3.1. Startup configuration
This is the non-reloadable part of the configuration.
halon-policyd loads the non-reloadable configuration from /etc/halon/policyd.yaml
.
3.1.1. Listener directives
- listeners[].port
Which TCP port to listen on. Required
- listeners[].address
IPv4 or IPv6 address to listen on. The default is to listen to all IPv4 and IPv6 addresses.
- listeners[].pki
The X.509 certificate and private key to use for transport security. The private key and certificate should have either a
path
ordata
property.pki: certificate: data: |- -----BEGIN CERTIFICATE----- ... privatekey: data: |- -----BEGIN PRIVATE KEY----- ...
- listeners[].pki.certificate
The X.509 certificate to use for transport security. The public certificate should have either a
path
ordata
property.
- listeners[].pki.privatekey
The X.509 private key to use for transport security. The private key should have either a
path
ordata
property.
3.1.2. WebSocket directives
- websocket.listener.port
Which TCP port to listen on. Required
- websocket.listener.address
IPv4 or IPv6 address to listen on. The default is to listen to all IPv4 and IPv6 addresses.
- websocket.listener.pki
The X.509 certificate and private key to use for transport security. The private key and certificate should have either a
path
ordata
property.pki: certificate: data: |- -----BEGIN CERTIFICATE----- ... privatekey: data: |- -----BEGIN PRIVATE KEY----- ...
- websocket.listener.pki.certificate
The X.509 certificate to use for transport security. The public certificate should have either a
path
ordata
property.
- websocket.listener.pki.privatekey
The X.509 private key to use for transport security. The private key should have either a
path
ordata
property.
3.1.3. Elasticsearch directives
- elasticsearch
The settings for Elasticsearch. Required
- elasticsearch.index.history
The index for storing history events. Required
- elasticsearch.index.actions
The index for storing action events. Required
- elasticsearch.nodes[]
A list of Elasticsearch nodes. Required
- elasticsearch.nodes[].url
The Elasticsearch URL to connect to. Required
- elasticsearch.auth
Specify any credentials for authentication.
- elasticsearch.auth.username
The username for basic authentication.
- elasticsearch.auth.password
The password for basic authentication.
- elasticsearch.tls.verify
If the server certificate should be verified. The default is true.
- stats.path
The directory where statistics files will be written. Required