qdrouterd.conf man page

qdrouterd.conf — configuration file for the dispatch router.

Synopsis

Provides the initial configuration when qdrouterd(8) starts. The configuration of a running router can be modified using qdmanage(8).

Description

The configuration file is made up of sections with this syntax:

sectionName {
    attributeName: attributeValue
    attributeName: attributeValue
    ...
}

For example you can define a router using the router section

router {
    mode: standalone
    id: Router.A
    ...
}

or define a listener using the listener section

listener {
    host: 0.0.0.0
    port: 20102
    saslMechanisms: ANONYMOUS
    ...
}

or define a connector using the connector section

connector {
    role: inter-router
    host: 0.0.0.0
    port: 20003
    saslMechanisms: ANONYMOUS
    ...
}

An sslProfile section with SSL credentials can be included in multiple listener or connector entities. Here’s an example, note how the sslProfile attribute of listener sections references the name attribute of sslProfile sections.

sslProfile {
    name: my-ssl
    certDb: ca-certificate-1.pem
    certFile: server-certificate-1.pem
    keyFile: server-private-key.pem
}

listener {
    sslProfile: my-ssl
    host: 0.0.0.0
    port: 20102
    saslMechanisms: ANONYMOUS
}

Configuration Sections

router

Tracks peer routers and computes routes to destinations. This entity is mandatory. The router will not start without this entity.

id (string)

Router’s unique identity. One of id or routerId is required. The router will fail to start without id or routerId

mode (One of [standalone, interior], default=standalone)

In standalone mode, the router operates as a single component. It does not participate in the routing protocol and therefore will not cooperate with other routers. In interior mode, the router operates in cooperation with other interior routers in an interconnected network.

helloInterval (integer, default=1)

Interval in seconds between HELLO messages sent to neighbor routers.

helloMaxAge (integer, default=3)

Time in seconds after which a neighbor is declared lost if no HELLO is received.

raInterval (integer, default=30)

Interval in seconds between Router-Advertisements sent to all routers in a stable network.

raIntervalFlux (integer, default=4)

Interval in seconds between Router-Advertisements sent to all routers during topology fluctuations.

remoteLsMaxAge (integer, default=60)

Time in seconds after which link state is declared stale if no RA is received.

workerThreads (integer, default=4)

The number of threads that will be created to process message traffic and other application work (timers, non-amqp file descriptors, etc.) .

debugDump (path)

A file to dump debugging information that can’t be logged normally.

saslConfigPath (path)

Absolute path to the SASL configuration file.

saslConfigName (string, default=qdrouterd)

Name of the SASL configuration. This string + .conf is the name of the configuration file.

routerId (string)

(DEPRECATED) Router’s unique identity. This attribute has been deprecated. Use id instead

mobileAddrMaxAge (integer, default=60)

(DEPRECATED) This value is no longer used in the router.

sslProfile

Attributes for setting TLS/SSL configuration for connections.

certDb (path)

The absolute path to the database that contains the public certificates of trusted certificate authorities (CA).

certFile (path)

The absolute path to the file containing the PEM-formatted public certificate to be used on the local end of any connections using this profile.

keyFile (path)

The absolute path to the file containing the PEM-formatted private key for the above certificate.

passwordFile (path)

If the above private key is password protected, this is the absolute path to a file containing the password that unlocks the certificate key.

password (string)

An alternative to storing the password in a file referenced by passwordFile is to supply the password right here in the configuration file. This takes precedence over the passwordFile if both are specified.

uidFormat (string)

A list of x509 client certificate fields that will be used to build a string that will uniquely identify the client certificate owner. For e.g. a value of cou indicates that the uid will consist of c - common name concatenated with o - organization-company name concatenated with u - organization unit; or a value of o2 indicates that the uid will consist of o (organization name) concatenated with 2 (the sha256 fingerprint of the entire certificate) . Allowed values can be any combination of c( ISO3166 two character country code), s(state or province), l(Locality; generally - city), o(Organization - Company Name), u(Organization Unit - typically certificate type or brand), n(CommonName - typically a user name for client certificates) and 1(sha1 certificate fingerprint, as displayed in the fingerprints section when looking at a certificate with say a web browser is the hash of the entire certificate) and 2 (sha256 certificate fingerprint) and 5 (sha512 certificate fingerprint). The user identifier (uid) that is generated based on the uidFormat is a string which has a semi-colon as a separator between the components

displayNameFile (string)

The absolute path to the file containing the unique id to display name mapping

listener

Listens for incoming connections to the router.

host (string, default=127.0.0.1)

IP address: ipv4 or ipv6 literal or a host name

port (string, default=amqp)

Port number or symbolic service name.

protocolFamily (One of [IPv4, IPv6])

[IPv4, IPv6] IPv4: Internet Protocol version 4; IPv6: Internet Protocol version 6. If not specified, the protocol family will be automatically determined from the address.

role (One of [normal, inter-router, route-container, on-demand], default=normal)

The role of an established connection. In the normal role, the connection is assumed to be used for AMQP clients that are doing normal message delivery over the connection. In the inter-router role, the connection is assumed to be to another router in the network. Inter-router discovery and routing protocols can only be used over inter-router connections. route-container role can be used for router-container connections, for example, a router-broker connection. on-demand role has been deprecated.

cost (integer, default=1)

For the inter-router role only. This value assigns a cost metric to the inter-router connection. The default (and minimum) value is one. Higher values represent higher costs. The cost is used to influence the routing algorithm as it attempts to use the path with the lowest total cost from ingress to egress.

sslProfile (string)

Name of the sslProfile.

saslMechanisms (string)

Space separated list of accepted SASL authentication mechanisms.

authenticatePeer (boolean)

yes: Require the peer’s identity to be authenticated; no: Do not require any authentication.

requireEncryption (boolean)

yes: Require the connection to the peer to be encrypted; no: Permit non-encrypted communication with the peer

requireSsl (boolean)

yes: Require the use of SSL or TLS on the connection; no: Allow clients to connect without SSL or TLS.

trustedCerts (path)

This optional setting can be used to reduce the set of available CAs for client authentication. If used, this setting must provide the absolute path to a PEM file that contains the trusted certificates.

maxFrameSize (integer, default=16384)

The maximum frame size in octets that will be used in the connection-open negotiation with a connected peer. The frame size is the largest contiguous set of uninterrupted data that can be sent for a message delivery over the connection. Interleaving of messages on different links is done at frame granularity. Policy settings, if specified, will overwrite this value. Defaults to 16384.

maxSessions (integer, default=32768)

The maximum number of sessions that can be simultaneously active on the connection. Setting this value to zero selects the default number of sessions. Policy settings, if specified, will overwrite this value. Defaults to 32768.

maxSessionFrames (integer)

Session incoming window measured in transfer frames for sessions created on this connection. This is the number of transfer frames that may simultaneously be in flight for all links in the session. Setting this value to zero selects the default session window size. Policy settings, if specified, will overwrite this value. The numerical product of maxFrameSize and maxSessionFrames may not exceed 231-1. If (maxFrameSize x maxSessionFrames) exceeds 231-1 then maxSessionFrames is reduced to (2^31-1 / maxFrameSize). maxSessionFrames has a minimum value of 1. Defaults to 0 (unlimited window).

idleTimeoutSeconds (integer, default=16)

The idle timeout, in seconds, for connections through this listener. If no frames are received on the connection for this time interval, the connection shall be closed.

stripAnnotations (One of [in, out, both, no], default=both)

[in, out, both, no] in: Strip the dispatch router specific annotations only on ingress; out: Strip the dispatch router specific annotations only on egress; both: Strip the dispatch router specific annotations on both ingress and egress; no - do not strip dispatch router specific annotations

linkCapacity (integer)

The capacity of links within this connection, in terms of message deliveries. The capacity is the number of messages that can be in-flight concurrently for each link.

multiTenant (boolean)

If true, apply multi-tenancy to endpoints connected at this listener. The address space is defined by the virtual host (hostname field in the Open).

failoverList (string)

A comma-separated list of failover urls to be supplied to connected clients. Form: [(amqp|amqps|ws|wss)://]host_or_ip[:port]

addr (string, default=127.0.0.1)

(DEPRECATED)IP address: ipv4 or ipv6 literal or a host name. This attribute has been deprecated. Use host instead

allowNoSasl (boolean)

(DEPRECATED) This attribute is now controlled by the authenticatePeer attribute.

requirePeerAuth (boolean)

(DEPRECATED) This attribute is now controlled by the authenticatePeer attribute.

allowUnsecured (boolean)

(DEPRECATED) This attribute is now controlled by the requireEncryption attribute.

http (boolean)

Accept HTTP connections that can upgrade to AMQP over WebSocket

httpRoot (path)

Serve HTTP files from this directory, defaults to the installed stand-alone console directory

logMessage (string, default=none)

A comma separated list that indicates which components of the message should be logged. Defaults to none (log nothing). If you want all properties and application properties of the message logged use all. Specific components of the message can be logged by indicating the components via a comma separated list. The components are message-id, user-id, to, subject, reply-to, correlation-id, content-type, content-encoding, absolute-expiry-time, creation-time, group-id, group-sequence, reply-to-group-id, app-properties. The application-data part of the bare message will not be logged. No spaces are allowed

connector

Establishes an outgoing connection from the router.

host (string, default=127.0.0.1)

IP address: ipv4 or ipv6 literal or a host name

port (string, default=amqp)

Port number or symbolic service name.

protocolFamily (One of [IPv4, IPv6])

[IPv4, IPv6] IPv4: Internet Protocol version 4; IPv6: Internet Protocol version 6. If not specified, the protocol family will be automatically determined from the address.

role (One of [normal, inter-router, route-container, on-demand], default=normal)

The role of an established connection. In the normal role, the connection is assumed to be used for AMQP clients that are doing normal message delivery over the connection. In the inter-router role, the connection is assumed to be to another router in the network. Inter-router discovery and routing protocols can only be used over inter-router connections. route-container role can be used for router-container connections, for example, a router-broker connection. on-demand role has been deprecated.

cost (integer, default=1)

For the inter-router role only. This value assigns a cost metric to the inter-router connection. The default (and minimum) value is one. Higher values represent higher costs. The cost is used to influence the routing algorithm as it attempts to use the path with the lowest total cost from ingress to egress.

sslProfile (string)

Name of the sslProfile.

saslMechanisms (string)

Space separated list of accepted SASL authentication mechanisms.

allowRedirect (boolean, default=True)

Allow the peer to redirect this connection to another address.

maxFrameSize (integer, default=16384)

The maximum frame size in octets that will be used in the connection-open negotiation with a connected peer. The frame size is the largest contiguous set of uninterrupted data that can be sent for a message delivery over the connection. Interleaving of messages on different links is done at frame granularity. Policy settings will not overwrite this value. Defaults to 16384.

maxSessions (integer, default=32768)

The maximum number of sessions that can be simultaneously active on the connection. Setting this value to zero selects the default number of sessions. Policy settings will not overwrite this value. Defaults to 32768.

maxSessionFrames (integer)

Session incoming window measured in transfer frames for sessions created on this connection. This is the number of transfer frames that may simultaneously be in flight for all links in the session. Setting this value to zero selects the default session window size. Policy settings will not overwrite this value. The numerical product of maxFrameSize and maxSessionFrames may not exceed 231-1. If (maxFrameSize x maxSessionFrames) exceeds 231-1 then maxSessionFrames is reduced to (2^31-1 / maxFrameSize). maxSessionFrames has a minimum value of 1. Defaults to 0 (unlimited window).

idleTimeoutSeconds (integer, default=16)

The idle timeout, in seconds, for connections through this connector. If no frames are received on the connection for this time interval, the connection shall be closed.

stripAnnotations (One of [in, out, both, no], default=both)

[in, out, both, no] in: Strip the dispatch router specific annotations only on ingress; out: Strip the dispatch router specific annotations only on egress; both: Strip the dispatch router specific annotations on both ingress and egress; no - do not strip dispatch router specific annotations

linkCapacity (integer)

The capacity of links within this connection, in terms of message deliveries. The capacity is the number of messages that can be in-flight concurrently for each link.

verifyHostName (boolean, default=True)

yes: Ensures that when initiating a connection (as a client) the host name in the URL to which this connector connects to matches the host name in the digital certificate that the peer sends back as part of the SSL connection; no: Does not perform host name verification

saslUsername (string)

The user name that the connector is using to connect to a peer.

saslPassword (string)

The password that the connector is using to connect to a peer.

addr (string, default=127.0.0.1)

(DEPRECATED)IP address: ipv4 or ipv6 literal or a host name. This attribute has been deprecated. Use host instead

logMessage (string, default=none)

A comma separated list that indicates which components of the message should be logged. Defaults to none (log nothing). If you want all properties and application properties of the message logged use all. Specific components of the message can be logged by indicating the components via a comma separated list. The components are message-id, user-id, to, subject, reply-to, correlation-id, content-type, content-encoding, absolute-expiry-time, creation-time, group-id, group-sequence, reply-to-group-id, app-properties. The application-data part of the bare message will not be logged. No spaces are allowed

log

Configure logging for a particular module. You can use the UPDATE operation to change log settings while the router is running.

module (One of [ROUTER, ROUTER_CORE, ROUTER_HELLO, ROUTER_LS, ROUTER_MA, MESSAGE, SERVER, AGENT, CONTAINER, ERROR, POLICY, HTTP, CONN_MGR, PYTHON, DEFAULT], required)

Module to configure. The special module DEFAULT specifies defaults for all modules.

enable (string)

Levels are: trace, debug, info, notice, warning, error, critical. The enable string is a comma-separated list of levels. A level may have a trailing + to enable that level and above. For example trace,debug,warning+ means enable trace, debug, warning, error and critical. The value none means disable logging for the module.

timestamp (boolean)

Include timestamp in log messages.

source (boolean)

Include source file and line number in log messages.

output (string)

Where to send log messages. Can be stderr, stdout, syslog or a file name.

address

Entity type for address configuration. This is used to configure the treatment of message-routed deliveries within a particular address-space. The configuration controls distribution and address phasing.

prefix (string, required)

The address prefix for the configured settings

distribution (One of [multicast, closest, balanced], default=balanced)

Treatment of traffic associated with the address

waypoint (boolean)

Designates this address space as being used for waypoints. This will cause the proper address-phasing to be used.

ingressPhase (integer)

Advanced - Override the ingress phase for this address

egressPhase (integer)

Advanced - Override the egress phase for this address

linkRoute

Entity type for link-route configuration. This is used to identify remote containers that shall be destinations for routed link-attaches. The link-routing configuration applies to an addressing space defined by a prefix.

prefix (string, required)

The address prefix for the configured settings

containerId (string)

ContainerID for the target container. Only one of containerId or connection should be specified for a linkRoute. Specifying both will result in the linkRoute not being created.

connection (string)

The name from a connector or listener. Only one of containerId or connection should be specified for a linkRoute. Specifying both will result in the linkRoute not being created.

distribution (One of [linkBalanced], default=linkBalanced)

Treatment of traffic associated with the address

dir (One of [in, out], required)

The permitted direction of links: in means client senders; out means client receivers

console

Start a websocket/tcp proxy and http file server to serve the web console

listener (string)

The name of the listener to send the proxied tcp traffic to.

wsport (integer, default=5673)

port on which to listen for websocket traffic

proxy (string)

The full path to the proxy program to run.

home (string)

The full path to the html/css/js files for the console.

args (string)

Optional args to pass the proxy program for logging, authentication, etc.

policy

Defines global connection limit

maxConnections (integer, default=65535)

Global maximum number of concurrent client connections allowed. This limit is always enforced even if no other policy settings have been defined.

enableVhostPolicy (boolean)

Enable vhost policy user groups, connection denial, and resource limit enforcement

policyDir (path)

Absolute path to a directory that holds vhost definition .json files. All vhost definitions in all .json files in this directory are processed.

defaultVhost (string)

Vhost rule set name to use for connections with a vhost that is otherwise not defined. Default vhost processing may be disabled either by erasing the definition of defaultVhost or by not defining a vhost object named $default.

vhost

AMQP virtual host policy definition of users, user groups, allowed remote hosts, and AMQP restrictions.

id (string, required)

The vhost name.

maxConnections (integer, default=65535)

Maximum number of concurrent client connections allowed.

maxConnectionsPerUser (integer, default=65535)

Maximum number of concurrent client connections allowed for any single user.

maxConnectionsPerHost (integer, default=65535)

Maximum number of concurrent client connections allowed for any remote host.

allowUnknownUser (boolean)

Unrestricted users, those who are not members of a defined user group, are allowed to connect to this application. Unrestricted users are assigned to the default user group and receive default settings.

groups (map)

A map where each key is a user group name and the value is a map of the corresponding settings for that group.

container

(DEPRECATED)Attributes related to the AMQP container. This entity has been deprecated. Use the router entity instead.

containerName (string)

The name of the AMQP container. If not specified, the container name will be set to a value of the container’s choosing. The automatically assigned container name is not guaranteed to be persistent across restarts of the container.

workerThreads (integer, default=4)

The number of threads that will be created to process message traffic and other application work (timers, non-amqp file descriptors, etc.) .

debugDump (path)

A file to dump debugging information that can’t be logged normally.

saslConfigPath (path)

Absolute path to the SASL configuration file.

saslConfigName (string)

Name of the SASL configuration. This string + .conf is the name of the configuration file.

waypoint

(DEPRECATED) A remote node that messages for an address pass through. This entity has been deprecated. Use autoLink instead

address (string, required)

The AMQP address of the waypoint.

connector (string, required)

The name of the on-demand connector used to reach the waypoint’s container.

inPhase (integer, default=-1)

The phase of the address as it is routed to the waypoint.

outPhase (integer, default=-1)

The phase of the address as it is routed from the waypoint.

fixedAddress

(DEPRECATED) Establishes treatment for addresses starting with a prefix. This entity has been deprecated. Use address instead

prefix (string, required)

The address prefix (always starting with /).

phase (integer)

The phase of a multi-hop address passing through one or more waypoints.

fanout (One of [multiple, single], default=multiple)

One of multiple or single. Multiple fanout is a non-competing pattern. If there are multiple consumers using the same address, each consumer will receive its own copy of every message sent to the address. Single fanout is a competing pattern where each message is sent to only one consumer.

bias (One of [closest, spread], default=closest)

Only if fanout is single. One of closest or spread. Closest bias means that messages to an address will always be delivered to the closest (lowest cost) subscribed consumer. Spread bias will distribute the messages across subscribers in an approximately even manner.

linkRoutePattern

(DEPRECATED) An address pattern to match against link sources and targets to cause the router to link-route the attach across the network to a remote node. This entity has been deprecated. Use linkRoute instead

prefix (string, required)

An address prefix to match against target and source addresses. This pattern must be of the form <text>.<text1>.<textN> or <text> or <text>. and matches any address that contains that prefix. For example, if the prefix is set to org.apache (or org.apache.), any address that has the prefix org.apache (like org.apache.dev) will match. Note that a prefix must not start with a (.), can end in a (.) and can contain zero or more dots (.). Any characters between the dots are simply treated as part of the address

dir (One of [in, out, both], default=both)

Link direction for match: in matches only links inbound to the client; out matches only links outbound from the client; both matches any link.

connector (string)

The name of the on-demand connector used to reach the target node’s container. If this value is not provided, it means that the target container is expected to be connected to a different router in the network. This prevents links to a link-routable address from being misinterpreted as message-routing links when there is no route to a valid destination available.

See Also

qdrouterd(8), qdmanage(8)

http://qpid.apache.org/components/dispatch-router

Referenced By

qdmanage(8), qdrouterd(8), qdstat(8).

08/14/2017