Configuration ENVs
General & Commonly used
| ENV | Type | Description | Default Value |
|---|---|---|---|
| ANKA_ANKA_REGISTRY | (string) | Anka Registry address that will be used by Nodes to pull/download VM Templates and Tags. This is not used by the Controller to communicate with the Registry. (format: “http[s]://address:[port]”). | |
| ANKA_CLEAN_MAC_ADDRESS_INTERVAL | (duration) | Delay between cleaning mac addresses. | 1h0m0s |
| ANKA_DEFRAG_DB_INTERVAL | (duration) | The interval for defragging ETCD (0 is disable). | 0 |
| ANKA_ETCD_ENDPOINTS | (string) | Comma separated list of etcd addresses. These endpoints are used for the Application DB (instance, group, node information) and the Queue DB (if not defined separately with ANKA_QUEUE_ETCD_ENDPOINTS). | 127.0.0.1:2379 |
| ANKA_FILL_MAC_ADDRESS_RANGE_INTERVAL | (duration) | Interval to execute the mac address range validation. | 3h0m0s |
| ANKA_INSTANCE_TIME_OUT | (duration) | The time that instances stay in ‘Terminated’ state. | 1m0s |
| ANKA_LISTEN_ADDR | (string) | The address and port to listen on (format: “[address]:port”). | :80 |
| ANKA_LOCAL_ANKA_REGISTRY | (string) | The Controller uses this to communicate with the Registry and is separate from the ANKA_ANKA_REGISTRY, which is used by external services like Anka Nodes. This is for situations where the Controller and Registry are on the same network and you want to use localhost/local DNS for communication between them (format: “http[s]://address:[port]”) | localhost:8085). |
| ANKA_MAC_ADDR_RANGE | (string) | Pass the range of mac addresses to use. manage-mac-addresses must be set to true to use this option. format is | |
| ANKA_MAC_ADDR_RANGE_MAX_RETRIES | (int) | Times to retry to get mac address from the database before giving up and returning an error. | 100 |
| ANKA_MANAGE_MAC_ADDRESSES | (boolean) | Enables the controller to manage mac addresses of VMs. Check our docs for more info and caveats. | false |
| ANKA_NUM_WORKERS | (int) | The number of concurrent workers processing node tasks. | 2 |
| ANKA_PUSH_REGISTRY | (string) | Comma separated list of Registry addresses to use for push operations (saveImage/Jenkins cache building). | |
| ANKA_QUEUE_ETCD_ENDPOINTS | (string) | Comma seperated list of ETCD endpoints to use for queue data (only available in standalone mode). | |
| ANKA_STANDALONE | (boolean) | Run controller service, the built in registry, and etcd database together in a single binary/service. | false |
Logging
| ENV | Type | Description | Default Value |
|---|---|---|---|
| ANKA_CMD_LOG_MAX_DAYS | (int) | Number of days to keep cmd logs (0 will use the value in log-max-days). | 7 |
| ANKA_CMD_LOG_MAX_MB | (int) | MB limit for cmd log files (0 will use the value in log-max-mb). | 1024 |
| ANKA_ENABLE_CENTRAL_LOGGING | (boolean) | Enables central logging. This will forward all logs available to the service into the registry’s data directory using the REST API of the Registry. | false |
| ANKA_ENABLE_EVENT_LOGGING | (boolean) | (Enterprise Plus Only) Enables event logging. They will show under the Controller’s Logs section after the first instance is created. | false |
| ANKA_ERROR_LOG_MAX_DAYS | (int) | Number of days to keep error logs (0 will use the value in log-max-days). | 3 |
| ANKA_ERROR_LOG_MAX_MB | (int) | MB limit for error log files (0 will use the value in log-max-mb). | 200 |
| ANKA_EVENT_LOG_URL | (string) | (Enterprise Plus Only) The url to post events to in json format. | |
| ANKA_INFO_LOG_MAX_DAYS | (int) | Number of days to keep info logs (0 will use the value in log-max-days). | 0 |
| ANKA_INFO_LOG_MAX_MB | (int) | MB limit for info log files (0 will use the value in log-max-mb). | 0 |
| ANKA_LOG_MAX_DAYS | (int) | Number of days to keep logs for all log types unless otherwise defined. | 7 |
| ANKA_LOG_MAX_MB | (int) | MB limit for log files, for all log types unless otherwise defined. | 700 |
HTTPS / TLS
| ENV | Type | Description | Default Value |
|---|---|---|---|
| ANKA_CIPHER_SUITES | (string) | A list of cipher suites to use for HTTPS/TLS. Supported Options: tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_128_gcm_sha256, tls_rsa_with_aes_256_gcm_sha384, tls_aes_128_gcm_sha256, tls_aes_256_gcm_sha384, tls_chacha20_poly1305_sha256, tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_cbc_sha, tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_aes_128_gcm_sha256, tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_chacha20_poly1305_sha256, tls_ecdhe_ecdsa_with_chacha20_poly1305_sha256 | |
| ANKA_MAX_TLS_VERSION | (string) | The max tls version to use with HTTPS/TLS. Supported Options: tls_1.0, tls_1.1, tls_1.2, tls_1.3 | |
| ANKA_MIN_TLS_VERSION | (string) | The min tls version to use with HTTPS/TLS. Supported Options: tls_1.0, tls_1.1, tls_1.2, tls_1.3 | |
| ANKA_SERVER_CERT | (string) | The path to a HTTPS/TLS certificate file in PEM format. | |
| ANKA_SERVER_KEY | (string) | The path to a HTTPS/TLS certificate private key file in PEM format. | |
| ANKA_SKIP_TLS_VERIFICATION | (boolean) | Disable the verification of the HTTPS/TLS certificates when making outbound requests to services (for self-signed certs). | false |
| ANKA_USE_HTTPS | (boolean) | Enable HTTPS/TLS protocol for the controller UI and API (requires server-cert & server-key). | false |
Built in Registry
| ENV | Type | Description | Default Value |
|---|---|---|---|
| ANKA_ENABLE_REGISTRY_AUTHORIZATION | (boolean) | Enable Authorization (Users, groups, permission control for specific certificates) in the Registry. | false |
| ANKA_REGISTRY_ACCESS_LOGS | (boolean) | Enables registry access logs. | false |
| ANKA_REGISTRY_BASE_PATH | (string) | Built-in Registry’s data storage path. | |
| ANKA_REGISTRY_LISTEN_ADDRESS | (string) | Address for built in Registry to listen on. | :8089 |
| ANKA_REGISTRY_VM_LIST_CACHE_TTL | (duration) | Registry’s template information cache TTL | 30s |
| ANKA_RUN_REGISTRY | (boolean) | Run Built-in Registry (useful if not using standalone mode, but you still want the controller and registry to run together; no etcd). | false |
Built in ETCD
| ENV | Type | Description | Default Value |
|---|---|---|---|
| ANKA_ADVERTISE_CLIENT_URLS | (string) | Comma separated list of client urls for ETCD to advertise (only available in standalone mode) | http://127.0.0.1:2379 |
| ANKA_AUTO_COMPACTION_MODE | (string) | The ETCD auto compaction mode, (‘periodic’ or ‘revision’) (only available in standalone mode) | periodic |
| ANKA_AUTO_COMPACTION_RETENTION | (string) | The ETCD auto compaction retention length (0 is disabled) (only available in standalone mode) | 30m |
| ANKA_DATA_DIR | (string) | The ETCD data directory location (only available in standalone mode) | /tmp/etcd-data |
| ANKA_INITIAL_ADVERTISE_PEER_URLS | (string) | Comma separated list of peer urls for ETCD to advertise (only available in standalone mode) | http://0.0.0.0:2380 |
| ANKA_INITIAL_CLUSTER | (string) | The initial ETCD cluster configuration for bootstrapping (only available in standalone mode) | anka-etcd=http://0.0.0.0:2380 |
| ANKA_INITIAL_CLUSTER_STATE | (string) | The initial cluster state for ETCD (’new’ or ’existing’) (only available in standalone mode) | new |
| ANKA_INITIAL_CLUSTER_TOKEN | (string) | The cluster token used in ETCD during bootstrap (only available in standalone mode) | etcd-server |
| ANKA_LISTEN_CLIENT_URLS | (string) | Comma separated list client urls for ETCD to use (only available in standalone mode) | http://127.0.0.1:2379 |
| ANKA_LISTEN_PEER_URLS | (string) | Comma separated list of peer urls for ETCD to use (only available in standalone mode) | http://0.0.0.0:2380 |
| ANKA_NAME | (string) | The name for your ETCD server (only available in standalone mode) | anka-etcd |
Authentication and Authorization
| ENV | Type | Description | Default Value |
|---|---|---|---|
| ANKA_API_KEY_FILE | (string) | The API Key client file used for authentication. Takes precedence over api-key-string. | |
| ANKA_API_KEY_ID | (string) | The API Key client id used for authentication. | |
| ANKA_API_KEY_STRING | (string) | The API Key client string used for authentication. The string will be the output from cat myUAK.pem | sed '1,1d' | sed '$d' | tr -d '\n' (making sure not to copy the % at the end). | |
| ANKA_API_KEYS_CLEANING_INTERVAL | (duration) | The interval for cleaning of expired api keys. | 4h0m0s |
| ANKA_API_KEYS_SESSION_TTL | (duration) | The API Keys session TTL (used for automatic expiration). | 5m0s |
| ANKA_CA_CERT | (string) | (Certificate Authentication) The CA/root cert used to authenticate incoming requests/certs. | |
| ANKA_CLIENT_CERT | (string) | (Certificate Authentication) The Controller will use this when making http requests, mainly to the Registry | |
| ANKA_CLIENT_CERT_KEY | (string) | (Certificate Authentication) The Controller will use this when making http requests, mainly to the Registry | |
| ANKA_CLIENT_KEYPASS | (string) | (Certificate Authentication) Password for certificate and keystore (optional) | |
| ANKA_CLIENT_KEYSTORE | (string) | (Certificate Authentication) A client keystore file in pkcs12 format; The Controller will use this when making http requests (mainly to the Registry). | |
| ANKA_ENABLE_API_KEYS | (boolean) | Enable API Key Authentication. | false |
| ANKA_ENABLE_AUTH | (boolean) | Enable Authentication (Root Token, Certificate, SSO/OpenID or API Keys) (Not to be confused with Authorization). | false |
| ANKA_ENABLE_CONTROLLER_AUTHORIZATION | (boolean) | Enable Authorization (Users, groups, permission control for specific certificates) in the Controller. | false |
| ANKA_ETCD_CA_CERT | (string) | (ETCD Certificate Authentication) The Etcd client will use this when connecting to the cluster. | |
| ANKA_ETCD_CERT | (string) | (ETCD Certificate Authentication) The ETCD client will use this when connecting to the cluster. | |
| ANKA_ETCD_CERT_KEY | (string) | (ETCD Certificate Authentication) The ETCD client will use this when connecting to the cluster. | |
| ANKA_ETCD_PASSWORD | (string) | (ETCD Certificate Authentication) ETCD Password to use for login. | |
| ANKA_ETCD_USERNAME | (string) | (ETCD Certificate Authentication) ETCD Username to use for login. | |
| ANKA_OIDC_CLIENT_ID | (string) | (OpenID/SSO) Client id | |
| ANKA_OIDC_DISPLAY_NAME | (string) | (OpenID/SSO) Name to display on login page | |
| ANKA_OIDC_GROUPS_CLAIM | (string) | (OpenID/SSO) Claim key to use for groups, defaults to groups | groups |
| ANKA_OIDC_PROVIDER_URL | (string) | (OpenID/SSO) Provider url | |
| ANKA_OIDC_USERNAME_CLAIM | (string) | (OpenID/SSO) Claim key to use for user name, defaults to name | |
| ANKA_ROOT_CERT | (string) | (Certificate Authentication) Alias of ca-cert | |
| ANKA_ROOT_TOKEN | (string) | Sets the basic auth token that will be used for accessing the Controller UI and API (username is ‘root’). | |
| ANKA_SKIP_ETCD_TLS_VERIFICATION | (boolean) | (ETCD Certificate Authentication) Don’t verify ETCD TLS certificates (for self signed certificates). | false |
| ANKA_USE_ETCD_LOGIN | (boolean) | (ETCD Certificate Authentication) Enable ETCD client login with username and password. | false |
| ANKA_USE_ETCD_TLS | (boolean) | (ETCD Certificate Authentication) Use TLS certificates for authentication with ETCD cluster. | false |
Separate Queue Interface
This is an advanced feature, it allows you to have a second http interface that will be used only by the cluster’s Nodes
You must join your nodes with --skip-tests.Auto upgrading of the Agent running on your nodes/hosts will fail since the Agent is not downloadable through the queue interface. You must manually download the proper agent pkg from https://downloads.veertu.com/#anka/ and install it on your node/host.
| ENV | Type | Description | Default Value |
|---|---|---|---|
| ANKA_CLEAN_QUEUES_INTERVAL | (duration) | The interval to clean the queues (delete any tasks older than 24 hours), 0 to disable | 1h0m0s |
| ANKA_ENABLE_QUEUE_AUTH | (boolean) | Enable queue Authentication | false |
| ANKA_QUEUE_ADDR | (string) | The address to use for the queue (format: “0.0.0.0:[port]”) | |
| ANKA_QUEUE_CA_CERT | (string) | The HTTPS/TLS CA cert for the queue | |
| ANKA_QUEUE_SERVER_CERT | (string) | The HTTPS/TLS certificate file in PEM format for the queue | |
| ANKA_QUEUE_SERVER_KEY | (string) | The HTTPS/TLS private key in PEM format for the queue | |
| ANKA_USE_QUEUE_TLS | (boolean) | Enable queue HTTPS/TLS | false |
Performance / Task Management
| ENV | Type | Description | Default Value |
|---|---|---|---|
| ANKA_BATCH_TASK_COUNT | (int) | The number of tasks to get from the queue in one request (max 40) | 2 |
| ANKA_DIAL_TIMEOUT | (duration) | set http dial timeout | 5s |
| ANKA_ETCD_REQUEST_TIMEOUT | (duration) | Client side timeout for ETCD requests | 20s |
| ANKA_INSTANCE_ACTIVE_TIMEOUT | (duration) | How long before an instance is declared as ’not communicating' | 2m0s |
| ANKA_MAX_IDLE_CONNECTION_PER_HOST | (int) | set mac idle connections per host | 50 |
| ANKA_NODE_ACTIVE_TIMEOUT | (duration) | How long before a node is declared as ‘offline’ | 2m0s |
| ANKA_NUM_HTTP_RETRIES | (int) | Number of times to retry on http error > 400 | 5 |
| ANKA_REQUEST_TIMEOUT | (duration) | set http request timeout | 15s |
| ANKA_SCHEDULER_INTERVAL | (duration) | The interval for checking scheduled tasks | 30m0s |
| ANKA_TLS_HANDSHAKE_TIMEOUT | (duration) | set tls handshake timeout | 5s |
Internal
These are used internally. It’s recommended that you don’t modify them unless absolutely necessary
| ENV | Type | Description | Default Value |
|---|---|---|---|
| ANKA_ALLOW_CORS | (boolean) | Add Access-Control-Allow-Origin to all routes | false |
| ANKA_NO_NODE_UPGRADES | (boolean) | Set this flag to true to turn off automatic node upgrade | false |
| ANKA_VRAMTHRESHOLD | (float) | The minimum RAM percentage threshold to use for the UI graph | 0 |
Other
| ENV | Type | Description | Default Value |
|---|---|---|---|
| ANKA_ALLOW_EMPTY_REGISTRY | (boolean) | Allow controller to start without an external registry address (not recommended) | false |