diff options
Diffstat (limited to 'src/documentation/content/xdocs/M2.1 - config.xml.html')
| -rwxr-xr-x | src/documentation/content/xdocs/M2.1 - config.xml.html | 266 |
1 files changed, 266 insertions, 0 deletions
diff --git a/src/documentation/content/xdocs/M2.1 - config.xml.html b/src/documentation/content/xdocs/M2.1 - config.xml.html new file mode 100755 index 0000000000..1f8998370b --- /dev/null +++ b/src/documentation/content/xdocs/M2.1 - config.xml.html @@ -0,0 +1,266 @@ +<html> + <head> + <title>Apache Qpid : M2.1 - config.xml</title> + <link rel="stylesheet" href="styles/site.css" type="text/css" /> + <META http-equiv="Content-Type" content="text/html; charset=UTF-8"> + </head> + + <body> + <table class="pagecontent" border="0" cellpadding="0" cellspacing="0" width="100%" bgcolor="#ffffff"> + <tr> + <td valign="top" class="pagebody"> + <div class="pageheader"> + <span class="pagetitle"> + Apache Qpid : M2.1 - config.xml + </span> + </div> + <div class="pagesubheading"> + This page last changed on Apr 08, 2008 by <font color="#0050B2">ritchiem</font>. + </div> + + <h2><a name="M2.1-config.xml-M2.1Brokerconfig.xmldetails"></a>M2.1 Broker config.xml details</h2> + +<h3><a name="M2.1-config.xml-QpidUpgradestepsfromM2"></a>Qpid Upgrade steps from M2</h3> + +<p>Here are the manual changes required to config.xml for M2.1:</p> + +<p>1. Remove use of old password format</p> +<ul> + <li>Replace line '<class>org.apache.qpid.server.security.auth.database.PlainPasswordVHostFilePrincipalDatabase</class>'</li> + <li>With '<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>'</li> + <li>Change format of the password file '${conf}/passwdVhost' to be username:password</li> + <li>Rename file on disk '${conf}/passwdVhost' to '${conf}/passwd'</li> + <li>Replace config line '<value>${conf}/passwdVhost</value>' with '<value>${conf}/passwd</value>'</li> + <li>For details on how to configure the new ACLs to restore the per VirtualHost Access rights see <a href="Configure ACLs.html" title="Configure ACLs">Configure ACLs</a></li> +</ul> + + +<p>2. Update package of AllowAll</p> +<ul> + <li>Replace line '<class>org.apache.qpid.server.security.access.AllowAll</class>'</li> + <li>With '<class>org.apache.qpid.server.security.access.plugins.AllowAll</class>'</li> +</ul> + + +<p>3. Remove all Security sections from virtualhosts</p> + + +<h3><a name="M2.1-config.xml-ChangesfromM2configuration"></a>Changes from M2 configuration</h3> + +<p>There are a four sections with changes that have occurred since M2. Taking them in order as they appear in the file the first change is in the <em>connector</em> section. The <em>protectio</em> feature is new its purpose is to limit the underlying send and receive buffers so that they do not grow unbounded. Testing has shown this feature to affect performance so further work is required to fully understand the impact.</p> + +<p>The <em>advanced</em> section now includes a boolean <em>enableJMSXUserID</em> which causes the broker to stamp every message with the UserID of the producing connection. This has an impact on performance so will be improved in a later release with client side setting of JMSXUserID and broker side verification, which is a low overhead.</p> + +<p>The <em>security</em> section has had a couple of changes. The <em>PlainPasswordVHostFilePrincipalDatabase</em> was an early attempt to show how ACLs could be performed. The introduction of a more comprehensive ACL package now removes the need for that class and so the use of <em>PlainPasswordFilePrincipalDatabase</em> would be recommended instead. The change to ACLs also included the repackaging of the <em>AllowAll</em> ACL class to be in a <em>pluings</em> package.</p> + +<p>The <em>virtualhost</em> sections now have new security sections based on the type of ACL being used. The documentation of which will occur on the a different page. </p> + + +<h3><a name="M2.1-config.xml-FileFormat"></a>File Format</h3> +<p>This is an overview of the top level of the config file. Description of each section is embedded below. Each section is then described in detail in their own section. Each section that has changes from M2 is highlighted.</p> + +<div class="preformatted"><div class="preformattedContent"> +<pre><broker>
+ <connector>
+<!-- Type of connections and properties --> <!-- Additional features in M2.1 -->
+ <management>
+<!-- Enablement of management functionality -->
+ <advanced>
+<!-- Various advanced flags --> <!-- Additional features in M2.1 -->
+ <security>
+<!-- Definition of available security options --> <!-- M2 Incompatible changes in M2.1 -->
+ <virtualhosts>
+<!-- Definition of available virtual hosts --> <!-- M2 Incompatible changes in M2.1 -->
+ <heartbeat>
+<!-- Heartbeat configuration -->
+ <queue>
+<!-- General queue configuration options-->
+ <virtualhosts>
+<!-- Configuration of various virtual hosts. -->
+</broker>
+
+</pre> +</div></div> + +<h2><a name="M2.1-config.xml-ConfigurationSectionsDetailedInformation"></a>Configuration Sections - Detailed Information</h2> + +<p>The following sections provide an element by element overview of the config.xml.</p> + +<h3><a name="M2.1-config.xml-Broker"></a>Broker</h3> + +<p>The setting of the prefixes for QPID_HOME and QPID_WORK allows environment variables to be used throughout the config.xml and removes the need for hard coding of paths in this file.</p> + +<p>See the <a href="Getting Started Guide.html" title="Getting Started Guide">Getting Started Guide</a> for more information on these variables.</p> + +<div class="preformatted"><div class="preformattedContent"> +<pre><broker>
+ <prefix>${QPID_HOME}</prefix>
+ <work>${QPID_WORK}</work>
+ <conf>${prefix}/etc</conf>
+</pre> +</div></div> + +<h3><a name="M2.1-config.xml-Connector"></a>Connector</h3> + +<p>The connector section allows configuration of SSL and related keystore settings. By default this section is commented out and thus SSL is not enabled.</p> + +<div class="preformatted"><div class="preformattedContent"> +<pre><connector>
+ <!-- Uncomment out this block and edit the keystorePath and keystorePassword
+ to enable SSL support
+ <ssl>
+ <enabled>true</enabled>
+ <sslOnly>true</sslOnly>
+ <keystorePath>/path/to/keystore.ks</keystorePath>
+ <keystorePassword>keystorepass</keystorePassword>
+ </ssl>-->
+ <qpidnio>false</qpidnio>
+ <protectio> <!-- New Feature in M2.1 -->
+ <enabled>false</enabled>
+ <readBufferLimitSize>262144</readBufferLimitSize>
+ <writeBufferLimitSize>262144</writeBufferLimitSize>
+ </protectio>
+ <transport>nio</transport>
+ <port>5672</port>
+ <sslport>8672</sslport>
+ <socketReceiveBuffer>32768</socketReceiveBuffer>
+ <socketSendBuffer>32768</socketSendBuffer>
+</connector>
+</pre> +</div></div> + +<h3><a name="M2.1-config.xml-Management"></a>Management</h3> + +<p>This element allows the user to switch the connectivity of the management console on/off i.e. if the enabled tag is set to false you will not be able to connect a management console to this broker instance.</p> + +<div class="preformatted"><div class="preformattedContent"> +<pre><management>
+ <enabled>true</enabled>
+</management>
+</pre> +</div></div> + +<h3><a name="M2.1-config.xml-Advanced"></a>Advanced</h3> +<p>The elements in this section are used under the covers in the broker. At present, we do not recommend any changes to these settings.</p> + +<div class="preformatted"><div class="preformattedContent"> +<pre><advanced>
+ <filterchain enableExecutorPool="true"/>
+ <enablePooledAllocator>false</enablePooledAllocator>
+ <enableDirectBuffers>false</enableDirectBuffers>
+ <framesize>65535</framesize>
+ <compressBufferOnQueue>false</compressBufferOnQueue>
+ <enableJMSXUserID>false</enableJMSXUserID> <!-- Additional features in M2.1 -->
+</advanced>
+</pre> +</div></div> + +<h3><a name="M2.1-config.xml-Security"></a>Security</h3> + +<p>This section lists all the principal databases that are available for authentication and the default access control. The databases understand what SASL mechanisms can be used against their data and so are responsible for registering these SASL mechanisms. Currently we do not provide means of limiting these mechanisms.</p> +<div class="preformatted"><div class="preformattedContent"> +<pre><security>
+ <principal-databases>
+ <principal-database>
+ <!-- A name for referencing this database-->
+ <name>passwordfile</name>
+ <!-- The type of principal database -->
+ <class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>
+ <!-- Any attributes associated with the database. Here it is a password file to load. -->
+ <attributes>
+ <attribute>
+ <name>passwordFile</name>
+ <value>${conf}/passwd</value>
+ </attribute>
+ </attributes>
+ </principal-database>
+ </principal-databases>
+ <!-- This access value can be any access manager. The built in defaults are AllowAll and DenyAll -->
+ <access>
+ <class>org.apache.qpid.server.security.access.plugin.AllowAll</class> <!-- NOTE class change in M2.1 -->
+ </access>
+ <!-- Properties required when running the JMX Management console. -->
+ <jmx>
+ <!-- Access file that allows users rights to access the management console. -->
+ <access>${conf}/jmxremote.access</access>
+ <!-- The principal database to use to authenticate users. -->
+ <principal-database>passwordfile</principal-database>
+ </jmx>
+</security>
+</pre> +</div></div> + +<h3><a name="M2.1-config.xml-Virtualhosts"></a>Virtualhosts</h3> + +<p>This section allows you to define the set of virtual hosts which will be contained in your broker instance, and the message store & location for each. NB: The commented out section referencing BDBMessageStore should be used for all applications wishing to use persistence to disk. </p> + +<p>If you are using transient messaging you can use the MemoryMessageStore, with the caveat that scalability for transient use is limited by heap size.</p> + +<p>In our example config.xml, we define three virtual hosts which we commonly use for development (development), system testing (test) and integration testing (localhost). In the config.xml the per virtual host sections define both the Message Store in use (MemoryMessageStore for non-persistent applications or BDBMessageStore for persistent application usage) and the security for each virtual host. The security settings are under currently development so subject to changes.</p> + +<p>The default virtual host for connections which do not specify a host on the url is 'test' in the example config.xml.</p> + +<div class="preformatted"><div class="preformattedContent"> +<pre><virtualhost>
+ <name>localhost</name>
+ <localhost>
+ <store>
+ <!-- <class>org.apache.qpid.server.store.berkeleydb.BDBMessageStore</class>
+ <environment-path>${work}/localhost-store</environment-path> -->
+
+ <class>org.apache.qpid.server.store.MemoryMessageStore</class>
+ </store>
+ </localhost>
+ </virtualhost>
+</pre> +</div></div> + +<h3><a name="M2.1-config.xml-Heartbeat"></a>Heartbeat</h3> + +<p>The Qpid broker sends an internal (only) heartbeat. This element allows configuration of the frequency of this heartbeat. At present, we recommend that you leave this section unchanged !</p> + +<div class="preformatted"><div class="preformattedContent"> +<pre><heartbeat>
+ <delay>0</delay>
+ <timeoutFactor>2.0</timeoutFactor>
+</heartbeat>
+</pre> +</div></div> + +<h3><a name="M2.1-config.xml-Queue"></a>Queue</h3> + +<p>This should NOT be changed lightly as it sets the broker up to automatically bind queues to exchanges. </p> + +<p>It could theoretically be used to prevent users creating new queues at runtime, assuming that you have created all queues/topics etc at broker startup. However, best advice is to leave unchanged for now.</p> + +<div class="preformatted"><div class="preformattedContent"> +<pre><queue>
+ <auto_register>true</auto_register>
+</queue>
+</pre> +</div></div> + +<h3><a name="M2.1-config.xml-Virtualhosts"></a>Virtualhosts</h3> + +<p>This element allows you to specify a location for the virtualhosts.xml file that you wish to use. If you are not using a subdirectory under $QPID_HOME you can provide a fully qualified path instead. For more information on the content of the virtualhosts.xml file please see <a href="Configure the Virtual Hosts via virtualhosts.xml.html" title="Configure the Virtual Hosts via virtualhosts.xml">Configure the Virtual Hosts via virtualhosts.xml</a></p> + +<div class="preformatted"><div class="preformattedContent"> +<pre><virtualhosts>${conf}/virtualhosts.xml</virtualhosts>
+</pre> +</div></div> + + + + </td> + </tr> + </table> + <table border="0" cellpadding="0" cellspacing="0" width="100%"> + <tr> + <td height="12" background="border/border_bottom.gif"><img src="border/spacer.gif" width="1" height="1" border="0"/></td> + </tr> + <tr> + <td align="center"><font color="grey">Document generated by Confluence on Apr 22, 2008 02:47</font></td> + </tr> + </table> + </body> +</html>
\ No newline at end of file |