CNaaS NMS relies on configuration files and environment variables for configuration.

Config files

Config files are placed in /etc/cnaas-nms


Defines how to connect to the SQL and redis databases.


Defines parameters for the API:

  • host: Defines the listening host/IP, default

  • jwtcert: Defines the path to the public JWT certificate used to verify JWT tokens

  • httpd_url: URL to the httpd container containing firmware images

  • verify_tls: Verify certificate for connections to httpd/firmware server

  • verify_tls_device: Verify TLS connections to devices, defaults to True

  • cafile: Path to CA certificate used to verify device certificates. If no path is specified then the system default CAs will be used.

  • cakeyfile: Path to CA key, used to sign device certificates after generation.

  • certpath: Path to store generated device certificates in.

  • allow_apply_config_liverun: Allow liverun on apply_config API call. Defaults to False.

  • global_unique_vlans: If True VLAN IDs has to be globally unique, if False different DIST switches can reuse same VLAN IDs for different L2 domains. Defaults to True.

  • init_mgmt_timeout: Timeout to wait for device to apply changed management IP. Defaults to 30, specified in seconds (integer).

  • mgmtdomain_reserved_count: Number of IP addresses to reserve for internal use on each defined management domain when assigning new management IP addresses to devices. Defaults to 5 (e.g. meaning through would remain unassigned on a domain for

  • mgmtdomain_primary_ip_version: For dual stack management domains, this setting defines whether IP version 4 or 6 is preferred when an access device’s primary management address is assigned. The only valid values are therefore 4 and 6.

  • commit_confirmed_mode: Integer specifying default commit confirm mode (see commit_confirm_modes). Defaults to 1.

  • commit_confirmed_timeout: Time to wait before rolling back an unconfirmed commit, specified in seconds. Defaults to 300.

  • commit_confirmed_wait: Time to wait between comitting configuration and checking that the device is still reachable, specified in seconds. Defaults to 1.


Defines paths to git repositories.

Environment variables

Besides config files, cnaas-nms uses environment variables for configuration. The environment variables are typically set using docker-compose.

Docker-compose will spin up a multi container environment including the CNaaS NMS API, httpd and dhcp server, postgresql, redis and the JWT auth server.

There are various ways to set environment variables in docker-compose. The most common one is the docker-compose.yml file.

A list of the environment variables used by each Docker container:


  • GITREPO_TEMPLATES – templates git repository

  • GITREPO_SETTINGS – settings git repository

  • COVERAGE – calculate test coverage. 1 or 0 (yes or no)

  • USERNAME_DHCP_BOOT – user name to log into devices during DHCP boot process


  • USERNAME_DISCOVERED – user name for discovered devices


  • USERNAME_INIT – user name for initialised devices


  • USERNAME_MANAGED – user name for managed devices


  • PLUGIN_SETTINGS_FIELDS_MODULE - Use a custom module path to override settings_fields, defaults to: cnaas_nms.plugins.settings_fields


  • GITREPO_TEMPLATES – templates git repository


  • GITREPO_ETC – git repository containing dhcpd config

  • DB_PASSWORD – database password

  • DB_HOSTNAME – database host

  • JWT_AUTH_TOKEN – token to authenticate against the cnaas-nms REST API


  • POSTGRES_USER – database username

  • POSTGRES_PASSWORD – database password

  • POSTGRES_DB – name of the cnaas-nms database

Git repository URLs

All the options that point to various GIT repositories (GITREPO_*) support typical Git-compatible URLs, including, but not limited to:

  • ssh://user@host.xz:port/path/to/repo.git/

  • https://host.xz/path/to/repo.git/

  • git://host.xz/path/to/repo.git/

Additionally, specific commits or branches can be specified by adding a URL anchor containing a Git reference such as a branch name, tag or commit ID. Examples:

  • ssh://user@host.xz:port/path/to/repo.git/#stable

  • https://host.xz/path/to/repo.git/#v1.2.3

  • git://host.xz/path/to/repo.git/#2a8c7f6c6544dd438808ab1bec560115783a2f2a