Advanced Configurations

There are many additional configurations that can be added to the scalr-server.rb to add proxies, ldap authentication, session timeouts , etc. The following matrix is a list of possible additions to the scalr-server.rb. See an example of how these parameters can be added to the scalr-server.rb: https://github.com/scalr-tutorials/scalr-server-configuration/blob/master/scalr-server.rb_example

Proxy

Parameter Description Type Example value(s) Default value
scalr.connections.proxy.host The proxy host Scalr should use to communicate with cloud APIs using a proxy. String hostname, “127.0.0.1” localhost
scalr.connections.proxy.port The proxy port Scalr should use. Integer valid TCP port 3128
scalr.connections.proxy.user The proxy username Scalr should use. String scalr  
scalr.connections.proxy.pass The proxy password Scalr should use. String s3cur3pa55w0rd  
scalr.connections.proxy.type Proxy type to use. Integer 0 = HTTP 4 = SOCKS4 5 = SOCKS5 0
scalr.connections.proxy.authtype Type of authentication to use. Integer 1 = Basic Auth 2 = Digest Auth 4 = GSSNeg 8 = NTLM -1 = Any auh type 1
scalr.connections.proxy.use_on What the proxy should be used for. String both = Server & Agent “scalr” = Server only “instance” = Agent only scalr
scalr.%PLATFORM%.use_ proxy Whether Scalr should use a proxy when communicating with the specified cloud platform. Substitute %PLATFORM% with one of the following values: hpcloud, mirantis, azure, aws, openstack, cloudstack, idcf, ocs, rackspacenguk, rackspacengus, cisco, vmware, vio Boolean true, false / Platform Values: “hpcloud”, “mirantis”, “azure”, “ec2”, “openstack”, “cloudstack”, “idcf”, “gce”, ” ocs”, “rackspacenguk”, “rackspacengus”, “cisco” , “vmware”, “vio” FALSE
scalr.system.webhooks.use_proxy Whether Scalr should use a proxy when sending requests using Webhooks . Boolean true, false FALSE

SSL

Parameter Description Type Example value(s) Default value
proxy[:ssl_enable] Whether to enable SSL on the proxy Boolean true, false - See link above for full example false
proxy[:ssl_redirect] Whether the proxy should redirect HTTP requests to HTTPS (make sure you have a valid cert if you leave this to true!) Boolean true, false - See link above for full example false
proxy[:ssl_cert_path] Path to a SSL cert the proxy should use (this needs to be readable by the scalr-app user) String ‘/path/to/the/cert’ - See link above for full example  
proxy[:ssl_key_path] Path to a corresponding SSL key the proxy should use (same as above) String ‘/path/to/the/key’ - See link above for full example  

LDAP

Parameter Description Type Example value(s) Default value
scalr.auth_mode The authentication mode that Scalr should use. String scalr = Password auth “ldap” = LDAP auth “saml” = SAML auth scalr
scalr.connections. ldap .host The host Scalr should connect to for LDAP authentication. This should be a reachable LDAP server. String hostname, “1.2.3.4”  
scalr.connections.ldap.port The port Scalr should connect to for LDAP authentication. Integer valid TCP port 389
scalr.connections.ldap.base_dn The base DN for users. String valid base DN DC=scalr,DC=local
scalr.connections.ldap.base_dn_groups The base DN for groups. String valid base DN OU=All Groups,DC=scalr,DC=local
scalr.connections.ldap.user A fully qualified username for an administrator of the LDAP server, if you intend to use API with LDAP auth. String valid admin LDAP user  
scalr.connections.ldap.pass Password for the LDAP administrator. See scalr.connections.ldap.user String valid admin LDAP pass  
scalr.connections.ldap.group_nesting Whether Scalr should use group nesting in LDAP. Boolean true, false TRUE
scalr.connections.ldap.domain The default domain Scalr should append to usernames when users omit their domain as they login to Scalr. This is only used when scalr.connections.ldap.bind_type is set to simple . String   If not specified, then Scalr will concatenate the domain components used in scalr.connections.ldap.base_dn . For example, if scalr.connections.ldap.base_dn is set to DC=scalr,DC=local , then scalr.connections.ldap.domain will default to scalr.local
scalr.connections.ldap.bind_type The bind type Scalr should use. This can be set to regular or simple . String regular = Login name only “simple” = Full Name Display Name or SAMAccountName “openldap” = Set to this when using openldap regular
scalr.connections.ldap.mail_attribute The name of the attribute that contains a user’s email address on the LDAP server. String valid LDAP attribute  
scalr.connections. ldap .fullname_attribute The name of the attribute that contains a user’s fullname on the LDAP server. String   displayName
scalr.connections.ldap. username_attribute The name of the attribute that contains a user’s username on the LDAP server. String    
scalr.connections.ldap. groupname_attribute The name of the attribute that contains a user’s groups on the LDAP server. String    
scalr.connections.ldap.debug Whether or not to enable debug mode (logging) for LDAP. Boolean true, false FALSE
scalr.connections.ldap.filter.users The filter that Scalr should use for LDAP user queries. String   (&(objectCategory=person)(objectClass=user))
scalr.connections.ldap.filter.groups The filter that Scalr should use for LDAP group queries. String   (&(objectClass=group))
scalr.connections.ldap.group_member_attribute_type Only used if bind_type is set to “openldap”. Specifies how group membership is represented. String unit_netgroup or “regular” or “user_dn” regular
scalr.connections.ldap.group_displayname_attribute The name of the attribute that contains the group displayname String    

SAML

Parameter Description Type Example value(s) Default value
scalr.connections.saml.strict If true, then Scalr will reject unsigned or unencrypted messages if it expects them to be signed or encrypted. Also it will reject the messages if the SAML standard is not strictly followed: Destination, NameId, Conditions … are validated too. Boolean true, false TRUE
scalr.connections.saml.debug If true, errors will be displayed in the Scalr UI. Boolean true, false FALSE
scalr.connections.saml.auto_redirect If true, users will be automatically redirected on auth and will not be presented with a “Login” button. Boolean true, false FALSE
scalr.connections.saml.idp.entity_id Identifier of the IdP entity. Must be a URI. String https://idp.domain/saml/metadata  
scalr.connections.saml.idp.single_sign_on_service.url URL Target of the IdP where the Scalr will send the Authentication Request Message. String https://your-labs.idp.domain/trust/saml2/http-post/sso  
scalr.connections.saml.idp. single_sign_on_service.binding SAML protocol binding to be used when returning the <Response> message. String urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect  
scalr.connections.saml.idp.single_logout_service.url URL Location of the IdP where the Scalr will send the SLO Request. String https://your-labs.idp.domain/trust/saml2/http-redirect/slo  
scalr.connections.saml.idp. single_logout_service.binding SAML protocol binding to be used when returning the <Response> message. String urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect  
scalr.connections.saml.idp.x509cert Public x509 certificate of the IdP. String daksjhdaksjdhakljl  
scalr.connections.saml.idp.cert_fingerprint Instead of useing the whole x509cert you can use a fingerprint in order to validate a SAMLResponse. Example to generate sha256 fingerprint: openssl x509 -noout -fingerprint -sha256 -in “idp.crt” String AA:BB:CC:DD:EE:FF  
scalr.connections.saml.idp.cert_fingerprint_algorithm Tell Scalr which algorithm was used to generate the fingerprint. String sha256, sha384 or sha512 sha256
scalr.connections.saml.mapping.groups Used to override standard mapping for SAML assertion attributes.  This is used to set the name of the Groups attribute to use in SAML Assertion. String   Groups
scalr.connections.saml.mapping.separator Used to override standard mapping for SAML assertion attributes.  This is used to set the Groups separator. String   ,
scalr.connections.saml.sp.assertion_consumer_service.binding Specifies info about where and how the <AuthnResponse> message MUST be returned to the requester, in this case our Service Provider. SAML protocol binding to be used when returning the <Response> message. It supports HTTP-POST binding only. String urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
scalr.connections.saml.sp.single_logout_service.binding SLO endpoint info of the IdP. SAML protocol binding to be used when returning the <Response> message. It supports the HTTP-Redirect binding only for this endpoint. String urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
scalr.connections.saml.sp.name_id_format Specifies the constraints on the name identifier to be used to represent the requested subject. String urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified
scalr.connections.saml.sp.entity_id Configures override SP entity id endpoint url, typically for ADFS that will not support “?” character in our default URL String https://your.scalr.host/public/saml/metadata https://your.scalr.host/public/saml?metadata
scalr.connections.saml.sp.x509cert Certificate to use for the Service Provider. String skjdhasdkjashdjkhsad  
scalr.connections.saml.sp.private_key Private key to use for the Service Provider String abcdefghijklmnopqrstuvwxyz  
scalr.connections.saml.security.name_id_encrypted Indicates whether the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted. Boolean true, false FALSE
scalr.connections.saml.security.authn_requests_signed Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. Boolean true, false FALSE
scalr.connections.saml.security.logout_request_signed Indicates whether the <samlp:logoutRequest> messages sent by this SP will be signed. Boolean true, false FALSE
scalr.connections.saml.security.logout_response_signed Indicates whether the <samlp:logoutResponse> messages sent by this SP will be signed. Boolean true, false FALSE
scalr.connections.saml.security.sign_metadata Sign the Metadata. If true it will use SP certs and they must be provided. Boolean true, false FALSE
scalr.connections.saml.security.want_messages_signed Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and <samlp:LogoutResponse> elements received by this SP to be signed. Boolean true, false FALSE
scalr.connections.saml.security.want_assertions_signed Indicates a requirement for the <saml:Assertion> elements received by this SP to be signed. Boolean true, false FALSE
scalr.connections.saml.security.want_name_id_encrypted Indicates a requirement for the NameID received by this SP to be encrypted. Boolean true, false FALSE
scalr.connections.saml.security.requested_authn_context Set to false and no AuthContext will be sent in the AuthNRequest, Set true and you will get an AuthContext ‘exact’ ‘urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport’ Set an array with the possible auth context values. Boolean or Array true, false or [” urn:oasis:names:tc:SAML:2.0:ac:classes:Password “, ” urn:oasis:names:tc:SAML:2.0:ac:classes:X509 “] TRUE
scalr.connections.saml.security.want_xml_validation Indicates if the SP will validate all received xmls. (In order to validate the xml, ‘strict’ and ‘want_xml_validation’ must be true). Boolean true, false TRUE
scalr.connections.saml.security.signature_algorithm Algorithm that Scalr will use on signing process. String sha256, sha384 or sha512 sha256

Logging

Parameter Description Type Example value(s) Default value
scalr.system.scripting.logs_storage The location where Scalr should store Orchestration Log . String scalr = On Scalr server “instance” = On affected instance instance
scalr.system.scripting.default_instance_log_rotation_period The default duration (in seconds) logs should be kept when stored on instances. Users can override this setting in the Farm Designer: Advanced Tab - Orchestration . Integer 1-99999 3600
scalr. log ger.audit.enabled Whether the audit log should be enabled. Boolean true, false FALSE
scalr.logger.audit.path Unix socket path or IP/Hostname to fluentd for audit log. String /path/to/socket.sock, “hostname” localhost
scalr.logger.audit.port Port that fluentd is listening on for the audit log. Integer any TCP/UDP port 8888
scalr.logger.audit.proto Protocol to use when communicating with fluentd for the audit log. String http, “tcp” “udp” http
scalr.logger.audit.timeout The connection to fluentd will timeout after this time has passed (in seconds) for the audit log. Integer 1-999 1
scalr.logger.audit.tag All audit logs will be tagged with this string. String   audit
scalr.logger.api.enabled Whether the API log should be enabled. Boolean true, false FALSE
scalr.logger.api.path Unix socket path or IP/Hostname to fluentd for API log. String /path/to/socket.sock, “hostname” localhost
scalr.logger.api.port Port that fluentd is listening on for the API log. Integer any TCP/UDP port 8888
scalr.logger.api.proto Protocol to use when communicating with fluentd for the API log. String http, “tcp”, “udp” http
scalr.logger.api.timeout The connection to fluentd will timeout after this time has passed (in seconds) for the API log. Integer 1-999 1
scalr.logger.api.tag All API logs will be tagged with this string. String   api
scalr.logger.user.enabled Whether the user log should be enabled. Boolean true, false FALSE
scalr.logger.user.path Unix socket path or IP/Hostname to fluentd for user log. String /path/to/socket.sock, “hostname” localhost
scalr.logger.user.port Port that fluentd is listening on for the user log. Integer any TCP/UDP port 8888
scalr.logger.user.proto Protocol to use when communicating with fluentd for the user log. String http, “tcp”, “udp” http
scalr.logger.user.timeout The connection to fluentd will timeout after this time has passed (in seconds) for the user log. Integer 1-999 1
scalr.logger.user.tag All user logs will be tagged with this string. String   user

API

Parameter Description Type Example value(s) Default value
scalr.system.api.enabled Whether the APIv2 should be enabled or not. Boolean true, false TRUE
scalr.system.api.oauth.enabled Set to true to enable oauth for the APIv2. Boolean true, false  
scalr.system.api.disable_v1 Set to true to disable APIv1 Boolean true, false FALSE
scalr.system.api.allowed_origins Defines which domain(s) to allow in the Access-Control-Allow-Origin header. This header is not sent by default. Array or String [” domain1.com “, ” domain2.com “] or “*” ~

Agent Update

Parameter Description Type Example value(s) Default value
scalr. scalarizr_update.mode The update mode for Scalarizr. client uses update.scalr.net for Scalarizr to discover new updates. solo uses a Scalr cronjob to notify Scalarizr of new updates. String client, “solo” client
scalr.scalarizr_update.ssl_verify_peer Sets SSL verification to true or false Boolean true, “false” TRUE
scalr.scalarizr_update.service.update_rate Sets the update rate for instances. By default it’s 900 servers / hour. Integer 90 900
scalr. scalarizr_update.default_repo The default repository to use for Scalarizr. Repositories must be defined as sub-keys of the key scalr. scalarizr_update.repos . The default repository must exist in the repos list. By default two repositories exist in scalr. scalarizr_update.repos , named stable and latest . They point to repo.scalr.net . They will be overridden if you specify a repo with the same name in your configuration. Users can override this setting at the Farm or Farm Role scope. String latest, “stable” stable
scalr. scalarizr_update.repos.[repo_name]. deb_repo_url The URL for this repository’s Debian Scalarizr packages. String http://repo.scalr.net/apt-plain stable/  
scalr. scalarizr_update.repos.[repo_name]. rpm_repo_url The URL for this repository’s RPM Scalarizr packages. String http://repo.scalr.net/rpm/stable/rhel/$releasever/$basearch  
scalr. scalarizr_update.repos.[repo_name]. win_repo_url The URL for this repository’s Windows Scalarizr packages. String http://repo.scalr.net/win/stable  
scalr.scalarizr_update.use_proxy Boolean true, “false” false  

VMware

Parameter Description Type Example value(s) Default value
scalr.vmware.datastore_vm_launch_buffer Configures the amount of free storage (in GB) that should be available on a datastore to launch the instance. Before launching an instance we will check that datastore has required_space (template+additional disks) + configure buffer. Integer 200, 300  
scalr.vmware.placement.host_metrics_weight.cpu Configures CPU metrics weight for VMware computer resource automatic placement.  Higher values for this setting hold more weight in automatic selection. Integer 1, 2  
scalr.vmware.placement.host_metrics_weight.memory Configures memory metrics weight for VMware computer resource automatic placement.  Higher values for this setting hold more weight in automatic selection. Integer 1, 2  
scalr.vmware.placement.host_metrics_weight.disk Configures disk metrics weight for VMware computer resource automatic placement.  Higher values for this setting hold more weight in automatic selection. Integer 1, 2  

Uncategorized

Parameter Description Type Example value(s) Default value
scalr.system.scripting.default_abort_init_on_script_fail The default for the option to fail Servers when a Blocking BeforeHostUp Script fails. Users can override this setting in the Farm Designer: Advanced Tab - Orchestration . Boolean true, false FALSE
scalr.system.global_variables.format Formatting for Scalr System Global Variables . This should be a mapping of Scalr System Global Variables names to the format that should be used for them. The format string should be a printf format string . Note: System GVs MUST be uppercase. Mapping app[:configuration] = { “scalr” => { “system” => { “global_variables” => { “format” => { “SCALR_CLOUD_SERVER_ID” => “%.15s”, } } }}} or app[:configuration] = {“scalr” => {“system” => { “global_variables” => { “format” => { “SCALR_INSTANCE_FARM_INDEX” => “%03d”, “SCALR_EVENT_INSTANCE_FARM_INDEX” => “%03d” } } }}} {}
scalr.email.address The Email Address Scalr should use for outbound email notifications. String email@example.com  
scalr.email.name The From Name Scalr should use for outbound email notifications. String My Name  
scalr.gce.instance_username Optionally configure a custom username for GCE instances String cloud-user scalr
scalr.azure.instance_username Optionally configure a custom username for Azure instances String Administrator scalr
scalr.azure.api_client.timeout Optionally configure an override for Azure API client timeout.  Value in seconds. Integer 60 30
scalr. %PLATFORM% .instances_connection_policy Controls the instances connection policy on a per-cloud basis. “auto” tries the public IP and fallbacks to the private IP if the server has no public IP. Substitute %PLATFORM% with one of the following values: hpcloud, mirantis, azure, ec2, openstack, cloudstack, idcf, gce, ocs, rackspacenguk, rackspacengus, cisco, vmware, vio String public, “local”, “auto” auto
scalr.ui.login_warning Warning text to be displayed to users on the login page.  Formatted with HTML tags. String You are accessing a secure system.  <p>Unauthorized use may result in disciplinary action.</p> By using this information system, you understand and consent to the following: <ul><li>You have no expectation of privacy on this system. </li> <li>At any time we may monitor data transiting or stored on this system.</li></ul> * scalr.ui.support_url The URL the support button should link to in Scalr. String https://groups.google.com/d/forum/scalr-discus s”  
scalr.ui.recaptcha.public_key The public key Scalr should use for reCAPTCHA login bruteforce protection. String    
scalr.ui.recaptcha.private_key The private key Scalr should use for reCAPTCHA login bruteforce protection. String    
scalr.security.user.session.timeout Scalr UI will be locked if a user has been inactive for the defined period of time. String   +30 minutes
scalr.security.user.session.lifetime Session will expire after this time, regardless of activity. String +8 hours  
scalr.security.user.session.cookie_lifetime If user chooses to “remember me” upon login, the session cookie will be kept this long. String   +8 hours
scalr.security.user.suspension. inactivity_days Suspend user accounts that have not been used for this number of days. (0=disable) Integer   +30 days
scalr.security.user.suspension. failed_login_attempts User account will be suspended after this number of failed login attempts. (0=disable) Integer   10
scalr.%PLATFORM%.action_on_missing_server Defines what action should be taken if the cloud API reports a server missing compared to what’s in the Scalr Database. Substitute %PLATFORM% with one of the following values: hpcloud, mirantis, azure, ec2, openstack, cloudstack, idcf, gce, ocs, rackspacenguk, rackspacengus, cisco, vmware, vio String terminate = Terminate instance “flag” = Mark as missing “ignore” = Ignore terminate
scalr.%PLATFORM%.action_on_failed_server Defines what action should be taken if the cloud API reports a server as failed compared to what’s in the Scalr Database. Substitute %PLATFORM% with one of the following values: hpcloud, mirantis, azure, ec2, openstack, cloudstack, idcf, gce, ocs, rackspacenguk, rackspacengus, cisco, vmware, vio String terminate = Terminate instance “alert” = Same as Ignore, but will later support additional alerts in the UI “ignore” = Ignore terminate
scalr.allowed_clouds List of Cloud Platforms that are available in this Scalr installation. Array [“hpcloud”, “mirantis”, “azure”, “ec2”, “openstack”, “cloudstack”, “idcf”, “gce”, ” ocs”, “rackspacenguk”, “rackspacengus”, “cisco”, “vmware”, “vio”] [“hpcloud”, “mirantis”, “azure”, “ec2”, “openstack”, “cloudstack”, “idcf”, “gce”, ” ocs”, “rackspacenguk”, “rackspacengus”, “cisco” , “vmware”, “vio” ]
scalr.license_manager.use_proxy Sets the License manager to use proxy Boolean true, false FALSE
scalr.license_manager.ssl_verify Sets the License manager to verify ssl Boolean true, false TRUE
scalr.system.server_terminate_timeout Length of time for a server to go into a terminated state String auto, +3 minutes. Auto will terminate the servers as soon as the BeforeHostTerminate scripts have completed +3 minutes
scalr.system.ownership_model Determine whether a user or user and team is required when creating resources string user or user_and_teams / the default is ‘user’