User Community Service Desk Downloads
If you can't find the product or version you're looking for, visit support.ataccama.com/downloads

Neighbors Configuration

In on-premise deployments, the following properties configure the Neighbors microservice and are provided in the configuration file term-suggestions-neighbors/etc/application.properties.

General Configuration

Property Data Type Description

ataccama.one.apyc.config.etc-location

String

The path to the etc/application.properties file. Default value: ${ataccama.path.etc}/application.properties.

ataccama.one.apyc.config.location

String

The location of the default application.properties file. The default value of this property can be overwritten only through environment variables, otherwise the change is ignored. Default value: ${ataccama.path.lib}/application.properties.

ataccama.path.doc

String

The location of the doc folder of the microservice. Default value: ${ataccama.path.root}/doc.

ataccama.path.etc

String

The location of the etc folder of the microservice. The etc/application.properties path is relative to this path. The default value of this property can be overwritten only through environment variables and the default application.properties file. Otherwise, the change is ignored, which can lead to unexpected behavior. Default value: ${ataccama.path.root}/etc.

ataccama.path.lib

String

The location of the lib folder of the microservice. The default application.properties path is relative to this path. The default value of this property can be overwritten only through environment variables, otherwise the change is ignored. Default value: ${ataccama.path.root}/lib.

ataccama.path.log

String

The location of the log folder of the microservice. Default value: ${ataccama.path.root}/log.

ataccama.path.migrations

String

The location of the migrations folder of the microservice. Default value: ${ataccama.path.lib}/migrations.

ataccama.path.root

String

The location of the root folder of the microservice. Some configuration paths are defined relatively to this path. The default value of this property can be overwritten only through environment variables, otherwise the change is ignored. Default value: ..

ataccama.path.tmp

String

The location of the tmp folder of the microservice. Default value: ${ataccama.path.root}/temp.

Health

Property Data Type Description

ataccama.one.apyc.heartbeat_timeout

Number

The timeout period during which the microservice and its subcomponents need to report as running, otherwise the whole microservice becomes unhealthy and its status changes to DOWN. The microservice also proactively shuts itself down when it registers such a situation. Default value: 120.

Logging

Property Data Type Description

ataccama.logging.json-console-appender

Boolean

Enables JSON console appender. Only one console appender can be enabled at a time.

ataccama.logging.json-file-appender

Boolean

Enables JSON file appender. Only one file appender can be enabled at a time.

ataccama.logging.plain-text-console-appender

Boolean

Enables plain text console appender. Only one console appender can be enabled at a time.

ataccama.logging.plain-text-file-appender

Boolean

Enables plain text file appender. Only one file appender can be enabled at a time.

ataccama.one.apyc.logging.compression

String

A compression or archive format to which log files should be converted when they are closed. Default value: zip.

ataccama.one.apyc.logging.filename

String

The name of the file used by the file appender. Default value: ${ataccama.path.log}/{self.microservice_id.module_name}_{self.microservice_id.microservice_name}.log.

ataccama.one.apyc.logging.rotation

String

Indicates how often the current log file should be closed and a new one started. Default value: 4 days.

root.level

String

The minimum severity level starting from which logged messages are sent to the sink. Default value: INFO.

Retrying

Property Data Type Description

ataccama.one.apyc.retrying.stop.kwargs

String

Controls retrying of gRPC and graphQL communication attempts. The property determines when retrying stops. By default, retrying stops after 6 attempts in total, out of which 5 are retries. Default value: {"max_attempt_number": 6}.

ataccama.one.apyc.retrying.stop.type

String

Controls retrying of gRPC and graphQL communication attempts. The property determines which approach is used to stop retrying. For more information, see the Tenacity API Reference, Stop Functions section. Default value: stop_after_attempt.

ataccama.one.apyc.retrying.wait.kwargs

String

Controls retrying of gRPC and graphQL communication attempts. The property is used to calculate the duration of waiting periods between retries. For more information about how waiting periods between unsuccessful attempts are managed, see the Tenacity API Reference, Wait Functions section. Default value: {"multiplier": 0.16, "exp_base": 2}.

ataccama.one.apyc.retrying.wait.type

String

Controls retrying of gRPC and graphQL communication attempts. The property determines which approach is used when waiting. For more information about how waiting periods between unsuccessful attempts are managed, see the Tenacity API Reference, Wait Functions section. Default value: wait_exponential.

On-Start Behavior

Property Data Type Description

ataccama.one.apyc.onstart.health.response-timeout

Number

Sets for how many seconds the microservice waits after requesting health information about its dependencies, for example, when the Recommender waits for the Neighbors or the Autocomplete waits for MMM. For more information, see the Requests Developer Interface Documentation, section about the timeout parameter. Default value: 5.

ataccama.one.apyc.onstart.retrying.wait.kwargs

String

Defines the behavior of the microservice while it waits on a dependency before starting. Keyword arguments (kwargs) are the arguments used to construct an instance of the specified wait type. In this case, the keyword argument sets the duration of waiting intervals. Default value: {"wait": 2.5}.

ataccama.one.apyc.onstart.retrying.wait.type

String

Defines the behavior of the microservice while it waits on a dependency before starting. Currently, the microservice either waits to receive information about the health of the dependency or the database readiness (typically, this means waiting for the database to start and for MMM to create the tables needed). The property defines how waiting periods are managed between unsuccessful attempts to verify the readiness of the dependency. For a list of other available wait types, see the Tenacity API Reference, Wait Functions section. Default value: wait_fixed.

gRPC Client

Property Data Type Description

ataccama.client.grpc.properties.max-message-size

String

Limits the size of messages that the gRPC client can process. Default value: 1GB. Accepted units: B (bytes), KB (kilobytes), MB (megabytes), GB (gigabytes), TB (terabytes). If no unit is specified, KB is used.

Authentication

Property Data Type Description

ataccama.authentication.internal.jwt.generator.key

String

The private key of the microservice used to generate tokens for internal JWT authentication.

ataccama.authentication.internal.jwt.generator.token-expiration

Number

Defines the amount of time after which the token generated by the internal JWT generator expires. Expressed in seconds. Default value: 900.

TLS/mTLS

Property Data Type Description

ataccama.client.connection

String

All client TLS options can be specified per connection. To set any TLS option for a specific client connection, configure the same set of properties as for the global client TLS configuration (properties with the ataccama.client.tls prefix). Depending on your setup, use one of the following prefixes:

  • ataccama.client.connection.<connection_name>.tls for specifying TLS for connections using any communication protocol (gRPC and HTTP).

  • ataccama.client.connection.<connection_name>.grpc.tls for specifying TLS for connections using the gRPC communication protocol.

  • ataccama.client.connection.<connection_name>.http.tls for specifying TLS for connections using the HTTP communication protocol. If an option is not specified for the given client connection, global client TLS options are applied. Default value: null.

ataccama.client.grpc.tls

String

All client TLS options can be specified directly for gRPC client. To set any TLS option for a gRPC client, configure the same set of properties as for the global client TLS configuration (properties with the ataccama.client.tls prefix), but use the prefix ataccama.client.grpc.tls instead. If an option is not specified for the gRPC client, global client TLS options are applied. Default value: null.

ataccama.client.http.tls

String

All client TLS options can be specified directly for HTTP client. To set any TLS option for a HTTP client, configure the same set of properties as for the global client TLS configuration (properties with the ataccama.client.tls prefix), but use the prefix ataccama.client.http.tls instead. If an option is not specified for the HTTP client, global client TLS options are applied. Default value: null.

ataccama.client.tls.enabled

Boolean

Defines whether the gRPC and HTTP clients should use TLS when communicating with the servers. Default value: False.

ataccama.client.tls.key-alias

String

The private key name specified in the provided keystore that is used for TLS. Does not work with PKCS12 format. To avoid unexpected behavior, use PKCS12 with only one private key. Default value: null.

ataccama.client.tls.key-password

String

The password for the private key of the gRPC and HTTP clients. Used if the private key is encrypted. Does not work with PKCS12 format. To avoid unexpected behavior, use PKCS12 only with a non-encrypted private key. Default value: null.

ataccama.client.tls.key-store

String

Points to the keystore containing private and public key certificates that are used by the gRPC and HTTP clients. For example, file:${ataccama.path.etc}/key-store.pkcs12. Default value: null.

ataccama.client.tls.key-store-password

String

The password for the keystore. Used if the keystore is encrypted. Default value: null.

ataccama.client.tls.key-store-type

String

The type of the keystore. Possible types are PKCS12, JKS, and JCEKS. Default value: null.

ataccama.client.tls.mtls

Boolean

Defines whether the gRPC and HTTP clients should use mTLS when communicating with the servers. Default value: False.

ataccama.client.tls.trust-all

Boolean

Defines whether the gRPC and HTTP clients should verify the certificate of the server with which they communicate. Default value: False.

ataccama.client.tls.trust-store

String

Points to the truststore with all the trusted certification authorities (CAs) used in gRPC and HTTP TLS communication. Used only when tls.trust-all is disabled. For example, file:${ataccama.path.etc}/trust-store.pkcs12. Default value: null.

ataccama.client.tls.trust-store-password

String

The password for the truststore. Used if the truststore is encrypted. Default value: null.

ataccama.client.tls.trust-store-type

String

The type of the truststore. Possible types are PKCS12 and JCEKS. Default value: null.

gRPC Server

Property Data Type Description

ataccama.server.grpc.properties.max-message-size

String

Limits the size of messages that the gRPC server can process. Default value: 1GB. Accepted units: B (bytes), KB (kilobytes), MB (megabytes), GB (gigabytes), TB (terabytes). If no unit is specified, KB is used.

Authentication

Property Data Type Description

ataccama.authentication.grpc.basic.enable

Boolean

Enables basic authentication on the gRPC server. If enabled, Keycloak becomes a mandatory dependency - it needs to be running before the microservice starts. Default value: true.

ataccama.authentication.grpc.bearer.enable

Boolean

Enables bearer authentication on the gRPC server. If enabled, Keycloak becomes a mandatory dependency - it needs to be running before the microservice starts. Default value: true.

ataccama.authentication.grpc.internal.jwt.enable

Boolean

Enables internal JWT token authentication on the gRPC server. Default value: true.

ataccama.authentication.http.acl.default-allow

Boolean

If set to false, access to any HTTP endpoint is restricted for all users. You can explicitly allow access to an endpoint based on user roles, which is configured using the property ataccama.authentication.http.acl.endpoints. Default value: true.

ataccama.authentication.http.acl.endpoints

String

Used for securing HTTP endpoints based on user or module roles. The role comparison is case-insensitive. For example, to allow only users with ADMIN role to access the Prometheus endpoint, use the following two properties:

ataccama.authentication.http.acl.endpoints.prometheus-endpoint.endpoint-filter=["/actuator/prometheus"]
ataccama.authentication.http.acl.endpoints.prometheus-endpoint.allowed-roles=["ADMIN"]

Default value: null.

ataccama.authentication.http.basic.enable

Boolean

Enables basic authentication on the HTTP server. If enabled, Keycloak becomes a mandatory dependency - it needs to be running before the microservice starts. Default value: true.

ataccama.authentication.http.basic.endpoint-filter

String

Ant-style patterns that filter which HTTP endpoints have basic authentication enabled. To separate multiple patterns, use a semicolon (;). Default value: /**.

ataccama.authentication.http.bearer.enable

Boolean

Enables bearer authentication on the HTTP server. If enabled, Keycloak becomes a mandatory dependency - it needs to be running before the microservice starts. Default value: true.

ataccama.authentication.http.bearer.endpoint-filter

String

Ant-style patterns that filter which HTTP endpoints have bearer authentication enabled. To separate multiple patterns, use a semicolon (;). Default value: /**.

ataccama.authentication.http.internal.jwt.enable

Boolean

Enables internal JWT token authentication on the HTTP server. Default value: true.

ataccama.authentication.http.internal.jwt.endpoint-filter

String

Ant-style patterns that filter which HTTP endpoints have internal JWT authentication enabled. To separate multiple patterns, use a semicolon (;). Default value: /**.

ataccama.authentication.http.public-endpoint-restriction-filter

String

Ant-style patterns that filter which public HTTP endpoints should be protected. If configured, these endpoints are no longer publicly available and authentication is required. To separate multiple patterns, use a semicolon (;). Default value: null.

ataccama.authentication.internal.jwt.impersonation-role

String

The role used for validating that a service sending a request to the microservice can impersonate another user. Default value: IMPERSONATION.

ataccama.authentication.keycloak.realm

String

The name of the Keycloak realm. Used when requesting an access token during authorization.

ataccama.authentication.keycloak.server-url

String

The URL of the server where Keycloak is running.

ataccama.authentication.keycloak.token.audience

String

The expected recipients of the Keycloak token. Used to validate the access (bearer) token obtained from Keycloak. If the value is null, the audience is not verified. Default value: null.

ataccama.authentication.keycloak.token.client-id

String

The client token identifier of the microservice. Used when requesting an access token during authorization.

ataccama.authentication.keycloak.token.expected-algorithm

String

The expected algorithm that was used to sign the access (bearer) token obtained from Keycloak. Default value: RS256.

ataccama.authentication.keycloak.token.issuer

String

The issuer of the Keycloak token. Used to validate the access (bearer) token obtained from Keycloak. If the value is null, the issuer is not verified. Default value: ${ataccama.authentication.keycloak.server-url}/realms/${ataccama.authentication.keycloak.realm}.

ataccama.authentication.keycloak.token.key-cache-min-time-between-request

Number

Defines the minimum amount of time between two consecutive requests for Keycloak certificates during which Keycloak is not asked for new certificates. This acts as a prevention against DDoS attacks with an unknown key. Expressed in seconds. Default value: 5.

ataccama.authentication.keycloak.token.key-cache-ttl

Number

Defines how long the public certificates from Keycloak are cached on the microservice side. If this time is exceeded, new certificates are fetched from Keycloak before the microservice makes an attempt to authenticate. If this time is not exceeded, but the public certificate for the key parsed from the authentication attempt was not found in the cache, new certificates are fetched from Keycloak and authentication is attempted again. Expressed in seconds. Default value: 300.

ataccama.authentication.keycloak.token.secret

String

The secret key of the microservice client. Used when requesting an access token during authorization.

ataccama.one.platform.deployments

String

The deployment settings with public JWT keys for other modules communicating with the microservice. The following fields are available:

  • module, uri, roles: Required fields for deployment. These fields are used to create the service identity during authentication.

  • fingerprint, content: Required fields for the JWT key. Example settings for MMM:

ataccama.one.platform.deployments.mmm-be.module=<value>
ataccama.one.platform.deployments.mmm-be.uri=<value>
ataccama.one.platform.deployments.mmm-be.security.roles=<value>
ataccama.one.platform.deployments.mmm-be.security.jwt-keys.mmm-key.fingerprint=<value>
ataccama.one.platform.deployments.mmm-be.security.jwt-keys.mmm-key.content=<value>

Default value: null.

TLS/mTLS

Property Data Type Description

ataccama.server.grpc.tls

String

All server TLS options can be specified directly for gRPC server. To set any TLS option for a gRPC server, configure the same set of properties as for the global server TLS configuration (properties with the ataccama.server.tls prefix), but use the prefix ataccama.server.grpc.tls instead. If an option is not specified for the gRPC server, global server TLS options are applied. Default value: null.

ataccama.server.http.tls

String

All server TLS options can be specified directly for HTTP server. To set any TLS option for an HTTP server, configure the same set of properties as for the global server TLS configuration (properties with the ataccama.server.tls prefix), but use the prefix ataccama.server.http.tls instead. If an option is not specified for the HTTP server, global server TLS options are applied. Default value: null.

ataccama.server.tls.allow-generate

Boolean

Defines whether the gRPC and HTTP servers should generate their self-signed certificate. The private key is saved to a location specified by ataccama.server.tls.private-key and the certificate to a location specified by ataccama.server.tls.cert-chain. Default value: false.

ataccama.server.tls.cert-chain

String

The path to the generated certificate of the gRPC and HTTP servers. For example, file:${ataccama.path.etc}/server.crt. Default value: null.

ataccama.server.tls.enabled

Boolean

Defines whether the gRPC and HTTP servers should use TLS authentication. Default value: false.

ataccama.server.tls.key-alias

String

The private key name specified in the provided keystore that is used for TLS. Does not work with PKCS12 format. To avoid unexpected behavior, use PKCS12 with only one private key. Default value: null.

ataccama.server.tls.key-password

String

The password for the private key of the gRPC and HTTP servers. Used if the private key is encrypted. Does not work with PKCS12 format. To avoid unexpected behavior, use PKCS12 only with a non-encrypted private key. Default value: null.

ataccama.server.tls.key-store

String

Points to the keystore containing private and public key certificates that are used by the gRPC and HTTP servers. For example, file:${ataccama.path.etc}/key-store.pkcs12. Default value: null.

ataccama.server.tls.key-store-password

String

The password for the keystore. Used if the keystore is encrypted. Default value: null.

ataccama.server.tls.key-store-type

String

The type of the keystore. Possible types are PKCS12, JKS, and JCEKS. Default value: null.

ataccama.server.tls.mtls

String

Defines whether the gRPC and HTTP servers require clients to be authenticated. Possible values are NONE, OPTIONAL, REQUIRED. Can be set to REQUIRED only if ataccama.server.tls.trust-store is specified as well. Default value: OPTIONAL.

ataccama.server.tls.private-key

String

The path to the generated private key of the gRPC and HTTP servers. For example, file:${ataccama.path.etc}/server.key. Default value: null.

ataccama.server.tls.trust-store

String

Points to the truststore with all the trusted certification authorities (CAs) used in the gRPC and HTTP TLS communication. For example, file:${ataccama.path.etc}/trust-store.pkcs12. Default value: null.

ataccama.server.tls.trust-store-password

String

The password for the truststore. Used if the truststore is encrypted. Default value: null.

ataccama.server.tls.trust-store-type

String

The type of the truststore. Possible types are PKCS12 and JCEKS. Default value: null.

Security Headers

Property Data Type Description

ataccama.one.security.header.Strict-Transport-Security

String

The value of the HTTP Strict-Transport-Security (HSTS) response header. Used only when HTTPS is enabled. Informs browsers that the resource should only be accessed using the HTTPS protocol. Default value: max-age=31536000; includeSubDomains; preload.

Parallelism

Property Data Type Description

ataccama.one.apyc.parallelism.blas

Number

An alternative way of overriding the number of parallel threads spawned by low-level calculations that are used by machine learning algorithms. If the value is set to 0, all CPU cores run without hyper-threads. If the value is not set (null), other properties are not overridden. Relies on the static OpenBLAS API and might be ignored depending on the compilation options for the OpenBLAS library. When this property is set, OpenBLAS gives it higher priority compared to ataccama.one.apyc.parallelism.omp. This is intended only for exceptional cases and should not be used otherwise. Default value: null.

ataccama.one.apyc.parallelism.jobs

Number

The number of parallel threads or processes spawned by high-level machine learning algorithms with explicit job management. If the value is set to 0, all CPU cores run without hyper-threads. If the value is not set (null), the library default settings are applied. Use this option together with ataccama.one.apyc.parallelism.omp. For more information, see the Sizing Guidelines. Default value: 1.

ataccama.one.apyc.parallelism.omp

Number

The number of parallel threads spawned by low-level calculations that are used by high-level machine learning algorithms. If the value is set to 0, all CPU cores run without hyper-threads. If the value is not set (null), the library default settings are applied. The property relies on the static OpenBLAS API and OpenMP API, which have a lower overhead than the dynamic API used by the property ataccama.one.apyc.parallelism.threads. When this property is set, the OpenBLAS library gives it lower priority compared to ataccama.one.apyc.parallelism.blas. Several low-level libraries other than OpenBLAS and LAPACK, as well as libraries that use OpenMP, respect this option as well. Use this option together with ataccama.one.apyc.parallelism.jobs. For more information, see the Sizing Guidelines. Default value: 1.

ataccama.one.apyc.parallelism.threads

Number

An alternative way of setting the number of parallel threads spawned by low-level calculations that are used by machine learning algorithms. If the value is set to 0, all CPU cores run without hyper-threads. If the value is not set (null), the dynamic API is not used. Relies on the dynamic OpenBLAS API, which has a higher overhead than the static API used by ataccama.one.apyc.parallelism.omp. When this property is set, OpenBLAS gives it higher priority compared to ataccama.one.apyc.parallelism.omp and ataccama.one.apyc.parallelism.blas. The dynamic API is intended only for exceptional cases and should not be used otherwise. Default value: null.

Internal and Properties Encryption

Property Data Type Description

internal.encryption.key-store

String

Points to the keystore containing the symmetric key that is used to decrypt properties with I context, for example: file:${ataccama.path.etc}/key-store.pkcs12. Default value: null.

internal.encryption.key-store-password

String

The password for the keystore. Used if the keystore is encrypted. To use an empty password, set the value to an empty string (""). Default value: null.

internal.encryption.key-store-password-file

String

The single-line file containing the password for the keystore. When reading the file, UTF-8 encoding is assumed. Used if the keystore is encrypted. If specified, the property overrides the value of internal.encryption.key-store-password. Default value: null.

internal.encryption.key-store-type

String

The type of the keystore. Possible types are PKCS12, JKS, and JCEKS. Default value: null.

properties.encryption.key-store

String

Points to the keystore containing the symmetric key that is used to decrypt properties with P context, for example, file:${ataccama.path.etc}/key-store.pkcs12. Default value: null.

properties.encryption.key-store-password

String

The password for the keystore. Used if the keystore is encrypted. To use an empty password, set the value to an empty string (""). Default value: null.

properties.encryption.key-store-password-file

String

The single-line file containing the password for the keystore. When reading the file, UTF-8 encoding is assumed. Used if the keystore is encrypted. If specified, the property overrides the value of properties.encryption.key-store-password. Default value: null.

properties.encryption.key-store-type

String

The type of the keystore. Possible types are PKCS12, JKS, and JCEKS. Default value: null.

Term Suggestions Database

ataccama.one.apyc.database.connection.host String The host where the microservice database is available.

ataccama.one.apyc.database.connection.password

String

The password for the microservice database.

ataccama.one.apyc.database.connection.username

String

The username for the microservice database.

ataccama.one.apyc.database.engine-kwargs

String

Sets the SQLAlchemy engine options, such as the maximum length of identifiers used in the database. For more information, see the Engine Configuration, section Engine Creation API, Parameters. Default value: {"max_identifier_length": 128}.

ataccama.one.apyc.database.poll-period

Number

Defines how often the microservice polls the database for changes. Expressed in seconds. Default value: 1.

Neighbors

Property Data Type Refreshable Description

ataccama.one.term-suggestions.neighbors.cache.attributes-limit

Number

False

The maximum number of fingerprints that can be present in the index used for searching neighbors. Once this value is reached, the microservice shuts down when trying to add new attributes. If the number of attributes in the database, including the deleted ones, exceeds the limit on startup, the microservice waits in the Not ready state indefinitely or until the number of attributes is reduced to this value or lower. Default value: 1000000.

ataccama.one.term-suggestions.neighbors.grpc.server.listen-address

String

False

The network address to which the Neighbors gRPC server should bind. Default value: 0.0.0.0.

ataccama.one.term-suggestions.neighbors.grpc.server.port

Number

False

The port where the gRPC interface of the Neighbors microservice is running. Default value: 8542.

ataccama.one.term-suggestions.neighbors.http.server.listen-address

String

False

The network address to which the Neighbors HTTP server should bind. Default value: 0.0.0.0.

ataccama.one.term-suggestions.neighbors.http.server.port

Number

False

The HTTP port where the Neighbors microservice is running. Default value: 8042.

Command Line Tools

Property Data Type Description

ataccama.client.connection.cli.host

String

The IP address or the URL of the server where the CLI microservice is running. Default value: localhost.

ataccama.client.connection.cli.http.port

Number

The HTTP port of the server where the CLI microservice is running. Default value: 9041.

ataccama.one.apyc.cli.http.server.listen-address

String

The network address to which the CLI HTTP server should bind. Default value: 0.0.0.0.

ataccama.one.apyc.cli.http.server.port

Number

The HTTP port where the CLI microservice is running. Default value: 9041.

Was this page useful?