Configuration Reference

Anka Build Cloud Configuration Reference

Controller Configuration Reference

Configuring your Anka Build Cloud Controller & Registry to enable features or customize URLs has several methods available.

Environment Variables

Depending on the package you’re using (native or docker), you can set ENV variables to modify the configuration of your controller and registry.

Our default docker package will use .env files to store the configuration ENVs. Both that and the below example are valid ways to configure the Anka Build Cloud.

docker-compose.yml (docker)

version: '3'
services:
  anka-controller:
    container_name: anka.controller
    build:
       context: controller
    ports:
       - "80:80" # You can change this to expose the controller on a different port
    depends_on:
       - etcd
       - anka-registry
    restart: always
    environment:
      ANKA_ANKA_REGISTRY: "http://anka-registry:8089"
      ANKA_ENABLE_CENTRAL_LOGGING: "true"

  anka-registry:
    container_name: anka.registry
    build:
      context: registry
    ports:
      - "8089:8089"
    restart: always
    volumes:
      - "~/anka-registry-data:/mnt/vol"

  etcd:
    container_name: anka.etcd
    build:
      context: etcd
    volumes:
      - /var/etcd-data:/etcd-data
    restart: always
    environment:
      ETCD_DATA_DIR: "/etcd-data"
      ETCD_LISTEN_CLIENT_URLS: "http://0.0.0.0:2379"
      ETCD_ADVERTISE_CLIENT_URLS: "http://0.0.0.0:2379"
      ETCD_LISTEN_PEER_URLS: "http://0.0.0.0:2380"
      ETCD_INITIAL_ADVERTISE_PEER_URLS: "http://0.0.0.0:2380"
      ETCD_INITIAL_CLUSTER: "my-etcd=http://0.0.0.0:2380"
      ETCD_INITIAL_CLUSTER_TOKEN: "my-etcd-token"
      ETCD_INITIAL_CLUSTER_STATE: "new"
      ETCD_AUTO_COMPACTION_RETENTION: "30m"
      ETCD_NAME: "my-etcd"

/usr/local/bin/anka-controllerd (native)

When editing the /usr/local/bin/anka-controllerd, be sure to use export when setting the ENV.
#!/bin/bash

export ANKA_STANDALONE="true"
export ANKA_LISTEN_ADDR=":80"
export ANKA_DATA_DIR="/Library/Application Support/Veertu/Anka/anka-controller"
export ANKA_ENABLE_CENTRAL_LOGGING="true"
export ANKA_LOG_DIR="/Library/Logs/Veertu/AnkaController"

export ANKA_RUN_REGISTRY="true"
export ANKA_ALLOW_EMPTY_REGISTRY="true"
export ANKA_REGISTRY_BASE_PATH="/Library/Application Support/Veertu/Anka/registry"
export ANKA_REGISTRY_LISTEN_ADDRESS="0.0.0.0:8089"

# SSL + Cert Auth
# export ANKA_USE_HTTPS="true"
# export ANKA_SKIP_TLS_VERIFICATION="true"
# export ANKA_SERVER_CERT="/Users/nathanpierce/anka-build-cloud-certs/anka-controller-crt.pem"
# export ANKA_SERVER_KEY="/Users/nathanpierce/anka-build-cloud-certs/anka-controller-key.pem"

# export ANKA_ENABLE_AUTH="true"
# export ANKA_CA_CERT="/Users/nathanpierce/anka-build-cloud-certs/anka-ca-crt.pem"
# export ANKA_CLIENT_CERT="/Users/nathanpierce/anka-build-cloud-certs/anka-controller-crt.pem"
# export ANKA_CLIENT_CERT_KEY="/Users/nathanpierce/anka-build-cloud-certs/anka-controller-key.pem"
# export ANKA_ROOT_TOKEN="1111111111"


${ANKA_USE_HTTPS:-false} && SCHEME="https://" || SCHEME="http://"

export ANKA_ANKA_REGISTRY="${SCHEME}anka.registry:8089"

/Library/Application\ Support/Veertu/Anka/bin/anka-controller

Configuration ENVs

General & Commonly used

ENVTypeDescriptionDefault Value
ANKA_ANKA_REGISTRY(string)Anka Registry address that will be used by Nodes to pull/download VM Templates and Tags. This is not used by the Controller to communicate with the Registry. (format: “http[s]://address:[port]”).
ANKA_CLEAN_MAC_ADDRESS_INTERVAL(duration)Delay between cleaning mac addresses.1h0m0s
ANKA_DEFRAG_DB_INTERVAL(duration)The interval for defragging ETCD (0 is disable).0
ANKA_ETCD_ENDPOINTS(string)Comma separated list of etcd addresses. These endpoints are used for the Application DB (instance, group, node information) and the Queue DB (if not defined separately with ANKA_QUEUE_ETCD_ENDPOINTS).127.0.0.1:2379
ANKA_FILL_MAC_ADDRESS_RANGE_INTERVAL(duration)Interval to execute the mac address range validation.3h0m0s
ANKA_INSTANCE_TIME_OUT(duration)The time that instances stay in ‘Terminated’ state.1m0s
ANKA_LISTEN_ADDR(string)The address and port to listen on (format: “[address]:port”).:80
ANKA_LOCAL_ANKA_REGISTRY(string)The Controller uses this to communicate with the Registry and is separate from the ANKA_ANKA_REGISTRY, which is used by external services like Anka Nodes. This is for situations where the Controller and Registry are on the same network and you want to use localhost/local DNS for communication between them (format: “http[s]://address:[port]”)localhost:8085).
ANKA_MAC_ADDR_RANGE(string)Pass the range of mac addresses to use. manage-mac-addresses must be set to true to use this option. format is - (example: 00:00:00:00:00:00-FF:FF:FF:FF:FF:FF).
ANKA_MAC_ADDR_RANGE_MAX_RETRIES(int)Times to retry to get mac address from the database before giving up and returning an error.100
ANKA_MANAGE_MAC_ADDRESSES(boolean)Enables the controller to manage mac addresses of VMs. Check our docs for more info and caveats.false
ANKA_NUM_WORKERS(int)The number of concurrent workers processing node tasks.2
ANKA_PUSH_REGISTRY(string)Comma separated list of Registry addresses to use for push operations (saveImage/Jenkins cache building).
ANKA_QUEUE_ETCD_ENDPOINTS(string)Comma seperated list of ETCD endpoints to use for queue data (only available in standalone mode).
ANKA_STANDALONE(boolean)Run controller service, the built in registry, and etcd database together in a single binary/service.false

Logging

ENVTypeDescriptionDefault Value
ANKA_CMD_LOG_MAX_DAYS(int)Number of days to keep cmd logs (0 will use the value in log-max-days).7
ANKA_CMD_LOG_MAX_MB(int)MB limit for cmd log files (0 will use the value in log-max-mb).1024
ANKA_ENABLE_CENTRAL_LOGGING(boolean)Enables central logging. This will forward all logs available to the service into the registry’s data directory using the REST API of the Registry.false
ANKA_ENABLE_EVENT_LOGGING(boolean)(Enterprise Plus Only) Enables event logging. They will show under the Controller’s Logs section after the first instance is created.false
ANKA_ERROR_LOG_MAX_DAYS(int)Number of days to keep error logs (0 will use the value in log-max-days).3
ANKA_ERROR_LOG_MAX_MB(int)MB limit for error log files (0 will use the value in log-max-mb).200
ANKA_EVENT_LOG_URL(string)(Enterprise Plus Only) The url to post events to in json format.
ANKA_INFO_LOG_MAX_DAYS(int)Number of days to keep info logs (0 will use the value in log-max-days).0
ANKA_INFO_LOG_MAX_MB(int)MB limit for info log files (0 will use the value in log-max-mb).0
ANKA_LOG_MAX_DAYS(int)Number of days to keep logs for all log types unless otherwise defined.7
ANKA_LOG_MAX_MB(int)MB limit for log files, for all log types unless otherwise defined.700

HTTPS / TLS

ENVTypeDescriptionDefault Value
ANKA_CIPHER_SUITES(string)A list of cipher suites to use for HTTPS/TLS. Supported Options: tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_128_gcm_sha256, tls_rsa_with_aes_256_gcm_sha384, tls_aes_128_gcm_sha256, tls_aes_256_gcm_sha384, tls_chacha20_poly1305_sha256, tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_cbc_sha, tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_aes_128_gcm_sha256, tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_chacha20_poly1305_sha256, tls_ecdhe_ecdsa_with_chacha20_poly1305_sha256
ANKA_MAX_TLS_VERSION(string)The max tls version to use with HTTPS/TLS. Supported Options: tls_1.0, tls_1.1, tls_1.2, tls_1.3
ANKA_MIN_TLS_VERSION(string)The min tls version to use with HTTPS/TLS. Supported Options: tls_1.0, tls_1.1, tls_1.2, tls_1.3
ANKA_SERVER_CERT(string)The path to a HTTPS/TLS certificate file in PEM format.
ANKA_SERVER_KEY(string)The path to a HTTPS/TLS certificate private key file in PEM format.
ANKA_SKIP_TLS_VERIFICATION(boolean)Disable the verification of the HTTPS/TLS certificates when making outbound requests to services (for self-signed certs).false
ANKA_USE_HTTPS(boolean)Enable HTTPS/TLS protocol for the controller UI and API (requires server-cert & server-key).false

Built in Registry

ENVTypeDescriptionDefault Value
ANKA_ENABLE_REGISTRY_AUTHORIZATION(boolean)Enable Authorization (Users, groups, permission control for specific certificates) in the Registry.false
ANKA_REGISTRY_ACCESS_LOGS(boolean)Enables registry access logs.false
ANKA_REGISTRY_BASE_PATH(string)Built-in Registry’s data storage path.
ANKA_REGISTRY_LISTEN_ADDRESS(string)Address for built in Registry to listen on.:8089
ANKA_REGISTRY_VM_LIST_CACHE_TTL(duration)Registry’s template information cache TTL30s
ANKA_RUN_REGISTRY(boolean)Run Built-in Registry (useful if not using standalone mode, but you still want the controller and registry to run together; no etcd).false

Built in ETCD

ENVTypeDescriptionDefault Value
ANKA_ADVERTISE_CLIENT_URLS(string)Comma separated list of client urls for ETCD to advertise (only available in standalone mode)http://127.0.0.1:2379
ANKA_AUTO_COMPACTION_MODE(string)The ETCD auto compaction mode, (‘periodic’ or ‘revision’) (only available in standalone mode)periodic
ANKA_AUTO_COMPACTION_RETENTION(string)The ETCD auto compaction retention length (0 is disabled) (only available in standalone mode)30m
ANKA_DATA_DIR(string)The ETCD data directory location (only available in standalone mode)/tmp/etcd-data
ANKA_INITIAL_ADVERTISE_PEER_URLS(string)Comma separated list of peer urls for ETCD to advertise (only available in standalone mode)http://0.0.0.0:2380
ANKA_INITIAL_CLUSTER(string)The initial ETCD cluster configuration for bootstrapping (only available in standalone mode)anka-etcd=http://0.0.0.0:2380
ANKA_INITIAL_CLUSTER_STATE(string)The initial cluster state for ETCD (’new’ or ’existing’) (only available in standalone mode)new
ANKA_INITIAL_CLUSTER_TOKEN(string)The cluster token used in ETCD during bootstrap (only available in standalone mode)etcd-server
ANKA_LISTEN_CLIENT_URLS(string)Comma separated list client urls for ETCD to use (only available in standalone mode)http://127.0.0.1:2379
ANKA_LISTEN_PEER_URLS(string)Comma separated list of peer urls for ETCD to use (only available in standalone mode)http://0.0.0.0:2380
ANKA_NAME(string)The name for your ETCD server (only available in standalone mode)anka-etcd

Authentication and Authorization

ENVTypeDescriptionDefault Value
ANKA_API_KEY_FILE(string)The API Key client file used for authentication. Takes precedence over api-key-string.
ANKA_API_KEY_ID(string)The API Key client id used for authentication.
ANKA_API_KEY_STRING(string)The API Key client string used for authentication.
ANKA_API_KEYS_CLEANING_INTERVAL(duration)The interval for cleaning of expired api keys.4h0m0s
ANKA_API_KEYS_SESSION_TTL(duration)The API Keys session TTL (used for automatic expiration).5m0s
ANKA_CA_CERT(string)(Certificate Authentication) The CA/root cert used to authenticate incoming requests/certs.
ANKA_CLIENT_CERT(string)(Certificate Authentication) The Controller will use this when making http requests, mainly to the Registry
ANKA_CLIENT_CERT_KEY(string)(Certificate Authentication) The Controller will use this when making http requests, mainly to the Registry
ANKA_CLIENT_KEYPASS(string)(Certificate Authentication) Password for certificate and keystore (optional)
ANKA_CLIENT_KEYSTORE(string)(Certificate Authentication) A client keystore file in pkcs12 format; The Controller will use this when making http requests (mainly to the Registry).
ANKA_ENABLE_API_KEYS(boolean)Enable API Key Authentication.false
ANKA_ENABLE_AUTH(boolean)Enable Authentication (Root Token, Certificate, SSO/OpenID or API Keys) (Not to be confused with Authorization).false
ANKA_ENABLE_CONTROLLER_AUTHORIZATION(boolean)Enable Authorization (Users, groups, permission control for specific certificates) in the Controller.false
ANKA_ETCD_CA_CERT(string)(ETCD Certificate Authentication) The Etcd client will use this when connecting to the cluster.
ANKA_ETCD_CERT(string)(ETCD Certificate Authentication) The ETCD client will use this when connecting to the cluster.
ANKA_ETCD_CERT_KEY(string)(ETCD Certificate Authentication) The ETCD client will use this when connecting to the cluster.
ANKA_ETCD_PASSWORD(string)(ETCD Certificate Authentication) ETCD Password to use for login.
ANKA_ETCD_USERNAME(string)(ETCD Certificate Authentication) ETCD Username to use for login.
ANKA_OIDC_CLIENT_ID(string)(OpenID/SSO) Client id
ANKA_OIDC_DISPLAY_NAME(string)(OpenID/SSO) Name to display on login page
ANKA_OIDC_GROUPS_CLAIM(string)(OpenID/SSO) Claim key to use for groups, defaults to groupsgroups
ANKA_OIDC_PROVIDER_URL(string)(OpenID/SSO) Provider url
ANKA_OIDC_USERNAME_CLAIM(string)(OpenID/SSO) Claim key to use for user name, defaults to name
ANKA_ROOT_CERT(string)(Certificate Authentication) Alias of ca-cert
ANKA_ROOT_TOKEN(string)Sets the basic auth token that will be used for accessing the Controller UI and API (username is ‘root’).
ANKA_SKIP_ETCD_TLS_VERIFICATION(boolean)(ETCD Certificate Authentication) Don’t verify ETCD TLS certificates (for self signed certificates).false
ANKA_USE_ETCD_LOGIN(boolean)(ETCD Certificate Authentication) Enable ETCD client login with username and password.false
ANKA_USE_ETCD_TLS(boolean)(ETCD Certificate Authentication) Use TLS certificates for authentication with ETCD cluster.false

Separate Queue Interface

This is an advanced feature, it allows you to have a second http interface that will be used only by the cluster’s Nodes
You must join your nodes with --skip-tests.
ENVTypeDescriptionDefault Value
ANKA_CLEAN_QUEUES_INTERVAL(duration)The interval to clean the queues (delete any tasks older than 24 hours), 0 to disable1h0m0s
ANKA_ENABLE_QUEUE_AUTH(boolean)Enable queue Authenticationfalse
ANKA_QUEUE_ADDR(string)The address to use for the queue (format: “0.0.0.0:[port]”)
ANKA_QUEUE_CA_CERT(string)The HTTPS/TLS CA cert for the queue
ANKA_QUEUE_SERVER_CERT(string)The HTTPS/TLS certificate file in PEM format for the queue
ANKA_QUEUE_SERVER_KEY(string)The HTTPS/TLS private key in PEM format for the queue
ANKA_USE_QUEUE_TLS(boolean)Enable queue HTTPS/TLSfalse

Performance / Task Management

ENVTypeDescriptionDefault Value
ANKA_BATCH_TASK_COUNT(int)The number of tasks to get from the queue in one request (max 40)2
ANKA_DIAL_TIMEOUT(duration)set http dial timeout5s
ANKA_ETCD_REQUEST_TIMEOUT(duration)Client side timeout for ETCD requests20s
ANKA_INSTANCE_ACTIVE_TIMEOUT(duration)How long before an instance is declared as ’not communicating'2m0s
ANKA_MAX_IDLE_CONNECTION_PER_HOST(int)set mac idle connections per host50
ANKA_NODE_ACTIVE_TIMEOUT(duration)How long before a node is declared as ‘offline’2m0s
ANKA_NUM_HTTP_RETRIES(int)Number of times to retry on http error > 4005
ANKA_REQUEST_TIMEOUT(duration)set http request timeout15s
ANKA_SCHEDULER_INTERVAL(duration)The interval for checking scheduled tasks30m0s
ANKA_TLS_HANDSHAKE_TIMEOUT(duration)set tls handshake timeout5s

Internal

These are used internally. It’s recommended that you don’t modify them unless absolutely necessary
ENVTypeDescriptionDefault Value
ANKA_ALLOW_CORS(boolean)Add Access-Control-Allow-Origin to all routesfalse
ANKA_NO_NODE_UPGRADES(boolean)Set this flag to true to turn off automatic node upgradefalse
ANKA_VRAMTHRESHOLD(float)The minimum RAM percentage threshold to use for the UI graph0

Other

ENVTypeDescriptionDefault Value
ANKA_ALLOW_EMPTY_REGISTRY(boolean)Allow controller to start without an external registry address (not recommended)false

General & Commonly used (standalone registry)

ENVTypeDescriptionDefault Value
ANKA_INTERNAL_LISTEN_ADDR(string)The secondary address and port to listen on. This is for situations where the Controller and Registry are on the same network and you want to use localhost/local DNS for communication between them (format: “http[s]://address:[port]”).
ANKA_LISTEN_ADDR(string)The address and port to listen on (format: “http[s]://address:[port]”).
ANKA_VM_LIST_CACHE_TTL(duration)Template information cache TTL30s

Logging (standalone registry)

ENVTypeDescriptionDefault Value
ANKA_ACCESS_LOGS(boolean)Enables registry access logs.false
ANKA_CMD_LOG_MAX_DAYS(int)Number of days to keep cmd logs (0 will use the value in log-max-days).7
ANKA_CMD_LOG_MAX_MB(int)MB limit for cmd log files (0 will use the value in log-max-mb).1024
ANKA_ENABLE_CENTRAL_LOGGING(boolean)Enables central logging. This will forward all logs available to the service into the registry’s data directory using the REST API of the Registry.false
ANKA_ERROR_LOG_MAX_DAYS(int)Number of days to keep error logs (0 will use the value in log-max-days).3
ANKA_ERROR_LOG_MAX_MB(int)MB limit for error log files (0 will use the value in log-max-mb).200
ANKA_FILES_DIR(string)The directory to store non-VM related files./files
ANKA_INFO_LOG_MAX_DAYS(int)Number of days to keep info logs (0 will use the value in log-max-days).0
ANKA_INFO_LOG_MAX_MB(int)MB limit for info log files (0 will use the value in log-max-mb).0
ANKA_KEEP_LOGS_FOR(int)The number of days to keep individual centralized logs.7
ANKA_LOG_MAX_DAYS(int)Number of days to keep logs for all log types unless otherwise defined.7
ANKA_LOG_MAX_MB(int)MB limit for log files, for all log types unless otherwise defined.700
ANKA_LOG_SERVER_BACKEND_TYPE(string)The log server backend type, either ‘disk’ or ‘azure’.disk
ANKA_LOG_SERVER_ADDR(string)The address and port the registry will send logs to. This is useful if you have multiple registries and only one is used for logging centralization (format: “http[s]://address:[port]”).
ANKA_LOGS_DIR(string)The directory to store centralized log files (relative to files-dir)./central-logs
ANKA_MAX_LOG_SIZE(int)The maximum size for a centralized log file in MB.1024
ANKA_ROTATE_LOG_FILES_AT_MAX_FILE_SIZE(boolean)Enable rotatation of centralized log files when they reach the size specified in max-log-size.true
ANKA_ROTATE_LOG_FILES_END_OF_DAY(boolean)Enable rotatation of centralized log files at the end of each day.false

HTTPS / TLS (standalone registry)

ENVTypeDescriptionDefault Value
ANKA_CIPHER_SUITES(string)A list of cipher suites to use for HTTPS/TLS. Supported Options: tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_128_gcm_sha256, tls_rsa_with_aes_256_gcm_sha384, tls_aes_128_gcm_sha256, tls_aes_256_gcm_sha384, tls_chacha20_poly1305_sha256, tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_cbc_sha, tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_aes_128_gcm_sha256, tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_chacha20_poly1305_sha256, tls_ecdhe_ecdsa_with_chacha20_poly1305_sha256
ANKA_MAX_TLS_VERSION(string)The max tls version to use with HTTPS/TLS. Supported Options: tls_1.0, tls_1.1, tls_1.2, tls_1.3
ANKA_MIN_TLS_VERSION(string)The min tls version to use with HTTPS/TLS. Supported Options: tls_1.0, tls_1.1, tls_1.2, tls_1.3
ANKA_SERVER_CERT(string)The path to a HTTPS/TLS certificate file in PEM format.
ANKA_SERVER_KEY(string)The path to a HTTPS/TLS certificate private key file in PEM format.
ANKA_SKIP_TLS_VERIFICATION(boolean)Disable verification of the HTTPS/TLS certificates (for self-signed certs).false
ANKA_USE_HTTPS(boolean)Enable the HTTPS/TLS protocol for the UI and API (requires server-cert & server-key).false
ANKA_USE_HTTPS_INTERNAL(boolean)Enable the HTTPS/TLS protocol for the internal_listen_addr address/port.false

Authentication / Authorization (standalone registry)

ENVTypeDescriptionDefault Value
ANKA_API_KEYS_CLEANING_INTERVAL(duration)The interval for cleaning of expired api keys.4h0m0s
ANKA_API_KEYS_SESSION_TTL(duration)The API Keys session TTL (used for automatic expiration).5m0s
ANKA_BACKEND_PLUGIN_PATH(string)The path to a backend plugin (instead of using disk)
ANKA_CA_CERT(string)(Certificate Authentication) The CA/root cert used to authenticate incoming requests/certs.
ANKA_ENABLE_API_KEYS(boolean)Enable API Key Authentication.false
ANKA_ENABLE_AUTH(boolean)Enable Authentication (Root Token, Certificate, SSO/OpenID or API Keys) (Not to be confused with Authorization).false
ANKA_ENABLE_AUTHORIZATION(boolean)Enable Authorization for the standalone registry.false
ANKA_OIDC_CLIENT_ID(string)(OpenID/SSO) Client id
ANKA_OIDC_GROUPS_CLAIM(string)(OpenID/SSO) Claim key to use for groups, defaults to groupsgroups
ANKA_OIDC_PROVIDER_URL(string)(OpenID/SSO) Provider url
ANKA_OIDC_USERNAME_CLAIM(string)(OpenID/SSO) Claim key to use for user name, defaults to name
ANKA_ROOT_TOKEN(string)Sets the basic auth token that will be used for accessing the API (username is ‘root’).
ANKA_USE_BACKEND_PLUGIN(boolean)Turns on usage of backend plugin provided by backend-plugin-pathfalse