Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Configuration

This is a high-level guide for how to configure openDuT applications, including useful tips and tricks.

Setting values

The configuration can be set via environment variables or by manually creating a configuration file, e.g. under /etc/opendut/carl.toml.

The environment variables use the TOML keys from the configuration file in capital letters, joined by underscores and prefixed by the application name. For example, to configure network.bind.host in CARL, use the environment variable OPENDUT_CARL_NETWORK_BIND_HOST.

See the end of this file for the configuration file format.

TLS certificates

When configuring a TLS certificate/key, you can provide either a file path or the text of the certificate directly. The latter is useful in particular when working with environment variables.

You can provide separate CA certificates for individual backend services, namely OpenTelemetry, NetBird and OIDC. If you do not do so, the CA certificate from network.tls.ca will be used as the default.

Log level

You can configure the log level via the environment variable OPENDUT_LOG.
For example, to only show INFO logging and above, set it as OPENDUT_LOG=info.
For more fine-grained control, see the documentation here: https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#directives

Configuration file format

These are example configurations of the different applications, together with their default values.

CARL

[network]
bind.host = "0.0.0.0"
bind.port = 8080
remote.host = "localhost"
remote.port = 8080

[network.tls]
enabled = true
certificate = "/etc/opendut/tls/carl.pem"
key = "/etc/opendut/tls/carl.key"
ca = "/etc/opendut/tls/ca.pem"

[network.oidc]
enabled = false

[network.oidc.client]
id = "tbd"
secret = "tbd"
# issuer url that CARL uses
issuer.url = "https://auth.opendut.local/realms/opendut/"
# issuer url that CARL tells the clients to use (required in test environment)
issuer.remote.url = "https://auth.opendut.local/realms/opendut/"
issuer.admin.url = "https://auth.opendut.local/admin/realms/opendut/"
scopes = ""

[network.oidc.client.tls]
ca = ""

[network.oidc.client.tls.client.auth] #mTLS
enabled = false
certificate = ""
key = ""


[network.oidc.lea]
client.id = "opendut-lea-client"
issuer.url = "https://auth.opendut.local/realms/opendut/"
scopes = "openid,profile,email"

[persistence]
enabled = false

[persistence.database]
file = ""

[peer]
disconnect.timeout.ms = 30000
can.server_port_range_start = 10000
can.server_port_range_end = 20000
ethernet.bridge.name.default = "br-opendut"

[serve]
ui.directory = "opendut-lea/"

[vpn]
enabled = true
kind = ""

[vpn.netbird]
url = ""
ca = ""
auth.type = ""
auth.secret = ""
# only for OIDC
auth.issuer = ""
auth.username = "netbird"
auth.password = ""
auth.scopes = ""
# retry requests to the NetBird API
timeout.ms = 10000
retries = 5
setup.key.expiration.ms = 86400000

[logging.pipe]
enabled = true
stream = "stdout"

[opentelemetry]
enabled = false
collector.endpoint = ""
service.name = "opendut-carl"

[opentelemetry.tls]
ca = ""

[opentelemetry.tls.client.auth] #mTLS
enabled = false
certificate = ""
key = ""

[opentelemetry.metrics]
interval.ms = 60000
cpu.collection.interval.ms = 5000

EDGAR

[carl]
disconnect.timeout.ms = 30000

[peer]
id = ""

[network]
carl.host = "localhost"
carl.port = 8080
connect.retries = 10
connect.interval.ms = 5000

[network.tls]
ca = "/etc/opendut/tls/ca.pem"
domain.name.override = ""

[network.tls.client.auth] #mTLS
enabled = false
certificate = "/etc/opendut/tls/client-auth.pem"
key = "/etc/opendut/tls/client-auth.key"

[network.oidc]
enabled = false

[network.oidc.client]
id = "opendut-edgar-client"
issuer.url = "https://auth.opendut.local/realms/opendut/"
scopes = "openid,profile,email"
secret = "<tbd>"

[network.oidc.client.tls]
ca = ""

[network.oidc.client.tls.client.auth] #mTLS
enabled = false
certificate = ""
key = ""


[network.interface.management]
enabled = true

[vpn]
enabled = true

[vpn.disabled]
remote.host = ""

[logging.pipe]
enabled = true
stream = "stdout"

[opentelemetry]
enabled = false
collector.endpoint = ""
service.name = "opendut-edgar"

[opentelemetry.tls]
ca = ""

[opentelemetry.tls.client.auth] #mTLS
enabled = false
certificate = ""
key = ""

[opentelemetry.metrics]
interval.ms = 60000
cpu.collection.interval.ms = 5000

[opentelemetry.metrics.cluster]
ping.interval.ms = 30000
target.bandwidth.kilobit.per.second = 100_000
rperf.backoff.max.elapsed.time.ms = 120000

CLEO

[network]
carl.host = "localhost"
carl.port = 8080

[network.tls]
ca = "/etc/opendut/tls/ca.pem"
domain.name.override = ""

[network.tls.client.auth] #mTLS
enabled = false
certificate = "/etc/opendut/tls/client-auth.pem"
key = "/etc/opendut/tls/client-auth.key"


[network.oidc]
enabled = false

[network.oidc.client]
id = "opendut-cleo-client"
issuer.url = "https://auth.opendut.local/realms/opendut/"
scopes = "openid,profile,email"
secret = "<tbd>"

[network.oidc.client.tls]
ca = ""

[network.oidc.client.tls.client.auth] #mTLS
enabled = false
certificate = ""
key = ""

[logging.pipe]
enabled = true
stream = "stderr"