Docker container start up configuration parameters

Whenever you specify OVERRIDE_PRECONFIG=true or VAULT_CA=true, there are mandatory parameters that you need to specify, otherwise your container will not start. The following tables summarize the list of mandatory and optional parameters for each container.

Transaction server parameters when OVERRIDE_PRECONFIG=true

Parameter name Description Mandatory
TENANT The name of the group that contains your set of environments. For example, MyCompany. Yes.
ENVIRONMENT The name of the environment. For example, Non-production. Yes.
ENVTYPE Then type of environment. For example, auth. Yes.
VAULT_TOKEN The Vault token to use to connect to Vault and request certification from Vault PKI. Yes if you are using Vault.
VAULT_URL The HTTP API endpoint to connect to Vault and request certification from Vault PKI. For example, http://Vault_IP:8200/v1. Yes if you are using Vault.
STOREWEB_HOST The external store hostname that can be used to access the store by a browser. If you are using DC/OS or Kubernetes, this is the exposed hostname on the load balancer, such as store.demoqaauth.cn.ibm.com.
Note: If you have multiple stores running on multiple domains, you can configure your domains to redirect to STOREWEB_HOST to ensure that Management Center store preview works for all stores. The Transaction server will identify the different stores through the ID in the store URL.
Yes
DBHOST The database hostname. Yes.
Note: If the value is stored in Vault, you can ignore this parameter.
DBNAME The name of the database. Yes.
Note: If the value is stored in Vault, you can ignore this parameter.
DBUSER The database user name. Yes.
Note: If the value is stored in Vault, you can ignore this parameter.
DBPASS The database user password. Yes.
Note: If the value is stored in Vault, you can ignore this parameter.
DBPORT The database port. Yes.
Note: If the value is stored in Vault, you can ignore this parameter.
DBAUSER The database administrator name. Yes.
Note: If the value is stored in Vault, you can ignore this parameter.
DBAPASSENCRTY The database administrator encrypted password. Yes.
Note: If the value is stored in Vault, you can ignore this parameter.
ENABLE_DB_SSL Determines whether to enable SSL protocol for connections to the database. Valid values are true or false. Yes.
DBHOST_LIVE The database hostname in the live environment. Yes for Transaction server on an authoring environment.
Note: If the value is stored in Vault, you can ignore this parameter.
DBNAME_LIVE The name of the database in the live environment. Yes for Transaction server on an authoring environment.
Note: If the value is stored in Vault, you can ignore this parameter.
DBPASS_LIVE The database user password in the live environment. Yes for Transaction server on an authoring environment.
Note: If the value is stored in Vault, you can ignore this parameter.
DBPORT_LIVE The database port in the live environment. Yes for Transaction server on an authoring environment.
Note: If the value is stored in Vault, you can ignore this parameter.
DBUSER_LIVE The database user name in the live environment. Yes for Transaction server on an authoring environment.
Note: If the value is stored in Vault, you can ignore this parameter.
MERCHANTKEY_ENCRYPT The encrypted merchant key that was created when you or an administrator loaded the WebSphere Commerce database schema. For more information, see Loading the HCL Commerce database schema. Yes.
SPIUSER_PWD The encrypted password for the 'spiuser'. For more information, see Setting the spiuser password in your Docker images Yes.
LOCALSTOREWEB The web server host name of a local store if you migrated from HCL Commerce Version 7 or Version 8. Yes if you are using a local store.
adminPassword The password for user configadmin, which is used to access the WebSphere Application Server Administrative Console. No.
TRACE_SPEC Sets trace specifications. For more information about trace, see Trace components No.
BLUE_ID_SERVER idaas.iam.ibm.com No.
KAFKA_SERVERS Works with ZOOKEEPER_SERVERS if you want to configure the container to catch validation. No.
KAFKA_TOPIC_PREFIX Used to compose the queue name for the cache invalidation. No.
ZOOKEEPER_SERVERS Works with KAFKA_SERVERS, if you want to configure the container to catch validation. Remote Store just need it to set catch validation. No.
OIDC_CLIENT_ID No Default Value, works with OIDC_CLIENT_SECRET to enable IBMid feature for single sign-on. No.
OIDC_CLIENT_SECRET No Default Value, works with OIDC_CLIENT_ID to enable IBMid feature No.
BLUE_ID_PROVIDERHOST The provider host for single sign-on. No.
SESSION_KEY_ENCRYPT Encrypted session key. No.
SESSION_KEY_ENCRYPT Encrypted session key. No.

Store server parameters when OVERRIDE_PRECONFIG=true

Parameter name Description Mandatory
TENANT The name of the group that contains your set of environments. For example, MyCompany. Yes.
ENVIRONMENT The name of the environment. For example, Non-production. Yes.
ENVTYPE Then type of environment. For example, auth. Yes.
VAULT_TOKEN The Vault token to use to connect to Vault and request certification from Vault PKI. Yes if you are using Vault and pass VAULT_TOKEN and VAULT_URL.
VAULT_URL The Vault URL to use to connect to Vault and request certification from Vault PKI. Yes if you are using Vault and pass VAULT_TOKEN and VAULT_URL.
SSLPort The remote store page redirect secure port. Yes.
NONSSLPort The remote store page redirect non-secure port. Yes.
SPIUSER_PWD The encrypted password for the 'spiuser'. For more information, see Setting the spiuser password in your Docker images Yes.
TRACE_SPEC Sets trace specifications. For more information about trace, see Trace components No.
ZOOKEEPER_SERVERS Works with KAFKA_SERVERS, if you want to configure the container to catch validation. No.

Utility server parameters when OVERRIDE_PRECONFIG=true

Parameter name Description Mandatory
ENVTYPE Then type of environment. For example, auth. Yes.
DBHOST The database hostname. Yes.
Note: If the value is stored in Vault, you can ignore this parameter.
DBNAME The name of the database. Yes.
Note: If the value is stored in Vault, you can ignore this parameter.
DBPASS The database user password. Yes.
Note: If the value is stored in Vault, you can ignore this parameter.
DBPORT The database port. Yes.
Note: If the value is stored in Vault, you can ignore this parameter.
DBUSER The database user name. Yes.
Note: If the value is stored in Vault, you can ignore this parameter.
DBAUSER The database administrator name. Yes.
Note: If the value is stored in Vault, you can ignore this parameter.
DBAPASSENCRTY The database administrator encrypted password. Yes.
Note: If the value is stored in Vault, you can ignore this parameter.
ENABLE_DB_SSL Determines whether to enable SSL protocol for connections to the database. Valid values are true or false. Yes.

Mandatory parameters when VAULT_CA=true

If you do not use Vault for certification management, then do not specify VAULT_CA=true.

If you want to use Vault for certification management, you need to use the PKI secret backend for Vault. For more information about configuring Vault, see the sample implementation, .

When VAULT_CA=true, the container start up logic executes the /SETUP/bin/updateCerts.sh script to import internal and third-party certificates from Vault. You need to specify the following environment parameters so that the script can import the certificates from Vault.
Parameter name Description
TENANT The name of the group that contains your set of environments. For example, MyCompany.
ENVIRONMENT The name of the environment. For example, Non-production.
ENVTYPE Then type of environment. For example, auth.
VAULT_TOKEN The Vault token to use to connect to Vault and request certification from Vault PKI.
VAULT_URL The Vault URL to use to connect to Vault and request certification from Vault PKI.