Gateway Hub ["Geneos"]
["Geneos > Gateway Hub"]["User Guide"]

Install

Overview

Before installing Gateway Hub, make sure you meet the following requirements:

Caution: If you are installing from a node, this machine must fulfil both the Hardware requirements and the Installation machine requirements.

Installation of the Gateway Hub is performed through the command line on your installation machine, following a configuration you can specify using a YAML file. The installation copies the binaries from the installation machine and configures your servers.

After installing Gateway Hub, you can connect to Gateway to enable:

Download and unpack Gateway Hub

The Gateway Hub binaries are downloaded and unpacked onto your installation machine.

Perform the following:

  1. Download the Gateway Hub binaries from ITRS Downloads:
    • The binaries are packaged as a .tar.gz file named <version>.tar.gz.
  2. Move the Gateway Hub.tar.gz file into a user writeable directory.
  3. Unpack the Gateway Hub binary using the command line.
    • This creates a folder called hub-installer-<version>.

Install

Installation is performed using a program called hubctl, which is located in the hub directory of your installation machine as part of the download package.

The hubctl tool reads configuration information from a YAML file that you must create. When you have completed the installation, store the installation configuration file safely in a known location.

You can use hubctl and your configuration file to reconfigure, upgrade, or uninstall Gateway Hub. Starting with version 2.3.0, Gateway Hub keeps a copy of the installation configuration file used in each installation, reconfiguration, or upgrade operation in the /opt/hub/hub-current/etc/hub-installer/configuration-history directory of each node.

For an introduction to hubctl, see hubctl tool.

More information on creating configuration files is provided below.

Installation procedure

To install Gateway Hub, follow these steps:

  1. Go to the folder called hubctl in your chosen directory.
    • This folder was created when you unpacked Gateway Hub.
  2. Run hubctl setup install <install_config_file>, replacing <install_config_file> with the location of your installation descriptor file.
  3. Wait for the installation to finish.

To create an installation descriptor file, start by copying the minimal file below. You will need to change the parameters included to match your deployment.

In addition, you may want to specify configurations for the following:

  • SSH private key authentication.

  • TLS certificates.

  • Running Gateway Hub as a different user to the installation user.

  • Separate disks for each storage subsystem.

  • Memory allowance for each service.

  • TCP ports of each service.

A full list of available options and descriptions of each are included in the full Installation configuration file example.

Copy
installation:
  hosts:
  - server1.example.com                         # Which remote machines to install the Hub on.

hub:
  root_dir: /opt/hub                            # Where to install the Hub on each host.
  user: hub                                     # The user used to install the Hub (over SSH), and then run Hub services.
  
  runtime:
    java_home: /usr/lib/jvm/<java_version>/jre  # Where the JRE should be installed on each host.

 

You can use the flag hubctl <command> --help to bring up the command line help during the installation. For an introduction to hubctl, see hubctl tool.

Success: The PLAY RECAP output on the command line states a number of ok or changed configurations, and zero unreachable or failed, similar to the example below:

PLAY RECAP
********************************************************************************
********
hub-vm.internal : ok=573 changed=155 unreachable=0 failed=0 skipped=226
rescued=0 ignored=0
localhost : ok=15 changed=4 unreachable=0 failed=0 skipped=0
rescued=0 ignored=0
Ansible play "install" completed successfully
Hub installation completed successfully

Registration with systemd

After installing Gateway Hub, you can configure systemd to automatically start Gateway Hub services when a host system boots. Performing this configuration requires root privileges.

To register the Gateway Hub orchestration service with systemd, do the following on each node:

  1. Stop the currently running Gateway Hub service:
    hubctl stop <config_file>
  2. Copy the provided orchestration.service file to the system level systemd directory:
    sudo cp /opt/hub/hub-<version>/etc/hub-orchestration.service /usr/lib/systemd/system
  3. Restart and enable the Gateway Hub service:
    sudo systemctl daemon-reload
    sudo systemctl enable hub-orchestration
    sudo systemctl start hub-orchestration

Security

Gateway Hub uses TLS to encrypt communications between Gateway Hub components and client applications. You can configure Gateway Hub to run using an internal certificate authority to sign certificates for development environments. In production environments, you must provide trusted certificates. For more information about configuring TLS, see Installation configuration file.

Installation configuration file

A Gateway Hub installation configuration file can be created as a YAML file. All sections and subsections must be written following the correct YAML syntax. The installation configuration file includes two root level sections: installation and hub.

When creating an installation configuration file, note the following:

  • The hub > logs_max_file_size option uses the industry standard Logback framework. As a result, files will reach an approximate maximum size but small variations from the specified size are expected. For more information, see the Logback Documentation.
  • When performing a local installation, the user running the installer must be the same as the Gateway Hub runtime user specified by the hub > user option. Otherwise, the installation will fail.
  • When providing a .pem file to configure TLS, if your Gateway Hub certificate was signed by a non-root CA certificate you should include the full CA trust chain. This is required to connect to Gateway correctly. For example, if your Gateway Hub certificate is signed using a root CA certificate, then the contents of your .pem file should be: [ Private Key, Gateway Hub Certificate, CA Certificate]. However, if your Gateway Hub certificate is signed using a non-root CA certificate, then the contents of your .pem file should be: [ Private Key, Gateway Hub Certificate, Intermediate CA Certificate, Root CA Certificate].

The following is a template file:

Copy
example-install-config.yaml
# Hub installation descriptor.
#
# The Hub installer requires that the PyYAML Python library be installed. This is done as follows:
# %> pip3 install pyyaml
#
# Settings that are marked as required must always be supplied, regardless of the hubctl operation being performed.
# Settings that are marked as protected cannot be changed between an initial installation and a subsequent
# reconfiguration.
#
# Installation settings
#
installation:

  # Destination hosts.
  # Each host name must be in FQDN form.
  # Required: False
  # Protected: True
  # One of installation.hosts or installation.hosts_file is required, unless a local installation is performed. If both
  # are supplied, installation.hosts is used.
  # hosts:
  # - host1.domain1
  # - host2.domain1
  # - host3.domain1

  # Hosts file.
  # File containing destination hosts, with each line containing a host name in FQDN form.
  # Required: False
  # Protected: True
  # One of installation.hosts or installation.hosts_file is required, unless a local installation is performed. If both
  # are supplied, installation.hosts is used.
  hosts_file: ~/tmp/hosts.txt

  # Connection to destination hosts
  connection:

    # Local installation.
    # Required: False.
    # Default: false
    # Protected: True
    # Set to true if the Hub should be installed to only the local host, in which case an SSH connection is not required,
    # and all other installation.connection.* parameters except installation.connection.local_host_name will be ignored.
    # When a local installation is performed, the user running the installer must be the same as the Hub's runtime user
    # (specified by hub.user).
    # local: true

    # Local host name.
    # Required: True when performing a local installation, False otherwise.
    # Protected: False
    # This setting is only used if a local installation is performed, in which case it is required and its value must
    # be in FQDN form (which excludes "localhost").
    # Specify the host name used to advertise the local host to external clients. If a PEM file is supplied, this host
    # name must match one of the subjects used by the Hub's certificate.
    # local_host_name: host4.domain4

    # Path to the SSH private key PEM file to use for password-less authentication.
    # Required: False
    # Ignored when a local installation is performed.
    # If not specified, the installer prompts for an SSH password.
    private_key: ~/.ssh/hubdemo-hub.pem

    # SSH port.
    # Required: False
    # Ignored when a local installation is performed.
    # Default: 22
    port: 22

    # SSH user.
    # Required: False
    # Protected: True
    # Ignored when a local installation is performed.
    # Specify to force the installer to use a different SSH user from the Hub runtime user (specified by hub.user) to
    # carry out the installation. If present and different from the Hub runtime user, the supplied user needs to be a
    # sudoer.
    # user: hub

  # The Hub's license file.
  # Required: False.
  # If not specified, the Hub will be unlicensed, and some of its features will be limited or disabled.
  # Setting the license via the installation descriptor is a non-documented feature, which is only supported for ITRS
  # internal usage in order to simplify test set-up procedures. This setting is ignored when reconfiguring or performing
  # an upgrade.
  # End users are expected to set their license via the Web console.
  licence_file: ~/workspaces/IAF/devops/data/licence.txt

  # TLS/SSL certificates.
  # The Hub uses TLS to encrypt connections to Kafka, Zookeeper, and HTTP traffic. The installer needs to deploy a
  # certificate for the Hub as well as its CA trust chain to each node at installation time. For production usage, these
  # certificates must be supplied by customers. For testing purposes, it is possible to install the Hub without
  # supplying certificates. In that case, the installer generates a CA certificate and a Hub certificate and uses the
  # CA certificate to sign the Hub certificate.
  # In order for Java applications to be able to access certificates, they are deployed to two distinct JKS stores:
  # - A key-store, containing the Hub's certificate and the CA certificate.
  # - A trust-store, containing the CA certificate. Access to that store is not password-protected.
  # Access to JKS key stores and their keys is password protected. Passwords can either be supplied below, or generated
  # by the installer.
  tls:

    # PEM file for TLS
    #
    # For production usage: the PEM file containing the Hub's private key, the Hub's certificate, and the CA trust
    # chain.
    #
    # Note that if the Hub certificate was signed by a non-root CA certificate, then in order to be able to connect to
    # the Geneos Gateway, the supplied PEM file must contain the entire CA trust chain.
    # Examples:
    # - If the Hub certificate was signed by a root CA certificate, then the PEM file contents should be as follows:
    #  [ Private Key, Hub Certificate, CA Certificate]
    # - If the Hub certificate was signed by a non-root CA certificate, which in turn was signed by a root CA
    #   certificate, then the PEM file contents should be as follows:
    #  [ Private Key, Hub Certificate, Intermediate CA Certificate, Root CA Certificate]
    #
    # The installer uses the contents of this PEM file to generate the following files on each node 
    # in the <hub home>/tls directory:
    # - hub-key.pem: the Hub's private key
    # - hub-cert.pem: the Hub's certificate
    # - trust-chain.pem: the Hub's trust chain (containing one or more CA certificates).
    # - keystore.jks: the Hub's private key and certificate, stored in JKS format (used by Java services)
    # - truststore.jks: the Hub's trust chain, stored in JKS format (used by Java services)
    #
    # Required: False
    # If omitted, a self-signed certificate is generated and deployed instead.
    # pem_file: ~/tmp/tls/hub.pem

    # For test/demo usage: if no PEM file is supplied, the installer generates a CA certificate and uses it to sign
    # the Hub's certificate. If the installer is run several times in a row, its default behaviour is to reuse any
    # existing CA certificate it may already have generated. This is usually the desired behaviour, since a CA
    # certificate needs to be imported by customers into any application wishing to connect to the Hub via HTTPS
    # (Web client, Grafana, etc.). This setting can be used to override the default behaviour and force the creation
    # of a new CA certificate.
    # Required: False
    # Default: true
    reuse_self_signed_ca_certificate: true

    # Pem file password
    # For production usage: the PEM file's password if the supplied PEM file contains an encrypted private key.
    # Required: False
    # If omitted and the supplied PEM file contains an encrypted private key, the installer prompts for a password.
    pem_file_password: pemfilepassword

    # Key store password
    # The password protecting access to the JKS key-store used to store the Hub's certificate and the CA certificate.
    # Required: False
    # If omitted, the installer generates a password.
    # key_store_password: keystorepassword

    # Trust store password
    # The password protecting access to the JKS trust-store used to store the CA certificate.
    # Required: False
    # If omitted, the installer generates a password.
    # trust_store_password: truststorepassword

  # Installer verbosity
  # Controls the installer's verbosity. Supported values: [0, 4]
  # Required: False
  # Default: 0
  verbosity: 2


# Hub settings
#
hub:

  # Hub root directory.
  # Required: True
  # Protected: True
  # This must be an existing directory on all destination hosts, and it must be writeable by the runtime user (specified
  # via hub.user). This directory cannot have the noexec flag set.
  # The Hub distribution lives in a directory called "hub-<version>" that is created under this root directory
  # during installation. It is referred to as <hub home> in the rest of this document.
  # Unless configured otherwise, Hub services store their data in sub-directories of a "hub-data" directory that is
  # also created under the root directory. It is referred to as <hub data> in the rest of this document.
  root_dir: /opt/hub

  # Hub temporary directory.
  # Required: False
  # Default: <hub home>/tmp
  # If specified, this must be an existing directory on all destination hosts, it must be writeable by the runtime user
  # (specified via hub.user) and it cannot have the noexec flag set.
  # tmp_dir: /path/to/tmp

  # Hub logs directory.
  # Required: False
  # Default: <hub home>/logs
  # If specified, this must be an existing directory on all destination hosts and it must be writeable by the runtime user
  # (specified via hub.user).
  # logs_dir: /path/to/logs

  # Maximum log file size.
  # Required: False
  # Default: 250 MB
  # This setting applies to log files produced by all Hub services. As soon as a log file reaches that size, the log
  # file is rolled and a new log file is created.
  # The value can either be a plain number of bytes, or of the form <amount> <unit>, where <unit> can be one of: KB, MB, GB.
  # (case insensitive regular expression for the value is as follows: "([0-9]+)\\s*(|kb|mb|gb)s?)
  # logs_max_file_size: 10KB

  # Log files history limit per Hub service.
  # Required: False
  # Default: 14
  # This setting applies to log files produced by all Hub services. Log files roll every day or as soon as their size
  # limit is reached. Specifies the period that logs are stored for each service in days, regardless of the actual number
  # of log files (which depends on the size limit set by
  # hub.logs.logs_max_file_size). It is possible for less than that amount of logs to be retained if the total size cap,
  # set by hub.logs.logs_total_size_cap is reached first.
  # logs_max_history: 14

  # Maximum amount of logs data retained on disk per Hub service.
  # Required: False
  # Default: 1 GB
  # This setting applies to log files produced by all Hub services.
  # Value can either be a plain number of bytes, or of the form <amount> <unit>, where <unit> can be one of: KB, MB, GB.
  # (case insensitive regular expression for the value is as follows: "([0-9]+)\\s*(|kb|mb|gb)s?)
  # logs_total_size_cap: 100KB

  # Hub TLS directory.
  # Stores the Hub's TLS certificates.
  # Required: False
  # Default: <hub home>/tls
  # If specified, this must be an existing directory on all destination hosts, and it must be writeable by the runtime user
  # (specified via hub.user).
  # tls_dir: /path/to/tls

  # Hub runtime user.
  # Required: False
  # Default: hub
  # Protected: True
  # This must be an existing user on all destination hosts. This user does not need to have root privileges. The entire
  # Hub distribution under <hub home> is owned by that user. All Hub processes are run by that user.
  user: hub

  # Hub runtime user's group.
  # Required: False
  # Default: <hub.user>
  # Protected: True
  # This must be an existing group on all destination hosts.
  group: hub

  # Hub runtime settings.
  runtime:

    # Java installation.
    # Required: True
    java_home: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.x86_64/jre

  # Hub orchestrationd service settings.
  orchestrationd:

    # JMX API port, used by the RMI registry.
    # Required: False
    # Default: 10974
    jmx_port: 10974

    # JMX API port, used by the RMI connector.
    # Required: False
    # Default: 10975
    jmx_rmi_port: 10975

    # Memory limit in MB.
    # Required: False
    # Default: 64
    memory_limit: 64

    # Log level.
    # Controls logs verbosity. Value must be one of: { trace, debug, info, warn, error }
    # Required: False
    # Default: info
    # log_level: info

  # etcd member settings.
  etcd_member:

    # Data directory.
    # Having a dedicated disk to store etcd snapshots helps reduce I/O contention with other services.
    # Required: False
    # Default: <hub data>/etcd-member
    # If specified, this must be an existing empty directory with mode 0700.
    # Protected: True
    # data_dir: /mnt/disk1/hub/data/etcd/data

    # WAL directory.
    # Having a dedicated disk to store WAL files helps improve etcd's throughput and stabilise the
    # cluster under load.
    # Required: False
    # Default: <hub.etcd_member.data_dir>
    # If specified, this must be an existing empty directory with mode 0700.
    # Protected: True
    # wal_dir: /mnt/disk1/hub/data/etcd/wal

    # Client port.
    # The etcd gateway connects to each etcd cluster member via this port.
    # Required: False
    # Default: 2379
    client_port: 2379

    # Peer port.
    # Each etcd cluster member connects to other cluster members via this port.
    # Required: False
    # Default: 2380
    peer_port: 2380

    # Memory limit in MB.
    # Required: False
    # Default: 1024
    memory_limit: 1024

    # Heartbeat interval in milliseconds for the etcd cluster leader.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Refer to https://etcd.io/docs/v3.4.0/tuning/#time-parameters for details.
    # Required: False
    # Default: 100
    # heartbeat_interval_ms: 100

    # Election timeout in milliseconds for the etcd cluster leader.
    # This is an advanced setting and should only be changed if the default is proven to be too low. At the minimum,
    # this value must be five times <hub.etcd_member.heartbeat_interval_ms>.
    # Refer to https://etcd.io/docs/v3.4.0/tuning/#time-parameters for details.
    # Required: False
    # Default: 1000
    # election_timeout_ms: 1000

    # Ready timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 300
    # ready_timeout_s: 600

    # Live timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 30
    # live_timeout_s: 60

    # Log level.
    # Controls logs verbosity. Value must be one of: { debug, info, warn, error, panic, fatal }
    # Required: False
    # Default: info
    # log_level: info


  # etcd gateway settings.
  # No memory limit is configurable for ectd gateway because its memory footprint is negligible.
  etcd_gateway:

    # Gateway port.
    # The orchestratord connects to the etcd gateway via this port.
    # Required: False
    # Default: 2378
    port: 2378

    # Ready timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 300
    # ready_timeout_s: 600

    # Live timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 30
    # live_timeout_s: 60

  # Postgres/Timescale settings.
  # Memory settings for Postgres are automatically calculated by the installer so that Postgres uses as much memory as
  # possible without causing any swapping.
  postgres_timescale:

    # Data directory.
    # Required: False
    # Default: <hub data>/postgres-timescale/pgdata
    # If specified, this must be an existing empty directory.
    # Protected: True
    # data_dir: /mnt/disk1/hub/data/postgres/pgdata

    # Write-ahead log directory.
    # Required: False
    # Default: <hub data>/postgres-timescale/pgwal
    # If specified, this must be an existing empty directory.
    # Protected: True
    # wal_dir: /mnt/disk1/hub/data/postgres/pgwal

    # Postgres client port.
    # Required: False
    # Default: 5432
    port: 5432

    # Postgres database superuser name.
    # Required: False
    # Default: postgres
    # Protected: True
    database_superuser: postgres

    # Postgres database user name.
    # Required: False
    # Default: <hub.user>
    # Protected: True
    database_user: hub

    # Postgres database user password, allowing remote access via username and password.
    # This is a non-documented feature allowing remote access to Postgres instances, which is disabled by default.
    # If defined and set to a non-empty string, remote Postgres access gets enabled using the username given by
    # hub.postgres_timescale.database_user and that password.
    # Required: False
    # Default: ""
    # database_user_password: password

    # Ready timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 300
    # ready_timeout_s: 600

    # Live timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 30
    # live_timeout_s: 60

    # Log level.
    # Controls logs verbosity. Value must be one of:
    # { DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1, INFO, NOTICE, WARNING, ERROR, LOG, FATAL, PANIC }
    # Required: False
    # Default: INFO
    # log_level: info

  # Zookeeper settings.
  zookeeper:

    # Data directory.
    # Required: False
    # Default: <hub data>/zookeeper/snapshot
    # If specified, this must be an existing empty directory.
    # Protected: True
    # data_dir: /mnt/disk1/hub/data/zookeeper/snapshot

    # Transaction log directory.
    # Required: False
    # Default: <hub data>/zookeeper/transactions
    # If specified, this must be an existing empty directory.
    # Protected: True
    # transaction_log_dir: /mnt/disk1/hub/data/zookeeper/txn

    # Zookeeper client listener port.
    # Required: False
    # Default: 5181
    client_port: 5181

    # Port used by zookeeper cluster members to connect to the leader.
    # Required: False
    # Default: 5188
    leader_port: 5188

    # Port used by zookeeper cluster members for leader elections.
    # Required: False
    # Default: 5189
    leader_election_port: 5189

    # Memory limit in MB.
    # Required: False
    # Default: 256
    memory_limit: 256

    # Ready timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 300
    # ready_timeout_s: 600

    # Live timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 30
    # live_timeout_s: 60

    # Log level.
    # Controls logs verbosity. Value must be one of: { trace, debug, info, warn, error }
    # Required: False
    # Default: info
    # log_level: info

    # JMX API port, used by the RMI registry.
    # Required: False
    # Default: 10978
    jmx_port: 10978

    # JMX API port, used by the RMI connector.
    # Required: False
    # Default: 10979
    jmx_rmi_port: 10979

  # Kafka settings.
  kafka:

    # Log directories.
    # Required: False
    # Default: [ <hub data>/kafka/logs ]
    # If specified, these must be existing empty directories.
    # Protected: True
    # log_dirs:
    # - /mnt/disk2/hub/data/kafka/logs
    # - /mnt/disk3/hub/data/kafka/logs

    # Kafka listener port.
    # Required: False
    # Default: 9092
    port: 9092

    # Target replication factor.
    # The actual replication factor is the minimum of this value and the number of cluster nodes.
    # Required: False
    # Default: 3
    # Protected: True
    target_replication_factor: 3

    # Data retention hours.
    # The number of hours Kafka data is retained before it is automatically deleted. Must be strictly positive.
    # Required: False
    # Default: 72
    # Protected: True
    data_retention_hours: 72

    # Memory limit in MB.
    # Required: False
    # Default: 1024
    memory_limit: 1024

    # Ready timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 300
    # ready_timeout_s: 600

    # Live timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 30
    # live_timeout_s: 60

    # Log level.
    # Controls logs verbosity. Value must be one of: { trace, debug, info, warn, error }
    # Required: False
    # Default: info
    # log_level: info

    # JMX API port, used by the RMI registry.
    # Required: False
    # Default: 10976
    jmx_port: 10976

    # JMX API port, used by the RMI connector.
    # Required: False
    # Default: 10977
    jmx_rmi_port: 10977

  # Collection Agent settings.
  collection_agent:

    # Health check port.
    # Required: False
    # Default: 9097
    health_check_port: 9097

    # Statsd port (listens for statsd metrics).
    # Required: False
    # Default: 8125
    statsd_port: 8125

    # Reporting port (reports metrics to the Netprobe).
    # Required: False
    # Default: 9137
    reporting_port: 9137

    # Memory limit in MB.
    # Required: False
    # Default: 800
    memory_limit: 800

    # Metrics pipeline store type.
    # Required: False
    # Default: memory
    # Permitted values: 'memory', 'disk'
    metrics_pipeline_store_type: memory

    # Logs pipeline store type.
    # Required: False
    # Default: disk
    # Permitted values: 'memory', 'disk'
    logs_pipeline_store_type: disk

    # Events pipeline store type.
    # Required: False
    # Default: disk
    # Permitted values: 'memory', 'disk'
    events_pipeline_store_type: disk

    # Ready timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 300
    # ready_timeout_s: 600

    # Live timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 30
    # live_timeout_s: 60

    # Disabled collectors.
    # This is a non-documented feature allowing collectors to be disabled, which can be useful in presence of
    # installation issues.
    # Required: False
    # Default: []
    # disabled_collectors:
    # - kafka
    # - prometheus-target

    # Log level.
    # Controls logs verbosity. Value must be one of: { trace, debug, info, warn, error }
    # Required: False
    # Default: info
    # log_level: info

  # Geneos NetProbe settings.
  geneos_netprobe:

    # NetProbe listen port.
    # Required: False
    # Default: 7036
    port: 7036

    # Ready timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 300
    # ready_timeout_s: 600

    # Live timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 30
    # live_timeout_s: 60

  # Hub normaliserd settings.
  normaliserd:

    # Memory limit in MB.
    # Required: False
    # Default: 800
    memory_limit: 800

    # Ready timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 300
    # ready_timeout_s: 600

    # Live timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 30
    # live_timeout_s: 60

    # Log level.
    # Controls logs verbosity. Value must be one of: { trace, debug, info, warn, error }
    # Required: False
    # Default: info
    # log_level: info

    # Inference. Controls setting for schema less ingestion ( Automatic dataview schema inference).
    # Be aware of yaml indentation in this section.
    # Required: False
    # inference:

      # Enabled
      # Controls whether or not schema inference is enabled.  { Smart, Naive, Basic }
      # Required: False
      # Default: Smart
      # enabled: true

      # Mode
      # Sets the mode of schema inference. Value must be one of
      # Required: False
      # Default: Smart
      # mode: Smart # May be Smart, Naive, Basic
        # smart:

          # Min Samples
          # Sets the minimum number of data samples ( per dataview ), inside the inference duration, required for smart inference.
          # Required: False
          # Default: 10
          # min_samples: 10

          # Duration Seconds
          # Sets the inference window in seconds. The inference window is measures using seconds from the first observed sample (for the dataview).
          # Required: False
          # Default: 600
          # duration_seconds: 600

          # Threshold
          # Sets the internal threshold used by the smart inference engine. Must be within 0 and 1.0. Values closer to 0 mean we are more likely to achieve a result,
          #   however with a reduced confidence. Values closer to 1.0 will apply inference rules with higher confidence. This may mean that it is more likely to fall back to a string schema,
          #   however one can have a higher confidence in a successful result.
          # Required: False
          # Default: 0.8
          # threshold: 0.8

  # Hub persistenced settings.
  persistenced:

    # Memory limit in MB.
    # Required: False
    # Default: 800
    memory_limit: 800

    # Ready timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 300
    # ready_timeout_s: 600

    # Live timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 30
    # live_timeout_s: 60

    # Log level.
    # Controls logs verbosity. Value must be one of: { trace, debug, info, warn, error }
    # Required: False
    # Default: info
    # log_level: info

  # Hub platformd settings.
  platformd:

    # Memory limit in MB.
    # Required: False
    # Default: 800
    memory_limit: 800

    # Health probe port.
    # Required: False
    # Default: 7100
    health_probe_port: 7100

    # gRPC service port.
    # Required: False
    # Default: 7110
    service_port: 7110

    # Ready timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 300
    # ready_timeout_s: 600

    # Live timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 30
    # live_timeout_s: 60

    # Log level.
    # Controls logs verbosity. Value must be one of: { trace, debug, info, warn, error }
    # Required: False
    # Default: info
    # log_level: info

  # Hub snapshotd settings.
  snapshotd:

    # Memory limit in MB.
    # Required: False
    # Default: 800
    memory_limit: 800

    # Ready timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 300
    # ready_timeout_s: 600

    # Live timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 30
    # live_timeout_s: 60

    # Log level.
    # Controls logs verbosity. Value must be one of: { trace, debug, info, warn, error }
    # Required: False
    # Default: info
    # log_level: info

  # Hub apid settings.
  apid:

    # Use HTTP instead of HTTPS.
    # Turning off HTTPS for apid/webconsole may be desirable when the Hub is used in conjunction with a reverse proxy.
    # Required: False
    # Default: true
    # use_https: true

    # REST API port.
    # Required: False
    # Default: 8081
    port: 8081

    # Memory limit in MB.
    # Required: False
    # Default: 2048
    memory_limit: 2048

    # Ready timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 300
    # ready_timeout_s: 600

    # Live timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 30
    # live_timeout_s: 60

    # Log level.
    # Controls logs verbosity. Value must be one of: { trace, debug, info, warn, error }
    # Required: False
    # Default: info
    # log_level: info

  # Hub gateway-configd settings.
  gateway_configd:

    # Gateway cache directory
    # Required: False
    # Default: <hub.tmp_dir>/gateway-cache
    # If present, this must be an existing directory on all destination hosts, and it must be writeable by the runtime user
    # (specified via hub.user).
    # cache_dir: /path/to/gateway-cache

    # Validation timeout
    # Required: False
    # Default: PT10M (i.e. 10 minutes)
    # The maximum amount of time (as an ISO_8601 duration) to wait for the configuration of an individual Gateway to be
    # validated. Gateway configurations must be validated before any changes can be applied.
    validation_timeout: PT10M

    # Memory limit in MB.
    # Required: False
    # Default: 600
    memory_limit: 600

    # Ready timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 300
    # ready_timeout_s: 600

    # Live timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 30
    # live_timeout_s: 60

    # Log level.
    # Controls logs verbosity. Value must be one of: { trace, debug, info, warn, error }
    # Required: False
    # Default: info
    # log_level: info

  # Hub publisherd settings.
  publisherd:

    # Memory limit in MB.
    # Required: False
    # Default: 800
    memory_limit: 800

    # Ready timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 300
    # ready_timeout_s: 600

    # Live timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 30
    # live_timeout_s: 60

    # Log level.
    # Controls logs verbosity. Value must be one of: { trace, debug, info, warn, error }
    # Required: False
    # Default: info
    # log_level: info

  # Web console settings.
  webconsole:

    # Use HTTP instead of HTTPS.
    # Turning off HTTPS for apid/webconsole may be desirable when the Hub is used in conjunction with a reverse proxy.
    # Required: False
    # Default: true
    # use_https: true

    # Web console port. Must not be set to 8080 unless HTTPS is turned off.
    # Required: False
    # Default: 8443
    # port: 8443

    # Memory limit in MB.
    # Required: False
    # Default: 800
    memory_limit: 800

    # Ready timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 300
    # ready_timeout_s: 600

    # Live timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 30
    # live_timeout_s: 60

    # Log level.
    # Controls logs verbosity. Value must be one of: { trace, debug, info, warn, error }
    # Required: False
    # Default: info
    # log_level: info

  # Capacity Planner App settings
  capacity_planner:

    # REST API port.
    # Required: False
    # Default: 9090
    port: 9090

    # Memory limit in MB.
    # Required: False
    # Default: 800
    memory_limit: 800

    # Ready timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 300
    # ready_timeout_s: 600

    # Live timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 30
    # Default: 30
    # live_timeout_s: 60

    # Log level.
    # Controls logs verbosity. Value must be one of: { trace, debug, info, warn, error }
    # Required: False
    # Default: info
    # log_level: info

  # Hub Monitoring Coverage App settings.
  monitoring_coverage:

    # Lucene index directory
    # Required: False
    # Default: <hub.tmp_dir>/monitoringcoverage/lucene/index
    # The directory must be writeable by the runtime user (specified via hub.user).
    # lucene_index_path: /path/to/lucene/index

    # Memory limit in MB.
    # Required: False
    # Default: 800
    memory_limit: 800

    # Health probe port.
    # Required: False
    # Default: 7300
    health_probe_port: 7300

    # gRPC service port.
    # Required: False
    # Default: 7310
    service_port: 7310

    # Ready timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 300
    # ready_timeout_s: 600

    # Live timeout in seconds.
    # This is an advanced setting and should only be changed if the default is proven to be too low.
    # Required: False
    # Default: 30
    # live_timeout_s: 60

    # Log level.
    # Controls logs verbosity. Value must be one of: { trace, debug, info, warn, error }
    # Required: False
    # Default: info
    # log_level: info