. They can be specified in the ${OKA_INSTALL_DIR}/config/oka/oka.yaml file:

Core Settings

  • secret_key: "yourawesomeksecretkey" A secret key. This is used to provide cryptographic signing, and should be set to a unique, unpredictable value.

  • allowed_hosts: [localhost, 127.0.0.1] A list of the host/domain names as string that this OKA site can serve.

  • csrf_trusted_origins: [] A list of the host/domain names as string (/!must start with a http:// or https://) that will be trusted when serving OKA through a proxy. See Django documentation for more info.

  • authentication_method: OKA The authentication method to use for user authentication.

  • license_file: "/path/to/license/license.lic" Absolute path to license file. By default it will be "${OKA_INSTALL_DIR}/license/license.lic".

  • debug: true | false A boolean that turns on/off debug mode.

  • oka_user: User running the OKA processes.

Databases

PostgreSQL

  • postgresql:

    • name: "oka_db" Name of the PostgreSQL database for OKA.

    • user: "oka" PostgreSQL username for OKA.

    • password: "okapwd" PostgreSQL password for the OKA user.

    • host: "localhost" Host of PostgreSQL database.

    • port: 5432 Port PostgreSQL is listening on.

Elasticsearch

Note

See documentation

  • elasticsearch:

    • host: "http://127.0.0.1:9200" Elasticsearch URL with protocol scheme.

    • user: A string to specify the username to used when attempting to connect to Elasticsearch.

    • password: A string to specify the password to used when attempting to connect to Elasticsearch.

    • ssl_show_warn: false A boolean that specify whether or not to show warning upon SSL connection.

    • verify_certs: false A boolean to specify whether or not certificate will be verified.

    • ca_cert_path: A path to the Certificate Authority (CA) certificate.

    • client_cert_path: A path to the TLS client certificate file.

    • client_key_path: A path to the TLS client key file.

Caching

  • session_timeout: 3600 An integer value used to specify how long before a user is automatically logged out of OKA (in seconds).

  • cache_duration: 10800 Cache duration in seconds.

  • main_cache:

    • backend: Backend and location of the main cache. Default is set on DatabaseCache.

    • location: Cache location/table name for the backend.

REST API

  • rest_api:

    • access_token_lifetime: 1 An integer value used to determine how many days the access token lifetime will be valid.

    • refresh_token_lifetime: 30 An integer value used to determine how many days the refresh token lifetime will be valid.

Celery

  • celery:

    • broker_url: "amqp://localhost" A string value used to specify the URL of the broker that will be used by Celery.

Authentication Method: LDAP

When using LDAP authentication, configure the following parameters:

  • ldap:

    • server_uri: A string value specifying the URI of the LDAP server. Example: ldap://0.0.0.0:1389.

    • bind_dn: A string value representing the distinguished name (DN) for binding to the LDAP directory. Example: "cn=admin,dc=example,dc=com".

    • bind_password: A string value used as the password to authenticate the LDAP bind DN. Example: "adminpassword".

    • search_base: A string value specifying the base DN for user searches in the LDAP directory. This should correspond to the organizational unit where user accounts are stored. Example: "ou=People,dc=example,dc=com".

    • username_field: A string value representing the LDAP attribute field used for username lookups. By default, mail is a common choice. Example: "mail" or "uid". Default: "mail"

    • groups:

      • search_base: A string value specifying the base DN for group searches in the LDAP directory. This should correspond to the organizational unit where groups are stored. Example: "ou=Group,dc=example,dc=com".

      • search_filterstr: A string value representing the LDAP attribute field to use when searching groups. Example: "(objectClass=group)" or "(cn=*)". Default: "(objectClass=group)".

      • required: A string representing a list of authorized groups specified with their full description and separated by a semicolon. Access will be granted if user is part of at least one of the groups (OR operator is applied). Example: "cn=enabled,ou=groups,dc=example,dc=com;cn=also_enabled,ou=groups,dc=example,dc=com". Default: None

Feature Flags

  • features:

    • block_admin_panel: false A boolean used to block admin panel access.

    • block_custom_dataenhancer: false A boolean used to block the use of “custom” Data Enhancer.

    • block_category_buttons: false A boolean used to block the switch performance / cost / energy buttons.

    • block_forgot_password: false A boolean used to block the forgot password button.

    • block_cron_scheduled_task: true A boolean used to block scheduled task from running automatically by default in cron mode when they are created.

    • allowed_js_ingestion_type: "*" Comma separated values used to specify the available ingestion types options provided to the user while creating a cluster.

      • "LOCAL": Local job scheduler command execution

      • "FILE": Local reading of file(s)

      • "FORWARDED_PWD": Command execution remotely forwarded through SSH, login with a password

      • "FORWARDED_KEYFILE": Command execution remotely forwarded through SSH, login with an ssh key file

      • "*": Select any of the previous type when creating a cluster.

Example

Below is an example of oka.yaml configuration.

oka.yaml
 1# Core settings
 2oka_user: oka_user
 3secret_key: yourinstallsecretkey
 4allowed_hosts:
 5  - localhost
 6  - 127.0.0.1
 7csrf_trusted_origins: []
 8authentication_method: OKA
 9license_file: /opt/oka/license/license.lic
10debug: false
11
12# Database configuration
13postgresql:
14  name: oka_db
15  user: oka
16  password: okapwd
17  host: localhost
18  port: 5432
19
20# Elasticsearch configuration
21elasticsearch:
22  host: http://127.0.0.1:9200
23  ssl_show_warn: false
24  verify_certs: false
25  user: null
26  password: null
27  ca_cert_path: null
28  client_cert_path: null
29  client_key_path: null
30
31# Celery configuration
32celery:
33  broker_url: amqp://localhost
34
35
36# REST API configuration
37rest_api:
38  access_token_lifetime: 1
39  refresh_token_lifetime: 365
40
41# Feature flags
42features:
43  block_admin_panel: false
44  block_custom_dataenhancer: false
45  block_category_buttons: false
46  block_forgot_password: false
47  block_cron_scheduled_task: true
48  allowed_js_ingestion_type: '*'
49
50
51# Session and cache
52session_timeout: 3600
53cache_duration: 10800
54main_cache:
55  backend: django.core.cache.backends.db.DatabaseCache
56  location: oka_cache_table
57
58# LDAP configuration (optional, uncomment if using LDAP authentication)
59# ldap:
60#   server_uri: ldap://ldap.example.com
61#   bind_dn: cn=admin,dc=example,dc=com
62#   bind_password: ldappassword
63#   search_base: ou=users,dc=example,dc=com
64#   username_field: mail
65#   groups:
66#     search_base: ou=Group,dc=example,dc=com
67#     search_filterstr: (objectClass=group)
68#     required: "cn=enabled,ou=groups,dc=example,dc=com;cn=also_enabled,ou=groups,dc=example,dc=com"

Administrator panels.