ivy.yaml

[engineDir]/configuration/reference/ivy.yaml

  1#
  2# -------------------------------------------
  3# Axon Ivy Engine Configuration
  4# -------------------------------------------
  5# 
  6# This file shows configurations of the Axon Ivy Engine and its external systems.
  7# https://developer.axonivy.com/doc/9.3/engine-guide/configuration/
  8#
  9# Copy contents of this reference file to 'configuration/ivy.yaml' before adjusting
 10# them to your needs.
 11# https://developer.axonivy.com/doc/9.3/engine-guide/configuration/files/ivy-yaml.html
 12#
 13# By default the engine is pre-configured to run in demo mode.
 14# To run an engine in a productive environment at least the system database
 15# must be configured.
 16#
 17# SECRETS / PASSWORDS:
 18# Any configuration value can be encrypted just by enclosing it with "${encrypt:}".
 19# * to encrypt the string myPassword write "${encrypt:myPassword}"
 20#   https://developer.axonivy.com/doc/9.3/engine-guide/configuration/advanced-configuration.html#passwords
 21#
 22# OVERRIDING:
 23# Any configuration value provided here can be set in alternative sources. 
 24# * environment variables: of the operating system can set app config entries. 
 25#    Their key must be prefixed with 'IVY_'. 
 26#    E.g. use 'IVY_SYSTEMDB_URL' to override the jdbc driver url.
 27#    https://developer.axonivy.com/doc/9.3/engine-guide/configuration/advanced-configuration.html#overriding-configuration
 28#
 29
 30
 31
 32# == System Database Settings == 
 33#
 34# Axon Ivy requires a System Database to store the state of running workflow applications.
 35#
 36# Unless you run the engine in Demo mode, a valid System DB driver, url and the user+password credentials
 37# that are able to connect to the database are mandatory.
 38# 
 39# [restart required]
 40SystemDb:
 41  # JDBC URL
 42  Url: ""
 43  # Name of the user to connect to system database. E.g. root, sa, admin, ivy, AxonIvy
 44  # e.g. root
 45  UserName: ""
 46  # Password of the user to connect to the system database.
 47  # e.g. "${encrypt:1234}"
 48  # [password]
 49  Password: ""
 50  # If set to true the system database is automatically converted to the latest version during startup of the Axon Ivy Engine if needed.
 51  Autoconvert: false
 52  # Defines how long ivy should wait (in seconds) at startup for the availability of the db server
 53  BootTimeout: 60
 54  # JDBC Driver. If not set, it is auto determined based on the JDBC URL.
 55  Driver: ""
 56  # Additional driver specific connection properties.
 57  DriverProperties: {}
 58  # Maximum number of connections to the system database.
 59  MaxConnections: 50
 60
 61
 62
 63# == Adminstrators ==
 64#
 65# Administrators can configure, monitor and manage the Axon Ivy Engine.
 66#
 67# Email is used to send info mails like license expiration
 68# FullName is used to display a nice name for this user.
 69# 
 70# You should hash the password with "${hash:mySecret}".
 71# The real password cannot be recovered from the hash.
 72#
 73# Default administrator in demo mode is 'admin' with password 'admin'
 74#Administrators:
 75#  #Example admin user with username james and password mySecret
 76#  james: 
 77#    Password: "${hash:mySecret}"
 78#    Email: info@localhost
 79#    FullName: James David
 80
 81
 82
 83# == Base Url ==
 84#
 85# Web address of the Axon Ivy Engine installation, such as https://yourdomain/.
 86# This value is used to let ivy know how to refer to itself, ie. to create links in emails.
 87# This is necessary because ivy cannot reliably detect such a URL from within itself.
 88BaseUrl: ""
 89
 90
 91
 92# == Single Sign-on ==
 93#
 94# Single Sign-on allows to auto login users. Therefore a reverse proxy
 95# in front of the Axon Ivy Engine must be installed which is responsible to authenticate
 96# the user. The name of the user must then be transmitted as HTTP header.
 97# Attention: Ensure exclusive access to the Axon Ivy Engine otherwise
 98# attackers can easily login as another user.
 99# https://developer.axonivy.com/doc/9.3/engine-guide/integration/single-sign-on
100# [restart required]
101SSO:
102  # Whether SSO is enabled or not
103  Enabled: false
104  # name of the HTTP header with the username which must be set by the reverse proxy
105  UserHeader: X-Forwarded-User
106
107
108
109# == Deployment Setting ==
110#
111Deployment:
112  # Directory where the server watches for files to deploy.
113  # https://developer.axonivy.com/doc/9.3/engine-guide/deployment
114  #
115  # You may want to use a UNC path to specify a remote network location.
116  Directory: deploy
117  
118  Backup:
119    # The number of backups of deployed projects that are kept on disk 
120    # n < 0: infinite number of backups are kept
121    # n = 0: No backups are made or kept
122    # n > 0: Number of backups that are kept.
123    Keep: 5
124
125
126
127# == Data Settings ==
128#
129Data:
130  # Folder where applications are stored, unless otherwise defined in the deployment.
131  # To change this path, proceed as follows...
132  #   1. Adjust the path to point to its new location
133  #   2. Stop the running Engine immediatelly to avoid files being written to the old location
134  #   3. Move the existing applications to this new directory
135  #   4. Start the engine
136  # Absolute paths and relative paths are supported
137  # In demo mode not configurable and set to: [Data.WorkDirectory]/demo-applications
138  # [restart required] for existing apps
139  AppDirectory: applications
140  # Root folder where application files are stored.
141  # A change in this setting will NOT automatically move existing application files to the new location.
142  # A change will require to manually move existing files to the new directory.
143  # Absolute and relative (to the engine root directory) paths are supported.
144  # If not set the files will be stored underneath each application's file directory.
145  # [restart required] for existing apps
146  FilesDirectory: ""
147  # Directory where the server writes temporary working files to.
148  # [restart required]
149  WorkDirectory: work
150
151
152# == Data Cache Settings ==
153#
154DataCache:
155  # Invalidate data cache groups and entries. Checks if the lifetime of caches has ended and invalidates them.
156  # You can set the delay in milliseconds between each check. This delay has to be greater than 0.
157  InvalidationInterval: 60000
158
159
160# == Elasticsearch Settings ==
161#
162# Axon Ivy uses an Elasticsearch instance to provide a fast query interface against BusinessData.
163# The bundled instance is started on demand, in a separate JVM, when an API request needs it.
164#
165# You can operate Axon Ivy with the bundled Elasticsearch server or with your own external Elasticsearch cluster.
166#
167# [restart required] except for UserName and Password of ExternalServer
168Elasticsearch:
169  # The bundled Elasticsearch server...
170  # - is started in a separate JVM when a feature requires BusinessData access.
171  # - reachable only on 'localhost' but the access is unprotected. 
172  # - JVM arguments used to start the bundled Elasticsearch server can be 
173  #   configured in the 'elasticsearch/config/jvm.options' file.
174  BundledServer:
175    # Path to the directory where the bundled Elasticsearch server stores data.
176    # It is recommended to configure a data directory that is located outsite of the Engine 
177    # installation directory to ease the Engine migration to newer versions.
178    DataPath: elasticsearch/data
179    # Name of the cluster of the bundled Elasticsearch server.
180    ClusterName: ivy-elasticsearch-{uid}
181    # Whether the bundled Elasticsearch server should be started lazy or not.
182    # If set to true the bundled Elasticsearch server will be started on first usage
183    # otherwise the Elasticsearch server will be started on engine startup.
184    LazyStart: false
185    # A free port in a certain port range is searched automatically.
186    # However, you can also fix the port by defining a port number.
187    Port: AUTO
188  
189  #
190  # Configure the URL of your own Elasticsearch server if you want to use it instead of the bundled server.
191  #
192  # To install your own Elasticsearch server follow these steps
193  # https://www.elastic.co/guide/en/elasticsearch/reference/current/setup.html
194  #
195  # Currently Axon Ivy supports Elasticsearch server versions in the 7.3.x range. 
196  # If your Elasticsearch server is running on another host, the access to that instance has to be protected.
197  # You can achieve that with a front-end webserver like NGINX that enforces basic authentication.
198  ExternalServer:
199    # Configure the URL of your own Elasticsearch server if you want to use it instead of the bundled server.
200    Url: ""
201    # Name of the user to use to authenticate in the external Elasticsearch server
202    UserName: ""
203    # Password of the user to use to authenticate in the external Elasticsearch server.
204    # e.g. "${encrypt:}"
205    # [password]
206    Password: ""
207    # Defines how long ivy should wait (in seconds) for the availability of the external Elasticsearch server while booting.
208    BootTimeout: 60
209  # For every business data type an Elasticsearch index will be created. E.g. for type ch.ivy.Dossier the index name is <NamePrefix>-ch.ivy.dossier.
210  Index:
211    # The name prefix of the index to use to store business data.
212    # If multiple ivy Engines use the same Elasticsearch server instance, you need to change this property, that every ivy Engine has an unique indices.
213    NamePrefix: ivy.businessdata
214    Reindex:
215      # The number of business data objects that should be read in one batch from the system database
216      ReadWindowSize: 1000
217      # The number of business data objects that should be write in one batch to Elasticsearch
218      WriteWindowSize: 1000
219      # The size of the queue that is used to store business data objects read from the database 
220      # until they are written to the Elasticsearch
221      QueueSize: 10000
222  # Configures the Elasticsearch client. The client is the ivy engine which communicates with Elasticsearch.
223  Client:
224    # Maximum seconds to wait until a connection to Elastisearch can be established.
225    ConnectTimeout: 10
226    # Maximum seconds to wait for data sent by Elastisearch. 
227    # Raise this value if large datasets are expected.
228    ReadTimeout: 30
229
230
231
232# == EMail Settings ==
233#
234EMail:
235  Server:
236    Host: ""
237    Port: -1
238    # Email address that will be used for emails sent by the server (e.g. task notification emails)
239    MailAddress: noreply@ivyserver.local
240    User: guest
241    # [password]
242    Password: ""
243    # [enum: NONE, START_TLS, SSL]
244    EncryptionMethod: NONE
245    SSL:
246      KeyAlias: ""
247      UseKey: false
248  DailyTaskSummary:
249    # Time of day when the task summary mails will be sent.
250    # The engine must be running at this time otherwise the daily task summary mails will not be sent.
251    # Format is hh:mm. e.g. "02:00" or "14:15"
252    # [daytime]
253    TriggerTime: "00:00"
254
255
256
257# == Show Error Messages To End Users Settings ==
258#
259# When an error occurs while processing a user request an error screen is displayed to the user. 
260# 
261# The displayed error page can be customized for your needs: 
262# https://developer.axonivy.com/doc/9.3/engine-guide/configuration/files/web-xml.html
263#
264Errors:
265  # Whether stacktraces, detailed error reports, etc. should be shown to end users.
266  #
267  # By default (false) we only show a unique 'Error Id'. This 'Error Id' can be used to find the error in the log files.
268  # 
269  # For security reasons normal users should not see technical implementation details.
270  # But in development or pre-production environments it might be save to show the full error
271  # details directly to the end user.
272  ShowDetailsToEndUser: false
273
274
275
276# == Persistence Setting ==
277#
278Persistence:
279  JPA:
280    # Persist ivyScript auto initialized fields with NULL values. Affects types are...
281    #  - ch.ivyteam.ivy.scripting.objects.Date
282    #  - ch.ivyteam.ivy.scripting.objects.DateTime
283    #  - ch.ivyteam.ivy.scripting.objects.Time
284    # If this option is disabled auto initialized values are stored as before Axon Ivy 6.4.
285    defaultInitializedAsNull: true
286
287
288
289# == Process Element Firing Statistic Settings ==
290#
291ProcessEngine:
292  FiringStatistic:
293    # If activated, a process element statistic is written periodically to the log-directory. If activated may slow down the server performance.
294    Active: false
295    # Interval in seconds the 'process element statistic' is written to the log directory
296    Interval: 300
297
298
299
300# == SSL Client Settings ==
301#
302SSL:
303  Client:
304    # A key store is used to read client keys (certificates). 
305    # This is only required if a remote server requests a client certificate in order to authenticate the client. 
306    KeyStore:
307      UseCustom: false
308      # [password]
309      KeyPassword: changeit
310      Algorithm: SunX509
311      File: configuration/keystore.p12
312      # [password]
313      Password: changeit
314      Provider: ""
315      Type: pkcs12
316    # A trust store is used to specify trusted server certificates or certificates of certification authorities. 
317    # An SSL client autenticates a server by using the certificates in a trust store. 
318    # Self signed or signed by an unknown certification authority can be added to this trustore. 
319    TrustStore:
320      File: configuration/truststore.p12
321      Algorithm: PKIX
322      # [password]
323      Password: changeit
324      Provider: ""
325      Type: pkcs12
326      # Full qualified class name of a trust manager class that is used to validate server certificates. 
327      # If configured the system trustore of the JVM and the configured trustore are not in charge.
328      ManagerClass: ""
329
330
331
332# == Workflow Settings ==
333#
334Workflow:
335  # Whether done cases and tasks can be seen by substitutes of the user who has worked on them.
336  # [enum: VISIBLE, INVISIBLE]
337  History.ForSubstitutes: VISIBLE
338
339
340# == Failure Behaviour ==
341#
342SystemTask:
343  # Defines the behaviour in case a system task fails. 
344  # [enum: FAIL_TASK_DO_RETRY, FAIL_TASK_DO_NOT_RETRY, DESTROY_TASK, DESTROY_CASE]
345  Failure.Behaviour: FAIL_TASK_DO_RETRY
346  # Interval in seconds between executions of the search job for system tasks.
347  # The job searches system tasks that were not executed because of failures.
348  SearchJob.Interval: 900
349
350
351
352# == Thread Pools Settings ==
353#
354ThreadPool:
355  # Executes process engine background operations like Database, WebService calls, etc.
356  BackgroundOperationExecutor:
357    # Minimum number of threads
358    CorePoolSize: 5
359    # Maximum number of threads
360    MaximumPoolSize: 200
361  # Executes unscheduled jobs
362  ImmediateJobExecutor:
363    # Minimum number of threads
364    CorePoolSize: 5
365    # Maximum number of threads
366    MaximumPoolSize: 50
367  # Executes scheduled jobs
368  ScheduledJobExecutor:
369    # Minimum number of threads
370    CorePoolSize: 5
371
372
373
374# == Update Checker Settings ==
375#
376# When newer Axon Ivy versions are available a message will be displayed on the Axon Ivy Engine main web page. 
377# The update message contains information about the new versions and where those can be downloaded. 
378#
379# While checking for new versions the following statistic information are sent to the update server. 
380# These information are only used to improve the product:
381# - Engine (version, up time)
382# - Configuration (number of: cluster nodes, users, licenced users, applications, process model, process model version, deleted process model version, running cases, running tasks)
383# - Licence information (number, organisation, individual)
384# - Operating system information (name, version, architecture, number of processors)
385# - System database (product name and version, driver, identification number)
386# - Java memory information (maximum heap memory, maximum non heap memory)
387# - JVM (Java virtual machine) information (version, vendor, name)
388# - Host information (host name, SHA-256 hashes of IP address and MAC address to identify the host without being able to read the original IP address and MAC address itself)
389#
390UpdateChecker:
391  #  Whether Update notification messages are shown and statistic information are sent to the update server 
392  Enabled: true
393  # Time of day when a update check will be executed
394  # The engine must be running at this time otherwise the update check will not be executed.
395  # Format is hh:mm. e.g. "02:00" or "14:15"
396  # [daytime]
397  ExecutionTime: ""
398
399
400
401Boot:
402  # Switch to maintencance mode if a configuration problem is detected during startup.
403  # If set to DISABLED you can explicit start the engine in maintenance mode by using the command line option '-maintenance'.
404  # [enum: AUTO, DISABLED]
405  MaintenanceMode: AUTO
406
407
408
409Cluster:
410  # The name of this node. 
411  # If not configured a random name is generated.
412  # The name of a node is also used as jvm route identifier, which is used by some load balancer to provide sticky sessions.
413  # https://developer.axonivy.com/doc/9.3/engine-guide/integration/cluster
414  # [restart required] 
415  NodeName: ""
416  # The name of the cluster. 
417  # It is used to find and communicate with other nodes of the same cluster.
418  # Multiple clusters located in the same network must have different cluster names. 
419  # Otherwise the nodes of both clusters find each other and build one cluster instead of two.  
420  # [restart required]
421  Name: "IvyCluster"