This is an internal documentation. There is a good chance you’re looking for something else. See Disclaimer.


Ansible Repository

Git repository describing the configuration of our servers in a format that Ansible understands.

It can be found at;a=summary.

Ansible Vault

Used to store passwords and other secrets securely.

Two are currently in use, secrets.yml and secrets2.yml.

See section Ansible Vault in this document for a detailed documentation.


This is what we call our own installation of Nice2 that can be reached at

application property

Application properties can be used to configure Nice. They are simple key, value pairs and look like this: value



Ansible configuration pertaining to a particular customers and installations.

Direct link to config.yml

See also Configuration (config.yml/global.yml)


In Tocco terminology, a deployment is an update, of Nice, within the same minor version (e.g within version 3.1).

See also Introduction to Deployments and Migrations

Freemarker Template Language

Templating language used throughout Nice2. In particular, report and mail content is mostly generated using this language.

JFrog’s Artifactory

Tocco hosts its own JFrog’s Artifactory, a Maven software repository. During build, all artifacts are fetched from there. Either, the package is uploaded to the artifact directly or a Remote Repository can be configured.

Our Artifactory can be found at


Backup archiving tool using on some of our servers. See for details.

continuous delivery

Continuous delivery is used to deploy our Nice installations.

Our CD is powered by TeamCity and can be found at


A docker image running in a pod.

Configuration is part of the deployment config.

DB refactoring

In the context of Nice, the DB migration in generally referred to as DB refactoring.

deployment config

The deployment config describes the containers associated with it. This includes image sources, resource limits, open ports, roll out strategy, triggers, etc.

Accessible via oc {get|describe|edit|…} dc .

docker image

An image that contains an application and all run-time dependencies except the OS.

Employee Short Name

Usually the first two letters of an employee’s first and last name combined. For instance, Jane Doe becomes jado.

These are the initials used in Slack and can also be found in BO on Person as Kurzbez.

exposed port

Port that is made available to other pods or services.

This is configured in the deployment config.

hibernate collection

A collection that is persisted to the database (a one-to-many or many-to-many association)

image stream

Describes a docker repository. Pushing a docker image to it can be used to trigger an automatic deployment.

Accessible via oc {get|describe|edit|…} is .


Ansible configuration applying to all installations and customers.

Direct link to global.yml

See also Configuration (config.yml/global.yml)

image stream tag

Describes a docker image tag. Defaults to latest.

Accessible via oc {get|describe|edit|…} imagestreamtag .


JasperReports is a report technology still used by some legacy reports. The reports use the *.jrxml file extension.

New reports should use wkhtmltopdf.


Used by Kubernetes to determine if an application is alive. Usually by using frequent HTTP GET request to check if the application responds. Applications failing this probe are terminated and restarted.

See also Configure Liveness, Readiness and Startup Probes.


In Tocco terminology, a migration is an update, of Nice, across a major or minor version (e.g. from version 3.0 to 3.1).

See also Introduction to Deployments and Migrations


Nginx is the web server used for as reverse proxy in front of Nice.

Nginx is running in the same pod as Nice.

persistent volume claim

A persistent volume that can be mounted into one or more containers.

Accessible via oc {get|describe|edit|…} pvc .


A pod is one instance of the containers described in its deployment config.

Accessible via oc {get|describe|edit|…} pod .

pre-hook pod

A pre-hook pod is a pod that is executed during rollout, before executing the actual pod. In our setup, it is used for DB refactoring and some startup checks. For more details, see Pod-based Lifecycle Hook in the OpenShift documentation.

Operations Public channel

Slack channel operations_public that can be used to contact the operations team.


PD4ML is a Java-based HTML to PDF converter used by some legacy reports.

New reports should use wkhtmltopdf.

Remote Repository

In Artifactory, Remote Repositories can be configured. For such repositories, Artifactory will forward requests to the configured upstream repository and cache the result for later use.

Remote Repositories can be configured in AdminRemote.

Replication Controller

The replication controller is responsible to ensure the specified number of replicas is running at all times.

There is one RC per deployment. Use oc describe rc to see the configuration (DC) that was used for a deployment.

Accessible via oc {get|describe|edit|…} pod


Used to store passwords, API keys and other secrets. Encrypted using Ansible Vault and stored in the Ansible Repository.

secrets.yml contains secrets required for setting up servers and services other than Nice. See also secrets2.yml.

View secrets:

$ cd ${ANSIBLE_REPO}/servers
$ ansible-vault view secrets.yml

Edit secrets:

$ cd ${ANSIBLE_REPO}/servers
$ ansible-vault edit secrets.yml

Encrypt a file:

$ ansible-vault encrypt --encrypt-vault-id ops ${PATH_TO_FILE}


When an encrypted file needs to be available in the server config as well as from within /tocco/ or /services/, use --encrypted-vault-id dev.


Used to store passwords, API keys and other secrets. Encrypted using Ansible Vault and stored in the Ansible Repository.

secrets2.yml contains secrets required for setting up Nice and related services. As general rule, secrets required so setup an installation go here. See also secrets.yml.

View secrets:

$ cd ${ANSIBLE_REPO}/tocco
$ ansible-vault view secrets2.yml

Edit secrets:

$ cd ${ANSIBLE_REPO}/tocco
$ ansible-vault edit  secrets2.yml

Encrypt a file:

$ cd ${ANSIBLE_REPO}/tocco
$ ansible-vault encrypt --encrypt-vault-id dev ${PATH_TO_FILE}


secrets2.yml is also used by services defined in /services/.


Used to make a service available in the network. It provides a DNS name for a service in a way that hides the fact that the service may be provided by several pods (multiple replicas).

Accessible via oc {get|describe|edit|…} svc .


Solr is a search engine, Nice uses it to provide full-text search.

Every Nice installation runs exactly one Solr pod.

Solr core

Indexes in Solr are known as cores.


Provides a route to a service. This is used to make a service reachable via internet.

Accessible via oc {get|describe|edit|…} route .


Git repository containing company-wide configurations and scripts.

See also Set Up Dotfiles


A command line tool for converting HTML into PDF. Within Nice it is used to generate PDF reports.

See Wkhtmltopdf (WebKit) and Reports.