Skip to content

Installation Parameters

The parameters order

The installer is strictly command line based and all configuration and parameters are passed in values files or as single arguments to the installer script.

If the same parameter is passed to the installer several times the last in order will override the previous ones.

If a values yaml file that can hold many parameters structured in the yaml standard with the values:

**example-values.yaml

global:
namespace: exampleprod
customerCode: example
environmentType: prod
solutionSetName: My Groovy Solution!!
replicas: 2

ifsappproxy:
accessLog: enabled

If above ifscloud-values.yaml is passed to the installer, and the parameter is also passed to the installer like this:

.\installer.cmd --values ifscloud-values.yaml --set ifsappproxy.accessLog=enabled --set global.replicas=1

the installer will use the "enabled" value of the parameter ifsappproxy.accessLog and "1" of the global.replicas since that was passed as a "--set" in the command line. So "--set" wins over "values" and if the same parameter is "--set" several times the last will win.

.\installer.cmd --values ifscloud-values.yaml  --values solutionset.yaml

in this example the "solutionSetName: My Groovy Solution!!" will be overwritten by the solutionSetName that is always defined parameter in a solutionset.yaml files.

IFS cloud values file

All configuration files and certificates should be placed in the config folder according to the folder structure in Windows Management Server.

This is a good starting point: Follow this link to get an example template of ifscloud-values.yaml .

Use the parameter guidance in the sections below to fill in the values in the ifscloud-values.yaml file and add optional parameters.

Password limitations

As IFS Cloud has many underlying password dependencies and locales, we restict the passwords to fulfil all limitations. The following restrictions and recommendations apply: - Must start with an alphanumerical character [a-z] [A-Z]

  • Passwords should have least 15 characters (recommended)

  • These special characters are not allowed: \ / @ ' " | - * $ & # § (and other language specific characters )

General Parameters

Bold parameters are mandatory others are optional

Parameter Purpose Examples/Defaults
chart specifies which master-chart to be used Default: ifscloud/ifs-cloud
can be a path to a local master-chart as well (only used by RnD).
To use the local master-chart  set e.g.  " chart: .\master-chart "
chartVersion if chart is set to ifscloud/ifs-cloud this parameter will specifiy the version of the master chart to use. Read more Deploying a container hotfix if this parameter is not set or is referencing an old service update/release, the installer will read chartVersion from the version file in the delivery/build_home
certificateFile Location of the pfx file that holds the certificate and private key.  See  Certificate Handling for more certificate requirements and info.
If the certificateFile is omitted or the file can not be found, a new selfsigned certificate will be automatically generated and used.
e.g. /path/to/yourcert.pfx or c:\path\to\yourcert.pfx
certificatePassword password for the pfx file. Note the pwd need to be a string. e.g. ifs123 or "12345"
helmRepo The url of the Helm Chart repository. Use - https://ifscloud.jfrog.io/artifactory/helm
helmUser The service principal user name. This username should be provided per customer by IFS.  
helmPwd The service principal password. This password should be provided per customer by IFS.  
global.namespace  Sets the namespace in the k8s cluster norally you would set is as a concatination of the customerCode and environmentType none, but the parameter is mandatory and must consist of only lowercase alphanumeric characters or '-'
volvobnt
global.customerCode This is a label of the system. All monitoring metrics will be tagged with this label. Typically the label would be an abriviation of the company name.  none, but the parameter is mandatory
volvo
global.environmentType This is a label of the system. All monitoring metrics will be tagged with this label. Typical values prod/test/bnt/dev none, but the parameter is mandatory
bnt
global.customerId Used in the License report. The id should come from IFSBiz and should be supplied by the IFS contact person The parameter is mandatory
global.customerName Used in the License report. The Name should come from IFSBiz and should be supplied by the IFS contact person The parameter is mandatory
global.installationId Used in the License report. Just an environment identifier that is unique per customerId e.g. TEST/PROD/DEV/MIG/TRAIN/CFG The parameter is mandatory
global.systemUrl The FQDN of the primary url where the system is accessed.
Note: the https:// is not part of the FQDN
e.g. ifscloud.corpnet.ifs.com
global.secondarySystemUrl The FQDN of the secondary url where the system is accessed. This could be an internet facing external proxy that only allows b2b and mobile client requests. This FQDN could have a different domain than the normal systemUrl. If the entire system is exposed to internet, the secondarySystemUrl is not needed.
e.g. ifscloud.ifs.com
global.containerRegistry The url of the docker container registry, where all containers will be fetched from.
Note: Always append a trailing slash.
Note: the https:// is not part of the FQDN
Use - ifscloud.jfrog.io/docker/    
global.imageCredentials.username The service principal user name. This username should be provided per customer by IFS.  
global.imageCredentials.password The service principal password. This password should be provided per customer by IFS.  
global.scale Defines the scaling of cpu/memory compared to the production mode 100%. Default: 100
A scale of 10-20 is a small development environment.
A scale of aprox 50 is a small test environment.
Scale should be set to 100 in all production like environments.
global.replicas Sets how many containers should be started by default The default number of replicas to be started of each type of container. Can be overridden by the containers local replicas parameter.
global.cpuRatio This will set the k8s CPU request/limit ratio on all containers. Default: 50
This will set the CPU request to 50% of the CPU limit on the containers. Read more on k8s CPU request & limits on k8s user documentation for more infomation.
global.httpConnectTimeout This will set the timeout of http connection to the ingress proxy and the ifsapp-proxy Default: 60
global.httpSendTimeout This will set the Send timeout of http connection to the ingress proxy and the ifsapp-proxy Default: 600
global.httpReadTimeout This will set the Read timeout of http connection to the ingress proxy and the ifsapp-proxy Default: 600
global.sslCiphers The SSL ciphers used by the ingress Default: "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
global.demandPort Demand Server Port number Default: 5010
global.crystalPort Crystal Server Port number Default: 80
ifscore.secrets.jdbcUrl.name ifs-jdbc-url  
ifscore.secrets.jdbcUrl.data A hostname that can be resolved from within the k8s cluster.
Oracle db service name or sid.
Oracle db listener port.
Advanced jdbc strings to support failover/RAC or TCPS can be defined here.
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=10.241.0.4)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=CLOUD)))

Note: If passing the jdbcUrl as a command line argument it needs to be quoted and escaped.
set ifscore.secrets.jdbcUrl.data= \" jdbc:or......D)) \"
ifscore.networkpolicy.enabled Set to true to activate network policy default: false
ifscore.networkpolicy.internetAccess
ExceptionList
Mandatory if network policy is enabled.

A list of subnets that should be blocked for access from containers
ifscore:
  networkpolicy:
    enabled: true
    demandcrystalhost: 10.0.2.4
     internetAccessExceptionList:
    - ip: 10.0.0.0/16
    - ip: 193.41.170.171/32

ifscore.networkpolicy.demandcrystalhost Can only be set if network policy is enabled.
The IP of a server that can have Crystal Services and Demand Server. This IP will be opened even if behind a restricted subnet (internetAccessExceptionList)

Note: the DB server will allways be automatically opened on port 1521 even if behind internetAccessExceptionList subnet.
ifscore:
  networkpolicy:
    enabled: true
     demandcrystalhost: 10.0.2.4
    internetAccessExceptionList:
    - ip: 10.0.0.0/16
    - ip: 193.41.170.171/32
ifscore.passwords.ifssysPassword.data Set the ifssys-password for the IFSSYS user in the DB.  
ifscore.passwords.ifsadminPassword.data The iifsadmin-pw of the IFSADMIN is the initial user defined in IAM. This user is the only user that can logon to Aurena in a fresh installed system. With this user the additional users are defined in Solution Manager  
ifscore.certificates.database.certname1 Path to a.cer file or a key as a string
The string certname1 can be named a more descriptive name

As a encryption certificate for the db are common for all pods the database cetificate is a global (ifscore) parameter.
e.g.
certificates.database.dbcert: /path/to/dbcert.cer

Specific Certificate for pods

Certificates can be imported per pod, and will then be added to the java truststore (cacerts) at pod startup. Under each pod parameter section a certificate section can be added.

e.g:

ifsappconnect:  
     certificates:  
        mycertintext: |  
           -----BEGIN CERTIFICATE-----   
           MIIDHzdIZ3+TSgCbI2tupJsv1FRWV3pMg3pdIGo7Ia   
           FyJKCqEj4rV/q7MW2a4JQJF8ykXixZ4YTLwi67VFMSfd2D516r1Xx2k617B+01dg  
           GRwQDY3H2NWh1QjBoyIOJKklLd/fEPzm+UU/JH8K/yBQdVZBaxw4KjU0xyqQFTd0   
           jhsIc1pqf2aVEsejwyNLhs9DnZyvzRBNsyvuVm//0gWV4OPDAa/i0BULgHnjJF2y   
           2M8H0QgLNafuaVxL2K6jArHg5JB1Qgkd7jxvmylwQhelfV86MmO9cy7f3gIRcX52   
           lU+UKetAgt4koD5opvDOzWtToavXGALzFjMxMN9iyGEfFf8=   
           -----END CERTIFICATE-----  
       mycertfromfile: C:\remote\ifsroot\config\certs\mycert.crt    

Parameters for DB installer and DB import

Parameter Purpose Examples/Defaults
dbInstaller.ifsappPassword The IFS Cloud application schema owner's password.
Used when creating the application owner in prepares.sql
dbInstaller.deliveryPath Path to DELIVERY or BUILD_HOME (this is normally passed as an argument since it should not be persisted in a ifscloud-values.yaml file.) It default to the delivery or build home from where the installer was started.
ifscore.users.ifsappUser.data If the IFS Cloud schema owner is not IFSAPP, this parameter can set a different schema owner name defaults to IFSAPP, All new system should use IFSAPP.
dbInstaller.jdbcUrl Only one of the jdbcUrl's is required. This param will win over the ifscore.secrets.jdbcUrl.data parameter. But the ifscore.secrets.jdbcUrl.data should be used if it is a simple jdbcUrl.  
ifscore.secrets.jdbcUrl.data This is the default jdbcUrl used by all contaniers, it can/should also be used by the db installer. If the ifscore.secrets.jdbcUrl.data points to an Oracle RAC cluster or Oracle Dataguard the dbInstaller.jdbcUrl should be used to deploy to the DB.  
dbInstaller.fileName Full path to a file to be deployed. (this is normally passed as an argument since it should not be persisted in a ifscloud-values.yaml file.)  
dbInstaller.sysPassword Password for SYS user in DB. Only used when deliveryPath is set and delivery contains prepare.sql. If sysPassword not defined, prepare.sql as SYS will not be run. (this is normally passed as an argument since it should not be persisted in a ifscloud-values.yaml file.)  
dbInstaller.ialOwner If the IAL schema owner is not IFSINFO, this parameter can set a different schema owner name. defaults to IFSINFO
dbInstaller.extLogging Extended logging. defaults to N
dbInstaller.waitingTime Waiting time if locked processes, default = 3600 (one hour)
logFileLocation Path to where all logs will be placed defaults to %TEMP%/ifsinstaller_<namespace>
--set logFileLocation=c:\logs
ifscore.passwords.ifsiamPassword.data Password when creating the user ifsiamsys in prepare.sql Random value set as fallback in define.tem
ifscore.passwords.ifssysPassword.data Password when creating the user ifssys in prepare.sql Random value set as fallback in define.tem
ifscore.passwords.ifsmonPassword.data Password when creating the user ifsmonitoring in prepare.sql Random value set as fallback in define.tem

Parameters for AMM

Parameter Purpose Examples/Defaults
ifsappamm.replicas Sets how many containers of this type should be started Defaults to 1
Note:  this container should not have more than 1 container running.
ifscore.passwords.ifsmonPassword.name ifsmon-password ifsmon-password
ifscore.passwords.ifsmonPassword.data ifsmonitoring password
ifscore.passwords.ifsappmonitorPw.name ifsappmonitor-pw ifsappmonitor-pw
ifscore.passwords.ifsappmonitorPw.data ifsappmonitor password used by AMM to do login validation tests

Parameters for BUSMOD

Should only be set if component busmod is active

Parameter Purpose Examples/Defaults
ifsappbusmod.replicas Sets how many containers of this type should be started Default set to global.replicas parameter
ifscore.passwords.busmodAadSecret.name busmod-aad-secret busmod-aad-secret
ifscore.passwords.busmodAadSecret.data Password for the aad  
ifsappbusmod.assServerName Optional The Fully qualified name of the Azure Analysis Service to connect to, required for v1 endpoints < 22R1
ifsappbusmod.authService Mandatory The authentiction url
ifsappbusmod.appId Required The app id (client id) of the azure application registration that is linked to the service, this needs to be created before the service can be installed, this should be handled when a new customer is provisioned in azure.
ifsappbusmod.tenantId Required The Azure tenant id where the app id (client id) is created

Parameters for Power BI Service (PBIES)

Should only be set if component PBIES is active

Parameter Required Purpose Examples/Defaults
ifsapppowerbisvc.replicas Optional Sets how many containers of this type should be started Default set to global.replicas parameter
ifscore.passwords.pbiesAadSecret.name Mandatory Name of the secret used to access Azure Active Directory (AAD) pbies-aad-secret
ifscore.passwords.pbiesAadSecret.data Mandatory Secret to access Azure Active Directory (AAD)
ifsapppowerbisvc.serviceConfigEnabled Optional Indicate whether the service is configured or not, if false then the readiness probe will not fail. Default set to false
ifsapppowerbisvc.azureAdClientId Required The client id of the azure application registration that is linked to the service, this needs to be created before the service can be installed, this should be handled when a new customer is provisioned in azure.
ifsapppowerbisvc.azureAdTenantId Required The Azure tenant id where the client id is created
ifsapppowerbisvc.azureAdServicePrincipalObjectId Required The object id of the service principal of the Azure application registration
ifsapppowerbisvc.authConfigUserNameClaim Optional The claim of the OpenIdConnect token to use to send in the effective identity to an SQL Server Analysis Services (SSAS) when Row Level Security (RLS) is turned on for the model Default set to http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
ifsapppowerbisvc.authConfigCustomDataClaim Optional The claim of the OpenIdConnect token to use to send in the effective identity to an Azure Analysis Services (AAS) when Row Level Security (RLS) is turned on for the model Default set to http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
ifsapppowerbisvc.logLevel Optional The minimal level of messages that needs to be logged Default set to warn

Parameters for SCIM

Parameter Purpose Examples/Defaults
ifsappscim.replicas Sets how many containers of this type should be started Default set to global.replicas parameter
ifscore.passwords.scimtextPw.data The password for scimext-pw  

Parameters for IAM

Parameter Purpose Examples/Defaults
ifsappsiam.replicas Sets how many containers of this type should be started Default set to global.replicas parameter
ifsappsiam.ifsadminTempPasswordEnabled Allows the temporary flag of ifsadmin password to be disabled when setting this to false Default: true
ifsappsiam.keycloakLogLevel Sets the log level for keycloak ALL, DEBUG, ERROR, FATAL, INFO, OFF, TRACE and WARN Default: WARN
ifsappsiam.wildflyLogLevel Sets the log level for the wildfly server ALL, DEBUG, ERROR, FATAL, INFO, OFF, TRACE and WARN Default: WARN
ifsappsiam.forceRecreateDomain Force the realm version back to zero so that all upgrade scripts are re-run upon start Default: false
ifscore.passwords.ifsiamPassword.data This is the ifsiam-password for the IAM schema owner IFSIAMSYS  
ifscore.passwords.ifsiamAdminPw.data The ifsiam-admin-pw used to logon to the iam admin portal  
ifscore.passwords.ifsreadonlysuppPw.data The ifsreadonlysupp-pw is the password for the readonly user.
ifscore.passwords.ifsmonPassword.data The ifsmon-password used by AMM to logon to DB with user ifsmonitoring (is always reqired by IAM)
ifscore.passwords.ifsappmonitorPw.data The ifsappmonitor-pw used by AMM to do login validation tests with ifsappmonitor user (is always reqired by IAM)

Parameters for DOC

Parameter Purpose Examples/Defaults
ifsappdoc.replicas Sets how many containers of this type should be started Default set to global.replicas parameter
ifsappdoc.techDocUrl URL to techdoc Leave empty, but can be set as e.g: https://docs.ifs.com/techdocs/21r1/

Parameters for PROXY

Parameter Purpose Examples/Defaults
ifsappproxy.replicas Sets how many containers of this type should be started Default set to global.replicas parameter
ifsappproxy.basicAuthEnabled true/false
Allow basic authenitcation on integrations.
Default: false
Warning enabling basic authentication compromises system security!
ifsappproxy.documentationLink Can be set to a specific Technical doc. Leave empty, but can be set as e.g: https://docs.ifs.com/techdocs/21r1/
ifsappproxy.accessLogEnabled true/false
Enable access log on proxy
Default: true
ifsappproxy.logLevel sets the proxy server error log level.  Default: warn
Valid values are debug, info, notice, warn, error, crit, alert, emerg.
NOTE: anything other than those above will stop proxy server starting.

Parameters for ODATA

Parameter Purpose Examples/Defaults
ifsappodata.replicas Sets how many containers of this type should be started Default set to global.replicas parameter
ifsappodata.logLevel sets the oData server error log level.  Default: warn
Valid values are debug, info, notice, warn, error, crit, alert, emerg.
NOTE: anything other than those above will stop proxy server starting.

Parameters for APPLICATIONSVC

Parameter Purpose Examples/Defaults
ifsappapplicationsvc.replicas Sets how many containers of this type should be started Default set to global.replicas parameter

Parameters for CLIENT

Parameter Purpose Examples/Defaults
ifsappclient.replicas Sets how many containers of this type should be started Default set to global.replicas parameter

Parameters for CLIENT SERVICES

Parameter Purpose Examples/Defaults
ifsappclientservices.replicas Sets how many containers of this type should be started Default set to global.replicas parameter

Parameters for CLIENT NOTIFICATION

Parameter Purpose Examples/Defaults
ifsappclientnotification.replicas Sets how many containers of this type should be started Default set to global.replicas parameter

Parameters for NATIVEODATA

Should only be set if component fndmob is active

Parameter Purpose Examples/Defaults
ifsappnativeodata.replicas Sets how many containers of this type should be started Default set to global.replicas parameter

Parameters for NATIVESERVER

Should only be set if component fndmob is active

Parameter Purpose Examples/Defaults
ifsappnativeserver.replicas Sets how many containers of this type should be started Default set to global.replicas parameter

Parameters for NATIVEEXECUTOR

Should only be set if component fndmob is active

Parameter Purpose Examples/Defaults
ifsappnativeexecutor.replicas Sets how many containers of this type should be started Default set to global.replicas parameter

Parameters for NATIVENOTIFICATION

Should only be set if component fndmob is active

Parameter Purpose Examples/Defaults
ifsappnativenotification.replicas Sets how many containers of this type should be started Default set to global.replicas parameter

Parameters for CONNECT

Parameter Purpose Examples/Defaults
ifsappconnect.replicas Sets how many containers of this type should be started Default set to global.replicas parameter
ifsappconnect.enterpriseId Sets how many containers of this type should be started Default set to global.replicas parameter

Parameters for REM

Should only be set if component fndrem is active

Parameter Purpose Examples/Defaults
ifsapprem.replicas Sets how many containers of this type should be started Default set to global.replicas parameter
ifsapprem.entp_id Sets the enterprice id Mandatory if replicas >0

Parameters for RMPANEL

Should only be set if component rmpanl is active

Parameter Purpose Examples/Defaults
ifsapprmpanel.replicas Sets how many containers of this type should be started Defaults to 1
Note:  this container should not have more than 1 container running.

Parameters for Sigining Service

Should only be set if component fnddss is active

Parameter Purpose Examples/Defaults
ifsappsigningservice.replicas Sets how many containers of this type should be started Default set to global.replicas parameter

Parameters for REPORTING

Parameter Purpose Examples/Defaults
ifsappreporting.replicas Sets how many containers of this type should be started Default set to global.replicas parameter
ifscore.generatedSecrets.symmetricKey.data Sets a key for encrypting reporting secrets in the IFS Cloud database. If this parameter is not passed a ramdom key will be generated. Note if this key is lost the reporting passwords need to be reentered in solution manager again, since the key is the only way to decrypt the secrets. That said - the parameter is more or less Mandatory. e.g. 2a6f434d2f0689029b7da6856ca4ad11

Parameters for REPORTINGBR

Should only be set if component brbase is active

Parameter Purpose Examples/Defaults
ifsappreportingbr.replicas Sets how many containers of this type should be started Default set to global.replicas parameter

Parameters for REPORTINGCR

Should only be set if component crystl is active

Parameter Purpose Examples/Defaults
ifsappreportingcr.replicas Sets how many containers of this type should be started Default set to global.replicas parameter

Parameters for REPORTINGREN

Parameter Purpose Examples/Defaults
ifsappreportingren.replicas Sets how many containers of this type should be started Default set to global.replicas parameter

Parameters for IFSMAINTENIXREPORTSERVER

Should only be set if component MXCORE is active.

Parameter Purpose Examples/Defaults
ifsmaintenixreportserver.replicas Sets how many containers of this type should be started Always set to 1
ifsmaintenixreportserver.keycloakReportSuperAdminUser The Keycloak admin user used for Jasper report
global.customContainerRegistry A url of a custom docker container registry where Maintenix customized containers can be fetched from.
Note: Always append a trailing slash.
Note: the https:// is not part of the FQDN
global.customImageCredentials.username The service principal user name. Customer project provide user.
global.customImageCredentials.password The service principal password. This password should be provided by customer project
ifsmaintenixreportserver.customRegistryEnabled Defaults to false - if true the Maintenix image will be fetched from the customContainerRegistry
ifsmaintenixreportserver.imageVersion The custom Image version

Parameters for IFSMAINTENIXAPPSERVER

Should only be set if component MXCORE is active.

Parameter Purpose Examples/Defaults
ifsmaintenixappserver.replicas Sets how many containers of this type should be started Always set to 1
ifscore.passwords.ifsmtxappPassword.name Optional if component mxcore is active
If set, must be set to: ifsmtxapp-password
ifsmtxapp-password
ifscore.passwords.ifsmtxappPassword.data Mandatory if component mxcore is active
The password for mtx schema owner in the DB
 
ifscore.passwords.ifsmtxreportPassword.name Optional if component mxcore is active
If set, must be set to: ifsmtxapp-password
ifsmtxapp-password
ifscore.passwords.ifsmtxreportPassword.data Mandatory if component mxcore is active
The password for mtx report schema owner in the DB
 
global.customContainerRegistry A url of a custom docker container registry where Maintenix customized containers can be fetched from.
Note: Always append a trailing slash.
Note: the https:// is not part of the FQDN
global.customImageCredentials.username The service principal user name. Customer project provide user.
global.customImageCredentials.password The service principal password. This password should be provided by customer project
ifsmaintenixappserver.customRegistryEnabled Defaults to false - if true the Maintenix image will be fetched from the customContainerRegistry
ifsmaintenixappserver.imageVersion The custom Image version e.g. 2021-06-06.1234.1
ifsmaintenixappserver.maintenixDbId Optional if component mxcore is active.
The distributed nature of the Maintenix for DiSCOPS component to identify different databases.
Set Maintenix database ID of the target Database’s MIM_LOCAL_DB table’s DB_ID field

Parameters for IFSFORECAST

Should only be set if component fltplnis active

Parameter Purpose Examples/Defaults
ifsforecast.replicas Sets how many containers of this type should be started Default set to global.replicas parameter

Parameters for Signature Service

Should only be set if component fnddss is active

Parameter Purpose Examples/Defaults
ifsappsigningservice.replicas Sets how many containers of this type should be started Default set to global.replicas parameter
ifsappsigningservice.logLevel Sets the log level used by the server OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL default: WARN

Parameters for Virus Scanner Service

Parameter Purpose Examples/Defaults
ifsvirusscanner.avDailyUpdateFrequency Set the ClamAV virus database update frequency Default set to 1