1QDROUTERD.CONF(5) QDROUTERD.CONF(5)
2
3
4
6 qdrouterd.conf - configuration file for the dispatch router.
7
9 Provides the initial configuration when qdrouterd(8) starts. The
10 configuration of a running router can be modified using qdmanage(8).
11
13 The configuration file is made up of sections with this syntax:
14
15 sectionName {
16 attributeName: attributeValue
17 attributeName: attributeValue
18 ...
19 }
20
21 For example you can define a router using the router section
22
23 router {
24 mode: standalone
25 id: Router.A
26 ...
27 }
28
29 or define a listener using the listener section
30
31 listener {
32 host: 0.0.0.0
33 port: 20102
34 saslMechanisms: ANONYMOUS
35 ...
36 }
37
38 or define a connector using the connector section
39
40 connector {
41 role: inter-router
42 host: 0.0.0.0
43 port: 20003
44 saslMechanisms: ANONYMOUS
45 ...
46 }
47
48 An sslProfile section with SSL credentials can be included in multiple
49 listener or connector entities. Here’s an example, note how the
50 sslProfile attribute of listener sections references the name attribute
51 of sslProfile sections.
52
53 sslProfile {
54 name: my-ssl
55 caCertFile: ca-certificate-1.pem
56 certFile: server-certificate-1.pem
57 privateKeyFile: server-private-key.pem
58 }
59
60 listener {
61 sslProfile: my-ssl
62 host: 0.0.0.0
63 port: 20102
64 saslMechanisms: ANONYMOUS
65 }
66
68 router
69 Tracks peer routers and computes routes to destinations. This entity is
70 mandatory. The router will not start without this entity.
71
72 id (string)
73 Router’s unique identity. If not specified, a random identity will
74 be assigned at startup.
75
76 mode (One of [standalone, interior, edge], default=standalone)
77 In standalone mode, the router operates as a single component. It
78 does not participate in the routing protocol and therefore will not
79 cooperate with other routers. In interior mode, the router operates
80 in cooperation with other interior routers in an interconnected
81 network. In edge mode, the router can make a connection to an
82 interior router and join a network without causing that network to
83 recompute paths.
84
85 helloIntervalSeconds (integer, default=1)
86 Interval in seconds between HELLO messages sent to neighbor
87 routers.
88
89 helloMaxAgeSeconds (integer, default=3)
90 Time in seconds after which a neighbor is declared lost if no HELLO
91 is received.
92
93 raIntervalSeconds (integer, default=30)
94 Interval in seconds between Router-Advertisements sent to all
95 routers in a stable network.
96
97 raIntervalFluxSeconds (integer, default=4)
98 Interval in seconds between Router-Advertisements sent to all
99 routers during topology fluctuations.
100
101 remoteLsMaxAgeSeconds (integer, default=60)
102 Time in seconds after which link state is declared stale if no RA
103 is received.
104
105 workerThreads (integer, default=4)
106 The number of threads that will be created to process message
107 traffic and other application work (timers, non-amqp file
108 descriptors, etc.) .
109
110 debugDumpFile (path)
111 The absolute path to the location for the debug dump file. The
112 router writes debug-level information to this file if the logger is
113 not available.
114
115 saslConfigDir (path)
116 Absolute path to the SASL configuration file.
117
118 saslConfigName (string, default=qdrouterd)
119 Name of the SASL configuration. This string + .conf is the name of
120 the configuration file.
121
122 allowResumableLinkRoute (boolean, default=True)
123 Whether links can be routed where timeout is non-zero or
124 expiry-policy is not link-detach
125
126 timestampsInUTC (boolean)
127 Use UTC time rather than localtime in logs.
128
129 timestampFormat (string)
130 Format string to use for timestamps in logs.
131
132 allowUnsettledMulticast (boolean)
133 (DEPRECATED) If true, allow senders to send unsettled deliveries to
134 multicast addresses. These deliveries shall be settled by the
135 ingress router. If false, unsettled deliveries to multicast
136 addresses shall be rejected.
137
138 defaultDistribution (One of [multicast, closest, balanced,
139 unavailable], default=balanced)
140 Default forwarding treatment for any address without a specified
141 treatment. multicast - one copy of each message delivered to all
142 subscribers; closest - messages delivered to only the closest
143 subscriber; balanced - messages delivered to one subscriber with
144 load balanced across subscribers; unavailable - this address is
145 unavailable, messages sent and link attaches to the address will be
146 rejected.
147
148 helloInterval (integer, default=1)
149 (DEPRECATED) Interval in seconds between HELLO messages sent to
150 neighbor routers. This attribute has been deprecated. Use
151 helloIntervalSeconds instead.
152
153 helloMaxAge (integer, default=3)
154 (DEPRECATED) Time in seconds after which a neighbor is declared
155 lost if no HELLO is received. This attribute has been deprecated.
156 Use helloMaxAgeSeconds instead.
157
158 raInterval (integer, default=30)
159 (DEPRECATED) Interval in seconds between Router-Advertisements sent
160 to all routers in a stable network. This attribute has been
161 deprecated. Use raIntervalSeconds instead.
162
163 raIntervalFlux (integer, default=4)
164 (DEPRECATED) Interval in seconds between Router-Advertisements sent
165 to all routers during topology fluctuations. This attribute has
166 been deprecated. Use raIntervalFluxSeconds instead.
167
168 remoteLsMaxAge (integer, default=60)
169 (DEPRECATED) Time in seconds after which link state is declared
170 stale if no RA is received. This attribute has been deprecated. Use
171 remoteLsMaxAgeSeconds instead.
172
173 debugDump (path)
174 (DEPRECATED) The absolute path to the location for the debug dump
175 file. The router writes debug-level information to this file if the
176 logger is not available. This attribute has been deprecated. Use
177 debugDumpFile instead.
178
179 saslConfigPath (path)
180 (DEPRECATED) Absolute path to the SASL configuration file. This
181 attribute has been deprecated. Use saslConfigDir instead.
182
183 sslProfile
184 Attributes for setting TLS/SSL configuration for connections.
185
186 ciphers (string)
187 Specifies the enabled ciphers so the SSL Ciphers can be hardened.
188 In other words, use this field to disable weak ciphers. The ciphers
189 are specified in the format understood by the OpenSSL library. For
190 example, ciphers can be set to
191 ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; — The
192 full list of allowed ciphers can be viewed using the openssl
193 ciphers command
194
195 protocols (string)
196 The TLS protocols that this sslProfile can use. You can specify a
197 list of one or more of TLSv1, TLSv1.1, or TLSv1.2. To specify
198 multiple protocols, separate the protocols with a space. For
199 example, to permit the sslProfile to use TLS v1.1 and TLS v1.2
200 only, you would set the value to TLSv1.1 TLSv1.2. If you do not
201 specify a value, the sslProfile uses the TLS protocol specified by
202 the system-wide configuration.
203
204 caCertFile (path)
205 The absolute path to the database that contains the public
206 certificates of trusted certificate authorities (CA).
207
208 certFile (path)
209 The absolute path to the file containing the PEM-formatted public
210 certificate to be used on the local end of any connections using
211 this profile.
212
213 privateKeyFile (path)
214 The absolute path to the file containing the PEM-formatted private
215 key for the above certificate.
216
217 passwordFile (path)
218 If the above private key is password protected, this is the
219 absolute path to a file containing the password that unlocks the
220 certificate key. This file should be permission protected to limit
221 access
222
223 password (string)
224 (DEPRECATED) An alternative to storing the password in a file
225 referenced by passwordFile is to supply the password right here in
226 the configuration file. This takes precedence over the passwordFile
227 if both are specified. This attribute has been deprecated because
228 it is unsafe to store plain text passwords in config files. Use the
229 passwordFile instead
230
231 uidFormat (string)
232 A list of x509 client certificate fields that will be used to build
233 a string that will uniquely identify the client certificate owner.
234 For e.g. a value of cou indicates that the uid will consist of c -
235 common name concatenated with o - organization-company name
236 concatenated with u - organization unit; or a value of o2 indicates
237 that the uid will consist of o (organization name) concatenated
238 with 2 (the sha256 fingerprint of the entire certificate) . Allowed
239 values can be any combination of c( ISO3166 two character country
240 code), s(state or province), l(Locality; generally - city),
241 o(Organization - Company Name), u(Organization Unit - typically
242 certificate type or brand), n(CommonName - typically a user name
243 for client certificates) and 1(sha1 certificate fingerprint, as
244 displayed in the fingerprints section when looking at a certificate
245 with say a web browser is the hash of the entire certificate) and 2
246 (sha256 certificate fingerprint) and 5 (sha512 certificate
247 fingerprint). The user identifier (uid) that is generated based on
248 the uidFormat is a string which has a semi-colon as a separator
249 between the components
250
251 uidNameMappingFile (string)
252 The absolute path to the file containing the unique id to display
253 name mapping
254
255 certDb (path)
256 (DEPRECATED) The absolute path to the database that contains the
257 public certificates of trusted certificate authorities (CA). This
258 attribute has been deprecated. Use caCertFile instead.
259
260 keyFile (path)
261 (DEPRECATED) The absolute path to the file containing the
262 PEM-formatted private key for the above certificate. This attribute
263 has been deprecated. Use privateKeyFile instead.
264
265 displayNameFile (string)
266 (DEPRECATED) The absolute path to the file containing the unique id
267 to display name mapping This attribute has been deprecated. Use
268 uidNameMappingFile instead.
269
270 authServicePlugin
271 EXPERIMENTAL. Attributes for setting SASL plugin.
272
273 authService (string)
274 (DEPRECATED) Address of a service to delegate authentication to.
275 This attribute has been deprecated. Use the host and port
276 attributes instead.
277
278 host (string)
279 A host name, IPV4 or IPV6 literal, of the service to delegate to.
280
281 port (string, default=amqp)
282 Port number of the service delegated host.
283
284 realm (string)
285 Value to set for hostname field on sasl-init
286
287 sslProfile (string)
288 Name of the sslProfile to use for the authentication service.
289
290 saslInitHostname (string)
291 (DEPRECATED) Value to set for hostname field on sasl-init This
292 attribute has been deprecated. Use realm instead.
293
294 authSslProfile (string)
295 (DEPRECATED) Name of the sslProfile to use for the authentication
296 service. This attribute has been deprecated. Use sslProfile
297 instead.
298
299 listener
300 Listens for incoming connections to the router.
301
302 host (string)
303 A host name, IPV4 or IPV6 literal, or the empty string. The empty
304 string listens on all local addresses. A host name listens on all
305 addresses associated with the name. An IPV6 literal address (or
306 wildcard [::]) listens only for IPV6. An IPV4 literal address (or
307 wildcard 0.0.0.0) listens only for IPV4.
308
309 port (string, default=amqp)
310 Port number or symbolic service name. If 0, the router shall assign
311 an ephemeral port to the listener and log the port number with a
312 log of the form SERVER (notice) Listening on <host>:<assigned-port>
313 (<listener-name>)
314
315 socketAddressFamily (One of [IPv4, IPv6])
316 [IPv4, IPv6] IPv4: Internet Protocol version 4; IPv6: Internet
317 Protocol version 6. If not specified, the protocol family will be
318 automatically determined from the address.
319
320 role (One of [normal, inter-router, route-container, edge],
321 default=normal)
322 The role of an established connection. In the normal role, the
323 connection is assumed to be used for AMQP clients that are doing
324 normal message delivery over the connection. In the inter-router
325 role, the connection is assumed to be to another router in the
326 network. Inter-router discovery and routing protocols can only be
327 used over inter-router connections. route-container role can be
328 used for router-container connections, for example, a router-broker
329 connection. In the edge role, the connection is assumed to be
330 between an edge router and an interior router.
331
332 cost (integer, default=1)
333 For the inter-router role only. This value assigns a cost metric to
334 the inter-router connection. The default (and minimum) value is
335 one. Higher values represent higher costs. The cost is used to
336 influence the routing algorithm as it attempts to use the path with
337 the lowest total cost from ingress to egress.
338
339 sslProfile (string)
340 Name of the sslProfile.
341
342 saslMechanisms (string)
343 Space separated list of accepted SASL authentication mechanisms.
344
345 authenticatePeer (boolean)
346 yes: Require the peer’s identity to be authenticated; no: Do not
347 require any authentication.
348
349 saslPlugin (string)
350 EXPERIMENTAL. Name of the a sasl plugin configuration section to
351 use for this listener (e.g. authServicePlugin).
352
353 requireEncryption (boolean)
354 yes: Require the connection to the peer to be encrypted; no: Permit
355 non-encrypted communication with the peer
356
357 requireSsl (boolean)
358 yes: Require the use of SSL or TLS on the connection; no: Allow
359 clients to connect without SSL or TLS.
360
361 trustedCertsFile (path)
362 This optional setting can be used to reduce the set of available
363 CAs for client authentication. If used, this setting must provide
364 the absolute path to a PEM file that contains the trusted
365 certificates.
366
367 maxFrameSize (integer, default=16384)
368 The maximum frame size in octets that will be used in the
369 connection-open negotiation with a connected peer. The frame size
370 is the largest contiguous set of uninterrupted data that can be
371 sent for a message delivery over the connection. Interleaving of
372 messages on different links is done at frame granularity. Policy
373 settings, if specified, will overwrite this value. Defaults to
374 16384.
375
376 maxSessions (integer, default=32768)
377 The maximum number of sessions that can be simultaneously active on
378 the connection. Setting this value to zero selects the default
379 number of sessions. Policy settings, if specified, will overwrite
380 this value. Defaults to 32768.
381
382 maxSessionFrames (integer)
383 Session incoming window measured in transfer frames for sessions
384 created on this connection. This is the number of transfer frames
385 that may simultaneously be in flight for all links in the session.
386 Setting this value to zero selects the default session window size.
387 Policy settings, if specified, will overwrite this value. The
388 numerical product of maxFrameSize and maxSessionFrames may not
389 exceed 231-1. If (maxFrameSize x maxSessionFrames) exceeds 231-1
390 then maxSessionFrames is reduced to (2^31-1 / maxFrameSize).
391 maxSessionFrames has a minimum value of 1. Defaults to 0 (unlimited
392 window).
393
394 idleTimeoutSeconds (integer, default=16)
395 The idle timeout, in seconds, for connections through this
396 listener. If no frames are received on the connection for this time
397 interval, the connection shall be closed.
398
399 initialHandshakeTimeoutSeconds (integer)
400 The timeout, in seconds, for the initial handshake for connections
401 coming in through listeners. If the time interval expires before
402 the peer sends the AMQP OPEN frame, the connection shall be closed.
403 A value of zero (the default) disables this timeout.
404
405 stripAnnotations (One of [in, out, both, no], default=both)
406 [in, out, both, no] in: Strip the dispatch router specific
407 annotations only on ingress; out: Strip the dispatch router
408 specific annotations only on egress; both: Strip the dispatch
409 router specific annotations on both ingress and egress; no - do not
410 strip dispatch router specific annotations
411
412 linkCapacity (integer)
413 The capacity of links within this connection, in terms of message
414 deliveries. The capacity is the number of messages that can be
415 in-flight concurrently for each link.
416
417 multiTenant (boolean)
418 If true, apply multi-tenancy to endpoints connected at this
419 listener. The address space is defined by the virtual host
420 (hostname field in the Open).
421
422 failoverUrls (string)
423 A comma-separated list of failover urls to be supplied to connected
424 clients. Form: [(amqp|amqps|ws|wss)://]host_or_ip[:port]
425
426 healthz (boolean, default=True)
427 Provide a simple HTTP based liveness test (using path /healthz).
428 Assumes listener is enabled for http.
429
430 metrics (boolean, default=True)
431 Export metrics in prometheus text format for the router (using path
432 /metrics). Assumes listener is enabled for http.
433
434 websockets (boolean, default=True)
435 For an http enabled listener, determines whether websockets access
436 is enabled (true by default).
437
438 http (boolean)
439 Accept HTTP connections that can upgrade to AMQP over WebSocket.
440 Plain AMQP connections are not accepted on this listener.
441
442 httpRootDir (path)
443 Absolute path to a directory from which to serve static HTML files.
444 For example, /usr/share/qpid-dispatch/console.
445
446 messageLoggingComponents (string, default=none)
447 A comma separated list that indicates which components of the
448 message should be logged. Defaults to none (log nothing). If you
449 want all properties and application properties of the message
450 logged use all. Specific components of the message can be logged by
451 indicating the components via a comma separated list. The
452 components are message-id, user-id, to, subject, reply-to,
453 correlation-id, content-type, content-encoding,
454 absolute-expiry-time, creation-time, group-id, group-sequence,
455 reply-to-group-id, app-properties. The application-data part of the
456 bare message will not be logged. No spaces are allowed
457
458 policyVhost (string)
459 A listener may optionally define a virtual host to index to a
460 specific policy to restrict the remote container to access only
461 specific resources. This attribute defines the name of the policy
462 vhost for this listener. If multi-tenancy is enabled for the
463 listener, this vhost will override the peer-supplied vhost for the
464 purposes of identifying the desired policy settings for the
465 connections.
466
467 protocolFamily (One of [IPv4, IPv6])
468 (DEPRECATED) [IPv4, IPv6] IPv4: Internet Protocol version 4; IPv6:
469 Internet Protocol version 6. If not specified, the protocol family
470 will be automatically determined from the address. This attribute
471 has been deprecated. Use socketAddressFamily instead.
472
473 trustedCerts (path)
474 (DEPRECATED) This optional setting can be used to reduce the set of
475 available CAs for client authentication. If used, this setting must
476 provide the absolute path to a PEM file that contains the trusted
477 certificates. This attribute has been deprecated. Use
478 trustedCertsFile instead.
479
480 failoverList (string)
481 (DEPRECATED) A comma-separated list of failover urls to be supplied
482 to connected clients. Form:
483 [(amqp|amqps|ws|wss)://]host_or_ip[:port] This attribute has been
484 deprecated. Use failoverUrls instead.
485
486 httpRoot (path)
487 (DEPRECATED) Absolute path to a directory from which to serve
488 static HTML files. For example, /usr/share/qpid-dispatch/console.
489 This attribute has been deprecated. Use httpRootDir instead.
490
491 logMessage (string, default=none)
492 (DEPRECATED) A comma separated list that indicates which components
493 of the message should be logged. Defaults to none (log nothing). If
494 you want all properties and application properties of the message
495 logged use all. Specific components of the message can be logged by
496 indicating the components via a comma separated list. The
497 components are message-id, user-id, to, subject, reply-to,
498 correlation-id, content-type, content-encoding,
499 absolute-expiry-time, creation-time, group-id, group-sequence,
500 reply-to-group-id, app-properties. The application-data part of the
501 bare message will not be logged. No spaces are allowed This
502 attribute has been deprecated. Use messageLoggingComponents
503 instead.
504
505 connector
506 Establishes an outgoing connection from the router.
507
508 host (string, default=127.0.0.1)
509 IP address: ipv4 or ipv6 literal or a host name
510
511 port (string, default=amqp)
512 Port number or symbolic service name.
513
514 protocolFamily (One of [IPv4, IPv6])
515 [IPv4, IPv6] IPv4: Internet Protocol version 4; IPv6: Internet
516 Protocol version 6. If not specified, the protocol family will be
517 automatically determined from the address.
518
519 role (One of [normal, inter-router, route-container, edge],
520 default=normal)
521 The role of an established connection. In the normal role, the
522 connection is assumed to be used for AMQP clients that are doing
523 normal message delivery over the connection. In the inter-router
524 role, the connection is assumed to be to another router in the
525 network. Inter-router discovery and routing protocols can only be
526 used over inter-router connections. route-container role can be
527 used for router-container connections, for example, a router-broker
528 connection. In the edge role, the connection is assumed to be
529 between and edge router and an interior router.
530
531 cost (integer, default=1)
532 For the inter-router role only. This value assigns a cost metric to
533 the inter-router connection. The default (and minimum) value is
534 one. Higher values represent higher costs. The cost is used to
535 influence the routing algorithm as it attempts to use the path with
536 the lowest total cost from ingress to egress.
537
538 sslProfile (string)
539 Name of the sslProfile.
540
541 saslMechanisms (string)
542 Space separated list of accepted SASL authentication mechanisms.
543
544 allowRedirect (boolean, default=True)
545 Allow the peer to redirect this connection to another address.
546
547 maxFrameSize (integer, default=16384)
548 The maximum frame size in octets that will be used in the
549 connection-open negotiation with a connected peer. The frame size
550 is the largest contiguous set of uninterrupted data that can be
551 sent for a message delivery over the connection. Interleaving of
552 messages on different links is done at frame granularity. Policy
553 settings will not overwrite this value. Defaults to 16384.
554
555 maxSessions (integer, default=32768)
556 The maximum number of sessions that can be simultaneously active on
557 the connection. Setting this value to zero selects the default
558 number of sessions. Policy settings will not overwrite this value.
559 Defaults to 32768.
560
561 maxSessionFrames (integer)
562 Session incoming window measured in transfer frames for sessions
563 created on this connection. This is the number of transfer frames
564 that may simultaneously be in flight for all links in the session.
565 Setting this value to zero selects the default session window size.
566 Policy settings will not overwrite this value. The numerical
567 product of maxFrameSize and maxSessionFrames may not exceed 231-1.
568 If (maxFrameSize x maxSessionFrames) exceeds 231-1 then
569 maxSessionFrames is reduced to (2^31-1 / maxFrameSize).
570 maxSessionFrames has a minimum value of 1. Defaults to 0 (unlimited
571 window).
572
573 idleTimeoutSeconds (integer, default=16)
574 The idle timeout, in seconds, for connections through this
575 connector. If no frames are received on the connection for this
576 time interval, the connection shall be closed.
577
578 stripAnnotations (One of [in, out, both, no], default=both)
579 [in, out, both, no] in: Strip the dispatch router specific
580 annotations only on ingress; out: Strip the dispatch router
581 specific annotations only on egress; both: Strip the dispatch
582 router specific annotations on both ingress and egress; no - do not
583 strip dispatch router specific annotations
584
585 linkCapacity (integer)
586 The capacity of links within this connection, in terms of message
587 deliveries. The capacity is the number of messages that can be
588 in-flight concurrently for each link.
589
590 verifyHostname (boolean, default=True)
591 yes: Ensures that when initiating a connection (as a client) the
592 host name in the URL to which this connector connects to matches
593 the host name in the digital certificate that the peer sends back
594 as part of the SSL connection; no: Does not perform host name
595 verification
596
597 saslUsername (string)
598 The user name that the connector is using to connect to a peer.
599
600 saslPassword (string)
601 The password that the connector is using to connect to a peer.
602
603 messageLoggingComponents (string, default=none)
604 A comma separated list that indicates which components of the
605 message should be logged (no spaces allowed between list
606 components). Defaults to none (log nothing). If you want all
607 properties and application properties of the message logged use
608 all. Specific components of the message can be logged by indicating
609 the components via a comma separated list. The components are
610 message-id, user-id, to, subject, reply-to, correlation-id,
611 content-type, content-encoding, absolute-expiry-time,
612 creation-time, group-id, group-sequence, reply-to-group-id,
613 app-properties. The application-data part of the bare message will
614 not be logged. This log message is written to the MESSAGE logging
615 module. In the log entity, set module property to MESSAGE or
616 DEFAULT and enable to trace+ to see this log message
617
618 policyVhost (string)
619 A connector may optionally define a policy to restrict the remote
620 container to access only specific resources. This attribute defines
621 the name of the policy vhost for this connector. Within the vhost
622 the connector will use the vhost policy settings from user group
623 $connector. If the vhost policy is absent or if the user group
624 $connector within that policy is absent then the connector will
625 fail to start. In policy specified via connector attribute
626 policyVhost the following vhostUserGroupSettings attributes are
627 unused: users, remoteHosts, maxFrameSize, maxSessionWindow,
628 maxSessions.
629
630 verifyHostName (boolean, default=True)
631 (DEPRECATED) yes: Ensures that when initiating a connection (as a
632 client) the host name in the URL to which this connector connects
633 to matches the host name in the digital certificate that the peer
634 sends back as part of the SSL connection; no: Does not perform host
635 name verification This attribute has been deprecated. Use
636 verifyHostname instead.
637
638 logMessage (string, default=none)
639 (DEPRECATED) A comma separated list that indicates which components
640 of the message should be logged (no spaces allowed between list
641 components). Defaults to none (log nothing). If you want all
642 properties and application properties of the message logged use
643 all. Specific components of the message can be logged by indicating
644 the components via a comma separated list. The components are
645 message-id, user-id, to, subject, reply-to, correlation-id,
646 content-type, content-encoding, absolute-expiry-time,
647 creation-time, group-id, group-sequence, reply-to-group-id,
648 app-properties. The application-data part of the bare message will
649 not be logged. This log message is written to the MESSAGE logging
650 module. In the log entity, set module property to MESSAGE or
651 DEFAULT and enable to trace+ to see this log message This attribute
652 has been deprecated. Use messageLoggingComponents instead.
653
654 log
655 Configure logging for a particular module. You can use the UPDATE
656 operation to change log settings while the router is running.
657
658 module (One of [ROUTER, ROUTER_CORE, ROUTER_HELLO, ROUTER_LS,
659 ROUTER_MA, MESSAGE, SERVER, AGENT, AUTHSERVICE, CONTAINER, ERROR,
660 POLICY, HTTP, CONN_MGR, PYTHON, DEFAULT], required)
661 Module to configure. The special module DEFAULT specifies defaults
662 for all modules.
663
664 enable (string)
665 Levels are: trace, debug, info, notice, warning, error, critical.
666 The enable string is a comma-separated list of levels. A level may
667 have a trailing + to enable that level and above. For example
668 trace,debug,warning+ means enable trace, debug, warning, error and
669 critical. The value none means disable logging for the module.
670
671 includeTimestamp (boolean)
672 Include timestamp in log messages.
673
674 includeSource (boolean)
675 Include source file and line number in log messages.
676
677 outputFile (string)
678 Where to send log messages. Can be stderr, stdout, syslog or a file
679 name.
680
681 timestamp (boolean)
682 (DEPRECATED) Include timestamp in log messages. This attribute has
683 been deprecated. Use includeTimestamp instead.
684
685 source (boolean)
686 (DEPRECATED) Include source file and line number in log messages.
687 This attribute has been deprecated. Use includeSource instead.
688
689 output (string)
690 (DEPRECATED) Where to send log messages. Can be stderr, stdout,
691 syslog or a file name. This attribute has been deprecated. Use
692 outputFile instead.
693
694 address
695 Entity type for address configuration. This is used to configure the
696 treatment of message-routed deliveries within a particular
697 address-space. The configuration controls distribution and address
698 phasing.
699
700 prefix (string)
701 The address prefix for the configured settings. Cannot be used with
702 a pattern attribute.
703
704 pattern (string)
705 A wildcarded pattern for address matching. Incoming addresses are
706 matched against this pattern. Matching addresses use the configured
707 settings. The pattern consists of one or more tokens separated by a
708 forward slash /. A token can be one of the following: a *
709 character, a # character, or a sequence of characters that do not
710 include /, *, or #. The * token matches any single token. The #
711 token matches zero or more tokens. * has higher precedence than #,
712 and exact match has the highest precedence. Cannot be used with a
713 prefix attribute.
714
715 distribution (One of [multicast, closest, balanced, unavailable],
716 default=balanced)
717 Treatment of traffic associated with the address
718
719 waypoint (boolean)
720 Designates this address space as being used for waypoints. This
721 will cause the proper address-phasing to be used.
722
723 ingressPhase (integer)
724 Advanced - Override the ingress phase for this address
725
726 egressPhase (integer)
727 Advanced - Override the egress phase for this address
728
729 priority (integer)
730 All messages sent to this address which lack an intrinsic priority
731 will be assigned this priority.
732
733 enableFallback (boolean)
734 If false, undeliverable messages are released. If true,
735 undeliverable messages shall be re-delivered to a fallback
736 destination. The fallback destination uses the same address, but is
737 attached using an autoLink with fallback enabled or a link with the
738 qd.fallback capability.
739
740 linkRoute
741 Entity type for link-route configuration. This is used to identify
742 remote containers that shall be destinations for routed link-attaches.
743 The link-routing configuration applies to an addressing space defined
744 by a prefix or a pattern.
745
746 prefix (string)
747 The address prefix for the configured settings. Cannot be used with
748 the pattern attribute.
749
750 pattern (string)
751 A wildcarded pattern for address matching. Link addresses are
752 matched against this pattern. Matching addresses use the configured
753 settings. The pattern consists of one or more tokens separated by a
754 forward slash /. A token can be one of the following: a *
755 character, a # character, or a sequence of characters that do not
756 include /, *, or #. The * token matches any single token. The #
757 token matches zero or more tokens. * has higher precedence than #,
758 and exact match has the highest precedence. Cannot be used with the
759 prefix attribute.
760
761 addExternalPrefix (string)
762 add the specified prefix to the address of the remote terminus on
763 the route container link
764
765 delExternalPrefix (string)
766 remove the specified prefix to the address of the remote terminus
767 on the route container link
768
769 containerId (string)
770 ContainerID for the target container. Only one of containerId or
771 connection should be specified for a linkRoute. Specifying both
772 will result in the linkRoute not being created.
773
774 connection (string)
775 The name from a connector or listener. Only one of containerId or
776 connection should be specified for a linkRoute. Specifying both
777 will result in the linkRoute not being created.
778
779 distribution (One of [linkBalanced], default=linkBalanced)
780 Treatment of traffic associated with the address
781
782 direction (One of [in, out], required)
783 The permitted direction of links: in means client senders; out
784 means client receivers
785
786 dir (One of [in, out], required)
787 (DEPRECATED) The permitted direction of links: in means client
788 senders; out means client receivers This attribute has been
789 deprecated. Use direction instead.
790
791 autoLink
792 Entity type for configuring auto-links. Auto-links are links whose
793 lifecycle is managed by the router. These are typically used to attach
794 to waypoints on remote containers (brokers, etc.).
795
796 address (string, required)
797 The address of the provisioned object
798
799 direction (One of [in, out], required)
800 The direction of the link to be created. In means into the router,
801 out means out of the router.
802
803 phase (integer)
804 The address phase for this link. Defaults to 0 for out links and 1
805 for in links.
806
807 containerId (string)
808 ContainerID for the target container. Only one of containerId or
809 connection should be specified for an autoLink. Specifying both
810 will result in the autoLink not being created
811
812 connection (string)
813 The name from a connector or listener. Only one of containerId or
814 connection should be specified for an autoLink. Specifying both
815 will result in the autoLink not being created
816
817 externalAddress (string)
818 If present, an alternate address of the node on the remote
819 container. This is used if the node has a different address than
820 the address used internally by the router to route deliveries.
821
822 fallback (boolean)
823 If true, this auto-link is attached to a fallback destination for
824 an address.
825
826 addr (string, required)
827 (DEPRECATED) The address of the provisioned object This attribute
828 has been deprecated. Use address instead.
829
830 dir (One of [in, out], required)
831 (DEPRECATED) The direction of the link to be created. In means into
832 the router, out means out of the router. This attribute has been
833 deprecated. Use direction instead.
834
835 externalAddr (string)
836 (DEPRECATED) If present, an alternate address of the node on the
837 remote container. This is used if the node has a different address
838 than the address used internally by the router to route deliveries.
839 This attribute has been deprecated. Use externalAddress instead.
840
841 exchange
842 [EXPERIMENTAL] Defines a topic exchange.
843
844 address (string, required)
845 The address of the exchange. Used by the message publisher as the
846 target for sending messages.
847
848 phase (integer)
849 The address phase for the exchange. Defaults to 0.
850
851 alternateAddress (string)
852 The address to forward the message to if no bindings are matched.
853
854 alternatePhase (integer)
855 The address phase for the alternateAddress. Defaults to 0.
856
857 matchMethod (One of [amqp, mqtt], default=amqp)
858 Key matching algorithm used. amqp uses the legacy AMQP topic
859 exchange wildcard match method as described in the pre-1.0 drafts.
860 mqtt uses the MQTT topic filter wildcard match method.
861
862 binding
863 [EXPERIMENTAL] Defines a keyed next hop binding for a topic exchange.
864 The subject field of the messages arriving at the exchange is compared
865 against the binding’s key value using the exchange’s matchMethod. If
866 the subject matches the key the message is forwarded to the
867 nextHopAddress. The nextHopAddress overrides the message’s original
868 destination.
869
870 exchangeName (string, required)
871 The name of the exchange to bind.
872
873 bindingKey (string)
874 Pattern to compare against incoming message’s subject. The key is a
875 string of zero or more tokens and wildcards. The format depends on
876 the matchMethod configured for the exchange. For AMQP each token is
877 delimited by the . character and wild-card tokens * matches a
878 single token and
879
880 matches zero or more tokens. For MQTT each token is delimited by
881 the / character and wildcard tokens + matches a single token and
882
883 matches zero or more tokens at the end of the topic. If a key is
884 not provided the binding will match all messages arriving at the
885 exchange (fanout behavior).
886
887 nextHopAddress (string, required)
888 The address to forward the message to when the message’s topic
889 string matches the binding key pattern. This address is used by
890 message consumers as the source of incoming messages.
891
892 nextHopPhase (integer)
893 The address phase used when forwarding messages that match this
894 binding.
895
896 console
897 (DEPRECATED) Start a websocket/tcp proxy and http file server to serve
898 the web console
899
900 listener (string)
901 The name of the listener to send the proxied tcp traffic to.
902
903 wsport (integer, default=5673)
904 port on which to listen for websocket traffic
905
906 proxy (string, required)
907 The full path to the proxy program to run.
908
909 home (string, required)
910 The full path to the html/css/js files for the console.
911
912 args (string)
913 Optional args to pass the proxy program for logging,
914 authentication, etc.
915
916 policy
917 Defines global connection limit
918
919 maxConnections (integer, default=65535)
920 The maximum number of concurrent client connections allowed for
921 this router. This limit is always enforced, even if no other policy
922 settings have been defined. The limit is applied to all incoming
923 connections regardless of remote host, authenticated user, or
924 targeted vhost.
925
926 enableVhostPolicy (boolean)
927 Enables the router to enforce the connection denials and resource
928 limits defined in the configured vhost policies.
929
930 enableVhostNamePatterns (boolean)
931 Enable vhost name patterns. When false vhost hostnames are treated
932 as literal strings. When true vhost hostnames are treated as match
933 patterns.
934
935 policyDir (path)
936 The absolute path to a directory that holds vhost policy definition
937 files in JSON format (*.json). The router processes all of the
938 vhost policies in each JSON file that is in this directory.
939
940 defaultVhost (string)
941 The name of the default vhost policy. This policy rule set is
942 applied to a connection for which a vhost policy has not otherwise
943 been configured. Processing for the default vhost is enabled by
944 default and set to select vhost $default. To disable default vhost
945 processing set defaultVhost to blank or do not define a vhost named
946 $default.
947
948 vhost
949 AMQP virtual host policy definition of users, user groups, allowed
950 remote hosts, and AMQP restrictions.
951
952 hostname (string, required)
953 The hostname of the vhost. This vhost policy will be applied to any
954 client connection that is directed to this hostname.
955
956 maxConnections (integer, default=65535)
957 The global maximum number of concurrent client connections allowed
958 for this vhost.
959
960 maxConnectionsPerUser (integer, default=65535)
961 The maximum number of concurrent client connections allowed for any
962 user.
963
964 maxConnectionsPerHost (integer, default=65535)
965 The maximum number of concurrent client connections allowed for any
966 remote host (the host from which the client is connecting).
967
968 allowUnknownUser (boolean)
969 Whether unknown users (users who are not members of a defined user
970 group) are allowed to connect to the vhost. Unknown users are
971 assigned to the $default user group and receive $default settings.
972
973 groups (map)
974 A map where each key is a vhost name and each value is a map of the
975 settings for users of that vhost.
976
977 id (string, required)
978 (DEPRECATED) The hostname of the vhost. This vhost policy will be
979 applied to any client connection that is directed to this hostname.
980 This attribute has been deprecated. Use hostname instead.
981
982 vhostUserGroupSettings
983 Policy settings for users connecting to a vhost. Configuration files
984 including this section must use .json format.
985
986 maxFrameSize (integer, default=16384)
987 The largest frame, in bytes, that may be sent on this connection.
988 Non-zero policy values overwrite values specified for a listener
989 object (AMQP Open, max-frame-size).
990
991 maxSessionWindow (integer, default=1638400)
992 The incoming capacity for new AMQP sessions, measured in octets.
993 Non-zero policy values overwrite values specified for a listener
994 object (AMQP Begin, incoming-window).
995
996 maxSessions (integer, default=32768)
997 The maximum number of sessions that may be created on this
998 connection. Non-zero policy values overwrite values specified for a
999 listener object (AMQP Open, channel-max).
1000
1001 maxSenders (integer, default=2147483647)
1002 The maximum number of sending links that may be created on this
1003 connection. A value of 0 disables all sender links.
1004
1005 maxReceivers (integer, default=2147483647)
1006 The maximum number of receiving links that may be created on this
1007 connection. A value of 0 disables all receiver links.
1008
1009 allowDynamicSource (boolean)
1010 Whether this connection is allowed to create dynamic receiving
1011 links (links to resources that do not exist on the peer). A value
1012 of true means that users are able to automatically create resources
1013 on the peer system.
1014
1015 allowAnonymousSender (boolean)
1016 Whether this connection is allowed to create sending links if the
1017 sender does not provide a target address. By prohibiting anonymous
1018 senders, the router only needs to verify once, when the link is
1019 created, that the sender is permitted to send messages to the
1020 target address. The router does not need to verify each message
1021 that is sent on the link. A value of true means that users may send
1022 messages to any address. Allowing anonymous senders can also
1023 decrease performance: if the sender does not specify a target
1024 address, then the router must parse each message to determine how
1025 to route it.
1026
1027 allowUserIdProxy (boolean)
1028 Whether this connection is allowed to send messages with a user ID
1029 that is different than the connection’s authenticated user name.
1030
1031 allowWaypointLinks (boolean, default=True)
1032 Whether this connection is allowed to claim waypoint.N capability
1033 for attached links. This allows endpoints to act as waypoints
1034 without needing auto-links.
1035
1036 allowDynamicLinkRoutes (boolean, default=True)
1037 Whether this connection is allowed to dynamically create
1038 connection-scoped link route destinations.
1039
1040 allowAdminStatusUpdate (boolean, default=True)
1041 Whether this connection is allowed to update the admin status of
1042 other connections. Note: Inter-router connections cannot be deleted
1043 at any time.
1044
1045 allowFallbackLinks (boolean, default=True)
1046 Whether this connection is allowed to claim qd.fallback capability
1047 for attached links. This allows endpoints to act as fallback
1048 destinations for addresses that have fallback capability enabled.
1049
1050 sources (string)
1051
1052 targets (string)
1053
1054 sourcePattern (string)
1055
1056 targetPattern (string)
1057
1059 qdrouterd(8), qdmanage(8)
1060
1061 http://qpid.apache.org/components/dispatch-router
1062
1063
1064
1065 10/02/2019 QDROUTERD.CONF(5)