3.1. Startup configuration

This is the non-reloadable part of the configuration. halon-policyd loads the non-reloadable configuration from /etc/halon/policyd.yaml.

3.1.1. Listener directives

listeners[].port

Which TCP port to listen on. Required

listeners[].address

IPv4 or IPv6 address to listen on. The default is to listen to all IPv4 and IPv6 addresses.

listeners[].pki

The X.509 certificate and private key to use for transport security. The private key and certificate should have either a path or data property.

pki:
  certificate:
    data: |-
      -----BEGIN CERTIFICATE-----
      ...
  privatekey:
    data: |-
      -----BEGIN PRIVATE KEY-----
      ...
listeners[].pki.certificate

The X.509 certificate to use for transport security. The public certificate should have either a path or data property.

listeners[].pki.privatekey

The X.509 private key to use for transport security. The private key should have either a path or data property.

3.1.2. WebSocket directives

websocket.listener.port

Which TCP port to listen on. Required

websocket.listener.address

IPv4 or IPv6 address to listen on. The default is to listen to all IPv4 and IPv6 addresses.

websocket.listener.pki

The X.509 certificate and private key to use for transport security. The private key and certificate should have either a path or data property.

pki:
  certificate:
    data: |-
      -----BEGIN CERTIFICATE-----
      ...
  privatekey:
    data: |-
      -----BEGIN PRIVATE KEY-----
      ...
websocket.listener.pki.certificate

The X.509 certificate to use for transport security. The public certificate should have either a path or data property.

websocket.listener.pki.privatekey

The X.509 private key to use for transport security. The private key should have either a path or data property.

3.1.3. Elasticsearch directives

elasticsearch

The settings for Elasticsearch. Required

elasticsearch.index.history

The index for storing history events. Required

elasticsearch.index.actions

The index for storing action events. Required

elasticsearch.nodes[]

A list of Elasticsearch nodes. Required

elasticsearch.nodes[].url

The Elasticsearch URL to connect to. Required

elasticsearch.auth

Specify any credentials for authentication.

elasticsearch.auth.username

The username for basic authentication.

elasticsearch.auth.password

The password for basic authentication.

elasticsearch.tls.verify

If the server certificate should be verified. The default is true.

stats.path

The directory where statistics files will be written. Required