Configuring the properties of Setup.cfg file

Before running any application of Docker run commands, you must configure some of these properties. The set of properties that needs to be configured are listed in the respective deployment topics.

Ensure not to provide localhost or any other loopback interface IP. For example, 127.0.0.1 as part of the host information.
Attention: If you modify any property in the Setup.cfg file, ensure to restart the container.

The property values must be enclosed in double quotation marks to prevent parsing errors that are caused by special characters. For all the properties, suffix * and # symbols. The * refers to mandatory property and # indicates that a default value is set for the property.

Important: To prevent unauthorized access, ensure to secure the Setup.cfg file because it contains database credentials and keystore password. This file is required by the IBM PEM service components during the docker run or docker start command. You can unmount or remove and secure the file after the docker container has either started successfully or completed successfully. However, this file is again required during the docker run or docker start command.

The following table describes the properties of the Setup.cfg file:

Property Values Description
Image license information    
accept_license Valid values are true or false. Set true to accept the license and start the docker container.

To view the image license information, refer to View the image license information topic.
Database and SSL properties that are common to all the applications    
db_type Default is not set.

Valid values = DB2 or oracle

 Specify the database type that you are using to set up the application.
ssl_connection Default = false

Valid values are true or false.

 Set the value to true, if you want to set up SSL connection between the application servers and database.
Database configuration parameters that are common to master database schema (PEM Portal,PEM Partner Repository, PEM Partner Provisioner, Purge, Migrator, and Agent)    
db_port Default is not set. Specify the database port number for the master database schema.
db_host Default is not set. Specify the database host name or IP address for the master database schema.
db_name Default is not set. Specify the database name for master database schema.

For oracle database, specify the service name and not SID of the database schema.
db_schema Default is not set. Specify the schema name for the master database schema.
Note: The schema name for the database is case-sensitive and must be in uppercase.
db_user Default is not set. Specify the database user name to connect to the master database schema.
Note: The database user name is case-sensitive. Therefore, ensure to enter the user name in the correct case.
db_password Default is not set. Specify the database password to connect to the master database schema.
Note: The database password is case-sensitive. Therefore, ensure to enter the password in the correct case.
db_driver Default is not set. Specify the corresponding driver details for oracle or DB2 depending on the db_type that is selected. For example, for oracle, set the value of db_driver to oracle.jdbc.OracleDriver. For DB2, set com.ibm.db2.jcc.DB2Driver.
db_sslTrustStoreName Default is not set. Specify the SSL keystore file name for the master database schema. For example, truststore.jks in the format of .jks.

To establish an SSL connection to the master database schema, specify the keystore file name. However, it is not required while establishing a non-SSL connection to the master database schema.
db_sslTrustStorePassword Default is not set. Specify the SSL keystore password for the master database schema.
db_max_pool_size Default = 500 Specify the maximum number of database pool connections.
db_min_pool_size Default = 5 Specify the minimum number database pool connections.
db_aged_timeout Default = 1440m

Here, m refers to minutes.

 The time taken before a physical connection can be discarded by pool maintenance.
db_max_idle_time Default = 1440m

Here, m refers to minutes.

 Amount of time after which an unused or idle connection can be discarded during pool maintenance.
Database configuration parameters that are common to test mode database schema (PEM Portal, PEM Partner Provisioner, and Migrator)    
test mode_db_port Default is not set. Specify the database port number for the test mode database schema.
test mode_db_host Default is not set. Specify the database host name or IP address for the test mode database schema.
test mode_db_name Default is not set. Specify the database name for the test mode database schema.

For oracle database, specify the service name and not SID of the database schema.
test mode_db_schema Default is not set. Specify the schema name for the test mode database schema..
Note: The schema name is case-sensitive. Therefore, ensure to enter the schema name for the database in the correct case.
test mode_db_user Default is not set. Specify the database user name to connect to the test mode database schema.
Note: The database user name is case-sensitive. Therefore, ensure to enter the user name in the correct case.
test mode_db_password Default is not set. Specify the database password to connect to the test mode database schema.
Note: The database password is case-sensitive. Therefore, ensure to enter the password in the correct case.
test mode_db_driver Default is not set. Specify the corresponding driver details for oracle or DB2 depending on the db_type that is selected. For example, for oracle, set the value of db_driver to oracle.jdbc.OracleDriver. For DB2, set com.ibm.db2.jcc.DB2Driver.
test mode_db_sslTrustStoreName Default is not set. Specify the SSL keystore file name for the test mode database schema. For example, truststore.jks in the format of .jks.

To establish an SSL connection to the test mode database schema, specify the keystore file name. However, it is not required while establishing a non-SSL connection to the test mode database schema.
test mode_db_sslTrustStorePassword Default is not set. Specify the SSL keystore password for the test mode database schema.
test mode_db_max_pool_size Default = 500 Specify the maximum number of database pool connections.
test mode_db_min_pool_size Default = 5 Specify the minimum number of database pool connections.
test mode_db_aged_timeout Default = 1440m

Here, m refers to minutes.

 Specify the interval in minutes before a physical connection is discarded.
test mode_db_max_idle_time Default = 1440m

Here, m refers to minutes.

 Specify the interval in minutes after which an unused or idle connection is discarded.
Enabling or disabling HTTP that is common to PEM Portal, PEM Partner Repository, and PEM Partner Provisioner    
JVM details that are common to PEM Portal, PEM Partner Repository, and PEM Partner Provisioner    
servers.jvm_options Default is not set. The list of JVM options for the servers, and separated by space. For example, servers.jvm_options="-Xms4g -Xmx4g".

It is recommend that you add the following JVM options for Garbage Collection (GC) information and JVM to generate heapdumps on any out-of-memory conditions:

-XX:+HeapDumpOnOutOfMemoryError -verbose:sizes -Xverbosegclog:logs/verbosegc.%Y%m%d.%H%M%S.%pid.txt

Note: By default, the container JVMs time zone is set to GMT. Therefore, the JVM option for user time zone parameter, -Duser.timezone is not considered even if you have specified the required time zone in servers.jvm_options.
Server details that are common to PEM Portal, PEM Partner Repository, and PEM Partner Provisioner    
servers.keystore_password Default is not set. Specify the server's keystore password.
servers.keystore_alias Default is not set. Specify the server's keystore alias.
servers.keystore_filename Default is not set. Specify the keystore file name in the format of .jks.
servers.enabled_ciphers Default is not set Specify a solitary cipher or space-delimited list of ciphers to use for encrypted SSL communication. PEM supports all relevant ciphers supported by the IBM JDK. This parameter is required to use Elliptical Curve (EC) certificates.
servers.ssl_protocol Default is not set. Specify the SSL protocol, which is required to use Elliptical Curve (EC) certificates. Partner Engagement Manager supports Elliptical Curve (EC) certificates using the SSL_TLSv2 and TLSv1.2 protocols only.
Server log details that are common to PEM Portal, PEM Partner Repository, and PEM Partner Provisioner    
servers.max_file_size Default = 100 The maximum size (in MB) that a log file can reach before it is rolled.
servers.max_files Default = 20 If an enforced maximum file size exists, this setting is used to determine how many roll over logs files are maintained.
servers.console_log_level Default = INFO Specify the console log level. The valid values are INFO, AUDIT, WARNING,ERROR, and OFF.

This property is mandatory for an application to start. So, ensure that the value is not blank.
servers.trace_specification Default = "*=info" Specify the trace specification.

This property is mandatory for an application to start. So, ensure that the value is not blank.

CAUTION:
Contact IBM support before you modify the default value.
Enable Java Messaging Service (JMS) feature that is common to PEM Partner Repository and PEM Partner Provisioner    
servers.enable_jms_features Valid values =
For PEM Partner Repository
  • embdClientOnly
  • wmqClientOnly
For PEM Partner Provisioner
  • embdClientOnly
  • embdServerAndClientOnly
  • wmqClientOnly
 If you are using embedded JMS to communicate between PEM Partner Repository and PEM Partner Provisioner, use the following embedded server and client settings:
  • To enable embedded JMS for PEM Partner Repository, set servers.enable_jms_features=embdClientOnly
  • To enable embedded JMS for PEM Partner Provisioner, set servers.enable_jms_features=embdClientOnly for client only and servers.enable_jms_features=embdServerAndClientOnly for server and client.

If you are using WebSphere MQ as your JMS provider to communicate between PEM Partner Repository and PEM Partner Provisioner, set servers.enable_jms_features=wmqClientOnly.

If you choose WebSphere MQ as your JMS provider for PEM Partner Repository and PEM Partner Provisioner integration setup, ensure that the WMQ server is running and the queues are created in WMQ. In this case, both PEM Partner Repository and PEM Partner Provisioner act as JMS clients.

If you choose embedded JMS for PEM Partner Repository and PEM Partner Provisioner integration setup, do the following:
  • For PEM Partner Repository, set servers.enable_jms_features=embdClientOnly
  • For PEM Partner Provisioner, set servers.enable_jms_features=embdServerAndClientOnly if PEM Partner Provisioner hosts the JMS server and also acts as a server and client based on your JMS deployment.
  • For PEM Partner Provisioner, set servers.enable_jms_features=embdClientOnly if PEM Partner Provisioner acts only as a client based on your JMS deployment.

For more information about the JMS server or JMS client deployment, see JMS Deployment.
Embedded JMS queue names that are common to PEM Partner Repository and PEM Partner Provisioner    
servers.provisioner_request_queue Default is not set. Specify the request queue name, which is used for communication between PEM Partner Provisioner and PEM Partner Repository using embedded JMS. Ensure that the queue name is same for both the service components.

For more information, see JMS Deployment.
servers.provisioner_response_queue Default is not set. Specify the response queue name, which is used for communication between PEM Partner Provisioner and PEM Partner Repository using embedded JMS. Ensure that the queue name is same for both the service components.

For more information, see JMS Deployment.
servers.remote_server_ssl Valid values are true or false. Specify true for SSL (BootstrapSecureMessaging) and false for non-SSL (BootstrapBasicMessaging).
servers.remote_server_host Default is not set. Specify the remote JMS server host.
servers.remote_server_port Default is not set. Specify the exposed JMS port number while deploying Partner Provisioner as a JMS server.

Configure this property before you deploy PEM Partner Repository or PEM Partner Provisioner.
Optional. WMQ details that are common to Partner Repository, and Partner Provisioner   If you are using WMQ as your JMS provider.
servers.channel Default is not set. Specify the WebSphere MQ channel name.
servers.connection_name_list Default is not set. Specify the WebSphere MQ connection list separated by comma. For example, 9.89.31.226 (19443), 9.77.53.126 (17286). This example is valid for a WebSphere MQ setup with HA (High Availability).

For WMQ without HA, it can be a single <host_name or IP>:<port_number>.
servers.queue_manager Default is not set. Specify the WebSphere MQ queue manager.
servers.username Default is not set. Specify the WebSphere MQ user name.
servers.password Default is not set. Specify the WebSphere MQ password.
servers.wmq_provisioner_request_queue_manager Default is not set. Specify the WebSphere MQ request queue manager.
servers.wmq_provisioner_response_queue_manager Default is not set. Specify the WebSphere MQ response queue manager.
servers.wmq_provisioner_request_queue_name Default is not set. Specify the WebSphere MQ request queue name.
servers.wmq_provisioner_response_queue_name Default is not set. Specify the WebSphere MQ response queue name.
servers.ssl_cipher_suite Default is not set. Specify a valid SSL cipher suite.

If SSL is enabled on the WebSphere MQ connection channel, provide the SSL cipher suite corresponding to the SSL cipher specifications configured on the WebSphere MQ connection channel.
Purge Tool properties    
purge.name Default = purge123 Specify the purge tool name.

This property prevents two users who specify the same purge name from purging the records simultaneously. This property is mandatory. So, ensure that the value is not blank.
purge.number_of_purge_days Default = 180 Specify the number of retention days before the current date for which the records need to be purged. Only those records that qualify are purged. For example, if you specify 60 days, records that are present before 60 days from the current date and satisfy the purge criteria are purged.
purge.purge_count Default = 1 Specify the number of records to be purged in a batch.
Important: Do not update the value of this property to a value greater than 1. If you want to modify the value, contact IBM Support.
purge.sponsor_context Default = b2b Specify the sponsor context. This property is mandatory. So, ensure that the value is not blank.

For more information, see Sponsor context.
purge.no_of_db_connections Default = 50 Specify the maximum number of pooled connections that are allowed to the database from the Purge tool.
purge.resource_to_purge Default = SPONSOR Specify the resource for which you want to purge.
  • Sponsor - purge.resource_to_purge="SPONSOR".
  • Sponsor user - purge.resource_to_purge="SPONSOR_USER".
  • Partner - purge.resource_to_purge="PARTNER"
  • Third party processor - purge.resource_to_purge="TPP" .
  • Third party processor user - purge.resource_to_purge="TPP_USER" .
  • Partner user - purge.resource_to_purge="PARTNER_USER"
purge.resource_to_purge_key Default is not set. Specify the resource key of sponsor user, partner, partner user, third party processor, or third party processor user for which you want to purge data. This property is not required to purge data for sponsor.
purge.purge_strategy Default = ARCHIVE Specify the strategy to delete or archive data of the resource.
  • To delete data of the resource by not saving any backup data in the database, set purge_strategy=DELETE.
  • To delete data of the resource from the application and save in the database, set purge_strategy=ARCHIVE.
purge.purge_strategy.data_scope Default = DELETED_DATA Specify the strategy to delete or archive only the deleted data or all data of the resource.
  • To delete or archive all data, set purge_strategy.data_scope="ALL_DATA".
  • To delete or archive deleted data, set purge_strategy.data_scope="DELETED_DATA".
purge.target_db_is_same_as_source_db Default = false Enable or disable the option to set the same source and target database schemas.
  • true - Set this property to true to use the same source and target database schemas.
  • false - Set this property to false to use different source and target database schemas.
    If this property is set to false, configure the following properties:
    • Specify the values for the following properties for the target database schema. These properties enable you to start the Purge docker container.
      • purge.target_db_port
      • purge.target_db_host
      • purge.target_db_name
      • purge.target_db_schema
      • purge.target_db_user
      • purge.target_db_password
      • purge.target_db_driver
    • Specify the keystore/truststore file name that contains the public certificate and password of the target purge database schema. Copy the keystore/truststore (.jks file) to the <mount location>/resources/security folder.
      • purge.target_db_sslTrustStoreName
      • purge.target_db_sslTrustStorePassword
purge.target_db_type Default is not set. Specify the type of purge target database as DB2 or Oracle.
purge.target_ssl_connection Default = false Enable or disable the SSL connection for purge target database schema.
  • true - Set this property to true to enable the SSL connection for the purge target database schema.
  • false - Set this property to false to disable the SSL connection for the purge target database schema.
purge.target_no_of_db_connections Default = 50 Specify the maximum number of pooled connections that are allowed to the target database from the Purge tool.
Purge JVM details    
purge.jvm_options Default is not set. The list of JVM options for purge, and separated by space.

It is recommend that you add the following JVM options for Garbage Collection (GC) information and JVM to generate heapdumps on any out-of-memory conditions:

-XX:+HeapDumpOnOutOfMemoryError -verbose:sizes -Xverbosegclog:logs/verbosegc.%Y%m%d.%H%M%S.%pid.txt
Purge log details    
purge.java_util_logging_file_handler_level Default = INFO

Valid values = FINE, INFO, or SEVERE

 Specify the log level.
purge.java_util_logging_file_handler_limit Default = 100. Specify the file size limit, in MB for each log file.
purge.java_util_logging_file_handler_count Default = 20. Specify the number of log files.
Agent    
agent.type Default = scanagent,certificateupdate
Valid values =
  • scanagent,certificateupdate
  • scanagent
  • certificateupdate
 To run Scan Agent, specify the value as scanagent. To run certificate update, specify the value as certificateupdate. If you want to run both Scan Agent and certificate update, specify both the values separated by commas as scanagent,certificateupdate.

For more information, see Deploy Agent.
agent.jvm_options Default is not set. Specify the list of JVM options for the agent separated by space.

It is recommend that you add the following JVM options for Garbage Collection (GC) information and JVM to generate heapdumps on any out-of-memory conditions:

-XX:+HeapDumpOnOutOfMemoryError -verbose:sizes -Xverbosegclog:logs/verbosegc.%Y%m%d.%H%M%S.%pid.txt
agent.no_of_db_connections Default = 50 Specify the maximum number of pooled connections allowed to the database.
agent.max_retry_count Default = 1460 Specify the number of times the agent must scan the file, in case the scan fails for some reason. The property accepts only numeric values.
agent.antivirus_server_host Default is not set. Specify the host or IP of the antivirus server.
agent.antivirus_server_port Default is not set. Specify the port number of the antivirus server.
agent.retry_interval_in_sec Default = 21600 seconds Specify the time interval between retries. The property accepts only numeric values.
Agent log details    
agent.com_ibm_vch_identity_security_limit Default = 100 Specify the limit, in MB for each log file.
agent.com_ibm_vch_identity_security_level Default = INFO

Valid values = FINE, INFO, or SEVERE

 Specify the log level.
agent.com_ibm_vch_identity_security_count Default = 20 Specify the number of log files count.
agent.scan_extensibility_class Default is not set. Specify the class to enable antivirus extensibility.
Migrator    
migrator.default_sponsor Default = true

Valid values are true or false.

 If the value is true, the default sponsor is onboarded. If you want to manually onboard the sponsor for Sterling File Gateway integration, set the value to false. Also, for the onboarded sponsor, create the appropriate custom fields, assign attributes and attribute values, and context data parameters. For more information, see Integration prerequisites.
Note: When you migrate from a version of the application that already has a default sponsor which is onboarded, you must set this property to false.
API Gateway    

apigateway.pem_servers

Default = none

Comma Separated list of PEM container addresses. For example https://<host1>:<port1>,https://<host2>:<port2>,etc

 This field is important to specify a list of PEM containers to which API calls are sent by the Gateway. If more than one container address is specified, then the Gateway load balances.

apigateway.pr_servers

 Default = none

Comma Separated list of PEM container addresses. For example https://<host1>:<port1>,https://<host2>:<port2>,etc

 This field is important to specify a list of PR containers to which API calls are sent by the Gateway. If more than one container address is specified, then the Gateway load balances.

apigateway.hostname_validation_required

Default = true

Possible Values = false,true

 This flag is provided to enable/disable certificate hostname validation for API Gateway.
apigateway.max_file_size (OPTIONAL)

Default value = 2MB

Value size in MB,GB for example, sample value can be 2MB.

 This value sets the limit to the size of the file that is uploaded via Gateway.
apigateway.max_request_size (OPTIONAL)

Default value = 2MB

Value size in MB,GB for example, sample value can be 2MB.

 This value sets the limit to the size of request that is uploaded via Gateway.