Apstra Server Configuration File

admin@aos-server:/etc/aos$ cat aos.conf
[controller]
metadb=eth0

# Role for the controller. Set the option to "slave" in order to setup AOS as a
# slave AOS. The options "metadb" and "node_id" should be also set while
# setting "role" to "slave"
role = controller
# Id of the slave node. Empty in case the server is the controller. The ID is
# generated by the controller.
node_id =

[security]

# ***EXPERIMENTAL FEATURE*** This feature should not be enabled without Apstra
# engineering assistance. Enable secure connections for AOS system agents.
enable_secure_sysdb_connection = 0
# This encrypts sensitive data when sending configuration to device. This also
# enables aos agents to use appropriate credentials to access and/or configure
# device.   Default behavior to configure or run commands using device root
# Note:  Manual agent installation will not work if this is enabled.
enable_encryption_to_device = 0

[logrotate]

# AOS has builtin log rotate functionality. You can disable it by setting
# <enable_log_rotate> to 0 if you want to use linux logrotate utility to manage
# your log files. AOS agent reopens log file on SIGHUP
enable_log_rotate = 1
# Log file will be rotated when its size exceeds <max_file_size>
max_file_size = 1M
# The most recent <max_kept_backups> rotated log files will be saved. Older
# ones will be removed. Specify 0 to not save rotated log files, i.e. the log
# file will be removed as soon as its size exceeds limit.
max_kept_backups = 5
# Interval, specified as <hh:mm:ss>, at which log files are checked for
# rotation.
check_interval = 1:00:00
# Maximum number of recent invalid persistence group kept
max_kept_invalid_persistence_groups = 3

[auth_sysdb_log_rotator]

# AOS has builtin auth sysdb persistence file rotation functionality. Default
# value is 1 which means sysdb retention policy is enabled. You can disable it
# by setting it to 0 and you also can enable it again by setting it to 1. All
# retention policy parameters will be reloaded by restarting AOS service, or
# sending SIGHUP signal to SysdbResourceManager agent via "sudo kill -s 1
# $(pgrep -f SysdbResourceManager)"
enable_auth_sysdb_rotate = 1
# Maximum number of backup copies of valid auth sysdb persistence file groups
# in /var/lib/aos/db. AOS will remove all the older groups. Default value is 5,
# which means AOS will keep the latest 5 groups. Min value is 3. It should be
# specified as a positive number or empty. Leaving it empty means no groups
# number limitation. It will be set to default value if it is configured in
# invalid format. It will be set to minimum value if it is configured to a
# smaller value.
max_kept_backups = 5
# Maximum total size of valid auth sysdb persistence file groups in
# /var/lib/aos/db. Default value is empty, which means no size limitation. It
# should be specified as empty or a positive number ending with k/m/g (case
# insensitive) or no suffix. Otherwise, it will be set to default value. AOS
# will keep at least 3 valid groups no matter how <max_total_files_size> being
# configured.
max_total_files_size =
# Interval, specified as <hh:mm:ss>, at which auth sysdb persistence files are
# checked for rotation. Default value is 1:00:00. It will be set to default
# value is it is configured in invalid format. Min value is 00:01:00. It will
# be set to min value if it is configured to a smaller value. AOS also update
# all the retention policy parameters per <check_interval> when it is enabled.
check_interval = 1:00:00

[main_sysdb_log_rotator]

# AOS has builtin main sysdb persistence file rotation functionality. Default
# value is 1 which means sysdb retention policy is enabled. You can disable it
# by setting it to 0 and you also can enable it again by setting it to 1. All
# retention policy parameters will be reloaded by restarting AOS service, or
# sending SIGHUP signal to SysdbResourceManager agent via "sudo kill -s 1
# $(pgrep -f SysdbResourceManager)"
enable_main_sysdb_rotate = 1
# Maximum number of backup copies of valid main sysdb persistence file groups
# in /var/lib/aos/db. AOS will remove all the older groups. Default value is 5,
# which means AOS will keep the latest 5 groups. Min value is 3. It should be
# specified as a positive number or empty. Leaving it empty means no groups
# number limitation. It will be set to default value if it is configured in
# invalid format. It will be set to minimum value if it is configured to a
# smaller value.
max_kept_backups = 5
# Maximum total size of valid main sysdb persistence file groups in
# /var/lib/aos/db. Default value is empty, which means no size limitation. It
# should be specified as empty or a positive number ending with k/m/g (case
# insensitive) or no suffix. Otherwise, it will be set to default value. AOS
# will keep at least 3 valid groups no matter how <max_total_files_size> being
# configured.
max_total_files_size =
# Interval, specified as <hh:mm:ss>, at which main sysdb persistence files are
# checked for rotation. Default value is 1:00:00. It will be set to default
# value is it is configured in invalid format. Min value is 00:01:00. It will
# be set to min value if it is configured to a smaller value. AOS also update
# all the retention policy parameters per <check_interval> when it is enabled.
check_interval = 1:00:00

[anomaly_sysdb_log_rotator]

# AOS has builtin anomaly sysdb persistence file rotation functionality.
# Default value is 1 which means sysdb retention policy is enabled. You can
# disable it by setting it to 0 and you also can enable it again by setting it
# to 1. All retention policy parameters will be reloaded by restarting AOS
# service, or sending SIGHUP signal to SysdbResourceManager agent via "sudo
# kill -s 1 $(pgrep -f SysdbResourceManager)"
enable_anomaly_sysdb_rotate = 1
# Maximum number of backup copies of valid anomaly sysdb persistence file
# groups in /var/lib/aos/db. AOS will remove all the older groups. Default
# value is 5, which means AOS will keep the latest 5 groups. Min value is 3. It
# should be specified as a positive number or empty. Leaving it empty means no
# groups number limitation. It will be set to default value if it is configured
# in invalid format. It will be set to minimum value if it is configured to a
# smaller value.
max_kept_backups = 5
# Maximum total size of valid anomaly sysdb persistence file groups in
# /var/lib/aos/db. Default value is empty, which means no size limitation. It
# should be specified as empty or a positive number ending with k/m/g (case
# insensitive) or no suffix. Otherwise, it will be set to default value. AOS
# will keep at least 3 valid groups no matter how <max_total_files_size> being
# configured.
max_total_files_size =
# Interval, specified as <hh:mm:ss>, at which anomaly sysdb persistence files
# are checked for rotation. Default value is 1:00:00. It will be set to default
# value is it is configured in invalid format. Min value is 00:01:00. It will
# be set to min value if it is configured to a smaller value. AOS also update
# all the retention policy parameters per <check_interval> when it is enabled.
check_interval = 1:00:00

[device_image_management]

# Enable version compatibility check. By default version compatibility check is
# enabled. A device will not connect to AOS if its version of AOS device agent
# is not compatible with AOS controller
enable_version_check = 1
# Enable AOS device agent image auto upgrade. By default auto image upgrade is
# disabled. With this option enabled a device can download an image from the
# controller and upgrade itself if needed.
enable_auto_upgrade = 0
# A device will retry in specified timeout (in seconds) if it fails version
# compatibility check or to download/install new image.
retry_timeout = 600

[authentication]

# Enable authentication/authorization check. By default
# authentication/authorization is enabled. You can disable it by setting enable
# to 0
enable = 1
# Set token expiration time (in seconds). By default token will be expired
# after 24 hours (86400 seconds).
token_expiration = 86400
# Enable ratelimiting. This mechanism protects against password bruteforce. By
# default ratelimiting is enabled. You can disable it by setting
# enable_ratelimit to 0
enable_ratelimit = 1

[device_config_management]

# Setting to push quarantine config to unacknowledged devices. By default it is
# disabled as it causes traffic disruptions.Set the value to 1 to enable
# pushing quarantine config, which shuts down all interfaces on the device.
enable_push_quarantine_config = 0

[telemetry_init]

# Number of initial BGP telemetry update rounds before anomaly detection is
# started.
bgp = 4
# Number of initial interface telemetry update rounds before anomaly detection
# is started.
interface = 4
# Number of initial LAG telemetry update rounds before anomaly detection is
# started.
lag = 4
# Number of initial LLDP telemetry update rounds before anomaly detection is
# started.
lldp = 4
# Number of initial route telemetry update rounds before anomaly detection is
# started.
route = 4
# Number of initial MLAG telemetry update rounds before anomaly detection is
# started.
mlag = 4

[telemetry_global_config]

# Python multithreading enable/disable knob for telemetry  collection
multithreading_config = 1
# Execution timeout for extensible telemetry collectors
command_timeout = 120

[task_api]

# Default maximum time in seconds a task can stay in its current state.
default_timeout = 600.0
# Time in seconds a blueprint.create task can stay in its current state.Format:
# "timeout_<task_type>"
timeout_blueprint.create = 360.0
# Time in seconds a blueprint.deploy task can stay in its current state.Format:
# "timeout_<task_type>"
timeout_blueprint.deploy = 300.0
# Time in seconds blueprint.facade.* tasks can stay in their current state.
# Specific facade task overrides prevail over this one.Format:
# "timeout_<task_type>"
timeout_blueprint.facade = 600.0
# Maximum number of tasks, which allowed in the queue. When number of tasks
# becomes higher this value, task rotation will be started.
max_tasks_in_queue = 100
# Maximum number of Bytes in data field which does not require compression. If
# data size is greater than threshold data will be compressed before storing it
# in sysdb.
max_uncompressed_data_size = 1000

[statistics]

# Enable or disable full validation for pod statistics. Disable if Racks and/or
# Pods tabs load times are excessive
pod_full_validation = enabled

[enterprise]

# Enable or disable Enterprise related features
enable = 0

[syslog]

# Interval, specified as <hh:mm:ss>, at which collector will recollect hostname
hostname_check_interval = 00:00:10

[builtin_telemetry_disable]

# Disable telemetry service lldp for the specified set of system IDs. System
# IDs can be provided as a comma seperated list(eg: a, b, c, d). In order to
# disable the service for all devices, specify the value "all".
lldp_disable_devices = 
# Disable telemetry service arp for the specified set of system IDs. System IDs
# can be provided as a comma seperated list(eg: a, b, c, d). In order to
# disable the service for all devices, specify the value "all".
arp_disable_devices = 
# Disable telemetry service hostname for the specified set of system IDs.
# System IDs can be provided as a comma seperated list(eg: a, b, c, d). In
# order to disable the service for all devices, specify the value "all".
hostname_disable_devices = 
# Disable telemetry service mac for the specified set of system IDs. System IDs
# can be provided as a comma seperated list(eg: a, b, c, d). In order to
# disable the service for all devices, specify the value "all".
mac_disable_devices = 
# Disable telemetry service xcvr for the specified set of system IDs. System
# IDs can be provided as a comma seperated list(eg: a, b, c, d). In order to
# disable the service for all devices, specify the value "all".
xcvr_disable_devices = 
# Disable telemetry service interface for the specified set of system IDs.
# System IDs can be provided as a comma seperated list(eg: a, b, c, d). In
# order to disable the service for all devices, specify the value "all".
interface_disable_devices = 
# Disable telemetry service interface_counters for the specified set of system
# IDs. System IDs can be provided as a comma seperated list(eg: a, b, c, d). In
# order to disable the service for all devices, specify the value "all".
interface_counters_disable_devices = 
# Disable telemetry service bgp for the specified set of system IDs. System IDs
# can be provided as a comma seperated list(eg: a, b, c, d). In order to
# disable the service for all devices, specify the value "all".
bgp_disable_devices = 
# Disable telemetry service mlag for the specified set of system IDs. System
# IDs can be provided as a comma seperated list(eg: a, b, c, d). In order to
# disable the service for all devices, specify the value "all".
mlag_disable_devices = 
# Disable telemetry service route for the specified set of system IDs. System
# IDs can be provided as a comma seperated list(eg: a, b, c, d). In order to
# disable the service for all devices, specify the value "all".
route_disable_devices = 
# Disable telemetry service lag for the specified set of system IDs. System IDs
# can be provided as a comma seperated list(eg: a, b, c, d). In order to
# disable the service for all devices, specify the value "all".
lag_disable_devices = 

[agent_management]

# Override the default heartbeat timeout for agents spawned dynamically by
# AgentManager. The value must be a non-negative number. The unit is seconds.
# The value 0 is used to turn off heartbeat-based agent timeouts and restarts.
# The minimum non-0 value allowed is 60. If not provided, then the default
# timeout value (600 seconds) is used.
heartbeat_period =

[show_tech]

# Minimum free space in the file system for /var/lib/aos/show_tech needed to
# initiate controller show tech collection via the Apstra API (in MBytes,
# default: 4096, min: 4096)
min_free_disk_space = 4096
# The directory /var/lib/aos/show_tech must be smaller than this size to
# initiate controller show tech collection via the Apstra API (in MBytes,
# default: 10240, min: 4096)
max_directory_size = 10240
# Maximum controller show tech collection duration before job times out (in
# seconds, default: 1200, min: 1200)
controller_timeout = 1200.0

[system_operation_filesystem_thresholds]

# Default operation thresholds for filesystem utilization, used unless an
# option for a specific filesystem is specified in the section. Two thresholds
# are specified - warning and critical. When resource utilization passes each
# threshold, an operation anomaly is raised at the corresponding level. When a
# critical threshold is crossed the APIs are automatically transitioned into
# read-only mode. Numbers here are utilization levels, between 0.0 and 1.0.
# Note: Both 0.0 and 1.0 utilization levels are not allowed.
default = warning:0.8 critical:0.9

[system_operation_memory_thresholds]

# Operation thresholds for memory utilization of the controller VM. Two
# thresholds are specified - warning and critical. When resource utilization
# passes each threshold, an operation anomaly is raised at the corresponding
# level. When a critical threshold is crossed the APIs are automatically
# transitioned into read-only mode. Numbers here are utilization levels,
# between 0.0 and 1.0. Note: Both 0.0 and 1.0 utilization levels are not
# allowed.
default = warning:0.8 critical:0.9