Skip to main content

ICM Configuration Parameters

ICM Configuration Parameters

These tables describe the fields you can include in the configuration files (see Configuration, State and Log Files in the “Essential ICM Elements” chapter and Define the Deployment in the “Using ICM chapter”) to provide ICM with the information it needs to execute provisioning and deployment tasks and management commands. To look up a parameter by name, use the alphabetical list, which includes links to the tables containing the parameter definitions.

General Parameters

The fields in the following table are all used with all cloud providers, and some are used with vSphere and Preexisting as well.

The two rightmost columns indicate whether each parameter is required in every deployment or optional, and whether it must be included (when used) in either defaults.json or definitions.json, is recommended for one file or the other, or can be used in either. For example,

  • A single deployment is always on a single selected provisioning platform (even if subsequently merged with another to create a multiprovider deployment), therefore the Provider parameter is required and must be in the defaults file.

  • Each node type must be specified but a deployment can include multiple node types, thus the Role parameter is required in each definition in the definitions file.

  • Because each node that runs InterSystems IRIS must have a license, but other nodes don’t need one, the LicenseKey setting is required and generally appears in the appropriate definitions in the definitions file.

  • At least one container must be deployed on each node in the deployment, but a single container may be deployed on all the nodes (for instance iris/iris-arm64 across a sharded cluster consisting of DATA nodes only) or different containers on different node types (iris/iris-arm64 on DM and AM, webgateway on WS, arbiter on AR in a distributed cache cluster). For this reason the DockerImage parameter is required and can appear in the defaults file, the definitions file, or both (to specify a default image but override it for one or more node types).

  • Like the image to be deployed, the size of the OS volume can be specified for all nodes in the defaults file, for one or more node types in the definitions file, or in both, but because it has a default it is optional.

Note:

If no default is listed for a parameter, it does not have one.

Parameter Definition Use is ... Config file
Provider Platform to provision infrastructure on; see Provisioning Platforms. required defaults

Label

Tag

Fields in naming scheme for provisioned cloud nodes: Label-Role-Tag-NNNN, for example ANDY-DATA-TEST-0001; should indicate ownership and purpose, to avoid conflicting with others. Multiple deployments should not share the same Label and Tag. Cannot contain dashes. required defaults
LicenseDir Location of InterSystems IRIS license keys staged in the ICM container and individually specified by the LicenseKey field (below); see InterSystems IRIS Licensing for ICM. required defaults
LicenseKey License key for the InterSystems IRIS instance on one or more provisioned DATA, COMPUTE, DM, AM, DS, or QS nodes, staged within the ICM container in the location specified by the LicenseDir field (above). In a configuration containing only DM and AM nodes, a standard license can be used; for all others (that is, sharded clusters), a sharding-enabled license is required. required definitions recommended
Region

(Azure equivalent: Location)

Geographical region of provider’s compute resources in which infrastructure is provisioned. For information on deploying a single configuration in more than one region, see Deploying Across Multiple Regions or Providers. Provider-specific information, including provider documentation: required defaults
Zone Availability zone within the specified region (see above) in which to locate a node or nodes to be provisioned. For information on deploying a single configuration in more than one zone, see Deploying Across Multiple Zones. Provider-specific information: required defaults

ZoneMap

When deploying across multiple zones (see Deploying Across Multiple Zones), specifies which nodes are deployed in which zones. Default: 0,1,2,...,255.

optional definitions
Mirror If true, InterSystems IRIS instances on DATA, DM, and DS nodes are deployed as mirrors; see Mirrored Configuration Requirements. Default: false. optional defaults
MirrorMap Determines mirror member types of mirrored DATA, DS, and DM nodes, enabling deployment of DR async mirror members; see Rules for Mirroring. Default: primary,backup; the term async can be added one or more times to this, for example primary,backup,async,async. optional definitions
ISCPassword Password that will be set for the predefined user accounts on the InterSystems IRIS instances on one or more provisioned nodes. Corresponding command-line option: -iscPassword. If both parameter and option are omitted, ICM prompts for the password. For more information see The icm run Command. optional defaults
Namespace Namespace to be created on deployed InterSystems IRIS instances. This namespace is the default namespace for the icm session and icm sql commands, and can also be specified or overridden by the command-line option -namespace. Default: IRISCLUSTER. optional defaults
DockerImage Docker image to be used for in deployment by icm run command. Must include the repository name (see RepositoriesOpens in a new tab in the Docker documentation). Can be specified for all nodes in defaults.json and optionally overridden for specific node definitions in definitions.json. Can also be specified or overridden using the command-line option -image. required  
DockerRegistry DNS name of the server hosting the Docker repository storing the image specified by DockerImage (see About RegistryOpens in a new tab in the Docker documentation). If not included, ICM uses Docker’s public registry at docker.comOpens in a new tab. For information about the InterSystems Container Registry (ICR), see Downloading the ICM Image in the “Using ICM” chapter. required defaults
DockerUsername Username to use along with DockerPassword (below) for logging in to the Docker repository specified in DockerImage (above) on the registry specified by DockerRegistry (above). Not required for public repositories. If not included and the repository specified by DockerImage is private, login fails. required defaults
DockerPassword Password to use along with DockerUsername (above) for logging in to the Docker registry. Not required for public repositories. If this field is not included and the repository specified by DockerImage is private. ICM prompts you (with masked input) for a password. (If the value of this field contains special characters such as $, |, (, and ), they must be escaped with two \ characters; for example, the password abc$def must be specified as abc\\$def.) required defaults
DockerVersion Version of Docker installed on provisioned nodes. The version in each /Samples/.../defaults.json is generally correct for the platform; however, if your organization uses a different version of Docker, you may want that version installed on the nodes instead.
Important:

Container images from InterSystems comply with the Open Container Initiative (OCIOpens in a new tab) specification, and are built using the Docker Enterprise Edition engine, which fully supports the OCI standard and allows for the images to be certifiedOpens in a new tab and featured in the Docker Hub registry.

InterSystems images are built and tested using the widely popular container Ubuntu operating system, and are therefore supported on any OCI-compliant runtime engine on Linux-based operating systems, both on premises and in public clouds.

optional defaults

DockerURL

URL of the Docker Enterprise Edition repository associated with your subscription or trial; when provided, triggers installation of Docker Enterprise Edition on provisioned nodes, instead of Docker Community Edition. For more information about Docker EE see Docker EnterpriseOpens in a new tab in the Docker documentation.

optional defaults
DockerInit If set to False, the Docker --init option is not passed to all containers other than InterSystems IRIS containers, as it is by default. Default: true. (The --init option is never passed to InterSystems IRIS containers.) optional defaults
Overlay Determines the Docker overlay network type; normally "weave", but may be set to "host" for development, performance, or debug purposes, or when deploying on a preexisting cluster. Default: weave (host when deploying on a preexisting cluster). For more information see Use overlay networksOpens in a new tab in the Docker documentation and How the Weave Net Docker Network Plugins WorkOpens in a new tab in the Weave documentation. optional defaults
DockerStorageDriver Determines the storage driver used by Docker (see Docker storage driversOpens in a new tab in the Docker documentation). Values include overlay2 (the default) and btrfs. If set to overlay2, FileSystem (see below) must be set to xfs; if set to btrfs, FileSystem must be set to btrfs.. optional defaults

FileSystem

Type of file system to use for persistent volumes on provisioned nodes. Valid values are xfs and btrfs. Default: xfs. If DockerStorageDriver (above) is set to overlay2, FileSystem must be set to xfs; if DockerStorageDriver is btrfs, FileSystem must be btrfs.

optional defaults recommended

OSVolumeSize

Size (in GB) of the OS volume for a node or nodes in the deployment. Default: 32. May be limited by or ignored in favor of settings specific to the applicable parameters specifying machine image or template, instance type, or OS volume type parameters (see Provider-Specific Parameters).

optional  

DataVolumeSize

WIJVolumeSize

Journal1VolumeSize

Journal2VolumeSize

Size (in GB) of the corresponding persistent storage volume to create for iris containers. For example, DataVolumeSize determines the size of the data volume. Default: 10, although DataVolumeSize must be at least 60 for Tencent deployments. May be limited by the applicable volume type parameter (see Provider-Specific Parameters). Each volume also has a corresponding device name parameter (for example, DataDeviceName; see Device Name Parameters) and mount point parameter (for example, DataMountPoint; see immediately below and Storage Volumes Mounted by ICM). optional  

DataMountPoint

WIJMountPoint

Journal1MountPoint

Journal2MountPoint

The location within iris containers at which the corresponding persistent volume is mounted. For example, DataMountPoint determines the location for the data volume. For more information, see Storage Volumes Mounted by ICM. Defaults: /irissys/{ data | wij | journal1j | journal2j }. Each volume also has a corresponding device name parameter (for example, DataDeviceName; see Device Name Parameters) and size parameter (for example, DataVolumeSize; see above).

optional  
Containerless If true, enables containerless mode, in which InterSystems IRIS is deployed from an installation kit rather than a container; see the appendix Containerless Deployment. Default: false. optional defaults
Role Role of the node or nodes to be provisioned by a given entry in the definitions file, for example DM or DATA; see ICM Node Types. required definitions
Count Number of nodes to provision from a given entry in the definitions file. Default: 1. required definitions
StartCount Numbering start for a particular node definition in the definitions file. For example, if the DS node definition includes "StartCount": "3", the first DS node provisioned is named Label-DS-Tag-0003. optional definitions
LoadBalancer If true in definitions of node type DATA, COMPUTE, AM, or WS, a predefined load balancer is automatically provisioned on providers AWS, GCP, Azure, and Tencent (see Predefined Load Balancer). If true in definitions of node type CN or VM, a generic load balancer is added if other parameters are included in the definition (see Generic Load Balancer). Default: false. optional definitions

AlternativeServers

Remote server selection algorithm for definitions of type WS (see Node Type: Web Server). Valid values are LoadBalancing and FailOver. Default: LoadBalancing.

optional definitions

ApplicationPath

Application path to create for definitions of type WS. Do not include a trailing slash.

optional definitions

IAMImage

InterSystems API Manager (IAM) image; no default.

optional definitions

PostgresImage

Postgres image (optional IAM component); default: postgres:11.6.

optional definitions

PrometheusImage

Prometheus image (System Alerting and Monitoring [SAM] component); default: prom/prometheus:v2.17.1.

optional definitions

AlertmanagerImage

Alertmanager image (SAM component); default: prom/alertmanager:v0.20.0.

optional definitions

GrafanaImage

Grafana image (SAM component); default: grafana/grafana:6.7.1.

optional definitions

NginxImage

Nginx image (SAM component); default: nginx:1.17.9-alpine.

optional definitions
UserCPF Configuration merge file to be used to customize the CPFs InterSystems IRIS instances during deployment (see Deploying with Customized InterSystems IRIS Configurations). optional  
SystemMode String to be shown in the masthead of the Management PortalOpens in a new tab of the InterSystems IRIS instances on one or more provisioned nodes. Certain values (LIVE, TEST, FAILOVER, DEVELOPMENT) trigger additional changes in appearance. Default: blank. This setting can also be specified by adding [Startup]/SystemMode to the configuration merge file (see previous entry). optional  

Security-related Parameters

The parameters in the following table are used to provide access and identify required files and information so that ICM can communicate securely with the provisioned nodes and deployed containers. They are all required, in the defaults file only.

Parameter Definition
   
Provider-specific credentials and account parameters; to see detailed instructions for obtaining the files and values, click the provider link
  • Provider-Specific – AWS

    Credentials: Path to a file containing the public/private keypair for an AWS account.

  • Provider-Specific – GCP

    Credentials: Path to a JSON file containing the service account key for a GCP account.

    Project: GCP project ID.

  • Provider-Specific – Azure

    SubscriptionId: A unique alphanumeric string that identifies a Microsoft Azure subscription.

    TenantId: A unique alphanumeric string that identifies the Azure Active Directory directory in which an application was created.

    UseMSI: If true, authenticates using a Managed Service Identity in place of ClientId and ClientSecret; default is false.

    ClientId, ClientSecret: Credentials identifying and providing access to an Azure application (if UseMSI is false).

  • Provider-Specific – Tencent

    SecretID, SecretKey: Unique alphanumeric strings that identify and provide access to a Tencent Cloud account.

  • Provider-Specific – vSphere

    VSphereUser, VSpherePassword: Credentials for vSphere operations.

SSHUser Nonroot account with sudo access used by ICM for access to provisioned nodes. Root of SSHUser’s home directory can be specified using the Home field. Required value is provider-specific, as follows:
  • AWS — As per AMI (see AMI parameter in AWS Parameters); usually ubuntu for Ubuntu images

  • GCP — At user's discretion

  • Azure — At user's discretion

  • Tencent — As per image (see ImageId parameter in Tencent Parameters)

  • vSphere — As per VM template (see Template parameter in vSphere Parameters)

  • Preexisting — See SSH in the appendix “Deploying on a Preexisting Cluster”

SSHPassword Initial password for the user specified by SSHUser. Required for marketplace Docker images and deployments of type vSphere, Azure, and PreExisting. This password is used only during provisioning, at the conclusion of which password logins are disabled.
SSHOnly If true, ICM does not attempt SSH password logins during provisioning, for providers vSphere and PreExisting only. Because this prevents ICM from logging in using a password, it requires that you stage your public SSH key (as specified by the SSHPublicKey field, below) on each node. Default: false.
SSHPublicKey Path within the ICM container of the public key of the SSH public/private key pair; required for all deployments. For provider AWS, must be in SSH2 format, for example:---- BEGIN SSH2 PUBLIC KEY --- AAAAB3NzaC1yc2EAAAABJQAAAQEAoa0 ---- BEGIN SSH2 PUBLIC KEY ---For other providers, must be in OpenSSH format, for example:ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAoa0
SSHPrivateKey Path within the ICM container of the private key of the SSH public private key pair; required for all deployments in RSA format, for example:-----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAoa0ex+JKzC2Nka1 -----END RSA PRIVATE KEY-----
TLSKeyDir Directory within the ICM container containing TLS keys used to establish secure connections to Docker, InterSystems Web Gateway, JDBC, and mirrored InterSystems IRIS databases, as follows:
  • ca.pem

  • cert.pem

  • key.pem

  • keycert.pem

  • server-cert.pem

  • server-key.pem

  • keystore.p12

  • truststore.jks

  • SSLConfig.properties

SSLConfig Path within the ICM container to an TLS configuration file used to establish secure JDBC connections. Default: If this parameter is not provided, ICM looks for a configuration file in /TLSKeyDir/SSLConfig.Properties (see previous entry).
PrivateSubnet If true, ICM deploys on an existing private subnet, or creates and deploys on a new private subnet, for use with a bastion host; see Deploying on a Private Network.
WeavePassword Password used to encrypt traffic over Weave Net; enable encryption by setting to a value other than null in the defaults file. Default: null.
net_vpc_cidr CIDR of the existing private network to deploy on; see Deploy Within an Existing Private Network.
net_subnet_cidr CIDR of an ICM node’s subnet within an existing private network.

Port and Protocol Parameters

Typically, the defaults for these parameters are sufficient. For information about two use cases in which you may need to specify some of these parameters, see Ports in the appendix “Using ICM with Custom and Third-Party Containers” and Ports in the appendix “Deploying on a Preexisting Cluster”.

Parameter Definition
ForwardPort Port to be forwarded by a given load balancer (both 'from' and 'to'). Defaults:
  • AM, DM, DATA, COMPUTE: SuperServerPort,WebServerPort (below)

  • WS: WebGatewayPort (below)

  • VM/CN: user-defined; must be included for a generic load balancer to be deployed

The value can be a comma-separated list of ports, as long as all use the same ForwardProtocol (below).

ForwardProtocol Protocol to be forwarded by a given load balancer. Value TCP is valid for all providers; additional protocols available on a per-provider basis.
  • DATA, COMPUTE, DM, AM: TCP

  • WS: TCP

  • VM/CN: user-defined; parameter must be included to deploy a generic load balancer

HealthCheckPort Port used to verify health of instances in the target pool. Defaults:
  • AM, DM, DATA, COMPUTE: WebServerPort (below)

  • WS: 80

  • VM/CN: user-defined; parameter must be included to deploy a generic load balancer

HealthCheckProtocol Protocol used to verify health of instances in the target pool. Defaults:
  • AM, DM, DATA, COMPUTE: HTTP

  • WS: TCP

  • VM/CN: user-defined; parameter must be included to deploy a generic load balancer

HealthCheckPath Path used to verify health of instances in the target pool. Defaults:
  • Nonmirrored DM/DATA, AM, COMPUTE: /csp/user/cache_status.cxw

  • Mirrored DM, DATA: /csp/user/mirror_status.cxw

  • WS: N/A (path not used for TCP health checks)

  • VM/CN: user-defined for HTTP health checks; parameter must be included to deploy a generic load balancer

ISCAgentPort * Port used by InterSystems IRIS ISC Agent. Default: 2188. If Containerless is false or absent and Overlay is set to weave (see General Parameters), this port is closed in the firewall.
SuperServerPort Port used by InterSystems IRIS Superserver. Default: 1972.
WebServerPort Port used by InterSystems IRIS Web Server/Management Portal. Default: 52773. Also used by the InterSystems Web Gateway instance on a WS node deployed in nonroot containerless mode.

WebGatewayPort

Port used by InterSystems IRIS Web Gateway. Default: 80 (webgateway, webgateway-nginx), 52773 (webgateway-lockeddown).

LicenseServerPort *

Port used by InterSystems IRIS License Server. Default: 4002.. If Containerless is false or absent and Overlay is set to weave (see General Parameters), this port is closed in the firewall.

* If ICM is in container mode (Containerless is false or absent) and Overlay is set to weave (see General Parameters), this port is closed in the node’s firewall.

CPF Parameters

When using a configuration merge file specified by the UserCPF property to customize the CPF of one or more InterSystems IRIS instances during deployment, as described in Deploying with Customized InterSystems IRIS Configuration Parameters, you cannot include certain CPF settings, because ICM needs to read their values before it adds them to the CPF at a later stage. You should therefore customize these settings by specifying the following parameters (described in General Parameters and Port and Protocol Parameters) in your configuration files:

Parameter

CPF Setting

WIJMountPoint

[config]/wijdir

Journal1MountPoint

[Journal]/CurrentDirectory

Journal2MountPoint

[Journal]/AlternateDirectory

SuperServerPort

[Startup]/DefaultPort

WebServerPort

[Startup]/WebServerPort

Note:

The value of the ICM LicenseServerPort field is taken from the [LicenseServers] block of the CPF, bound to the name of the configured license server (see InterSystems IRIS Licensing for ICM).

Provider-Specific Parameters

The tables in this section list parameters used by ICM that are specific to the various cloud providers. Some of these parameters are used with more than one provider; for example, the InstanceType, ElasticIP, and VPCId parameters can be used in both AWS and Tencent deployments. Some provider-specific parameters have different names but the same purpose, for example AMI and InstanceType for AWS, Image and MachineType for GCP, and ImageId and InstanceType for Tencent, whereas there are four Azure parameters corresponding to each of these.

Like the General Parameters table, the tables in this section indicate whether each parameter is required in every deployment or optional, and whether it must be included (when used) in either defaults.json or definitions.json, is recommended for one file or the other, or can be used in either. For examples of each type, see General Parameters.

Note:

For information about parameters used only for PreExisting deployments, see Definitions File for PreExisting in the appendix “Deploying on a Preexisting Cluster”.

Selecting Machine Images

Cloud providers operate data centers in various regions of the world, so one of the important things to customize for your deployment is the region in which your cluster will be deployed (see the Region parameter in General Parameters). Another choice is which virtual machine images to use for the host nodes in your cluster (parameters vary by provider). Although the sample configuration files define valid regions and machine images for all cloud providers, you will generally want to change the region to match your own location. Because machine images are often specific to a region, both must be selected.

Container images from InterSystems comply with the Open Container Initiative (OCIOpens in a new tab) specification, and are built using the Docker Enterprise Edition engine, which fully supports the OCI standard and allows for the images to be certifiedOpens in a new tab and featured in the Docker Hub registry. InterSystems images are built and tested using the widely popular container Ubuntu operating system, and ICM therefore supports their deployment on any OCI-compliant runtime engine on Linux-based operating systems, both on premises and in public clouds.

Provider-Specific Parameter Tables

Parameter Definition Use is ... Config file
Credentials

Path to a file containing the public/private keypair for an AWS account. To download, after logging in to the AWS management console, open Managing Access Keys for IAM UsersOpens in a new tab in the AWS documentation and follow the procedure for managing access keys in the AWS console.

required defaults
AMI

AMI (machine image) to use as platform and OS template for nodes to be provisioned; see Amazon Machine Images (AMI)Opens in a new tab in the AWS documentation. Example: ami-a540a5e1. To list public AMIs available, in the EC2 Console, select AMIs in the navigation pane and filter for Public AMIs.

required  
InstanceType Instance type to use as compute resources template for nodes to be provisioned on AWS and Tencent; see Amazon EC2 Instance TypesOpens in a new tab in the AWS documentation. Example: m4.large. (Some instance types may not be compatible with some AMIs.) required  
ElasticIP Enables the Elastic IP feature on AWS and Tencent to preserve IP address and domain name across host node restart (see Host Node Restart and Recovery). Default: false. optional defaults

VPCId

Existing Virtual Private Cloud (VPC) to be used in the deployment on AWS and Tencent, instead of allocating a new one; the specified VPC is not deallocated during unprovision. If not specified when PrivateSubnet (see Security-related Parameters) is true, a new VPC is allocated for the deployment and deallocated during unprovision. For more information, see Deploying Within an Existing Private Network.

Note:

Internal parameter net_subnet_cidr must be provided if the VPC is not created in the default address space 10.0.%d.0/24; for example, for a VPC in the range 172.17.0.0/24, you would need to specify net_subnet_cidr as 172.17.%d.0/24.

optional defaults

SubnetIds

When deploying on an existing private subnet on AWS or Tencent, comma-separated list of subnet IDs, one for each element specified by the Zone parameter (see General Parameters).

optional defaults
RouteTableId When deploying on an existing private subnet, the route table to use for access to the ICM host; if provided, ICM uses this instead of allocating its own (and does not deallocate during unprovision). No default. optional defaults
InternetGatewayId When deploying on an existing private subnet, the Internet gateway to use for access to the ICM host; if provided, ICM uses this instead of allocating its own (and does not deallocate during unprovision). No default. optional defaults
OSVolumeType Determines disk type of the OS volume for a node or nodes in the deployment, which in turn determines the maximum value for the OSVolumeSize parameter (see General Parameters), which sets the size of the OS volume. See Amazon EBS Volume TypesOpens in a new tab in the AWS documentation. Tencent uses the same parameter name. Default: standard. optional  

DataVolumeType

WIJVolumeType

Journal1VolumeType

Journal2VolumeType

Determines disk type of the corresponding persistent storage volume for iris containers (see Storage Volumes Mounted by ICM), which in turn determines the maximum size of the volume. For example, DataVolumeType determines the maximum value for the DataVolumeSize parameter (see General Parameters), which detemines the size of the data volume. See Amazon EBS Volume TypesOpens in a new tab in the AWS documentation. Tencent uses the same parameter name. Default: standard. optional  

OSVolumeIOPS

Determines IOPS count for the OS volume for a node or nodes in the deployment; see I/O Characteristics and MonitoringOpens in a new tab in the AWS documentation. Default: 0. optional  

PlacementGroups

A comma-separated list of placement groups to create (see Placement groupsOpens in a new tab in the AWS documentation). If blank or omitted, no placement groups are created. Default: none.

optional  

PlacementStrategy

Strategy for placing instances in the groups specified by PlacementGroups. Valid values are cluster, partition, and spread. Default: cluster.

optional  

PlacementMap

Specifies the mapping between the values of PlacementGroups and the nodes within a given definition. Instances will be assigned in the order in which they occur in PlacementGroups (with wraparound). Default: 0,1,2,3,...,256.

optional  
PlacementPartitionCount The number of partitions to create in the placement group. Has no effect unless PlacementStrategy is set to partition. Default: 2 optional  
PlacementSpreadLevel Places a group of instances on distinct hardware. Has no effect unless PlacementStrategy is set to spread. Valid values are rack and host. Default: none optional  

DataVolumeIOPS

WIJVolumeIOPS

Journal1VolumeIOPS

Journal2VolumeIOPS

Determines IOPS count for the corresponding persistent storage volume for iris containers (see Storage Volumes Mounted by ICM). For example, DataVolumeIOPS determines the IOPS count for the data volume. See I/O Characteristics and MonitoringOpens in a new tab in the AWS documentation. Must be nonzero when the corresponding volume type (see the immediately preceding) is io1. Default: 0.

optional  

LoadBalancerInternal

When set to True, creates a load balancer of type "internal", otherwise the load balancer type is "external". Default: False.

optional definitions
Parameter Definition Use is ... Config file
Credentials

Path to a JSON file containing the service account key for a GCP account. To download, after logging in to the GCP console and selecting a project, open Creating and managing service account keysOpens in a new tab in the GCP documentation and follow the procedure for creating service account keys in the GCP console.

required defaults
Project GCP project ID; see Creating and Managing ProjectsOpens in a new tab in the GCP documentation. required defaults
Image Source machine image to use as platform and OS template for provisioned nodes; see ImagesOpens in a new tab in the GCP documentation. Example: ubuntu-os-cloud/ubuntu-1804-bionic-v20190911. required  
MachineType Machine type to use as compute resources template for nodes to be provisioned; see Machine typesOpens in a new tab in the GCP documentation. Example: n1-standard-1. required  
RegionMap

When deploying across multiple regions (see Deploying Across Multiple Regions on GCP), specifies which nodes are deployed in which regions. Default: 0,1,2,...,255.

optional definitions
Network

Existing Virtual Private Cloud (VPC) to be used in the deployment, instead of allocating a new one; the specified VPC is not deallocated during unprovision. If not specified when PrivateSubnet (see Security-related Parameters) is true, a new VPC is allocated for the deployment and deallocated during unprovision. For more information, see Deploying Within an Existing Private Network.

optional defaults
Subnet Existing private subnet to be used in the deployment, instead of allocating a new one; not deallocated during unprovision. For multiregion deployments (see Deploying Across Multiple Regions on GCP), value must be a comma-separated list, one for each region specified. If not specified when PrivateSubnet (see Security-related Parameters) is true, a new VPC is allocated for the deployment and deallocated during unprovision. For more information, see Deploying Within an Existing Private Network. optional defaults
OSVolumeType Determines disk type for the OS volume for a node or nodes in the deployment; see Storage OptionsOpens in a new tab in the GCP documentation. Default: pd-standard. optional  

DockerVolumeType

Determines disk type for the block storage device used for the Docker thin pool on a node or nodes in the deployment; see Storage OptionsOpens in a new tab in the GCP documentation. Default: pd-standard. optional  

DataVolumeType

WIJVolumeType

Journal1VolumeType

Journal2VolumeType

Determines disk type for the corresponding persistent storage volume for iris containers (see Storage Volumes Mounted by ICM). For example, DataVolumeType determines the disk type for the data volume. See Storage OptionsOpens in a new tab in the GCP documentation. Default: pd-standard. optional  
Parameter Definition Use is ... Config file
SubscriptionId A unique alphanumeric string that identifies a Microsoft Azure subscription; to display, on the Azure portal select Subscriptions or type “subscriptions” into the search box, and use the Subscription ID displayed for SubscriptionId. required defaults
TenantId A unique alphanumeric string that identifies the Azure Active Directory directory in which an application was created; to display, on the Azure portal select Azure Active Directory in the nav pane and then Properties on the nav pane for that page, and use the Directory ID displayed for TenantId. required defaults

UseMSI

If true, authenticates using a Managed Service Identity in place of ClientId and ClientSecret; see What is managed identities for Azure resources?Opens in a new tab in the Azure documentation. Requires that ICM be run from a machine in Azure. required defaults

ClientId

ClientSecret

Credentials identifying and providing access to an Azure application (if UseMSI is false); to create them:

required defaults
Location Region in which to provision a node or nodes; see the Region parameter in General Parameters. required defaults
LocationMap

When deploying across multiple regions (see Deploying Across Multiple Regions on Azure), specifies which nodes are deployed in which regions. Default: 0,1,2,...,255.

optional definitions
PublisherName Entity providing a given Azure machine image to use as platform and OS template for provisioned nodes. Example: OpenLogic. required  
Offer Operating system of a given Azure machine image. Example: UbuntuServer. required  
Sku Major version of the operating system of a given Azure machine image. Example: 7.2. required  
Version Build version of a given Azure machine image. Example: 7.2.20170105. required  

CustomImage

Image to be used to create the OS disk, in place of the Azure machine image described by the PublisherName, Offer, Sku, and Version fields. Value is an Azure URI of the form:

/subscriptions/subscription/resourceGroups/resource_group/providers /Microsoft.Compute/images/image_name

optional  
Size Machine size to use as compute resources template for nodes to be provisioned; see Sizes for virtual machines in AzureOpens in a new tab in the Azure documentation. Example: Standard_DS1. required  

ResourceGroupName

Existing resource group to be used in the deployment, instead of allocating a new one; the specified group is not deallocated during unprovision. If not specified when PrivateSubnet (see Security-related Parameters) is true, a new resource group is allocated for the deployment and deallocated during unprovision. For more information, see Deploying Within an Existing Private Network.

optional defaults

VirtualNetworkName

Existing private subnet to be used in the deployment, instead of allocating a new one; not deallocated during unprovision. For multiregion deployments (see Deploying Across Multiple Regions on Azure), value must be a comma-separated list, one for each region specified. If not specified when PrivateSubnet (see Security-related Parameters) is true, a new VPC is allocated for the deployment and deallocated during unprovision. For more information, see Deploying Within an Existing Private Network.

Note:

The net_subnet_cidr parameter (see Security-related Parameters) must be provided if the network is not created in the default address space 10.0.%d.0/24.

optional defaults

SubnetName

Name of an existing subnet to be used in the deployment, instead of allocating a new one; not deallocated during unprovision. For multiregion deployments (see Deploying Across Multiple Regions on Azure), value must be a comma-separated list, one for each region specified. If not specified when PrivateSubnet (see Security-related Parameters) is true, a new subnet is allocated for the deployment and deallocated during unprovision.

Note:

When provisioning on a private network, unique SubnetName and net_subnet_cidr parameters must be provided for each entry in the definitions file (but ResourceGroupName and VirtualNetworkName remain in the defaults file). This includes the bastion host definition when deploying a bastion host (see Deploy on a Private Network Through a Bastion Host).

optional definitions

AccountTier

Storage account performance tier (see Azure storage account overviewOpens in a new tab in the Azure documentation); either HDD (Standard) or SSD (Premium).

optional  

AccountReplicationType

Storage account replication type: locally-redundant storage (LRS), geo-redundant storage (GRS), zone-redundant storage (ZRS), or read access geo-redundant storage (RAGRS).

optional  
Parameter Definition Use is ... Config file

SecretID

SecretKey

Unique alphanumeric strings that identify and provide access to a Tencent Cloud account. To download, open SignatureOpens in a new tab in the Tencent Cloud documentation and follow the procedure in “Applying for Security Credentials”.

required defaults

ImageId

Machine image to use as platform and OS template for provisioned nodes; see Image OverviewOpens in a new tab in the Tencent documentation. Example: img-pi0ii46r.

required (see below)  

OSName

If ImageId (above) is not provided, ICM searches for an image matching this field. Note that this field supports regexp. Default: ubuntu.

required (see above)  

InstanceFamily

Instance family from which to select instance type; if InstanceType (below) is not provided, ICM searches for an instance type matching InstanceFamily, CPUCoreCount, and MemorySize (below). Default: S3. required (see below)  

InstanceType

Instance type to use as compute resources template for nodes to be provisioned on AWS and Tencent; see Instance TypesOpens in a new tab in the Tencent documentation. Example: S2.MEDIUM4.

required (see above)  
ElasticIP Enables the Elastic IP feature on AWS and Tencent to preserve IP address and domain name across host node restart (see Host Node Restart and Recovery). Default: false. optional defaults

VPCId

Existing Virtual Private Cloud (VPC) to be used in the deployment on AWS and Tencent, instead of allocating a new one; the specified VPC is not deallocated during unprovision. If not specified when PrivateSubnet (see Security-related Parameters) is true, a new VPC is allocated for the deployment and deallocated during unprovision. For more information, see Deploying Within an Existing Private Network.

Note:

Internal parameter net_subnet_cidr must be provided if the VPC is not created in the default address space 10.0.%d.0/24; for example, for a VPC in the range 172.17.0.0/24, you would need to specify net_subnet_cidr as 172.17.%d.0/24.

optional defaults

SubnetIds

When deploying on an existing private subnet on AWS or Tencent, comma-separated list of subnet IDs, one for each element specified by the Zone parameter (see General Parameters).

optional defaults

CPUCoreCount

CPU core to match when selecting instance type; if InstanceType (above) is not provided, ICM searches for an instance type matching InstanceFamily, CPUCoreCount, and MemorySize (above). Default: 2. optional  

MemorySize

Memory size to match when selecting instance type; if InstanceType (above) is not provided, ICM searches for an instance type matching InstanceFamily, CPUCoreCount, and MemorySize (above). Default: 4 GB. optional  

OSVolumeType

Determines disk type for the OS volume for a node or nodes in the deployment; see Data Types: DataDiskOpens in a new tab in the Tencent documentation. AWS uses the same parameter name. Default: CLOUD_BASIC. optional  

DockerVolumeType

Determines disk type for the block storage device used for the Docker thin pool on a node or nodes in the deployment; see Data Types: DataDiskOpens in a new tab in the Tencent documentation. AWS uses the same parameter name. Default: CLOUD_BASIC. optional  

DataVolumeType

WIJVolumeType

Journal1VolumeType

Journal2VolumeType

Determines disk type for the corresponding persistent storage volume for iris containers (see Storage Volumes Mounted by ICM). For example, DataVolumeType determines the disk type for the data volume. AWS uses the same parameter names. See Data Types: DataDiskOpens in a new tab in the Tencent documentation. Default: CLOUD BASIC. optional  
Parameter Definition Use is ... Config file
Server Name of the vCenter server. Example: tbdvcenter.internal.acme.com. required defaults
Datacenter Name of the datacenter. required defaults
DatastoreCluster

Collection of datastores where virtual machine files will be stored; see Creating a Datastore ClusterOpens in a new tab in the VMware documentation. Example: DatastoreCluster1.

required defaults
DataStore If provided, specifies one datastore in the datastore cluster in which to store virtual machine files. Example: Datastore1 optional defaults
ComputeCluster Cluster of hosts used to manage compute resources, DRS, and HA. Example: ComputeCluster1 required defaults

VSphereUser

VSpherePassword

Credentials for vSphere operations; see About vSphere AuthenticationOpens in a new tab in the VMware documentation. required defaults
DNSServers List of DNS servers for the virtual network. Example: 172.16.96.1,172.17.15.53 required defaults
DNSSuffixes List of name resolution suffixes for the virtual network adapter. Example: internal.acme.com required defaults
Domain FQDN for a node or nodes to be provisioned. Example: internal.acme.com required defaults
NetworkInterface Label to assign to a network interface. Example: VM Network optional defaults

ResourcePool

Name of a vSphere resource pool; see Managing Resource PoolsOpens in a new tab in the VMware documentation. Example: ResourcePool1.

optional defaults
Template Virtual machine master copy (machine image) to use as platform and OS template for nodes to be provisioned. Example: ubuntu1804lts required  
VCPU Number of CPUs in a node or nodes to be provisioned. Example: 2. optional  
Memory Amount of memory (in MB) in a node or nodes to be provisioned. Example: 4096. optional  

GuestID

Guest ID for the operating system type. See Enum - VirtualMachineGuestOsIdentifierOpens in a new tab on the VMware support website. Default: other3xLinux64Guest.

optional  

WaitForGuestNetTimeout

Time (in minutes) to wait for an available IP address on a virtual machine. Default: 5.

optional  

ShutdownWaitTimeout

Time (in minutes) to wait for graceful guest shutdown when making necessary updates to a virtual machine. Default: 3.

optional  

MigrateWaitTimeout

Time (in minutes) to wait for virtual machine migration to complete. Default: 10.

optional  

CloneTimeout

Time (in minutes) to wait for virtual machine cloning to complete. Default: 30.

optional  

CustomizeTimeout

Time (in minutes) that Terraform waits for customization to complete. Default: 10.

optional  

DiskPolicy

Disk provisioning policy for the deployment (see About Virtual Disk Provisioning PoliciesOpens in a new tab in the VMware documentation). Values are:

  • thin — Thin Provision

  • lazy — Thick Provision Lazy Zeroed

  • eagerZeroedThick — Thick Provision Eager Zeroed

Default: lazy.

optional  

SDRSEnabled

If specified, determines whether Storage DRS (see Enable and Disable Storage DRSOpens in a new tab in the VMware documentation) is enabled for a virtual machine; otherwise, use current datastore cluster settings. Default: Current datastore cluster settings.

optional  

SDRSAutomationLevel

If specified, determines Storage DRS automation level for a virtual machine; otherwise, use current datastore cluster settings. Values are automated or manual. Default: Current datastore cluster settings.

optional  

SDRSIntraVMAffinity

If provided, determines Intra-VM affinity setting for a virtual machine (see Override VMDK Affinity RulesOpens in a new tab in the VMware documentation); otherwise, use current datastore cluster settings. Values include:

  • true — All disks for this virtual machine will be kept on the same datastore.

  • false — Storage DRS may locate individual disks on different datastores if it helps satisfy cluster requirements.

Default: Current datastore cluster settings.

optional  

SCSIControllerCount

Number of SCSI controllers for a given host node; must be between 1 and 4. The OS volume is always be placed on the first SCSI controller. vSphere may not be able to create more SCSI controllers than were present in the template specified by the Template field.

Default: 1

optional  

DockerVolumeSCSIController

SCSI controller on which to place the Docker volume. Must be between 1 and 4 and may not exceed SCSIControllerCount.

Default: 1

optional  

DataVolumeSCSIController

WIJVolumeSCSIController

Journal1VolumeSCSIController

Journal2VolumeSCSIController

SCSI controller on which to place the corresponding volume in iris containers; for example, DataVolumeSCSIController determines the controller for data volume. Must be between 1 and 4 and may not exceed SCSIControllerCount.

Default: 1

optional  
Note:

The requirements for the VMware vSphere template specified by the Template property are similar to those described in Host Node Requirements in the appendix “Deploying on a Preexisting Cluster” (for example, passwordless sudo access).

To address the needs of the many users who rely on VMware vSphere, it is supported by this release of ICM. Depending on your particular vSphere configuration and underlying hardware platform, the use of ICM to provision virtual machines may entail additional extensions and adjustments not covered in this guide, especially for larger and more complex deployments, and may not be suitable for production use. Full support is expected in a later release.

Device Name Parameters

The parameters listed in the following specify the device files under /dev that represent the persistent volumes created by ICM for use by InterSystems IRIS. For information about these persistent volumes and a table of provider and OS-specific default values for these parameters, see Storage Volumes Mounted by ICM. For PreExisting deployments, see Storage Volumes in the “Deploying on a Preexisting Cluster” appendix.

Parameter Persistent Volume For

DataDeviceName

Databases

WIJDeviceName

WIJ directory

Journal1DeviceName

Primary journal directory

Journal2DeviceName

Alternate journal directory

Alphabetical List of User Parameters

The following table lists all of the parameters discussed in the preceding tables in this section in alphabetical order, with links to the table(s) containing their definition.

Parameter Table(s) for definition

AccountReplicationType

Provider-Specific – Azure

AccountTier

Provider-Specific – Azure

AlternativeServers

General

AMI

Provider-Specific – AWS

ApplicationPath

General

ClientId

Provider-Specific – Azure, Security

ClientSecret

Provider-Specific – Azure, Security

CloneTimeout

Provider-Specific – vSphere

ComputeCluster

Provider-Specific – vSphere

Count

General

CPUCoreCount

Provider-Specific – Tencent

Credentials

Provider-Specific – AWS, Provider-Specific – GCP, Security

CustomizeTimeout

Provider-Specific – vSphere

Datacenter

Provider-Specific – vSphere

DataDeviceName

Device Name

DataMountPoint

General

Datastore

Provider-Specific – vSphere

DatastoreCluster

Provider-Specific – vSphere

DataVolumeIOPS

Provider-Specific – AWS

DataVolumeSCSIController

Provider-Specific – vSphere

DataVolumeSize

General

DataVolumeType

Provider-Specific – AWS, Provider-Specific – GCP, Provider-Specific – Tencent

DiskPolicy

Provider-Specific – vSphere

DNSName

PreExisting

DNSServers

Provider-Specific – vSphere

DNSSuffixes

Provider-Specific – vSphere

DockerImage

General

DockerInit

General

DockerPassword

General

DockerRegistry

General

DockerStorageDriver

General

DockerURL

General

DockerUsername

General

DockerVersion

General

DockerVolumeIOPS

Provider-Specific – AWS

DockerVolumeSCSIController

Provider-Specific – vSphere

DockerVolumeSize

General

DockerVolumeType

Provider-Specific – AWS, Provider-Specific – GCP, Provider-Specific – Tencent

Domain

Provider-Specific – vSphere

ElasticIP

Provider-Specific – AWS, Provider-Specific – Tencent

FileSystem

General

GuestID

Provider-Specific – vSphere

Image

Provider-Specific – GCP

ImageId

Provider-Specific – Tencent

InstanceFamily

Provider-Specific – Tencent

InstanceType

Provider-Specific – AWS, Provider-Specific – Tencent

InternetGatewayId

Provider-Specific – AWS

IPAdress

PreExisting

ISCPassword

General

Journal1DeviceName

Device Name

Journal1MountPoint

General, CPF

Journal1VolumeIOPS

Provider-Specific – AWS

Journal1VolumeSCSIController

Provider-Specific – vSphere

Journal1VolumeSize

General

Journal1VolumeType

Provider-Specific – AWS, Provider-Specific – GCP, Provider-Specific – Tencent

Journal2DeviceName

Device Name

Journal2MountPoint

General, CPF

Journal2VolumeIOPS

Provider-Specific – AWS

Journal2VolumeSCSIController

Provider-Specific – vSphere

Journal2VolumeSize

General

Journal2VolumeType

Provider-Specific – AWS, Provider-Specific – GCP, Provider-Specific – Tencent

Label

General

LicenseDir

General

LicenseKey

General

LicenseServerPort

Port, CPF

LoadBalancer

General

LoadBalancerInternal

Provider-Specific – AWS

Location

Provider-Specific – Azure

LocationMap

Provider-Specific – Azure

MachineType

Provider-Specific – GCP

Memory

Provider-Specific – vSphere

MemorySize

Provider-Specific – Tencent

MigrateWaitTimeout

Provider-Specific – vSphere

Mirror

General

MirrorMap

General

Namespace

General

NetworkInterface

Provider-Specific – vSphere

OSName

Provider-Specific – Tencent

OSVolumeIOPS

Provider-Specific – AWS

OSVolumeSize

General

OSVolumeType

Provider-Specific – AWS, Provider-Specific – GCP, Provider-Specific – Tencent

Overlay

General

PlacementGroups

Provider-Specific – AWS

PlacementStrategy

Provider-Specific – AWS

PlacementMap

Provider-Specific – AWS
PlacementPartitionCount Provider-Specific – AWS
PlacementSpreadLevel Provider-Specific – AWS

Project

Provider-Specific – GCP

Provider

General

ProxyImage

General

Region

General

RegionMap Provider-Specific – GCP

ResourceGroupName

Provider-Specific – Azure

ResourcePool

Provider-Specific – vSphere

Role

General

RouteTableId

Provider-Specific – AWS

SCSIControllerCount

Provider-Specific – vSphere

SDRSAutomationLevel

Provider-Specific – vSphere

SDRSEnabled

Provider-Specific – vSphere

SDRSIntraVMAffinity

Provider-Specific – vSphere

SecretID

Provider-Specific – Tencent, Security

SecretKey

Provider-Specific – Tencent, Security

Server

Provider-Specific – vSphere

ShutdownWaitTimeout

Provider-Specific – vSphere

Size

Provider-Specific – Azure

SSHOnly

Security

SSHPassword

Security

SSHPrivateKey

Security

SSHPublicKey

Security

SSHUser

Security

SSLConfig

Security

StartCount

General

SubnetName

Provider-Specific – Azure

SubnetIds

Provider-Specific – AWS, Provider-Specific – Tencent

SubscriptionId

Security

SuperServerPort

Port, CPF

SystemMode

General

Tag

General

Template

Provider-Specific – vSphere

TenantId

Security

TLSKeyDir

Security

UseMSI

Provider-Specific – Azure, Security

UserCPF

General

VCPU

Provider-Specific – vSphere

VirtualNetworkName

Provider-Specific – Azure

VPCId

Provider-Specific – AWS, Provider-Specific – Tencent

VspherePassword

Provider-Specific – vSphere, Security

VsphereUser

Provider-Specific – vSphere, Security

WaitForGuestNetTimeout

Provider-Specific – vSphere

WeavePassword Security

WebGatewayPort

Port

WebServerPort

Port, CPF

WIJDeviceName

Device Name

WIJMountPoint

General, CPF

WIJVolumeIOPS

Provider-Specific – AWS

WIJVolumeSCSIController

Provider-Specific – vSphere

WIJVolumeSize

General

WIJVolumeType

Provider-Specific – AWS, Provider-Specific – GCP, Provider-Specific – Tencent

Zone

General

ZoneMap

General

FeedbackOpens in a new tab