1QDROUTERD.CONF(5)                                            QDROUTERD.CONF(5)
2
3
4

NAME

6       qdrouterd.conf - configuration file for the dispatch router.
7

SYNOPSIS

9       Provides the initial configuration when qdrouterd(8) starts. The
10       configuration of a running router can be modified using qdmanage(8).
11

DESCRIPTION

13       The configuration file is made up of sections with this syntax:
14
15           sectionName {
16               attributeName: attributeValue
17               attributeName: attributeValue
18               ...
19           }
20
21       For example you can define a router using the router section
22
23           router {
24               mode: standalone
25               id: Router.A
26               ...
27           }
28
29       or define a listener using the listener section
30
31           listener {
32               host: 0.0.0.0
33               port: 20102
34               saslMechanisms: ANONYMOUS
35               ...
36           }
37
38       or define a connector using the connector section
39
40           connector {
41               role: inter-router
42               host: 0.0.0.0
43               port: 20003
44               saslMechanisms: ANONYMOUS
45               ...
46           }
47
48       An sslProfile section with SSL credentials can be included in multiple
49       listener or connector entities. Here’s an example, note how the
50       sslProfile attribute of listener sections references the name attribute
51       of sslProfile sections.
52
53           sslProfile {
54               name: my-ssl
55               caCertFile: ca-certificate-1.pem
56               certFile: server-certificate-1.pem
57               privateKeyFile: server-private-key.pem
58           }
59
60           listener {
61               sslProfile: my-ssl
62               host: 0.0.0.0
63               port: 20102
64               saslMechanisms: ANONYMOUS
65           }
66

CONFIGURATION SECTIONS

68   router
69       Tracks peer routers and computes routes to destinations. This entity is
70       mandatory. The router will not start without this entity.
71
72       id (string)
73           Router’s unique identity. If not specified, a random identity will
74           be assigned at startup.
75
76       mode (One of [standalone, interior, edge], default=standalone)
77           In standalone mode, the router operates as a single component. It
78           does not participate in the routing protocol and therefore will not
79           cooperate with other routers. In interior mode, the router operates
80           in cooperation with other interior routers in an interconnected
81           network. In edge mode, the router can make a connection to an
82           interior router and join a network without causing that network to
83           recompute paths.
84
85       helloIntervalSeconds (integer, default=1)
86           Interval in seconds between HELLO messages sent to neighbor
87           routers.
88
89       helloMaxAgeSeconds (integer, default=3)
90           Time in seconds after which a neighbor is declared lost if no HELLO
91           is received.
92
93       raIntervalSeconds (integer, default=30)
94           Interval in seconds between Router-Advertisements sent to all
95           routers in a stable network.
96
97       raIntervalFluxSeconds (integer, default=4)
98           Interval in seconds between Router-Advertisements sent to all
99           routers during topology fluctuations.
100
101       remoteLsMaxAgeSeconds (integer, default=60)
102           Time in seconds after which link state is declared stale if no RA
103           is received.
104
105       workerThreads (integer, default=4)
106           The number of threads that will be created to process message
107           traffic and other application work (timers, non-amqp file
108           descriptors, etc.) .
109
110       debugDumpFile (path)
111           The absolute path to the location for the debug dump file. The
112           router writes debug-level information to this file if the logger is
113           not available.
114
115       saslConfigDir (path)
116           Absolute path to the SASL configuration file.
117
118       saslConfigName (string, default=qdrouterd)
119           Name of the SASL configuration. This string + .conf is the name of
120           the configuration file.
121
122       allowResumableLinkRoute (boolean, default=True)
123           Whether links can be routed where timeout is non-zero or
124           expiry-policy is not link-detach
125
126       timestampsInUTC (boolean)
127           Use UTC time rather than localtime in logs.
128
129       timestampFormat (string)
130           Format string to use for timestamps in logs.
131
132       allowUnsettledMulticast (boolean)
133           (DEPRECATED) If true, allow senders to send unsettled deliveries to
134           multicast addresses. These deliveries shall be settled by the
135           ingress router. If false, unsettled deliveries to multicast
136           addresses shall be rejected.
137
138       defaultDistribution (One of [multicast, closest, balanced,
139       unavailable], default=balanced)
140           Default forwarding treatment for any address without a specified
141           treatment. multicast - one copy of each message delivered to all
142           subscribers; closest - messages delivered to only the closest
143           subscriber; balanced - messages delivered to one subscriber with
144           load balanced across subscribers; unavailable - this address is
145           unavailable, link attaches to an address of unavilable distribution
146           will be rejected.
147
148       helloInterval (integer, default=1)
149           (DEPRECATED) Interval in seconds between HELLO messages sent to
150           neighbor routers. This attribute has been deprecated. Use
151           helloIntervalSeconds instead.
152
153       helloMaxAge (integer, default=3)
154           (DEPRECATED) Time in seconds after which a neighbor is declared
155           lost if no HELLO is received. This attribute has been deprecated.
156           Use helloMaxAgeSeconds instead.
157
158       raInterval (integer, default=30)
159           (DEPRECATED) Interval in seconds between Router-Advertisements sent
160           to all routers in a stable network. This attribute has been
161           deprecated. Use raIntervalSeconds instead.
162
163       raIntervalFlux (integer, default=4)
164           (DEPRECATED) Interval in seconds between Router-Advertisements sent
165           to all routers during topology fluctuations. This attribute has
166           been deprecated. Use raIntervalFluxSeconds instead.
167
168       remoteLsMaxAge (integer, default=60)
169           (DEPRECATED) Time in seconds after which link state is declared
170           stale if no RA is received. This attribute has been deprecated. Use
171           remoteLsMaxAgeSeconds instead.
172
173       debugDump (path)
174           (DEPRECATED) The absolute path to the location for the debug dump
175           file. The router writes debug-level information to this file if the
176           logger is not available. This attribute has been deprecated. Use
177           debugDumpFile instead.
178
179       saslConfigPath (path)
180           (DEPRECATED) Absolute path to the SASL configuration file. This
181           attribute has been deprecated. Use saslConfigDir instead.
182
183   sslProfile
184       Attributes for setting TLS/SSL configuration for connections.
185
186       ciphers (string)
187           Specifies the enabled ciphers so the SSL Ciphers can be hardened.
188           In other words, use this field to disable weak ciphers. The ciphers
189           are specified in the format understood by the OpenSSL library. For
190           example, ciphers can be set to
191           ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; — The
192           full list of allowed ciphers can be viewed using the openssl
193           ciphers command
194
195       protocols (string)
196           The TLS protocols that this sslProfile can use. You can specify a
197           list of one or more of TLSv1, TLSv1.1, or TLSv1.2. To specify
198           multiple protocols, separate the protocols with a space. For
199           example, to permit the sslProfile to use TLS v1.1 and TLS v1.2
200           only, you would set the value to TLSv1.1 TLSv1.2. If you do not
201           specify a value, the sslProfile uses the TLS protocol specified by
202           the system-wide configuration.
203
204       caCertFile (path)
205           The absolute path to the database that contains the public
206           certificates of trusted certificate authorities (CA).
207
208       certFile (path)
209           The absolute path to the file containing the PEM-formatted public
210           certificate to be used on the local end of any connections using
211           this profile.
212
213       privateKeyFile (path)
214           The absolute path to the file containing the PEM-formatted private
215           key for the above certificate.
216
217       passwordFile (path)
218           If the above private key is password protected, this is the
219           absolute path to a file containing the password that unlocks the
220           certificate key. This file should be permission protected to limit
221           access
222
223       password (string)
224           (DEPRECATED) An alternative to storing the password in a file
225           referenced by passwordFile is to supply the password right here in
226           the configuration file. This takes precedence over the passwordFile
227           if both are specified. This attribute has been deprecated because
228           it is unsafe to store plain text passwords in config files. Use the
229           passwordFile instead
230
231       uidFormat (string)
232           A list of x509 client certificate fields that will be used to build
233           a string that will uniquely identify the client certificate owner.
234           For e.g. a value of cou indicates that the uid will consist of c -
235           common name concatenated with o - organization-company name
236           concatenated with u - organization unit; or a value of o2 indicates
237           that the uid will consist of o (organization name) concatenated
238           with 2 (the sha256 fingerprint of the entire certificate) . Allowed
239           values can be any combination of c( ISO3166 two character country
240           code), s(state or province), l(Locality; generally - city),
241           o(Organization - Company Name), u(Organization Unit - typically
242           certificate type or brand), n(CommonName - typically a user name
243           for client certificates) and 1(sha1 certificate fingerprint, as
244           displayed in the fingerprints section when looking at a certificate
245           with say a web browser is the hash of the entire certificate) and 2
246           (sha256 certificate fingerprint) and 5 (sha512 certificate
247           fingerprint). The user identifier (uid) that is generated based on
248           the uidFormat is a string which has a semi-colon as a separator
249           between the components
250
251       uidNameMappingFile (string)
252           The absolute path to the file containing the unique id to display
253           name mapping
254
255       certDb (path)
256           (DEPRECATED) The absolute path to the database that contains the
257           public certificates of trusted certificate authorities (CA). This
258           attribute has been deprecated. Use caCertFile instead.
259
260       keyFile (path)
261           (DEPRECATED) The absolute path to the file containing the
262           PEM-formatted private key for the above certificate. This attribute
263           has been deprecated. Use privateKeyFile instead.
264
265       displayNameFile (string)
266           (DEPRECATED) The absolute path to the file containing the unique id
267           to display name mapping This attribute has been deprecated. Use
268           uidNameMappingFile instead.
269
270   authServicePlugin
271       EXPERIMENTAL. Attributes for setting SASL plugin.
272
273       authService (string)
274           (DEPRECATED) Address of a service to delegate authentication to.
275           This attribute has been deprecated. Use the host and port
276           attributes instead.
277
278       host (string)
279           A host name, IPV4 or IPV6 literal, of the service to delegate to.
280
281       port (string, default=amqp)
282           Port number of the service delegated host.
283
284       realm (string)
285           Value to set for hostname field on sasl-init
286
287       sslProfile (string)
288           Name of the sslProfile to use for the authentication service.
289
290       saslInitHostname (string)
291           (DEPRECATED) Value to set for hostname field on sasl-init This
292           attribute has been deprecated. Use realm instead.
293
294       authSslProfile (string)
295           (DEPRECATED) Name of the sslProfile to use for the authentication
296           service. This attribute has been deprecated. Use sslProfile
297           instead.
298
299   listener
300       Listens for incoming connections to the router.
301
302       host (string)
303           A host name, IPV4 or IPV6 literal, or the empty string. The empty
304           string listens on all local addresses. A host name listens on all
305           addresses associated with the name. An IPV6 literal address (or
306           wildcard [::]) listens only for IPV6. An IPV4 literal address (or
307           wildcard 0.0.0.0) listens only for IPV4.
308
309       port (string, default=amqp)
310           Port number or symbolic service name. If 0, the router shall assign
311           an ephemeral port to the listener and log the port number with a
312           log of the form SERVER (notice) Listening on <host>:<assigned-port>
313           (<listener-name>)
314
315       socketAddressFamily (One of [IPv4, IPv6])
316           [IPv4, IPv6] IPv4: Internet Protocol version 4; IPv6: Internet
317           Protocol version 6. If not specified, the protocol family will be
318           automatically determined from the address.
319
320       role (One of [normal, inter-router, route-container, edge],
321       default=normal)
322           The role of an established connection. In the normal role, the
323           connection is assumed to be used for AMQP clients that are doing
324           normal message delivery over the connection. In the inter-router
325           role, the connection is assumed to be to another router in the
326           network. Inter-router discovery and routing protocols can only be
327           used over inter-router connections. route-container role can be
328           used for router-container connections, for example, a router-broker
329           connection. In the edge role, the connection is assumed to be
330           between an edge router and an interior router.
331
332       cost (integer, default=1)
333           For the inter-router role only. This value assigns a cost metric to
334           the inter-router connection. The default (and minimum) value is
335           one. Higher values represent higher costs. The cost is used to
336           influence the routing algorithm as it attempts to use the path with
337           the lowest total cost from ingress to egress.
338
339       sslProfile (string)
340           Name of the sslProfile.
341
342       saslMechanisms (string)
343           Space separated list of accepted SASL authentication mechanisms.
344
345       authenticatePeer (boolean)
346           yes: Require the peer’s identity to be authenticated; no: Do not
347           require any authentication.
348
349       saslPlugin (string)
350           EXPERIMENTAL. Name of the a sasl plugin configuration section to
351           use for this listener (e.g. authServicePlugin).
352
353       requireEncryption (boolean)
354           yes: Require the connection to the peer to be encrypted; no: Permit
355           non-encrypted communication with the peer
356
357       requireSsl (boolean)
358           yes: Require the use of SSL or TLS on the connection; no: Allow
359           clients to connect without SSL or TLS.
360
361       trustedCertsFile (path)
362           This optional setting can be used to reduce the set of available
363           CAs for client authentication. If used, this setting must provide
364           the absolute path to a PEM file that contains the trusted
365           certificates.
366
367       maxFrameSize (integer, default=16384)
368           The maximum frame size in octets that will be used in the
369           connection-open negotiation with a connected peer. The frame size
370           is the largest contiguous set of uninterrupted data that can be
371           sent for a message delivery over the connection. Interleaving of
372           messages on different links is done at frame granularity. Policy
373           settings, if specified, will overwrite this value. Defaults to
374           16384.
375
376       maxSessions (integer, default=32768)
377           The maximum number of sessions that can be simultaneously active on
378           the connection. Setting this value to zero selects the default
379           number of sessions. Policy settings, if specified, will overwrite
380           this value. Defaults to 32768.
381
382       maxSessionFrames (integer)
383           Session incoming window measured in transfer frames for sessions
384           created on this connection. This is the number of transfer frames
385           that may simultaneously be in flight for all links in the session.
386           Setting this value to zero selects the default session window size.
387           Policy settings, if specified, will overwrite this value. The
388           numerical product of maxFrameSize and maxSessionFrames may not
389           exceed 231-1. If (maxFrameSize x maxSessionFrames) exceeds 231-1
390           then maxSessionFrames is reduced to (2^31-1 / maxFrameSize).
391           maxSessionFrames has a minimum value of 1. Defaults to 0 (unlimited
392           window).
393
394       idleTimeoutSeconds (integer, default=16)
395           The idle timeout, in seconds, for connections through this
396           listener. If no frames are received on the connection for this time
397           interval, the connection shall be closed.
398
399       initialHandshakeTimeoutSeconds (integer)
400           The timeout, in seconds, for the initial handshake for connections
401           coming in through listeners. If the time interval expires before
402           the peer sends the AMQP OPEN frame, the connection shall be closed.
403           A value of zero (the default) disables this timeout.
404
405       stripAnnotations (One of [in, out, both, no], default=both)
406           [in, out, both, no] in: Strip the dispatch router specific
407           annotations only on ingress; out: Strip the dispatch router
408           specific annotations only on egress; both: Strip the dispatch
409           router specific annotations on both ingress and egress; no - do not
410           strip dispatch router specific annotations
411
412       linkCapacity (integer)
413           The capacity of links within this connection, in terms of message
414           deliveries. The capacity is the number of messages that can be
415           in-flight concurrently for each link.
416
417       multiTenant (boolean)
418           If true, apply multi-tenancy to endpoints connected at this
419           listener. The address space is defined by the virtual host
420           (hostname field in the Open).
421
422       failoverUrls (string)
423           A comma-separated list of failover urls to be supplied to connected
424           clients. Form: [(amqp|amqps|ws|wss)://]host_or_ip[:port]
425
426       healthz (boolean, default=True)
427           Provide a simple HTTP based liveness test (using path /healthz).
428           Assumes listener is enabled for http.
429
430       metrics (boolean, default=True)
431           Export metrics in prometheus text format for the router (using path
432           /metrics). Assumes listener is enabled for http.
433
434       websockets (boolean, default=True)
435           For an http enabled listener, determines whether websockets access
436           is enabled (true by default).
437
438       http (boolean)
439           Accept HTTP connections that can upgrade to AMQP over WebSocket.
440           Plain AMQP connections are not accepted on this listener.
441
442       httpRootDir (path)
443           Absolute path to a directory from which to serve static HTML files.
444           For example, /usr/share/qpid-dispatch/console.
445
446       messageLoggingComponents (string, default=none)
447           A comma separated list that indicates which components of the
448           message should be logged. Defaults to none (log nothing). If you
449           want all properties and application properties of the message
450           logged use all. Specific components of the message can be logged by
451           indicating the components via a comma separated list. The
452           components are message-id, user-id, to, subject, reply-to,
453           correlation-id, content-type, content-encoding,
454           absolute-expiry-time, creation-time, group-id, group-sequence,
455           reply-to-group-id, app-properties. The application-data part of the
456           bare message will not be logged. No spaces are allowed
457
458       policyVhost (string)
459           A listener may optionally define a virtual host to index to a
460           specific policy to restrict the remote container to access only
461           specific resources. This attribute defines the name of the policy
462           vhost for this listener. If multi-tenancy is enabled for the
463           listener, this vhost will override the peer-supplied vhost for the
464           purposes of identifying the desired policy settings for the
465           connections.
466
467       protocolFamily (One of [IPv4, IPv6])
468           (DEPRECATED) [IPv4, IPv6] IPv4: Internet Protocol version 4; IPv6:
469           Internet Protocol version 6. If not specified, the protocol family
470           will be automatically determined from the address. This attribute
471           has been deprecated. Use socketAddressFamily instead.
472
473       trustedCerts (path)
474           (DEPRECATED) This optional setting can be used to reduce the set of
475           available CAs for client authentication. If used, this setting must
476           provide the absolute path to a PEM file that contains the trusted
477           certificates. This attribute has been deprecated. Use
478           trustedCertsFile instead.
479
480       failoverList (string)
481           (DEPRECATED) A comma-separated list of failover urls to be supplied
482           to connected clients. Form:
483           [(amqp|amqps|ws|wss)://]host_or_ip[:port] This attribute has been
484           deprecated. Use failoverUrls instead.
485
486       httpRoot (path)
487           (DEPRECATED) Absolute path to a directory from which to serve
488           static HTML files. For example, /usr/share/qpid-dispatch/console.
489           This attribute has been deprecated. Use httpRootDir instead.
490
491       logMessage (string, default=none)
492           (DEPRECATED) A comma separated list that indicates which components
493           of the message should be logged. Defaults to none (log nothing). If
494           you want all properties and application properties of the message
495           logged use all. Specific components of the message can be logged by
496           indicating the components via a comma separated list. The
497           components are message-id, user-id, to, subject, reply-to,
498           correlation-id, content-type, content-encoding,
499           absolute-expiry-time, creation-time, group-id, group-sequence,
500           reply-to-group-id, app-properties. The application-data part of the
501           bare message will not be logged. No spaces are allowed This
502           attribute has been deprecated. Use messageLoggingComponents
503           instead.
504
505   connector
506       Establishes an outgoing connection from the router.
507
508       host (string, default=127.0.0.1)
509           IP address: ipv4 or ipv6 literal or a host name
510
511       port (string, default=amqp)
512           Port number or symbolic service name.
513
514       protocolFamily (One of [IPv4, IPv6])
515           [IPv4, IPv6] IPv4: Internet Protocol version 4; IPv6: Internet
516           Protocol version 6. If not specified, the protocol family will be
517           automatically determined from the address.
518
519       role (One of [normal, inter-router, route-container, edge],
520       default=normal)
521           The role of an established connection. In the normal role, the
522           connection is assumed to be used for AMQP clients that are doing
523           normal message delivery over the connection. In the inter-router
524           role, the connection is assumed to be to another router in the
525           network. Inter-router discovery and routing protocols can only be
526           used over inter-router connections. route-container role can be
527           used for router-container connections, for example, a router-broker
528           connection. In the edge role, the connection is assumed to be
529           between and edge router and an interior router.
530
531       cost (integer, default=1)
532           For the inter-router role only. This value assigns a cost metric to
533           the inter-router connection. The default (and minimum) value is
534           one. Higher values represent higher costs. The cost is used to
535           influence the routing algorithm as it attempts to use the path with
536           the lowest total cost from ingress to egress.
537
538       sslProfile (string)
539           Name of the sslProfile.
540
541       saslMechanisms (string)
542           Space separated list of accepted SASL authentication mechanisms.
543
544       allowRedirect (boolean, default=True)
545           Allow the peer to redirect this connection to another address.
546
547       maxFrameSize (integer, default=16384)
548           The maximum frame size in octets that will be used in the
549           connection-open negotiation with a connected peer. The frame size
550           is the largest contiguous set of uninterrupted data that can be
551           sent for a message delivery over the connection. Interleaving of
552           messages on different links is done at frame granularity. Policy
553           settings will not overwrite this value. Defaults to 16384.
554
555       maxSessions (integer, default=32768)
556           The maximum number of sessions that can be simultaneously active on
557           the connection. Setting this value to zero selects the default
558           number of sessions. Policy settings will not overwrite this value.
559           Defaults to 32768.
560
561       maxSessionFrames (integer)
562           Session incoming window measured in transfer frames for sessions
563           created on this connection. This is the number of transfer frames
564           that may simultaneously be in flight for all links in the session.
565           Setting this value to zero selects the default session window size.
566           Policy settings will not overwrite this value. The numerical
567           product of maxFrameSize and maxSessionFrames may not exceed 231-1.
568           If (maxFrameSize x maxSessionFrames) exceeds 231-1 then
569           maxSessionFrames is reduced to (2^31-1 / maxFrameSize).
570           maxSessionFrames has a minimum value of 1. Defaults to 0 (unlimited
571           window).
572
573       idleTimeoutSeconds (integer, default=16)
574           The idle timeout, in seconds, for connections through this
575           connector. If no frames are received on the connection for this
576           time interval, the connection shall be closed.
577
578       stripAnnotations (One of [in, out, both, no], default=both)
579           [in, out, both, no] in: Strip the dispatch router specific
580           annotations only on ingress; out: Strip the dispatch router
581           specific annotations only on egress; both: Strip the dispatch
582           router specific annotations on both ingress and egress; no - do not
583           strip dispatch router specific annotations
584
585       linkCapacity (integer)
586           The capacity of links within this connection, in terms of message
587           deliveries. The capacity is the number of messages that can be
588           in-flight concurrently for each link.
589
590       verifyHostname (boolean, default=True)
591           yes: Ensures that when initiating a connection (as a client) the
592           host name in the URL to which this connector connects to matches
593           the host name in the digital certificate that the peer sends back
594           as part of the SSL connection; no: Does not perform host name
595           verification
596
597       saslUsername (string)
598           The user name that the connector is using to connect to a peer.
599
600       saslPassword (string)
601           The password that the connector is using to connect to a peer.
602
603       messageLoggingComponents (string, default=none)
604           A comma separated list that indicates which components of the
605           message should be logged (no spaces allowed between list
606           components). Defaults to none (log nothing). If you want all
607           properties and application properties of the message logged use
608           all. Specific components of the message can be logged by indicating
609           the components via a comma separated list. The components are
610           message-id, user-id, to, subject, reply-to, correlation-id,
611           content-type, content-encoding, absolute-expiry-time,
612           creation-time, group-id, group-sequence, reply-to-group-id,
613           app-properties. The application-data part of the bare message will
614           not be logged. This log message is written to the MESSAGE logging
615           module. In the log entity, set module property to MESSAGE or
616           DEFAULT and enable to trace+ to see this log message
617
618       policyVhost (string)
619           A connector may optionally define a policy to restrict the remote
620           container to access only specific resources. This attribute defines
621           the name of the policy vhost for this connector. Within the vhost
622           the connector will use the vhost policy settings from user group
623           $connector. If the vhost policy is absent or if the user group
624           $connector within that policy is absent then the connector will
625           fail to start. In policy specified via connector attribute
626           policyVhost the following vhostUserGroupSettings attributes are
627           unused: users, remoteHosts, maxFrameSize, maxSessionWindow,
628           maxSessions.
629
630       verifyHostName (boolean, default=True)
631           (DEPRECATED) yes: Ensures that when initiating a connection (as a
632           client) the host name in the URL to which this connector connects
633           to matches the host name in the digital certificate that the peer
634           sends back as part of the SSL connection; no: Does not perform host
635           name verification This attribute has been deprecated. Use
636           verifyHostname instead.
637
638       logMessage (string, default=none)
639           (DEPRECATED) A comma separated list that indicates which components
640           of the message should be logged (no spaces allowed between list
641           components). Defaults to none (log nothing). If you want all
642           properties and application properties of the message logged use
643           all. Specific components of the message can be logged by indicating
644           the components via a comma separated list. The components are
645           message-id, user-id, to, subject, reply-to, correlation-id,
646           content-type, content-encoding, absolute-expiry-time,
647           creation-time, group-id, group-sequence, reply-to-group-id,
648           app-properties. The application-data part of the bare message will
649           not be logged. This log message is written to the MESSAGE logging
650           module. In the log entity, set module property to MESSAGE or
651           DEFAULT and enable to trace+ to see this log message This attribute
652           has been deprecated. Use messageLoggingComponents instead.
653
654   log
655       Configure logging for a particular module. You can use the UPDATE
656       operation to change log settings while the router is running.
657
658       module (One of [ROUTER, ROUTER_CORE, ROUTER_HELLO, ROUTER_LS,
659       ROUTER_MA, MESSAGE, SERVER, AGENT, AUTHSERVICE, CONTAINER, ERROR,
660       POLICY, HTTP, CONN_MGR, PYTHON, DEFAULT], required)
661           Module to configure. The special module DEFAULT specifies defaults
662           for all modules.
663
664       enable (string)
665           Levels are: trace, debug, info, notice, warning, error, critical.
666           The enable string is a comma-separated list of levels. A level may
667           have a trailing + to enable that level and above. For example
668           trace,debug,warning+ means enable trace, debug, warning, error and
669           critical. The value none means disable logging for the module.
670
671       includeTimestamp (boolean)
672           Include timestamp in log messages.
673
674       includeSource (boolean)
675           Include source file and line number in log messages.
676
677       outputFile (string)
678           Where to send log messages. Can be stderr, stdout, syslog or a file
679           name.
680
681       timestamp (boolean)
682           (DEPRECATED) Include timestamp in log messages. This attribute has
683           been deprecated. Use includeTimestamp instead.
684
685       source (boolean)
686           (DEPRECATED) Include source file and line number in log messages.
687           This attribute has been deprecated. Use includeSource instead.
688
689       output (string)
690           (DEPRECATED) Where to send log messages. Can be stderr, stdout,
691           syslog or a file name. This attribute has been deprecated. Use
692           outputFile instead.
693
694   address
695       Entity type for address configuration. This is used to configure the
696       treatment of message-routed deliveries within a particular
697       address-space. The configuration controls distribution and address
698       phasing.
699
700       prefix (string)
701           The address prefix for the configured settings. Cannot be used with
702           a pattern attribute.
703
704       pattern (string)
705           A wildcarded pattern for address matching. Incoming addresses are
706           matched against this pattern. Matching addresses use the configured
707           settings. The pattern consists of one or more tokens separated by a
708           forward slash /. A token can be one of the following: a *
709           character, a # character, or a sequence of characters that do not
710           include /, *, or #. The * token matches any single token. The #
711           token matches zero or more tokens. * has higher precedence than #,
712           and exact match has the highest precedence. Cannot be used with a
713           prefix attribute.
714
715       distribution (One of [multicast, closest, balanced, unavailable],
716       default=balanced)
717           Treatment of traffic associated with the address
718
719       waypoint (boolean)
720           Designates this address space as being used for waypoints. This
721           will cause the proper address-phasing to be used.
722
723       ingressPhase (integer)
724           Advanced - Override the ingress phase for this address
725
726       egressPhase (integer)
727           Advanced - Override the egress phase for this address
728
729       priority (integer)
730           All messages sent to this address which lack an intrinsic priority
731           will be assigned this priority.
732
733   linkRoute
734       Entity type for link-route configuration. This is used to identify
735       remote containers that shall be destinations for routed link-attaches.
736       The link-routing configuration applies to an addressing space defined
737       by a prefix or a pattern.
738
739       prefix (string)
740           The address prefix for the configured settings. Cannot be used with
741           the pattern attribute.
742
743       pattern (string)
744           A wildcarded pattern for address matching. Link addresses are
745           matched against this pattern. Matching addresses use the configured
746           settings. The pattern consists of one or more tokens separated by a
747           forward slash /. A token can be one of the following: a *
748           character, a # character, or a sequence of characters that do not
749           include /, *, or #. The * token matches any single token. The #
750           token matches zero or more tokens. * has higher precedence than #,
751           and exact match has the highest precedence. Cannot be used with the
752           prefix attribute.
753
754       addExternalPrefix (string)
755           add the specified prefix to the address of the remote terminus on
756           the route container link
757
758       delExternalPrefix (string)
759           remove the specified prefix to the address of the remote terminus
760           on the route container link
761
762       containerId (string)
763           ContainerID for the target container. Only one of containerId or
764           connection should be specified for a linkRoute. Specifying both
765           will result in the linkRoute not being created.
766
767       connection (string)
768           The name from a connector or listener. Only one of containerId or
769           connection should be specified for a linkRoute. Specifying both
770           will result in the linkRoute not being created.
771
772       distribution (One of [linkBalanced], default=linkBalanced)
773           Treatment of traffic associated with the address
774
775       direction (One of [in, out], required)
776           The permitted direction of links: in means client senders; out
777           means client receivers
778
779       dir (One of [in, out], required)
780           (DEPRECATED) The permitted direction of links: in means client
781           senders; out means client receivers This attribute has been
782           deprecated. Use direction instead.
783
784   autoLink
785       Entity type for configuring auto-links. Auto-links are links whose
786       lifecycle is managed by the router. These are typically used to attach
787       to waypoints on remote containers (brokers, etc.).
788
789       addr (string, required)
790           The address of the provisioned object
791
792       direction (One of [in, out], required)
793           The direction of the link to be created. In means into the router,
794           out means out of the router.
795
796       phase (integer)
797           The address phase for this link. Defaults to 0 for out links and 1
798           for in links.
799
800       containerId (string)
801           ContainerID for the target container. Only one of containerId or
802           connection should be specified for an autoLink. Specifying both
803           will result in the autoLink not being created
804
805       connection (string)
806           The name from a connector or listener. Only one of containerId or
807           connection should be specified for an autoLink. Specifying both
808           will result in the autoLink not being created
809
810       externalAddr (string)
811           If present, an alternate address of the node on the remote
812           container. This is used if the node has a different address than
813           the address used internally by the router to route deliveries.
814
815       dir (One of [in, out], required)
816           (DEPRECATED) The direction of the link to be created. In means into
817           the router, out means out of the router. This attribute has been
818           deprecated. Use direction instead.
819
820   exchange
821       [EXPERIMENTAL] Defines a topic exchange.
822
823       address (string, required)
824           The address of the exchange. Used by the message publisher as the
825           target for sending messages.
826
827       phase (integer)
828           The address phase for the exchange. Defaults to 0.
829
830       alternateAddress (string)
831           The address to forward the message to if no bindings are matched.
832
833       alternatePhase (integer)
834           The address phase for the alternateAddress. Defaults to 0.
835
836       matchMethod (One of [amqp, mqtt], default=amqp)
837           Key matching algorithm used.  amqp uses the legacy AMQP topic
838           exchange wildcard match method as described in the pre-1.0 drafts.
839           mqtt uses the MQTT topic filter wildcard match method.
840
841   binding
842       [EXPERIMENTAL] Defines a keyed next hop binding for a topic exchange.
843       The subject field of the messages arriving at the exchange is compared
844       against the binding’s key value using the exchange’s matchMethod. If
845       the subject matches the key the message is forwarded to the
846       nextHopAddress. The nextHopAddress overrides the message’s original
847       destination.
848
849       exchangeName (string, required)
850           The name of the exchange to bind.
851
852       bindingKey (string)
853           Pattern to compare against incoming message’s subject. The key is a
854           string of zero or more tokens and wildcards. The format depends on
855           the matchMethod configured for the exchange. For AMQP each token is
856           delimited by the .  character and wild-card tokens * matches a
857           single token and
858
859           matches zero or more tokens. For MQTT each token is delimited by
860           the / character and wildcard tokens + matches a single token and
861
862           matches zero or more tokens at the end of the topic. If a key is
863           not provided the binding will match all messages arriving at the
864           exchange (fanout behavior).
865
866       nextHopAddress (string, required)
867           The address to forward the message to when the message’s topic
868           string matches the binding key pattern. This address is used by
869           message consumers as the source of incoming messages.
870
871       nextHopPhase (integer)
872           The address phase used when forwarding messages that match this
873           binding.
874
875   console
876       (DEPRECATED) Start a websocket/tcp proxy and http file server to serve
877       the web console
878
879       listener (string)
880           The name of the listener to send the proxied tcp traffic to.
881
882       wsport (integer, default=5673)
883           port on which to listen for websocket traffic
884
885       proxy (string, required)
886           The full path to the proxy program to run.
887
888       home (string, required)
889           The full path to the html/css/js files for the console.
890
891       args (string)
892           Optional args to pass the proxy program for logging,
893           authentication, etc.
894
895   policy
896       Defines global connection limit
897
898       maxConnections (integer, default=65535)
899           The maximum number of concurrent client connections allowed for
900           this router. This limit is always enforced, even if no other policy
901           settings have been defined. The limit is applied to all incoming
902           connections regardless of remote host, authenticated user, or
903           targeted vhost.
904
905       enableVhostPolicy (boolean)
906           Enables the router to enforce the connection denials and resource
907           limits defined in the configured vhost policies.
908
909       enableVhostNamePatterns (boolean)
910           Enable vhost name patterns. When false vhost hostnames are treated
911           as literal strings. When true vhost hostnames are treated as match
912           patterns.
913
914       policyDir (path)
915           The absolute path to a directory that holds vhost policy definition
916           files in JSON format (*.json). The router processes all of the
917           vhost policies in each JSON file that is in this directory.
918
919       defaultVhost (string)
920           The name of the default vhost policy. This policy rule set is
921           applied to a connection for which a vhost policy has not otherwise
922           been configured. Processing for the default vhost is enabled by
923           default and set to select vhost $default. To disable default vhost
924           processing set defaultVhost to blank or do not define a vhost named
925           $default.
926
927   vhost
928       AMQP virtual host policy definition of users, user groups, allowed
929       remote hosts, and AMQP restrictions.
930
931       hostname (string, required)
932           The hostname of the vhost. This vhost policy will be applied to any
933           client connection that is directed to this hostname.
934
935       maxConnections (integer, default=65535)
936           The global maximum number of concurrent client connections allowed
937           for this vhost.
938
939       maxConnectionsPerUser (integer, default=65535)
940           The maximum number of concurrent client connections allowed for any
941           user.
942
943       maxConnectionsPerHost (integer, default=65535)
944           The maximum number of concurrent client connections allowed for any
945           remote host (the host from which the client is connecting).
946
947       allowUnknownUser (boolean)
948           Whether unknown users (users who are not members of a defined user
949           group) are allowed to connect to the vhost. Unknown users are
950           assigned to the $default user group and receive $default settings.
951
952       groups (map)
953           A map where each key is a vhost name and each value is a map of the
954           settings for users of that vhost.
955
956       id (string, required)
957           (DEPRECATED) The hostname of the vhost. This vhost policy will be
958           applied to any client connection that is directed to this hostname.
959           This attribute has been deprecated. Use hostname instead.
960
961   vhostUserGroupSettings
962       Policy settings for users connecting to a vhost. Configuration files
963       including this section must use .json format.
964
965       maxFrameSize (integer, default=16384)
966           The largest frame, in bytes, that may be sent on this connection.
967           Non-zero policy values overwrite values specified for a listener
968           object (AMQP Open, max-frame-size).
969
970       maxSessionWindow (integer, default=1638400)
971           The incoming capacity for new AMQP sessions, measured in octets.
972           Non-zero policy values overwrite values specified for a listener
973           object (AMQP Begin, incoming-window).
974
975       maxSessions (integer, default=32768)
976           The maximum number of sessions that may be created on this
977           connection. Non-zero policy values overwrite values specified for a
978           listener object (AMQP Open, channel-max).
979
980       maxSenders (integer, default=2147483647)
981           The maximum number of sending links that may be created on this
982           connection. A value of 0 disables all sender links.
983
984       maxReceivers (integer, default=2147483647)
985           The maximum number of receiving links that may be created on this
986           connection. A value of 0 disables all receiver links.
987
988       allowDynamicSource (boolean)
989           Whether this connection is allowed to create dynamic receiving
990           links (links to resources that do not exist on the peer). A value
991           of true means that users are able to automatically create resources
992           on the peer system.
993
994       allowAnonymousSender (boolean)
995           Whether this connection is allowed to create sending links if the
996           sender does not provide a target address. By prohibiting anonymous
997           senders, the router only needs to verify once, when the link is
998           created, that the sender is permitted to send messages to the
999           target address. The router does not need to verify each message
1000           that is sent on the link. A value of true means that users may send
1001           messages to any address. Allowing anonymous senders can also
1002           decrease performance: if the sender does not specify a target
1003           address, then the router must parse each message to determine how
1004           to route it.
1005
1006       allowUserIdProxy (boolean)
1007           Whether this connection is allowed to send messages with a user ID
1008           that is different than the connection’s authenticated user name.
1009
1010       allowWaypointLinks (boolean, default=True)
1011           Whether this connection is allowed to claim waypoint.N capability
1012           for attached links. This allows endpoints to act as waypoints
1013           without needing auto-links.
1014
1015       allowDynamicLinkRoutes (boolean, default=True)
1016           Whether this connection is allowed to dynamically create
1017           connection-scoped link route destinations.
1018
1019       allowAdminStatusUpdate (boolean, default=True)
1020           Whether this connection is allowed to update the admin status of
1021           other connections. Note: Inter-router connections cannot be deleted
1022           at any time.
1023
1024       sources (string)
1025
1026       targets (string)
1027
1028       sourcePattern (string)
1029
1030       targetPattern (string)
1031

SEE ALSO

1033       qdrouterd(8), qdmanage(8)
1034
1035       http://qpid.apache.org/components/dispatch-router
1036
1037
1038
1039                                  05/14/2019                 QDROUTERD.CONF(5)
Impressum