THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
M2.1 Broker config.xml details
Qpid Upgrade steps from M2
Short of having an upgrade tool for our config.xml here are the manual changes required:
1. Remove use of old password format
- Replace Line '<class>org.apache.qpid.server.security.auth.database.PlainPasswordVHostFilePrincipalDatabase</class>'
- With '<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>'
- Change format of the referenced password file '<value>${conf}/passwdVhost</value>' to be username:password
- If the file hasn't been changed then simply replace with this line '<value>${conf}/passwd</value>'
2. Update package of AllowAll
- Replace line '<class>org.apache.qpid.server.security.access.AllowAll</class>'
- With '<class>org.apache.qpid.server.security.access.plugins.AllowAll</class>'
3. Remove all Security sections from virtualhosts
Changes from M2 configuration
...
| No Format |
|---|
<connector>
<!-- Uncomment out this block and edit the keystorePath and keystorePassword
to enable SSL support
<ssl>
<enabled>true</enabled>
<sslOnly>true</sslOnly>
<keystorePath>/path/to/keystore.ks</keystorePath>
<keystorePassword>keystorepass</keystorePassword>
</ssl>-->
<qpidnio>false</qpidnio>
<protectio> <!-- New Feature in M2.1 -->
<enabled>false</enabled>
<!-- Additional options availble here. TBC --><readBufferLimitSize>262144</readBufferLimitSize>
<writeBufferLimitSize>262144</writeBufferLimitSize>
</protectio>
<transport>nio</transport>
<port>5672</port>
<sslport>8672</sslport>
<socketReceiveBuffer>32768</socketReceiveBuffer>
<socketSendBuffer>32768</socketSendBuffer>
</connector>
|
...
| No Format |
|---|
<management>
<enabled>true</enabled>
<!-- Additional M2.1 features available not fully documented TBD -->
</management>
|
Advanced
The elements in this section are used under the covers in the broker. At present, we do not recommend any changes to these settings.
| No Format |
|---|
<advanced>
<filterchain enableExecutorPool="true"/>
<enablePooledAllocator>false</enablePooledAllocator>
<enableDirectBuffers>false</enableDirectBuffers>
<framesize>65535</framesize>
<compressBufferOnQueue>false</compressBufferOnQueue>
<enableJMSXUserID>false</enableJMSXUserID> <!-- Additional features in M2.1 TBD -->
</advanced>
|
Security
This section lists all the principal databases that are available for authentication and the default access control. The databases understand what SASL mechanisms can be used against their data and so are responsible for registering these SASL mechanisms. Currently we do not provide means of limiting these mechanisms.
| No Format |
|---|
<security>
<principal-databases>
<principal-database>
<!-- A name for referencing this database-->
<name>passwordfile</name>
<!-- The type of principal database -->
<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>
<!-- Any attributes associated with the database. Here it is a password file to load. -->
<attributes>
<attribute>
<name>passwordFile</name>
<value>${conf}/passwd</value>
</attribute>
</attributes>
</principal-database>
</principal-databases>
<!-- This access value can be any access manager. The built in defaults are AllowAll and DenyAll -->
<access>
<class>org.apache.qpid.server.security.access.plugin.AllowAll</class> <!-- NOTE class change in M2.1 -->
</access>
<!-- Properties required when running the JMX Management console. -->
<jmx>
<!-- Access file that allows users rights to access the management console. -->
<access>${conf}/jmxremote.access</access>
<!-- The principal database to use to authenticate users. -->
<principal-database>passwordfile</principal-database>
</jmx>
</security>
|
...