Docker container start up configuration parameters
Whenever you specify OVERRIDE_PRECONFIG=true or VAULT_CA=true, there are mandatory parameters that you need to specify, otherwise your container will not start. The following tables summarize the list of mandatory and optional parameters for each container.
Transaction server parameters when OVERRIDE_PRECONFIG=true
Parameter name | Description | Mandatory |
---|---|---|
TENANT | The name of the group that contains your set of environments. For example, MyCompany. | Yes. |
ENVIRONMENT | The name of the environment. For example, Non-production. | Yes. |
ENVTYPE | Then type of environment. For example, auth. | Yes. |
VAULT_TOKEN | The Vault token to use to connect to Vault and request certification from Vault PKI. | Yes if you are using Vault. |
VAULT_URL | The HTTP API endpoint to connect to Vault and request certification from Vault PKI. For example, http://Vault_IP:8200/v1. | Yes if you are using Vault. |
STOREWEB_HOST | The external store hostname that can be
used to access the store by a browser. If you are using DC/OS or
Kubernetes, this is the exposed hostname on the load balancer, such
as store.demoqaauth.cn.ibm.com. Note: If you have multiple
stores running on multiple domains, you can configure your
domains to redirect to STOREWEB_HOST to ensure that Management
Center store preview works for all stores. The Transaction
server will identify the different stores through the ID in the
store URL. |
Yes |
DBHOST | The database hostname. | Yes. Note: If the value is stored in Vault, you can ignore this
parameter. |
DBNAME | The name of the database. | Yes. Note: If the value is stored in Vault, you can ignore this
parameter. |
DBUSER | The database user name. | Yes. Note: If the value is stored in Vault, you can ignore this
parameter. |
DBPASS | The database user password. | Yes. Note: If the value is stored in Vault, you can ignore this
parameter. |
DBPORT | The database port. | Yes. Note: If the value is stored in Vault, you can ignore this
parameter. |
DBAUSER | The database administrator name. | Yes. Note: If the value is stored in Vault, you can ignore this
parameter. |
DBAPASSENCRTY | The database administrator encrypted password. | Yes. Note: If the value is stored in Vault, you can ignore this
parameter. |
ENABLE_DB_SSL | Determines whether to enable SSL protocol for connections to the database. Valid values are true or false. | Yes. |
DBHOST_LIVE | The database hostname in the live environment. | Yes for Transaction server on an authoring environment. Note: If
the value is stored in Vault, you can ignore this
parameter. |
DBNAME_LIVE | The name of the database in the live environment. | Yes for Transaction server on an authoring environment. Note: If
the value is stored in Vault, you can ignore this
parameter. |
DBPASS_LIVE | The database user password in the live environment. | Yes for Transaction server on an authoring environment. Note: If
the value is stored in Vault, you can ignore this
parameter. |
DBPORT_LIVE | The database port in the live environment. | Yes for Transaction server on an authoring environment. Note: If
the value is stored in Vault, you can ignore this
parameter. |
DBUSER_LIVE | The database user name in the live environment. | Yes for Transaction server on an authoring environment. Note: If
the value is stored in Vault, you can ignore this
parameter. |
MERCHANTKEY_ENCRYPT | The encrypted merchant key that was created when you or an administrator loaded the WebSphere Commerce database schema. For more information, see Loading the HCL Commerce database schema. | Yes. |
SPIUSER_PWD | The encrypted password for the 'spiuser'. For more information, see Setting the spiuser password in your Docker images | Yes. |
LOCALSTOREWEB | The web server host name of a local store if you migrated from HCL Commerce Version 7 or Version 8. | Yes if you are using a local store. |
adminPassword | The password for user configadmin, which is used to access the WebSphere Application Server Administrative Console. | No. |
TRACE_SPEC | Sets trace specifications. For more information about trace, see Trace components | No. |
BLUE_ID_SERVER | idaas.iam.ibm.com | No. |
KAFKA_SERVERS | Works with ZOOKEEPER_SERVERS if you want to configure the container to catch validation. | No. |
KAFKA_TOPIC_PREFIX | Used to compose the queue name for the cache invalidation. | No. |
ZOOKEEPER_SERVERS | Works with KAFKA_SERVERS, if you want to configure the container to catch validation. Remote Store just need it to set catch validation. | No. |
OIDC_CLIENT_ID | No Default Value, works with OIDC_CLIENT_SECRET to enable IBMid feature for single sign-on. | No. |
OIDC_CLIENT_SECRET | No Default Value, works with OIDC_CLIENT_ID to enable IBMid feature | No. |
BLUE_ID_PROVIDERHOST | The provider host for single sign-on. | No. |
SESSION_KEY_ENCRYPT | Encrypted session key. | No. |
SESSION_KEY_ENCRYPT | Encrypted session key. | No. |
Search server parameters when OVERRIDE_PRECONFIG=true
Parameter name | Description | Mandatory |
---|---|---|
TENANT | The name of the group that contains your set of environments. For example, MyCompany. | Yes. |
ENVIRONMENT | The name of the environment. For example, Non-production. | Yes. |
ENVTYPE | Then type of environment. For example, auth. | Yes. |
VAULT_TOKEN | The Vault token to use to connect to Vault and request certification from Vault PKI. | Yes if you are using Vault and pass VAULT_TOKEN and VAULT_URL. |
VAULT_URL | The Vault URL to use to connect to Vault and request certification from Vault PKI. | Yes if you are using Vault and pass VAULT_TOKEN and VAULT_URL. |
DBHOST | The database hostname. | Yes. Note: If the value is stored in Vault, you can ignore this
parameter. |
DBNAME | The name of the database. | Yes. Note: If the value is stored in Vault, you can ignore this
parameter. |
DBPASS | The database user password. | Yes. Note: If the value is stored in Vault, you can ignore this
parameter. |
DBPORT | The database port. | Yes. Note: If the value is stored in Vault, you can ignore this
parameter. |
DBUSER | The database user name. | Yes. Note: If the value is stored in Vault, you can ignore this
parameter. |
SOLR_MASTER SOLR_SLAVE |
SOLR_MASTER and SOLR_SLAVE work together to determine the search
node type. To configure the Search server container as:
|
Yes |
SOLR_MASTER_SERVER_URL | The IP and port of the search node to poll from.
|
Yes for the search-repeater on the live environment. |
SOLR_REPLICATION_POLLINTERVAL | The replication poll interval. | Yes for the search-subordinate on the live environment. |
WORKAREA | The search index path in the Search server Docker container. For
example,
|
Yes all search nodes. |
SPIUSER_PWD | The encrypted password for the 'spiuser'. For more information, see Setting the spiuser password in your Docker images | Yes. |
TRACE_SPEC | Sets trace specifications. For more information about trace, see Trace components | No. |
Store server parameters when OVERRIDE_PRECONFIG=true
Parameter name | Description | Mandatory |
---|---|---|
TENANT | The name of the group that contains your set of environments. For example, MyCompany. | Yes. |
ENVIRONMENT | The name of the environment. For example, Non-production. | Yes. |
ENVTYPE | Then type of environment. For example, auth. | Yes. |
VAULT_TOKEN | The Vault token to use to connect to Vault and request certification from Vault PKI. | Yes if you are using Vault and pass VAULT_TOKEN and VAULT_URL. |
VAULT_URL | The Vault URL to use to connect to Vault and request certification from Vault PKI. | Yes if you are using Vault and pass VAULT_TOKEN and VAULT_URL. |
SSLPort | The remote store page redirect secure port. | Yes. |
NONSSLPort | The remote store page redirect non-secure port. | Yes. |
SPIUSER_PWD | The encrypted password for the 'spiuser'. For more information, see Setting the spiuser password in your Docker images | Yes. |
TRACE_SPEC | Sets trace specifications. For more information about trace, see Trace components | No. |
ZOOKEEPER_SERVERS | Works with KAFKA_SERVERS, if you want to configure the container to catch validation. | No. |
Utility server parameters when OVERRIDE_PRECONFIG=true
Parameter name | Description | Mandatory |
---|---|---|
ENVTYPE | Then type of environment. For example, auth. | Yes. |
DBHOST | The database hostname. | Yes. Note: If the value is stored in Vault, you can ignore this
parameter. |
DBNAME | The name of the database. | Yes. Note: If the value is stored in Vault, you can ignore this
parameter. |
DBPASS | The database user password. | Yes. Note: If the value is stored in Vault, you can ignore this
parameter. |
DBPORT | The database port. | Yes. Note: If the value is stored in Vault, you can ignore this
parameter. |
DBUSER | The database user name. | Yes. Note: If the value is stored in Vault, you can ignore this
parameter. |
DBAUSER | The database administrator name. | Yes. Note: If the value is stored in Vault, you can ignore this
parameter. |
DBAPASSENCRTY | The database administrator encrypted password. | Yes. Note: If the value is stored in Vault, you can ignore this
parameter. |
ENABLE_DB_SSL | Determines whether to enable SSL protocol for connections to the database. Valid values are true or false. | Yes. |
Mandatory parameters when VAULT_CA=true
If you do not use Vault for certification management, then do not specify VAULT_CA=true.
If you want to use Vault for certification management, you need to use the PKI secret backend for Vault. For more information about configuring Vault, see the sample implementation, .
When VAULT_CA=true, the container start up logic executes the
/SETUP/bin/updateCerts.sh script to import internal and
third-party certificates from Vault. You need to specify the following environment
parameters so that the script can import the certificates from Vault.
Parameter name | Description |
---|---|
TENANT | The name of the group that contains your set of environments. For example, MyCompany. |
ENVIRONMENT | The name of the environment. For example, Non-production. |
ENVTYPE | Then type of environment. For example, auth. |
VAULT_TOKEN | The Vault token to use to connect to Vault and request certification from Vault PKI. |
VAULT_URL | The Vault URL to use to connect to Vault and request certification from Vault PKI. |