Configuration Server runbook

The Configuration Server is a core Deephaven system service that serves configuration information to all other Deephaven client and server processes. Most Deephaven configuration files and settings are stored in etcd, and the Configuration Server is responsible for writing configuration to etcd as well as reading configuration from etcd and serving that information over gRPC to all other Deephaven processes. See the Configuration Server overview for more details.

Impact of Configuration Server failure

Configuration Server responsibilities

The Configuration Server manages the following resources:

• Property files — Application configuration properties for all Deephaven services.
• Table schemas — Table definitions including columns, types, and partitioning.
• Cluster routing file — Data location and server routing configuration.
• Persistent Query definitions — PQ configurations and schedules.

All configuration changes flow through the Configuration Server, which ensures consistency with etcd.

Configuration Server dependencies

The Configuration Server requires:

1. etcd cluster — Must be running and accessible for storing/retrieving configuration.
2. etcd client configuration files — Located at /etc/sysconfig/deephaven/etcd/client.

Optional dependencies:

• Authentication Server — Required to authenticate user requests, but Configuration Server can start without it (will be unable to authenticate user operations).

The Configuration Server is typically the first Deephaven service to start after etcd.

Checking Configuration Server status

Check process is running with monit:

Expected output should show status Running.

Test Configuration Server connectivity:

If this returns a list of property files, the Configuration Server is accessible and functioning.

Viewing Configuration Server logs

View application log:

Tail the log to follow in real-time:

List historical log files:

View process stdout/stderr logs:

Restart procedure

Restart the Configuration Server:

Verify the restart was successful:

Monitor the log during startup:

Expected startup messages:

• Successful connection to etcd.
• Server listening on configured port (default: 22023).
• Configuration cache initialized.
• Ready to accept requests.

Configuring the Configuration Server

TLS keystore management

The Configuration Server p12 keystore is generated and managed automatically by Deephaven installation processes.

Keystore location: /etc/sysconfig/deephaven/auth/keystore.configuration_server.p12

Passphrase location: /etc/sysconfig/deephaven/auth/.configuration_server_passphrase

Trust store: /etc/sysconfig/deephaven/trust/truststore-iris.p12

The default keystore is created using a self-signed root CA which is added automatically to the system truststore. You should only consider changing these settings if you are fully prepared to own the creation, consumption, and maintenance of this keystore.

etcd client configuration

The Configuration Server requires etcd client configuration files located at /etc/sysconfig/deephaven/etcd/client/. These directories contain:

• endpoints — List of etcd node addresses and ports.
• username — etcd RBAC username for this role.
• password — etcd RBAC password (encrypted).
• ca.crt — Certificate authority for TLS verification.

Multiple client configurations exist for different access patterns (read-only, read-write, specific namespaces).

See etcd runbook for detailed etcd client configuration.

Interacting with the Configuration Server

The primary interface to the Configuration Server is the dhconfig command-line tool.

Using dhconfig

Default behavior: dhconfig connects to Configuration Server (recommended)

Direct etcd access: When Configuration Server is unavailable

See dhconfig command reference for complete documentation.

Managing configuration through Configuration Server

Property files

Table schemas

Routing configuration

Persistent Queries

Configuration Server caching

The Configuration Server caches configuration in memory for performance:

Cache behavior:

• Configuration is cached when first accessed.
• Cache is updated when configuration changes through Configuration Server.
• Cache may become stale if etcd is modified directly.

Cache invalidation:

If configuration is modified directly in etcd (bypassing Configuration Server), restart the Configuration Server to reload its cache:

Backup and restore

Configuration Server state is entirely stored in etcd. Backup etcd to backup all configuration:

See etcd runbook for complete backup and restore procedures.

Direct etcd access scenarios

Use dhconfig --etcd to bypass Configuration Server when:

Configuration Server is down:

Emergency configuration changes:

Troubleshooting configuration issues:

Direct access uses etcd client configuration files and requires appropriate etcd RBAC permissions.

Configuration files and locations

monit configuration: /etc/sysconfig/illumon.d/monit/configuration_server.conf

Property files:

• /etc/sysconfig/illumon.d/resources/iris-common.prop
• /etc/sysconfig/illumon.d/resources/configuration_server.prop

TLS keystore: /etc/sysconfig/deephaven/auth/keystore.configuration_server.p12

TLS passphrase: /etc/sysconfig/deephaven/auth/.configuration_server_passphrase

Truststore: /etc/sysconfig/deephaven/trust/truststore-iris.p12

etcd client config: /etc/sysconfig/deephaven/etcd/client/

Log directory: /var/log/deephaven/configuration_server/

Related documentation

• Configuration Server overview
• System processes overview
• dhconfig command reference
• etcd runbook
• Authentication Server runbook