Scratch The OAP Config Dump

SkyWalking OAP behaviors could be controlled through hundreds of configurations. It is hard to know what is the final configuration as all the configurations could be overrided by system environments.

The core config file application.yml lists all the configurations and their default values. However, it is still hard to know the runtime value.

Scratch is a tool to dump the final configuration. It is provided within OAP rest server, which could be accessed through HTTP GET http://{core restHost}:{core restPort}/debugging/config/dump.

> curl http://127.0.0.1:12800/debugging/config/dump
cluster.provider=standalone
core.provider=default
core.default.prepareThreads=2
core.default.restHost=0.0.0.0
core.default.searchableLogsTags=level,http.status_code
core.default.role=Mixed
core.default.persistentPeriod=25
core.default.syncPeriodHttpUriRecognitionPattern=10
core.default.restIdleTimeOut=30000
core.default.dataKeeperExecutePeriod=5
core.default.topNReportPeriod=10
core.default.gRPCSslTrustedCAPath=
core.default.downsampling=[Hour, Day]
core.default.serviceNameMaxLength=70
core.default.gRPCSslEnabled=false
core.default.restPort=12800
core.default.serviceCacheRefreshInterval=10
...

All booting configurations with their runtime values are listed, including the selected provider for each module.

Protect The Secrets

Some of the configurations contain sensitive values, such as username, password, token, etc. These values would be masked in the dump result. For example, the storage.elasticsearch.password in the following configurations,

storage:
  selector: ${SW_STORAGE:h2}
  elasticsearch:
    password: ${SW_ES_PASSWORD:""}

It would be masked and shown as ******** in the dump result.

> curl http://127.0.0.1:12800/debugging/config/dump
...
storage.elasticsearch.password=********
...

By default, we mask the config keys through the following configurations.

# Include the list of keywords to filter configurations including secrets. Separate keywords by a comma.
keywords4MaskingSecretsOfConfig: ${SW_DEBUGGING_QUERY_KEYWORDS_FOR_MASKING_SECRETS:user,password,token,accessKey,secretKey,authentication}

Disable The Config Dump Service

By default, this service is open for helping users to debug and diagnose. If you want to disable it, you need to diable the whole debugging-query module through setting selector=-.

debugging-query:
  selector: ${SW_DEBUGGING_QUERY:-}