Use the start-server command to start the Policy Administration GUI. Also, you can use environment variables to override configuration variables at startup.
To start PingDataGovernance Policy Administration GUI, use the bin/start-server command.
$ bin/start-server
You can run bin/start-server manually from the command line or within a script.
Overriding the configuration at startup
You can override a number of Policy Administration GUI settings by defining specific environment variables before starting the server. By overriding some of the configuration, you can redefine certain aspects of the configuration without re-running the setup tool.
To override the configuration, stop the Policy Administration GUI, define one or more of the environment variables, and restart the Policy Administration GUI.
Environment variables you can use to override configuration variables
The following table lists the environment variables that you can define, sorted based on expected frequency of use with related variables grouped together.
Environment variable | Example value | Description |
---|---|---|
PING_EXTERNAL_BASE_URL | pap.example.com:9443 |
The Policy Administration GUI hostname and port. PingDataGovernance uses this value to construct AJAX requests. The port value must match the value of PING_PORT for web browsers to pass CORS checks. |
PING_PORT | 443 |
The Policy Administration GUI HTTPS port. The server binds to this listen port. |
PING_KEYSTORE_TYPE | JKS | The Policy Administration GUI’s key store type. Valid values include JKS and PKCS12. |
PING_KEYSTORE_PATH | /path/to/keystore.jks | The path to the Policy Administration GUI’s key store. |
PING_KEYSTORE_PASSWORD | password1234 | The Policy Administration GUI’s key store password. |
PING_CERT_ALIAS | server-cert | The alias for the Policy Administration GUI’s server certificate. |
PING_SHARED_SECRET | DataGovernance | The Policy Administration GUI’s shared secret, which PingDataGovernance Server needs to make policy requests to the Policy Administration GUI. |
PING_OIDC_CONFIGURATION_ENDPOINT | https://oidc.example.com:9031/.well-known/openid-configuration | The OpenID Connect (OIDC) provider’s discovery URL. Used when the Policy Administration GUI is set up in OIDC mode. |
PING_CLIENT_ID | 8cb9f2c9-c366-47e0-9560-db2132b2d813 | The Policy Administration GUI’s client ID with the OpenID Connect provider. Used when the Policy Administration GUI is set up in OIDC mode. |
PING_USERNAMES | admin, user1, user2 | Used in demo mode. A comma-separated list of usernames accepted by the Policy Administration GUI for sign on. |
PING_H2_FILE | ./Symphonic |
The path to the policy database H2 file. Leave off the .mv.db extension. |
PING_DB_APP_USERNAME | db_user | The username the application uses to access the server database. |
PING_DB_APP_PASSWORD | Pa$$w0rd!23 | The password the application uses to access the server database. |
PING_DB_ADMIN_USERNAME | db_admin | The username the setup tool uses when upgrading the policy database. |
PING_DB_ADMIN_PASSWORD | $3cr3T |
The password the setup tool uses when upgrading the policy database. |
PING_OPTIONS_FILE | /path/to/options.yml | The path to an options.yml file to use with the Policy Administration GUI's setup tool. |
PING_ADMIN_PORT | 9444 |
The admin port where the H2 database backup endpoint is available. The policy administration point, or PAP, uses this endpoint to back up the H2 database, which stores your Trust Framework, policies, commit history, and other data. Related environment variables: PING_BACKUP_SCHEDULE, PING_H2_BACKUP_DIR |
PING_BACKUP_SCHEDULE | 0 0 0 * * ? |
The periodic database backup schedule for the Policy Administration GUI (also known as the PAP) in the form of a cron expression. Note:
The PAP evaluates the expression against the system timezone. For the PingDataGovernance Docker images, the default timezone is UTC. The default is For more information, see Quartz 2.3.0 cron format. Related environment variables: PING_ADMIN_PORT, PING_H2_BACKUP_DIR |
PING_H2_BACKUP_DIR | /opt/out/backup |
The directory in which to place the H2 database backup files. The default is SERVER_ROOT/policy-backup. Related environment variables: PING_ADMIN_PORT, PING_BACKUP_SCHEDULE |
Example: Override the configured HTTPS port
$ bin/stop-server
$ export PING_PORT=9443 PING_EXTERNAL_BASE_URL=pap.example.com:9443; bin/start-server
Example: Override the configured policy database location
$ bin/stop-server
$ export PING_H2_FILE=/opt/shared/Symphonic
$ bin/setup demo {ADDITIONAL_ARGUMENTS} && bin/start-server
Even though the actual filename of the policy database includes the extension .mv.db, the JDBC connection string excludes the extension.
If /opt/shared/Symphonic.mv.db does not exist, setup creates a new one. If the file does exist and is from an older PingDataGovernance server, setup updates the file to the latest version.
Troubleshooting startup errors
The bin/start-server command prints an error message if it detects that an error has occurred during startup. For more information about the error, see the logs/datagovernance-pap.log and logs/start-server.log files.