Docker Compose Environment Variables#
When using Docker compose to run any container that is an integral part of the Critical Manufacturing MES, a specific number of environment variables are set in the container that is started through Docker Compose and the use of a docker-compose.yml file which will then internally use them. Below you can find a list of those variables as well as a small explanation for each one:
Secrets#
As per the definition retrieved from the official Docker documentation on https://docs.docker.com/engine/swarm/secrets/ ⧉:
A secret is a blob of data, such as a password, SSH private key, SSL certificate, or another piece of data that should not be transmitted over a network or stored unencrypted in a Dockerfile or in your application's source code.
The secrets are defined in the YAML file for the Docker Compose and contain paths to another file that is hosted in an internal location, inaccessible from anyone without administrator access to the server. A quick example follows:
DATABASE_ONLINE_MSSQL_PASSWORD_FILE: /some/local/path/DATABASE_ONLINE_MSSQL_PASSWORD
This means that the value that will be used in the Docker container for DATABASE_ONLINE_MSSQL_PASSWORD_FILE will be retrieved from the contents of the /some/local/path/DATABASE_ONLINE_MSSQL_PASSWORD file
Environment Variables#
In the table below you can find the environment variables used in Docker Compose, as well as an indication of which ones are locally stored secrets:
| Secret? | Variable | Description | Notes |
|---|---|---|---|
ACCEPT_EULA | Microsoft MSSQL Server end-user license agreement. | Only when using Microsoft MSSQL container. Defaults to Y. | |
APPLICATION_ADMIN_PASSWORD | Application Administrator Password. | ||
| X | APPLICATION_ADMIN_PASSWORD_FILE | Value of APPLICATION_ADMIN_PASSWORD. | |
APPLICATION_ADMIN_USERNAME | Application Administrator Username. | ||
APPLICATION_LICENSE | Critical Manufacturing Customer Portal generated license. | Can either be the ID or the Name of the license (based on the license chosen during the setup). | |
APPLICATION_PUBLIC_HTTP_ADDRESS | HTTP address used to access from the outside of the environment. | Used in conjunction with APPLICATION_PUBLIC_HTTP_PORT and APPLICATION_PUBLIC_HTTP_PROTOCOL. | |
APPLICATION_PUBLIC_HTTP_PORT | HTTP port used to access from the outside of the environment. | Used in conjunction with APPLICATION_PUBLIC_HTTP_ADDRESS and APPLICATION_PUBLIC_HTTP_PROTOCOL. | |
APPLICATION_PUBLIC_HTTP_PROTOCOL | HTTP protocol used to access from the outside of the environment. | Valid options are http or https. Used in conjunction with APPLICATION_PUBLIC_HTTP_ADDRESS and APPLICATION_PUBLIC_HTTP_PORT. | |
APPLICATION_PUBLIC_HTTP_TLS_ENABLED | Indicates whether the application protocol uses TLS or not. | Valid options are true or false. Used in conjunction with APPLICATION_PUBLIC_HTTP_ADDRESS and APPLICATION_PUBLIC_HTTP_PORT. | |
CMF_CONNECTIOT_REPOSITORY_CONDITION | Decides whether the Connect IoT repository package should be installed. | ||
CMF_DATABASE_CONDITION | Decides whether all MES database packages should be installed. | If set to true CMF_DATABASE_RUNTIME_CONDITION should be false. | |
CMF_DATABASE_RUNTIME_CONDITION | Decides whether the MES online database package should be installed. | If set to true CMF_DATABASE_CONDITION should be false. | |
CMF_GRAFANA_CONDITION | Decides whether Critical Manufacturing Base Grafana Datasources and Dashboards should be installed. | (defaults to true) | |
CMF_GRAFANA_CONDITION_MES | Decides whether Critical Manufacturing MES Grafana Datasources and Dashboards should be installed. | (defaults to true) | |
CONSOLE_LOG_LEVEL | Defines the minimal log level for console logs. | Valid options are Trace, Debug, Info, Warn, Error, Fatal and Off. (defaults to Debug) | |
CUPS_SERVER | HTTP address used to access the CUPS server. | (only if Advanced Layout And Printing Module is available) | |
CUSTOMERPORTAL_PAT | Critical Manufacturing Customer Portal Personal Access Token (PAT). | Must be generated inside Customer Portal by a user with permissions to activate the APPLICATION_LICENSE. (auto-generated PAT for current user with expiration equal to one year). | |
| X | CUSTOMERPORTAL_PAT_FILE | Value of CUSTOMERPORTAL_PAT. | |
DATABASE_AS_MSAS_ADDRESS | Microsoft SQL Analysis Services server address. | ||
DATABASE_AS_MSAS_PASSWORD | Microsoft SQL Data Warehouse database password. | ||
| X | DATABASE_AS_MSAS_PASSWORD_FILE | Value of DATABASE_AS_MSAS_PASSWORD. | |
DATABASE_AS_MSAS_USERNAME | Microsoft SQL Analysis Services server username. | ||
DATABASE_DWH_MSSQL_ADDRESS | Microsoft SQL Data Warehouse database server address. | Example: SQLSERVER\INSTANCE. | |
DATABASE_DWH_MSSQL_FILE_LOCATION | Microsoft SQL Data Warehouse database file location. | (optional) | |
DATABASE_DWH_MSSQL_PASSWORD | Microsoft SQL Data Warehouse database password. | ||
| X | DATABASE_DWH_MSSQL_PASSWORD_FILE | Value of DATABASE_DWH_MSSQL_PASSWORD. | |
DATABASE_DWH_MSSQL_USERNAME | Microsoft SQL Data Warehouse database username. | ||
DATABASE_MSSQL_ALWAYS_ON_ENABLED | Whether the system should be configured to use Microsoft SQL Server Always On. | (defaults to false) | |
DATABASE_NETWORK_SHARE | Shared location between all SQL Server instances and Environment Manager. It will be used during the setup phase to transfer files between the setup and SQL Server instances. | ||
DATABASE_ODS_MSSQL_ADDRESS | Microsoft SQL Online Data storage database server address. Example: SQLSERVER\INSTANCE. | ||
DATABASE_ODS_MSSQL_FILE_LOCATION | Microsoft SQL Online Data storage database file location. | (optional) | |
DATABASE_ODS_MSSQL_PASSWORD | Microsoft SQL Online Data storage database password. | ||
| X | DATABASE_ODS_MSSQL_PASSWORD_FILE | Value of DATABASE_ODS_MSSQL_PASSWORD. | |
DATABASE_ODS_MSSQL_USERNAME | Microsoft SQL Online Data storage database username. | ||
DATABASE_ONLINE_MSSQL_ADDRESS | Microsoft SQL Online database server address. | Example: SQLSERVER\INSTANCE | |
DATABASE_ONLINE_MSSQL_FILE_LOCATION | Microsoft SQL Online database file location. | (optional) | |
DATABASE_ONLINE_MSSQL_PASSWORD | Microsoft SQL Online database password. | ||
| X | DATABASE_ONLINE_MSSQL_PASSWORD_FILE | Value of EMAIL_SMTP_PASSWORD. | |
DATABASE_ONLINE_MSSQL_USERNAME | Microsoft SQL Online database username. | ||
DATAPLATFORM_REPOSITORY_URL | IoT Data Platform Maven repository. | Needs to be accessible by Spark master to download Maven packages. | |
DATAPLATFORM_EVENT_HANDLER_STRATEGY | IoT Data Platform event handler strategy. Defaults to Kafka. | ||
DATAPLATFORM_KAFKA_BOOTSTRAP_SERVERS | IoT Data Platform Kafka bootstrap server. | (only if IoT Data Platform is licensed) | |
DATAPLATFORM_SPARK_ADDRESS | IoT Data Platform Spark master address. | ||
ENABLE_FILE_LOG | Indicates if the component logs should be written to the log's volume. | ||
ECAD_HTTP_ADDRESS | Address for the New Product Introduction service API. | (only if New Product Introduction Module is available) | |
ECAD_HTTP_PORT | Port for the New Product Introduction service API. | (only if New Product Introduction Module is available) | |
EMAIL_FROM_ADDRESS | Email address that will be presented as From when the system sends an email. | Most SMTP servers require From to be the same as EMAIL_SMTP_USERNAME. | |
EMAIL_LOCAL_SUPPORT_ADDRESS | Email address of the local support team. | ||
EMAIL_SMTP_ADDRESS | SMTP email server address. | ||
EMAIL_SMTP_PASSWORD | SMTP email server password. | ||
| X | EMAIL_SMTP_PASSWORD_FILE | Value of EMAIL_SMTP_PASSWORD. | |
EMAIL_SMTP_PORT | SMTP email server port. | ||
EMAIL_SMTP_TLS_ENABLED | Indicates whether the SMTP server uses TLS or not. | ||
EMAIL_SMTP_USERNAME | SMTP email server username. | ||
ENV_MANAGER_BOOT_PACKAGE | Environment Manager bootstrap package. | Usually the database root installation package. Must be name and version of the package: PackageName@SemVer (defaults to Cmf.Database.Runtime@version or Cmf.Database@version if using Analytics). | |
ENV_MANAGER_BOOT_SYNC_ENABLED | Whether the Environment Manager synchronization is enabled. | If set to true, the container will wait for Environment Manager before booting (defaults to true). | |
ENV_MANAGER_SYNC_LIST | Semicolon separated list of container layers for the Environment Manager to wait for. | The Environment Manager will wait for all layers declared in this list, separated by semicolons (;), to declare a successful installation before concluding its own installation. Example: ui;host;help. | |
ENV_MANAGER_BOOT_SYNC_WITH_IES_ENABLED | Installation will only finish when the setup Integration Entries are processed. | Defaults to true. | |
ENVIRONMENT_NAME | The environment name. | ||
ERP_SAP_ADDRESS | SAP Address. | (only if ERP Integration is licensed) | |
ERP_SAP_CLIENT_NUMBER | SAP Client Number. | (only if ERP Integration is licensed) | |
ERP_SAP_ENABLED | Whether the SAP connection is enabled. | (only if ERP Integration is licensed) | |
ERP_SAP_PASSWORD | The user password used to connect to the SAP system. | (only if ERP Integration is licensed) | |
ERP_SAP_PROGRAM_ID | SAP Program ID. | (only if ERP Integration is licensed) | |
ERP_SAP_SERVICE_NAME | The name of the gateway in SAP. | (only if ERP Integration is licensed) | |
ERP_SAP_SYSTEM_NUMBER | The SAP system number. | (only if ERP Integration is licensed) | |
ERP_SAP_THEOBALD_ERPCONNECT_LICENSE | Theobald ERP Connect License | (only if ERP Integration is licensed) | |
ERP_SAP_USERNAME | The user name used to connect to the SAP system | (only if ERP Integration is licensed) | |
HOST_AD_FQDN | Application Server Host Active Directory fully qualified domain name. | ||
HOT_RELOAD_CONFIG | Enables Security Portal hot configuration load. | Only applies to Security Portal container. | |
HOT_RELOAD_CONFIG_PATH | Sets the path to the folder to watch for partial configuration files. Default is /var/opt/envmanager/installation. | Only applies to Security Portal container. | |
HOT_RELOAD_POLLING | Sets the polling interval, in milliseconds, to look for changes inside the watched folder. Default is 10000, 10 seconds. | Only applies to Security Portal container. | |
INSTALLATION_ID | Unique identifier for the current installation. | ||
LOG_LEVEL | Defines the minimal log level for Clickhouse logs. | Valid options are none, fatal, critical, error, warning, notice, information, debug, trace and test. (defaults to information) | |
PRINTING_SERVICE_ENABLED | Whether to use the CUPS printing server. | (only if Advanced Layout And Printing Module is available) | |
PRINTING_SERVICE_URL | HTTP address used to access the Printing Service. | (only if Advanced Layout And Printing Module is available) | |
MESSAGEBUS_API_CLIENT_SECRET | Client Secret for the Message connection authentication. | Defaults to SECURITY_PORTAL_CLIENT_SECRET | |
| X | MESSAGEBUS_API_CLIENT_SECRET_FILE | Value of MESSAGEBUS_API_CLIENT_SECRET. | |
MESSAGEBUS_GATEWAY_WS_PROTOCOL | The protocol used for the message bus gateway web socket connection. | ||
METRICS_PUBLISH_ADDRESS | The address used to publish metrics. | ||
MSSQL_AGENT_ENABLED | Whether the Microsoft MSSQL agent is enabled. | Only when using Microsoft MSSQL container. Defaults to True. | |
MSSQL_COLLATION | Microsoft MSSQL database collation. | Only when using Microsoft MSSQL container. Defaults to Latin1_General_CI_AS. | |
MSSQL_SA_PASSWORD | Microsoft MSSQL system administrator password. | Only when using Microsoft MSSQL container. Defaults to DATABASE_ONLINE_MSSQL_PASSWORD. | |
| X | MSSQL_SA_PASSWORD_FILE | Value of MSSQL_SA_PASSWORD. | |
REPORTING_SSRS_PASSWORD | Microsoft SQL Server Reporting Services user password. | ||
| X | REPORTING_SSRS_PASSWORD_FILE | Value of REPORTING_SSRS_PASSWORD. | |
REPORTING_SSRS_USERNAME | Microsoft SQL Server Reporting Services username. | User must have administration privileges on SSRS. SSRS must have basic authentication enabled to run on containers. | |
REPORTING_SSRS_WEB_PORTAL_URL | Microsoft SQL Server Reporting Services Web Portal URL. | Can be found on Report Server Configuration Manager under Web Portal URL. | |
REPORTING_SSRS_WEB_SERVICE_URL | Microsoft SQL Server Reporting Services Web Service URL. | Can be found on Report Server Configuration Manager under Web Service URL. The value must be case sensitive. | |
SCHEDULING_HTTP_ADDRESS | Address for the Scheduling service API. | (only if Scheduling Module is available) | |
SCHEDULING_HTTP_PORT | Port for the Scheduling service API. | (only if Scheduling Module is available) | |
SECURITY_PORTAL_CLIENT_ID | ID for connection to Security Portal. | (defaults to MES) | |
SECURITY_PORTAL_CLIENT_SECRET | Client Secret for authentication in Security Portal. | (default is auto-generated during setup) | |
| X | SECURITY_PORTAL_CLIENT_SECRET_FILE | Value of SECURITY_PORTAL_CLIENT_SECRET. | |
SECURITY_PORTAL_DATABASE_MSSQL_ADDRESS | Security Portal Microsoft SQL Server address. | During basic setup equals to DATABASE_ONLINE_MSSQL_ADDRESS. | |
SECURITY_PORTAL_DATABASE_MSSQL_DATABASE_NAME | Security Portal Microsoft SQL Server database name. | During basic setup equals to SYSTEM_NAME. | |
SECURITY_PORTAL_DATABASE_MSSQL_PASSWORD | Security Portal Microsoft SQL Server password. | During basic setup equals to DATABASE_ONLINE_MSSQL_PASSWORD. | |
| X | SECURITY_PORTAL_DATABASE_MSSQL_PASSWORD_FILE | Value of SECURITY_PORTAL_DATABASE_MSSQL_PASSWORD. | |
SECURITY_PORTAL_DATABASE_MSSQL_USERNAME | Security Portal Microsoft SQL Server username. | During Basic setup equals to DATABASE_ONLINE_MSSQL_USERNAME. | |
SECURITY_PORTAL_SESSION_SHOW_REMAIN_SIGNED_IN | Whether the Security Portal presents the Remain Signed In prompt after login. | Defaults to false. | |
SECURITY_PORTAL_SESSION_VALID_FOR | The amount of time that the Security Portal session is valid. | Defaults to 7d. | |
SECURITY_PORTAL_PUBLIC_HTTP_ADDRESS | HTTP address used to access Security Portal from the outside of the environment. | Used in conjunction with SECURITY_PORTAL_PUBLIC_HTTP_PORT and SECURITY_PORTAL_PUBLIC_HTTP_PROTOCOL. | |
SECURITY_PORTAL_PUBLIC_HTTP_PORT | HTTP port used to access Security Portal from the outside of the environment. | Used in conjunction with SECURITY_PORTAL_PUBLIC_HTTP_ADDRESS and SECURITY_PORTAL_PUBLIC_HTTP_PROTOCOL. | |
SECURITY_PORTAL_PUBLIC_HTTP_PROTOCOL | HTTP protocol used to access Security Portal from the outside of the environment. | Valid options are http or https. Used in conjunction with SECURITY_PORTAL_PUBLIC_HTTP_ADDRESS and SECURITY_PORTAL_PUBLIC_HTTP_PORT. | |
SECURITY_PORTAL_STRATEGY_LOCAL_AD_ENABLED | Indicates if the Local Active Directory strategy is enabled. | Defaults to false. | |
SECURITY_PORTAL_STRATEGY_LOCAL_AD_DEFAULT_DOMAIN | Default domain used by the Local Active Directory strategy. | ||
SECURITY_PORTAL_STRATEGY_LOCAL_AD_PASSWORD | Active Directory Password. | ||
| X | SECURITY_PORTAL_STRATEGY_LOCAL_AD_PASSWORD_FILE | Value of SECURITY_PORTAL_STRATEGY_LOCAL_AD_PASSWORD. | |
SECURITY_PORTAL_STRATEGY_LOCAL_AD_SERVER_ADDRESS | Active Directory address used by the Local Active Directory Strategy. | By default, the default protocol used is LDAP. For LDAPS use the complete address URI (ldaps://yourserveraddress). | |
SECURITY_PORTAL_STRATEGY_LOCAL_AD_SERVER_BASE_DN | Active Directory base DN search address. | ||
SECURITY_PORTAL_STRATEGY_LOCAL_AD_USERNAME | Active Directory Username. | ||
SECURITY_PORTAL_STRATEGY_LOCAL_USERS_DATABASE_MSSQL_ADDRESS | Local Users MSSQL database address. | Defaults to SECURITY_PORTAL_DATABASE_MSSQL_ADDRESS or DATABASE_ONLINE_MSSQL_ADDRESS. | |
SECURITY_PORTAL_STRATEGY_LOCAL_USERS_DATABASE_MSSQL_NAME | Local Users MSSQL database name. | Defaults to SECURITY_PORTAL_DATABASE_MSSQL_DATABASE_NAME or SYSTEM_NAME. | |
SECURITY_PORTAL_STRATEGY_LOCAL_USERS_DATABASE_MSSQL_PASSWORD | Local Users MSSQL database password. | Defaults to SECURITY_PORTAL_DATABASE_MSSQL_PASSWORD or DATABASE_ONLINE_MSSQL_PASSWORD. | |
| X | SECURITY_PORTAL_STRATEGY_LOCAL_USERS_DATABASE_MSSQL_PASSWORD_FILE | Value of SECURITY_PORTAL_STRATEGY_LOCAL_USERS_DATABASE_MSSQL_PASSWORD. | |
SECURITY_PORTAL_STRATEGY_LOCAL_USERS_DATABASE_MSSQL_USERNAME | Local Users MSSQL database username. | Defaults to SECURITY_PORTAL_DATABASE_MSSQL_USERNAME or DATABASE_ONLINE_MSSQL_USERNAME. | |
SECURITY_PORTAL_STRATEGY_LOCAL_USERS_EMAIL_SMTP_ADDRESS | Local Users SMTP email address. | ||
SECURITY_PORTAL_STRATEGY_LOCAL_USERS_EMAIL_SMTP_FROM | Local Users email address to be presented as the from when the Security Portal sends an email. | ||
SECURITY_PORTAL_STRATEGY_LOCAL_USERS_EMAIL_SMTP_PORT | Local Users SMTP email port. | ||
SECURITY_PORTAL_STRATEGY_LOCAL_USERS_EMAIL_SMTP_PASSWORD | Local Users SMTP email server password. | ||
| X | SECURITY_PORTAL_STRATEGY_LOCAL_USERS_EMAIL_SMTP_PASSWORD_FILE | Value of SECURITY_PORTAL_STRATEGY_LOCAL_USERS_EMAIL_SMTP_PASSWORD. | |
SECURITY_PORTAL_STRATEGY_LOCAL_USERS_EMAIL_SMTP_USERNAME | Local Users SMTP email server username. | ||
SECURITY_PORTAL_STRATEGY_LOCAL_USERS_EMAIL_SMTP_TLS_ENABLED | Indicates whether the Local Users SMTP server uses TLS or not. | ||
SECURITY_PORTAL_STRATEGY_WEBAUTHN_ENABLED | Indicates if the Local Active Directory strategy is enabled. | Defaults to false. | |
SECURITY_PORTAL_STRATEGY_WEBAUTHN_DATABASE_MSSQL_ADDRESS | WebAuthn database address. | ||
SECURITY_PORTAL_STRATEGY_WEBAUTHN_DATABASE_MSSQL_NAME | WebAuthn database name. | ||
SECURITY_PORTAL_STRATEGY_WEBAUTHN_DATABASE_MSSQL_PASSWORD | WebAuthn database password. | ||
| X | SECURITY_PORTAL_STRATEGY_WEBAUTHN_DATABASE_MSSQL_PASSWORD_FILE | Value of SECURITY_PORTAL_STRATEGY_WEBAUTHN_DATABASE_MSSQL_PASSWORD. | |
SECURITY_PORTAL_STRATEGY_WEBAUTHN_DATABASE_MSSQL_USERNAME | WebAuthn database username. | ||
SSRS_UPLOAD_MAX_PARALLEL | Defines the maximum concurrent file uploads during deployment. | ||
SYSTEM_NAME | Name given to the installation. | It will impact the name of newly created infrastructure components, like the database name. | |
TENANT_NAME | Name of the tenant of the installation. | It will impact custom objects namespace with long names. | |
MAX_REQUEST_BODY_SIZE | Max request body size on security portal. | By default was configured to use 1 mb. | |
TARGETS | Semi-colon separated values, either API;NetStandard;NodeJS;TypeScript or a subset of these. | Defaults to API;NetStandard;NodeJS;TypeScript. | |
HOST_ADDRESS | The host address. | ||
SECURITY_PORTAL_ADDRESS | The Security Portal address. |
Table: Docker Compose environment variables