Server configuration

Dropwizard 1.0 is used to start and configure Jetty and to parse and validate the command line and configuration file. This is only mentioned here as the Dropwizard Configuration Reference lists and explains the base settings that can be used in the configuration file.

Changed in version 4.7: The Dropwizard version was updated from 0.7.1 to 1.0.

Environment variables

Environment variables can be used in the YAML configuration file.

For example:

database:
  driverClass: org.postgresql.Driver
  url: jdbc:postgresql://${DATABASE_HOST}/${DATABASE_NAME}
  user: ${DATABASE_USER}
  password: ${DATABASE_PASSWORD}

Additional settings

In addition, the following properties are supported:

database

New in version 4.6.

  • type: If this is a master/read-write or read-only database. Either master (default), read_only_replica, read_only_snapshot.

api

New in version 4.6.

  • requestLogging: If request logging is enabled. Default is true.
  • searchHistory: If search history is updated with new searches. Default is true.
  • openApi2Compatible: Allows query parameters to be used even when matrix parameters are expected. Default is false.

secrets

New in version 4.7.

The location of external private keys and credentials. Used to authenticate against storages and other endpoints. See Storage credentials for more information. Example:

secrets:
  keyStore:
    path: /env/vidispine/server.keystore
    password: changeit
  vault:
    address: http://vault.example.com:8200
    token: 2262e94c-39c3-b9a8-605d-f0450dfc558b
    keyPrefix: secret/
  file:
    path: /etc/secrets/

Java KeyStore

Java Keystore containing private keys.

  • keyStore:
    • path: The path to the Java keystore.
    • password: The key store password.

Vault

A Hashicorp Vault server storing private keys and credentials. Private keys will be read from the private_key field. Usernames and passwords from the username and password fields respectively.

  • vault:
    • address: The HTTP URL to the Vault server.
    • token: The Vault access token.
    • keyPrefix: Optional prefix to use with all aliases.

Local file system

Read private keys and credentials from files on the local file system.

Private keys will be read from the file with the same name as the private key alias. Usernames and passwords will be read from the files username and password from the directory with the same name as the alias.

  • file:
    • path: The directory containing secret files.

broker

Configures how to connect to ActiveMQ.

  • user: The user to authenticate as.
  • password: The password to authenticate using.
  • url: Default is “tcp://localhost:61616”.
  • embeddedBroker: The broker URI to use to start an embedded broker. For example “broker:(tcp://localhost:61616)”. Default is “” (no embedded broker).

Note

If you are using embedded ActiveMQ with KahanDB, the KahanDB journal log could keep growing if there are expired messages in the queue “ActiveMQ.DLQ”.

To fix this, you will need to enable jmx in the broker URI , and purge the queue manually using activemq-admin.

embeddedBroker: broker:(tcp://localhost:61616)?usekahadb=true&kahadb.directory=/path/to/db/&persistent=true&useJmx=true
./activemq-admin -Dactivemq.jmx.url=service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi purge ActiveMQ.DLQ

Or setup a standalone ActiveMQ instance, and set processExpired=”false”

http://activemq.apache.org/message-redelivery-and-dlq-handling.html

ejbPool

These settings configures the stateless container in OpenEJB. They are explained in more detail at http://tomee.apache.org/containers-and-resources.html.

  • maxSize: The maximum number of beans in the stateless bean pool. Default is 10.
  • idleTimeout:
  • strictPooling: If the pool may NOT grow larger then maxSize. Default is false.

cluster

  • bindAddress: The address to bind on, as an IP address or hostname. Default is 127.0.0.1.
  • bindPort: The port to bind on. Default is 7800.
  • bindPortRange: The range of ports to try in case bindPort is taken. Default is 30.
  • externalAddress: The address to publish to members in the cluster. Default is bindAddress.
  • externalPort: The port to publish to members in the cluster. Default is the port that was bound on.

services

New in version 4.9.

Background tasks, such as jobs and storage polling, are executed in the background by internal services in Vidispine.

The services that are allowed to run on this server instance can be configured using the enabled or disabled settings. These are mutually exclusive, meaning that you cannot specify both services to enable and disable at the same time.

  • services:
    • enabled: The services that are allowed to run on this instance. All other services will not be allowed to run.
    • disabled: The services that are not allowed to run on this instance. All other services will be allowed to run.

The following values are supported:

  • all: All services in the system.
  • job: The services that execute Vidispine jobs.
  • The name of a specific Vidispine service.

For example, an instance that should only serve API requests could be configured using:

services:
  disabled: all

httpClient

New in version 4.15.

These settings configure how HTTP requests are made. This includes requests made to for example:

  • Storages using HTTP/HTTPS
  • HTTP notification endpoints
  • Transcoders
  • Vidinet

TLS

Configure the server certificates to trust (the trust store) and the client certificates and keys to use (the key store) when using TLS client authentication.

Note that, if no tls field is present in the configuration file, then by default all server certificates will be trusted. However, if a tls fields is defined then the defaults defined in the configuration reference apply (trustSelfSignedCertificates=false for example).

For example:

httpClient:
  tls:
    keyStorePath: /etc/vidispine/keystore.jks
    keyStorePassword: ueLom5Oh
    trustStorePath: /etc/vidispine/truststore.jks
    trustSelfSignedCertificates: true