M2 Broker config.xml details

Changes from M1 configuration

File Format

This is an overview of the top level of the config file. Description of each section is embedded below. Each section is then described in detail in their own section.

<broker>
<!-- Various initial global definitions -->
    <connector>
<!-- Various connection information about the type connections the broker should listen for-->
    <management>
<!-- Enablement of management functionality -->
    <advanced>
<!-- Various advanced flags -->
    <security>
<!-- Definition of available security options -->
    <virtualhosts>
<!-- Definition of available virtual hosts -->
    <heartbeat>
<!-- Heartbeat configuration -->
    <queue>
<!-- General queue configuration options-->
    <virtualhosts>
<!-- Configuration of various virtual hosts. -->
</broker>

Configuration Sections - Detailed Information

The following sections provide an element by element overview of the config.xml.

Broker

The setting of the prefixes for QPID_HOME and QPID_WORK allows environment variables to be used throughout the config.xml and removes the need for hard coding of paths in this file.

See the Getting Started Guide for more information on these variables.

<broker>
    <prefix>${QPID_HOME}</prefix>
    <work>${QPID_WORK}</work>
    <conf>${prefix}/etc</conf>

Connector

The connector section allows configuration of SSL and related keystore settings. By default this section is commented out and thus SSL is not enabled.

<connector>
    <!-- Uncomment out this block and edit the keystorePath and keystorePassword
         to enable SSL support
    <ssl>
        <enabled>true</enabled>
        <sslOnly>true</sslOnly>
        <keystorePath>/path/to/keystore.ks</keystorePath>
        <keystorePassword>keystorepass</keystorePassword>
    </ssl>-->
    <qpidnio>true</qpidnio>
    <transport>nio</transport>
    <port>5672</port>
    <sslport>8672</sslport>
    <socketReceiveBuffer>32768</socketReceiveBuffer>
    <socketSendBuffer>32768</socketSendBuffer>
</connector>

Management

This element allows the user to switch the connectivity of the management console on/off i.e. if the enabled tag is set to false you will not be able to connect a management console to this broker instance.

<management>
    <enabled>true</enabled>
</management>

Advanced

The elements in this section are used under the covers in the broker. At present, we do not recommend any changes to these settings.

<advanced>
   <filterchain enableExecutorPool="true"/>
    <enablePooledAllocator>false</enablePooledAllocator>
    <enableDirectBuffers>false</enableDirectBuffers>
    <framesize>65535</framesize>
    <compressBufferOnQueue>false</compressBufferOnQueue>
</advanced>

Security

This section lists all the principal databases that are available for authentication and the default access control. The databases understand what SASL mechanisms can be used against their data and so are responsible for registering these SASL mechanisms. Currently we do not provide means of limiting these mechanisms.

<security>
    <principal-databases>
        <principal-database>
            <!-- A name for referencing this database-->
            <name>passwordfile</name>
            <!-- The type of principal database -->
            <class>org.apache.qpid.server.security.auth.database.PlainPasswordVhostFilePrincipalDatabase</class>
            <!-- Any attributes associated with the database. Here it is a password file to load. -->
            <attributes>
                <attribute>
                    <name>passwordFile</name>
                    <value>${conf}/passwdVhost</value>
                </attribute>
            </attributes>
        </principal-database>
    </principal-databases>
    <!-- This access value can be any access manager. The built in defaults are AllowAll and DenyAll -->
    <access>
        <class>org.apache.qpid.server.security.access.AllowAll</class>
    </access>
    <!-- Properties required when running the JMX Management console. -->
    <jmx>
       <!-- Access file that allows users rights to access the management console. -->
       <access>${conf}/jmxremote.access</access>
       <!-- The principal database to use to authenticate users. -->
       <principal-database>passwordfile</principal-database>
    </jmx>        
</security>

Virtualhosts

This section allows you to define the set of virtual hosts which will be contained in your broker instance, and the message store & location for each. NB: The commented out section referencing BDBMessageStore should be used for all applications wishing to use persistence to disk.

If you are using transient messaging you can use the MemoryMessageStore, with the caveat that scalability for transient use is limited by heap size.

In our example config.xml, we define three virtual hosts which we commonly use for development (development), system testing (test) and integration testing (localhost). In the config.xml the per virtual host sections define both the Message Store in use (MemoryMessageStore for non-persistent applications or BDBMessageStore for persistent application usage) and the security for each virtual host. The security settings are under currently development so subject to changes.

The default virtual host for connections which do not specify a host on the url is 'test' in the example config.xml.

<virtualhost>
            <name>localhost</name>
            <localhost>
                <store>
                    <!-- <class>org.apache.qpid.server.store.berkeleydb.BDBMessageStore</class>
                    <environment-path>${work}/localhost-store</environment-path> -->

                    <class>org.apache.qpid.server.store.MemoryMessageStore</class>
                </store>

                <security>
                    <!-- Need protocol changes to allow this-->
                    <authentication>
                        <name>passwordfile</name>
                        <!-- Currently this can't be used as Vhost isn't specified at connection start only connection open -->
                        <mechanism>PLAIN</mechanism>
                    </authentication>
                    <access>
                        <class>org.apache.qpid.server.security.access.PrincipalDatabaseAccessManager</class>
                        <attributes>
                            <attribute>
                                <name>principalDatabase</name>
                                <value>passwordfile</value>
                            </attribute>
                            <attribute>
                                <name>defaultAccessManager</name>
                                <value>DenyAll</value>
                            </attribute>
                        </attributes>
                    </access>
                </security>
            </localhost>
        </virtualhost>

Heartbeat

The Qpid broker sends an internal (only) heartbeat. This element allows configuration of the frequency of this heartbeat. At present, we recommend that you leave this section unchanged !

<heartbeat>
    <delay>0</delay>
    <timeoutFactor>2.0</timeoutFactor>
</heartbeat>

Queue

This should NOT be changed lightly as it sets the broker up to automatically bind queues to exchanges.

It could theoretically be used to prevent users creating new queues at runtime, assuming that you have created all queues/topics etc at broker startup. However, best advice is to leave unchanged for now.

<queue>
    <auto_register>true</auto_register>
</queue>

Virtualhosts

This element allows you to specify a location for the virtualhosts.xml file that you wish to use. If you are not using a subdirectory under $QPID_HOME you can provide a fully qualified path instead. For more information on the content of the virtualhosts.xml file please see Configure the Virtual Hosts via virtualhosts.xml

<virtualhosts>${conf}/virtualhosts.xml</virtualhosts>
  • No labels