IMEX Service Config Options

The configurable parameters and options used by the IMEX Service are specified through a text config file. The following section lists the currently supported configurable parameters and options.

Note: The IMEX config file is read as part of the IMEX service startup process. If you change the config file options, for the new settings to take effect, restart the IMEX service.

Logging-Related Config Items

This section provides information about logging-related config items.

Setting the Log File Location and Name

• Config Item
  LOG_FILE_NAME=<value>

• Supported/Possible Values
  The complete path/filename string (max length of 256) for the log.

• Default Value
  LOG_FILE_NAME=/var/log/nvidia-imex.log

Setting the Statistics Log File Location and Name

• Config Item
  STATS_FILE_NAME=<value>

• Supported/Possible Values
  The complete path/filename string (max length of 256) for the statistics log.
  If the string is configured same as LOG_FILE_NAME, the statistics logs will also be pushed to the same log file.

• Default Value
  STATS_FILE_NAME=/var/log/nvidia-imex-stats.log

Setting Desired Log Level

• Config Item
  LOG_LEVEL=<value>

• Supported/Possible Values

  • 0: All the logging is disabled

  • 1: Set log level to CRITICAL and above

  • 2: Set log level to ERROR and above

  • 3: Set log level to WARNING and above

  • 4: Set log level to INFO and above

• Default Value
  LOG_LEVEL=4

Setting Log File Append Behavior

• Config Item
  LOG_APPEND_TO_LOG=<value>

• Supported/Possible Values:

  • 0: No, do not append to the existing log file and overwrite the existing log file.

  • 1: Yes, append to the existing log file every time IMEX service is started.

• Default Value
  LOG_APPEND_TO_LOG=1

Setting Log File Size

• Config Item
  LOG_FILE_MAX_SIZE=<value>

• Supported/Possible Values

  • The max log file size in MBs.

After the specified size is reached, IMEX will skip additional logging to the specified log file.

• Default Value
  LOG_FILE_MAX_SIZE=1024

Redirect Logs to Syslog

• Config Item
  LOG_USE_SYSLOG=<value>

• Supported/Possible Values

  • 0: Uses the specified log file to store IMEX logs.

  • 1: Redirects the IMEX logs to syslog instead of file-based logging.

• Default Value
  LOG_USE_SYSLOG=0

Rotation Settings

• Config Item
  LOG_MAX_ROTATE_COUNT=<value>

• Supported/Possible Values

  • 0: The log is not rotated.
    Logging is stopped when the log file reaches the size specified in the LOG_FILE_MAX_SIZE option.

  • Non-zero: Rotate the current log file when it reaches the individual log file size.

  The combined IMEX log size is LOG_FILE_MAX_SIZE multiplied by LOG_MAX_ROTATE_COUNT + 1.
  After this threshold is reached, the oldest log file will be purged.

• Default Value
  LOG_MAX_ROTATE_COUNT=3

Note The IMEX Service log is in a clear-text format, and NVIDIA recommends that you run the IMEX service with logging enabled at the INFO level for troubleshooting field issues. |

Miscellaneous Config Items

This section provides information about miscellaneous config items.

Prevent IMEX from Daemonizing

• Config Item
  DAEMONIZE=<value>

• Supported/Possible Values

  • 0: Do not daemonize and run IMEX as a normal process.

  • 1: Run the IMEX process as a Unix daemon.

• Default Value
  DAEMONIZE=1

IMEX Service Communication Socket Interface

• Config Item
  BIND_INTERFACE_IP=<value>

• Supported/Possible Values
  Network interface to listen for the IMEX internal communication/IPC, and this value should be a valid IPv4 or IPv6 address. If this value is empty, it will automatically try to find an IP address in the IMEX_NODE_CONFIG_FILE that matches the IP addresses available via the system interface list.

• Default Value
  BIND_INTERFACE_IP=

IMEX Service Communication TCP Listening Port

• Config Item
  SERVER_PORT=<value>

• Supported/Possible Values
  TCP port number for the IMEX internal communication/IPC, and this value should be between 0 and 65535.

• Default Value
  SERVER_PORT=50000

Note: this configuration may be overridden by command line option [-p | –port]. See 2.5 for command line help. |

IMEX Service Node Configuration File Location

• Config Item
  IMEX_NODE_CONFIG_FILE=<value>

• Supported/Possible Values
  Name of the file that contains the IP addresses of the nodes that are in this IMEX domain.

• Default Value
  IMEX_NODE_CONFIG_FILE=/etc/nvidia-imex/nodes_config.cfg

IMEX Service Network Interface

• Config Item
  NETWORK_INTERFACE=<value>

• Supported/Possible Values
  Name of the network interface used for communication.
  If empty, NETWORK_INTERFACE will be determined by matching bind IP to the list of system network interfaces. This configuration is only necessary if the bind IP is present on multiple network interfaces.

• Default Value
  NETWORK_INTERFACE=

IMEX Service Outgoing Network Interface

• Config Item
  OUTGOING_NETWORK_INTERFACE=<value>

• Supported/Possible Values
  Name of the network interface used for communication.
  If empty, outgoing network interface will be determined automatically.
  This is only necessary if you want to force all outgoing connections to use a particular interface.

• Default Value
  OUTGOING_NETWORK_INTERFACE=

IMEX Service Connection Wait Timeout

• Config Item
  IMEX_CONN_WAIT_TIMEOUT=<value>

• Supported/Possible Values
  Timeout (in seconds) for IMEX to wait for establishing connection with all other nodes in the IMEX_NODE_CONFIG_FILE. A value of -1 will wait forever.

• Default Value
  IMEX_CONN_WAIT_TIMEOUT=-1

IMEX Quorum establishment

• Config Item
  IMEX_WAIT_FOR_QUORUM=<value>

• Supported/Possible Values

  • NONE: Do not wait for any quorum with other nodes.

  • RECOVERY: If an unsafe nvidia-imex termination occurs, wait until the nodes that had imported from this node to connect, which allows them to safely clean up any potentially hanging references.

• Default Value
  IMEX_WAIT_FOR_QUORUM=RECOVERY

DSCP override for listening socket and outgoing client connections

• Config Item
  IMEX_GRPC_DSCP_OVERRIDE=<value>

• Supported/Possible Values

  • 0-63: Custom DSCP setting

• Default Value
  IMEX_GRPC_DSCP_OVERRIDE=0

IMEX Service Secure Connections Configuration

This section provides information about configuring secure connections in the IMEX service.

Enable/Disable Secure Connections

• Config Item
  IMEX_ENABLE_AUTH_ENCRYPTION=<value>

• Supported/Possible Values

  • 0: Disable encryption and authentication

  • 1: Enable encryption and authentication

• Default Value
  IMEX_ENABLE_AUTH_ENCRYPTION=0

Note: If this parameter is disabled, the rest of the authentication and encryption parameters will have not be used at run time.

Control Authentication and Encryption Method

• Config Item
  IMEX_AUTH_ENCRYPTION_MODE=<value>

• Supported/Possible Values

  • SSL_TLS – Use SSL/TLS: SSL/TLS-specific parameters need to be configured.

  • GSS_AUTH_ENCRYPT: Use GSSAPI for authentication, integrity, and encryption.
    GSS-specific parameters need to be configured.

  • GSS_AUTH_ONLY: Use GSSAPI for authentication and integrity only, and encryption will be disabled.
    GSS-specific parameters need to be configured.

• Default Value
  IMEX_AUTH_ENCRYPTION_MODE=SSL_TLS

Control the frequency for attempting to reconnect in case of a detected authentication or authorization failure.

• Config Item
  IMEX_UNAUTHORIZED_RECONNECT_INTERVAL_SEC=<value>

• Supported/Possible Values

  • -1: Do not automatically reconnect. Utilize SIGUSR1 to trigger a full reconnect of all connections.

  • >1: Number of seconds to wait between reconnects

  • 0: INVALID – Will be treated as a configuration error

• Default Value
  IMEX_UNAUTHORIZED_RECONNECT_INTERVAL_SEC=30

Control SSL/TLS Authentication Source

• Config Item
  IMEX_AUTH_SOURCE=<value>

• Supported Values:
  This configuration parameter will determine how IMEX retrieves the keys, certificates, and certificate authority for authentication and encryption. If IMEX_ENABLE_AUTH_ENCRYPTION is enabled first, IMEX_AUTH_SOURCE must be configured with one of the following supported values. An empty or unexpected value will prevent initialization.

  • FILE: The provided values are paths to files on the file system.

  • ENV_PATH: The provided values are environment variables names to retrieve, and the values in the environment variables are treated as paths to files on the file system.

  • ENV_VAL: The provided values are environment variable names to retrieve, and the values in the environment variables are treated as the actual values for the key/certificate/certificate authority.

• Default Value
  IMEX_AUTH_SOURCE=

SSL/TLS Server and Client Keys, Certificates, and Certificate Authority Configurations

• Config Item
  IMEX_SERVER_KEY=<value>
IMEX_SERVER_CERT=<value>
IMEX_SERVER_CERT_AUTH=<value>
IMEX_CLIENT_KEY=<value>
IMEX_CLIENT_CERT=<value>
IMEX_CLIENT_CERT_AUTH=<value>

• Supported/Possible Values
  These fields are interpreted based on how IMEX_AUTH_SOURCE is configured.

• Default Value
  IMEX_SERVER_KEY=
IMEX_SERVER_CERT=
IMEX_SERVER_CERT_AUTH=
IMEX_CLIENT_KEY=
IMEX_CLIENT_CERT=
IMEX_CLIENT_CERT_AUTH=

SSL/TLS Security Target Override

• Config Item
  IMEX_SECURITY_TARGET_OVERRIDE=<value>

• Supported/Possible Values
  Overrides the target hostname for authentication of the certificates and keys. This allows certificates with common names that do not match the IP addresses provided for the nodes.
  Here is an example when the certificate has the subject:"/C=US/ST=CA/L=Santa Clara/O=NVIDIA/OU=Test/CN=localhost"
  The certificate validation will expect the connection hostname to be localhost. To override the connection hostname for security purposes to be localhost and allow the connection to succeed, set IMEX_SECURITY_TARGET_OVERRIDE=localhost.

• Default Value
  IMEX_SECURITY_TARGET_OVERRIDE=

SSL/TLS SPIFFE Authorized Principals

• Config Item
  IMEX_SPIFFE_AUTHORIZED_PRINCIPALS=<value>

• Supported/Possible Values
  A comma separated list of authorized principals for use with mTLS. If enabled, any incoming connection that does match one of the principals will be rejected.
  Example:
  IMEX_SPIFFE_AUTHORIZED_PRINCIPALS=spiffe://foo.com/user1,spiffe://bar.com/user2

• Default Value
  IMEX_SECURITY_TARGET_OVERRIDE=

GSS Service Name

• Config Item
  IMEX_GSS_SERVICE_NAME=<value>

• Supported/Possible Values
  Service Principal name to use.

• Default Value
  IMEX_CMD_ENABLED=host

GSS Timeout

• Config Item
  IMEX_GSS_TIMEOUT_SEC=<value>

• Supported/Possible Values
  Specifies the timeout for GSSAPI calls in seconds.

  • -1: Retry indefinitely.

  • >=0: Number of seconds to wait before triggering clean up.

• Default Value
  IMEX_GSS_TIMEOUT_SEC=-1

GSS Retry Interval

• Config Item
  IMEX_GSS_RETRY_INTERVAL_SEC=<value>

• Supported/Possible Values
  Specifies the interval at which to retry failing GSSAPI calls.

  • >=0: Number of seconds to wait between retries.

• Default Value
  IMEX_GSS_RETRY_INTERVAL_SEC=5

GSS Security Context Lifetime

• Config Item
  IMEX_GSS_SEC_CONTEXT_LIFETIME_SEC=<value>

• Supported/Possible Values
  Specifies the lifetime of the GSSAPI security context.

  • -1: Indefinite, nvidia-imex will not manually expire the security context

  • >=0: Lifetime (in seconds) before nvidia-imex manually expires the security context.

  If the system configuration set an expiration value for security contexts, the value will still take effect, and nvidia-imex will refresh the security context at some point before the expiration occurs.

• Default Value
  IMEX_GSS_SEC_CONTEXT_LIFETIME_SEC=-1

GSS Failure Handling

• Config Item
  IMEX_GSS_SHUTDOWN_ON_FAILURE=<value>

• Supported/Possible Values
  Specifies whether nvidia-imex should shut down when it encounters a fatal error or timeout from GSSAPI

  • 1: Shutdown nvidia-imex when a fatal error or timeout occurs.

  • 0: Terminate connection (permanently) to the failing node.

• Default Value
  IMEX_GSS_SHUTDOWN_ON_FAILURE=1

IMEX Service CMD Utility Service Configuration

This section provides information about configuring the CMD utility service.

Enable/Disable CMD Utility Service

• Config Item
  IMEX_CMD_ENABLED=<value>

• Supported/Possible Values

  • 0: Do not enable the CMD service.

  • 1: Enable the CMD service, and the service must be used with IMEX_CMD_PORT (and optionally IMEX_CMD_BIND_INTERFACE_IP) and/or IMEX_CMD_UNIX_DOMAIN_PATH.

• Default Value
  IMEX_CMD_ENABLED=1

CMD Service Bind Port

• Config Item
  IMEX_CMD_PORT=<value>

• Supported/Possible Values
  A TCP port to bind the CMD service to. Optionally, the port can be combined with IMEX_CMD_BIND_INTERFACE_IP to only bind to an ip:port. The value is
  0-65535.

• Default Value
  IMEX_CMD_PORT=50005

CMD Service Bind IP Address

• Config Item
  IMEX_CMD_BIND_INTERFACE_IP=<value>

• Supported/Possible Values
  A TCP IP address to which the CMD service will be bound, and the address must be used with IMEX_CMD_PORT.

• Default Value
  IMEX_CMD_BIND_INTERFACE_IP=

CMD Service UNIX Domain Path

• Config Item
  IMEX_CMD_UNIX_DOMAIN_PATH=<value>

• Supported/Possible Values
  A UNIX domain socket path for the command/control service.

• Default Value
  IMEX_CMD_UNIX_DOMAIN_PATH=