Configuration #
Pragma Engine uses a list of configuration files at start-up to define environment and connection details for each part of your game’s development and release cycle. Your configuration files are passed as list of files read from disk and Pragma Engine periodically polls your configuration files for changes. These changes are dynamically reloaded without requiring you to restart the engine.
Config Overrides and Priority #
The priority for configuration overrides is:
- Higher priority: the list of config files (i.e.
common.yml
,shard/test.yml
) - Lower priority: code level defaults
Config defaults can be specified in code where the configuration values are defined, with the option to specify defaults for development or production. These defaults are overridden if the config value is specified in a higher priority format.
Having a list of configuration files allows you to define a common configuration (i.e. common.yml
) shared between all deployments of
Pragma Engine while having specific configuration files for specific deployments.
Dynamic Config #
The platform periodically checks the config files for changes, and loads them if found. Not all configuration is safe to be dynamically reloaded, such as changing to a different database host. In these cases a service restart will be required.
Secret Encryption #
Some configurations must be encrypted before use in certain Pragma Engine deploys. While encryption isn’t required locally, the values need to be encrypted for production for security, as they typically contain sensitive information like passwords or secret keys.
Secrets must be reencrypted per shard, as each shard generally has a different encryption key.
Prerequisites
To encrypt and decrypt secrets, you must first complete the following:
- set up VPN
- download Vault
- get access to the following information in Vault:
vault_address
: The url that the Vault instance is located at (https://vault.<project_id>.<project_id>.pragmaengine.com
).vault_token
: The token used to authenticate and log in with Vault.stack_id
: The name (or codename) of the stack/game that you gave Pragma Engine while setting up your infrastructure. This is the name found in your5-ext
config file (pragma-engine/platform/5-ext/config
).shard_id
: The name of the shard that the config is for. This is in the config file found in the config shards directory (pragma-engine/platform/5-ext/config/shard/<shard_id>.yml
).
- clone down infrastructure repository
Setup Steps #
- Connect to the VPN using the
*.ovpn
file provided to you directly during onboarding. - Ensure you have a
vault_token
andvault_address
in your bash environment:
export VAULT_LOGIN_TOKEN=<vault_token>
export VAULT_ADDR=<vault_address>
- Log in to Vault:
vault login token=$VAULT_LOGIN_TOKEN
- Navigate to the root directory of your infrastructure repository.
Encrypt #
To encrypt a secret, run:
./util-scripts/encrypt-secret.sh --stackId <stack_id> --shardId <shard_id> --secret "plain text string goes here"
The encrypted string can now be safely added into your config found under pragma-engine/platform/5-ext/config/shard/<shard_id>.yml
.
Decrypt #
To decrypt a secret, get the string you want to decrypt from the configuration file and run:
./util-scripts/decrypt-secret.sh --stackId <stack_id> --shardId <shard_id> --secret "encrypted string goes here"
Quick Guides #
Setting up configuration files #
The following code block is a sample of local-dev.yml
(for testing) or common.yml
(for production):
game:
core:
clusterName: "game"
logging:
fileLoggerEnabled: true
serviceConfigs:
GameOperatorGatewayConfig:
schema: "https"
websocketSchema: "wss"
authenticateHost: "shardName.yourcompany.com"
socialHost: "shardName.yourcompany.com"
gameHost: "shardName.yourcompany.com"
GamePartnerGatewayConfig:
schema: "https"
websocketSchema: "wss"
authenticateHost: "shardName.yourcompany.com"
socialHost: "shardName.yourcompany.com"
gameHost: "shardName.yourcompany.com"
GamePlayerGatewayConfig:
schema: "https"
websocketSchema: "wss"
authenticateHost: "shardName.yourcompany.com"
socialHost: "shardName.yourcompany.com"
gameHost: "shardName.yourcompany.com"
MatchLifecycleServiceConfig:
matchFoundBuilderStrategy: "YourMatchFoundBuilderStrategy"
pluginConfigs:
MatchCapacityService.capacityProvider:
"pragma.matchcapacity.PragmaNomadCapacityProvider"
config:
url: "https://nomad.shardName.yourcompany.com"
jobName: "us-east-2-exec"
executableName: "yourServerExecutable.sh"
args:
0: "-PragmaDebug=0"
1: "-PragmaBackendAddress=https://shardName.yourcompany.com:Port"
MatchmakingService.matchmakingStrategy:
class: "CooperativeWarmBodyMatchmakingStrategy"
config:
numberOfPlayers: 3
social:
core:
clusterName: "social"
logging:
fileLoggerEnabled: true
serviceConfigs:
SystemReporterNodeServiceConfig:
secret: "encryptedSecretCode"
GameDaoConfig:
databaseConfig:
driver: "MYSQLDB"
hostPortSchema: "db.location.com:port/game"
username: "secureUsername"
password: "encryptedSecurePassword"
UnsafeIdentityDaoConfig:
databaseConfig:
driver: "MYSQLDB"
hostPortSchema: "db.location.com:port/unsafe_identity_provider"
username: "secureUsername"
password: "encryptedSecurePassword"
AccountDaoConfig:
databaseConfig:
driver: "MYSQLDB"
hostPortSchema: "db.location.com:port/account"
username: "secureUsername"
password: "encryptedSecurePassword"