diff --git a/docs/deployment/observability/logs.mdx b/docs/deployment/observability/logs.mdx index d052a4c4..229bf2a4 100644 --- a/docs/deployment/observability/logs.mdx +++ b/docs/deployment/observability/logs.mdx @@ -6,19 +6,23 @@ sidebar_position: 2 In addition to host-level logging, wasmCloud supports log exports using the [OpenTelemetry (OTEL)](https://opentelemetry.io/) specification. -For more information on wasmCloud's implementation of OpenTelemetry, including advanced configuration options, see [Observability with OpenTelemetry](/docs/deployment/observability/observability-with-opentelemetry.mdx). +For more information on wasmCloud's implementation of OpenTelemetry, including advanced configuration options, see [Observability with OpenTelemetry](/docs/1.0/deployment/observability/observability-with-opentelemetry). ### Configuration By default, wasmCloud hosts write `info` level logs to `stderr` in plaintext. -Enable the wasmCloud host to emit logs as an OTEL signal with the `OTEL_TRACES_EXPORTER` environment variable: +To enable all OTEL signals, including logs, use the `WASMCLOUD_OBSERVABILITY_ENABLED` environment variable: ```bash -OTEL_TRACES_EXPORTER=otlp +WASMCLOUD_OBSERVABILITY_ENABLED="true" ``` -In v0.82, this enables all supported OTEL signals—not just traces. (A more accurately descriptive environment variable and command line argument is to come in v1.0.) +To enable only logs, use the `WASMCLOUD_LOGS_ENABLED` environment variable: + +```bash +WASMCLOUD_LOGS_ENABLED="true" +``` Enabling OTEL signals automatically structures logs for OTEL export. (In this case, local `stderr` logs remain plaintext.) @@ -30,7 +34,7 @@ The endpoint for exports may be overwritten with the `OTEL_EXPORTER_OTLP_ENDPOIN OTEL_EXPORTER_OTLP_ENDPOINT=http://my-custom-host:4318 ``` -These configurations can also be set with the `--otel-traces-exporter` and `--otel-exporter-otlp-endpoint` [host config](/docs/reference/host-config) options. +See the [host config](/docs/1.0/reference/host-config) options for equivalent host configuration CLI flags. ### Log levels @@ -41,7 +45,7 @@ The wasmCloud host supports the following log levels: - `debug` - `trace` -To override the log level, use the `--log-level` [host config](/docs/reference/host-config) argument. +To override the log level, use the `--log-level` [host config](/docs/1.0/reference/host-config) argument. :::warning @@ -53,7 +57,7 @@ Take care when enabling `trace` or `debug` level logs in a production environmen In a production environment, it's more common to emit logs in a structured format and aggregate logs from all hosts in a centralized location. Enabling OTEL signals automatically structures JSON logs for OTEL export, while local `stderr` logs remain plaintext. -To enable structured log output *without* enabling OTEL signals, use the `--enable-structured-logging` [host config](/docs/reference/host-config) argument. This will cause the host to emit logs as JSON, which are suitable for forwarding to a log aggregator. +To enable structured log output *without* enabling OTEL signals, use the `--enable-structured-logging` [host config](/docs/1.0/reference/host-config) argument. This will cause the host to emit logs as JSON, which are suitable for forwarding to a log aggregator. ```json {"timestamp":"2024-01-09T17:54:59.113161Z","level":"INFO","fields":{"message":"wasmCloud host started","host_id":"NDBYMWNPI3GSXBNM6H4WG6JTVB7K42KQWPOPICMIBVUXQL36ISJZHK4D"},"target":"wasmcloud_host::wasmbus"} @@ -61,6 +65,6 @@ To enable structured log output *without* enabling OTEL signals, use the `--enab ### Viewing logs with Grafana and Loki -A set of sample configurations and Docker Compose files are available to help launch a local observability environment. After following the instructions to [**launch a wasmCloud observability ecosystem**](/docs/deployment/observability/observability-with-opentelemetry#launch-a-wasmcloud-observability-ecosystem), you can navigate to [http://localhost:5050/explore](http://localhost:5050/explore), click the dropdown in the upper left, and select **"Loki"** to view logs. +A set of sample configurations and Docker Compose files are available to help launch a local observability environment. After following the instructions to [**launch a wasmCloud observability ecosystem**](/docs/1.0/deployment/observability/observability-with-opentelemetry#launch-a-wasmcloud-observability-ecosystem), you can navigate to [http://localhost:5050/explore](http://localhost:5050/explore), click the dropdown in the upper left, and select **"Loki"** to view logs. -Refer to the `OTEL_` environment variables in the [Docker Compose file](https://github.com/wasmCloud/wasmCloud/blob/main/examples/docker/docker-compose-otel.yml) for a complete example configuration. The example uses Grafana and Loki, but wasmCloud works with any OTEL-compatible backend. \ No newline at end of file +Refer to the environment variables in the [Docker Compose file](https://github.com/wasmCloud/wasmCloud/blob/main/examples/docker/docker-compose-otel.yml) for a complete example configuration. The example uses Grafana and Loki, but wasmCloud works with any OTEL-compatible backend. \ No newline at end of file diff --git a/docs/deployment/observability/metrics.mdx b/docs/deployment/observability/metrics.mdx index aa6ba06d..f428f6b2 100644 --- a/docs/deployment/observability/metrics.mdx +++ b/docs/deployment/observability/metrics.mdx @@ -4,10 +4,62 @@ description: "How to get aggregate data on the availability and performance of a sidebar_position: 4 --- -:::info +The wasmCloud host can export metrics using the [OpenTelemetry](https://opentelemetry.io/) (OTEL) specification. -🚧 Under construction 🚧 +For more information on wasmCloud's implementation of OpenTelemetry, including advanced configuration options, see [Observability with OpenTelemetry](/docs/deployment/observability/observability-with-opentelemetry.mdx). -Design for exporting [metrics via OpenTelemetry](https://opentelemetry.io/docs/specs/otel/metrics/) is underway. See the [RFC](https://github.com/wasmCloud/wasmCloud/issues/664) for more information. +### Configuration -::: +By default, metrics are disabled in the wasmCloud host. The host can be configured using [environment variables or host config flags](https://wasmcloud.com/docs/reference/host-config). + +To enable all OTEL signals, including metrics, use the `WASMCLOUD_OBSERVABILITY_ENABLED` environment variable: + +```bash +WASMCLOUD_OBSERVABILITY_ENABLED="true" +``` + +To enable only metrics, use the `WASMCLOUD_METRICS_ENABLED` environment variable: + +```bash +WASMCLOUD_METRICS_ENABLED="true" +``` + +By default, wasmCloud hosts export signals via HTTP/OpenTelemetry Protocol (`otlp`) on port 4318. + +The endpoint for metrics exports may be overwritten with the `OTEL_EXPORTER_OTLP_METRICS_ENDPOINT` environment variable: + +```bash +OTEL_EXPORTER_OTLP_METRICS_ENDPOINT=http://my-custom-host:4318 +``` + +See the [host config](/docs/1.0/reference/host-config) options for equivalent host configuration CLI flags. + +# Format + +Metrics are exported in [OpenTelemetry format](/docs/1.0/deployment/observability/observability-with-opentelemetry). The [OTEL collector](https://opentelemetry.io/docs/collector/) converts OTEL-formatted metrics to [Prometheus format](https://prometheus.io/docs/concepts/data_model/) for use with Prometheus systems. + +### Metric options + +The following specific metrics are included with wasmCloud: + +- **Actors**: + * Time to handle invocation in nanoseconds (`wasmcloud_host.handle_rpc_message.duration`) + * Count of the number of invocations (`wasmcloud_host.actor.invocations`) + * Count of errors (`wasmcloud_host.actor.errors`) + +User feedback and proposals for specific metrics is encouraged—[join the Slack](https://slack.wasmcloud.com/) or [open an issue](https://github.com/wasmCloud/wasmCloud/issues) to discuss your ideas. + +### Viewing metrics with Grafana and Prometheus + +A set of sample configurations and Docker Compose files are available to help launch a local observability environment. After following the instructions to [**launch a wasmCloud observability ecosystem**](/docs/1.0/deployment/observability/observability-with-opentelemetry#launch-a-wasmcloud-observability-ecosystem), there are two different ways to query metrics emitted by the wasmCloud host: + +* **Prometheus' built-in query interface** at [http://localhost:9090/graph](http://localhost:9090/graph). +* **Grafana's "Explore" interface** at [http://localhost:5050/explore](http://localhost:5050/explore). Once you are in the "View," select "Prometheus" from the dropdown on the top-left corner and under the "Metric" field select the metric you would like to explore. + +Depending on what you are trying to accomplish with the metrics, one or the other interface may be a better fit for you. + +* If you are in the process of emitting new metrics, or you are interested in exploring the metrics in a Prometheus-native interface, the Prometheus built-in query interface is probably the better fit. + +* If you are interested in seeing how the metrics would look in an interface that you might use in production, or you are looking to develop a metrics dashboard, the Grafana interface is the better fit. + +Refer to the environment variables in the [Docker Compose file](https://github.com/wasmCloud/wasmCloud/blob/main/examples/docker/docker-compose-otel.yml) for a complete example configuration. The example uses Grafana and Prometheus, but wasmCloud works with any OTEL-compatible backend. \ No newline at end of file diff --git a/docs/deployment/observability/observability-with-opentelemetry.mdx b/docs/deployment/observability/observability-with-opentelemetry.mdx index ce4b0efa..8811a37c 100644 --- a/docs/deployment/observability/observability-with-opentelemetry.mdx +++ b/docs/deployment/observability/observability-with-opentelemetry.mdx @@ -4,7 +4,7 @@ description: "Using OpenTelemetry for wasmCloud observability" sidebar_position: 1 --- -wasmCloud is designed to support cloud native observability standards using [OpenTelemetry (OTEL)](https://opentelemetry.io/). OpenTelemetry is an open source project defining common APIs and standards for telemetry in cloud native systems. As of v0.82.0, wasmCloud emits **traces** and **logs** as OTEL [**signals**](https://opentelemetry.io/docs/concepts/signals/), with **metrics** support slated for v1.0. +wasmCloud is designed to support cloud native observability standards using [OpenTelemetry (OTEL)](https://opentelemetry.io/). OpenTelemetry is an open source project defining common APIs and standards for telemetry in cloud native systems. As of v1.0, wasmCloud emits **traces**, **logs**, and **metrics** as OTEL [**signals**](https://opentelemetry.io/docs/concepts/signals/). ### Data flow @@ -14,28 +14,28 @@ A wasmCloud observability ecosystem must include an [**OTEL collector**](https:/ The OTEL documentation provides detailed instructions on how to [install and run the OTEL collector](https://opentelemetry.io/docs/collector/quick-start/). Additionally, you can find a [sample configuration for an OTEL collector](https://github.com/wasmCloud/wasmCloud/blob/main/examples/docker/otel-collector.yaml) in the wasmCloud observability ecosystem demo on GitHub. -While the OTEL collector is the recommended point of configuration for complex signal routing, there are a set of core configurations available at the level of a [wasmCloud host](https://wasmcloud.com/docs/concepts/hosts). +While the OTEL collector is the recommended point of configuration for complex signal routing, there are a set of core configurations available at the level of a [wasmCloud host](https://wasmcloud.com/docs/concepts/hosts). The host can be configured using [environment variables or host config flags](/docs/1.0/reference/host-config). ### Configuration -Enable the wasmCloud host to emit OTEL signals with the `OTEL_TRACES_EXPORTER` environment variable: +Enable the wasmCloud host to emit all OTEL signals with the `WASMCLOUD_OBSERVABILITY_ENABLED` environment variable: ```bash -OTEL_TRACES_EXPORTER=otlp +WASMCLOUD_OBSERVABILITY_ENABLED="true" ``` -In v0.82, this enables all supported OTEL signals at once—not just traces. (A more accurately descriptive environment variable and command line argument is to come in v1.0.) - -By default, OTEL signals are exported on port 4318, the standard **HTTP/OpenTelemetry Protocol (`otlp`)** port. wasmCloud only supports the `otlp` format. The endpoint for `otlp` exports may be overwritten with the `OTEL_EXPORTER_OTLP_ENDPOINT` environment variable: +By default, OTEL signals are exported on port 4318, the standard **HTTP/OpenTelemetry Protocol (`otlp`)** port. wasmCloud only supports the `otlp` format. The endpoint for all `otlp` exports may be overwritten with the `OTEL_EXPORTER_OTLP_ENDPOINT` environment variable: ```bash OTEL_EXPORTER_OTLP_ENDPOINT=http://my-custom-host:4318 ``` -While these options are typically passed as part of [host configuration](https://wasmcloud.com/docs/reference/host-config), you can launch a wasmCloud observability ecosystem locally by passing environment variables to `wash up`: +It is also possible to enable and overwrite endpoints for only specific signals—see the pages for [traces](/docs/1.0/deployment/observability/tracing), [logs](/docs/1.0/deployment/observability/logs), and [metrics](/docs/1.0/deployment/observability/metrics) for more details. + +While these options are typically passed as part of [host configuration](/docs/1.0/reference/host-config), you can launch a wasmCloud observability ecosystem locally by passing environment variables to `wash up`: ```bash -OTEL_TRACES_EXPORTER=otlp wash up +WASMCLOUD_OBSERVABILITY_ENABLED="true" wash up ``` ### Launch a wasmCloud observability ecosystem @@ -67,7 +67,7 @@ docker compose -f docker-compose-otel.yml up Make sure a wasmCloud host is running locally with OTEL signals enabled: ```bash -OTEL_TRACES_EXPORTER=otlp wash up +WASMCLOUD_OBSERVABILITY_ENABLED="true" wash up ``` Now you can access Grafana's "Explore" interface at [http://localhost:5050/explore](http://localhost:5050/explore). @@ -76,9 +76,7 @@ Now you can access Grafana's "Explore" interface at [http://localhost:5050/explo Because wasmCloud's implementation of OpenTelemetry observability uses upstream OTEL libraries, a variety of advanced configuration options are available via environment variables defined in the upstream [OTEL SDK](https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/) and [OTLP Exporter SDK](https://opentelemetry.io/docs/languages/sdk-configuration/otlp-exporter/). -For example, users have several options for [trace sampling](https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/#general-sdk-configuration), [log batch management](https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/#batch-logrecord-processor), and setting [per signal overrides for endpoints](https://opentelemetry.io/docs/languages/sdk-configuration/otlp-exporter/#otel_exporter_otlp_traces_endpoint). - -Not all upstream options are supported—for example, the wasmCloud host does not support changing format to gRPC. +For example, users have several options for [trace sampling](https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/#general-sdk-configuration) and [log batch management](https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/#batch-logrecord-processor). Not all upstream options are supported—for example, the wasmCloud host does not support changing format to gRPC. :::info[Note] In cases where the system receives conflicting configurations for the same option via environment variable and command line argument, upstream OpenTelemetry libraries prioritize configurations set via environment variable. Refer to the [OpenTelemetry documentation](https://opentelemetry.io/docs/languages/sdk-configuration/) for more details. @@ -86,6 +84,6 @@ In cases where the system receives conflicting configurations for the same optio ### Further reading -Signal-specific options on the wasmCloud host are detailed on the [traces](/docs/deployment/observability/tracing.mdx), [logs](/docs/deployment/observability/logs.mdx), and [metrics](/docs/deployment/observability/metrics.mdx) pages. For more information on OpenTelemetry, refer to the [project documentation](https://opentelemetry.io/docs/). +Signal-specific options on the wasmCloud host are detailed on the [traces](/docs/1.0/deployment/observability/tracing), [logs](/docs/1.0/deployment/observability/logs), and [metrics](/docs/1.0/deployment/observability/metrics) pages. For more information on OpenTelemetry, refer to the [project documentation](https://opentelemetry.io/docs/). diff --git a/docs/deployment/observability/tracing.mdx b/docs/deployment/observability/tracing.mdx index 7d4bb373..9bde9c73 100644 --- a/docs/deployment/observability/tracing.mdx +++ b/docs/deployment/observability/tracing.mdx @@ -8,29 +8,37 @@ Traces are essential for understanding the flow of messages through a distribute The wasmCloud host can record and export distributed traces using the [OpenTelemetry](https://opentelemetry.io/) (OTEL) specification. If you haven't worked with distributed traces before, [this primer](https://opentelemetry.io/docs/concepts/observability-primer/#distributed-traces) is a great place to start. -For more information on wasmCloud's implementation of OpenTelemetry, including advanced configuration options, see [Observability with OpenTelemetry](/docs/deployment/observability/observability-with-opentelemetry.mdx). +For more information on wasmCloud's implementation of OpenTelemetry, including advanced configuration options, see [Observability with OpenTelemetry](/docs/1.0/deployment/observability/observability-with-opentelemetry). ### Configuration -By default, tracing is disabled in the wasmCloud host. To enable traces, use the `OTEL_TRACES_EXPORTER` environment variable: +By default, tracing is disabled in the wasmCloud host. The host can be configured using [environment variables or host config flags](/docs/1.0/reference/host-config). + +To enable all OTEL signals, including traces, use the `WASMCLOUD_OBSERVABILITY_ENABLED` environment variable: + +```bash +WASMCLOUD_OBSERVABILITY_ENABLED="true" +``` + +To enable only traces, use the `WASMCLOUD_TRACES_ENABLED` environment variable: ```bash -OTEL_TRACES_EXPORTER=otlp +WASMCLOUD_TRACES_ENABLED="true" ``` By default, wasmCloud hosts export traces via HTTP/OpenTelemetry Protocol (`otlp`) on port 4318. -The endpoint for trace exports may be overwritten with the `OTEL_EXPORTER_OTLP_ENDPOINT` environment variable: +The endpoint for trace exports may be overwritten with the `OTEL_EXPORTER_OTLP_TRACES_ENDPOINT` environment variable: ```bash -OTEL_EXPORTER_OTLP_ENDPOINT=http://my-custom-host:4318 +OTEL_EXPORTER_OTLP_TRACES_ENDPOINT=http://my-custom-host:4318 ``` -These configurations can also be set with the `--otel-traces-exporter` and `--otel-exporter-otlp-endpoint` [host config](/docs/reference/host-config) options. +See the [host config](/docs/1.0/reference/host-config) options for equivalent host configuration CLI flags. ### Viewing traces with Grafana and Tempo -A set of sample configurations and Docker Compose files are available to help launch a local observability environment. After following the instructions to [**launch a wasmCloud observability ecosystem**](/docs/deployment/observability/observability-with-opentelemetry#launch-a-wasmcloud-observability-ecosystem), you can navigate to [http://localhost:5050/explore](http://localhost:5050/explore), click the dropdown in the upper left, and select **"Tempo"** to view traces. +A set of sample configurations and Docker Compose files are available to help launch a local observability environment. After following the instructions to [**launch a wasmCloud observability ecosystem**](/docs/1.0/deployment/observability/observability-with-opentelemetry#launch-a-wasmcloud-observability-ecosystem), you can navigate to [http://localhost:5050/explore](http://localhost:5050/explore), click the dropdown in the upper left, and select **"Tempo"** to view traces. There are several ways to query traces in Tempo. To see all traces from the host, change the "Query type" tab to "Search," then click the "Service Name" dropdown and select "wasmcloud-host." You can also increase the "Limit" field to something more than the default (20). To search, press Shift-Enter. You can click on any of the Trace IDs to view all the spans associated with the trace. diff --git a/docs/reference/host-config.md b/docs/reference/host-config.md index bb984726..22775e70 100644 --- a/docs/reference/host-config.md +++ b/docs/reference/host-config.md @@ -7,30 +7,48 @@ draft: false The following table contains a list of all options that can be used to configure the wasmCloud Host: -| Flag | Environment Variable | Default | Description | Example | -| ------------------------------- | -------------------------------------------------------- | --------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | -| `--log-level` | `WASMCLOUD_LOG_LEVEL` | INFO | Controls the verbosity of logs from the wasmCloud host | `--log-level DEBUG` | -| `--nats-host` | `NATS_HOST` | 127.0.0.1 | NATS server host to connect to | `--nats-host my-nats-server` | -| `--nats-port` | `NATS_PORT` | 4222 | NATS server port to connect to | `--nats-port 4223` | -| `--nats-jwt` | `NATS_JWT` | N/A | A user JWT to use to authenticate to NATS. The given credential needs to have full access to all `wasmbus.>` topics as well as access to the configured `--js-domain` to create, manage, and access KV buckets used for lattice metadata and component config | `--nats-jwt eyJ0eXAiOiJqd3Qi...` | -| `--nats-seed` | `NATS_SEED` | N/A | A seed nkey to use to authenticate to NATS. This seed should be the same one associated with the JWT. Please see the [NATS Docs](https://docs.nats.io/running-a-nats-service/configuration/securing_nats/auth_intro/jwt) for more information | `--nats-seed SUAAZU5G7UOUR7VX...` | -| `-x`, `--lattice-prefix` | `WASMCLOUD_LATTICE_PREFIX` | default | The lattice the host belongs to. If running with multiple lattices, each name MUST be unique | `-x my-lattice` | -| `--host-seed` | `WASMCLOUD_HOST_SEED` | N/A | The seed key used by this host to generate its public key. In most cases you won't need to set this, but if needed a seed can be generated with `wash keys gen server` | `--host-seed SNABP2H7DRKW3XRM...` | -| `--cluster-seed` | `WASMCLOUD_CLUSTER_SEED` | N/A | The seed key used by this host to sign all invocations. | `--cluster-seed SCAICHCEWFXMDS6A...` | -| `--cluster-issuers` | `WASMCLOUD_CLUSTER_ISSUERS` | N/A | A comma-delimited list of public keys for signed invocations. | `--cluster-issuers CCTUCYZYWQ...,CA2PCIP7QF...` | -| `--provider-shutdown-delay` | `WASMCLOUD_PROV_SHUTDOWN_DELAY_MS` | 300 | Delay in milliseconds between requesting a provider shutdown. If you are likely to be running many custom providers that require extensive clean up, this value can be increased to give them more time to shut down | `--provider-shutdown-delay 500` | -| `--allow-latest` | `WASMCLOUD_OCI_ALLOW_LATEST` | N/A | Determines whether OCI images tagged latest are allowed. By default, we do not allow this as it makes it very unclear if something has actually updated for an end user or operator | `--allow-latest` | -| `--allowed-insecure` | `WASMCLOUD_OCI_ALLOWED_INSECURE` | N/A | Comma-separated list of allowed insecure OCI hosts. Otherwise, all OCI references given to this host will expect an https endpoint | `--allowed-insecure registry1,registry2` | -| `--js-domain` | `WASMCLOUD_JS_DOMAIN` | N/A | NATS Jetstream domain name. If set, all hosts in the lattice MUST be using the same domain name | `--js-domain my-domain` | -| `--config-service-enabled` | `WASMCLOUD_CONFIG_SERVICE` | N/A | Denotes if a wasmCloud host should issue requests to a config service on startup. This config service can allow dynamic setting of things such as OCI credentials | `--config-service-enabled` | -| `--allow-file-load` | `WASMCLOUD_ALLOW_FILE_LOAD` | N/A | Denotes if a wasmCloud host should allow starting components from the file system. This should only be used for development and not in production (as the existence of files on any given system cannot be guaranteed) | `--allow-file-load` | -| `--enable-structured-logging` | `WASMCLOUD_STRUCTURED_LOGGING_ENABLED` | N/A | Enable JSON structured logging from the wasmCloud host | `--enable-structured-logging` | -| `-l`, `--label` | `WASMCLOUD_HOST_{label_name}` (specified for each label) | N/A | A label=value to apply to the host. May be specified multiple times | `-l cloud=aws -l region=us-west` | -| `--policy-topic` | `WASMCLOUD_POLICY_TOPIC` | N/A | Enables policy checks on start actions and component invocations at the given topic. This can be used with any sort of policy service. For more information see our [Policy Service documentation](/docs/deployment/security/policy-service) | `--policy-topic my.policy.topic` | -| `--policy-changes-topic` | `WASMCLOUD_POLICY_CHANGES_TOPIC` | N/A | Allows the host to subscribe to updates on past policy decisions. This is how a policy service can tell hosts to invalidate a cached decision. This requires `--policy-topic` to be test | `--policy-changes-topic my.changes.topic` | -| `--policy-timeout-ms` | `WASMCLOUD_POLICY_TIMEOUT` | 1000 | Sets a custom timeout for requesting policy decisions. Requires `--policy-topic` to be set | `--policy-timeout-ms 2000` | -| `--oci-registry` | `OCI_REGISTRY` | N/A | Overrides credentials for a specific OCI registry. Used in tandem with `--oci_user` and `--oci_password` to override credentials for a specific OCI registry | `--oci-registry my-registry` | -| `--oci-user` | `OCI_REGISTRY_USER` | N/A | Username for the OCI registry specified by `--oci_registry` | `--oci-user my-username` | -| `--oci-password` | `OCI_REGISTRY_PASSWORD` | N/A | Password for the OCI registry specified by `--oci_registry` | `--oci-password my-password` | -| `--otel-traces-exporter` | `OTEL_TRACES_EXPORTER` | N/A | Specifies which exporter to use for traces (Only "otlp" is currently supported) | `--otel-traces-exporter otlp` | -| `--otel-exporter-otlp-endpoint` | `OTEL_EXPORTER_OTLP_ENDPOINT` | N/A | Specifies the endpoint to use for the OTLP exporter | `--otel-exporter-otlp-endpoint http://my-custom-host:4318` | +| Flag | Environment Variable | Default | Description | Example | +| ----------------------------------- | -------------------------------------------------------- | --------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------- | +| `--log-level` | `WASMCLOUD_LOG_LEVEL` | INFO | Controls the verbosity of logs from the wasmCloud host | `--log-level DEBUG` | +| `--nats-host` | `WASMCLOUD_NATS_HOST` | 127.0.0.1 | NATS server host to connect to | `--nats-host my-nats-server` | +| `--nats-port` | `WASMCLOUD_NATS_PORT` | 4222 | NATS server port to connect to | `--nats-port 4223` | +| `--nats-jwt` | `WASMCLOUD_NATS_JWT` | N/A | A user JWT to use to authenticate to NATS. The given credential needs to have full access to all `wasmbus.>` topics as well as access to the configured `--js-domain` to create, manage, and access KV buckets used for lattice metadata and component config. | `--nats-jwt eyJ0eXAiOiJqd3Qi...` | +| `--nats-seed` | `WASMCLOUD_NATS_SEED` | N/A | A seed nkey to use to authenticate to NATS. This seed should be the same one associated with the JWT. Please see the [NATS Docs](https://docs.nats.io/running-a-nats-service/configuration/securing_nats/auth_intro/jwt) for more information | `--nats-seed SUAAZU5G7UOUR7VX...` | +| `-x`, `--lattice` | `WASMCLOUD_LATTICE` | default | The lattice the host belongs to. If running with multiple lattices, each name MUST be unique. | `-x my-lattice` | +| `--host-seed` | `WASMCLOUD_HOST_SEED` | N/A | The seed key used by this host to generate its public key. In most cases you won't need to set this, but if needed a seed can be generated with `wash keys gen server` | `--host-seed SNABP2H7DRKW3XRM...` | +| `--cluster-seed` | `WASMCLOUD_CLUSTER_SEED` | N/A | The seed key used by this host to sign all invocations. | `--cluster-seed SCAICHCEWFXMDS6A...` | +| `--cluster-issuers` | `WASMCLOUD_CLUSTER_ISSUERS` | N/A | A comma-delimited list of public keys for signed invocations. | `--cluster-issuers CCTUCYZYWQ...,CA2PCIP7QF...` | +| `--provider-shutdown-delay` | `WASMCLOUD_PROV_SHUTDOWN_DELAY_MS` | 300 | Delay in milliseconds between requesting a provider shutdown. If you are likely to be running many custom providers that require extensive clean up, this value can be increased to give them more time to shut down | `--provider-shutdown-delay 500` | +| `--allow-latest` | `WASMCLOUD_OCI_ALLOW_LATEST` | N/A | Determines whether OCI images tagged latest are allowed. By default, we do not allow this as it makes it very unclear if something has actually updated for an end user or operator | `--allow-latest` | +| `--allowed-insecure` | `WASMCLOUD_OCI_ALLOWED_INSECURE` | N/A | Comma-separated list of allowed insecure OCI hosts. Otherwise, all OCI references given to this host will expect an https endpoint | `--allowed-insecure registry1,registry2` | +| `--js-domain` | `WASMCLOUD_JS_DOMAIN` | N/A | NATS Jetstream domain name. If set, all hosts in the lattice MUST be using the same domain name | `--js-domain my-domain` | +| `--config-service-enabled` | `WASMCLOUD_CONFIG_SERVICE` | N/A | Denotes if a wasmCloud host should issue requests to a config service on startup. This config service can allow dynamic setting of things such as OCI credentials | `--config-service-enabled` | +| `--allow-file-load` | `WASMCLOUD_ALLOW_FILE_LOAD` | N/A | Denotes if a wasmCloud host should allow starting components from the file system. This should only be used for development and not in production (as the existence of files on any given system cannot be guaranteed) | `--allow-file-load` | +| `--enable-structured-logging` | `WASMCLOUD_STRUCTURED_LOGGING_ENABLED` | N/A | Enable JSON structured logging from the wasmCloud host | `--enable-structured-logging` | +| `-l`, `--label` | `WASMCLOUD_HOST_{label_name}` (specified for each label) | N/A | A label=value to apply to the host. May be specified multiple times | `-l cloud=aws -l region=us-west` | +| `--ctl-host` | `WASMCLOUD_CTL_HOST` | NATS host value | An IP address or DNS name to use to connect to NATS for Control Interface (CTL) messages, defaults to the value supplied to `--nats-host` if not supplied. | `--ctl-host my-nats-server` | +| `--ctl-port` | `WASMCLOUD_CTL_PORT` | NATS port value | A port to use to connect to NATS for CTL messages, defaults to the value supplied to `--nats-port` if not supplied. | `--ctl-port 4223` | +| `--ctl-jwt` | `WASMCLOUD_CTL_JWT` | NATS JWT value | A user JWT to use to authenticate to NATS for CTL messages, defaults to the value supplied to `--nats-jwt` if not supplied. | `--ctl-jwt eyJ0eXAiOiJqd3Qi...` | +| `--ctl-seed` | `WASMCLOUD_CTL_SEED` | NATS seed value | A seed nkey to use to authenticate to NATS for CTL messages, defaults to the value supplied to `--nats-seed` if not supplied. | `--ctl-seed SUAAZU5G7UOUR7VX...` | +| `--ctl-tls` | `WASMCLOUD_CTL_TLS` | N/A | Optional flag to require host communication over TLS with a NATS server for CTL messages. | `--ctl-tls` | +| `--ctl-topic-prefix` | `WASMCLOUD_CTL_TOPIC_PREFIX` | wasmbus.ctl | Advanced: A prefix to use for all CTL topics. | `--ctl-topic-prefix my.ctl` | +| `--rpc-host` | `WASMCLOUD_RPC_HOST` | NATS host value | An IP address or DNS name to use to connect to NATS for RPC messages, defaults to the value supplied to `--nats-host` if not supplied. | `--rpc-host my-nats-server` | +| `--rpc-port` | `WASMCLOUD_PRC_PORT` | NATS port value | A port to use to connect to NATS for RPC messages, defaults to the value supplied to `--nats-port` if not supplied. | `--rpc-port 4223` | +| `--rpc-jwt` | `WASMCLOUD_RPC_JWT` | NATS JWT value | A user JWT to use to authenticate to NATS for RPC messages, defaults to the value supplied to `--nats-jwt` if not supplied. | `--rpc-jwt eyJ0eXAiOiJqd3Qi...` | +| `--rpc-seed` | `WASMCLOUD_RPC_SEED` | NATS seed value | A seed nkey to use to authenticate to NATS for RPC messages, defaults to the value supplied to `--nats-seed` if not supplied. | `--rpc-seed SUAAZU5G7UOUR7VX...` | +| `--rpc-timeout-ms` | `WASMCLOUD_RPC_TIMEOUT_MS` | 2000 | Timeout in milliseconds for all RPC calls. | `--rpc-timeout-ms 4000` | +| `--rpc-tls` | `WASMCLOUD_RPC_TLS` | N/A | Optional flag to require host communication over TLS with a NATS server for RPC messages. | `--rpc-tls` | +| `--policy-topic` | `WASMCLOUD_POLICY_TOPIC` | N/A | Enables policy checks on start actions and component invocations at the given topic. This can be used with any sort of policy service. For more information see our [Policy Service documentation](/docs/deployment/security/policy-service) | `--policy-topic my.policy.topic` | +| `--policy-changes-topic` | `WASMCLOUD_POLICY_CHANGES_TOPIC` | N/A | Allows the host to subscribe to updates on past policy decisions. This is how a policy service can tell hosts to invalidate a cached decision. This requires `--policy-topic` to be test | `--policy-changes-topic my.changes.topic` | +| `--policy-timeout-ms` | `WASMCLOUD_POLICY_TIMEOUT` | 1000 | Sets a custom timeout for requesting policy decisions. Requires `--policy-topic` to be set | `--policy-timeout-ms 2000` | +| `--oci-registry` | `OCI_REGISTRY` | N/A | Overrides credentials for a specific OCI registry. Used in tandem with `--oci_user` and `--oci_password` to override credentials for a specific OCI registry | `--oci-registry my-registry` | +| `--oci-user` | `OCI_REGISTRY_USER` | N/A | Username for the OCI registry specified by `--oci_registry` | `--oci-user my-username` | +| `--oci-password` | `OCI_REGISTRY_PASSWORD` | N/A | Password for the OCI registry specified by `--oci_registry` | `--oci-password my-password` | +| `--enable-observability` | `WASMCLOUD_OBSERVABILITY_ENABLED` | N/A | Enables the wasmCloud host to emit all OpenTelemetry signals. Conflicts with signal-specific configurations for logs, traces, and metrics. | `--enable-observability` | +| `--enable-traces` | `WASMCLOUD_TRACES_ENABLED` | N/A | Enables the wasmCloud host to emit traces as OpenTelemetry signals. | `--enable-traces` | +| `--enable-metrics` | `WASMCLOUD_METRICS_ENABLED` | N/A | Enables the wasmCloud host to emit metrics as OpenTelemetry signals. | `--enable-metrics` | +| `--enable-logs` | `WASMCLOUD_LOGS_ENABLED` | N/A | Enables the wasmCloud host to emit logs as OpenTelemetry signals. | `--enable-logs` | +| `--override-observability-endpoint` | `OTEL_EXPORTER_OTLP_ENDPOINT` | N/A | Overrides the OpenTelemetry endpoint used for emitting traces, metrics, and logs. | `--override-observability-endpoint http://my-custom-host:4318` | +| `--override-traces-endpoint` | `OTEL_EXPORTER_OTLP_TRACES_ENDPOINT` | N/A | Overrides the OpenTelemetry endpoint used for emitting traces. | `--override-traces-endpoint http://my-custom-host:4318` | +| `--override-metrics-endpoint` | `OTEL_EXPORTER_OTLP_METRICS_ENDPOINT` | N/A | Overrides the OpenTelemetry endpoint used for emitting metrics. | `--override-metrics-endpoint http://my-custom-host:4318` | +| `--override-logs-endpoint` | `OTEL_EXPORTER_OTLP_LOGS_ENDPOINT` | N/A | Overrides the OpenTelemetry endpoint used for emitting logs. | `--override-logs-endpoint http://my-custom-host:4318` | \ No newline at end of file