Configuration Sections
Advanced Usage
Configuration of CSE parameters is done through a configuration file. This file contains all configurable and customizable settings for the CSE. It is optional, and settings in this file overwrite the CSE's default values.
It follows the Windows INI file format with sections, setting and values. A configuration file may include comments, prefixed with the characters "#"" or ";"" .
Also, some settings can be applied via the command line when starting the CSE. These command line arguments overwrite the settings in the configuration file.
Changes should only be done to a copy of the default configuration file.
A default configuration file is provided with the file acme.ini.default. Don't make changes to this file, but rather copy it to a new file named acme.ini, which is the default configuration file name. You can use another filename, but must then specify it with the --config command line argument when running the (see Running the CSE).
It is sufficient to only add the settings to the configuration file that need to be different from the default settings. All other settings are read from the default config file acme.ini.default.
If the specified or the default acme.ini could not be found then an interactive procedure is started to generate a file with basic configuration settings. You can add further configurations if necessary by copying sections and settings from acme.ini.default.
In addition to assigning individual values for configurations settings you can use
settings interpolation which allows you to
reference settings from the same or from other sections. The syntax to denote a value from a section is ${section:option}.
A built-in configuration setting that points to the base-directory of the CSE installation can be
referenced by the interpolation ${basic.config:baseDirectory}.
Example:
[cse]
resourcesPath=${basic.config:baseDirectory}/initThe following tables provide detailed descriptions of all the possible CSE configuration settings.
[cse] - General CSE Settings
[cse.announcements] - Settings for Resource Announcements
[cse.operation.jobs] - CSE Operations Settings - Jobs
[cse.operation.requests] - CSE Operations Settings - Requests
[cse.registration] - Settings for Self-Registrations
[cse.registrar] - Settings for Remote CSE Access
[cse.security] - General Security Settings
[cse.statistics] - Statistic Settings
[console] - Console Settings
[database] - Database Settings
[http] - HTTP Server Settings
[http.security] - HTTP Security Settings
[http.cors] - HTTP CORS (Cross-Origin Resource Sharing) Settings
[http.wsgi] - HTTP WSGI (Web Server Gateway Interface) Settings
[logging] - Logging Settings
[mqtt] - MQTT Client Settings
[mqtt.security] - MQTT Security Settings
[resource.acp] - Resource defaults: Access Control Policies
[resource.actr] - Resource defaults: Action
[resource.cnt] - Resource Defaults: Container
[resource.grp] - Resource Defaults: Group
[resource.lcp] - Resource Defaults: LocationPolicy
[resource.req] - Resource Defaults: Request
[resource.sub] - Resource Defaults: Subscription
[resource.ts] - Resource Defaults: TimeSeries
[resource.tsb] - Resource Defaults: TimeSyncBeacon
[scripting] - Scripting Settings
[textui] - Text UI Settings
[webui] - Web UI Settings
| Setting | Description | Configuration Name |
|---|---|---|
| asyncSubscriptionNotifications | Enable or disable asynchronous notification for normal runtime subscription notifications. Default: true |
cse.asyncSubscriptionNotifications |
| checkExpirationsInterval | Interval to check for expired resources. 0 means "no checking". Default: 60 seconds |
cse.checkExpirationsInterval |
| cseID | The CSE ID. A CSE-ID must start with a /. Default: id-in |
cse.cseID |
| defaultSerialization | Indicate the serialization format if none was given in a request and cannot be determined otherwise. Allowed values: json, cbor. Default: json |
cse.defaultSerialization |
| enableRemoteCSE | Enable remote CSE registration and checking. See also command line arguments –-remote-cse and -–no-remote-cse. Default: true |
cse.enableRemoteCSE |
| enableResourceExpiration | Enable resource expiration. If disabled resources will not be expired when the "expirationTimestamp" is reached. Default: true |
cse.enableResourceExpiration |
| enableSubscriptionVerificationRequests | Enable or disable verification requests when creating a new subscription. Default: true |
cse.enableSubscriptionVerificationRequests |
| flexBlockingPreference | Indicate the preference for flexBlocking response types. Allowed values: "blocking", "nonblocking". Default: blocking |
cse.flexBlockingPreference |
| maxExpirationDelta | Default and maximum expirationTime allowed for resources in seconds. Default: 6060243655 = 157680000 seconds = 5 years |
cse.maxExpirationDelta |
| originator | Admin originator for the CSE. Default: CAdmin |
cse.originator |
| releaseVersion | The release version indicator for requests. Allowed values: see setting of supportedReleaseVersions. Default: 4 |
cse.releaseVersion |
| requestExpirationDelta | Expiration time for requests sent by the CSE in seconds Default: 10.0 seconds |
cse.requestExpirationDelta |
| resourceID | The <CSEBase> resource's resource ID. This should be the same value as cseID without the leading "/". Can be overwritten in imported CSE definition. Default: id-in |
cse.resourceID |
| resourceName | The CSE's resource name or CSE-Name. Can be overwritten in imported CSE definition. Default: cse-in |
cse.resourceName |
| resourcesPath | Directory of default resources to import. See also command line argument –-import-directory. Default: ./init |
cse.resourcesPath |
| sendToFromInResponses | Indicate whether the optional "to" and "from" parameters shall be sent in responses. Default: true |
cse.sendToFromInResponses |
| serviceProviderID | The CSE's service provider ID. Default: acme.example.com |
cse.serviceProviderID |
| sortDiscoveredResources | Enable alphabetical sorting of discovery results. Default: true |
cse.sortDiscoveredResources |
| supportedReleaseVersions | A comma-separated list of supported release versions. This list can contain a single or multiple values. Default: 2a,3,4,5 |
cse.supportedReleaseVersions |
| type | The CSE type. Allowed values: IN, MN, ASN. Default: IN |
cse.type |
| Setting | Description | Configuration Name |
|---|---|---|
| enableACPChecks | Enable access control checks. Default: true |
cse.security.enableACPChecks |
| fullAccessAdmin | Always grant the admin originator full access (bypass access checks). Default: True |
cse.security.fullAccessAdmin |
| Setting | Description | Configuration Name |
|---|---|---|
| balanceTarget | Thread Pool Management: Target balance between paused and running jobs (n paused for 1 running threads). Default: 3.0 |
cse.operation.jobs.balanceTarget |
| balanceLatency | Thread Pool Management: Number of get / create requests for a new thread before performing a balance check. A latency of 0 disables the thread pool balancing. Default: 1000 |
cse.operation.jobs.balanceLatency |
| balanceReduceFactor | Thread Pool Management: The factor to reduce the paused jobs (number of paused / balanceReduceFactor) in a balance check. Example: a factor of 2.0 reduces the number of paused threads by half in a single balance check. Default: 2.0 |
cse.operation.jobs.balanceReduceFactor |
| Setting | Description | Configuration Name |
|---|---|---|
| enable | Enable request recording. Default: False |
cse.operation.requests.enable |
| size | Maximum number of requests to be stored. Oldest requests will be deleted when this threshold is reached. Note, that a large number of requests might take a moment to be displayed in the console or UIs. Default: 250 |
cse.operation.requests.size |
| Setting | Description | Configuration Name |
|---|---|---|
| port | Port to listen to. Default: 8080 |
http.port |
| listenIF | Interface to listen to. Use 0.0.0.0 for "all" interfaces. Default:0.0.0.0 |
http.listenIF |
| address | Own address. Should be a local/public reachable address. Default: http://127.0.0.1:8080 |
http.address |
| root | CSE Server root. Never provide a trailing /. Default: empty string |
http.root |
| enableRemoteConfiguration | Enable an endpoint for get and set certain configuration values via a REST interface. ATTENTION: Enabling this feature exposes configuration values, IDs and passwords, and is a security risk. Default: false |
http.enableRemoteConfiguration |
| enableStructureEndpoint | Enable an endpoint for getting a structured overview about a CSE's resource tree and deployment infrastructure (remote CSE's). ATTENTION: Enabling this feature exposes various potentially sensitive information. See also the [console].hideResources setting to hide resources from the tree. Default: false |
http.enableStructureEndpoint |
| enableUpperTesterEndpoint | Enable an endpoint for supporting Upper Tester commands to the CSE. This is to support certain testing and certification systems. See oneM2M's TS-0019 for further details. ATTENTION: Enabling this feature may lead to a total loss of data. Default: false |
http.enableUpperTesterEndpoint |
| allowPatchForDelete | Allow the http PATCH method to be used as a replacement for the DELETE method. This is useful for constraint devices that only support http/1.0, which doesn't specify the DELETE method. Default: False |
http.allowPatchForDelete |
| timeout | Timeout when sending http requests and waiting for responses. Default: 10.0 seconds |
http.timeout |
| Setting | Description | Configuration Name |
|---|---|---|
| useTLS | Enable TLS for communications. This can be overridden by the command line arguments --http and --https. See oneM2M TS-0003 Clause 8.2.1 "Overview on Security Association Establishment Frameworks". Default: False |
http.security.useTLS |
| tlsVersion | TLS version to be used in connections. Allowed versions: TLS1.1, TLS1.2, auto . Use "auto" to allow client-server certificate version negotiation. Default: auto |
http.security.tlsVersion |
| verifyCertificate | Verify certificates in requests. Set to False when using self-signed certificates. Default: False |
http.security.verifyCertificate |
| caCertificateFile | Path and filename of the certificate file. Default: None |
http.security.caCertificateFile |
| caPrivateKeyFile | Path and filename of the private key file. Default: None |
http.security.caPrivateKeyFile |
| enableBasicAuth | Enable basic authentication for the HTTP binding. Default: false |
http.security.enableBasicAuth |
| enableTokenAuth | Enable token authentication for the HTTP binding. Default: false |
http.security.enableTokenAuth |
| basicAuthFile | Path and filename of the http basic authentication file. The file must contain lines with the format "username:password". Comments are lines starting with a #. Default: certs/http_basic_auth.txt |
http.security.basicAuthFile |
| tokenAuthFile | Path and filename of the http bearer token authentication file. The file must contain lines with the format "token". Comments are lines starting with a #. Default: certs/http_token_auth.txt |
http.security.tokenAuthFile |
| Setting | Description | Configuration Name |
|---|---|---|
| enable | Enable CORS support for the HTTP binding. Default: false |
http.cors.enable |
| resources | A comma separated list of allowed resource paths. The list elements could be regular expressions. Default: "/*" , ie. all resources under the HTTP server's root |
http.cors.resources |
| Setting | Description | Configuration Name |
|---|---|---|
| enable | Enable WSGI support for the HTTP binding. Default: false |
http.wsgi.enable |
| threadPoolSize | The number of threads used to process requests. This number should be of similar size as the connectionLimit setting. Default: 100 |
http.wsgi.threadPoolSize |
| connectionLimit | The number of possible parallel connections that can be accepted by the WSGI server. Note: One connection uses one system file descriptor. Default: 100 |
http.wsgi.connectionLimit |
| Setting | Description | Configuration Name |
|---|---|---|
| enable | Enable the MQTT binding. Default: False |
mqtt.enable |
| address | The hostname of the MQTT broker. Default; 127.0.0.1 |
mqtt.address |
| port | Set the port for the MQTT broker. Default: 1883, or 8883 for TLS |
mqtt.port |
| listenIF | Interface to listen to. Use 0.0.0.0 for "all" interfaces. Default:0.0.0.0 |
mqtt.listenIF |
| keepalive | Value for the MQTT connection's keep-alive parameter in seconds. Default: 60 seconds |
mqtt.keepalive |
| topicPrefix | Optional prefix for topics. Default: empty string |
mqtt.topicPrefix |
| timeout | Timeout when sending MQTT requests and waiting for responses. Default: 10.0 seconds |
mqtt.timeout |
| Setting | Description | Configuration Name |
|---|---|---|
| username | The username for MQTT broker authentication if required by the broker. Default: None |
mqtt.security.username |
| password | The password for MQTT broker authentication. Default: None |
mqtt.security.password |
| useTLS | Enable TLS for communications with the MQTT broker. Default: False |
mqtt.security.useTLS |
| verifyCertificate | Verify certificates in requests. Set to False when using self-signed certificates.. Default: False |
mqtt.security.verifyCertificate |
| caCertificateFile | Path and filename of the certificate file. Default: None |
mqtt.security.caCertificateFile |
| allowedCredentialIDs | List of credential-IDs that can be used to register an AE via MQTT. If this list is empty then all credential IDs are allowed. This is a comma-separated list. Wildcards (* and ?) are supported. Default: empty list |
mqtt.security.allowedCredentialIDs |
| Setting | Description | Configuration Name |
|---|---|---|
| path | Directory for the database files. Default: ./data |
database.path |
| inMemory | Operate the database in in-memory mode. Attention: No data is stored persistently. See also command line argument --db-storage. Default: false |
database.inMemory |
| cacheSize | Cache size in bytes, or 0 to disable caching. Default: 0 |
database.cacheSize |
| resetOnStartup | Reset the databases at startup. See also command line argument --db-reset. Default: false |
database.resetOnStartup |
| writeDelay | Delay in seconds before new data is written to disk to avoid trashing. Must be full seconds- Default: 1 second |
database.writeDelay |
| Setting | Description | Configuration Name |
|---|---|---|
| enableFileLogging | Enable logging to file. Default: false |
logging.enableFileLogging |
| enableScreenLogging | Enable logging to the screen. Default: true |
logging.enableScreenLogging |
| path | Pathname for log files. Default: ./logs |
logging.path |
| level | Loglevel. Allowed values: debug, info, warning, error, off. See also command line argument –log-level. Default: debug |
logging.level |
| count | Number of files for log rotation. Default: 10 |
logging.count |
| size | Size per log file. Default: 100.000 bytes |
logging.size |
| maxLogMessageLength | Maximum length of a log message. Longer messages will be truncated. A value of 0 means no truncation. Default: 1000 characters |
logging.maxLogMessageLength |
| stackTraceOnError | Print a stack trace when logging an 'error' level message. Default: True |
logging.stackTraceOnError |
| enableBindingsLogging | Enable logging of low-level HTTP & MQTT client events. Default: False |
logging.enableBindingsLogging |
| queueSize | Number of log entries that can be added to the asynchronous queue before blocking. A queue size of 0 means disabling the queue. Default: F5000 entries |
logging.queueSize |
| filter | List of component names to exclude from logging. Default: werkzeug,markdown_it |
logging.filter |
| Setting | Description | Configuration Name |
|---|---|---|
| allowedAEOriginators | List of AE originators that can register. This is a comma-separated list of originators. Wildcards (* and ?) are supported. Default: C*, S* |
cse.registration.allowedAEOriginators |
| allowedCSROriginators | List of CSR originators that can register. This is a comma-separated list of originators. Wildcards (* and ?) are supported. Note: No leading "/" Default: empty list |
cse.registration.allowedCSROriginators |
| checkLiveliness | Check the liveliness of the registrations to the registrar CSE and also from the registree CSEs. Default: True |
cse.registration.checkLiveliness |
| Setting | Description | Configuration Name |
|---|---|---|
| address | URL of the Registrar CSE. Default: no default |
cse.registrar.address |
| root | Registrar CSE root path. Never provide a trailing /. Default: empty string |
cse.registrar.root |
| cseID | CSE-ID of the Registrar CSE. A CSE-ID must start with a /. Default: no default |
cse.registrar.cseID |
| resourceName | The Registrar CSE's resource name. Default: no default |
cse.registrar.resourceName |
| serialization | Specify the serialization type that must be used for the registration to the registrar CSE. Allowed values: json, cbor Default: json |
cse.registrar.serialization |
| checkInterval | This setting specifies the pause in seconds between tries to connect to the configured registrar CSE. This value is also used to check the connectivity to the registrar CSE after a successful registration.. Default: 30 |
cse.registrar.checkInterval |
| excludeCSRAttributes | List of attributes that are excluded when creating a registrar CSR. Default: empty list |
cse.registrar.excludeCSRAttributes |
| Setting | Description | Configuration Name |
|---|---|---|
| checkInterval | Wait n seconds between tries to announce resources to registered remote CSE. Default: 10 |
cse.announcements.checkInterval |
| allowAnnouncementsToHostingCSE | Allow resource announcements to the own hosting CSE. Default: True |
cse.announcements.allowAnnouncementsToHostingCSE |
| delayAfterRegistration | Specify a short delay in seconds before starting announcing resources after a remote CSE has registered at the hosting CSE. Default: 3 seconds. |
cse.announcements.delayAfterRegistration |
| Setting | Description | Configuration Name |
|---|---|---|
| enable | This setting enables or disables the CSE's statistics collection and reporting. Default: True |
cse.statistics.enable |
| writeInterval | This setting specifies the pause, in seconds, between writing the collected statistics to the database. Default: 60 |
cse.statistics.writeInterval |
| Setting | Description | Configuration Name |
|---|---|---|
| selfPermission | Default selfPermission when creating an ACP resource. Default: 51 |
resource.acp.selfPermission |
| Setting | Description | Configuration Name |
|---|---|---|
| ecpContinuous | Default for the evalControlParam attribute, when the evalMode is "continuous". The unit is number. Default: 1000 |
resource.actr.ecpContinuous |
| ecpPeriodic | Default for the evalControlParam attribute, when the evalMode is "periodic". The unit is milliseconds. Default: 10000 ms = 10 s |
resource.actr.ecpPeriodic |
| Setting | Description | Configuration Name |
|---|---|---|
| enableLimits | Enable/disable the default limits. Default: False |
resource.cnt.enableLimits |
| mni | Default for maxNrOfInstances. Default: 10 |
resource.cnt.mni |
| mbs | Default for maxByteSize. Default: 10.000 bytes |
resource.cnt.mbs |
| Setting | Description | Configuration Name |
|---|---|---|
| resultExpirationTime | Set the time for aggregating the results of a group request before interrupting. The format is the time in ms. A value of 0 ms means no timeout. Default: 0 ms |
resource.grp.resultExpirationTime |
| Setting | Description | Configuration Name |
|---|---|---|
| mni | Default for maxNrOfInstances for the LocationPolicy's container. Default: 10 |
resource.lcp.mni |
| mbs | Default for maxByteSize for the LocationPolicy's container. Default: 10.000 bytes |
resource.lcp.mbs |
| Setting | Description | Configuration Name |
|---|---|---|
| expirationTime | A <request> resource's expiration time in seconds. Must be >0. Default: 60 |
resource.req.et |
| Setting | Description | Configuration Name |
|---|---|---|
| batchNotifyDuration | Default for the batchNotify/duration in seconds. Must be >0. Default: 60 seconds |
resource.sub.batchNotifyDuration |
| Setting | Description | Configuration Name |
|---|---|---|
| enableLimits | Enable/disable the default limits. Default: False |
resource.ts.enableLimits |
| mni | Default for maxNrOfInstances. Default: 10 |
resource.ts.mni |
| mbs | Default for maxByteSize. Default: 10.000 bytes |
resource.ts.mbs |
| mdn | Default for missingDataMaxNr. Default: 10 |
resource.ts.mdn |
| Setting | Description | Configuration Name |
|---|---|---|
| bcni | Default timeSyncBeacon interval. This is the duration between to beacon notifications sent by the CSE to an AE or CSE.T he format must be an ISO8601 duration. Default: PT1H = 1 hour |
resource.tsb.bcni |
| bcnt | Default timeSyncBeacon threshold. When this time threshold is passed then a beacon notifications is sent to an AE or CSE. Default: 10.0 seconds |
resource.ts.bcnt |
| Setting | Description | Configuration Name |
|---|---|---|
| confirmQuit | Quitting the console needs to be confirmed. This may not work under Windows, so it is switched off by default. Default: False |
console.confirmQuit |
| headless | Run the CSE in headless mode, i.e. without a console and without screen logging. Default: False |
console.headless |
| hideResources | Hide certain resources from display in the console. This is a list of resource identifiers. Wildcards are allowed. Default: Empty list |
console.hideResources |
| refreshInterval | Interval for continuously refreshing information displays. Must be > 0.0 Default: 2.0 seconds |
console.refreshInterval |
| theme | Set the color theme for the console. Allowed values are "dark" and "light". Default: dark |
console.theme |
| treeIncludeVirtualResources | Show virtual resources in the console's and structure endpoint's tree view.. Default: False |
console.treeIncludeVirtualResources |
| treeMode | Set the mode how resources and their content are presented in the console's and structure endpoint's tree view. Allowed values: normal, compact, content, contentOnly Default: normal |
console.treeMode |
| Setting | Description | Configuration Name |
|---|---|---|
| startWithTUI | Show the text UI after startup. See also command line argument –-textui. Default: False |
textui.startWithTUI |
| theme | Set the color theme for the text UI. Allowed values are "dark" and "light". Default: same as [console].theme |
textui.theme |
| refreshInterval | Interval for refreshing various views in the text UI. Default: 2.0 |
textui.refreshInterval |
| Setting | Description | Configuration Name |
|---|---|---|
| scriptDirectories | Add one or multiple directory paths to look for scripts, in addition to the ones in the "init" directory. Must be a comma-separated list. Default: not set |
scripting.scriptDirectories |
| verbose | Enable debug output during script execution, such as the current executed line. Default: False |
scripting.verbose |
| fileMonitoringInterval | Set the interval to check for new files in the script (init) directory. 0 means disable monitoring. Must be >= 0.0. Default: 2.0 seconds |
scripting.fileMonitoringInterval |
| maxRuntime | Set the timeout for script execution in seconds. 0.0 seconds means no timeout. Must be >= 0.0. Default: 60.0 seconds |
scripting.maxRuntime |
| Setting | Description | Configuration Name |
|---|---|---|
| root | Root path of the web UI. Default: /webui |
webui.root |
Configuration values can be referenced by their respective configuration name and used when importing resources.
The following configuration names are supported in addition to those defined in the sections below. They are set by the CSE at runtime.
| Configuration name | Description |
|---|---|
| configfile | Name of the configuration file. |
| packageDirectory | Path to the ACME package directory. |