# default application configuration file for akka
include "logging"
akka {
java-flight-recorder.enabled = false
akka.http {
client {
parsing.illegal-header-warnings = off
parsing.max-chunk-size = 50m
parsing.max-content-length = 50m
parsing {
max-to-strict-bytes = 50m
host-connection-pool {
max-connections = 128
max-open-requests = 1024
#kamon related configuration
kamon {
modules {
# Only statsd is enabled by default.
statsd-reporter {
enabled = true
datadog-agent {
enabled = false
datadog-trace-agent {
enabled = false
# This should never be set to true as we register Prometheus reporters manually and surface them via akka-http.
prometheus-reporter {
enabled = false
host-metrics {
enabled = false
environment {
# Identifier for this service. For keeping it backward compatible setting to natch previous
# statsd name
service = "openwhisk-statsd"
metric {
tick-interval = 1 second
statsd {
# Interval between metrics data flushes to StatsD. It's value must be equal or greater than the
# kamon.metrics.tick-interval setting.
flush-interval = 1 second
# Max packet size for UDP metrics data sent to StatsD.
max-packet-size = 1024 bytes
# Subscription patterns used to select which metrics will be pushed to StatsD. Note that first, metrics
# collection for your desired entities must be activated under the kamon.metrics.filters settings.
includes {
actor = [ "*" ]
trace = [ "*" ]
dispatcher = [ "*" ]
metric-key-generator = org.apache.openwhisk.common.WhiskStatsDMetricKeyGenerator
prometheus {
# We expose the metrics endpoint over akka http. So default server is disabled
start-embedded-http-server = no
buckets {
custom {
//By default retry are configured upto 9. However for certain setups we may increase
//it to higher values
"histogram.cosmosdb_retry_success" = [1, 2, 3, 5, 7, 10, 12, 15, 20]
whisk {
shared-packages-execute-only = false
metrics {
# Enable/disable Prometheus support. If enabled then metrics would be exposed at `/metrics` endpoint
# If Prometheus is enabled then please review `kamon.metric.tick-interval` (set to 1 sec by default above).
# It can then be set to scrape interval value which is generally 60 secs
prometheus-enabled = false
# Enable/disable whether metric information is sent to the configured reporters.
kamon-enabled = false
kamon-enabled = ${?METRICS_KAMON}
# Enable/disable whether to use the Kamon tags when sending metrics.
kamon-tags-enabled = false
kamon-tags-enabled = ${?METRICS_KAMON_TAGS}
# Enable/disable whether the metric information is written out to the log files in logmarker format.
logs-enabled = true
logs-enabled = ${?METRICS_LOG}
# kafka related configuration, the complete list of parameters is here:
kafka {
replication-factor = 1
// Used to control the cadence of the consumer lag check interval
consumer-lag-check-interval = 60 seconds
// The following settings are passed "raw" to the respective Kafka client. Dashes are replaced by dots.
common {
security-protocol = PLAINTEXT
ssl-endpoint-identification-algorithm = "" // restores pre-kafka 2.0.0 default
//Enable this for reporting Kafka client metrics
//metric-reporters = "org.apache.openwhisk.connector.kafka.KamonMetricsReporter"
producer {
acks = 1
request-timeout-ms = 30000
metadata-max-age-ms = 15000
# max-request-size is defined programatically for producers related to the "completed" and "invoker" topics
# as ${whisk.activation.kafka.payload.max} + ${whisk.activation.kafka.serdes-overhead}. All other topics use
# the default of 1 MB.
consumer {
session-timeout-ms = 30000
heartbeat-interval-ms = 10000
enable-auto-commit = false
auto-offset-reset = earliest
request-timeout-ms = 30000
max-poll-interval-ms = 1800000 // 30 minutes
// The maximum amount of time the server will block before answering
// the fetch request if there isn't sufficient data to immediately
// satisfy the requirement given by fetch.min.bytes.
// (default is 500, default of fetch.min.bytes is 1)
// On changing fetch.min.bytes, a high value for,
// could increase latency of activations.
// A low value will cause excessive busy-waiting.
fetch-max-wait-ms = 500
topics {
cache-invalidation {
segment-bytes = 536870912
retention-bytes = 1073741824
retention-ms = 300000
completed {
segment-bytes = 536870912
retention-bytes = 1073741824
retention-ms = 3600000
# max-message-bytes is defined programatically as ${whisk.activation.kafka.payload.max} +
# ${whisk.activation.kafka.serdes-overhead}.
health {
segment-bytes = 536870912
retention-bytes = 1073741824
retention-ms = 3600000
invoker {
segment-bytes = 536870912
retention-bytes = 1073741824
retention-ms = 172800000
# max-message-bytes is defined programatically as ${whisk.activation.kafka.payload.max} +
# ${whisk.activation.kafka.serdes-overhead}.
events {
segment-bytes = 536870912
retention-bytes = 1073741824
retention-ms = 3600000
prefix = ""
user-event {
prefix = ""
metrics {
// Name of metrics which should be tracked via Kamon
names = [
// consumer-fetch-manager-metrics
"records-lag-max", // The maximum lag in terms of number of records for any partition in this window
"records-consumed-total", // The total number of records consumed
report-interval = 10 seconds
# db related configuration
db {
subjects-ddoc = "subjects.v2.0.0"
actions-ddoc = "whisks.v2.1.0"
activations-ddoc = "whisks.v2.1.0"
activations-filter-ddoc = "whisks-filters.v2.1.1"
# Size limit for inlined attachments. Attachments having size less than this would
# be inlined with there content encoded in attachmentName
max-inline-size = 16 k
# CouchDB related configuration
# For example:
# couchdb {
# protocol = http # One of "https" or "http"
# host = servername # DB Host
# port = 5984 # DB Port
# username =
# password =
# provider = # Either "Cloudant" or "CouchDB"
# databases { # Database names used for various entity classes
# WhiskAuth =
# WhiskEntity =
# WhiskActivation =
# }
# CosmosDB related configuration
# For example:
cosmosdb {
# endpoint = # Endpoint URL like https://<account>
# key = # Access key
# db = # Database name
# Throughput configured for each collection within this db
# This is configured only if collection is created fresh. If collection
# already exists then existing throughput would be used
throughput = 1000
# Select from one of the supported
consistency-level = "Session"
# TTL duration. By default no TTL is set unless explicitly configured
# Can only be used for `WhiskActivation` for now
# time-to-live = 60 s
# Specifies the current clusterId whose value is recorded with document upon any update
# to indicate which cluster made the change. By default no such value is recorded
# cluster-id =
# Enables soft delete mode where by the document would not be actually deleted. Instead
# it would be marked deleted by setting `_deleted` property to true and then actual delete
# happens via TTL.
# soft-delete-ttl = 10 h
# Frequency at which collection resource usage info like collection size, document count etc is recorded
# and exposed as metrics. If any reindexing is in progress then its progress would be logged with this frequency
record-usage-frequency = 10 m
# Flag to enable collection of retry stats. This feature works by registering with Logback to intercept
# log messages and based on that collect stats
retry-stats-enabled = true
connection-policy {
max-pool-size = 1000
# When the value of this property is true, the SDK will direct write operations to
# available writable locations of geo-replicated database account
using-multiple-write-locations = false
# Select from one of the supported connection mode
connection-mode = "Gateway"
# Sets the preferred locations for geo-replicated database accounts e.g. "East US"
# See names at
preferred-locations = []
retry-options {
# Sets the maximum number of retries in the case where the request fails
# because the service has applied rate limiting on the client.
# If this value is changed then adjust the buckets under `kamon.prometehus`
max-retry-attempts-on-throttled-requests = 9
# Sets the maximum retry time
# If the cumulative wait time exceeds this SDK will stop retrying and return the
# error to the application.
max-retry-wait-time = 30 s
# Specify entity specific overrides below. By default all config values would be picked from top level. To override
# any config option for specific entity specify them below. Following names can be used
# - WhiskAuth
# - WhiskEntity
# - WhiskActivation
# For example if multiple writes need to be enabled for activations then
# collections {
# WhiskActivation { # Add entity specific overrides here
# connection-policy {
# using-multiple-write-locations = true
# }
# }
# }
# ActivationStore related configuration
# For example:
# activationStore {
# elasticsearch {
# protocol = # "http" or "https"
# hosts = # the hosts address of ES, can be multi hosts combined with commas, like ",,"
# index-pattern = # the index pattern used to tell which index an activation should be stored to, will be calculated with activation namespace,
# for example, if the index-pattern is "openwhisk-%s", then activations under "whisk.system" will be saved in to index
# "openwhisk-whisk.system", you can also save all namespaces activations into one index by set index-pattern to a raw string
# like "openwhisk"
# username = # username of the provide ES
# password = # password of the provide ES
# }
# }
azure-blob {
# Config property when using AzureBlobAttachmentStore
# whisk {
# spi {
# AttachmentStoreProvider = org.apache.openwhisk.core.database.azblob.AzureBlobAttachmentStoreProvider
# }
# Blob container endpoint like
# It is of format https://<account-name><container-name>
# endpoint =
# Storage account name
# account-name =
# Container name within storage account used to store the blobs
# container-name =
# Shared key credentials
# account-key
# Folder path within the container (optional)
# prefix
retry-config {
retry-policy-type = FIXED
max-tries = 3
try-timeout = 5 seconds
retry-delay = 10 milliseconds
#secondary-host = ""
#azure-cdn-config {
# domain-name = "<your azure cdn domain>"
# MongoDB related configuration
# For example:
# mongodb {
# uri = mongodb://localhost:27017 # DB Uri
# database = # Database name
# transaction ID related configuration
transactions {
header = "X-Request-ID"
# action runtimes configuration
runtimes {
bypass-pull-for-local-images = false
local-image-prefix = "whisk"
# cluster name related etcd configuration
cluster {
name = "whisk"
user-events {
enabled = false
activation {
payload {
max = 1 m
truncation = 1 m
# Action responses sent through Kafka can contain up to 3018 bytes of metadata
# CompletionMessage
# base 71
# TransactionId
# id 32
# start 13
# extraLogging 5
# WhiskActivation
# base 368
# activationId 32
# subject 256
# namespace 256
# entity name 256
# path 3x256+2=770
# initTime 64
# waitTime 64
# duration 64
# kind 64
# limits 64*3=192
# version 64x3+2=194
# size 16
# InvokerInstanceId
# instance 64
# uniqueName + displayName 253 (max pod name length in Kube)
serdes-overhead = 6068 // 3034 bytes of metadata * 2 for extra headroom
# Disables database store for blocking + successful activations
# invocations made with `X-OW-EXTRA-LOGGING: on` header, will force the activation to be stored
disable-store-result = false
# Enable metadata logging of activations not stored in the database
unstored-logs-enabled = false
# action timelimit configuration
time-limit {
min = 100 ms
max = 5 m
std = 1 m
# action memory configuration
memory {
min = 128 m
max = 512 m
std = 256 m
# action log-limit configuration
log-limit {
min = 0 m
max = 10 m
std = 10 m
# action concurrency-limit configuration
concurrency-limit {
min = 1
max = 1
std = 1
# maximum size of the action code
exec-size-limit = 48 m
query-limit {
max-list-limit = 200 # max number of entities that can be requested from a collection on a list operation
default-list-limit = 30 # default limit on number of entities returned from a collection on a list operation
mesos {
master-url = "http://localhost:5050" //your mesos master
master-public-url = "http://localhost:5050" // if mesos-link-log-message == true, this link will be included with the static log message (may or may not be different from master-url)
role = "*" //see
mesos-link-log-message = true //If true, display a link to mesos in the static log message, otherwise do not include a link to mesos.
constraints = [] //placement constraint strings to use for managed containers e.g. ["att1 LIKE v1", "att2 UNLIKE v2"]
blackbox-constraints = [] //placement constraints to use for blackbox containers
constraint-delimiter = " "//used to parse constraint strings
teardown-on-exit = true //set to true to disable the mesos framework on system exit; set for false for HA deployments
offer-refuse-duration = 5 seconds //minimum time until an offer will arrive again at a particular invoker
heartbeat-max-failures = 2 //number of missed heartbeats from mesos master until resubscribe
timeouts {
failover = 0 seconds //Timeout allowed for framework to reconnect after disconnection.
task-launch = 45 seconds //timeout for creating mesos tasks (containers)
task-delete = 30 seconds //timeout for destroying mesos tasks (containers)
subscribe = 10 seconds //timeout for framework subscription handshake
teardown = 30 seconds //timeout for framework teardown
health-check {#Remove health-section section to disable healthchecks at action containers
port-index = 0 //should always be port 0 (action container should only listen on 1 port)
delay = 0 seconds //the amount of time (in seconds) to wait until starting checking the task.
interval = 1 seconds //the interval (in seconds) between check attempts.
timeout = 1 seconds //the amount of time (in seconds) to wait for the check to complete
grace-period = 25 seconds //the amount of time after the task is launched during which health check failures are ignored.
max-consecutive-failures = 3 //the number of consecutive failures until the task is killed by the executor.
yarn {
master-url="http://localhost:8088" //YARN Resource Manager endpoint to be accessed from the invoker
yarn-link-log-message=true //If true, display a link to YARN in the static log message, otherwise do not include a link to YARN.
service-name="openwhisk-action-service" //Name of the YARN Service created by the invoker. The invoker number will be appended.
auth-type="simple" //Authentication type for YARN (simple or kerberos)
kerberos-principal="" //Kerberos principal to use for the YARN service. Note: must include a hostname
kerberos-keytab="" //Location of keytab accessible by all node managers
queue="default" //Name of the YARN queue where the service will be created
memory=256 //Memory used by each YARN container
cpus=1 //CPUs used by each YARN container
logstore {
#SplunkLogStore configuration
#splunk {
# host = "splunkhost" #splunk api hostname
# port = 8089 #splunk api port
# username = "splunkapiusername" #splunk api username
# password = "splunkapipassword" #splunk api password
# index = "splunkindex" #splunk index name
# log-timestamp-field = "log_timestamp" #splunk field where timestamp is stored (to reflect log event generated time, not splunk's _time)
# log-stream-field = "log_stream" #splunk field where stream is stored (stdout/stderr)
# log-message-field = "log_message" #splunk field where log message is stored
# namespace-field = "namespace" #splunk field where namespace is stored
# activation-id-field = "activation_id" #splunk field where activation id is stored
# query-constraints = "" #additional constraints for splunk queries
# finalize-max-time = 10.seconds #splunk api max_time The number of seconds to run this search before finalizing. Specify 0 to never finalize.
# earliest-time-offset = 7.days #splunk query will search for records no older than the offset defined; e.g. "earliest_time=now() - offset"
# query-timestamp-offset = 2.seconds #splunk query will be broadened by this 2*<offset value>; e.g. "earliest_time=activation.start - offset" and "latest_time=activation.end + offset"
# disable-sni = false #if true, disables hostname validation and cert validation (in case splunk api endpoint is using a self signed cert)
# tracing configuration
tracing {
cache-expiry = 30 seconds #how long to keep spans in cache. Set to appropriate value to trace long running requests
#Zipkin configuration. Uncomment following to enable zipkin based tracing
#zipkin {
# url = "http://localhost:9411" //url to connecto to zipkin server
//sample-rate to decide a request is sampled or not.
//sample-rate 0.5 eqauls to sampling 50% of the requests
//sample-rate of 1 means 100% sampling.
//sample-rate of 0 means no sampling
# sample-rate = "0.01" // sample 1% of requests by default
controller {
activation {
polling-from-db = true
max-wait-for-blocking-activation = 60 seconds
feature-flags {
# Enables support for `provide-api-key` annotation.
# See
# for details
require-api-key-annotation = true
# Enables the support to receive the response payload
# for POST and DELETE APIs
# See:
require-response-payload = true
apache-client {
# By default Apache HTTP Client would not retry NoHttpResponseException cases
# For some setups like Standalone mode this setting may need to be enabled
# to work around some Docker network issue
# In general this setting should be left to its default disabled state
retry-no-http-response-exception = false
# Enabling this will start to encrypt all default parameters for actions and packages. Be careful using this as
# it will slowly migrate all the actions that have been 'updated' to use encrypted parameters but going back would
# require a currently non-existing migration step.
parameter-storage {
# The current algorithm to use for parameter encryption, this can be changed but you have to leave all the keys
# configured for any algorithm you used previously.
# Allowed values:
# "off|noop" -> no op/no encryption
# "aes-128" -> AES with 128 bit key (given as base64 encoded string)
# "aes-256" -> AES with 256 bit key (given as base64 encoded string)
current = "off"
# Base64 encoded 128 bit key
#aes-128 = ""
# Base64 encoded 256 bit key
#aes-256 = ""
#placeholder for test overrides so that tests can override defaults in application.conf (todo: move all defaults to reference.conf)
test {