Configuring the Setup.cfg file
The setup.cfg file contains parameters required to configure PEM 2.0 containers. This topic describes the parameters and their default values organized by configuration category.
Overview
The setup.cfg file is the primary configuration file for PEM 2.0 deployment. It contains properties for license acceptance, database configuration, server settings, JMS configuration, purge settings, and gateway configuration. Configure these properties before deploying PEM containers.
License and environment configuration
The following table lists the parameters for license acceptance and environment type:
| Parameter | Default Value | Description |
|---|---|---|
| accept_license | Not set | Set to "true" to accept the license and start the Docker container. Valid values: "true" or "false". |
| env_type | "prod" | Specify the environment type. Valid values: "prod" for production or "nonprod" for non-production. |
| customer_id | Not set | Specify the customer ID. Must match the Bluemix ID used to download the IBM PEM image. |
Master database configuration
The following table lists the parameters for master schema database configuration:
| Parameter | Default Value | Description |
|---|---|---|
| db_type | Not set | Specify the type of database. Valid values: "DB2", "MSSQL", or "Oracle". |
| ssl_connection | "false" | Enable or disable SSL connection for master and testmode database schemas. Valid values: "true" or "false". Default is false. |
| db_port | Not set | Database connection port number. |
| db_host | Not set | Database host IP address or hostname. |
| db_name | Not set | Database name. |
| db_schema | Not set | Database schema name. |
| db_user | Not set | Database user name. |
| db_password | Not set | Database user password. |
| db_driver | Not set | JDBC driver class for the database. |
Master database SSL/TLS configuration
The following table lists the parameters for master schema SSL/TLS configuration:
| Parameter | Default Value | Description |
|---|---|---|
| db_mssql_hostNameInCertificate | Not set | Hostname to be used in validating the SQL Server SSL certificate. |
| db_mssql_sslProtocol | "TLSv1.2" | DEPRECATED. Specify MSSQL TLS version. If db_sslProtocol is empty, this value is used. |
| db_mssql_encrypt | "true" | Enable encryption for MSSQL connections. Valid values: "true" or "false". |
| db_sslProtocol | "TLSv1.3" | Specify the DB2 or MSSQL TLS version. If not specified, default value of TLSv1.2 is set. |
| db_sslTrustStoreName | Not set | Keystore/truststore file name containing the public certificate. File must be copied to <mount location>/resources/security folder. |
| db_sslTrustStorePassword | Not set | Password for the keystore/truststore file. |
Master database connection pool configuration
The following table lists the parameters for master schema database connection pool management:
| Parameter | Default Value | Description |
|---|---|---|
| db_max_pool_size | 500 | Maximum pool size of the master schema's database connection. If not specified, default value of 500 is set. |
| db_min_pool_size | 5 | Minimum pool size of the master schema's database connection. If not specified, default value of 5 is set. |
| db_aged_timeout | Not set | Maximum time after which the physical connection is discarded by pool maintenance. Example: 1440m. |
| db_max_idle_time | Not set | Maximum idle time for the master schema's database connection. Example: 1440m. |
| db_connection_timeout | Not set | Connection timeout for the master schema's database connection. Specify in minutes (e.g., 1m) or seconds (e.g., 30s). |
| db_validation_timeout | Not set | Validation timeout for the master schema's database connection. Specify in minutes (e.g., 1m) or seconds (e.g., 5s). |
| db_keepalive_time | Not set | Keepalive time for the master schema's database connection. Specify in minutes (e.g., 5m) or seconds (e.g., 300s). |
Test mode database configuration
The following table lists the parameters for test mode schema database configuration:
| Parameter | Default Value | Description |
|---|---|---|
| testmode_db_port | "1433" | Test mode database connection port number. |
| testmode_db_host | Not set | Test mode database host IP address or hostname. |
| testmode_db_name | Not set | Test mode database name. |
| testmode_db_schema | Not set | Test mode database schema name. |
| testmode_db_user | Not set | Test mode database user name. |
| testmode_db_password | Not set | Test mode database user password. |
| testmode_db_driver | Not set | JDBC driver class for the test mode database. |
| testmode_db_mssql_hostNameInCertificate | Not set | Hostname to be used in validating the SQL Server SSL certificate for test mode. |
| testmode_db_mssql_sslProtocol | "TLSv1.2" | DEPRECATED. Specify MSSQL TLS version for test mode. If testmode_db_sslProtocol is empty, this value is used. |
| testmode_db_mssql_encrypt | "true" | Enable encryption for test mode MSSQL connections. Valid values: "true" or "false". |
| testmode_db_sslProtocol | "TLSv1.3" | Specify the DB2 or MSSQL TLS version for test mode. If not specified, default value of TLSv1.2 is set. |
Test mode database connection pool configuration
The following table lists the parameters for test mode schema database connection pool management:
| Parameter | Default Value | Description |
|---|---|---|
| testmode_db_max_pool_size | 500 | Maximum pool size of the test mode schema's database connection. If not specified, default value of 500 is set. |
| testmode_db_min_pool_size | 5 | Minimum pool size of the test mode schema's database connection. If not specified, default value of 5 is set. |
| testmode_db_aged_timeout | "1440m" | Maximum time after which the physical connection is discarded by pool maintenance. Default value is 1440m (minutes). |
| testmode_db_max_idle_time | "1440m" | Maximum idle time for the test mode schema's database connection. Default value is 1440m (minutes). |
| testmode_db_sslTrustStoreName | Not set | Keystore/truststore file name containing the public certificate for test mode. File must be copied to <mount location>/resources/security folder. |
| testmode_db_sslTrustStorePassword | Not set | Password for the test mode keystore/truststore file. |
Server configuration
The following table lists the parameters for server configuration:
| Parameter | Default Value | Description |
|---|---|---|
| servers.jvm_options | Not set | Specify the list of JVM options for the servers, separated by space. Example: "-Xms4g -Xmx4g". |
| servers.keystore_password | Not set | Password for the server keystore. |
| servers.keystore_alias | Not set | Alias of the key in the server keystore. |
| servers.keystore_filename | Not set | Server keystore file name. File must be copied to <mount location>/resources/security folder. |
| servers.ssl_protocol | Not set | Specify the protocol for ECC certificate support. |
| servers.enabled_ciphers | Not set | Specify the ciphers for ECC certificate support. |
| servers.skipHostnameVerificationForHosts | Not set | Specify the hostnames that should be ignored during hostname verification in the Liberty Server. |
| servers.max_file_size | "100" | Maximum size for the server log file in MB. Default value is 100 MB. |
| servers.max_files | "20" | Maximum number of server log files. Default value is 20. |
| servers.console_log_level | "INFO" | Console log level. Example: "INFO", "DEBUG". |
| servers.trace_specification | "*=info" | Trace specification for detailed logging. |
| servers.logs_logger | "file" | Logger used to write log messages. Valid values: "console", "file" (default). |
JMS configuration
The following table lists the parameters for Java Messaging Service (JMS) configuration:
| Parameter | Default Value | Description |
|---|---|---|
| servers.enable_jms_features | "embdClientOnly" | Enable JMS feature. Valid values: "embdClientOnly", "wmqClientOnly", "embdServerAndClientOnly". |
| servers.provisioner_request_queue | Not set | Embedded JMS provisioner request queue name. |
| servers.provisioner_response_queue | Not set | Embedded JMS provisioner response queue name. |
| servers.remote_server_ssl | "true" | Enable SSL for remote server. Valid values: "true" or "false". |
| servers.remote_server_host | Not set | Remote server host for JMS. |
| servers.remote_server_port | Not set | Remote server port for JMS. |
| servers.provisioner_request_listener_max_concurrency | 10 | Number of concurrent requests to be processed. Default value is 10. |
| servers.provisioner_response_listener_max_concurrency | 10 | Number of concurrent responses to be processed. Default value is 10. |
Purge configuration
The following table lists the parameters for purge tool configuration:
| Parameter | Default Value | Description |
|---|---|---|
| purge.name | Not set | Purge tool name. Prevents two users with the same purge name from purging records simultaneously. |
| purge.number_of_purge_days | "60" | Number of days before the current date for which records need to be purged. Example: "60" purges records older than 60 days. |
| purge.purge_count | "1" | Number of records to be purged in a batch. Default value is 1. Do not modify this value. |
| purge.sponsor_context | Not set | Sponsor context or "*" for all sponsors in the system. |
| purge.no_of_db_connections | "50" | Maximum number of pooled connections allowed for the database. Default value is 50. |
| purge.jvm_options | Not set | List of JVM options for purge, separated by space. |
| purge.java_util_logging_file_handler_level | "INFO" | Log level for purge. Valid values: "FINE", "INFO", "SEVERE". Default is INFO. |
| purge.java_util_logging_file_handler_limit | Not set | File size limit in MB for each log file. |
| purge.java_util_logging_file_handler_count | Not set | Number of log files. |
| purge.purge_strategy | "ARCHIVE" | Purge strategy. Valid values: "DELETE" (delete only) or "ARCHIVE" (delete and archive). Default is ARCHIVE. |
| purge.resource_to_purge | "SPONSOR" | Resource type to purge. Valid values: "SPONSOR", "SPONSOR_USER", "PARTNER", "PARTNER_USER", "TPP", "TPP_USER". Default is SPONSOR. |
| purge.resource_to_purge_key | Not set | Resource key for the resource type being purged. |
| purge.purge_strategy_data_scope | "DELETED_DATA" | Data scope for purge. Valid values: "ALL_DATA" or "DELETED_DATA". Default is DELETED_DATA. |
| purge.target_db_is_same_as_source_db | "true" | Whether source and target databases are the same. Valid values: "true" or "false". Default is true. |
API Gateway configuration
The following table lists the parameters for API Gateway configuration:
| Parameter | Default Value | Description |
|---|---|---|
| apigateway.domainName | Not set | API Gateway domain name and port. Format: <host>:<port>. |
| apigateway.pem_servers | Not set | List of PEM servers available for the service. Format: https://<host1>:<port1>,https://<host2>:<port2>. |
| apigateway.pr_servers | Not set | List of Partner Repository servers available for the service. |
| apigateway.max_file_size | "2000MB" | Maximum file size allowed. Example: "2000MB". |
| apigateway.max_request_size | "2000MB" | Maximum request size allowed. Example: "2000MB". |
| apigateway.hostname_validation_required | "true" | Whether hostname validation is required. Valid values: "true" or "false". |
| apigateway.cors_allowedOrigins | Not set | List of allowed CORS origins in comma-separated format. Example: "https://url1,https://url2". |
| apigateway.ratelimit.limit_refresh_period | "60" | Interval in seconds at which the rate limit is reset. Default value is 60. |
| apigateway.ratelimit.limit_for_period | "45" | Maximum number of requests allowed within each limit_for_period. Default value is 45. |
| apigateway.ratelimit.timeout_duration | "3" | Maximum time in seconds a request will wait if the rate limit is exceeded. Default value is 3. |
| apigateway.truststore_filename | Not set | Truststore file name. File must be copied to <mount location>/resources/security folder. |
| apigateway.truststore_type | Not set | Truststore type. Common values: "JKS", "PKCS12". |
| apigateway.truststore_alias | Not set | Alias of the key in the truststore. |
| apigateway.truststore_password | Not set | Password for the truststore. |
PEM 2.0 rate limiting configuration
The following table lists the parameters for PEM 2.0 rate limiting:
| Parameter | Default Value | Description |
|---|---|---|
| servers.pem_rate_limiting_enabled | "true" | Enable or disable rate limiting. Default value is true. |
| servers.pem_rate_limiting_per_user_rpm | "5" | Max sustained requests per minute per authenticated user. Default value is 5. |
| servers.pem_rate_limiting_per_user_burst | "2" | Immediate burst allowed before throttling starts (must be <= per_user_rpm). Default value is 2. |
| servers.pem_rate_limiting_per_ip_rpm | "10" | Max sustained requests per minute per client IP (X-Forwarded-For). Default value is 10. |
| servers.pem_rate_limiting_per_ip_burst | "2" | Burst capacity per IP before throttling starts (must be <= per_ip_rpm). Default value is 2. |
CORS configuration
The following table lists the parameters for CORS configuration:
| Parameter | Default Value | Description |
|---|---|---|
| pem.cors.enable | "true" | Enable or disable CORS. Valid values: "true" or "false". |
| pem.cors.allowedOrigins | Not set | Comma-separated list of allowed CORS origins for PEM v1. Format: "https://<host>:<port>,https://<host>:<port>". |