Supervisor Configuration File
Generate a Supervisor configuration file and use it to set any of the 40+ Supervisor configuration settings instead of configuring them on the command line.
Chef Habitat looks for Supervisor configuration settings in four locations and applies them in order, which means that settings defined in later locations overwrite earlier ones.
hab sup run --generate-config
hab sup run --generate-config > config.toml
The Supervisor settings look-up order:
- The fixed config file location
/hab/sup/default/config/sup.toml
on the Supervisor - Files passed with the command,
hab sup run --config-files /config/file1.toml /config/file2.toml
, where- You can pass more than one file command
- The settings in the later files overwrite those from the earlier, which means that for the same settings specified in both files in the command
hab sup run --config-files /config/file1.toml /config/file2.toml
, you will end up with the settings fromfile2.toml
applied to the Supervisor
- From environment variables, if they exist
- From settings passed from the
hab sup run
command
### The listen address for the Gossip Gateway
listen_gossip = "0.0.0.0:9638"
### Start the supervisor in local mode
local_gossip_mode = false
### The listen address for the HTTP Gateway
listen_http = "0.0.0.0:9631"
### Disable the HTTP Gateway completely
http_disable = false
### The listen address for the Control Gateway
listen_ctl = "127.0.0.1:9632"
### The organization the Supervisor and its services are part of
organization = "my-org"
### The listen address of one or more initial peers (IP[:PORT])
peer = ["1.1.1.1:9632", "2.2.2.2:9632", "3.3.3.3:9632"]
### Make this Supervisor a permanent peer
permanent_peer = false
### Watch this file for connecting to the ring
peer_watch_file = "/path/to/file"
### Cache for creating and searching for encryption keys
cache_key_path = "/path/to/file"
### The name of the ring used by the Supervisor when running with wire encryption
ring = "my-ring"
### Use the package config from this path rather than the package itself
config_from = "/path/to/file"
### Enable automatic updates for the Supervisor itself
auto_update = false
### The private key for HTTP Gateway TLS encryption
###
### Read the private key from KEY_FILE. This should be an RSA private key or PKCS8-encoded private key in PEM format.
key_file = "/path/to/file"
### The server certificates for HTTP Gateway TLS encryption
###
### Read server certificates from CERT_FILE. This should contain PEM-format certificates in the right order. The first certificate should certify KEY_FILE. The last should be a root CA.
cert_file = "/path/to/file"
### The CA certificate for HTTP Gateway TLS encryption
###
### Read the CA certificate from CA_CERT_FILE. This should contain PEM-format certificate that can be used to validate client requests
ca_cert_file = "/path/to/file"
### Load a Habitat package as part of the Supervisor startup
###
### The package can be specified by a package identifier (ex: core/redis) or filepath to a Habitat artifact (ex: /home/core-redis-3.0.7-21120102031201-x86_64-linux.hart).
pkg_ident_or_artifact = "core/redis"
### Verbose output showing file and line/column numbers
verbose = false
### Turn ANSI color off
no_color = false
### Use structured JSON logging for the Supervisor
###
### This option also sets NO_COLOR.
json_logging = false
### The IPv4 address to use as the `sys.ip` template variable
###
### If this argument is not set, the supervisor tries to dynamically determine an IP address. If that fails, the supervisor defaults to using `127.0.0.1`.
sys_ip_address = "1.2.3.4"
### The name of the application for event stream purposes
###
### This will be attached to all events generated by this Supervisor.
event_stream_application = "my-app"
### The name of the environment for event stream purposes
###
### This will be attached to all events generated by this Supervisor.
event_stream_environment = "my-env"
### Event stream connection timeout before exiting the Supervisor
###
### Set to '0' to immediately start the Supervisor and continue running regardless of the initial connection status.
event_stream_connect_timeout = 60
### The event stream connection url used to send events to Chef Automate
###
### This enables the event stream and requires EVENT_STREAM_APPLICATION, EVENT_STREAM_ENVIRONMENT, and EVENT_STREAM_TOKEN also be set.
event_stream_url = "nats://127.0.0.1:4222"
### The name of the site where this Supervisor is running for event stream purposes
event_stream_site = "my-site"
### The authentication token for connecting the event stream to Chef Automate
event_stream_token = "my-token"
### An arbitrary key-value pair to add to each event generated by this Supervisor
event_meta = ["my-key1=my-val1", "my-key2=my-val2", "abc=123"]
### The path to Chef Automate's event stream certificate used to establish a TLS connection
###
### The certificate should be in PEM format.
event_stream_server_certificate = "/path/to/file"
### Automatically cleanup old packages
###
### The Supervisor will automatically cleanup old packages only keeping the KEEP_LATEST_PACKAGES latest packages. If this argument is not specified, no automatic package cleanup is performed.
keep_latest_packages = 1
### Receive updates from the specified release channel
channel = "my-channel"
### Specify an alternate Builder endpoint. If not specified, the value will be taken from the HAB_BLDR_URL environment variable if defined. (default: https://bldr.habitat.sh)
bldr_url = "https://my-bldr.url"
### The service group with shared config and topology
group = "my-group"
### Service topology
topology = "leader"
### The update strategy
strategy = "at-once"
### The condition dictating when this service should update
###
### latest: Runs the latest package that can be found in the configured channel and local packages.
###
### track-channel: Always run what is at the head of a given channel. This enables service rollback where demoting a package from a channel will cause the package to rollback to an older version of the package. A ramification of enabling this condition is packages newer than the package at the head of the channel will be automatically uninstalled during a service rollback.
update_condition = "track-channel"
### The minimum duration in seconds to wait before restarting a service due to a init / run hook failure.
###
### The default value if this config is absent is 0 seconds to preserve legacy supervisor behavior.
service_min_backoff_period = 10
### The maximum duration in seconds to wait before restarting a service due to init / run hook failure.
###
### The default value if this config is absent is 0 seconds to preserve legacy supervisor behavior.
service_max_backoff_period = 180
### The duration of time in seconds to wait before resetting the current backoff duration to the 'service_min_backoff_period'.
### This is important because it ensures that the supervisor handles potential failures during restart correctly.
### If the cooldown period is not long enough, a slow service may still be restarting after the cooldown period has passed.
### If a service fails during restart but after the cooldown period has passed, the service will not backoff correctly before the following restart.
###
### The default value if this config is absent is 300 seconds.
service_restart_cooldown_period = 300
### One or more service groups to bind to a configuration
bind = ["port:redis.default"]
### Governs how the presence or absence of binds affects service startup
###
### strict: blocks startup until all binds are present.
binding_mode = "strict"
### The interval in seconds on which to run health checks
health_check_interval = 60
### The delay in seconds after sending the shutdown signal to wait before killing the service process
###
### The default value can be set in the packages plan file.
shutdown_timeout = 10