Settings reference
Note
For information on how to manage these settings, see Settings management.
Special settings
There are a small number of settings that behave in a particular way:
RADKit directory
Used by: Client, Service, Control
Environment:
RADKIT_DIRECTORYCommand-line:
--radkit-directoryTOML: N/A
Sets the main directory where the Client and Service store their configuration, log files,
certificate bundles etc. By default, this is set to .radkit in the user’s home directory
(written as ~/.radkit on macOS and Linux).
You usually don’t want to change this, but if you want to switch to a completely different
RADKit configuration or if you are running RADKit in a specific environment (e.g. a container,
a Windows service or a systemd service), this option may be useful. All paths used internally
by RADKit components are relative to RADKIT_DIRECTORY.
Settings file
Used by: Client, Service, Control
Environment: N/A
Command-line:
--settings-fileTOML: N/A
Determines the TOML file to read at startup. By default, the following paths are used, relative to the RADKit directory (see above):
client/settings.toml
service/settings.toml
control/settings.toml
These values can be overridden with either an absolute path, or a path relative to the current working directory (i.e. you can’t make those relative to the RADKit directory without specifying its absolute location). This setting may come in handy when you want to recall specific settings for particular situations.
Private key password
Used by: Client
Environment:
RADKIT_CLIENT_PRIVATE_KEY_PASSWORD_BASE64Command-line: N/A
TOML: N/A
Makes it possible to pass the Client private key password via the environment. Inherently insecure. See Non-interactive authentication for details.
Superadmin password
Used by: Service
Environment:
RADKIT_SERVICE_SUPERADMIN_PASSWORD_BASE64RADKIT_SERVICE_SUPERADMIN_PASSWORD_FILERADKIT_SERVICE_SUPERADMIN_PASSWORD_FDCREDENTIALS_DIRECTORY
Command-line: N/A
TOML: N/A
These options make it possible to pass the superadmin password via the environment.
See Storing the superadmin password for details.
Common settings
These settings are used by both RADKit Client and Service and are referred to by the same name
in both applications, i.e. the names are not prefixed with client or service, but they
can be specified independently and take different values in one application and the other.
truststore.cisco_root_store
Path to Cisco Root store. This store is used to communicate with Cisco operated services like SSO or CXD.
Environment:
RADKIT_TRUSTSTORE_CISCO_ROOT_STORECommand-line:
--setting truststore.cisco_root_storeTOML: section
[truststore], settingcisco_root_storeType: string
Default:
{cisco-radkit-common package location}/certificate_bundles/cisco_root_store.pem
truststore.public_root_store
Path to Public Root store. This store is used to communicate with non-Cisco-operated services like HTTP requests to the devices through raw HTTP or Swagger.
Environment:
RADKIT_TRUSTSTORE_PUBLIC_ROOT_STORECommand-line:
--setting truststore.public_root_storeTOML: section
[truststore], settingpublic_root_storeType: string
Default:
{cisco-radkit-common package location}/certificate_bundles/public_root_store.pem
cloud_client.oauth_provider
Custom OAuth provider
Environment:
RADKIT_CLOUD_CLIENT_OAUTH_PROVIDERCommand-line:
--setting cloud_client.oauth_providerTOML: section
[cloud_client], settingoauth_providerType: string
Default:
okta
cloud_client.upload_allowed_hosts
List of regular expressions representing hosts/domains that RPC outputs may be uploaded to (for example, the Cisco CX Drive / CX Files service). The destination URL is provided by the RADKit Client in the RPC request, and the host part of the URL is matched against the regular expressions in this list. If there is at least one match, the upload is allowed; else, it is denied. The re.search method is used. If unsure, do not touch this setting.
Environment:
RADKIT_CLOUD_CLIENT_UPLOAD_ALLOWED_HOSTSCommand-line:
--setting cloud_client.upload_allowed_hostsTOML: section
[cloud_client], settingupload_allowed_hostsType: array
Default:
["^.*\.cisco\.com$"]
Note
Periods . and other special regex characters need to be properly quoted.
For environment variables and CLI, please refer to the quoting rules for your shell.
Here are a few examples:
- Environment (
bash): RADKIT_CLOUD_CLIENT_UPLOAD_ALLOWED_HOSTS='["^.*\\.cisco.\\.com$"]'- Command-line (
bash): -s cloud_client.upload_allowed_hosts '["^.*\\.cisco\\.com$"]'- TOML:
cloud_client.upload_allowed_hosts = ['^.*\.cisco\.com$']
cloud_client.token_refresh_check_interval
Auth Token refresh check interval
Environment:
RADKIT_CLOUD_CLIENT_TOKEN_REFRESH_CHECK_INTERVALCommand-line:
--setting cloud_client.token_refresh_check_intervalTOML: section
[cloud_client], settingtoken_refresh_check_intervalType: number
Default:
60
cloud_client.automatic_certificate_renewal_enabled
Enable automatic certificate renewal
Environment:
RADKIT_AUTOMATIC_CERTIFICATE_RENEWAL_ENABLEDCommand-line:
--setting automatic_certificate_renewal_enabledTOML: section
[common], settingautomatic_certificate_renewal_enabledType: boolean
Default:
True
cloud_client.certificate_renewal_remaining_lifetime
The number of days before a certificate expires when the client will try to renew it automatically
Environment:
RADKIT_CLOUD_CLIENT_CERTIFICATE_RENEWAL_REMAINING_LIFETIMECommand-line:
--setting cloud_client.certificate_renewal_remaining_lifetimeTOML: section
[cloud_client], settingcertificate_renewal_remaining_lifetimeType: integer
Default:
15
cloud_client.retry_interval
The duration, in seconds, the cloud client will wait before attempting to retry a failed request, especially in cases where retrying could lead to success, such as certain network issues or cloud-side failures.
Environment:
RADKIT_CLOUD_CLIENT_RETRY_INTERVALCommand-line:
--setting cloud_client.retry_intervalTOML: section
[cloud_client], settingretry_intervalType: integer
Default:
60
cloud_client.resubmit_interval
Time, in seconds, a RADKit Service or Client will wait before resubmitting a previously failed request to the Cloud Client. This must be relatively long. When the Cloud Client reports a failed state it means the request itself is invalid, and should not be resubmitted, this timer, and the process of retrying are introduced to account for situations where a headless Client or Service are failing due to a defect in the RADKit Cloud and it is desired to retry indefinitely until the defect is fixed.
Environment:
RADKIT_CLOUD_CLIENT_RESUBMIT_INTERVALCommand-line:
--setting cloud_client.resubmit_intervalTOML: section
[cloud_client], settingresubmit_intervalType: integer
Default:
900
certificate_validation_time_source
Time source used for certificate validation. The OS setting uses OS clock as a time
data source. The CLOUD uses Access Service/Cloud time as a data source.
Environment:
RADKIT_CLOUD_CLIENT_CERTIFICATE_VALIDATION_TIME_SOURCECommand-line:
--setting cloud_client.certificate_validation_time_sourceTOML: section
[cloud_client], settingcertificate_validation_time_sourceType: string
Default:
OS
cloud_client.proxy.url
Proxy URL for connecting to the RADKit Cloud
Environment:
RADKIT_CLOUD_CLIENT_PROXY_URLCommand-line:
--setting cloud_client.proxy.urlTOML: section
[cloud_client.proxy], settingurlType: string
Default:
""
cloud_client.proxy.username
Proxy username (Basic authentication only)
Environment:
RADKIT_CLOUD_CLIENT_PROXY_USERNAMECommand-line:
--setting cloud_client.proxy.usernameTOML: section
[cloud_client.proxy], settingusernameType: string
Default:
""
cloud_client.proxy.password
Proxy password (Basic authentication only)
Environment:
RADKIT_CLOUD_CLIENT_PROXY_PASSWORDCommand-line:
--setting cloud_client.proxy.passwordTOML: section
[cloud_client.proxy], settingpasswordType: string
Default:
""
cloud_client.proxy.no_proxy
Comma-separated list of hosts/domains that should not be accessed through the proxy defined in
cloud_client.proxy.url.
Environment:
RADKIT_CLOUD_CLIENT_PROXY_NO_PROXYCommand-line:
--setting cloud_client.proxy.no_proxyTOML: section
[cloud_client.proxy], settingno_proxyType: string
Default:
""Example:
"localhost,127.0.0.0/8,*.cisco.com,10.*"
cloud_client.proxy.fall_back_to_environment
When set to True and no proxy is configured in settings, use the proxy set in the environment
variables WSS_PROXY, HTTPS_PROXY, or ALL_PROXY to connect to RADKit cloud.
Also checks the cloud url against NO_PROXY.
Environment:
RADKIT_CLOUD_CLIENT_PROXY_FALL_BACK_TO_ENVIRONMENTCommand-line:
--setting cloud_client.proxy.fall_back_to_environmentTOML: section
[cloud_client.proxy], settingfall_back_to_environmentType: boolean
Default:
True
ocsp.methods
Ordered list containing one or more OCSP methods. The methods are tried in order until one returns a legible OCSP response. For more information, see Certificate revocation.
Environment:
RADKIT_OCSP_METHODSCommand-line:
--setting ocsp.methodsTOML: section
[ocsp], settingmethodsType: array
Default:
["STAPLER", "PASS"]
cloud_client.ocsp_proxy_stapler.extra_ocsp_validity_time
Extra validity time that is added to next_update value from OCSP Response.
Environment:
RADKIT_CLOUD_CLIENT_OCSP_PROXY_STAPLER_EXTRA_OCSP_VALIDITY_TIMECommand-line:
--setting cloud_client.ocsp_proxy_stapler.extra_ocsp_validity_timeTOML: section
[cloud_client.ocsp_proxy_stapler], settingextra_ocsp_validity_timeType: float
Default:
0
cloud_client.ocsp_proxy_stapler.timeout
Timeout value used for making request to the OCSP Proxy Stapler.
Environment:
RADKIT_CLOUD_CLIENT_OCSP_PROXY_STAPLER_TIMEOUTCommand-line:
--setting cloud_client.ocsp_proxy_stapler.timeoutTOML: section
[cloud_client.ocsp_proxy_stapler], settingtimeoutType: float
Default:
10
rpc.h2_inactivity_timeout_seconds
Time, in seconds, after which an H2 multiplexing RPC connection should be terminated during a period of inactivity (no active RPC calls).
Environment:
RADKIT_RPC_H2_INACTIVITY_TIMEOUT_SECONDSCommand-line:
--setting rpc.h2_inactivity_timeout_secondsTOML: section
[rpc], settingh2_inactivity_timeout_secondsType: integer
Default:
60
telemetry.enable
Enable sending of telemetry to the cloud. See Telemetry for more information about which telemetry is sent.
Environment:
RADKIT_TELEMETRY_ENABLECommand-line:
--setting telemetry.enableTOML: section
[telemetry], settingenableType: boolean
Default:
True
Client settings
client.logging.level
Logging level (CRITICAL=50, ERROR=40, WARNING=30, INFO=20, DEBUG=10, TRACE=5)
Environment:
RADKIT_CLIENT_LOGGING_LEVELCommand-line:
--setting client.logging.levelTOML: section
[client.logging], settinglevelType: integer or string
- Default:
integer:
20string:
INFO
client.logging.cryptographic_logging_enabled
Enable logging of cryptographic connection setup and teardown.
Environment:
RADKIT_CLIENT_LOGGING_CRYPTOGRAPHIC_LOGGING_ENABLEDCommand-line:
--setting client.logging.cryptographic_logging_enabledTOML: section
[client.logging], settingcryptographic_logging_enabledType: boolean
Default:
False
client.logging.format
Logging format (TEXT or JSON)
Environment:
RADKIT_CLIENT_LOGGING_FORMATCommand-line:
--setting client.logging.formatTOML: section
[client.logging], settingformatType: string
Default:
TEXT
client.logging.file_name
Client log file name (relative to log directory)
Environment:
RADKIT_CLIENT_LOGGING_FILE_NAMECommand-line:
--setting client.logging.file_nameTOML: section
[client.logging], settingfile_nameType: string
Default:
client.log
client.logging.directory
Custom Client log directory (relative to Client directory or absolute path)
Environment:
RADKIT_CLIENT_LOGGING_DIRECTORYCommand-line:
--setting client.logging.directoryTOML: section
[client.logging], settinglogging_directoryType: string
Default:
None
client.logging.file_size_limit_bytes
Maximum size of the logging file for size-based rotation. If set to 0, disables size-based rotation (time-based rotation only). If set to 1MB or more, enables size-based logging and sets the maximum file size. Accepts human-readable size strings like ‘1MB’, ‘1500kB’, ‘2GB’, ‘1MiB’, etc. Change of this setting requires manual restart of the Client.
Environment:
RADKIT_CLIENT_LOGGING_FILE_SIZE_LIMIT_BYTESCommand-line:
--setting client.logging.file_size_limit_bytesTOML: section
[client.logging], settingfile_size_limit_bytesType: string or integer
Default:
0
client.logging.backup_count
The maximum number of backups to retain for logs. For time-based file logging: This determines the number of days for which log backups will be kept. For size-based file logging: This specifies the number of backup files to retain, where the size of each file is limited by the file_size_limit_bytes configuration. Change of this setting requires manual restart of the Client.
Environment:
RADKIT_CLIENT_LOGGING_BACKUP_COUNTCommand-line:
--setting client.logging.backup_countTOML: section
[client.logging], settingbackup_countType: integer
Default:
14
client.logging.session_logging
Enable session logging
Environment:
RADKIT_CLIENT_LOGGING_SESSION_LOGGINGCommand-line:
--setting client.logging.session_loggingTOML: section
[client.logging], settingsession_loggingType: boolean
Default:
True
client.logging.session_log_directory
Custom Client session log directory (relative to Client directory or absolute path)
Environment:
RADKIT_CLIENT_LOGGING_SESSION_LOG_DIRECTORYCommand-line:
--setting client.logging.session_log_directoryTOML: section
[client.logging], settingsession_log_directoryType: string
Default:
None
client.logging.session_log_max_age
The number of days the session log is kept before it is being erased
Environment:
RADKIT_CLIENT_LOGGING_SESSION_LOG_MAX_AGECommand-line:
--setting client.logging.session_log_max_ageTOML: section
[client.logging], settingsession_log_max_ageType: integer
Default:
15
client.logging.session_log_file_size_limit_bytes
Maximum size of the session log file for size-based rotation. If set to 0, disables size-based rotation (time-based rotation only). If set to 1MB or more, enables size-based logging and sets the maximum file size. Accepts human-readable size strings like ‘1MB’, ‘1500kB’, ‘2GB’, ‘1MiB’, etc. Change of this setting requires manual restart of the Client.
Environment:
RADKIT_CLIENT_LOGGING_SESSION_LOG_FILE_SIZE_LIMIT_BYTESCommand-line:
--setting client.logging.session_log_file_size_limit_bytesTOML: section
[client.logging], settingsession_log_file_size_limit_bytesType: string or integer
Default:
0
client.logging.console_limit_replenish
Token bucket replenish rate per second for console log rate limiting. Setting this value to 0 will disable console logging rate limiting.
Environment:
RADKIT_CLIENT_LOGGING_CONSOLE_LIMIT_REPLENISHCommand-line:
--setting client.logging.console_limit_replenishTOML: section
[client.logging], settingconsole_limit_replenishType: integer
Default:
40
client.logging.console_limit_burst
Token bucket size (maximum burst) for console log rate limiting. Setting this value to 0 will disable console logging rate limiting.
Environment:
RADKIT_CLIENT_LOGGING_CONSOLE_LIMIT_BURSTCommand-line:
--setting client.logging.console_limit_burstTOML: section
[client.logging], settingconsole_limit_burstType: integer
Default:
120
client.logging.file_limit_replenish
Token bucket replenish rate per second for log file rate limiting Setting this value to 0 will disable file logging rate limiting.
Environment:
RADKIT_CLIENT_LOGGING_FILE_LIMIT_REPLENISHCommand-line:
--setting client.logging.file_limit_replenishTOML: section
[client.logging], settingfile_limit_replenishType: integer
Default:
40
client.logging.file_limit_burst
Token bucket size (maximum burst) for log file rate limiting. Setting this value to 0 will disable file logging rate limiting.
Environment:
RADKIT_CLIENT_LOGGING_FILE_LIMIT_BURSTCommand-line:
--setting client.logging.file_limit_burstTOML: section
[client.logging], settingfile_limit_burstType: integer
Default:
120
client.profile
Profile script file path (relative to Client directory or absolute path)
Environment:
RADKIT_CLIENT_PROFILECommand-line:
--setting client.profileTOML: section
[client], settingprofileType: string
Default:
profile.py
client.enable_history
Enable writing to history file
Environment:
RADKIT_CLIENT_ENABLE_HISTORYCommand-line:
--setting client.enable_historyTOML: section
[client], settingenable_historyType: boolean
Default:
True
client.history
REPL history file path (relative to Client directory or absolute path)
Environment:
RADKIT_CLIENT_HISTORYCommand-line:
--setting client.historyTOML: section
[client], settinghistoryType: string
Default:
.history
client.default_domain
Default RADKit Cloud domain to connect to
Environment:
RADKIT_CLIENT_DEFAULT_DOMAINCommand-line:
--setting client.default_domainTOML: section
[client], settingdefault_domainType: string
Default:
PROD
client.file_chunk_size
SCP/SFTP chunk size
Environment:
RADKIT_CLIENT_FILE_CHUNK_SIZECommand-line:
--setting client.file_chunk_sizeTOML: section
[client], settingfile_chunk_sizeType: integer
Default:
65536
client.request_send_timeout
Time (in seconds) after which request will be canceled if the request is not delivered to the service.
Environment:
RADKIT_CLIENT_REQUEST_SEND_TIMEOUTCommand-line:
--setting client.request_send_timeoutTOML: section
[client], settingrequest_send_timeoutType: float
Default:
60.0
client.debug_requests
Remember requests and their RPC protocol messages. Useful for debugging, but increases memory usage.
Environment:
RADKIT_CLIENT_DEBUG_REQUESTSCommand-line:
--setting client.debug_requestsTOML: section
[client], settingdebug_requestsType: boolean
Default:
False
client.sso_login_open_browser_default
Enable opening the browser during SSO login by default, otherwise prints the link to the console. Value not taken into account on Linux OS.
Environment:
RADKIT_CLIENT_SSO_LOGIN_OPEN_BROWSER_DEFAULTCommand-line:
--setting client.sso_login_open_browser_defaultTOML: section
[client], settingsso_login_open_browser_defaultType: boolean
Default:
True
client.use_e2ee_default
Default end-to-end encryption setting.
All possible choices are defined in this class UseE2EE.
Environment:
RADKIT_CLIENT_USE_E2EE_DEFAULTCommand-line:
--setting client.use_e2ee_defaultTOML: section
[client], settinguse_e2ee_defaultType: string
Default:
WHEN_AVAILABLE
client.use_h2_when_available
Use H2 multiplexing for RPC calls when available to improve the performance.
Environment:
RADKIT_CLIENT_USE_H2_WHEN_AVAILABLECommand-line:
--setting client.use_h2_when_availableTOML: section
[client], settinguse_h2_when_availableType: boolean
Default:
False
client.enable_cloud_request_resubmit
Enable resubmitting a request to the Cloud Client after it previously failed. Note that
the cloud client will return failed states when the request is rejected by the cloud,
which usually means repeating the request does not make sense, however, this setting
is introduced to enable retrying anyways, accommodating for the low chance of a cloud defect.
The frequency of the retries is set by cloud_client.resubmit_interval.
Environment:
RADKIT_CLIENT_ENABLE_CLOUD_REQUEST_RESUBMITCommand-line:
--setting client.enable_cloud_request_resubmitTOML: section
[client], settingenable_cloud_request_resubmitType: boolean
Default:
False
client.proxy_forwarder.timeout
Time (in seconds) after which http request must be canceled by the service http implementation if the request is not answered by the device.
Environment:
RADKIT_CLIENT_PROXY_FORWARDER_TIMEOUTCommand-line:
--setting client.proxy_forwarder.timeoutTOML: section
[client.proxy_forwarder], settingtimeoutType: float
Default:
120.0
client.proxy_forwarder.h2_max_concurrent_streams
Maximum number of concurrent streams to open when using HTTP/2 multiplexing in the proxy forwarder.
Environment:
RADKIT_CLIENT_PROXY_FORWARDER_H2_MAX_CONCURRENT_STREAMSCommand-line:
--setting client.proxy_forwarder.h2_max_concurrent_streamsTOML: section
[client.proxy_forwarder], settingh2_max_concurrent_streamsType: integer
Default:
100
client.bdb.api_url
URL to perform BDB scripts against.
Environment:
RADKIT_CLIENT_BDB_API_URLCommand-line:
--setting client.bdb.api_urlTOML: section
[client.bdb], settingapi_urlType: string
Default:
https://scripts.cisco.com/api/v2
client.bdb.dev_mode
Run BDB scripts in dev mode.
Environment:
RADKIT_CLIENT_BDB_DEV_MODECommand-line:
--setting client.bdb.dev_modeTOML: section
[client.bdb], settingdev_modeType: boolean
Default:
False
client.bdb.is_experimental
Loader does not check permissions before executing the code.
Environment:
RADKIT_CLIENT_BDB_IS_EXPERIMENTALCommand-line:
--setting client.bdb.is_experimentalTOML: section
[client.bdb], settingis_experimentalType: boolean
Default:
False
client.bdb.allow_external
Allows to execute external scripts internally.
Environment:
RADKIT_CLIENT_BDB_ALLOW_EXTERNALCommand-line:
--setting client.bdb.allow_externalTOML: section
[client.bdb], settingallow_externalType: boolean
Default:
False
client.bdb.timeout
Time (in seconds) after which a BDB HTTP request times out.
Environment:
RADKIT_CLIENT_BDB_TIMEOUTCommand-line:
--setting client.bdb.timeoutTOML: section
[client.bdb], settingtimeoutType: number
Default:
10.0
client.cxd.token_url
Base URL to retrieve a CX Drive upload token.
Environment:
RADKIT_CLIENT_CXD_TOKEN_URLCommand-line:
--setting client.cxd.token_urlTOML: section
[client.cxd], settingtoken_urlType: string
Default:
https://cxd-token.cxapps.cisco.com/cxd/token
client.cxd.auth_url
URL to perform client-credentials authentication with CXD client credentials.
Environment:
RADKIT_CLIENT_CXD_AUTH_URLCommand-line:
--setting client.cxd.auth_urlTOML: section
[client.cxd], settingauth_urlType: string
Default:
https://int-id.cisco.com/oauth2/default/v1/token?grant_type=client_credentials
client.cxd.connection_timeout
Time in seconds to wait for an initial response from CX Drive for any CX Drive request.
Environment:
RADKIT_CLIENT_CXD_CONNECTION_TIMEOUTCommand-line:
--setting client.cxd.connection_timeoutTOML: section
[client.cxd], settingconnection_timeoutType: integer
Default:
60
client.password_policy.minimum_length
Minimal length of password (minimum value: 8)
Environment: N/A
Command-line: N/A
TOML: section
[client.password_policy], settingminimum_lengthType: integer
Default:
8
client.password_policy.minimum_lowercase_letters
Minimal number of lowercase letters in password (minimum value: 1)
Environment: N/A
Command-line: N/A
TOML: section
[client.password_policy], settingminimum_lowercase_lettersType: integer
Default:
1
client.password_policy.minimum_uppercase_letters
Minimal number of uppercase letters in password (minimum value: 1)
Environment: N/A
Command-line: N/A
TOML: section
[client.password_policy], settingminimum_uppercase_lettersType: integer
Default:
1
client.password_policy.minimum_digits
Minimal number of digits in password (minimum value: 1)
Environment: N/A
Command-line: N/A
TOML: section
[client.password_policy], settingminimum_digitsType: integer
Default:
1
client.password_policy.minimum_symbols
Minimal number of symbols in password (minimum value: 0)
Environment: N/A
Command-line: N/A
TOML: section
[client.password_policy], settingminimum_symbolsType: integer
Default:
0
client.password_policy.expiration_days
Days after which password needs to be changed.
Environment: N/A
Command-line: N/A
TOML: section
[client.password_policy], settingexpiration_daysType: integer
Default:
0
client.password_policy.expiration_warning_days
How many days earlier user should be notified about upcoming password expiration
Environment: N/A
Command-line: N/A
TOML: section
[client.password_policy], settingexpiration_warning_daysType: integer
Default:
7
client.password_policy.reuse_password_changes
Number of history entries for password reuse limitation
Environment: N/A
Command-line: N/A
TOML: section
[client.password_policy], settingreuse_password_changesType: integer
Default:
12
client.theme
Theme to be used in the CLI. Possible themes are: “light_font” or “dark_font”
Environment:
RADKIT_CLIENT_THEMECommand-line:
--setting client.themeTOML: section
[client], settingthemeType: string
Default:
DEFAULT
Network Console settings
client.network_console.profile
Profile script file path (relative to Network Console directory or absolute path)
Environment:
RADKIT_NETWORK_CONSOLE_PROFILECommand-line:
--setting client.network_console.profileTOML: section
[client.network_console], settingprofileType: string
Default:
profile.py
client.network_console.enable_history
Enable writing to history file
Environment:
RADKIT_NETWORK_CONSOLE_ENABLE_HISTORYCommand-line:
--setting client.network_console.enable_historyTOML: section
[client.network_console], settingenable_historyType: boolean
Default:
True
client.network_console.history
REPL history file path (relative to Network Console directory or absolute path)
Environment:
RADKIT_NETWORK_CONSOLE_HISTORYCommand-line:
--setting client.network_console.historyTOML: section
[client.network_console], settinghistoryType: string
Default:
.history
client.network_console.enable_sr_context
Enable integration with Cisco TAC Service Requests
Environment:
RADKIT_NETWORK_CONSOLE_ENABLE_SR_CONTEXTCommand-line:
--setting client.network_console.enable_sr_contextTOML: section
[client.network_console], settingenable_sr_contextType: boolean
Default:
True
client.network_console.auto_upload_by_default
Default behaviour for auto-upload when connecting to a service with SR context. Can be overridden by using the explicit keyword on service connection.
Environment:
RADKIT_NETWORK_CONSOLE_AUTO_UPLOAD_BY_DEFAULTCommand-line:
--setting client.network_console.auto_upload_by_defaultTOML: section
[client.network_console], settingauto_upload_by_defaultType: boolean
Default:
False
client.network_console.snmp_timeout
SNMP Timeout for SNMP queries through Network Console
Environment:
RADKIT_NETWORK_CONSOLE_SNMP_TIMEOUTCommand-line:
--setting client.network_console.snmp_timeoutTOML: section
[client.network_console], settingsnmp_timeoutType: integer
Default:
30
client.network_console.snmp_retries
SNMP Retries count for SNMP queries through Network Console
Environment:
RADKIT_NETWORK_CONSOLE_SNMP_RETRIESCommand-line:
--setting client.network_console.snmp_retriesTOML: section
[client.network_console], settingsnmp_retriesType: integer
Default:
3
Service settings
service.logging.file_name
Service log file name (relative to log directory)
Environment:
RADKIT_SERVICE_LOGGING_FILE_NAMECommand-line:
--setting service.logging.file_nameTOML: section
[service.logging], settingfile_nameType: string
Default:
service.log
service.logging.directory
Custom Service log directory (relative to Service directory or absolute path)
Environment:
RADKIT_SERVICE_LOGGING_DIRECTORYCommand-line:
--setting service.logging.directoryTOML: section
[service.logging], settingdirectoryType: string
Default:
None
service.logging.level
Logging level (CRITICAL=50, ERROR=40, WARNING=30, INFO=20, DEBUG=10, TRACE=5)
Environment:
RADKIT_SERVICE_LOGGING_LEVELCommand-line:
--setting service.logging.levelTOML: section
[service.logging], settinglevelType: integer or string
- Default:
integer:
20string:
INFO
service.logging.format
Logging format (TEXT or JSON)
Environment:
RADKIT_SERVICE_LOGGING_FORMATCommand-line:
--setting service.logging.formatTOML: section
[service.logging], settingformatType: string
Default:
TEXT
service.logging.cryptographic_logging_enabled
Enable logging of cryptographic connection setup and teardown.
Environment:
RADKIT_SERVICE_LOGGING_CRYPTOGRAPHIC_LOGGING_ENABLEDCommand-line:
--setting service.logging.cryptographic_logging_enabledTOML: section:
[service.logging], settingcryptographic_logging_enabledType: bool
Default: False
service.logging.tracebacks
Enable tracebacks for all exceptions
Environment:
RADKIT_SERVICE_LOGGING_TRACEBACKSCommand-line:
--setting service.logging.tracebacksTOML: section
[service.logging], settingtracebacksType: boolean
Default:
False
service.logging.file_size_limit_bytes
Maximum size of the service log file for size-based rotation. If set to 0, disables size-based rotation (time-based rotation only). If set to 1MB or more, enables size-based logging and sets the maximum file size. Accepts human-readable size strings like ‘1MB’, ‘1500kB’, ‘2GB’, ‘1MiB’, etc. Change of this setting requires manual restart of the Service.
Environment:
RADKIT_SERVICE_LOGGING_FILE_SIZE_LIMIT_BYTESCommand-line:
--setting service.logging.file_size_limit_bytesTOML: section
[service.logging], settingfile_size_limit_bytesType: string or integer
Default:
0
service.logging.backup_count
The maximum number of backups to retain for logs. For time-based file logging: This determines the number of days for which log backups will be kept. For size-based file logging: This specifies the number of backup files to retain, where the size of each file is limited by the file_size_limit_bytes configuration. Change of this setting requires manual restart of the Service.
Environment:
RADKIT_SERVICE_LOGGING_BACKUP_COUNTCommand-line:
--setting service.logging.backup_countTOML: section
[service.logging], settingbackup_countType: integer
Default:
14
service.logging.session_logging
Enable session logging
Environment:
RADKIT_SERVICE_LOGGING_SESSION_LOGGINGCommand-line:
--setting service.logging.session_loggingTOML: section
[service.logging], settingsession_loggingType: boolean
Default:
True
service.logging.session_log_directory
Custom Service session log directory
Environment:
RADKIT_SERVICE_LOGGING_SESSION_LOG_DIRECTORYCommand-line:
--setting service.logging.session_log_directoryTOML: section
[service.logging], settingsession_log_directoryType: string
Default:
None
service.logging.session_log_max_age
The number of days the session log is kept before it is being erased
Environment:
RADKIT_SERVICE_LOGGING_SESSION_LOG_MAX_AGECommand-line:
--setting service.logging.session_log_max_ageTOML: section
[service.logging], settingsession_log_max_ageType: integer
Default:
15
service.logging.session_log_file_size_limit_bytes
Maximum size of the session log file for size-based rotation. If set to 0, disables size-based rotation (time-based rotation only). If set to 1MB or more, enables size-based logging and sets the maximum file size. Accepts human-readable size strings like ‘1MB’, ‘1500kB’, ‘2GB’, ‘1MiB’, etc. Change of this setting requires manual restart of the Service.
Environment:
RADKIT_SERVICE_LOGGING_SESSION_LOG_FILE_SIZE_LIMIT_BYTESCommand-line:
--setting service.logging.session_log_file_size_limit_bytesTOML: section
[service.logging], settingsession_log_file_size_limit_bytesType: string or integer
Default:
0
service.logging.console_limit_replenish
Token bucket replenish rate per second for console log rate limiting. Setting this value to 0 will disable console logging rate limiting.
Environment:
RADKIT_SERVICE_LOGGING_CONSOLE_LIMIT_REPLENISHCommand-line:
--setting service.logging.console_limit_replenishTOML: section
[service.logging], settingconsole_limit_replenishType: integer
Default:
40
service.logging.console_limit_burst
Token bucket size (maximum burst) for console log rate limiting. Setting this value to 0 will disable console logging rate limiting.
Environment:
RADKIT_SERVICE_LOGGING_CONSOLE_LIMIT_BURSTCommand-line:
--setting service.logging.console_limit_burstTOML: section
[service.logging], settingconsole_limit_burstType: integer
Default:
120
service.logging.file_limit_replenish
Token bucket replenish rate per second for log file rate limiting. Setting this value to 0 will disable file logging rate limiting.
Environment:
RADKIT_SERVICE_LOGGING_FILE_LIMIT_REPLENISHCommand-line:
--setting service.logging.file_limit_replenishTOML: section
[service.logging], settingfile_limit_replenishType: integer
Default:
40
service.logging.file_limit_burst
Token bucket size (maximum burst) for log file rate limiting. Setting this value to 0 will disable file logging rate limiting.
Environment:
RADKIT_SERVICE_LOGGING_FILE_LIMIT_BURSTCommand-line:
--setting service.logging.file_limit_burstTOML: section
[service.logging], settingfile_limit_burstType: integer
Default:
120
service.logging.syslog_enabled
Enable SysLog UDP handler for sending log messages to a SysLog server. When enabled, SysLog
messages will use the same logging level as service.logging.level.
For detailed configuration examples and usage information, see SysLog Logging.
Environment:
RADKIT_SERVICE_LOGGING_SYSLOG_ENABLEDCommand-line:
--setting service.logging.syslog_enabledTOML: section
[service.logging], settingsyslog_enabledType: boolean
Default:
False
service.logging.syslog_host
SysLog server hostname or IP address. See SysLog Logging for configuration examples.
Environment:
RADKIT_SERVICE_LOGGING_SYSLOG_HOSTCommand-line:
--setting service.logging.syslog_hostTOML: section
[service.logging], settingsyslog_hostType: string
Default:
localhost
service.logging.syslog_port
SysLog server UDP port. See SysLog Logging for configuration examples.
Environment:
RADKIT_SERVICE_LOGGING_SYSLOG_PORTCommand-line:
--setting service.logging.syslog_portTOML: section
[service.logging], settingsyslog_portType: integer
Default:
514
service.logging.syslog_json
Send SysLog messages in JSON format instead of text format. When enabled, structured log data is sent as JSON objects, making it easier to parse and analyze in log aggregation systems. See SysLog Logging for configuration examples and format details.
Environment:
RADKIT_SERVICE_LOGGING_SYSLOG_JSONCommand-line:
--setting service.logging.syslog_jsonTOML: section
[service.logging], settingsyslog_jsonType: boolean
Default:
False
service.connectivity.enable_direct
Whether to allow direct RPC over http api
Environment:
RADKIT_SERVICE_CONNECTIVITY_ENABLE_DIRECTCommand-line:
--setting service.connectivity.enable_directTOML: section
[service.connectivity], settingenable_directType: boolean
Default:
True
service.connectivity.enable_cloud
Whether to connect to RADKit cloud and allow RPC from there
Environment:
RADKIT_SERVICE_CONNECTIVITY_ENABLE_CLOUDCommand-line:
--setting service.connectivity.enable_cloudTOML: section
[service.connectivity], settingenable_cloudType: boolean
Default:
True
service.connectivity.listen_addresses_direct_rpc
RPC listener address(es) (must be a list; default: [“0.0.0.0”, “::”] or [“0.0.0.0”])
Environment:
RADKIT_SERVICE_CONNECTIVITY_LISTEN_ADDRESSES_DIRECT_RPCCommand-line:
--setting service.connectivity.listen_addresses_direct_rpcTOML: section
[service.connectivity], settinglisten_addresses_direct_rpcType: array
Default for Windows when IPv6 is available:
["0.0.0.0", "::"]Default for Mac/Linux when IPv6 is available:
["::"](listens on both IPv4 and IPv6)Default for all platforms when only IPv4 is available:
["0.0.0.0"]
service.connectivity.port_direct_rpc
RPC listener port for the direct RPC socket
Environment:
RADKIT_SERVICE_CONNECTIVITY_PORT_DIRECT_RPCCommand-line:
--setting service.connectivity.port_direct_rpcTOML: section
[service.connectivity], settingport_direct_rpcType: integer
Default:
8181
service.connectivity.port_direct_rpc_dynamic
Assign another port when the default port is not available for the direct RPC socket
Environment:
RADKIT_SERVICE_CONNECTIVITY_PORT_DIRECT_RPC_DYNAMICCommand-line:
--setting service.connectivity.port_direct_rpc_dynamicTOML: section
[service.connectivity], settingport_direct_rpc_dynamicType: boolean
Default:
False
service.connectivity.default_domain
Default RADKit Cloud domain to connect to
Environment:
RADKIT_SERVICE_CONNECTIVITY_DEFAULT_DOMAINCommand-line:
--setting service.connectivity.default_domainTOML: section
[service.connectivity], settingdefault_domainType: string
Default:
PROD
service.connectivity.max_active_rpc_requests_warning
Maximum number of active RPC requests. Exceeding this threshold will result in warning logs being issued. Setting this value to 0 will disable active RPC requests limiter.
Environment:
RADKIT_SERVICE_CONNECTIVITY_MAX_ACTIVE_RPC_REQUESTS_WARNINGCommand-line:
--setting service.connectivity.max_active_rpc_requests_warningTOML: section
[service.connectivity], settingmax_active_rpc_requests_warningType: integer
Default:
1000
service.connectivity.max_active_rpc_requests_error
Number of active RPC requests after which all new requests are ignored. Setting this value to 0 will disable active RPC requests limiter.
Environment:
RADKIT_SERVICE_CONNECTIVITY_MAX_ACTIVE_RPC_REQUESTS_ERRORCommand-line:
--setting service.connectivity.max_active_rpc_requests_errorTOML: section
[service.connectivity], settingmax_active_rpc_requests_errorType: integer
Default:
2000
service.connectivity.enable_h2_rpc_transport
Enable RPC multiplexing for incoming requests using the H2 protocol. This can significantly improve the performance when many concurrent RPC requests are performed.
Environment:
RADKIT_SERVICE_CONNECTIVITY_ENABLE_H2_RPC_TRANSPORTCommand-line:
--setting service.connectivity.enable_h2_rpc_transportTOML: section
[service.connectivity], settingenable_h2_rpc_transportType: boolean
Default:
True
service.connectivity.enable_cloud_request_resubmit
Enable resubmitting a request to the Cloud after it previously failed. Note that the
cloud client will return failed states when the request is rejected by the cloud,
which usually means repeating the request does not make sense, however, this setting is
introduced to enable retrying anyways, accommodating for the low chance of a cloud defect.
The frequency of the retries is set by cloud_client.resubmit_interval.
Environment:
RADKIT_SERVICE_CONNECTIVITY_ENABLE_CLOUD_REQUEST_RESUBMITCommand-line:
--setting service.connectivity.enable_cloud_request_resubmitTOML: section
[service.connectivity], settingenable_cloud_request_resubmitType: boolean
Default:
True
service.connectivity.cloud_to_direct_access_token_timeout_minutes
Time in minutes that a RADKit client can take to establish a direct connection to this radkit_service with an access token after obtaining an access token through the cloud.
Environment:
RADKIT_SERVICE_CONNECTIVITY_CLOUD_TO_DIRECT_ACCESS_TOKEN_TIMEOUT_MINUTESCommand-line:
--setting service.connectivity.cloud_to_direct_access_token_timeout_minutesTOML: section
[service.connectivity], settingcloud_to_direct_access_token_timeout_minutesType: number
Default:
10
service.terminal_enable_timeout
Timeout for enable password in seconds
Environment:
RADKIT_SERVICE_TERMINAL_ENABLE_TIMEOUTCommand-line:
--setting service.terminal_enable_timeoutTOML: section
[service], settingterminal_enable_timeoutType: number
Default:
3
service.ui.enable_web_ui
Enable the radkit-service web server for the service management
Environment:
RADKIT_SERVICE_UI_ENABLE_WEB_UICommand-line:
--setting service.ui.enable_web_uiTOML: section
[service.ui], settingenable_web_uiType: boolean
Default:
True
service.ui.session_idle_timeout_minutes
Time of idleness in minutes after which the session is terminated
Environment:
RADKIT_SERVICE_UI_SESSION_IDLE_TIMEOUT_MINUTESCommand-line:
--setting service.ui.session_idle_timeout_minutesTOML: section
[service.ui], settingsession_idle_timeout_minutesType: integer
Default:
30
service.ui.session_absolute_timeout_minutes
Time in minutes after which the session is terminated
Environment:
RADKIT_SERVICE_UI_SESSION_ABSOLUTE_TIMEOUT_MINUTESCommand-line:
--setting service.ui.session_absolute_timeout_minutesTOML: section
[service.ui], settingsession_absolute_timeout_minutesType: integer
Default:
720
service.ui.listen_addresses
UI/API listener address(es) (must be a list)
Environment:
RADKIT_SERVICE_UI_LISTEN_ADDRESSESCommand-line:
--setting service.ui.listen_addressesTOML: section
[service.ui], settinglisten_addressesType: array
Default for Windows when IPv6 is available:
["0.0.0.0", "::"]Default for Mac/Linux when IPv6 is available:
["::"](listens on both IPv4 and IPv6)Default for all platforms when only IPv4 is available:
["0.0.0.0"]
service.ui.port_https
UI/API listener port (HTTPS)
Environment:
RADKIT_SERVICE_UI_PORT_HTTPSCommand-line:
--setting service.ui.port_httpsTOML: section
[service.ui], settingport_httpsType: integer
Default:
8081
service.ui.port_https_dynamic
Enable the dynamic selection of an HTTPS port for listening in the event that the default port is unavailable.
Environment:
RADKIT_SERVICE_UI_PORT_HTTPS_DYNAMICCommand-line:
--setting service.ui.port_https_dynamicTOML: section
[service.ui], settingport_https_dynamicType: boolean
Default:
FalseDefault when using Service GUI:
True
service.ui.cert_file
UI/API certificate file path (relative to Service directory or absolute path)
Environment:
RADKIT_SERVICE_UI_CERT_FILECommand-line:
--setting service.ui.cert_fileTOML: section
[service.ui], settingcert_fileType: string
Default:
webserver.pem
service.ui.key_file
UI/API key file path (relative to Service directory or absolute path)
Environment:
RADKIT_SERVICE_UI_KEY_FILECommand-line:
--setting service.ui.key_fileTOML: section
[service.ui], settingkey_fileType: string
Default:
webserver.key
service.ui.cert_chain_file
UI/API cert chain file path (relative to Service directory or absolute path)
Environment:
RADKIT_SERVICE_UI_CERT_CHAIN_FILECommand-line:
--setting service.ui.cert_chain_fileTOML: section
[service.ui], settingcert_chain_fileType: string
Default:
cert_chain.pem
service.e2ee.cert_file
End-to-end encryption certificate file path (relative to Service directory or absolute path)
Environment:
RADKIT_SERVICE_E2EE_CERT_FILECommand-line:
--setting service.e2ee.cert_fileTOML: section
[service.e2ee], settingcert_fileType: string
Default:
e2ee.pem
service.e2ee.key_file
End-to-end encryption key file path (relative to Service directory or absolute path)
Environment:
RADKIT_SERVICE_E2EE_KEY_FILECommand-line:
--setting service.e2ee.key_fileTOML: section
[service.e2ee], settingkey_fileType: string
Default:
e2ee.key
service.e2ee.require_e2ee
Enforce usage of end-to-end encrypted RPC calls. Setting to true will refuse
non end-to-end encrypted requests, except for get-capabilities.
Environment:
RADKIT_SERVICE_E2EE_REQUIRE_E2EECommand-line:
--setting service.e2ee.require_e2eeTOML: section
[service.e2ee], settingrequire_e2eeType: boolean
Default:
True
service.e2ee.require_e2ee_session_verification
Enable end-to-end session verification. Clients will have to pass an access token and an E2EE fingerprint in order to connect to this service.
Environment:
RADKIT_SERVICE_E2EE_REQUIRE_E2EE_SESSION_VERIFICATIONCommand-line:
--setting service.e2ee.require_e2ee_session_verificationTOML: section
[service.e2ee], settingrequire_e2ee_session_verificationType: boolean
Default:
False
service.database.enable_dbshell_history
Enable database shell history for service database operations.
Environment:
RADKIT_SERVICE_ENABLE_DBSHELL_HISTORYCommand-line:
--setting service.database.enable_dbshell_historyTOML: section
[service.database], settingenable_dbshell_historyType: boolean
Default:
True
service.database.service_database_name
Service database file
Environment:
RADKIT_SERVICE_DATABASE_SERVICE_DATABASE_NAMECommand-line:
--setting service.database.service_database_nameTOML: section
[service.database], settingservice_database_nameType: string
Default:
service-db.json.encrypted
service.devices_proxy.url
HTTP proxy URL used by HTTP and Swagger device connections
Environment:
RADKIT_SERVICE_DEVICES_PROXY_URLCommand-line:
--setting service.devices_proxy.urlTOML: section
[service.devices_proxy], settingurlType: string
Default:
None
service.devices_proxy.username
HTTP proxy username used by HTTP and Swagger device connections (Basic authentication only)
Environment:
RADKIT_SERVICE_DEVICES_PROXY_USERNAMECommand-line:
--setting service.devices_proxy.usernameTOML: section
[service.devices_proxy], settingusernameType: string
Default:
None
service.devices_proxy.password
HTTP proxy password used by HTTP and Swagger device connections (Basic authentication only)
Environment:
RADKIT_SERVICE_DEVICES_PROXY_PASSWORDCommand-line:
--setting service.devices_proxy.passwordTOML: section
[service.devices_proxy], settingpasswordType: string
Default:
None
service.devices_proxy.fall_back_to_environment
When set to True and no proxy is configured in settings, use the proxy set in the environment
variables HTTPS_PROXY or ALL_PROXY to connect to devices. Does not check NO_PROXY.
Environment:
RADKIT_SERVICE_DEVICES_PROXY_FALL_BACK_TO_ENVIRONMENTCommand-line:
--setting service.devices_proxy.fall_back_to_environmentTOML: section
[service.devices_proxy], settingfall_back_to_environmentType: boolean
Default:
False
service.connectors.request_timeout
Note
Added in version 1.6.5
API request timeout when contacting external inventory sources
Environment:
RADKIT_SERVICE_CONNECTORS_REQUEST_TIMEOUTCommand-line:
--setting service.connectors.request_timeoutTOML: section
[service.connectors], settingrequest_timeoutType: float
Default:
120
service.rbac.device_access_control
Enable per-device access control
Environment:
RADKIT_SERVICE_RBAC_DEVICE_ACCESS_CONTROLCommand-line:
--setting service.rbac.device_access_controlTOML: section
[service.rbac], settingdevice_access_controlType: boolean
Default:
False
service.rbac.dynamic_remote_users
Enable dynamic remote users (EXPERIMENTAL)
Environment:
RADKIT_SERVICE_RBAC_DYNAMIC_REMOTE_USERSCommand-line:
--setting service.rbac.dynamic_remote_usersTOML: section
[service.rbac], settingdynamic_remote_usersType: boolean
Default:
False
service.ssh.reconnect_timer
Interval between SSH reconnection attempts in seconds
Environment:
RADKIT_SERVICE_SSH_RECONNECT_TIMERCommand-line:
--setting service.ssh.reconnect_timerTOML: section
[service.ssh], settingreconnect_timerType: number
Default:
2
service.ssh.reconnect_attempts
Number of SSH reconnection attempts
Environment:
RADKIT_SERVICE_SSH_RECONNECT_ATTEMPTSCommand-line:
--setting service.ssh.reconnect_attemptsTOML: section
[service.ssh], settingreconnect_attemptsType: integer
Default:
0
service.ssh.connection_timeout
SSH connection timeout in seconds
Environment:
RADKIT_SERVICE_SSH_CONNECTION_TIMEOUTCommand-line:
--setting service.ssh.connection_timeoutTOML: section
[service.ssh], settingconnection_timeoutType: number
Default:
30
service.ssh.keepalive_count_max
Number of SSH keepalives which may be sent without receiving any messages from the server, beyond which the session will be terminated
Environment:
RADKIT_SERVICE_SSH_KEEPALIVE_COUNT_MAXCommand-line:
--setting service.ssh.keepalive_count_maxTOML: section
[service.ssh], settingkeepalive_count_maxType: integer
Default:
3
service.ssh.keepalive_interval
Interval between SSH keepalives (0 = do not send)
Environment:
RADKIT_SERVICE_SSH_KEEPALIVE_INTERVALCommand-line:
--setting service.ssh.keepalive_intervalTOML: section
[service.ssh], settingkeepalive_intervalType: number
Default:
60
service.ssh.keepalive_send_always
Always send SSH keepalives, even if data is being received from the server
Environment:
RADKIT_SERVICE_SSH_KEEPALIVE_SEND_ALWAYSCommand-line:
--setting service.ssh.keepalive_send_alwaysTOML: section
[service.ssh], settingkeepalive_send_alwaysType: boolean
Default:
True
service.ssh.jumphost_max_depth
Maximum number of jumphosts in a chain
Environment:
RADKIT_SERVICE_SSH_JUMPHOST_MAX_DEPTHCommand-line:
--setting service.ssh.jumphost_max_depthTOML: section
[service.ssh], settingjumphost_max_depthType: integer
Default:
5
service.ssh.fall_back_to_environment
When set to True, load various ssh settings/certs/keys from ~/.ssh
Environment:
RADKIT_SERVICE_SSH_FALL_BACK_TO_ENVIRONMENTCommand-line:
--setting service.ssh.fall_back_to_environmentTOML: section
[service.ssh], settingfall_back_to_environmentType: boolean
Default:
False
service.ssh.asyncssh_log_level
Logging level for asyncssh (CRITICAL=50, ERROR=40, WARNING=30, INFO=20, DEBUG=10)
Environment:
RADKIT_SERVICE_SSH_ASYNCSSH_LOG_LEVELCommand-line:
--setting service.ssh.asyncssh_log_levelTOML: section
[service.ssh], settingasyncssh_log_levelType: integer
Default:
0
service.ssh.asyncssh_debug_level
Debugging level for asyncssh (1=minimal, 2=verbose, 3=trace)
Environment:
RADKIT_SERVICE_SSH_ASYNCSSH_DEBUG_LEVELCommand-line:
--setting service.ssh.asyncssh_debug_levelTOML: section
[service.ssh], settingasyncssh_debug_levelType: integer
Default:
1
service.telnet.connection_timeout
Telnet connection timeout in seconds
Environment:
RADKIT_SERVICE_TELNET_CONNECTION_TIMEOUTCommand-line:
--setting service.telnet.connection_timeoutTOML: section
[service.telnet], settingconnection_timeoutType: number
Default:
15
service.swagger_runner.get_paths_default_timeout
Default timeout used for getting Swagger paths
Environment:
RADKIT_SERVICE_SWAGGER_RUNNER_GET_PATHS_DEFAULT_TIMEOUTCommand-line:
--setting service.swagger_runner.get_paths_default_timeoutTOML: section
[service.swagger_runner], settingget_paths_default_timeoutType: number
Default:
10.0
service.swagger_runner.call_path_default_timeout
Default timeout used for calling Swagger paths
Environment:
RADKIT_SERVICE_SWAGGER_RUNNER_CALL_PATH_DEFAULT_TIMEOUTCommand-line:
--setting service.swagger_runner.call_path_default_timeoutTOML: section
[service.swagger_runner], settingcall_path_default_timeoutType: number
Default:
10.0
service.swagger_runner.timeout_limit
Maximum allowed timeout for Swagger actions. If request timeout will be greater than the limit, limit value will be used.
Environment:
RADKIT_SERVICE_SWAGGER_RUNNER_TIMEOUT_LIMITCommand-line:
--setting service.swagger_runner.timeout_limitTOML: section
[service.swagger_runner], settingtimeout_limitType: number
Default:
300.0
service.swagger_runner.connections_soft_limit
Concurrent Swagger connections threshold beyond which idle connections will be cancelled
Environment:
RADKIT_SERVICE_SWAGGER_RUNNER_CONNECTIONS_SOFT_LIMITCommand-line:
--setting service.swagger_runner.connections_soft_limitTOML: section
[service.swagger_runner], settingconnections_soft_limitType: integer
Default:
80
service.swagger_runner.connections_hard_limit
Maximum number of concurrent Swagger connections
Environment:
RADKIT_SERVICE_SWAGGER_RUNNER_CONNECTIONS_HARD_LIMITCommand-line:
--setting service.swagger_runner.connections_hard_limitTOML: section
[service.swagger_runner], settingconnections_hard_limitType: integer
Default:
100
service.command_runner.command_timeout
Timeout for a single Terminal command (how long we will wait for the device to answer) in seconds
Environment:
RADKIT_SERVICE_COMMAND_RUNNER_COMMAND_TIMEOUTCommand-line:
--setting service.command_runner.command_timeoutTOML: section
[service.command_runner], settingcommand_timeoutType: number
Default:
30
service.command_runner.prepare_timeout
Timeout for preparing connection to the device, in seconds. It takes into account establishing the connection and provisioning.
Environment:
RADKIT_SERVICE_COMMAND_RUNNER_PREPARE_TIMEOUTCommand-line:
--setting service.command_runner.prepare_timeoutTOML: section
[service.command_runner], settingprepare_timeoutType: float
Default:
30
service.command_runner.connections_soft_limit
Concurrent Terminal connections threshold beyond which idle connections will be cancelled
Environment:
RADKIT_SERVICE_COMMAND_RUNNER_CONNECTIONS_SOFT_LIMITCommand-line:
--setting service.command_runner.connections_soft_limitTOML: section
[service.command_runner], settingconnections_soft_limitType: integer
Default:
80
service.command_runner.connections_hard_limit
Maximum number of Terminal concurrent connections
Environment:
RADKIT_SERVICE_COMMAND_RUNNER_CONNECTIONS_HARD_LIMITCommand-line:
--setting service.command_runner.connections_hard_limitTOML: section
[service.command_runner], settingconnections_hard_limitType: integer
Default:
100
service.netconf_runner.use_local_cache
Use local cache
Environment:
RADKIT_SERVICE_NETCONF_RUNNER_USE_LOCAL_CACHECommand-line:
--setting service.netconf_runner.use_local_cacheTOML: section
[service.netconf_runner], settinguse_local_cacheType: boolean
Default:
True
service.netconf_runner.cache_dir
Cache directory name
Environment:
RADKIT_SERVICE_NETCONF_RUNNER_CACHE_DIRCommand-line:
--setting service.netconf_runner.cache_dirTOML: section
[service.netconf_runner], settingcache_dirType: string
Default:
yang_cache
service.netconf_runner.connection_timeout
Netconf connection timeout
Environment:
RADKIT_SERVICE_NETCONF_RUNNER_CONNECTION_TIMEOUTCommand-line:
--setting service.netconf_runner.connection_timeoutTOML: section
[service.netconf_runner], settingconnection_timeoutType: number
Default:
5
service.netconf_runner.reconnect_timer
Interval between Netconf reconnection attempts in seconds
Environment:
RADKIT_SERVICE_NETCONF_RUNNER_RECONNECT_TIMERCommand-line:
--setting service.netconf_runner.reconnect_timerTOML: section
[service.netconf_runner], settingreconnect_timerType: number
Default:
2
service.netconf_runner.reconnect_attempts
Number of Netconf reconnection attempts
Environment:
RADKIT_SERVICE_NETCONF_RUNNER_RECONNECT_ATTEMPTSCommand-line:
--setting service.netconf_runner.reconnect_attemptsTOML: section
[service.netconf_runner], settingreconnect_attemptsType: integer
Default:
5
service.netconf_runner.keepalive_interval
SSH/Netconf keepalive interval in seconds
Environment:
RADKIT_SERVICE_NETCONF_RUNNER_KEEPALIVE_INTERVALCommand-line:
--setting service.netconf_runner.keepalive_intervalTOML: section
[service.netconf_runner], settingkeepalive_intervalType: number
Default:
60
service.netconf_runner.max_converter_threads
Max number of YANG->JSON converter threads
Environment:
RADKIT_SERVICE_NETCONF_RUNNER_MAX_CONVERTER_THREADSCommand-line:
--setting service.netconf_runner.max_converter_threadsTOML: section
[service.netconf_runner], settingmax_converter_threadsType: integer
Default:
5
service.netconf_runner.get_capabilities_timeout
Get Capabilities timeout in seconds
Environment:
RADKIT_SERVICE_NETCONF_RUNNER_GET_CAPABILITIES_TIMEOUTCommand-line:
--setting service.netconf_runner.get_capabilities_timeoutTOML: section
[service.netconf_runner], settingget_capabilities_timeoutType: number
Default:
7200
service.netconf_runner.get_xpath_timeout
Get XPath timeout in seconds
Environment:
RADKIT_SERVICE_NETCONF_RUNNER_GET_XPATH_TIMEOUTCommand-line:
--setting service.netconf_runner.get_xpath_timeoutTOML: section
[service.netconf_runner], settingget_xpath_timeoutType: number
Default:
5
service.netconf_runner.connections_soft_limit
Concurrent Netconf connections threshold beyond which idle connections will be cancelled
Environment:
RADKIT_SERVICE_NETCONF_RUNNER_CONNECTIONS_SOFT_LIMITCommand-line:
--setting service.netconf_runner.connections_soft_limitTOML: section
[service.netconf_runner], settingconnections_soft_limitType: integer
Default:
80
service.netconf_runner.connections_hard_limit
Maximum number of concurrent Netconf connections
Environment:
RADKIT_SERVICE_NETCONF_RUNNER_CONNECTIONS_HARD_LIMITCommand-line:
--setting service.netconf_runner.connections_hard_limitTOML: section
[service.netconf_runner], settingconnections_hard_limitType: integer
Default:
100
service.snmp_runner.default_timeout
Default timeout used for every SNMP request, in seconds. Used if no timeout is passed by radkit-client
Environment:
RADKIT_SERVICE_SNMP_RUNNER_DEFAULT_TIMEOUTCommand-line:
--setting service.snmp_runner.default_timeoutTOML: section
[service.snmp_runner], settingdefault_timeoutType: number
Default:
1.0
service.snmp_runner.max_timeout
Maximum timeout used for every SNMP request, in seconds. Used if the timeout passed by radkit-client is greater than this
Environment:
RADKIT_SERVICE_SNMP_RUNNER_MAX_TIMEOUTCommand-line:
--setting service.snmp_runner.max_timeoutTOML: section
[service.snmp_runner], settingmax_timeoutType: number
Default:
120.0
service.snmp_runner.default_limit
Number of entries requested per get_bulk request, by default
Environment:
RADKIT_SERVICE_SNMP_RUNNER_DEFAULT_LIMITCommand-line:
--setting service.snmp_runner.default_limitTOML: section
[service.snmp_runner], settingdefault_limitType: integer
Default:
50
service.snmp_runner.max_limit
Number of entries requested per get_bulk request, ever
Environment:
RADKIT_SERVICE_SNMP_RUNNER_MAX_LIMITCommand-line:
--setting service.snmp_runner.max_limitTOML: section
[service.snmp_runner], settingmax_limitType: integer
Default:
5000
service.snmp_runner.default_retries
Number of times to retry each SNMP request, by default.
Environment:
RADKIT_SERVICE_SNMP_RUNNER_DEFAULT_RETRIESCommand-line:
--setting service.snmp_runner.default_retriesTOML: section
[service.snmp_runner], settingdefault_retriesType: integer
Default:
5
service.snmp_runner.max_retries
Number of times to retry each SNMP request, maximum.
Environment:
RADKIT_SERVICE_SNMP_RUNNER_MAX_RETRIESCommand-line:
--setting service.snmp_runner.max_retriesTOML: section
[service.snmp_runner], settingmax_retriesType: integer
Default:
50
service.http_runner.default_timeout
Default timeout used for every HTTP request.
Environment:
RADKIT_SERVICE_HTTP_RUNNER_DEFAULT_TIMEOUTCommand-line:
--setting service.http_runner.default_timeoutTOML: section
[service.http_runner], settingdefault_timeoutType: number
Default:
10.0
service.http_runner.authentication_timeout
Timeout for performing the authentication flow for HTTP requests.
Environment:
RADKIT_SERVICE_HTTP_RUNNER_AUTHENTICATION_TIMEOUTCommand-line:
--setting service.http_runner.authentication_timeoutTOML: section
[service.http_runner], settingauthentication_timeoutType: number
Default:
120.0
service.http_runner.timeout_limit
Maximum allowed timeout the HTTP request. If request timeout will be greater than the limit, limit value will be used.
Environment:
RADKIT_SERVICE_HTTP_RUNNER_TIMEOUT_LIMITCommand-line:
--setting service.http_runner.timeout_limitTOML: section
[service.http_runner], settingtimeout_limitType: number
Default:
300.0
service.http_runner.connections_hard_limit
Maximum number of concurrent HTTP connections for all the devices.
Environment:
RADKIT_SERVICE_HTTP_RUNNER_CONNECTIONS_HARD_LIMITCommand-line:
--setting service.http_runner.connections_hard_limitTOML: section
[service.http_runner], settingconnections_hard_limitType: integer
Default:
100
service.http_runner.limit_max_connections
Determines the maximum number of connections that can be active at any given time to a specific device.
Environment:
RADKIT_SERVICE_HTTP_RUNNER_LIMIT_MAX_CONNECTIONSCommand-line:
--setting service.http_runner.limit_max_connectionsTOML: section
[service.http_runner], settinglimit_max_connectionsType: integer
Default:
100
service.http_runner.limit_max_keepalive_connections
Determines the maximum number of keep-alive connections that can be active at any given time to a specific device.
Environment:
RADKIT_SERVICE_HTTP_RUNNER_LIMIT_MAX_KEEPALIVE_CONNECTIONSCommand-line:
--setting service.http_runner.limit_max_keepalive_connectionsTOML: section
[service.http_runner], settinglimit_max_keepalive_connectionsType: integer
Default:
20
service.http_runner.limit_keepalive_connections_expiry_seconds
Sets the duration for which keep-alive connections can remain active before expiring in seconds. Value 0 means do not limit.
Environment:
RADKIT_SERVICE_HTTP_RUNNER_LIMIT_KEEPALIVE_CONNECTIONS_EXPIRY_SECONDSCommand-line:
--setting service.http_runner.limit_keepalive_connections_expiry_secondsTOML: section
[service.http_runner], settinglimit_keepalive_connections_expiry_secondsType: float
Default:
0
service.http_runner.http2_enabled
Enables version 2 of the HTTP protocol
Environment:
RADKIT_SERVICE_HTTP_RUNNER_HTTP2_ENABLEDCommand-line:
--setting service.http_runner.http2_enabledTOML: section
[service.http_runner], settinghttp2_enabledType: boolean
Default:
True
service.terminal_proxy_runner.connections_hard_limit
Maximum number of Terminal proxy concurrent connections
Environment:
RADKIT_SERVICE_TERMINAL_PROXY_RUNNER_CONNECTIONS_HARD_LIMITCommand-line:
--setting service.terminal_proxy_runner.connections_hard_limitTOML: section
[service.terminal_proxy_runner], settingconnections_hard_limitType: integer
Default:
100
service.tcp_tunneling_runner.connections_hard_limit
Maximum number of concurrent TCP tunnels
Environment:
RADKIT_SERVICE_TCP_TUNNELING_RUNNER_CONNECTIONS_HARD_LIMITCommand-line:
--setting service.tcp_tunneling_runner.connections_hard_limitTOML: section
[service.tcp_tunneling_runner], settingconnections_hard_limitType: integer
Default:
100
service.password_policy.minimum_length
Minimal length of password (minimum value: 8)
Environment: N/A
Command-line: N/A
TOML: section
[service.password_policy], settingminimum_lengthType: integer
Default:
8
service.password_policy.minimum_lowercase_letters
Minimal number of lowercase letters in password (minimum value: 1)
Environment: N/A
Command-line: N/A
TOML: section
[service.password_policy], settingminimum_lowercase_lettersType: integer
Default:
1
service.password_policy.minimum_uppercase_letters
Minimal number of uppercase letters in password (minimum value: 1)
Environment: N/A
Command-line: N/A
TOML: section
[service.password_policy], settingminimum_uppercase_lettersType: integer
Default:
1
service.password_policy.minimum_digits
Minimal number of digits in password (minimum value: 1)
Environment: N/A
Command-line: N/A
TOML: section
[service.password_policy], settingminimum_digitsType: integer
Default:
1
service.password_policy.minimum_symbols
Minimal number of symbols in password (minimum value: 0)
Environment: N/A
Command-line: N/A
TOML: section
[service.password_policy], settingminimum_symbolsType: integer
Default:
0
service.password_policy.expiration_days
Days after which password needs to be changed.
Environment: N/A
Command-line: N/A
TOML: section
[service.password_policy], settingexpiration_daysType: integer
Default:
0
service.password_policy.expiration_warning_days
How many days earlier user should be notified about upcoming password expiration
Environment: N/A
Command-line: N/A
TOML: section
[service.password_policy], settingexpiration_warning_daysType: integer
Default:
7
service.password_policy.reuse_password_changes
Number of history entries for password reuse limitation
Environment: N/A
Command-line: N/A
TOML: section
[service.password_policy], settingreuse_password_changesType: integer
Default:
12
Control settings
Note
RADKit Control has its own proxy settings, control.proxy.* which are separate from
those of the Client and Service, cloud_client.proxy.*. The latter are used for
connecting to the RADKit Cloud, while the former are used for connecting to a remote
RADKit Service.
control.service_url
URL to Service API endpoint
Environment:
RADKIT_CONTROL_SERVICE_URLCommand-line:
--setting control.service_urlTOML: section
[control], settingservice_urlType: string
Default:
https://localhost:8081/api/v1
control.service_certificate
Path to a certificate file identifying the Service.
Environment:
RADKIT_CONTROL_SERVICE_CERTIFICATECommand-line:
--setting control.service_certificateTOML: section
[control], settingservice_certificateType: FilePath
Default:
None
control.service_fingerprint
Service certificate fingerprint used to verify TLS connection. The fingerprint should use SHA256 hash.
Environment:
RADKIT_CONTROL_SERVICE_FINGERPRINTCommand-line:
--setting control.service_fingerprintTOML: section
[control], settingservice_fingerprintType: string
Default:
None
control.admin_name
Service admin name
Environment:
RADKIT_CONTROL_ADMIN_NAMECommand-line:
--setting control.admin_nameTOML: section
[control], settingadmin_nameType: string
Default:
superadmin
control.admin_password
Service admin password. Storing a password in the settings file is highly discouraged.
Environment:
RADKIT_CONTROL_ADMIN_PASSWORDCommand-line:
--setting control.admin_passwordTOML: section
[control], settingadmin_passwordType: string
Default:
None
control.admin_password_base64
Service admin password encoded using BASE64. Storing a password in the settings file is highly discouraged.
Environment:
RADKIT_CONTROL_ADMIN_PASSWORD_BASE64Command-line:
--setting control.admin_password_base64TOML: section
[control], settingadmin_password_base64Type: string
Default:
None
control.admin_password_file
Path to a file where the Service admin password is stored. Storing a password long-term in a user-accessible file is highly discouraged. This setting is recommended for automation only. The password file should not be readable by group/other.
Environment:
RADKIT_CONTROL_ADMIN_PASSWORD_FILECommand-line:
--setting control.admin_password_fileTOML: section
[control], settingadmin_password_fileType: string
Default:
None
control.log_format
Logging format string
Environment:
RADKIT_CONTROL_LOG_FORMATCommand-line:
--setting control.log_formatTOML: section
[control], settinglog_formatType: string
Default:
%(message)s%(keyval)s
control.date_format
Logging date format string (NOT USED)
Environment:
RADKIT_CONTROL_DATE_FORMATCommand-line:
--setting control.date_formatTOML: section
[control], settingdate_formatType: string
Default:
%Y-%m-%dT%H:%M:%S
control.main_logging_level
Logging level for RADKit Control modules
Environment:
RADKIT_CONTROL_MAIN_LOGGING_LEVELCommand-line:
--setting control.main_logging_levelTOML: section
[control], settingmain_logging_levelType: integer
Default:
40
control.root_logging_level
Logging level for third-party Python modules
Environment:
RADKIT_CONTROL_ROOT_LOGGING_LEVELCommand-line:
--setting control.root_logging_levelTOML: section
[control], settingroot_logging_levelType: integer
Default:
40
control.request_timeout
The timeout configuration to use when sending requests to the Service
Environment:
RADKIT_CONTROL_REQUEST_TIMEOUTCommand-line:
--setting control.request_timeoutTOML: section
[control], settingrequest_timeoutType: float
Default:
5.0
control.proxy.url
Proxy URL for connecting to the RADKit Service
Environment:
RADKIT_CONTROL_PROXY_URLCommand-line:
--setting control.proxy.urlTOML: section
[control.proxy], settingurlType: string
Default:
None
control.proxy.username
Proxy username (Basic authentication only)
Environment:
RADKIT_CONTROL_PROXY_USERNAMECommand-line:
--setting control.proxy.usernameTOML: section
[control.proxy], settingusernameType: string
Default:
None
control.proxy.password
Proxy password (Basic authentication only)
Environment:
RADKIT_CONTROL_PROXY_PASSWORDCommand-line:
--setting control.proxy.passwordTOML: section
[control.proxy], settingpasswordType: string
Default:
None
control.proxy.no_proxy
Comma-separated list of hosts that should not be accessed through the proxy defined by
control.proxy.url
Environment:
RADKIT_CONTROL_PROXY_NO_PROXYCommand-line:
--setting control.proxy.no_proxyTOML: section
[control.proxy], settingno_proxyType: string
Default:
NoneExample:
"localhost,127.0.0.0/8,::1,*.cisco.com,10.*"
control.proxy.fall_back_to_environment
When set to True and no proxy is configured in settings, use the proxy set in the environment
variables WSS_PROXY, HTTPS_PROXY, or ALL_PROXY to connect to RADKit service.
Also checks the service url against NO_PROXY.
Environment:
RADKIT_CONTROL_PROXY_FALL_BACK_TO_ENVIRONMENTCommand-line:
--setting control.proxy.fall_back_to_environmentTOML: section
[control.proxy], settingfall_back_to_environmentType: boolean
Default:
True