1QDROUTERD.CONF(5) QDROUTERD.CONF(5)
2
3
4
6 qdrouterd.conf - configuration file for the dispatch router.
7
9 Provides the initial configuration when qdrouterd(8) starts. The
10 configuration of a running router can be modified using qdmanage(8).
11
13 The configuration file is made up of sections with this syntax:
14
15 sectionName {
16 attributeName: attributeValue
17 attributeName: attributeValue
18 ...
19 }
20
21 For example you can define a router using the router section
22
23 router {
24 mode: standalone
25 id: Router.A
26 ...
27 }
28
29 or define a listener using the listener section
30
31 listener {
32 host: 0.0.0.0
33 port: 20102
34 saslMechanisms: ANONYMOUS
35 ...
36 }
37
38 or define a connector using the connector section
39
40 connector {
41 role: inter-router
42 host: 0.0.0.0
43 port: 20003
44 saslMechanisms: ANONYMOUS
45 ...
46 }
47
48 An sslProfile section with SSL credentials can be included in multiple
49 listener or connector entities. Here’s an example, note how the
50 sslProfile attribute of listener sections references the name attribute
51 of sslProfile sections.
52
53 sslProfile {
54 name: my-ssl
55 caCertFile: ca-certificate-1.pem
56 certFile: server-certificate-1.pem
57 privateKeyFile: server-private-key.pem
58 }
59
60 listener {
61 sslProfile: my-ssl
62 host: 0.0.0.0
63 port: 20102
64 saslMechanisms: ANONYMOUS
65 }
66
68 router
69 Tracks peer routers and computes routes to destinations. This entity is
70 mandatory. The router will not start without this entity.
71
72 id (string)
73 Router’s unique identity. If not specified, a random identity will
74 be assigned at startup.
75
76 mode (One of [standalone, interior, edge], default=standalone)
77 In standalone mode, the router operates as a single component. It
78 does not participate in the routing protocol and therefore will not
79 cooperate with other routers. In interior mode, the router operates
80 in cooperation with other interior routers in an interconnected
81 network. In edge mode, the router can make a connection to an
82 interior router and join a network without causing that network to
83 recompute paths.
84
85 helloIntervalSeconds (integer, default=1)
86 Interval in seconds between HELLO messages sent to neighbor
87 routers.
88
89 helloMaxAgeSeconds (integer, default=3)
90 Time in seconds after which a neighbor is declared lost if no HELLO
91 is received.
92
93 raIntervalSeconds (integer, default=30)
94 Interval in seconds between Router-Advertisements sent to all
95 routers in a stable network.
96
97 raIntervalFluxSeconds (integer, default=4)
98 Interval in seconds between Router-Advertisements sent to all
99 routers during topology fluctuations.
100
101 remoteLsMaxAgeSeconds (integer, default=60)
102 Time in seconds after which link state is declared stale if no RA
103 is received.
104
105 workerThreads (integer, default=4)
106 The number of threads that will be created to process message
107 traffic and other application work (timers, non-amqp file
108 descriptors, etc.) .
109
110 debugDumpFile (path)
111 The absolute path to the location for the debug dump file. The
112 router writes debug-level information to this file if the logger is
113 not available.
114
115 saslConfigDir (path)
116 Absolute path to the SASL configuration file.
117
118 saslConfigName (string, default=qdrouterd)
119 Name of the SASL configuration. This string + .conf is the name of
120 the configuration file.
121
122 allowResumableLinkRoute (boolean, default=True)
123 Whether links can be routed where timeout is non-zero or
124 expiry-policy is not link-detach
125
126 timestampsInUTC (boolean)
127 Use UTC time rather than localtime in logs.
128
129 timestampFormat (string)
130 Format string to use for timestamps in logs.
131
132 allowUnsettledMulticast (boolean)
133 (DEPRECATED) If true, allow senders to send unsettled deliveries to
134 multicast addresses. These deliveries shall be settled by the
135 ingress router. If false, unsettled deliveries to multicast
136 addresses shall be rejected.
137
138 defaultDistribution (One of [multicast, closest, balanced,
139 unavailable], default=balanced)
140 Default forwarding treatment for any address without a specified
141 treatment. multicast - one copy of each message delivered to all
142 subscribers; closest - messages delivered to only the closest
143 subscriber; balanced - messages delivered to one subscriber with
144 load balanced across subscribers; unavailable - this address is
145 unavailable, link attaches to an address of unavilable distribution
146 will be rejected.
147
148 helloInterval (integer, default=1)
149 (DEPRECATED) Interval in seconds between HELLO messages sent to
150 neighbor routers. This attribute has been deprecated. Use
151 helloIntervalSeconds instead.
152
153 helloMaxAge (integer, default=3)
154 (DEPRECATED) Time in seconds after which a neighbor is declared
155 lost if no HELLO is received. This attribute has been deprecated.
156 Use helloMaxAgeSeconds instead.
157
158 raInterval (integer, default=30)
159 (DEPRECATED) Interval in seconds between Router-Advertisements sent
160 to all routers in a stable network. This attribute has been
161 deprecated. Use raIntervalSeconds instead.
162
163 raIntervalFlux (integer, default=4)
164 (DEPRECATED) Interval in seconds between Router-Advertisements sent
165 to all routers during topology fluctuations. This attribute has
166 been deprecated. Use raIntervalFluxSeconds instead.
167
168 remoteLsMaxAge (integer, default=60)
169 (DEPRECATED) Time in seconds after which link state is declared
170 stale if no RA is received. This attribute has been deprecated. Use
171 remoteLsMaxAgeSeconds instead.
172
173 debugDump (path)
174 (DEPRECATED) The absolute path to the location for the debug dump
175 file. The router writes debug-level information to this file if the
176 logger is not available. This attribute has been deprecated. Use
177 debugDumpFile instead.
178
179 saslConfigPath (path)
180 (DEPRECATED) Absolute path to the SASL configuration file. This
181 attribute has been deprecated. Use saslConfigDir instead.
182
183 sslProfile
184 Attributes for setting TLS/SSL configuration for connections.
185
186 ciphers (string)
187 Specifies the enabled ciphers so the SSL Ciphers can be hardened.
188 In other words, use this field to disable weak ciphers. The ciphers
189 are specified in the format understood by the OpenSSL library. For
190 example, ciphers can be set to
191 ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; — The
192 full list of allowed ciphers can be viewed using the openssl
193 ciphers command
194
195 protocols (string)
196 The TLS protocols that this sslProfile can use. You can specify a
197 list of one or more of TLSv1, TLSv1.1, or TLSv1.2. To specify
198 multiple protocols, separate the protocols with a space. For
199 example, to permit the sslProfile to use TLS v1.1 and TLS v1.2
200 only, you would set the value to TLSv1.1 TLSv1.2. If you do not
201 specify a value, the sslProfile uses the TLS protocol specified by
202 the system-wide configuration.
203
204 caCertFile (path)
205 The absolute path to the database that contains the public
206 certificates of trusted certificate authorities (CA).
207
208 certFile (path)
209 The absolute path to the file containing the PEM-formatted public
210 certificate to be used on the local end of any connections using
211 this profile.
212
213 privateKeyFile (path)
214 The absolute path to the file containing the PEM-formatted private
215 key for the above certificate.
216
217 passwordFile (path)
218 If the above private key is password protected, this is the
219 absolute path to a file containing the password that unlocks the
220 certificate key. This file should be permission protected to limit
221 access
222
223 password (string)
224 (DEPRECATED) An alternative to storing the password in a file
225 referenced by passwordFile is to supply the password right here in
226 the configuration file. This takes precedence over the passwordFile
227 if both are specified. This attribute has been deprecated because
228 it is unsafe to store plain text passwords in config files. Use the
229 passwordFile instead
230
231 uidFormat (string)
232 A list of x509 client certificate fields that will be used to build
233 a string that will uniquely identify the client certificate owner.
234 For e.g. a value of cou indicates that the uid will consist of c -
235 common name concatenated with o - organization-company name
236 concatenated with u - organization unit; or a value of o2 indicates
237 that the uid will consist of o (organization name) concatenated
238 with 2 (the sha256 fingerprint of the entire certificate) . Allowed
239 values can be any combination of c( ISO3166 two character country
240 code), s(state or province), l(Locality; generally - city),
241 o(Organization - Company Name), u(Organization Unit - typically
242 certificate type or brand), n(CommonName - typically a user name
243 for client certificates) and 1(sha1 certificate fingerprint, as
244 displayed in the fingerprints section when looking at a certificate
245 with say a web browser is the hash of the entire certificate) and 2
246 (sha256 certificate fingerprint) and 5 (sha512 certificate
247 fingerprint). The user identifier (uid) that is generated based on
248 the uidFormat is a string which has a semi-colon as a separator
249 between the components
250
251 uidNameMappingFile (string)
252 The absolute path to the file containing the unique id to display
253 name mapping
254
255 certDb (path)
256 (DEPRECATED) The absolute path to the database that contains the
257 public certificates of trusted certificate authorities (CA). This
258 attribute has been deprecated. Use caCertFile instead.
259
260 keyFile (path)
261 (DEPRECATED) The absolute path to the file containing the
262 PEM-formatted private key for the above certificate. This attribute
263 has been deprecated. Use privateKeyFile instead.
264
265 displayNameFile (string)
266 (DEPRECATED) The absolute path to the file containing the unique id
267 to display name mapping This attribute has been deprecated. Use
268 uidNameMappingFile instead.
269
270 authServicePlugin
271 EXPERIMENTAL. Attributes for setting SASL plugin.
272
273 authService (string)
274 (DEPRECATED) Address of a service to delegate authentication to.
275 This attribute has been deprecated. Use the host and port
276 attributes instead.
277
278 host (string)
279 A host name, IPV4 or IPV6 literal, of the service to delegate to.
280
281 port (string, default=amqp)
282 Port number of the service delegated host.
283
284 realm (string)
285 Value to set for hostname field on sasl-init
286
287 sslProfile (string)
288 Name of the sslProfile to use for the authentication service.
289
290 saslInitHostname (string)
291 (DEPRECATED) Value to set for hostname field on sasl-init This
292 attribute has been deprecated. Use realm instead.
293
294 authSslProfile (string)
295 (DEPRECATED) Name of the sslProfile to use for the authentication
296 service. This attribute has been deprecated. Use sslProfile
297 instead.
298
299 listener
300 Listens for incoming connections to the router.
301
302 host (string)
303 A host name, IPV4 or IPV6 literal, or the empty string. The empty
304 string listens on all local addresses. A host name listens on all
305 addresses associated with the name. An IPV6 literal address (or
306 wildcard [::]) listens only for IPV6. An IPV4 literal address (or
307 wildcard 0.0.0.0) listens only for IPV4.
308
309 port (string, default=amqp)
310 Port number or symbolic service name. If 0, the router shall assign
311 an ephemeral port to the listener and log the port number with a
312 log of the form SERVER (notice) Listening on <host>:<assigned-port>
313 (<listener-name>)
314
315 socketAddressFamily (One of [IPv4, IPv6])
316 [IPv4, IPv6] IPv4: Internet Protocol version 4; IPv6: Internet
317 Protocol version 6. If not specified, the protocol family will be
318 automatically determined from the address.
319
320 role (One of [normal, inter-router, route-container, edge],
321 default=normal)
322 The role of an established connection. In the normal role, the
323 connection is assumed to be used for AMQP clients that are doing
324 normal message delivery over the connection. In the inter-router
325 role, the connection is assumed to be to another router in the
326 network. Inter-router discovery and routing protocols can only be
327 used over inter-router connections. route-container role can be
328 used for router-container connections, for example, a router-broker
329 connection. In the edge role, the connection is assumed to be
330 between an edge router and an interior router.
331
332 cost (integer, default=1)
333 For the inter-router role only. This value assigns a cost metric to
334 the inter-router connection. The default (and minimum) value is
335 one. Higher values represent higher costs. The cost is used to
336 influence the routing algorithm as it attempts to use the path with
337 the lowest total cost from ingress to egress.
338
339 sslProfile (string)
340 Name of the sslProfile.
341
342 saslMechanisms (string)
343 Space separated list of accepted SASL authentication mechanisms.
344
345 authenticatePeer (boolean)
346 yes: Require the peer’s identity to be authenticated; no: Do not
347 require any authentication.
348
349 saslPlugin (string)
350 EXPERIMENTAL. Name of the a sasl plugin configuration section to
351 use for this listener (e.g. authServicePlugin).
352
353 requireEncryption (boolean)
354 yes: Require the connection to the peer to be encrypted; no: Permit
355 non-encrypted communication with the peer
356
357 requireSsl (boolean)
358 yes: Require the use of SSL or TLS on the connection; no: Allow
359 clients to connect without SSL or TLS.
360
361 trustedCertsFile (path)
362 This optional setting can be used to reduce the set of available
363 CAs for client authentication. If used, this setting must provide
364 the absolute path to a PEM file that contains the trusted
365 certificates.
366
367 maxFrameSize (integer, default=16384)
368 The maximum frame size in octets that will be used in the
369 connection-open negotiation with a connected peer. The frame size
370 is the largest contiguous set of uninterrupted data that can be
371 sent for a message delivery over the connection. Interleaving of
372 messages on different links is done at frame granularity. Policy
373 settings, if specified, will overwrite this value. Defaults to
374 16384.
375
376 maxSessions (integer, default=32768)
377 The maximum number of sessions that can be simultaneously active on
378 the connection. Setting this value to zero selects the default
379 number of sessions. Policy settings, if specified, will overwrite
380 this value. Defaults to 32768.
381
382 maxSessionFrames (integer)
383 Session incoming window measured in transfer frames for sessions
384 created on this connection. This is the number of transfer frames
385 that may simultaneously be in flight for all links in the session.
386 Setting this value to zero selects the default session window size.
387 Policy settings, if specified, will overwrite this value. The
388 numerical product of maxFrameSize and maxSessionFrames may not
389 exceed 231-1. If (maxFrameSize x maxSessionFrames) exceeds 231-1
390 then maxSessionFrames is reduced to (2^31-1 / maxFrameSize).
391 maxSessionFrames has a minimum value of 1. Defaults to 0 (unlimited
392 window).
393
394 idleTimeoutSeconds (integer, default=16)
395 The idle timeout, in seconds, for connections through this
396 listener. If no frames are received on the connection for this time
397 interval, the connection shall be closed.
398
399 initialHandshakeTimeoutSeconds (integer)
400 The timeout, in seconds, for the initial handshake for connections
401 coming in through listeners. If the time interval expires before
402 the peer sends the AMQP OPEN frame, the connection shall be closed.
403 A value of zero (the default) disables this timeout.
404
405 stripAnnotations (One of [in, out, both, no], default=both)
406 [in, out, both, no] in: Strip the dispatch router specific
407 annotations only on ingress; out: Strip the dispatch router
408 specific annotations only on egress; both: Strip the dispatch
409 router specific annotations on both ingress and egress; no - do not
410 strip dispatch router specific annotations
411
412 linkCapacity (integer)
413 The capacity of links within this connection, in terms of message
414 deliveries. The capacity is the number of messages that can be
415 in-flight concurrently for each link.
416
417 multiTenant (boolean)
418 If true, apply multi-tenancy to endpoints connected at this
419 listener. The address space is defined by the virtual host
420 (hostname field in the Open).
421
422 failoverUrls (string)
423 A comma-separated list of failover urls to be supplied to connected
424 clients. Form: [(amqp|amqps|ws|wss)://]host_or_ip[:port]
425
426 healthz (boolean, default=True)
427 Provide a simple HTTP based liveness test (using path /healthz).
428 Assumes listener is enabled for http.
429
430 metrics (boolean, default=True)
431 Export metrics in prometheus text format for the router (using path
432 /metrics). Assumes listener is enabled for http.
433
434 websockets (boolean, default=True)
435 For an http enabled listener, determines whether websockets access
436 is enabled (true by default).
437
438 http (boolean)
439 Accept HTTP connections that can upgrade to AMQP over WebSocket.
440 Plain AMQP connections are not accepted on this listener.
441
442 httpRootDir (path)
443 Absolute path to a directory from which to serve static HTML files.
444 For example, /usr/share/qpid-dispatch/console.
445
446 messageLoggingComponents (string, default=none)
447 A comma separated list that indicates which components of the
448 message should be logged. Defaults to none (log nothing). If you
449 want all properties and application properties of the message
450 logged use all. Specific components of the message can be logged by
451 indicating the components via a comma separated list. The
452 components are message-id, user-id, to, subject, reply-to,
453 correlation-id, content-type, content-encoding,
454 absolute-expiry-time, creation-time, group-id, group-sequence,
455 reply-to-group-id, app-properties. The application-data part of the
456 bare message will not be logged. No spaces are allowed
457
458 policyVhost (string)
459 A listener may optionally define a virtual host to index to a
460 specific policy to restrict the remote container to access only
461 specific resources. This attribute defines the name of the policy
462 vhost for this listener. If multi-tenancy is enabled for the
463 listener, this vhost will override the peer-supplied vhost for the
464 purposes of identifying the desired policy settings for the
465 connections.
466
467 protocolFamily (One of [IPv4, IPv6])
468 (DEPRECATED) [IPv4, IPv6] IPv4: Internet Protocol version 4; IPv6:
469 Internet Protocol version 6. If not specified, the protocol family
470 will be automatically determined from the address. This attribute
471 has been deprecated. Use socketAddressFamily instead.
472
473 trustedCerts (path)
474 (DEPRECATED) This optional setting can be used to reduce the set of
475 available CAs for client authentication. If used, this setting must
476 provide the absolute path to a PEM file that contains the trusted
477 certificates. This attribute has been deprecated. Use
478 trustedCertsFile instead.
479
480 failoverList (string)
481 (DEPRECATED) A comma-separated list of failover urls to be supplied
482 to connected clients. Form:
483 [(amqp|amqps|ws|wss)://]host_or_ip[:port] This attribute has been
484 deprecated. Use failoverUrls instead.
485
486 httpRoot (path)
487 (DEPRECATED) Absolute path to a directory from which to serve
488 static HTML files. For example, /usr/share/qpid-dispatch/console.
489 This attribute has been deprecated. Use httpRootDir instead.
490
491 logMessage (string, default=none)
492 (DEPRECATED) A comma separated list that indicates which components
493 of the message should be logged. Defaults to none (log nothing). If
494 you want all properties and application properties of the message
495 logged use all. Specific components of the message can be logged by
496 indicating the components via a comma separated list. The
497 components are message-id, user-id, to, subject, reply-to,
498 correlation-id, content-type, content-encoding,
499 absolute-expiry-time, creation-time, group-id, group-sequence,
500 reply-to-group-id, app-properties. The application-data part of the
501 bare message will not be logged. No spaces are allowed This
502 attribute has been deprecated. Use messageLoggingComponents
503 instead.
504
505 connector
506 Establishes an outgoing connection from the router.
507
508 host (string, default=127.0.0.1)
509 IP address: ipv4 or ipv6 literal or a host name
510
511 port (string, default=amqp)
512 Port number or symbolic service name.
513
514 protocolFamily (One of [IPv4, IPv6])
515 [IPv4, IPv6] IPv4: Internet Protocol version 4; IPv6: Internet
516 Protocol version 6. If not specified, the protocol family will be
517 automatically determined from the address.
518
519 role (One of [normal, inter-router, route-container, edge],
520 default=normal)
521 The role of an established connection. In the normal role, the
522 connection is assumed to be used for AMQP clients that are doing
523 normal message delivery over the connection. In the inter-router
524 role, the connection is assumed to be to another router in the
525 network. Inter-router discovery and routing protocols can only be
526 used over inter-router connections. route-container role can be
527 used for router-container connections, for example, a router-broker
528 connection. In the edge role, the connection is assumed to be
529 between and edge router and an interior router.
530
531 cost (integer, default=1)
532 For the inter-router role only. This value assigns a cost metric to
533 the inter-router connection. The default (and minimum) value is
534 one. Higher values represent higher costs. The cost is used to
535 influence the routing algorithm as it attempts to use the path with
536 the lowest total cost from ingress to egress.
537
538 sslProfile (string)
539 Name of the sslProfile.
540
541 saslMechanisms (string)
542 Space separated list of accepted SASL authentication mechanisms.
543
544 allowRedirect (boolean, default=True)
545 Allow the peer to redirect this connection to another address.
546
547 maxFrameSize (integer, default=16384)
548 The maximum frame size in octets that will be used in the
549 connection-open negotiation with a connected peer. The frame size
550 is the largest contiguous set of uninterrupted data that can be
551 sent for a message delivery over the connection. Interleaving of
552 messages on different links is done at frame granularity. Policy
553 settings will not overwrite this value. Defaults to 16384.
554
555 maxSessions (integer, default=32768)
556 The maximum number of sessions that can be simultaneously active on
557 the connection. Setting this value to zero selects the default
558 number of sessions. Policy settings will not overwrite this value.
559 Defaults to 32768.
560
561 maxSessionFrames (integer)
562 Session incoming window measured in transfer frames for sessions
563 created on this connection. This is the number of transfer frames
564 that may simultaneously be in flight for all links in the session.
565 Setting this value to zero selects the default session window size.
566 Policy settings will not overwrite this value. The numerical
567 product of maxFrameSize and maxSessionFrames may not exceed 231-1.
568 If (maxFrameSize x maxSessionFrames) exceeds 231-1 then
569 maxSessionFrames is reduced to (2^31-1 / maxFrameSize).
570 maxSessionFrames has a minimum value of 1. Defaults to 0 (unlimited
571 window).
572
573 idleTimeoutSeconds (integer, default=16)
574 The idle timeout, in seconds, for connections through this
575 connector. If no frames are received on the connection for this
576 time interval, the connection shall be closed.
577
578 stripAnnotations (One of [in, out, both, no], default=both)
579 [in, out, both, no] in: Strip the dispatch router specific
580 annotations only on ingress; out: Strip the dispatch router
581 specific annotations only on egress; both: Strip the dispatch
582 router specific annotations on both ingress and egress; no - do not
583 strip dispatch router specific annotations
584
585 linkCapacity (integer)
586 The capacity of links within this connection, in terms of message
587 deliveries. The capacity is the number of messages that can be
588 in-flight concurrently for each link.
589
590 verifyHostname (boolean, default=True)
591 yes: Ensures that when initiating a connection (as a client) the
592 host name in the URL to which this connector connects to matches
593 the host name in the digital certificate that the peer sends back
594 as part of the SSL connection; no: Does not perform host name
595 verification
596
597 saslUsername (string)
598 The user name that the connector is using to connect to a peer.
599
600 saslPassword (string)
601 The password that the connector is using to connect to a peer.
602
603 messageLoggingComponents (string, default=none)
604 A comma separated list that indicates which components of the
605 message should be logged (no spaces allowed between list
606 components). Defaults to none (log nothing). If you want all
607 properties and application properties of the message logged use
608 all. Specific components of the message can be logged by indicating
609 the components via a comma separated list. The components are
610 message-id, user-id, to, subject, reply-to, correlation-id,
611 content-type, content-encoding, absolute-expiry-time,
612 creation-time, group-id, group-sequence, reply-to-group-id,
613 app-properties. The application-data part of the bare message will
614 not be logged. This log message is written to the MESSAGE logging
615 module. In the log entity, set module property to MESSAGE or
616 DEFAULT and enable to trace+ to see this log message
617
618 policyVhost (string)
619 A connector may optionally define a policy to restrict the remote
620 container to access only specific resources. This attribute defines
621 the name of the policy vhost for this connector. Within the vhost
622 the connector will use the vhost policy settings from user group
623 $connector. If the vhost policy is absent or if the user group
624 $connector within that policy is absent then the connector will
625 fail to start. In policy specified via connector attribute
626 policyVhost the following vhostUserGroupSettings attributes are
627 unused: users, remoteHosts, maxFrameSize, maxSessionWindow,
628 maxSessions.
629
630 verifyHostName (boolean, default=True)
631 (DEPRECATED) yes: Ensures that when initiating a connection (as a
632 client) the host name in the URL to which this connector connects
633 to matches the host name in the digital certificate that the peer
634 sends back as part of the SSL connection; no: Does not perform host
635 name verification This attribute has been deprecated. Use
636 verifyHostname instead.
637
638 logMessage (string, default=none)
639 (DEPRECATED) A comma separated list that indicates which components
640 of the message should be logged (no spaces allowed between list
641 components). Defaults to none (log nothing). If you want all
642 properties and application properties of the message logged use
643 all. Specific components of the message can be logged by indicating
644 the components via a comma separated list. The components are
645 message-id, user-id, to, subject, reply-to, correlation-id,
646 content-type, content-encoding, absolute-expiry-time,
647 creation-time, group-id, group-sequence, reply-to-group-id,
648 app-properties. The application-data part of the bare message will
649 not be logged. This log message is written to the MESSAGE logging
650 module. In the log entity, set module property to MESSAGE or
651 DEFAULT and enable to trace+ to see this log message This attribute
652 has been deprecated. Use messageLoggingComponents instead.
653
654 log
655 Configure logging for a particular module. You can use the UPDATE
656 operation to change log settings while the router is running.
657
658 module (One of [ROUTER, ROUTER_CORE, ROUTER_HELLO, ROUTER_LS,
659 ROUTER_MA, MESSAGE, SERVER, AGENT, AUTHSERVICE, CONTAINER, ERROR,
660 POLICY, HTTP, CONN_MGR, PYTHON, DEFAULT], required)
661 Module to configure. The special module DEFAULT specifies defaults
662 for all modules.
663
664 enable (string)
665 Levels are: trace, debug, info, notice, warning, error, critical.
666 The enable string is a comma-separated list of levels. A level may
667 have a trailing + to enable that level and above. For example
668 trace,debug,warning+ means enable trace, debug, warning, error and
669 critical. The value none means disable logging for the module.
670
671 includeTimestamp (boolean)
672 Include timestamp in log messages.
673
674 includeSource (boolean)
675 Include source file and line number in log messages.
676
677 outputFile (string)
678 Where to send log messages. Can be stderr, stdout, syslog or a file
679 name.
680
681 timestamp (boolean)
682 (DEPRECATED) Include timestamp in log messages. This attribute has
683 been deprecated. Use includeTimestamp instead.
684
685 source (boolean)
686 (DEPRECATED) Include source file and line number in log messages.
687 This attribute has been deprecated. Use includeSource instead.
688
689 output (string)
690 (DEPRECATED) Where to send log messages. Can be stderr, stdout,
691 syslog or a file name. This attribute has been deprecated. Use
692 outputFile instead.
693
694 address
695 Entity type for address configuration. This is used to configure the
696 treatment of message-routed deliveries within a particular
697 address-space. The configuration controls distribution and address
698 phasing.
699
700 prefix (string)
701 The address prefix for the configured settings. Cannot be used with
702 a pattern attribute.
703
704 pattern (string)
705 A wildcarded pattern for address matching. Incoming addresses are
706 matched against this pattern. Matching addresses use the configured
707 settings. The pattern consists of one or more tokens separated by a
708 forward slash /. A token can be one of the following: a *
709 character, a # character, or a sequence of characters that do not
710 include /, *, or #. The * token matches any single token. The #
711 token matches zero or more tokens. * has higher precedence than #,
712 and exact match has the highest precedence. Cannot be used with a
713 prefix attribute.
714
715 distribution (One of [multicast, closest, balanced, unavailable],
716 default=balanced)
717 Treatment of traffic associated with the address
718
719 waypoint (boolean)
720 Designates this address space as being used for waypoints. This
721 will cause the proper address-phasing to be used.
722
723 ingressPhase (integer)
724 Advanced - Override the ingress phase for this address
725
726 egressPhase (integer)
727 Advanced - Override the egress phase for this address
728
729 priority (integer)
730 All messages sent to this address which lack an intrinsic priority
731 will be assigned this priority.
732
733 linkRoute
734 Entity type for link-route configuration. This is used to identify
735 remote containers that shall be destinations for routed link-attaches.
736 The link-routing configuration applies to an addressing space defined
737 by a prefix or a pattern.
738
739 prefix (string)
740 The address prefix for the configured settings. Cannot be used with
741 the pattern attribute.
742
743 pattern (string)
744 A wildcarded pattern for address matching. Link addresses are
745 matched against this pattern. Matching addresses use the configured
746 settings. The pattern consists of one or more tokens separated by a
747 forward slash /. A token can be one of the following: a *
748 character, a # character, or a sequence of characters that do not
749 include /, *, or #. The * token matches any single token. The #
750 token matches zero or more tokens. * has higher precedence than #,
751 and exact match has the highest precedence. Cannot be used with the
752 prefix attribute.
753
754 addExternalPrefix (string)
755 add the specified prefix to the address of the remote terminus on
756 the route container link
757
758 delExternalPrefix (string)
759 remove the specified prefix to the address of the remote terminus
760 on the route container link
761
762 containerId (string)
763 ContainerID for the target container. Only one of containerId or
764 connection should be specified for a linkRoute. Specifying both
765 will result in the linkRoute not being created.
766
767 connection (string)
768 The name from a connector or listener. Only one of containerId or
769 connection should be specified for a linkRoute. Specifying both
770 will result in the linkRoute not being created.
771
772 distribution (One of [linkBalanced], default=linkBalanced)
773 Treatment of traffic associated with the address
774
775 direction (One of [in, out], required)
776 The permitted direction of links: in means client senders; out
777 means client receivers
778
779 dir (One of [in, out], required)
780 (DEPRECATED) The permitted direction of links: in means client
781 senders; out means client receivers This attribute has been
782 deprecated. Use direction instead.
783
784 autoLink
785 Entity type for configuring auto-links. Auto-links are links whose
786 lifecycle is managed by the router. These are typically used to attach
787 to waypoints on remote containers (brokers, etc.).
788
789 addr (string, required)
790 The address of the provisioned object
791
792 direction (One of [in, out], required)
793 The direction of the link to be created. In means into the router,
794 out means out of the router.
795
796 phase (integer)
797 The address phase for this link. Defaults to 0 for out links and 1
798 for in links.
799
800 containerId (string)
801 ContainerID for the target container. Only one of containerId or
802 connection should be specified for an autoLink. Specifying both
803 will result in the autoLink not being created
804
805 connection (string)
806 The name from a connector or listener. Only one of containerId or
807 connection should be specified for an autoLink. Specifying both
808 will result in the autoLink not being created
809
810 externalAddr (string)
811 If present, an alternate address of the node on the remote
812 container. This is used if the node has a different address than
813 the address used internally by the router to route deliveries.
814
815 dir (One of [in, out], required)
816 (DEPRECATED) The direction of the link to be created. In means into
817 the router, out means out of the router. This attribute has been
818 deprecated. Use direction instead.
819
820 exchange
821 [EXPERIMENTAL] Defines a topic exchange.
822
823 address (string, required)
824 The address of the exchange. Used by the message publisher as the
825 target for sending messages.
826
827 phase (integer)
828 The address phase for the exchange. Defaults to 0.
829
830 alternateAddress (string)
831 The address to forward the message to if no bindings are matched.
832
833 alternatePhase (integer)
834 The address phase for the alternateAddress. Defaults to 0.
835
836 matchMethod (One of [amqp, mqtt], default=amqp)
837 Key matching algorithm used. amqp uses the legacy AMQP topic
838 exchange wildcard match method as described in the pre-1.0 drafts.
839 mqtt uses the MQTT topic filter wildcard match method.
840
841 binding
842 [EXPERIMENTAL] Defines a keyed next hop binding for a topic exchange.
843 The subject field of the messages arriving at the exchange is compared
844 against the binding’s key value using the exchange’s matchMethod. If
845 the subject matches the key the message is forwarded to the
846 nextHopAddress. The nextHopAddress overrides the message’s original
847 destination.
848
849 exchangeName (string, required)
850 The name of the exchange to bind.
851
852 bindingKey (string)
853 Pattern to compare against incoming message’s subject. The key is a
854 string of zero or more tokens and wildcards. The format depends on
855 the matchMethod configured for the exchange. For AMQP each token is
856 delimited by the . character and wild-card tokens * matches a
857 single token and
858
859 matches zero or more tokens. For MQTT each token is delimited by
860 the / character and wildcard tokens + matches a single token and
861
862 matches zero or more tokens at the end of the topic. If a key is
863 not provided the binding will match all messages arriving at the
864 exchange (fanout behavior).
865
866 nextHopAddress (string, required)
867 The address to forward the message to when the message’s topic
868 string matches the binding key pattern. This address is used by
869 message consumers as the source of incoming messages.
870
871 nextHopPhase (integer)
872 The address phase used when forwarding messages that match this
873 binding.
874
875 console
876 (DEPRECATED) Start a websocket/tcp proxy and http file server to serve
877 the web console
878
879 listener (string)
880 The name of the listener to send the proxied tcp traffic to.
881
882 wsport (integer, default=5673)
883 port on which to listen for websocket traffic
884
885 proxy (string, required)
886 The full path to the proxy program to run.
887
888 home (string, required)
889 The full path to the html/css/js files for the console.
890
891 args (string)
892 Optional args to pass the proxy program for logging,
893 authentication, etc.
894
895 policy
896 Defines global connection limit
897
898 maxConnections (integer, default=65535)
899 The maximum number of concurrent client connections allowed for
900 this router. This limit is always enforced, even if no other policy
901 settings have been defined. The limit is applied to all incoming
902 connections regardless of remote host, authenticated user, or
903 targeted vhost.
904
905 enableVhostPolicy (boolean)
906 Enables the router to enforce the connection denials and resource
907 limits defined in the configured vhost policies.
908
909 enableVhostNamePatterns (boolean)
910 Enable vhost name patterns. When false vhost hostnames are treated
911 as literal strings. When true vhost hostnames are treated as match
912 patterns.
913
914 policyDir (path)
915 The absolute path to a directory that holds vhost policy definition
916 files in JSON format (*.json). The router processes all of the
917 vhost policies in each JSON file that is in this directory.
918
919 defaultVhost (string)
920 The name of the default vhost policy. This policy rule set is
921 applied to a connection for which a vhost policy has not otherwise
922 been configured. Processing for the default vhost is enabled by
923 default and set to select vhost $default. To disable default vhost
924 processing set defaultVhost to blank or do not define a vhost named
925 $default.
926
927 vhost
928 AMQP virtual host policy definition of users, user groups, allowed
929 remote hosts, and AMQP restrictions.
930
931 hostname (string, required)
932 The hostname of the vhost. This vhost policy will be applied to any
933 client connection that is directed to this hostname.
934
935 maxConnections (integer, default=65535)
936 The global maximum number of concurrent client connections allowed
937 for this vhost.
938
939 maxConnectionsPerUser (integer, default=65535)
940 The maximum number of concurrent client connections allowed for any
941 user.
942
943 maxConnectionsPerHost (integer, default=65535)
944 The maximum number of concurrent client connections allowed for any
945 remote host (the host from which the client is connecting).
946
947 allowUnknownUser (boolean)
948 Whether unknown users (users who are not members of a defined user
949 group) are allowed to connect to the vhost. Unknown users are
950 assigned to the $default user group and receive $default settings.
951
952 groups (map)
953 A map where each key is a vhost name and each value is a map of the
954 settings for users of that vhost.
955
956 id (string, required)
957 (DEPRECATED) The hostname of the vhost. This vhost policy will be
958 applied to any client connection that is directed to this hostname.
959 This attribute has been deprecated. Use hostname instead.
960
961 vhostUserGroupSettings
962 Policy settings for users connecting to a vhost. Configuration files
963 including this section must use .json format.
964
965 maxFrameSize (integer, default=16384)
966 The largest frame, in bytes, that may be sent on this connection.
967 Non-zero policy values overwrite values specified for a listener
968 object (AMQP Open, max-frame-size).
969
970 maxSessionWindow (integer, default=1638400)
971 The incoming capacity for new AMQP sessions, measured in octets.
972 Non-zero policy values overwrite values specified for a listener
973 object (AMQP Begin, incoming-window).
974
975 maxSessions (integer, default=32768)
976 The maximum number of sessions that may be created on this
977 connection. Non-zero policy values overwrite values specified for a
978 listener object (AMQP Open, channel-max).
979
980 maxSenders (integer, default=2147483647)
981 The maximum number of sending links that may be created on this
982 connection. A value of 0 disables all sender links.
983
984 maxReceivers (integer, default=2147483647)
985 The maximum number of receiving links that may be created on this
986 connection. A value of 0 disables all receiver links.
987
988 allowDynamicSource (boolean)
989 Whether this connection is allowed to create dynamic receiving
990 links (links to resources that do not exist on the peer). A value
991 of true means that users are able to automatically create resources
992 on the peer system.
993
994 allowAnonymousSender (boolean)
995 Whether this connection is allowed to create sending links if the
996 sender does not provide a target address. By prohibiting anonymous
997 senders, the router only needs to verify once, when the link is
998 created, that the sender is permitted to send messages to the
999 target address. The router does not need to verify each message
1000 that is sent on the link. A value of true means that users may send
1001 messages to any address. Allowing anonymous senders can also
1002 decrease performance: if the sender does not specify a target
1003 address, then the router must parse each message to determine how
1004 to route it.
1005
1006 allowUserIdProxy (boolean)
1007 Whether this connection is allowed to send messages with a user ID
1008 that is different than the connection’s authenticated user name.
1009
1010 allowWaypointLinks (boolean, default=True)
1011 Whether this connection is allowed to claim waypoint.N capability
1012 for attached links. This allows endpoints to act as waypoints
1013 without needing auto-links.
1014
1015 allowDynamicLinkRoutes (boolean, default=True)
1016 Whether this connection is allowed to dynamically create
1017 connection-scoped link route destinations.
1018
1019 allowAdminStatusUpdate (boolean, default=True)
1020 Whether this connection is allowed to update the admin status of
1021 other connections. Note: Inter-router connections cannot be deleted
1022 at any time.
1023
1024 sources (string)
1025
1026 targets (string)
1027
1028 sourcePattern (string)
1029
1030 targetPattern (string)
1031
1033 qdrouterd(8), qdmanage(8)
1034
1035 http://qpid.apache.org/components/dispatch-router
1036
1037
1038
1039 05/14/2019 QDROUTERD.CONF(5)