Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Codar1.80

Codar Console properties

This section lists and describes the properties that can be configured for the Codar Console, which are located in one of the following files:

CSA_HOME\jboss‑as\standalone\deployments\csa.war\ WEB-INF\classes\csa.properties
CSA_HOME\jboss‑as\standalone\deployments\csa.war\ WEB-INF\web.xml

The following areas contain properties that can be configured (for many properties, default values are provided):

Authentication
Account Lockout Mechanism
Security banner attributes
Notifications
Approvers
Security
Codar keystore
Service request processor scheduler
Auditing
Thread pool
Process execution manager
Lifecycle engine
Approval engine scheduler
LDAP cache scheduler
Clustering
Dynamic property
Group approval
FIPS 140-2
Common access card
Single sign-on
Single Sign-On
Process executor delegate
Miscellaneous
Operations Orchestration
API authentication
Topology designer
Session timeout
Scheduler

After modifying the csa.properties file, restart Codar, see Restart Codar .

Authentication

These properties are used for authentication. These properties are configured in csa.properties.

Property	Description
`csa.provider.hostname`	Required. The fully-qualified domain name of the system on which Codar is running. If you change this hostname, you must update the value of the `idm.codar.hostname` property in the `CSA_HOME\jboss-as\standalone\deployments\ idm-service.war\WEB-INF\spring\applicationContext.properties` file.
`csa.provider.port`	Required. The port used to connect to the system on which Codar is running. If you change this port, you must update the value of the `idm.codar.port` property in the `CSA_HOME\jboss-as\standalone\deployments\ idm-service.war\WEB-INF\spring\applicationContext.properties` file.
`csa.provider.rest.protocol`	Required. The protocol used by the REST API to connect to the system on which Codar is running. This attribute must be set to https. If you change this protocol, you must update the value of the `idm.codar.protocol` property in the `CSA_HOME\jboss-as\standalone\deployments\ idm-service.war\WEB-INF\spring\applicationContext.properties` file.
`csa.orgName.identifier`	Required. The provider organization identifier assigned to the organization who is providing this instance of the Codar Console. This attribute must be set to `CSA-Provider.`

Account Lockout Mechanism

These properties are configured in csa.properties.

Property	Description
csa.login.lockout.enable	Required to enable the account lockout mechanism. To disable, set this property to false. It may be useful to disable account lockout in the case where an attacker continues to lock system accounts to cause denial of service, and the administrator is confident that all Codar Console users have very strong, secret passwords. Default: true
csa.login.maxFailedAttempts	The amount of failed login attempts that will lock the account Note It is recommended that you set a lower amount of failed login attempts in clustered environments than in comparable non-clustered environments, since an attacker can distribute attacks over all nodes. Default: 3
csa.login.watchSeconds	The length of the watch period since the last failed login attempt after which the counter of failed login attempts will be reset. Default: 60 seconds
csa.login.lockSeconds	The length of the lockout period after which the account will be allowed to log in again. Default: 300 seconds (5 minutes)

Security banner attributes

The attributes in the following table are used by the Codar Console to enable or disable the display of a disclaimer upon logging in to the Codar Console and a color-coded banner that appears at the top and bottom of the Codar Console.

These properties are configured in csa.properties.

Attribute Description

csa.provider.agency

By default, this attribute is commented out. When this attribute is commented out or does not contain a valid value, the login disclaimer and color-coded banners are not displayed for the Codar Console.

If you want to enable the login disclaimer and color-coded banners, uncomment this attribute and set the value to GOVERNMENT. If set to any other value, the login disclaimer and color-coded banners are not displayed.

To edit the disclaimer page, edit the
CSA_HOME\jboss‑as\standalone\ deployments\csa.war\static\template\ disclaimerNote.jsp
file.

To edit the disclaimer content, edit the
CSA_HOME\jboss‑as\standalone\ deployments\csa.war\WEB-INF\classes\ msgs\messages_en.properties
file.

csa.provider.
contentType

By default, this attribute is commented out. This attribute defines the color and content that displays in the security banner. The security banners appear at the top and bottom of the Codar Console.

The following values are provided out-of-the-box:

UNCLASSIFIED. The banner is light green and contains no content. An example is shown below.
UNCLASSIFIED_FOUO. For official use only. The banner is light green and displays the text "FOUO." An example is shown below.
FOUO
UNCLASSIFIED_NOFORN. Not releasable to foreign nationals. The banner is light green and displays the text "NOFORN." An example is shown below.
NOFORN
CONFIDENTIAL. The banner is light blue and displays the text "CONFIDENTIAL." An example is shown below.
CONFIDENTIAL
CONFIDENTIAL_FOUO. The banner is light blue and displays the text "CONFIDENTIAL-FOUO." An example is shown below.
CONFIDENTIAL-FOUO
CONFIDENTIAL_NOFORN. The banner is light blue and displays the text "CONFIDENTIAL-NOFORN." An example is shown below.
CONFIDENTIAL-NOFORN
SECRET. The banner is red and displays the text "SECRET." An example is shown below.
SECRET
TOPSECRET. The banner is orange and displays the text "TOPSECRET." An example is shown below.
TOPSECRET

To edit the banner content, edit the CSA_HOME\jboss‑as\standalone\deployments\csa.war\WEB-INF\classes\msgs\messages_en.properties file.

Notification

These property is used to enable or disable package promotion notification.

This property is configured in csa.properties.

Property Description

Property	Description
`codar.PACKAGE_STATE_TRANSITION_NOTIFICATION`	Enables or disables package promotion notification. `true` enables package promotion notification. `text` disables package promotion notification. Default: `true`

codar.PACKAGE_STATE_TRANSITION_NOTIFICATION

Enables or disables package promotion notification.

true enables package promotion notification.

text disables package promotion notification.

Default: true

Security

These properties are used to configure encrypted passwords (see Encrypt password). An encrypted password is preceded by ENC without any separating spaces and is enclosed in parentheses.

These properties are configured in csa.properties.

Property	Description
securityAdminPassword	Required. The encrypted password used by the out-of-the-box `admin` user (defined in the `CSA_HOME\ jboss‑as\standalone\deployments\ csa.war\WEB-INF\applicationContext-security.xml` file). The admin user account is used for initial login to the Codar Console and can also be used to authenticate REST API calls. The password should be encrypted (see Encrypt password for instructions on encrypting passwords). If you change this password, you must also update the password of any REST API calls that use this password. For more information about the REST APIs, see the Codar API and CLI Reference Guide.
securityCsaReporting UserPassword	Required. The encrypted password used by the out-of-the-box `csaReportingUser` user (defined in the `CSA_HOME\ jboss‑as\standalone\deployments\ csa.war\WEB-INF\applicationContext-security.xml` file). The `csaReportingUser` user account is used when a subscription is ordered or modified and a field for the subscription includes a dynamically generated list. The dynamically generated list is a subscriber option property configured to use a dynamic query. The dynamic query uses this account to access Codar to determine the values that will appear in the list. This account has read-only access to Codar. The password should be encrypted (see Encrypt password for instructions). If you change this password, you must also update the password of any REST API calls that use this password. For more information about the REST APIs, see the Codar API and CLI Reference Guide.
securityTransport UserName	Required. The out-of-the-box user used to authenticate REST API calls between the Marketplace Portal and Codar Console (it should not be used to log in to the Codar Console). If you change this username, you must update the value of the `idm.csa.username` property in the `CSA_HOME\jboss-as\standalone\deployments\ idm-service.war\WEB-INF\spring\applicationContext.properties` file. For more information about the integration user account, see Change Codar out-of-the-box user accounts for Windows and Linux. For more information about the REST APIs, see the Codar API and CLI Reference Guide.
securityTransportPassword	Required only if both the Cloud Service Automation and Codar licenses are used. The encrypted password used by the out-of-the-box `csaTransportUser` user (defined in the `CSA_HOME\ jboss‑as\standalone\deployments\ csa.war\WEB-INF\applicationContext-security.xml` file). The `csaTransportUser` user account is used to authenticate REST API calls between the Marketplace Portal and Codar Console (it should not be used to log in to the Codar Console). The password should be encrypted (see Encrypt password for instructions). If you change this password, you must update the value of the `idm.codar.password` property in the `CSA_HOME\jboss-as\standalone\deployments\ idm-service.war\WEB-INF\spring\applicationContext.properties` file. For more information about the integration user account, see Change Codar out-of-the-box user accounts for Windows and Linux. For more information about the REST APIs, see the Codar API and CLI Reference Guide.
securityOoInbound UserPassword	Required. The encrypted password used by the out-of-the-box `ooInboundUser` user (defined in the `CSA_HOME\ jboss‑as\standalone\deployments\ csa.war\WEB-INF\applicationContext-security.xml` file). The ooInboundUser user account is used by Operations Orchestration to authenticate REST API calls with Codar (it should not be used to log in to the Codar Console). The password should be encrypted (see Encrypt password for instructions). If you change this password, you must also update and use the same password for the `CSA_REST_CREDENTIALS` system account in Operations Orchestration (see Operations Orchestration settings and the Codar Installation and Configuration Guide).
securityCdaInbound UserPassword	Required. The encrypted password used by the out-of-the-box `cdaInboundUser` user (defined in the `CSA_HOME\ jboss‑as\standalone\deployments\ csa.war\WEB-INF\applicationContext-security.xml` file). The `cdaInboundUser` user account is used by Continuous Delivery Automation to authenticate REST API calls with Codar (it should not be used to log in to the Codar Console). The password should be encrypted (see Encrypt password for instructions). If you change this password, you must also update and use the same password in Continuous Delivery Automation. For more information about this user account, see Change Codar out-of-the-box user accounts for Windows and Linux.
securityIdmTransport UserPassword	Required. The encrypted password used by the out-of-the-box `idmTransportUser` user (defined in the `CSA_HOME\ jboss‑as\standalone\deployments\ csa.war\WEB-INF\applicationContext-security.xml` file). The `idmTransportUser` user account is used to authenticate REST API calls (it should not be used to log in to the Codar Console). The password should be encrypted (see Encrypt password for instructions). If you change this password, you must also update the following passwords (you must use the same password): `idmTransportUser` property in the `CSA_HOME\ jboss-as\standalone\deployments\ idm-service.war\WEB-INF\classes\ integrationusers.properties` file. Password of any REST API calls that use this password. For more information about this user account, see Change Codar out-of-the-box user accounts for Windows and Linux.
securityCatalog AggregationTransport UserPassword	Required. The encrypted password used by the out-of-the-box `codarCatalogAggregationTransportUser` user (defined in the `CSA_HOME\jboss‑as\standalone\ deployments\csa.war\WEB-INF\ applicationContext-security.xml` file). The codarCatalogAggregationTransportUser user account is used to authenticate catalog aggregation REST API calls with Codar (it should not be used to log in to the Codar Console). The password should be encrypted (see Encrypt password for instructions). If you change this password, you must also update the password using the catalog aggregation registration REST APIs. For more information about this user account, see Change Codar out-of-the-box user accounts for Windows and Linux.
securityEncrypted SigningKey	Codar's encrypted signing key used to encrypt and decrypt authentication data passed between Codar and the Identity Management component. If you change this key, you must also update the `idm.encryptedSigningKey` property in the `CSA_HOME\jboss-as\standalone\deployments\ idm-service.war\WEB-INF\spring\applicationContext.properties` file. The key should be encrypted (see Encrypt passwordfor instructions. The encrypted key is preceded by `ENC` without any separating spaces and is enclosed in parentheses.
com.hp.ccue.consumption disallowedExtensions	A comma-delimited list of the file extensions that designate the types of documents or files that cannot be uploaded to the Codar Console. Default: exe,bat,com,cmd
csa.additionalSupported ExtensionsForImport	A comma-delimited list of the file extensions that designate the types of documents or files that can be uploaded to the Codar Console. The file extensions listed can be the sole extension of the file (for example, `mydocument.txt`, where `txt` is one of the listed file extensions) or the start of the file extension (for example, `mydocument.txt_3491767613`). Files can be uploaded using the Codar Console, the content archive tool, or the import API. See the Codar Console Help or Codar API and CLI Reference Guide for more information about using these features. The following extensions are automatically supported (and do not need to be defined by this property): jpg, jpeg, jpe, jfif, svg, tif, tiff, ras, cmx, ico, pnm, pbm, pgm, ppm, rgb, xbm, xpm, xwd, png, gif, bmp, cod, ief, json, xml, jsp, jspf. Default: (no default defined) Example: txt,log
csa.maxFileUploadSize	The maximum size of a file, in megabytes (MB), that can be uploaded to the Codar system using the Codar Console. If this property is not listed or is not set in the `csa.properties` file, the default maximum size of 50 MB is used. Default: 50 (MB)
csa.war.images.directory.byteLimit	A total size limit for all images or icons that are uploaded into `CSA_HOME/jbossas/ standalone/deployments/csa.war/images`. The limit is used to prevent exhausting of server disk space through image upload in UI. Unit: bytes. Default: 500000000 bytes (500 MB)
csa.war.images.directory.smallFileByteOv erhead	Used when computing space occupied by existing image/icon files (see above csa.war.images.directory.byteLimit). For each file in the images directory, a value of this property is added to its size to account for the overhead of small files on the file system. Unit: bytes. Default: 4096 bytes
enableSecurityWarning	Enables/disables the security warning messages for files that are uploaded or downloaded in the Cloud Service Management Console. Value is true or false. enableSecurityWarning is in the`CSA_HOME\jbossas\ standalone\deployments\csa.war\offerings\conf ig.json` file. Default: true

Codar keystore

These properties are used to configure information about Codar's keystore.

These properties are configured in csa.properties.

Property Description

csaTruststore

Property	Description
csaTruststore	Required. The Codar keystore that stores trusted Certificate Authority certificates. Default: No default specified Example `CSA_JRE_HOME/lib/security/cacerts` Note Use only forward slashes (/) as your path separators.
csaTruststorePassword	Required. The encrypted password of the Codar keystore (see Encrypt password). An encrypted password is preceded by `ENC` without any separating spaces and is enclosed in parentheses. Default: No default specified Example `ENC(9eC7TTnB0uGOGK5U648UITcEV5AuV5T)`

Required. The Codar keystore that stores trusted Certificate Authority certificates.

Default: No default specified

Example
CSA_JRE_HOME/lib/security/cacerts

Note Use only forward slashes (/) as your path separators.

csaTruststorePassword

Required. The encrypted password of the Codar keystore (see Encrypt password). An encrypted password is preceded by ENC without any separating spaces and is enclosed in parentheses.

Default: No default specified

Example

ENC(9eC7TTnB0uGOGK5U648UITcEV5AuV5T)

Service request processor scheduler

These properties are used to configure the service request processor scheduler. The service request processor scheduler validates a consumer's requests, initiates the approval process, if configured, and maintains a request's status.

These properties are configured in csa.properties.

Property	Description
serviceRequestProcessorScheduler.maxInstancesToProcess	Optional. The maximum number of service requests the service request processor can process when it checks the start and end dates of submitted subscriptions. Default: 100
serviceRequestProcessorScheduler.period	Optional. How often, in milliseconds, the service request processor checks the start and end dates of submitted subscriptions. Default: 5000 (5 seconds)

Property

Description

serviceRequestProcessorScheduler.maxInstancesToProcess

Optional. The maximum number of service requests the service request processor can process when it checks the start and end dates of submitted subscriptions.

Default: 100

serviceRequestProcessorScheduler.period

Optional. How often, in milliseconds, the service request processor checks the start and end dates of submitted subscriptions.

Default: 5000 (5 seconds)

Thread pool

These properties are used to configure thread pool.

Property	Description
com.hp.csa.service.process.ReleaseGateExecutor.DEPLOY_POOL_SIZE	Size of the thread pool for the release gate deploy action. Default: 2
com.hp.csa.service.process.ReleaseGateExecutor.CUSTOM_POOL_SIZE	Size of the thread pool for the release gate custom action. Default: 2
com.hp.csa.service.process.ReleaseGateExecutor.APPROVAL_POOL_SIZE	Size of the thread pool for the release gate approval action Default: 2
com.hp.csa.ReleaseGateExecutor.THREAD_WAKEUP_TIME	Thread pool wake up time for the release gate execution engine. The engine will sleep for the specified time in milliseconds Default:5000
com.hp.csa.ReleaseGateExecutor.THREAD_POOL_CORE_SIZE	Default thread pool size for all release gate actions Default: 2
com.hp.csa.service.process.ReleaseGateExecutor.REQUEST_MAX_SIZE	The maximum number of release gate instances that will be fetched by the engine at any point of time. Default: 30

Approvers

Property	Description
codar.ReleaseGate.Approver.MAX_LIMIT	The maximum number of approvers you can set to approve release gate action. Default: 10

Property

Description

codar.ReleaseGate.Approver.MAX_LIMIT

The maximum number of approvers you can set to approve release gate action.

Default: 10

Auditing

These properties are used to configure auditing.

These properties are configured in csa.properties.

Property Description

csaAuditEnabled

Property	Description
csaAuditEnabled	Optional. Enable or disable auditing, which tracks user activities and system-generated events. Messages are logged to the `CSA_AUDIT_EVENT` table in the database. Default: true (enabled)
jboss.shutdown. log.location	Required. This property is set during installation and must not be changed. The location of the JBoss log file that records when the Codar service was stopped. Used for auditing purposes. Default: `CSA_HOME/jboss‑as/bin/shutdown.log` Note Use only forward slashes (/) as your path separators.

Optional. Enable or disable auditing, which tracks user activities and system-generated events. Messages are logged to the CSA_AUDIT_EVENT table in the database.

Default: true (enabled)

jboss.shutdown.
log.location

Required. This property is set during installation and must not be changed. The location of the JBoss log file that records when the Codar service was stopped. Used for auditing purposes.

Default: CSA_HOME/jboss‑as/bin/shutdown.log

Note Use only forward slashes (/) as your path separators.

Process execution manager

These properties are used to configure the process execution manager. The process execution manager starts internal actions and Operations Orchestration flow actions, checks the status of process instances, and performs callback once the actions are completed.

These properties are configured in csa.properties.

Property	Description
`com.hp.csa.ProcessExecutor.THREAD_WAKEUP_TIME`	Optional. How often, in milliseconds, the process execution manager starts new process instances (which start Operations Orchestration flows) and checks the status of process instances. Default: 5000 (5 seconds)
`com.hp.csa.ProcessExecutor.THREAD_POOL_CORE_SIZE`	Optional. The maximum number of threads used to run process instances. Default: 2
`com.hp.csa.PEM.PARAM_PROCESS_INSTANCE_ID`	Optional. The token that stores the process instance ID and is used when Codar starts an Operations Orchestration flow. Default: `CSA_PROCESS_ID`
`com.hp.csa.PEM.PARAM_CONTEXT_ID`	Optional. The token that stores the artifact ID of the artifact that owns the action that executes the Operations Orchestration flow. Default: `CSA_CONTEXT_ID`

Lifecycle engine

These properties are used to configure the lifecycle engine. The lifecycle engine processes service instances and executes lifecycle actions.

These properties are configured in csa.properties.

Property	Description
`com.hp.csa.LifecycleExecutor.THREAD_WAKEUP_TIME`	Optional. How often, in milliseconds, the lifecycle engine checks for service components that it needs to transition. Default: 5000 (5 seconds)
`com.hp.csa.LifecycleExecutor.THREAD_POOL_SIZE`	Optional. The maximum number of threads used to transition service components. Default: 2
`application.lifecycle.stage.limit`	Optional. The maximum number of lifecycle stages that can be created. Default: 12 If you set it to a value greater than 12, it will default to a value of 12. That is, you cannot create more than 12 lifecycle stages.
`custom.roles.limit`	Optional. The maximum number of roles that can be created. Default: 100 If you set it to a value greater than 100, it will default to a value of 100. That is, you cannot create more than 100 roles.

Approval engine scheduler

This property is used to configure the approval engine scheduler. The approval engine scheduler checks each approver's response to a pending approval process to see if the process can be marked as completed and updates the decision and status of an approval process, as needed.

This property is configured in csa.properties.

Property Description

Property	Description
`com.hp.csa.ApprovalDecisionMaker.THREAD_WAKEUP_TIME`	Optional. How often, in minutes, the approval engine scheduler checks for completion of an approval process to determine if an approval process should be approved or denied. Default: 1

com.hp.csa.ApprovalDecisionMaker.THREAD_WAKEUP_TIME

Optional. How often, in minutes, the approval engine scheduler checks for completion of an approval process to determine if an approval process should be approved or denied.

Default: 1

LDAP cache scheduler

These properties are used to configure the LDAP cache scheduler. The LDAP cache scheduler checks the age of the user group cache and deletes it if it has expired.

For users who can log in to the Codar Console, certain actions require authorization (verification if the user belongs to a group). When authorization is requested for a user, Codar checks for group membership by using the cache. If the cache does not exist, LDAP is queried for the user's user groups which are temporarily cached to the database. After a configured expiration time, the cache is deleted. During a single session, the cache may be deleted and refreshed as needed.

These properties are configured in csa.properties.

Property Description

Property	Description
`com.hp.csa.UserGroupExecutor.THREAD_WAKEUP_TIME`	Optional. How often, in minutes, the LDAP cache scheduler checks for user group caches that have expired. This number should be less than the value configured for `com.hp.csa.UserGroupExecutor. CACHE_EXPIRATION_TIME`. Default: 20
`com.hp.csa.UserGroupExecutor.CACHE_EXPIRATION_TIME`	Optional. How long, in minutes, LDAP user groups for a user are temporarily cached in the database before they are deleted. This time should be greater than the value configured for `com.hp.csa.UserGroupExecutor. THREAD_WAKEUP_TIME`. Default: 30
`com.hp.csa.UserGroupExecutor.UserGroupDeletionBatchSize`	Optional. The maximum number of user IDs that are deleted in a single batch from the cache. This number cannot be larger than 1,000. Default: 250

com.hp.csa.UserGroupExecutor.THREAD_WAKEUP_TIME

Optional. How often, in minutes, the LDAP cache scheduler checks for user group caches that have expired. This number should be less than the value configured for com.hp.csa.UserGroupExecutor. CACHE_EXPIRATION_TIME.

Default: 20

com.hp.csa.UserGroupExecutor.CACHE_EXPIRATION_TIME

Optional. How long, in minutes, LDAP user groups for a user are temporarily cached in the database before they are deleted. This time should be greater than the value configured for com.hp.csa.UserGroupExecutor. THREAD_WAKEUP_TIME.

Default: 30

com.hp.csa.UserGroupExecutor.UserGroupDeletionBatchSize

Optional. The maximum number of user IDs that are deleted in a single batch from the cache. This number cannot be larger than 1,000.

Default: 250

Clustering

This property is used to configure clustering.

This property is configured in csa.properties.

Property Description

deploymentMode

Property	Description
deploymentMode	Required. The mode in which Codar is running (single or clustered). When set to `single`, Codar runs in standalone mode (on a single instance) and all Codar services are run on this instance. When set to `clustered`, Codar runs in domain mode (in a clustered environment) and all Codar services are run on the master node. If you are using Microsoft SQL Server as your database, this property must be set to `single`. If you are running on Linux, this property must be set to `single`. Default: single

Required. The mode in which Codar is running (single or clustered). When set to single, Codar runs in standalone mode (on a single instance) and all Codar services are run on this instance. When set to clustered, Codar runs in domain mode (in a clustered environment) and all Codar services are run on the master node.

If you are using Microsoft SQL Server as your database, this property must be set to single.

If you are running on Linux, this property must be set to single.

Default: single

Dynamic property

These configuration properties are used to limit the amount of time to retrieve data and the amount of data retrieved when using a dynamic property. A dynamic property is a Dynamic Query value entry method for a subscriber option property that defines what information is retrieved. A dynamic property allows the Service Designer to list a dynamic set of values that change based on the user context (for example, the organization to which the user belongs).

These properties are configured in csa.properties.

Property Description

Property	Description
`DynamicPropertyFetch.READ_TIMEOUT`	Optional. How long, in milliseconds, Codar attempts to fetch or retrieve data for dynamic properties. Default: 3000 (3 seconds)
`DynamicPropertyFetch.RESPONSE_SIZE`	Optional. The maximum amount of data, in bytes, that can be retrieved for dynamic properties. Default: 50000

DynamicPropertyFetch.READ_TIMEOUT

Optional. How long, in milliseconds, Codar attempts to fetch or retrieve data for dynamic properties.

Default: 3000 (3 seconds)

DynamicPropertyFetch.RESPONSE_SIZE

Optional. The maximum amount of data, in bytes, that can be retrieved for dynamic properties.

Default: 50000

Group approval

This configuration property is used when configuring a group approval template.

This property is configured in csa.properties.

Property Description

Property	Description
`csa.group.numberOfApprovers`	Optional. The maximum number of members in an LDAP group used for approvals. For reasonable performance, do not specify more than ten (10) members. Default: 10

csa.group.numberOfApprovers

Optional. The maximum number of members in an LDAP group used for approvals. For reasonable performance, do not specify more than ten (10) members.

Default: 10

FIPS 140-2 Configuration

These configuration properties are used to configure Codar to be compliant with FIPS 140-2.

Note The csaTruststore and csaTruststorePassword properties are repeated here because you may need to update them for FIPS 140-2 configuration. These properties are configured in a different section of the csa.properties file.

These properties are configured in csa.properties.

Property	Description
useExternalProvider	Required if enabling FIPS 140-2 compliance mode. To enable, set this property to true. To disable, set this property to false or comment it out. When enabled, Codar uses the RSA BSAFE libraries to encrypt and decrypt passwords. If a password was encrypted using different libraries (for example, if the password was encrypted before this property is enabled), the resulting decrypted password will not be valid. If you cannot connect to the database after you have configured Codar for FIPS 140-2 compliance, try re-encrypting the database password in the database properties file. Default: commented out/disabled
securityProviderName	Required if FIPS 140-2 compliance mode is enabled. The name of the FIPS 140-2 compliant provider. By default, HP Codar uses the RSA BSAFE provider and this property should be set to JsafeJCE.
keySize	Optional. The key size used for Codar encryption. By default, the key size is 128. If you manually enter a different key size when encrypting a password, uncomment this property and configure the value to the key size used to encrypt the passwords. Note All passwords must be encrypted using the same key size. By default, the password encryption utility encrypts all passwords using a key size of 128 (even if you do not specify a key size when running the utility).
keystore	Required if FIPS 140-2 compliance mode is enabled. The absolute path to and file name of the Codar encryption keystore. This is the keystore that supports PKCS #12 and stores the key used by Codar to encrypt and decrypt data in Codar. Example (this example uses the same example name from Create an Codar Encryption Keystore section [writer: this section is part of the FIPS 140-2 Compliance chapter that was removed from this guide since FIPS is not supported for 1.50): `CSA_HOME/jboss-as/standalone/ configuration/csa_encryption_keystore.p12` Note Use only forward slashes (/) as your path separators.
keyAlias	Required if FIPS 140-2 compliance mode is enabled. The alias used to identify the Codar encryption key in the Codar encryption keystore. Example (this example uses the same example namefrom Create a Codar Encryption Keystore section [writer: this section is part of the FIPS 140-2 Compliance chapter that was removed from this guide since FIPS is not supported for 1.50]: csa_encryption_key
keystorePasswordFile	Required if FIPS 140-2 compliance mode is enabled. The absolute path to and file name of the Codar encryption keystore password. This is a temporary file that stores the Codar encryption keystore password in clear text. This file is required to start the Codar service and is automatically deleted when the service is started. The password file must contain only the following content: `keystorePassword=< Codar encryption keystore password>` where `< Codar encryption keystore password>` is the Codar encryption keystore password in clear text. Note Use only forward slashes (/) as your path separators.
encryptedKeyFile	Required if FIPS 140-2 compliance mode is enabled. The location of the Codar encrypted symmetric key. Example (this example uses the same example name from Create a Codar Encryption Keystore section [writer: this section is part of the FIPS 140-2 Compliance chapter that was removed from this guide since FIPS is not supported for 1.50]: `CSA_HOME/jboss-as/standalone/ configuration/key.dat` Note Use only forward slashes (/) as your path separators.
csaTruststore	Required. The Codar keystore that stores trusted Certificate Authority certificates. Note This property is located in another section of the `csa.properties` file. Its description is repeated here as its value should be updated when Codar has been configured to be compliant with FIPS 140‑2. Example (this example uses the same example name of the Codar server truststore from Create aCodar Encryption Keystore section [writer: this section is part of the FIPS 140-2 Compliance chapter that was removed from this guide since FIPS is not supported for 1.50]: `CSA_HOME/jboss-as/standalone/ configuration/csa_server_truststore.p12` Note Use only forward slashes (/) as your path separators.
csaTruststorePassword	Required. The encrypted password of the Codar keystore (see Encrypt password). An encrypted password is preceded by `ENC` without any separating spaces and is enclosed in parentheses. Default: No default specified Example `ENC(9eC7TTnB0uGOGK5U648UITcEV5AuV5T)` Note This property is located in another section of the `csa.properties` file. Its description is repeated here as its value should be updated when Codar has been configured to be compliant with FIPS 140‑2. This is the < Codar server truststore password> from Create a Codar Encryption Keystore section [writer: this section is part of the FIPS 140-2 Compliance chapter that was removed from this guide since FIPS is not supported for 1.50].

Common Access Card

This property is used to enable integration between Common Access Card and Codar.

This property is configured in csa.properties.

Property	Description
enableCAC	Optional. Enable integration between Common Access Card (CAC) and Codar, where the Common Access Card is used as an approval mechanism. To enable, this property must be uncommented and set to true. To disable, either comment out the property or set it to false. Default: (disabled)

Property

Description

enableCAC

Optional. Enable integration between Common Access Card (CAC) and Codar, where the Common Access Card is used as an approval mechanism. To enable, this property must be uncommented and set to true. To disable, either comment out the property or set it to false.

Default: (disabled)

Single sign-on

This property is used to enable integration between CA SiteMinder and Codar.

This property is configured in csa.properties.

Property	Description
enableSSO	Optional. Enable integration between CA SiteMinder and Codar, where the SiteMinder is used for single sign-on. To enable, this property must be uncommented and set to true. To disable, either comment out the property or set it to false. Default: (disabled)

Property

Description

enableSSO

Optional. Enable integration between CA SiteMinder and Codar, where the SiteMinder is used for single sign-on. To enable, this property must be uncommented and set to true. To disable, either comment out the property or set it to false.

Default: (disabled)

Single Sign-On

This property is used to enable integration between Single Sign-On (Single Sign-On) and the Codar Console. Single Sign-On can be used when launching an application, such as the embedded Operations Orchestration, from the Codar Console. If you have installed or plan to integrate another single sign-on application or common access card with Codar, additional configuration to integrate with the Single Sign-On is required.

This property is configured in csa.properties.

Property	Description
enableHPSSO	Optional. Enable integration between Single Sign-On and the Codar Console. To enable, this property must be uncommented and set to true. To disable, either comment out the property or set it to false. In a FIPS 140-2 compliant environment, this property must be set to false or must be commented out. This property is automatically set during installation.

Property

Description

enableHPSSO

Optional. Enable integration between Single Sign-On and the Codar Console. To enable, this property must be uncommented and set to true. To disable, either comment out the property or set it to false.

In a FIPS 140-2 compliant environment, this property must be set to false or must be commented out.

This property is automatically set during installation.

Process executor delegate

These properties are used to configure the process executor delegate. The process executor delegate handles processing of the process instances. It discovers the ready instances, submits them to different thread pools for processing based on process definition and model type (sequenced or topology).

These properties are configured in csa.properties.

Property	Description
`com.hp.csa.service.process.ProcessExecutorDelegate.` `INTERNAL_POOL_SIZE`	Optional. The maximum number of threads used for processing internal executors (for example, clone patterns). Default: 2
`com.hp.csa.service.process.ProcessExecutorDelegate.` `EXTERNAL_POOL_SIZE`	Optional. The maximum number of threads used for processing external executors (for example, Operations Orchestration). Default: 2
`com.hp.csa.service.process.ProcessExecutorDelegate.` `CALLBACK_POOL_SIZE`	Optional. The maximum number of threads used by the callback pool. Default: 2
`com.hp.csa.service.process.ProcessExecutorDelegate.` `MONITOR_POOL_SIZE`	Optional. The maximum number of threads used by the monitor pool. Default: 2

Miscellaneous

The following is a miscellaneous property that does not fall under any specific category.

This property is configured in csa.properties.

Property	Description
com.hp.csa.aosMonitor. THREAD_WAKEUP_TIME	Optional. How often, in milliseconds, the background thread monitors plug-in processes. Default: 20000
com.hp.csa.TimeoutChecker. THREAD_WAKEUP_TIME	Optional. How often, in milliseconds, the background thread monitors for processes that have timed out. Default: 300000
com.hp.csa.ExportSvcOffering.THREAD_WAKEUP_ TIME	Defines the background service wakeup time to export non-posted offerings, subscriptions and instances into Elasticsearch. When the CSA service starts, the background service wakes up. If there are no records to be exported to elasticsearch then the background services dies immediately. Otherwise the background service exports records into elasticsearch in the batches of the property defined in com.hp.csa.ExportSvcOffering.FETCH_SIZE. The background service continues to run until it processes all the non-posted records available in the CSA database. If the background service is not running, it wakes-up again according to the time defined in this property. The value of this property should be in milliseconds.
com.hp.csa.ExportSvcOffering.FETCH_SIZE	Defines the number of records to be processed at a time. The SQL used to fetch the records from the CSA database, uses this property value to limit the number of records that can be fetched from the database and then exported to Elasticsearch.
com.hp.csa.plugin.cloudos.util.TokenCache.TIMEOUT	Identity Management component token cache timeout, in milliseconds. Every REST call to CSA (such as for provisioning) is authenticated by Identity. Management. CSA uses trustId to get the authentication token from Identity Management. Because these REST calls can be more frequent, this property allows you to define the cache timeout to prevent enormous sizes during the REST call’s authentication lifecycle. Default value: 300000 (5 minutes) Value 0 disables cache
com.hp.csa.import.BUILD_ARTIFACT_ RELATIONSHIP	Disables the artifact relationship section of the import/preview results.
loggerEnabled	Enables the logging filter for the legacy REST APIs, so that the requesting user and artifact information is logged.
csa.productPerspective	Determines which version of CSA has been installed: Enterprise or Codar.
jdbc.dialect	Holds explicitly set Hibernate dialect for a given database. Recommended values for the databases are: MSSQL: org.hibernate.dialect.SQLServer2008Dialect Oracle: org.hibernate.dialect.Oracle10gDialect PostgreSQL: org.hibernate.dialect.PostgreSQLDialect

Operations Orchestration

These properties are configured in csa.properties.

The following properties configure the interaction between the Codar Console and Operations Orchestration. In the subscription event overview section of the Operations area in the Codar Console, selecting the Process ID opens Operations Orchestration to the detailed page of the selected process when these properties are configured.

Property	Description
OOS_URL	The URL used to access Operations Orchestration Central. This is the Operations Orchestration used for provisioning topology designs (Operations Orchestration version 10.21). Set this URL to the system on which Operations Orchestration version 10.21 is installed. For example, `https://<hostname>:8443`.
OOS_USERNAME	The username used to log in to Operations Orchestration Central. Set this username to admin.
OOS_PASSWORD	The encrypted password used by the user defined in `OOS_USERNAME` to log in to Operations Orchestration Central. Set this property to the encrypted value of the user defined in `OOS_USERNAME` (see Encrypt password). An encrypted password is preceded by `ENC` without any separating spaces and is enclosed in parentheses.
embedded.oo.root.dir	Location of the embedded Operations Orchestration when it is installed with Codar. This property is generated when embedded Operations Orchestration is installed during the Codar installation. This property is the only indicator of embedded Operations Orchestration, which is important mainly for uninstallation and upgrades. This property cannot be edited.

The following properties configure background services to monitor Operations Orchestration.

Property Description

Property	Description
`com.hp.csa.oo.OOClient.SOCKET_TIMEOUT`	Optional. How long, in milliseconds, Codar keeps a socket open for SOAP-based communication with Operations Orchestration. Default: 60000
`com.hp.csa.OosMonitor.THREAD_WAKEUP_TIME`	Optional. How often, in milliseconds, the background thread monitors Operations Orchestration processes. Default: 60000
`com.hp.csa.service.process.OosMonitorDelegate.MONITOR_POOL_SIZE`	Optional. The maximum number of threads used by the monitor pool. Default: 2

com.hp.csa.oo.OOClient.SOCKET_TIMEOUT

Optional. How long, in milliseconds, Codar keeps a socket open for SOAP-based communication with Operations Orchestration.

Default: 60000

com.hp.csa.OosMonitor.THREAD_WAKEUP_TIME

Optional. How often, in milliseconds, the background thread monitors Operations Orchestration processes.

Default: 60000

com.hp.csa.service.process.OosMonitorDelegate.MONITOR_POOL_SIZE

Optional. The maximum number of threads used by the monitor pool.

Default: 2

Codar API authentication

These properties are used to configure authentication for the Codar 1.80 API. For details, see the Codar API and CLI Reference Guide.

Topology designer

These properties are used to configure the features of topology designs. Topology designs are built using components supported by various resource provider types and each component is bound to a specific provider type.

These properties are configured in csa.properties.

Property	Description
TopologyDesignProvisioning. TIMEOUT	Optional. The amount of time, in seconds, Codar attempts to provision or de-provision a topology design that is not based on an Helion OpenStack® provider (topology design provisioning and de-provisioning is orchestrated by interacting with resource providers corresponding to the components used in the design). If the time is exceeded, in the Operations area of the Codar Console, the subscription (to a service offering that is created from a topology design that is not based on an HPE Helion OpenStack® provider) will show a Subscription Status of `Failed` and a Service Instance Status of `Failed`. If you select the Events tab of the subscription, the event will show a Status of `Timeout`. If you select the Topology tab of the subscription, the topology view will show the status of the components in the service instance as their respective status just before the timeout occurred. HPE recommends that this value is set to the same value as the Operations Orchestration flow timeout value. Default: 7200 (2 hours)
OrchestratedTopologyDesignProvisioning. ProviderSelection.Enabled	Optional. Enable or disable the resource provider selection option (displaying or not displaying this option to a subscriber) for topology designs that are not based on an Helion OpenStack® provider. Default: true (enabled)
`csa.topology.expressDesignEnabled`	Optional. Enable or disable express designs in the topology designer. Express designs simplify the process of creating basic Helion OpenStack® topology designs. Default: false
`csa.topology.calloutsEnabled`	Optional. Enable or disable the `Pre-create Callout` and `Post-create Callout` properties of the Server Group Type component in the topology designer. See the Codar Console Help for more information about these properties. Default: false
`csa.topology.CloudOsSpecEnabled`	Optional. Enable or disable the OpenStack tab in the Create new design dialog in the topology designer. The tab allows the designer to select an OpenStack provider when creating a topology design. Default: false

Session timeout

This property is used to configure the Codar Console session.

This property is configured in web.xml.

Property	Description
session-timeout	Optional. The amount of inactivity, in minutes, that causes the Codar Console session to time out. Default: 60

Property

Description

session-timeout

Optional. The amount of inactivity, in minutes, that causes the Codar Console session to time out.

Default: 60

Scheduler

You can use the following properties to configure the scheduling services in Codar. The Scheduling Service schedules the following actions:

Promotion of packages across lifecycle stages at a specific time.
Purge deployments. This is a recurring action that repeats based on the interval defined during cleanup schedule creation. It cancels all the deployments that satisfy the criteria specified at the time of creation of the schedule.
Purge packages . This is a recurring action that repeats based on the interval defined during cleanup schedule creation. It deletes all packages that have no deployments or that have only deployments in Cancelled or Cancel Failed state.

These properties are configured in csa.properties.

Property	Description
com.hp.csa.SchedulerExecutor.SCHEDULER_POOL_SIZE	Optional. Set the size of the thread pool for Codar scheduler. Default: 2
com.hp.csa.SchedulerExecutor.THREAD_WAKEUP_TIME	Optional. Set the thread wake-up time (in milliseconds) for the scheduler engine. The engine will go to Sleep mode for the specified duration. Default: 600000
com.hp.csa.SchedulerExecutor.SCHEDULED_JOB_MAX_SIZE	Optional. Set the maximum number of schedule jobs that will be processed by the engine at any point of time. Default: 20
com.hp.csa.CleanupScheduler.MAX_PACKAGES_SIZE	Optional. Set the maximum number of packages that will be cleaned up in a scheduled package cleanup action. Default: 30
com.hp.csa.CleanupScheduler.MAX_DEPLOYMENTS_SIZE	Optional. Set the maximum number of deployments that will be cleaned up in a scheduled deployment cleanup action. Default: 30
com.hp.csa.PromotionScheduler.MAX_ACTIVE_SCHEDULES_PER_DAY	Optional. Set the maximum number of promotion schedules allowed per day across designs and lifecycle stages. Default: 50 Maximum allowed value is 100. If you enter a value greater than 100, it will be considered as 100.
codar.CleanupScheduler.PURGE_NOTIFICATION	Optional. Enable/disable scheduler notifications for deletion of packages and cancellation of deployments. If you set this to `true` then advance notifications are sent to the owner of the packages/deployments that are qualified for deletion/cancellation respectively. In addition to the advance notification, another notification is sent to the owners when the package deletion or deployment cancellation is triggered. Default: true

Restart Codar service

After modifying the csa.properties file, restart Codar, see Restart Codar .

Send Help Center feedback