a9s MongoDB SPI Configuration
This document describes a9s MongoDB SPI configuration.
Summary
Custom Parameter Configuration
The a9s MongoDB SPI handles custom parameters for all Service Instances. It does configuration and validation of custom parameters.
The a9s MongoDB SPI defines default values for certain custom parameters. Also, it defines whether a custom parameter can be set by the application developer.
The Platform Operator can overwrite those choices by changing the a9s MongoDB SPI configuration. The Platform Operator
has to configure the property mongodb-spi.service_instance.custom_param_config. The property value must be a hash.
Every key in that hash stands for a custom parameter and the value for every key contains the configuration for that
particular parameter. The configuration for a particular param is a hash consisting of the following optional keys:
default_value and modifiable. The key default_value specifies the default value for that parameter and
modifiable specifies whether the Application Developer is allowed to set that custom parameter. For example:
mongodb-spi:
service_instance:
custom_param_config:
ssl_min_protocol_version:
default_value: TLSv1
modifiable: true
Default Custom Parameter Configuration
The following table contains custom parameters that are configurable by the Platform Operator. The meaning of those custom parameters can be read in the Application Developer documentation for a9s MongoDB SPI.
| Name | Default value | Is modifiable |
|---|---|---|
ssl_ciphers | HIGH:!EXPORT:!aNULL@STRENGTH | true |
ssl_min_protocol_version | TLSv1 | true |
set_cluster_parameter | { 'changeSteamOptions': { 'preAndPostImages': { 'expireAfterSeconds': 'off' } } } | false |
ssl_ciphers
The parameter ssl_ciphers corresponds to the MongoDB parameter opensslCipherConfig.
a9s MongoDB SPI does no validation for the ssl_ciphers value except that it must be of type string or
null (use default value).
ssl_min_protocol_version
The parameter ssl_min_protoctol_version currently has no effect.
set_cluster_parameter
The parameter set_cluster_parameter corressponds to the MongoDB parameter setClusterParameter.
Currently, only the expireAfterSeconds parameter field of the changeStreamOptions cluster parameter is supported.
This parameter field controls how long MongoDB retains pre- and post-images. Pre-and post-images are the versions of a
document before and after it has been modified.
The accepted values for expireAfterSeconds are either off or an integer value greater or equal to 0.
When expireAfterSeconds is set to off, MongoDB uses the default retention policy, meaning that pre-and post-images
are retained until the corresponding change stream events are removed from the oplog.
To set the minimum pre- and post-image retention time, specify an positive integer value for expireAfterSeconds.
The default value of the set_cluster_parameter can be set by applying the following configuration on the MongoDB-SPI:
mongodb-spi:
service_instance:
custom_param_config:
set_cluster_parameter:
default_value:
changeStreamOptions:
preAndPostImages:
expireAfterSeconds: 1234
modifiable: true
See the MongoDB documentation - changeStreamOptions for more details on this parameter.
Example Configuration
Let's build an imaginary example.
The default value for the custom parameter ssl_min_protocol_version should be TLSv1.3. Additionally, the Application
Developer should not be allowed to set ssl_min_protocol_version.
Then the configuration must look the following way:
mongodb-spi:
service_instance:
custom_param_config:
ssl_min_protocol_version:
default_value: TLSv1.3
modifiable: false
Per Plan Configuration
Take a look at Service Plans documentation if you want to configure the custom parameters per plan.
Notes
Additional custom parameters will be made available over time. We do not make all available custom parameters the SPIs knows about available to the Platform Operator from the beginning.
During the SPI startup, the configuration the Platform Operator made will be checked. When it's invalid, the SPI will not start up.
mongodb-spi.protocols
For more details on this property, please refer to the a9s Framework TLS configuration documentation.