/
elm-sync Configuration

elm-sync Configuration

Owned by Jim Amsden (Unlicensed)
Last updated: Apr 16, 2025 by Jim Amsden
9 min read

 

Overview

elm-sync configuration is done in the Spring Boot application.yml file. The configuration associates one CDCM space with one or more ELM GCM servers, and lists the CDCM Configuration Areas in that space that should be synchronized with ELM GCM. Syncing configuration areas in other CDCM spaces requires a separate instance of elm-sync.

Configuration includes the following topics:

  • The elm-sync server configuration

  • ibm-elm server port and context-path

  • scheduler for elm-sync

  • spring application configuration including

    • security for oauth2 for CDCM access

    • SQLite database configuration for elm-sync

  • cdcm sever host and space-key

  • OAuth1.0a configuration for access to ELM GCM

  • The cdcm Configuration Area to ELM GCM server mappings

Description

elm-sync uses the configuration information in the application.yml file to configure the CDCM and ELM GCM server URLs, access control and API information, and the list of CDCM Configuration Areas to sync. elm-sync then uses the CDCM TRS provider to read the change log to replicate changes in CDCM in the corresponding project areas and resources in ELM GCM. elm-sync does not use the CDCM TRS base to determine what configuration areas to sync. Rather the CDCM Configuration Areas to sync are explicitly defined in the configuration.area.mapping elements.

elm-sync also does not currently use the trs:cutoffEvent, as it is always 0. This effectively means elm-sync assumes the TRS base is empty and all the TRS provider information is in the change log. This will be updated when CDCM implements change log pruning.

Configuration

application.yml

The application.yml defines various information elm-sync uses to determine what CDCM configuration areas should be synced to ELM GCM and how to access them through their authenticated APIs. Here’s an example application.yml file.

elm-sync: # configuration for the elm-sync server instance: name: ELM-SYNC-1 max-number-of-retries: 100 retry-backoff: 100 max-number-of-unique-title-retries: 100 server: port: 8080 servlet: context-path: "/sandbox" scheduler: cron: "0 * * * * *" #run the job every minute logging: level: root: info com: mid: smartfacts: cdcm: elmsync: info spring: codec: max-in-memory-size: 10MB security: oauth2: client: registration: cdcm-client: client-id: cdcm-client-id client-secret: secret scope: service-user-roles authorization-grant-type: client_credentials provider: cdcm-client: issuer-uri: https://keycloak/realms/cdcm user-name-attribute: preferred_username resourceserver: jwt: issuer-uri: https://keycloak/realms/cdcm datasource: url: "jdbc:sqlite:/opt/elmsync/data/elmsync.db" driver-class-name: org.sqlite.JDBC username: sa password: sa jpa: database-platform: org.hibernate.community.dialect.SQLiteDialect hibernate: ddl-auto: update show-sql: false cdcm: # the CDCM server instance and Space to use, one instance per elm-sync server api: host: https://cdcm.com space-key: space_key ibm-elm: # the IBM ELM server instance to use, corresponds to a CDCM Space api: host: https://elm.com pa-creation-path: /gc/service/com.ibm.team.process.internal.service.web.IProcessWebUIService/projectArea pa-get-path: /gc/service/com.ibm.team.process.internal.service.web.IProcessWebUIService/allProjectAreas config-update-path: /gc/gc.webui.updateConfiguration smartfacts: oauth10a: active: true outbound: details: - name: elm.com protected-url-roots: https://elm.com:9443/jts/**,https://elm.com:9443/rm/**,https://elm.com:9443/gc/** consumer-key: key consumer-secret: secret rootservices: https://elm.com:9443/jts/rootservices inbound: realm-name: sandbox-realm auto-approve-consumer-keys: true auto-approve-tokens: true details: - name: elm-inbound consumer-key: key consumer-secret: secret configuration: area: mapping: - source: cdcm_area_id target: https://elm.com:9443 - source: cdcm_area_id target: https://elm.com:9443 - source: cdcm_area_id target: https://elm.com:9443

elm-sync server configuration

This section defines the elm-server configuration including the server port and context-path for accessing the elm-sync controllers, and server instance information. Note: the elm-sync controllers are only used for development and unit testing, the only elm-sync REST services intended for customer use are for sync error reporting and recovery as described in Trouble Shooting .

elm-sync: # configuration for the elm-sync server instance: name: ELM-SYNC-1 max-number-of-retries: 6 retry-backoff: 2 max-number-of-unique-title-retries: 50 server: port: 8080 servlet: context-path: "/sandbox"

elm-sync Spring Boot Application Configuration

The elm-sync Spring Boot application configuration specifies information about:

  1. CDCM OAuth2.0 security information needed to access CDCM

  2. An SQLite database for persisting information about the CDCM configuration areas and ELM GCM project areas that are being synchronized.

CDCM Authentication Configuration

Access to CDCM uses AOuth 2 which is configured for the Spring Boot application using the cdcm-client. Your CDCM administrator can provide your client-id and client-secret, and information on the provider.cdcm-client that does the authentication.

spring: codec: max-in-memory-size: 10MB security: oauth2: client: registration: custom: #'custom' here can be anything client-id: cdcm-dev client-secret: secret redirect-uri: http://localhost:${server.port}/${server.servlet.context-path}/login/oauth2/code/custom scope: openid authorization-grant-type: authorization_code cdcm-client: client-id: cdcm-client-id client-secret: secret scope: service-user-roles authorization-grant-type: client_credentials provider: custom: #'custom' here can be anything issuer-uri: https://keycloak/realms/cdcm user-name-attribute: preferred_username user-info-authentication-method: form # header, form, query cdcm-client: issuer-uri: https://keycloak/realms/cdcm user-name-attribute: preferred_username resourceserver: jwt: issuer-uri: https://keycloak/realms/cdcm

There are two oauth2.client.registration configurations in the application.yml file for accessing CDCM:

  1. cdcm-client: Used for elm-sync to CDCM server-to-server interactions

  2. custom: used for user access to CDCM for elm-sync development and unit testing. This entry may not be needed in customer configurations, but is retained for completeness.

For each client.registration, there is a corresponding client.provider that configures the authentication provider and method for that client.registration.

elm-sync Authentication Configuration

elm-sync provides a controller UI for accessing and repairing CDCM configuration area to GCM project area mappings as described in Trouble Shooting. This requires users to authenticate with elm-sync. See OAuth 2.0 Resource Server JWT :: Spring Security for how this is done in a spring boot application. The spring.security.oauth2.resourceserver specifies how elm-sync is authenticated.

resourceserver: jwt: issuer-uri: https://keycloak/realms/cdcm

Database Configuration

The database information includes:

  • The Configuration Area id

  • The ELM Server URL and corresponding project area URL

  • The trs:order number of the last trs:change event processed by elm-sync. Changes after this event will be processed on the next elm-sync scan cycle.

spring: security: oauth2: client: registration: cdcm-client: client-id: cdcm-client-id client-secret: secret scope: service-user-roles authorization-grant-type: client_credentials provider: cdcm-client: issuer-uri: https://keycloak/realms/cdcm user-name-attribute: preferred_username resourceserver: jwt: issuer-uri: https://keycloak/realms/cdcm datasource: url: "jdbc:sqlite:/opt/elmsync/data/elmsync.db" driver-class-name: org.sqlite.JDBC username: sa password: sa jpa: database-platform: org.hibernate.community.dialect.SQLiteDialect hibernate: ddl-auto: update show-sql: false

CDCM Server and API

This section defines the CDCM server and space that is the source of configuration areas that will be synced to ELM GCM project areas. elm-sync only support configuration of a single CDCM server and a single CDCM space. Use multiple instances of elm-sync to synchronize other CDCM servers or spaces.

cdcm: # the CDCM server instance and Space to use, one instance per elm-sync server api: host: https://cdcm.com space-key: space_key

IBM ELM server and API information

This section specifies the IBM ELM GCM server that will be synchronized with the CDCM space.

ibm-elm: # the IBM ELM server instance to use, corresponds to a CDCM Space api: host: https://elm.com pa-creation-path: /gc/service/com.ibm.team.process.internal.service.web.IProcessWebUIService/projectArea pa-get-path: /gc/service/com.ibm.team.process.internal.service.web.IProcessWebUIService/allProjectAreas config-update-path: /gc/gc.webui.updateConfiguration

Future considerations:

  1. The pa-creation-path, pa-get-path and config-update-path are specified in ELM GCM private API. These paths are unlikely to change or could possibly be discovered and may not need to be configured manually. See https://jazz.net/gc/doc/scenarios.

  2. The ibm-elm.api.host property limits elm-sync to syncing a single CDCM space to a single ELM GCM server. This will be updated to support multiple ELM GCM servers and this property will be removed, instead getting the value from the configuration.area.mapping.target value.

ELM GCM OAuth1.0a Security Configuration

elm-sync uses OAuth1.0a to access ELM GCM through the REST APIs. This access is done through a functional user whose ID is associated with a consumer key and secret.

smartfacts: oauth10a: active: true outbound: details: - name: elm.com protected-url-roots: https://elm.com:9443/jts/**,https://elm.com:9443/rm/**,https://elm.com:9443/gc/** consumer-key: key consumer-secret: secret rootservices: https://elm.com:9443/jts/rootservices inbound: realm-name: sandbox-realm auto-approve-consumer-keys: true auto-approve-tokens: true details: - name: elm-inbound consumer-key: key consumer-secret: secret

 

The outbound.details provides the information elm-sync needs to be able to access ELM GCM services using OAuth1.0a for authentication.

  • name: a name for the outbound.detals for a specific ELM GCM server configuration. There could be many of these, one for each ELM GCM server used in the configuration mapping

  • protected-url-roots: lists the server URL roots that are protected by this outbound.details entry

  • consumer-key: the consumer key associated with the functional id

  • consumer-secret: the consumer secret associated with the consumer-key

  • rootservices: the URL to the ELM server’s root services document that provides OAuth1.0a authentication details needed to authenticate a connection

The smartfacts.oauth10a.inbound is required, but not currently used. It is included for future use.

Creating the ELM GCM functional id

elm-sync access the ELM GCM REST APIs using OAuth1.0a and a functional id. The is the most reliable way to do server to server communication with ELM servers because they all use OAuth1.0a to configure consumer/friend relationships to allow the ELM servers to talk to each other. OAuth1.0a can be reliably depended on to be supported by ELM servers.

For elm-sync to access ELM GCM, you must register elm-sync with the ELM Jazz Team Server (JTS) as a consumer (inbound) connection, with consumer key and secret. Then you need to associate that consumer with a functional id that has JazzAdmins, JazzUsers and JazzProjectAdmins repository permissions. Here a brief summary of the steps

  1. Navigate to the Jazz Team Server Administration Home page

  2. Manage or create users and create the functional id with JazzAdmins, JazzUsers and JazzProjectAdmins repository permissions

    image-20250203-152201.png

  3. Click Manage Server and then Communication > Consumers (Inbound)

  4. Use the Register Consumer form to create a Trusted Consumer Key with a Consumer Secret. This is the same information that will be used in the smartfacts.oauth10a.outbound.details entry in the application.yml file.

  5. Edit the newly created Authorized Key and set the Functional User ID to the Id you create above:

    image-20250203-153138.png

CDCM Configuration Area to ELM GCM Server Mappings

This section maps the CDCM configuration area to the ELM GCM server used to create the corresponding project area.

configuration: area: mapping: - source: cdcm_area_id target: https://elm.com:9443 - source: cdcm_area_id target: https://elm.com:9443 - source: cdcm_area_id target: https://elm.com:9443

Note: Although a configuration.area.mapping.target specifies the URL of the ELM GCM server, this URL must currently be the same as ibm-elm.api.host. elm-sync is currently configured to sync one CDCM server with one ELM GCM server. A different instance of elm-sync could be used to sync different CDCM and ELM GCM servers.

Future consideration: Support configuration of multiple CDCM and ELM GCM servers in a single elm-sync implementation:

  1. Change configuration.area.mapping.source to a URL link to the CDCM configuration area, instead of just its ID

  2. Derive the ibm-elm.api information for the configuration.area.mapping.target URL

Configuration

elm-sync is configured using the Spring Boot project file application.yml. The location of this files specified in the docker-compose.yaml file. Spring Boot profiles can be used for different configurations such as application-local.ymlfor local development, and application-prod.yml for production.

Kubernetes

The application.yml contains security sensitive information such as consumer keys and secrets, and should be placed into a kubernetes secret, and mounted into the elm-sync container. The name of this secret is "elm-sync", the value of is the application.yml file.

To integrate the application.yml file into your elm-syn deployment, you need to create a secret called “elm-sync” in the namespace of your elm-sync deployment.

There are two ways to do this:

  1. Use kubectl

kubectl create secret generic elm-sync --from-file=application.yml=./resources/application.yml -n cdcm

  1. If the secret has to be created manually or from a vault, use this template:

apiVersion: v1 data: application.yml: <base64 encoded content of the file application.yml> kind: Secret metadata: name: elm-sync namespace: cdcm type: Opaque

Save the file as application.yml and apply it with:

kubectl apply -f application.yml -n <namespace>

Reference

The following tables define each of the properties in the elm-sync configuration that users will need to provide. See the example above for the property paths.

elm-sync Server Configuration: elm-sync, server

Key

Description

Key

Description

elm-sync.instance.name

A name for this elm-sync server instance

elm-sync.max-number-of-retries

Maximum number of retries for REST calls.

elm-sync.retry-backoff

Number of seconds between retries.

elm-sync.max-numer-of-unique-title-retries

Maximum number of retries for unique dcterms.title for an ELM GCM resource.

server.port

The port for the elm-sync server

server.servlet.context-path

/sandbox, the path for the elm-sync controllers e.g., http://localhost:8080/sandbox/api/v1/objectMappings

elm-sync Persistance: datasource

Key

Description

Key

Description

url

URL of the SQLite database. This database will be created if it does not exist.

username

The SQLite database user name

password

The SQLite database password

CDCM Server: cdcm

Specifies the CDCM server and space key to synchronize with ELM GCM:

Key

Description

Key

Description

cdcm.api.host

URL of the CDCM server to synchronize

cdcm.api.space-key

The key of the Space containing the Configuration Areas to sync to ELM GCM

CDCM Security: spring.security.oauth2

Specifies the CDCM OAuth 2 security information.

Key

Description

Key

Description

client-id

The CDCM server OAuth 2 client id

client-secret

The CDCM server OAuth 2 client secret

IBM ELM Server: ibm-elm

Specifies the IBM ELM GCM server that will be synchronized with the CDCM Space.

Key

Description

Key

Description

ibm-elm.api.host

URL of the ELM GCM server to synchronize with

Future consideration: these API paths are defined by the GCM REST API at https://jazz.net/gc/doc/scenarios and https://jazz.net/jts/doc/scenarios and may not be need to be configured manually.

ELM GCM Security Configuration: smartfacts.oauth10a

Provides the information needed for elm-sync to authenticate with ELM GCM and JTS using OAuth1.0a.

Key

Description

Key

Description

active

Whether the connection is active or not

outbound

 

outbound.details

A list of outbound connections to servers authenticated with OAuth1.0a

outbound.details.name

Path of the ELM GCM service to create a project area.

protected-url-roots

A comma separated list of URI patters to resources protected by this connection configuration

consumer-key

The consumer key for the consumer connection

consumer-secret

The consumer secret for the consumer-key

CDCM Configuration Area Mappings: configuration.area.mapping

This is a list of the CDCM configuration area IDs to ELM GCM server URI mappings.

Key

Description

Key

Description

source

CDCM Configuration Area ID

target

ELM GCM server URI, should be the same as ibm-elm.api.host.

Links

 

Related content