Host Configuration
The following table contains a list of all options that can be used to configure the wasmCloud Host:
Flag | Environment Variable | Default | Description | Example |
---|---|---|---|---|
--log-level | WASMCLOUD_LOG_LEVEL | INFO | Controls the verbosity of logs from the wasmCloud host | --log-level DEBUG |
--nats-host | WASMCLOUD_NATS_HOST | 127.0.0.1 | NATS server host to connect to | --nats-host my-nats-server |
--nats-port | WASMCLOUD_NATS_PORT | 4222 | NATS server port to connect to | --nats-port 4223 |
--nats-jwt | WASMCLOUD_NATS_JWT | N/A | A user JWT to use to authenticate to NATS. The given credential needs to have full access to all wasmbus.> topics as well as access to the configured --js-domain to create, manage, and access KV buckets used for lattice metadata and component config. | --nats-jwt eyJ0eXAiOiJqd3Qi... |
--nats-seed | WASMCLOUD_NATS_SEED | N/A | A seed nkey to use to authenticate to NATS. This seed should be the same one associated with the JWT. Please see the NATS Docs for more information | --nats-seed SUAAZU5G7UOUR7VX... |
--nats-creds | WASMCLOUD_NATS_CREDS | N/A | A NATS credentials file that contains the JWT and seed for authenticating to NATS. Conflicts with nats-jwt and nats-seed options. | --nats-creds credfile |
-x , --lattice | WASMCLOUD_LATTICE | default | The lattice the host belongs to. If running with multiple lattices, each name MUST be unique. | -x my-lattice |
--host-seed | WASMCLOUD_HOST_SEED | N/A | The seed key used by this host to generate its public key. In most cases you won't need to set this, but if needed a seed can be generated with wash keys gen server | --host-seed SNABP2H7DRKW3XRM... |
--provider-shutdown-delay | WASMCLOUD_PROV_SHUTDOWN_DELAY_MS | 300 | Delay in milliseconds between requesting a provider shutdown. If you are likely to be running many custom providers that require extensive clean up, this value can be increased to give them more time to shut down | --provider-shutdown-delay 500 |
--allow-latest | WASMCLOUD_OCI_ALLOW_LATEST | N/A | Determines whether OCI images tagged latest are allowed. By default, we do not allow this as it makes it very unclear if something has actually updated for an end user or operator | --allow-latest |
--allowed-insecure | WASMCLOUD_OCI_ALLOWED_INSECURE | N/A | Comma-separated list of allowed insecure OCI hosts. Otherwise, all OCI references given to this host will expect an https endpoint | --allowed-insecure registry1,registry2 |
--js-domain | WASMCLOUD_JS_DOMAIN | N/A | NATS Jetstream domain name. If set, all hosts in the lattice MUST be using the same domain name | --js-domain my-domain |
--config-service-enabled | WASMCLOUD_CONFIG_SERVICE | N/A | Denotes if a wasmCloud host should issue requests to a config service on startup. This config service can allow dynamic setting of things such as OCI credentials | --config-service-enabled |
--allow-file-load | WASMCLOUD_ALLOW_FILE_LOAD | N/A | Denotes if a wasmCloud host should allow starting components from the file system. This should only be used for development and not in production (as the existence of files on any given system cannot be guaranteed) | --allow-file-load |
--enable-structured-logging | WASMCLOUD_STRUCTURED_LOGGING_ENABLED | N/A | Enable JSON structured logging from the wasmCloud host | --enable-structured-logging |
-l , --label | WASMCLOUD_LABEL_{label_name} (specified for each label) | N/A | A label=value to apply to the host. May be specified multiple times | -l cloud=aws -l region=us-west |
--ctl-host | WASMCLOUD_CTL_HOST | NATS host value | An IP address or DNS name to use to connect to NATS for Control Interface (CTL) messages, defaults to the value supplied to --nats-host if not supplied. | --ctl-host my-nats-server |
--ctl-port | WASMCLOUD_CTL_PORT | NATS port value | A port to use to connect to NATS for CTL messages, defaults to the value supplied to --nats-port if not supplied. | --ctl-port 4223 |
--ctl-jwt | WASMCLOUD_CTL_JWT | NATS JWT value | A user JWT to use to authenticate to NATS for CTL messages, defaults to the value supplied to --nats-jwt if not supplied. | --ctl-jwt eyJ0eXAiOiJqd3Qi... |
--ctl-seed | WASMCLOUD_CTL_SEED | NATS seed value | A seed nkey to use to authenticate to NATS for CTL messages, defaults to the value supplied to --nats-seed if not supplied. | --ctl-seed SUAAZU5G7UOUR7VX... |
--ctl-creds | WASMCLOUD_CTL_CREDS | NATS creds or JWT and seed value | A NATS credentials file to use to authenticate to NATS for CTL messages, defaults to the value supplied to --nats-creds or --nats-jwt and --nats-seed . Conflicts with ctl-jwt and ctl-seed options. | --ctl-creds credfile |
--ctl-tls | WASMCLOUD_CTL_TLS | N/A | Optional flag to require host communication over TLS with a NATS server for CTL messages. | --ctl-tls |
--ctl-topic-prefix | WASMCLOUD_CTL_TOPIC_PREFIX | wasmbus.ctl | Advanced: A prefix to use for all CTL topics. | --ctl-topic-prefix my.ctl |
--rpc-host | WASMCLOUD_RPC_HOST | NATS host value | An IP address or DNS name to use to connect to NATS for RPC messages, defaults to the value supplied to --nats-host if not supplied. | --rpc-host my-nats-server |
--rpc-port | WASMCLOUD_PRC_PORT | NATS port value | A port to use to connect to NATS for RPC messages, defaults to the value supplied to --nats-port if not supplied. | --rpc-port 4223 |
--rpc-jwt | WASMCLOUD_RPC_JWT | NATS JWT value | A user JWT to use to authenticate to NATS for RPC messages, defaults to the value supplied to --nats-jwt if not supplied. | --rpc-jwt eyJ0eXAiOiJqd3Qi... |
--rpc-seed | WASMCLOUD_RPC_SEED | NATS seed value | A seed nkey to use to authenticate to NATS for RPC messages, defaults to the value supplied to --nats-seed if not supplied. | --rpc-seed SUAAZU5G7UOUR7VX... |
--rpc-creds | WASMCLOUD_RPC_CREDS | NATS creds or JWT and seed value | A NATS credentials file to use to authenticate to NATS for RPC messages, defaults to the value supplied to --nats-creds or --nats-jwt and --nats-seed . | --rpc-creds credfile |
--rpc-timeout-ms | WASMCLOUD_RPC_TIMEOUT_MS | 2000 | Timeout in milliseconds for all RPC calls. | --rpc-timeout-ms 4000 |
--rpc-tls | WASMCLOUD_RPC_TLS | N/A | Optional flag to require host communication over TLS with a NATS server for RPC messages. | --rpc-tls |
--policy-topic | WASMCLOUD_POLICY_TOPIC | N/A | Enables policy checks on start actions and component invocations at the given topic. This can be used with any sort of policy service. For more information see our Policy Service documentation | --policy-topic my.policy.topic |
--policy-changes-topic | WASMCLOUD_POLICY_CHANGES_TOPIC | N/A | Allows the host to subscribe to updates on past policy decisions. This is how a policy service can tell hosts to invalidate a cached decision. This requires --policy-topic to be test | --policy-changes-topic my.changes.topic |
--policy-timeout-ms | WASMCLOUD_POLICY_TIMEOUT | 1000 | Sets a custom timeout for requesting policy decisions. Requires --policy-topic to be set | --policy-timeout-ms 2000 |
--oci-registry | WASMCLOUD_OCI_REGISTRY | N/A | Overrides credentials for a specific OCI registry. Used in tandem with --oci_user and --oci_password to override credentials for a specific OCI registry | --oci-registry my-registry |
--oci-user | WASMCLOUD_OCI_REGISTRY_USER | N/A | Username for the OCI registry specified by --oci_registry | --oci-user my-username |
--oci-password | WASMCLOUD_OCI_REGISTRY_PASSWORD | N/A | Password for the OCI registry specified by --oci_registry | --oci-password my-password |
--enable-observability | WASMCLOUD_OBSERVABILITY_ENABLED | N/A | Enables the wasmCloud host to emit all OpenTelemetry signals. Conflicts with signal-specific configurations for logs, traces, and metrics. | --enable-observability |
--enable-traces | WASMCLOUD_TRACES_ENABLED | N/A | Enables the wasmCloud host to emit traces as OpenTelemetry signals. | --enable-traces |
--enable-metrics | WASMCLOUD_METRICS_ENABLED | N/A | Enables the wasmCloud host to emit metrics as OpenTelemetry signals. | --enable-metrics |
--enable-logs | WASMCLOUD_LOGS_ENABLED | N/A | Enables the wasmCloud host to emit logs as OpenTelemetry signals. | --enable-logs |
--observability-protocol | WASMCLOUD_OBSERVABILITY_PROTOCOL | http | Configures whether grpc or http will be used for exporting the enabled telemetry. This defaults to http . | --observability-protocol http |
--override-observability-endpoint | OTEL_EXPORTER_OTLP_ENDPOINT | N/A | Overrides the OpenTelemetry endpoint used for emitting traces, metrics, and logs. | --override-observability-endpoint http://my-custom-host:4318 |
--override-traces-endpoint | OTEL_EXPORTER_OTLP_TRACES_ENDPOINT | N/A | Overrides the OpenTelemetry endpoint used for emitting traces. | --override-traces-endpoint http://my-custom-host:4318 |
--override-metrics-endpoint | OTEL_EXPORTER_OTLP_METRICS_ENDPOINT | N/A | Overrides the OpenTelemetry endpoint used for emitting metrics. | --override-metrics-endpoint http://my-custom-host:4318 |
--override-logs-endpoint | OTEL_EXPORTER_OTLP_LOGS_ENDPOINT | N/A | Overrides the OpenTelemetry endpoint used for emitting logs. | --override-logs-endpoint http://my-custom-host:4318 |
--flame-graph | WASMCLOUD_FLAME_GRAPH | N/A | Path to generate a flame graph. | --flame-graph /path/for/graph |
--tls-ca-path | N/A | N/A | Configures the set of certificate authorities as repeatable set of file paths to load into the OCI and OpenTelemetry clients. | --tls-ca-path /path/to/ca |
--heartbeat-interval-seconds | WASMCLOUD_HEARTBEAT_INTERVAL | 30 | If provided, overrides the default heartbeat interval of every 30 seconds. Provided value is interpreted as seconds. | --heartbeat-interval-seconds 30 |