openmetadata-server service¶
This page documents the configuration for the openmetadata-server service from docker-compose.yml.
Image: docker.getcollate.io/openmetadata/server:1.9.12
Container name: openmetadata-server
Ports:
8585:85858586:8586
Volumes:
./config_files/openmetadata/openmetadata.yaml:/usr/local/openmetadata/conf/openmetadata.yaml:ro,z./config_files/openmetadata/certs:/opt/om-trust:ro,z
Depends on:
om-elasticsearchmysqlexecute-migrate-all
Networks:
osss-net
Environment:
OPENMETADATA_CLUSTER_NAME=${OPENMETADATA_CLUSTER_NAME:-openmetadata}SERVER_PORT=${SERVER_PORT:-8585}SERVER_ADMIN_PORT=${SERVER_ADMIN_PORT:-8586}LOG_LEVEL=${LOG_LEVEL:-INFO}AUTHENTICATION_PROVIDER=${OM_AUTHENTICATION_PROVIDER:-basic}CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME=${CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME:-"Keycloak"}AUTHENTICATION_RESPONSE_TYPE=${OM_AUTHENTICATION_RESPONSE_TYPE:-id_token}AUTHENTICATION_CALLBACK_URL=${OM_AUTHENTICATION_CALLBACK_URL:-http://localhost:8585/callback}AUTHENTICATION_ENABLE_SELF_SIGNUP=${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true}AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING=${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS_MAPPING:-[]}OIDC_DISCOVERY_URI=${OM_OIDC_DISCOVERY_URI:-""}OIDC_CLIENT_ID=${OM_OIDC_CLIENT_ID:-""}OIDC_CLIENT_SECRET=${OM_OIDC_CLIENT_SECRET:-""}OIDC_SCOPES=openid profile emailAUTHORIZER_CLASS_NAME=${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer}AUTHORIZER_REQUEST_FILTER=${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter}AUTHORIZER_ADMIN_PRINCIPALS=${AUTHORIZER_ADMIN_PRINCIPALS:-[a2a]}AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN=${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]}AUTHORIZER_INGESTION_PRINCIPALS=${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]}AUTHORIZER_PRINCIPAL_DOMAIN=${AUTHORIZER_PRINCIPAL_DOMAIN:-"open-metadata.org"}AUTHORIZER_ALLOWED_DOMAINS=${AUTHORIZER_ALLOWED_DOMAINS:-[]}AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN=${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false}AUTHORIZER_ENABLE_SECURE_SOCKET=${AUTHORIZER_ENABLE_SECURE_SOCKET:-false}AUTHENTICATION_OIDC_DISCOVERY_URI=${OM_AUTHENTICATION_OIDC_DISCOVERY_URI:-https://keycloak.local:8443/realms/OSSS/.well-known/openid-configuration}AUTHENTICATION_AUTHORITY=${OM_AUTHENTICATION_AUTHORITY:-https://accounts.google.com}AUTHENTICATION_CLIENT_ID=${OM_AUTHENTICATION_CLIENT_ID:-""}AUTHENTICATION_CLIENT_SECRET=${OM_AUTHENTICATION_CLIENT_SECRET:-password}AUTHENTICATION_SCOPE=${OM_AUTHENTICATION_SCOPE:-"openid profile email groups"}AUTHENTICATION_JWT_PRINCIPAL_CLAIMS=${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]}AUTHENTICATION_CLIENT_TYPE=${OM_AUTHENTICATION_CLIENT_TYPE:-public}OIDC_TYPE=${OIDC_TYPE:-""}OIDC_SCOPE=${OIDC_SCOPE:-"openid email profile"}OIDC_USE_NONCE=${OIDC_USE_NONCE:-true}OIDC_PREFERRED_JWS=${OIDC_PREFERRED_JWS:-"RS256"}OIDC_RESPONSE_TYPE=${OIDC_RESPONSE_TYPE:-"code"}OIDC_DISABLE_PKCE=${OIDC_DISABLE_PKCE:-true}OIDC_CALLBACK=${OIDC_CALLBACK:-"http://localhost:8585/callback"}OIDC_SERVER_URL=${OIDC_SERVER_URL:-"http://localhost:8585"}OIDC_CLIENT_AUTH_METHOD=${OIDC_CLIENT_AUTH_METHOD:-"client_secret_post"}OIDC_TENANT=${OIDC_TENANT:-""}OIDC_MAX_CLOCK_SKEW=${OIDC_MAX_CLOCK_SKEW:-""}OIDC_CUSTOM_PARAMS=${OIDC_CUSTOM_PARAMS:-}OIDC_MAX_AGE=${OIDC_MAX_AGE:-"0"}OIDC_PROMPT_TYPE=${OIDC_PROMPT_TYPE:-"consent"}OIDC_SESSION_EXPIRY=${OIDC_SESSION_EXPIRY:-"604800"}RSA_PUBLIC_KEY_FILE_PATH=${RSA_PUBLIC_KEY_FILE_PATH:-"./conf/public_key.der"}RSA_PRIVATE_KEY_FILE_PATH=${RSA_PRIVATE_KEY_FILE_PATH:-"./conf/private_key.der"}JWT_ISSUER=${JWT_ISSUER:-"open-metadata.org"}JWT_KEY_ID=${JWT_KEY_ID:-"Gb389a-9f76-gdjs-a92j-0242bk94356"}PIPELINE_SERVICE_CLIENT_ENDPOINT=${PIPELINE_SERVICE_CLIENT_ENDPOINT:-http://ingestion:8082}PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL=${PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL:-300}SERVER_HOST_API_URL=${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api}PIPELINE_SERVICE_CLIENT_VERIFY_SSL=${PIPELINE_SERVICE_CLIENT_VERIFY_SSL:-"no-ssl"}PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH=${PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH:-""}DB_DRIVER_CLASS=${DB_DRIVER_CLASS:-com.mysql.cj.jdbc.Driver}DB_SCHEME=${DB_SCHEME:-mysql}DB_PARAMS=${DB_PARAMS:-allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC}DB_USER=${DB_USER:-openmetadata_user}DB_USER_PASSWORD=${DB_USER_PASSWORD:-openmetadata_password}DB_HOST=${DB_HOST:-mysql}DB_PORT=${DB_PORT:-3306}OM_DATABASE=${OM_DATABASE:-openmetadata}ELASTICSEARCH_HOST=${OM_ELASTICSEARCH_HOST:-om-elasticsearch}ELASTICSEARCH_PORT=${OM_ELASTICSEARCH_PORT:-9201}ELASTICSEARCH_SCHEME=${ELASTICSEARCH_SCHEME:-http}ELASTICSEARCH_USER=${ELASTICSEARCH_USER:-""}ELASTICSEARCH_PASSWORD=${ELASTICSEARCH_PASSWORD:-""}SEARCH_TYPE=${SEARCH_TYPE:- "elasticsearch"}ELASTICSEARCH_TRUST_STORE_PATH=${ELASTICSEARCH_TRUST_STORE_PATH:-""}ELASTICSEARCH_TRUST_STORE_PASSWORD=${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""}ELASTICSEARCH_CONNECTION_TIMEOUT_SECS=${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5}ELASTICSEARCH_SOCKET_TIMEOUT_SECS=${ELASTICSEARCH_SOCKET_TIMEOUT_SECS:-60}ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS=${ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS:-600}ELASTICSEARCH_BATCH_SIZE=${ELASTICSEARCH_BATCH_SIZE:-100}ELASTICSEARCH_PAYLOAD_BYTES_SIZE=${ELASTICSEARCH_PAYLOAD_BYTES_SIZE:-10485760}ELASTICSEARCH_INDEX_MAPPING_LANG=${ELASTICSEARCH_INDEX_MAPPING_LANG:-EN}EVENT_MONITOR=${EVENT_MONITOR:-prometheus}EVENT_MONITOR_BATCH_SIZE=${EVENT_MONITOR_BATCH_SIZE:-10}EVENT_MONITOR_PATH_PATTERN=${EVENT_MONITOR_PATH_PATTERN:-["/api/v1/tables/*", "/api/v1/health-check"]}EVENT_MONITOR_LATENCY=${EVENT_MONITOR_LATENCY:-[]}PIPELINE_SERVICE_CLIENT_ENABLED=${PIPELINE_SERVICE_CLIENT_ENABLED:-true}PIPELINE_SERVICE_CLIENT_CLASS_NAME=${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"}PIPELINE_SERVICE_IP_INFO_ENABLED=${PIPELINE_SERVICE_IP_INFO_ENABLED:-false}PIPELINE_SERVICE_CLIENT_HOST_IP=${PIPELINE_SERVICE_CLIENT_HOST_IP:-""}PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER=${PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER:-"noop"}AIRFLOW_USERNAME=${AIRFLOW_USERNAME:-a2a}AIRFLOW_PASSWORD=${AIRFLOW_PASSWORD:-a2a}AIRFLOW_TIMEOUT=${AIRFLOW_TIMEOUT:-10}AIRFLOW_TRUST_STORE_PATH=${AIRFLOW_TRUST_STORE_PATH:-""}AIRFLOW_TRUST_STORE_PASSWORD=${AIRFLOW_TRUST_STORE_PASSWORD:-""}FERNET_KEY=${FERNET_KEY:-jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=}SECRET_MANAGER=${SECRET_MANAGER:-db}OM_SM_REGION=${OM_SM_REGION:-""}OM_SM_ACCESS_KEY_ID=${OM_SM_ACCESS_KEY_ID:-""}OM_SM_ACCESS_KEY=${OM_SM_ACCESS_KEY:-""}OM_EMAIL_ENTITY=${OM_EMAIL_ENTITY:-"OpenMetadata"}OM_SUPPORT_URL=${OM_SUPPORT_URL:-"https://slack.open-metadata.org"}AUTHORIZER_ENABLE_SMTP=${AUTHORIZER_ENABLE_SMTP:-false}OPENMETADATA_SERVER_URL=${OPENMETADATA_SERVER_URL:-""}OPENMETADATA_SMTP_SENDER_MAIL=${OPENMETADATA_SMTP_SENDER_MAIL:-""}SMTP_SERVER_ENDPOINT=${SMTP_SERVER_ENDPOINT:-""}SMTP_SERVER_PORT=${SMTP_SERVER_PORT:-""}SMTP_SERVER_USERNAME=${SMTP_SERVER_USERNAME:-""}SMTP_SERVER_PWD=${SMTP_SERVER_PWD:-""}SMTP_SERVER_STRATEGY=${SMTP_SERVER_STRATEGY:-"SMTP_TLS"}OPENMETADATA_HEAP_OPTS=${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G}MASK_PASSWORDS_API=${MASK_PASSWORDS_API:-false}WEB_CONF_URI_PATH=${WEB_CONF_URI_PATH:-"/api"}WEB_CONF_HSTS_ENABLED=${WEB_CONF_HSTS_ENABLED:-false}WEB_CONF_HSTS_MAX_AGE=${WEB_CONF_HSTS_MAX_AGE:-"365 days"}WEB_CONF_HSTS_INCLUDE_SUBDOMAINS=${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"}WEB_CONF_HSTS_PRELOAD=${WEB_CONF_HSTS_PRELOAD:-"true"}WEB_CONF_FRAME_OPTION_ENABLED=${WEB_CONF_FRAME_OPTION_ENABLED:-false}WEB_CONF_FRAME_OPTION=${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"}WEB_CONF_FRAME_ORIGIN=${WEB_CONF_FRAME_ORIGIN:-""}WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED=${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false}WEB_CONF_XSS_PROTECTION_ENABLED=${WEB_CONF_XSS_PROTECTION_ENABLED:-false}WEB_CONF_XSS_PROTECTION_ON=${WEB_CONF_XSS_PROTECTION_ON:-true}WEB_CONF_XSS_PROTECTION_BLOCK=${WEB_CONF_XSS_PROTECTION_BLOCK:-true}WEB_CONF_XSS_CSP_ENABLED=${WEB_CONF_XSS_CSP_ENABLED:-false}WEB_CONF_XSS_CSP_POLICY=${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"}WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY=${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""}WEB_CONF_CACHE_CONTROL=${WEB_CONF_CACHE_CONTROL:-""}WEB_CONF_PRAGMA=${WEB_CONF_PRAGMA:-""}JAVA_TOOL_OPTIONS=-Djavax.net.ssl.trustStore=/opt/om-trust/om-truststore.p12 -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.trustStoreType=PKCS12