Environment variables

Environment variables#

The VISA platform is highly configurable through an array of environment variables. This section describes all the environment variables for the different applications and offers suggested values.

VISA API Server#

Server#

Environment variable

Default

Description

VISA_SERVER_HOST

localhost

The hostname on which the REST API HTTP server is listening on

VISA_SERVER_PORT

8080

The port on which to run the REST API HTTP server

VISA_CORS_ORIGIN

*

Sets the CORS origin of the HTTP server

VISA_ROOT_URL

The root URL of the application, used for user notifications

Database#

Environment variable

Default

Description

VISA_DATABASE_USERNAME

The VISA database username

VISA_DATABASE_PASSWORD

The VISA database password

VISA_DATABASE_URL

The full URL of the VISA database

Logging#

Environment variable

Default

Description

VISA_LOGGING_LEVEL

INFO

The application logging level

Email appender#

The email appender is used only for error logs, to allow for quick notification of errors that occur on a production server.

Environment variable

Default

Description

VISA_LOGGING_EMAIL_APPENDER_HOST

The host of the SMTP server for logging via email

VISA_LOGGING_EMAIL_APPENDER_PORT

25

The port of the SMTP server

VISA_LOGGING_EMAIL_APPENDER_TLS

false

Use of TLS with the SMTP server

VISA_LOGGING_EMAIL_APPENDER_START_TLS

DISABLED

Use of Start-TLS with the SMTP server

VISA_LOGGING_EMAIL_APPENDER_RECIPIENT_ADDRESS

Address to send log emails to (a developer account for example)

VISA_LOGGING_EMAIL_APPENDER_FROM_ADDRESS

Address to use as the sender of the log emails

VISA_LOGGING_EMAIL_SUBJECT

Subject (prefix) to use for log emails

VISA_LOGGING_EMAIL_APPENDER_MOCKED

false

Mocks sending emails

VISA_LOGGING_EMAIL_MAX_ERRORS

50

Maximum number of errors per email

File appender#

Environment variable

Default

Description

VISA_LOGGING_FILE_ENABLED

true

Explicitly enables the logging to file a file

VISA_LOGGING_FILE_THRESHOLD

INFO

The logging level for the file

VISA_LOGGING_FILE_MAX_FILE_SIZE

100M

Maximum log file size

VISA_LOGGING_FILE_DIRECTORY

The directory of where the log file is stored

VISA_LOGGING_FILE_FORMAT

The format of the log messages, eg “%d{yyyy-MM-dd HH:mm:ss.SSS} %-5p [%-40.40c{3.}] - %s%e%n”

VISA_LOGGING_FILE_ARCHIVED_FILE_COUNT

1

The number of archive files to keep

Syslog#

Environment variable

Default

Description

VISA_LOGGING_SYSLOG_ENABLED

true

Whether Syslog is enabled

VISA_LOGGING_SYSLOG_TYPE

rfc3164

Syslog protocol (rfc3164 or rfc5425)

VISA_LOGGING_SYSLOG_ENDPOINT

The Syslog endpoint (host:port)

VISA_LOGGING_SYSLOG_APP_NAME

The Syslog app name

VISA_LOGGING_SYSLOG_FACILITY

local-use-0

The Syslog facility

VISA_LOGGING_SYSLOG_THRESHOLD

INFO

The Syslog logging level

VISA_LOGGING_SYSLOG_FORMAT

The Syslog log format

VISA web services#

Environment variable

Default

Description

VISA_ACCOUNTS_SERVICE_CLIENT_URL

The VISA Accounts authentication URL eg http://accounts:8089/api/authenticate

VISA_SECURITY_GROUP_SERVICE_CLIENT_ENABLED

false

Enables the use of the VISA Security Group micro-service. This micro service provides site logic to determine the security groups for an instance.

VISA_SECURITY_GROUP_SERVICE_CLIENT_URL

The VISA Security Group Service URL eg http://security-groups:8090/api/securitygroups

VISA_SECURITY_GROUP_SERVICE_CLIENT_AUTH_TOKEN

The authentication token to send to the Security Group service

Cloud Provider#

| VISA_CLOUD_SERVER_NAME_PREFIX | | The prefix used for all instances created by VISA | | VISA_DEFAULT_CLOUD_PROVIDER_TYPE | openstack | Specifies the default cloud provider type (openstack or web) | | VISA_DEFAULT_CLOUD_PROVIDER_NAME | Default | Specifies the name of the default cloud provider |

OpenStack#

Environment variable

Default

Description

VISA_CLOUD_IDENTITY_ENDPOINT

The OpenStack identity endpoint

VISA_CLOUD_COMPUTE_ENDPOINT

The OpenStack compute endpoint

VISA_CLOUD_IMAGE_ENDPOINT

The OpenStack image endpoint

VISA_CLOUD_NETWORK_ENDPOINT

The OpenStack network endpoint

VISA_CLOUD_APPLICATION_ID

The application ID to authorise VISA API Server to use the OpenStack API

VISA_CLOUD_APPLICATION_SECRET

The application secret to authorise VISA API Server to use the OpenStack API

VISA_CLOUD_ADDRESS_PROVIDER

The address provider name for instances in OpenStack

VISA_CLOUD_ADDRESS_PROVIDER_UUID

The address privider UUID for instances in OpenStack

Web#

| VISA_CLOUD_WEB_PROVIDER_URL | | The URL to access the Web Cloud Provider | | VISA_CLOUD_WEB_PROVIDER_AUTH_TOKEN | | Authentication token for access to the Web Cloud Provider |

Remote Desktop (virtual desktop infrastructure VDI)#

Environment variable

Default

Description

VISA_VDI_ENABLED

true

Enables the remote desktops in VISA

VISA_VDI_REDIS_ENABLED

false

Enables a Redis pub-sub server (this is required for load balancing, to enable messaging between the applications)

VISA_VDI_REDIS_URL

The URL of the Redis server (required for load balancing)

VISA_VDI_REDIS_PASSWORD

The password for the Redis server (required for load balancing)

VISA_VDI_REDIS_DATABASE

0

the database ID of the Redis server (required for load balancing)

VISA_VDI_OWNER_DISCONNECTION_POLICY

DISCONNECT_ALL

Determines the policy of how to handle shared connections when the owner disconnects. Possible values are DISCONNECT_ALL (disconnecting shared connections) and LOCK_ROOM (to keep connections open but disable all interactions)

VISA_VDI_CLEANUP_SESSIONS_ON_STARTUP

false

As an admin option, desktop sessions can be cleaned when starting the server (if any are left open in the database). If load-balancing, only one server should do this.

VISA_VDI_SIGNATURE_PRIVATE_KEY_PATH

The path to the private key used for the VISA PAM module to encrypt connection details to a remote desktop

VISA_VDI_SIGNATURE_PUBLIC_KEY_PATH

The path to the public key used by the VISA PAM module

VISA_VDI_GUACD_PARAMETER_PROTOCOL

rdp

A guacamole parameter specifying the remote desktop protocol

VISA_VDI_GUACD_PARAMETER_IGNORE_CERT

true

A guacamole parameter to ignore the RDP certificate on the remote server

VISA_VDI_GUACD_PARAMETER_PORT

3389

The port used for the RDP protocol

Scheduler#

Environment variable

Default

Description

VISA_SCHEDULER_ENABLED

true

The scheduler of VISA is used to update the instance states, run instance commands (start, stop, reboot, etc), perform lifetime management, etc. This option enables the schedule. In a load-balanced enviroment you must ensure that only one server has an active scheduler.

Instance lifetime management#

Environment variable

Default

Description

VISA_INSTANCE_USER_MAX_LIFETIME_DURATION_HOURS

336

Sets the maximum lifetime, specified in hours, of instances for normal users.

VISA_INSTANCE_STAFF_MAX_LIFETIME_DURATION_HOURS

1440

Sets the maximum lifetime, specified in hours, of instances for staff users.

VISA_INSTANCE_USER_MAX_INACTIVITY_DURATION_HOURS

96

Sets the maximum time of inactivity of an instance before it is deleted, specified in hours, for normal users.

VISA_INSTANCE_STAFF_MAX_INACTIVITY_DURATION_HOURS

192

Sets the maximum time of inactivity of an instance before it is deleted, specified in hours, for staff users.

User instance quota#

Environment variable

Default

Description

VISA_INSTANCE_USER_DEFAULT_QUOTA

2

Sets the default number of instances a user can create (for users created by VISA independently of ETL processes)

Instance activity retention period#

Environment variable

Default

Description

VISA_INSTANCE_ACTIVITY_RETENTION_PERIOD_DAYS

0

Specifies how long user instance activity (mouse or keyboard activity) is stored in the database (0 implies forever)

Instance port check timeout#

Environment variable

Default

Description

VISA_INSTANCE_PORT_CHECK_TIMEOUT_MS

1000

Specifies how long VISA will check the availability of a port on an instance (to determine which services are active)

User notifications#

Environment variable

Default

Description

VISA_NOTIFICATION_EMAIL_ADAPTER_ENABLED

false

Users are notified by email when their instance will be deleted (24 hours before) or when then they have been added as a member of someone else’s instance. This environment variable enables this mechanism.

VISA_NOTIFICATION_EMAIL_ADAPTER_HOST

Specifies the SMTP host for sending notification emails

VISA_NOTIFICATION_EMAIL_ADAPTER_PORT

Specified the port of the SMTP server sending notification emails

VISA_NOTIFICATION_EMAIL_ADAPTER_APPENDER_TLS

false

Use of TLS with the SMTP server

VISA_NOTIFICATION_EMAIL_ADAPTER_START_TLS

DISABLED

Use of Start-TLS with the SMTP server

VISA_NOTIFICATION_EMAIL_ADAPTER_FROM_EMAIL_ADDRESS

The address of the sender of emails to users

VISA_NOTIFICATION_EMAIL_ADAPTER_BCC_EMAIL_ADDRESS

null

Optionally allows a BCC of the email to be sent to another address (a development account for example)

VISA_NOTIFICATION_EMAIL_ADAPTER_ADMIN_EMAIL_ADDRESS

An admin email address which is used in email templates as a support address for users.

VISA_NOTIFICATION_EMAIL_ADAPTER_DEV_EMAIL_ADDRESS

An email address of VISA developers can be set to allow for the notification when instances are created.

VISA_NOTIFICATION_EMAIL_ADAPTER_TEMPLATES_DIRECTORY

emails/templates/

To allow for the customisation of emails, the templates provided by VISA can be modified. This environment variable sets the location of the email templates.

VISA_NOTIFICATION_EMAIL_ADAPTER_MOCKED

false

Mocks sending emails

Client configuration#

The VISA API server has an endpoint that allows a client to obtain configuration values (included VISA version number, IDP settings, analytics, etc).

Environment variable

Default

Description

VISA_CLIENT_CONFIG_CONTACT_EMAIL

null

This sets the VISA contact email that is visible on a number of pages in the frontend

Login#

Environment variable

Default

Description

VISA_CLIENT_CONFIG_LOGIN_ISSUER

Specifies the IDP OpenID Connect login URL (eg for Keycloak https://my.keycloak/auth/realms/master)

VISA_CLIENT_CONFIG_LOGIN_CLIENT_ID

Specifies the client ID for the login process

VISA_CLIENT_CONFIG_LOGIN_SCOPE

openid offline_access

The required scope for the authentication (unlikely to be different from the default

VISA_CLIENT_CONFIG_LOGIN_SHOW_DEBUG_INFORMATION

false

Enables debug logging information on the client side (visa-web)

VISA_CLIENT_CONFIG_LOGIN_SESSION_CHECKS_ENABLED

true

Checks the the current OpenID Connect IDP session is still active

Analytics#

The analytics environment variables are associated to the use of a Matamo analytics server

Environment variable

Default

Description

VISA_CLIENT_CONFIG_ANALYTICS_ENABLED

false

Enables the use of a Matamo analytics server

VISA_CLIENT_CONFIG_ANALYTICS_URL

Specifies the URL of the Matamp analytics server

VISA_CLIENT_CONFIG_ANALYTICS_SITE_ID

Specified the Site ID for VISA in the analytics server

Desktop#

Environment variable

Default

Description

VISA_CLIENT_CONFIG_DESKTOP_ALLOWED_CLIPBOARD_URL_HOSTS

[]

By specifying the contents of the clipboard of the remote desktop, a remote application can make VISA open a popup in the client browser to request the user to open another URL (for example to open an electronic logbook, data portal, chat window). To ensure that the URL is acceptiblen, VISA is configured with a list of accepted hosts.

VISA_CLIENT_CONFIG_DESKTOP_KEYBOARD_LAYOUTS

[]

Specifies the list of keyboard layouts that are proposed to a user, eg [{“layout”:”en-gb-qwerty”,”name”:”English (UK) keyboard”,”selected”:true},{“layout”:”fr-fr-azerty”,”name”:”French keyboard (azerty)”,”selected”:false}]

Experiments#

Environment variable

Default

Description

VISA_CLIENT_CONFIG_INCLUDE_OPEN_DATA

false

Enables open data to be included in search results, by comparing the public_at date in the proposals table to the current date

VISA Accounts#

Server#

Environment variable

Default

Description

VISA_ACCOUNTS_SERVER_PORT

4000

The port on which to run the server

VISA_ACCOUNTS_SERVER_HOST

localhost

The hostname on which the server is listening on

IDP#

Environment variable

Default

Description

VISA_ACCOUNTS_IDP

URL to the OpenID discovery endpoint (eg https://my.idp.server/.well-known/openid-configuration) which will then be used to validate a token. This should be matched to the login URL provided above which is used to generate the token.

VISA_ACCOUNTS_CLIENT_ID

The Client ID as configured by the OpenID provider

VISA_ACCOUNTS_IDP_USERINFO_SIGNED_RESPONSE_ALG

null

Allows you to set the encoding algorithm of the UserInfo Response (eg RS256) if enabled in the IDP

VISA_ACCOUNTS_IDP_TIMEOUT_MS

2500

Sets the HTTP request timeout (in milliseconds) to the IDP

VISA_ACCOUNTS_IDP_CACHE_EXPIRATION_S

0

Specifies the expiration in seconds of cached IDP responses. This allows you to reduce the number of calls to the IDP and returns the same response for a given token (UserInfo or error). By default the cache is not activated (a cache expiration of > 0s is required to activate the cache).

Attribute provider#

Environment variable

Default

Description

VISA_ACCOUNTS_ATTRIBUTE_PROVIDER

The attribute provider is used to provide site-specific details about the user and the account and can be used to send additional information to the instance in OpenStack. You can find here details on how to develop and integrate an attribute provider in VISA. this environment variable sets the absolute or relative path to the attribute provider.

Logging#

Environment variable

Default

Description

VISA_ACCOUNTS_LOG_LEVEL

info

Log level

VISA_ACCOUNTS_LOG_TIMEZONE

The timezone for the formatting the time in the application log

Syslog#

The syslog environment variables are optional: if none are set then log messages are not forwarded to a sys log server. When using the docker container, the TZ environment variable is required too to ensure that the container runs at the same timezone as the host, otherwise the syslog may not have the correct time.

Environment variable

Default

Description

VISA_ACCOUNTS_LOG_SYSLOG_HOST

The Syslog host (optional)

VISA_ACCOUNTS_LOG_SYSLOG_PORT

The Syslog port (optional)

VISA_ACCOUNTS_LOG_SYSLOG_APP_NAME

Application name used by Syslog (optional)

VISA Jupyter Proxy#

Server#

Environment variable

Default

Description

VISA_JUPYTER_PROXY_SERVER_PORT

8088

The port on which to run the server

VISA_JUPYTER_PROXY_SERVER_HOST

localhost

The hostname on which the server is listening on

VISA_JUPYTER_PROXY_CACHE_REFRESH_TIME_S

60

Authorisation access and the IP address of instances are cached in the JupyterProxy to reduce the number of calls the to VISA API server. this environment variable sets how long a cached entry lasts for.

VISA_JUPYTER_PROXY_STORAGE_DIR

data

The local data storage directory (used primarily for maintaining session details if the proxy needs to be restarted).

Logging#

Environment variable

Default

Description

VISA_JUPYTER_PROXY_LOG_LEVEL

info

Log level

VISA_JUPYTER_PROXY_LOG_TIMEZONE

The timezone for the formatting the time in the application log

Syslog#

The syslog environment variables are optional: if none are set then log messages are not forwarded to a sys log server. When using the docker container, the TZ environment variable is required too to ensure that the container runs at the same timezone as the host, otherwise the syslog may not have the correct time.

Environment variable

Default

Description

VISA_JUPYTER_PROXY_LOG_SYSLOG_HOST

The Syslog host (optional)

VISA_JUPYTER_PROXY_LOG_SYSLOG_PORT

The Syslog port (optional)

VISA_JUPYTER_PROXY_LOG_SYSLOG_APP_NAME

Application name used by Syslog (optional)

VISA API#

Environment variable

Default

Description

VISA_JUPYTER_PROXY_API_HOST

localhost

Host of the VISA API Server REST API, used to authenticate the request and obtain an IP address from the instance ID

VISA_JUPYTER_PROXY_API_PORT

8086

Port of the VISA API Server REST API
Contents