1QDROUTERD.CONF(5) QDROUTERD.CONF(5)
2
6 qdrouterd.conf - configuration file for the dispatch router.
7
9 Provides the initial configuration when qdrouterd(8) starts. The
10 configuration of a running router can be modified using qdmanage(8).
11
13 The configuration file is made up of sections with this syntax:
14 sectionName {
16 attributeName: attributeValue
17 attributeName: attributeValue
18 ...
19 }
20 For example you can define a router using the router section
22 router {
24 mode: standalone
25 id: Router.A
26 ...
27 }
28 or define a listener using the listener section
30 listener {
32 host: 0.0.0.0
33 port: 20102
34 saslMechanisms: ANONYMOUS
35 ...
36 }
37 or define a connector using the connector section
39 connector {
41 role: inter-router
42 host: 0.0.0.0
43 port: 20003
44 saslMechanisms: ANONYMOUS
45 ...
46 }
47 An sslProfile section with SSL credentials can be included in multiple
49 listener or connector entities. Here’s an example, note how the
50 sslProfile attribute of listener sections references the name attribute
51 of sslProfile sections.
52 sslProfile {
54 name: my-ssl
55 caCertFile: ca-certificate-1.pem
56 certFile: server-certificate-1.pem
57 privateKeyFile: server-private-key.pem
58 }
59 listener {
61 sslProfile: my-ssl
62 host: 0.0.0.0
63 port: 20102
64 saslMechanisms: ANONYMOUS
65 }
66
68 router
69 Tracks peer routers and computes routes to destinations. This entity is
70 mandatory. The router will not start without this entity.
71 id (string)
73 Router’s unique identity. If not specified, a random identity will
74 be assigned at startup.
75 mode (One of [standalone, interior, edge], default=standalone)
77 In standalone mode, the router operates as a single component. It
78 does not participate in the routing protocol and therefore will not
79 cooperate with other routers. In interior mode, the router operates
80 in cooperation with other interior routers in an interconnected
81 network. In edge mode, the router can make a connection to an
82 interior router and join a network without causing that network to
83 recompute paths.
84 helloIntervalSeconds (integer, default=1)
86 Interval in seconds between HELLO messages sent to neighbor
87 routers.
88 helloMaxAgeSeconds (integer, default=3)
90 Time in seconds after which a neighbor is declared lost if no HELLO
91 is received.
92 raIntervalSeconds (integer, default=30)
94 Interval in seconds between Router-Advertisements sent to all
95 routers in a stable network.
96 raIntervalFluxSeconds (integer, default=4)
98 Interval in seconds between Router-Advertisements sent to all
99 routers during topology fluctuations.
100 remoteLsMaxAgeSeconds (integer, default=60)
102 Time in seconds after which link state is declared stale if no RA
103 is received.
104 workerThreads (integer, default=4)
106 The number of threads that will be created to process message
107 traffic and other application work (timers, non-amqp file
108 descriptors, etc.) .
109 debugDumpFile (path)
111 The absolute path to the location for the debug dump file. The
112 router writes debug-level information to this file if the logger is
113 not available.
114 saslConfigDir (path)
116 Absolute path to the SASL configuration file.
117 saslConfigName (string, default=qdrouterd)
119 Name of the SASL configuration. This string + .conf is the name of
120 the configuration file.
121 allowResumableLinkRoute (boolean, default=True)
123 Whether links can be routed where timeout is non-zero or
124 expiry-policy is not link-detach
125 timestampsInUTC (boolean)
127 Use UTC time rather than localtime in logs.
128 timestampFormat (string)
130 Format string to use for timestamps in logs.
131 allowUnsettledMulticast (boolean)
133 (DEPRECATED) If true, allow senders to send unsettled deliveries to
134 multicast addresses. These deliveries shall be settled by the
135 ingress router. If false, unsettled deliveries to multicast
136 addresses shall be rejected.
137 defaultDistribution (One of [multicast, closest, balanced,
139 unavailable], default=balanced)
140 Default forwarding treatment for any address without a specified
141 treatment. multicast - one copy of each message delivered to all
142 subscribers; closest - messages delivered to only the closest
143 subscriber; balanced - messages delivered to one subscriber with
144 load balanced across subscribers; unavailable - this address is
145 unavailable, messages sent and link attaches to the address will be
146 rejected.
147 helloInterval (integer, default=1)
149 (DEPRECATED) Interval in seconds between HELLO messages sent to
150 neighbor routers. This attribute has been deprecated. Use
151 helloIntervalSeconds instead.
152 helloMaxAge (integer, default=3)
154 (DEPRECATED) Time in seconds after which a neighbor is declared
155 lost if no HELLO is received. This attribute has been deprecated.
156 Use helloMaxAgeSeconds instead.
157 raInterval (integer, default=30)
159 (DEPRECATED) Interval in seconds between Router-Advertisements sent
160 to all routers in a stable network. This attribute has been
161 deprecated. Use raIntervalSeconds instead.
162 raIntervalFlux (integer, default=4)
164 (DEPRECATED) Interval in seconds between Router-Advertisements sent
165 to all routers during topology fluctuations. This attribute has
166 been deprecated. Use raIntervalFluxSeconds instead.
167 remoteLsMaxAge (integer, default=60)
169 (DEPRECATED) Time in seconds after which link state is declared
170 stale if no RA is received. This attribute has been deprecated. Use
171 remoteLsMaxAgeSeconds instead.
172 debugDump (path)
174 (DEPRECATED) The absolute path to the location for the debug dump
175 file. The router writes debug-level information to this file if the
176 logger is not available. This attribute has been deprecated. Use
177 debugDumpFile instead.
178 saslConfigPath (path)
180 (DEPRECATED) Absolute path to the SASL configuration file. This
181 attribute has been deprecated. Use saslConfigDir instead.
182 sslProfile
184 Attributes for setting TLS/SSL configuration for connections.
185 ciphers (string)
187 Specifies the enabled ciphers so the SSL Ciphers can be hardened.
188 In other words, use this field to disable weak ciphers. The ciphers
189 are specified in the format understood by the OpenSSL library. For
190 example, ciphers can be set to
191 ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; — The
192 full list of allowed ciphers can be viewed using the openssl
193 ciphers command
194 protocols (string)
196 The TLS protocols that this sslProfile can use. You can specify a
197 list of one or more of TLSv1, TLSv1.1, or TLSv1.2. To specify
198 multiple protocols, separate the protocols with a space. For
199 example, to permit the sslProfile to use TLS v1.1 and TLS v1.2
200 only, you would set the value to TLSv1.1 TLSv1.2. If you do not
201 specify a value, the sslProfile uses the TLS protocol specified by
202 the system-wide configuration.
203 caCertFile (path)
205 The absolute path to the database that contains the public
206 certificates of trusted certificate authorities (CA).
207 certFile (path)
209 The absolute path to the file containing the PEM-formatted public
210 certificate to be used on the local end of any connections using
211 this profile.
212 privateKeyFile (path)
214 The absolute path to the file containing the PEM-formatted private
215 key for the above certificate.
216 passwordFile (path)
218 If the above private key is password protected, this is the
219 absolute path to a file containing the password that unlocks the
220 certificate key. This file should be permission protected to limit
221 access
222 password (string)
224 (DEPRECATED) An alternative to storing the password in a file
225 referenced by passwordFile is to supply the password right here in
226 the configuration file. This takes precedence over the passwordFile
227 if both are specified. This attribute has been deprecated because
228 it is unsafe to store plain text passwords in config files. Use the
229 passwordFile instead
230 uidFormat (string)
232 A list of x509 client certificate fields that will be used to build
233 a string that will uniquely identify the client certificate owner.
234 For e.g. a value of cou indicates that the uid will consist of c -
235 common name concatenated with o - organization-company name
236 concatenated with u - organization unit; or a value of o2 indicates
237 that the uid will consist of o (organization name) concatenated
238 with 2 (the sha256 fingerprint of the entire certificate) . Allowed
239 values can be any combination of c( ISO3166 two character country
240 code), s(state or province), l(Locality; generally - city),
241 o(Organization - Company Name), u(Organization Unit - typically
242 certificate type or brand), n(CommonName - typically a user name
243 for client certificates) and 1(sha1 certificate fingerprint, as
244 displayed in the fingerprints section when looking at a certificate
245 with say a web browser is the hash of the entire certificate) and 2
246 (sha256 certificate fingerprint) and 5 (sha512 certificate
247 fingerprint). The user identifier (uid) that is generated based on
248 the uidFormat is a string which has a semi-colon as a separator
249 between the components
250 uidNameMappingFile (string)
252 The absolute path to the file containing the unique id to display
253 name mapping
254 certDb (path)
256 (DEPRECATED) The absolute path to the database that contains the
257 public certificates of trusted certificate authorities (CA). This
258 attribute has been deprecated. Use caCertFile instead.
259 keyFile (path)
261 (DEPRECATED) The absolute path to the file containing the
262 PEM-formatted private key for the above certificate. This attribute
263 has been deprecated. Use privateKeyFile instead.
264 displayNameFile (string)
266 (DEPRECATED) The absolute path to the file containing the unique id
267 to display name mapping This attribute has been deprecated. Use
268 uidNameMappingFile instead.
269 authServicePlugin
271 EXPERIMENTAL. Attributes for setting SASL plugin.
272 authService (string)
274 (DEPRECATED) Address of a service to delegate authentication to.
275 This attribute has been deprecated. Use the host and port
276 attributes instead.
277 host (string)
279 A host name, IPV4 or IPV6 literal, of the service to delegate to.
280 port (string, default=amqp)
282 Port number of the service delegated host.
283 realm (string)
285 Value to set for hostname field on sasl-init
286 sslProfile (string)
288 Name of the sslProfile to use for the authentication service.
289 saslInitHostname (string)
291 (DEPRECATED) Value to set for hostname field on sasl-init This
292 attribute has been deprecated. Use realm instead.
293 authSslProfile (string)
295 (DEPRECATED) Name of the sslProfile to use for the authentication
296 service. This attribute has been deprecated. Use sslProfile
297 instead.
298 listener
300 Listens for incoming connections to the router.
301 host (string)
303 A host name, IPV4 or IPV6 literal, or the empty string. The empty
304 string listens on all local addresses. A host name listens on all
305 addresses associated with the name. An IPV6 literal address (or
306 wildcard [::]) listens only for IPV6. An IPV4 literal address (or
307 wildcard 0.0.0.0) listens only for IPV4.
308 port (string, default=amqp)
310 Port number or symbolic service name. If 0, the router shall assign
311 an ephemeral port to the listener and log the port number with a
312 log of the form SERVER (notice) Listening on <host>:<assigned-port>
313 (<listener-name>)
314 socketAddressFamily (One of [IPv4, IPv6])
316 [IPv4, IPv6] IPv4: Internet Protocol version 4; IPv6: Internet
317 Protocol version 6. If not specified, the protocol family will be
318 automatically determined from the address.
319 role (One of [normal, inter-router, route-container, edge],
321 default=normal)
322 The role of an established connection. In the normal role, the
323 connection is assumed to be used for AMQP clients that are doing
324 normal message delivery over the connection. In the inter-router
325 role, the connection is assumed to be to another router in the
326 network. Inter-router discovery and routing protocols can only be
327 used over inter-router connections. route-container role can be
328 used for router-container connections, for example, a router-broker
329 connection. In the edge role, the connection is assumed to be
330 between an edge router and an interior router.
331 cost (integer, default=1)
333 For the inter-router role only. This value assigns a cost metric to
334 the inter-router connection. The default (and minimum) value is
335 one. Higher values represent higher costs. The cost is used to
336 influence the routing algorithm as it attempts to use the path with
337 the lowest total cost from ingress to egress.
338 sslProfile (string)
340 Name of the sslProfile.
341 saslMechanisms (string)
343 Space separated list of accepted SASL authentication mechanisms.
344 authenticatePeer (boolean)
346 yes: Require the peer’s identity to be authenticated; no: Do not
347 require any authentication.
348 saslPlugin (string)
350 EXPERIMENTAL. Name of the a sasl plugin configuration section to
351 use for this listener (e.g. authServicePlugin).
352 requireEncryption (boolean)
354 yes: Require the connection to the peer to be encrypted; no: Permit
355 non-encrypted communication with the peer
356 requireSsl (boolean)
358 yes: Require the use of SSL or TLS on the connection; no: Allow
359 clients to connect without SSL or TLS.
360 trustedCertsFile (path)
362 This optional setting can be used to reduce the set of available
363 CAs for client authentication. If used, this setting must provide
364 the absolute path to a PEM file that contains the trusted
365 certificates.
366 maxFrameSize (integer, default=16384)
368 The maximum frame size in octets that will be used in the
369 connection-open negotiation with a connected peer. The frame size
370 is the largest contiguous set of uninterrupted data that can be
371 sent for a message delivery over the connection. Interleaving of
372 messages on different links is done at frame granularity. Policy
373 settings, if specified, will overwrite this value. Defaults to
374 16384.
375 maxSessions (integer, default=32768)
377 The maximum number of sessions that can be simultaneously active on
378 the connection. Setting this value to zero selects the default
379 number of sessions. Policy settings, if specified, will overwrite
380 this value. Defaults to 32768.
381 maxSessionFrames (integer)
383 Session incoming window measured in transfer frames for sessions
384 created on this connection. This is the number of transfer frames
385 that may simultaneously be in flight for all links in the session.
386 Setting this value to zero selects the default session window size.
387 Policy settings, if specified, will overwrite this value. The
388 numerical product of maxFrameSize and maxSessionFrames may not
389 exceed 231-1. If (maxFrameSize x maxSessionFrames) exceeds 231-1
390 then maxSessionFrames is reduced to (2^31-1 / maxFrameSize).
391 maxSessionFrames has a minimum value of 1. Defaults to 0 (unlimited
392 window).
393 idleTimeoutSeconds (integer, default=16)
395 The idle timeout, in seconds, for connections through this
396 listener. If no frames are received on the connection for this time
397 interval, the connection shall be closed.
398 initialHandshakeTimeoutSeconds (integer)
400 The timeout, in seconds, for the initial handshake for connections
401 coming in through listeners. If the time interval expires before
402 the peer sends the AMQP OPEN frame, the connection shall be closed.
403 A value of zero (the default) disables this timeout.
404 stripAnnotations (One of [in, out, both, no], default=both)
406 [in, out, both, no] in: Strip the dispatch router specific
407 annotations only on ingress; out: Strip the dispatch router
408 specific annotations only on egress; both: Strip the dispatch
409 router specific annotations on both ingress and egress; no - do not
410 strip dispatch router specific annotations
411 linkCapacity (integer)
413 The capacity of links within this connection, in terms of message
414 deliveries. The capacity is the number of messages that can be
415 in-flight concurrently for each link.
416 multiTenant (boolean)
418 If true, apply multi-tenancy to endpoints connected at this
419 listener. The address space is defined by the virtual host
420 (hostname field in the Open).
421 failoverUrls (string)
423 A comma-separated list of failover urls to be supplied to connected
424 clients. Form: [(amqp|amqps|ws|wss)://]host_or_ip[:port]
425 healthz (boolean, default=True)
427 Provide a simple HTTP based liveness test (using path /healthz).
428 Assumes listener is enabled for http.
429 metrics (boolean, default=True)
431 Export metrics in prometheus text format for the router (using path
432 /metrics). Assumes listener is enabled for http.
433 websockets (boolean, default=True)
435 For an http enabled listener, determines whether websockets access
436 is enabled (true by default).
437 http (boolean)
439 Accept HTTP connections that can upgrade to AMQP over WebSocket.
440 Plain AMQP connections are not accepted on this listener.
441 httpRootDir (path)
443 Absolute path to a directory from which to serve static HTML files.
444 For example, /usr/share/qpid-dispatch/console.
445 messageLoggingComponents (string, default=none)
447 A comma separated list that indicates which components of the
448 message should be logged. Defaults to none (log nothing). If you
449 want all properties and application properties of the message
450 logged use all. Specific components of the message can be logged by
451 indicating the components via a comma separated list. The
452 components are message-id, user-id, to, subject, reply-to,
453 correlation-id, content-type, content-encoding,
454 absolute-expiry-time, creation-time, group-id, group-sequence,
455 reply-to-group-id, app-properties. The application-data part of the
456 bare message will not be logged. No spaces are allowed
457 policyVhost (string)
459 A listener may optionally define a virtual host to index to a
460 specific policy to restrict the remote container to access only
461 specific resources. This attribute defines the name of the policy
462 vhost for this listener. If multi-tenancy is enabled for the
463 listener, this vhost will override the peer-supplied vhost for the
464 purposes of identifying the desired policy settings for the
465 connections.
466 protocolFamily (One of [IPv4, IPv6])
468 (DEPRECATED) [IPv4, IPv6] IPv4: Internet Protocol version 4; IPv6:
469 Internet Protocol version 6. If not specified, the protocol family
470 will be automatically determined from the address. This attribute
471 has been deprecated. Use socketAddressFamily instead.
472 trustedCerts (path)
474 (DEPRECATED) This optional setting can be used to reduce the set of
475 available CAs for client authentication. If used, this setting must
476 provide the absolute path to a PEM file that contains the trusted
477 certificates. This attribute has been deprecated. Use
478 trustedCertsFile instead.
479 failoverList (string)
481 (DEPRECATED) A comma-separated list of failover urls to be supplied
482 to connected clients. Form:
483 [(amqp|amqps|ws|wss)://]host_or_ip[:port] This attribute has been
484 deprecated. Use failoverUrls instead.
485 httpRoot (path)
487 (DEPRECATED) Absolute path to a directory from which to serve
488 static HTML files. For example, /usr/share/qpid-dispatch/console.
489 This attribute has been deprecated. Use httpRootDir instead.
490 logMessage (string, default=none)
492 (DEPRECATED) A comma separated list that indicates which components
493 of the message should be logged. Defaults to none (log nothing). If
494 you want all properties and application properties of the message
495 logged use all. Specific components of the message can be logged by
496 indicating the components via a comma separated list. The
497 components are message-id, user-id, to, subject, reply-to,
498 correlation-id, content-type, content-encoding,
499 absolute-expiry-time, creation-time, group-id, group-sequence,
500 reply-to-group-id, app-properties. The application-data part of the
501 bare message will not be logged. No spaces are allowed This
502 attribute has been deprecated. Use messageLoggingComponents
503 instead.
504 connector
506 Establishes an outgoing connection from the router.
507 host (string, default=127.0.0.1)
509 IP address: ipv4 or ipv6 literal or a host name
510 port (string, default=amqp)
512 Port number or symbolic service name.
513 protocolFamily (One of [IPv4, IPv6])
515 [IPv4, IPv6] IPv4: Internet Protocol version 4; IPv6: Internet
516 Protocol version 6. If not specified, the protocol family will be
517 automatically determined from the address.
518 role (One of [normal, inter-router, route-container, edge],
520 default=normal)
521 The role of an established connection. In the normal role, the
522 connection is assumed to be used for AMQP clients that are doing
523 normal message delivery over the connection. In the inter-router
524 role, the connection is assumed to be to another router in the
525 network. Inter-router discovery and routing protocols can only be
526 used over inter-router connections. route-container role can be
527 used for router-container connections, for example, a router-broker
528 connection. In the edge role, the connection is assumed to be
529 between and edge router and an interior router.
530 cost (integer, default=1)
532 For the inter-router role only. This value assigns a cost metric to
533 the inter-router connection. The default (and minimum) value is
534 one. Higher values represent higher costs. The cost is used to
535 influence the routing algorithm as it attempts to use the path with
536 the lowest total cost from ingress to egress.
537 sslProfile (string)
539 Name of the sslProfile.
540 saslMechanisms (string)
542 Space separated list of accepted SASL authentication mechanisms.
543 allowRedirect (boolean, default=True)
545 Allow the peer to redirect this connection to another address.
546 maxFrameSize (integer, default=16384)
548 The maximum frame size in octets that will be used in the
549 connection-open negotiation with a connected peer. The frame size
550 is the largest contiguous set of uninterrupted data that can be
551 sent for a message delivery over the connection. Interleaving of
552 messages on different links is done at frame granularity. Policy
553 settings will not overwrite this value. Defaults to 16384.
554 maxSessions (integer, default=32768)
556 The maximum number of sessions that can be simultaneously active on
557 the connection. Setting this value to zero selects the default
558 number of sessions. Policy settings will not overwrite this value.
559 Defaults to 32768.
560 maxSessionFrames (integer)
562 Session incoming window measured in transfer frames for sessions
563 created on this connection. This is the number of transfer frames
564 that may simultaneously be in flight for all links in the session.
565 Setting this value to zero selects the default session window size.
566 Policy settings will not overwrite this value. The numerical
567 product of maxFrameSize and maxSessionFrames may not exceed 231-1.
568 If (maxFrameSize x maxSessionFrames) exceeds 231-1 then
569 maxSessionFrames is reduced to (2^31-1 / maxFrameSize).
570 maxSessionFrames has a minimum value of 1. Defaults to 0 (unlimited
571 window).
572 idleTimeoutSeconds (integer, default=16)
574 The idle timeout, in seconds, for connections through this
575 connector. If no frames are received on the connection for this
576 time interval, the connection shall be closed.
577 stripAnnotations (One of [in, out, both, no], default=both)
579 [in, out, both, no] in: Strip the dispatch router specific
580 annotations only on ingress; out: Strip the dispatch router
581 specific annotations only on egress; both: Strip the dispatch
582 router specific annotations on both ingress and egress; no - do not
583 strip dispatch router specific annotations
584 linkCapacity (integer)
586 The capacity of links within this connection, in terms of message
587 deliveries. The capacity is the number of messages that can be
588 in-flight concurrently for each link.
589 verifyHostname (boolean, default=True)
591 yes: Ensures that when initiating a connection (as a client) the
592 host name in the URL to which this connector connects to matches
593 the host name in the digital certificate that the peer sends back
594 as part of the SSL connection; no: Does not perform host name
595 verification
596 saslUsername (string)
598 The user name that the connector is using to connect to a peer.
599 saslPassword (string)
601 The password that the connector is using to connect to a peer.
602 messageLoggingComponents (string, default=none)
604 A comma separated list that indicates which components of the
605 message should be logged (no spaces allowed between list
606 components). Defaults to none (log nothing). If you want all
607 properties and application properties of the message logged use
608 all. Specific components of the message can be logged by indicating
609 the components via a comma separated list. The components are
610 message-id, user-id, to, subject, reply-to, correlation-id,
611 content-type, content-encoding, absolute-expiry-time,
612 creation-time, group-id, group-sequence, reply-to-group-id,
613 app-properties. The application-data part of the bare message will
614 not be logged. This log message is written to the MESSAGE logging
615 module. In the log entity, set module property to MESSAGE or
616 DEFAULT and enable to trace+ to see this log message
617 policyVhost (string)
619 A connector may optionally define a policy to restrict the remote
620 container to access only specific resources. This attribute defines
621 the name of the policy vhost for this connector. Within the vhost
622 the connector will use the vhost policy settings from user group
623 $connector. If the vhost policy is absent or if the user group
624 $connector within that policy is absent then the connector will
625 fail to start. In policy specified via connector attribute
626 policyVhost the following vhostUserGroupSettings attributes are
627 unused: users, remoteHosts, maxFrameSize, maxSessionWindow,
628 maxSessions.
629 verifyHostName (boolean, default=True)
631 (DEPRECATED) yes: Ensures that when initiating a connection (as a
632 client) the host name in the URL to which this connector connects
633 to matches the host name in the digital certificate that the peer
634 sends back as part of the SSL connection; no: Does not perform host
635 name verification This attribute has been deprecated. Use
636 verifyHostname instead.
637 logMessage (string, default=none)
639 (DEPRECATED) A comma separated list that indicates which components
640 of the message should be logged (no spaces allowed between list
641 components). Defaults to none (log nothing). If you want all
642 properties and application properties of the message logged use
643 all. Specific components of the message can be logged by indicating
644 the components via a comma separated list. The components are
645 message-id, user-id, to, subject, reply-to, correlation-id,
646 content-type, content-encoding, absolute-expiry-time,
647 creation-time, group-id, group-sequence, reply-to-group-id,
648 app-properties. The application-data part of the bare message will
649 not be logged. This log message is written to the MESSAGE logging
650 module. In the log entity, set module property to MESSAGE or
651 DEFAULT and enable to trace+ to see this log message This attribute
652 has been deprecated. Use messageLoggingComponents instead.
653 log
655 Configure logging for a particular module. You can use the UPDATE
656 operation to change log settings while the router is running.
657 module (One of [ROUTER, ROUTER_CORE, ROUTER_HELLO, ROUTER_LS,
659 ROUTER_MA, MESSAGE, SERVER, AGENT, AUTHSERVICE, CONTAINER, ERROR,
660 POLICY, HTTP, CONN_MGR, PYTHON, DEFAULT], required)
661 Module to configure. The special module DEFAULT specifies defaults
662 for all modules.
663 enable (string)
665 Levels are: trace, debug, info, notice, warning, error, critical.
666 The enable string is a comma-separated list of levels. A level may
667 have a trailing + to enable that level and above. For example
668 trace,debug,warning+ means enable trace, debug, warning, error and
669 critical. The value none means disable logging for the module.
670 includeTimestamp (boolean)
672 Include timestamp in log messages.
673 includeSource (boolean)
675 Include source file and line number in log messages.
676 outputFile (string)
678 Where to send log messages. Can be stderr, stdout, syslog or a file
679 name.
680 timestamp (boolean)
682 (DEPRECATED) Include timestamp in log messages. This attribute has
683 been deprecated. Use includeTimestamp instead.
684 source (boolean)
686 (DEPRECATED) Include source file and line number in log messages.
687 This attribute has been deprecated. Use includeSource instead.
688 output (string)
690 (DEPRECATED) Where to send log messages. Can be stderr, stdout,
691 syslog or a file name. This attribute has been deprecated. Use
692 outputFile instead.
693 address
695 Entity type for address configuration. This is used to configure the
696 treatment of message-routed deliveries within a particular
697 address-space. The configuration controls distribution and address
698 phasing.
699 prefix (string)
701 The address prefix for the configured settings. Cannot be used with
702 a pattern attribute.
703 pattern (string)
705 A wildcarded pattern for address matching. Incoming addresses are
706 matched against this pattern. Matching addresses use the configured
707 settings. The pattern consists of one or more tokens separated by a
708 forward slash /. A token can be one of the following: a *
709 character, a # character, or a sequence of characters that do not
710 include /, *, or #. The * token matches any single token. The #
711 token matches zero or more tokens. * has higher precedence than #,
712 and exact match has the highest precedence. Cannot be used with a
713 prefix attribute.
714 distribution (One of [multicast, closest, balanced, unavailable],
716 default=balanced)
717 Treatment of traffic associated with the address
718 waypoint (boolean)
720 Designates this address space as being used for waypoints. This
721 will cause the proper address-phasing to be used.
722 ingressPhase (integer)
724 Advanced - Override the ingress phase for this address
725 egressPhase (integer)
727 Advanced - Override the egress phase for this address
728 priority (integer)
730 All messages sent to this address which lack an intrinsic priority
731 will be assigned this priority.
732 enableFallback (boolean)
734 If false, undeliverable messages are released. If true,
735 undeliverable messages shall be re-delivered to a fallback
736 destination. The fallback destination uses the same address, but is
737 attached using an autoLink with fallback enabled or a link with the
738 qd.fallback capability.
739 linkRoute
741 Entity type for link-route configuration. This is used to identify
742 remote containers that shall be destinations for routed link-attaches.
743 The link-routing configuration applies to an addressing space defined
744 by a prefix or a pattern.
745 prefix (string)
747 The address prefix for the configured settings. Cannot be used with
748 the pattern attribute.
749 pattern (string)
751 A wildcarded pattern for address matching. Link addresses are
752 matched against this pattern. Matching addresses use the configured
753 settings. The pattern consists of one or more tokens separated by a
754 forward slash /. A token can be one of the following: a *
755 character, a # character, or a sequence of characters that do not
756 include /, *, or #. The * token matches any single token. The #
757 token matches zero or more tokens. * has higher precedence than #,
758 and exact match has the highest precedence. Cannot be used with the
759 prefix attribute.
760 addExternalPrefix (string)
762 add the specified prefix to the address of the remote terminus on
763 the route container link
764 delExternalPrefix (string)
766 remove the specified prefix to the address of the remote terminus
767 on the route container link
768 containerId (string)
770 ContainerID for the target container. Only one of containerId or
771 connection should be specified for a linkRoute. Specifying both
772 will result in the linkRoute not being created.
773 connection (string)
775 The name from a connector or listener. Only one of containerId or
776 connection should be specified for a linkRoute. Specifying both
777 will result in the linkRoute not being created.
778 distribution (One of [linkBalanced], default=linkBalanced)
780 Treatment of traffic associated with the address
781 direction (One of [in, out], required)
783 The permitted direction of links: in means client senders; out
784 means client receivers
785 dir (One of [in, out], required)
787 (DEPRECATED) The permitted direction of links: in means client
788 senders; out means client receivers This attribute has been
789 deprecated. Use direction instead.
790 autoLink
792 Entity type for configuring auto-links. Auto-links are links whose
793 lifecycle is managed by the router. These are typically used to attach
794 to waypoints on remote containers (brokers, etc.).
795 address (string, required)
797 The address of the provisioned object
798 direction (One of [in, out], required)
800 The direction of the link to be created. In means into the router,
801 out means out of the router.
802 phase (integer)
804 The address phase for this link. Defaults to 0 for out links and 1
805 for in links.
806 containerId (string)
808 ContainerID for the target container. Only one of containerId or
809 connection should be specified for an autoLink. Specifying both
810 will result in the autoLink not being created
811 connection (string)
813 The name from a connector or listener. Only one of containerId or
814 connection should be specified for an autoLink. Specifying both
815 will result in the autoLink not being created
816 externalAddress (string)
818 If present, an alternate address of the node on the remote
819 container. This is used if the node has a different address than
820 the address used internally by the router to route deliveries.
821 fallback (boolean)
823 If true, this auto-link is attached to a fallback destination for
824 an address.
825 addr (string, required)
827 (DEPRECATED) The address of the provisioned object This attribute
828 has been deprecated. Use address instead.
829 dir (One of [in, out], required)
831 (DEPRECATED) The direction of the link to be created. In means into
832 the router, out means out of the router. This attribute has been
833 deprecated. Use direction instead.
834 externalAddr (string)
836 (DEPRECATED) If present, an alternate address of the node on the
837 remote container. This is used if the node has a different address
838 than the address used internally by the router to route deliveries.
839 This attribute has been deprecated. Use externalAddress instead.
840 exchange
842 [EXPERIMENTAL] Defines a topic exchange.
843 address (string, required)
845 The address of the exchange. Used by the message publisher as the
846 target for sending messages.
847 phase (integer)
849 The address phase for the exchange. Defaults to 0.
850 alternateAddress (string)
852 The address to forward the message to if no bindings are matched.
853 alternatePhase (integer)
855 The address phase for the alternateAddress. Defaults to 0.
856 matchMethod (One of [amqp, mqtt], default=amqp)
858 Key matching algorithm used. amqp uses the legacy AMQP topic
859 exchange wildcard match method as described in the pre-1.0 drafts.
860 mqtt uses the MQTT topic filter wildcard match method.
861 binding
863 [EXPERIMENTAL] Defines a keyed next hop binding for a topic exchange.
864 The subject field of the messages arriving at the exchange is compared
865 against the binding’s key value using the exchange’s matchMethod. If
866 the subject matches the key the message is forwarded to the
867 nextHopAddress. The nextHopAddress overrides the message’s original
868 destination.
869 exchangeName (string, required)
871 The name of the exchange to bind.
872 bindingKey (string)
874 Pattern to compare against incoming message’s subject. The key is a
875 string of zero or more tokens and wildcards. The format depends on
876 the matchMethod configured for the exchange. For AMQP each token is
877 delimited by the . character and wild-card tokens * matches a
878 single token and
879 matches zero or more tokens. For MQTT each token is delimited by
881 the / character and wildcard tokens + matches a single token and
882 matches zero or more tokens at the end of the topic. If a key is
884 not provided the binding will match all messages arriving at the
885 exchange (fanout behavior).
886 nextHopAddress (string, required)
888 The address to forward the message to when the message’s topic
889 string matches the binding key pattern. This address is used by
890 message consumers as the source of incoming messages.
891 nextHopPhase (integer)
893 The address phase used when forwarding messages that match this
894 binding.
895 console
897 (DEPRECATED) Start a websocket/tcp proxy and http file server to serve
898 the web console
899 listener (string)
901 The name of the listener to send the proxied tcp traffic to.
902 wsport (integer, default=5673)
904 port on which to listen for websocket traffic
905 proxy (string, required)
907 The full path to the proxy program to run.
908 home (string, required)
910 The full path to the html/css/js files for the console.
911 args (string)
913 Optional args to pass the proxy program for logging,
914 authentication, etc.
915 policy
917 Defines global connection limit
918 maxConnections (integer, default=65535)
920 The maximum number of concurrent client connections allowed for
921 this router. This limit is always enforced, even if no other policy
922 settings have been defined. The limit is applied to all incoming
923 connections regardless of remote host, authenticated user, or
924 targeted vhost.
925 enableVhostPolicy (boolean)
927 Enables the router to enforce the connection denials and resource
928 limits defined in the configured vhost policies.
929 enableVhostNamePatterns (boolean)
931 Enable vhost name patterns. When false vhost hostnames are treated
932 as literal strings. When true vhost hostnames are treated as match
933 patterns.
934 policyDir (path)
936 The absolute path to a directory that holds vhost policy definition
937 files in JSON format (*.json). The router processes all of the
938 vhost policies in each JSON file that is in this directory.
939 defaultVhost (string)
941 The name of the default vhost policy. This policy rule set is
942 applied to a connection for which a vhost policy has not otherwise
943 been configured. Processing for the default vhost is enabled by
944 default and set to select vhost $default. To disable default vhost
945 processing set defaultVhost to blank or do not define a vhost named
946 $default.
947 vhost
949 AMQP virtual host policy definition of users, user groups, allowed
950 remote hosts, and AMQP restrictions.
951 hostname (string, required)
953 The hostname of the vhost. This vhost policy will be applied to any
954 client connection that is directed to this hostname.
955 maxConnections (integer, default=65535)
957 The global maximum number of concurrent client connections allowed
958 for this vhost.
959 maxConnectionsPerUser (integer, default=65535)
961 The maximum number of concurrent client connections allowed for any
962 user.
963 maxConnectionsPerHost (integer, default=65535)
965 The maximum number of concurrent client connections allowed for any
966 remote host (the host from which the client is connecting).
967 allowUnknownUser (boolean)
969 Whether unknown users (users who are not members of a defined user
970 group) are allowed to connect to the vhost. Unknown users are
971 assigned to the $default user group and receive $default settings.
972 groups (map)
974 A map where each key is a vhost name and each value is a map of the
975 settings for users of that vhost.
976 id (string, required)
978 (DEPRECATED) The hostname of the vhost. This vhost policy will be
979 applied to any client connection that is directed to this hostname.
980 This attribute has been deprecated. Use hostname instead.
981 vhostUserGroupSettings
983 Policy settings for users connecting to a vhost. Configuration files
984 including this section must use .json format.
985 maxFrameSize (integer, default=16384)
987 The largest frame, in bytes, that may be sent on this connection.
988 Non-zero policy values overwrite values specified for a listener
989 object (AMQP Open, max-frame-size).
990 maxSessionWindow (integer, default=1638400)
992 The incoming capacity for new AMQP sessions, measured in octets.
993 Non-zero policy values overwrite values specified for a listener
994 object (AMQP Begin, incoming-window).
995 maxSessions (integer, default=32768)
997 The maximum number of sessions that may be created on this
998 connection. Non-zero policy values overwrite values specified for a
999 listener object (AMQP Open, channel-max).
1000 maxSenders (integer, default=2147483647)
1002 The maximum number of sending links that may be created on this
1003 connection. A value of 0 disables all sender links.
1004 maxReceivers (integer, default=2147483647)
1006 The maximum number of receiving links that may be created on this
1007 connection. A value of 0 disables all receiver links.
1008 allowDynamicSource (boolean)
1010 Whether this connection is allowed to create dynamic receiving
1011 links (links to resources that do not exist on the peer). A value
1012 of true means that users are able to automatically create resources
1013 on the peer system.
1014 allowAnonymousSender (boolean)
1016 Whether this connection is allowed to create sending links if the
1017 sender does not provide a target address. By prohibiting anonymous
1018 senders, the router only needs to verify once, when the link is
1019 created, that the sender is permitted to send messages to the
1020 target address. The router does not need to verify each message
1021 that is sent on the link. A value of true means that users may send
1022 messages to any address. Allowing anonymous senders can also
1023 decrease performance: if the sender does not specify a target
1024 address, then the router must parse each message to determine how
1025 to route it.
1026 allowUserIdProxy (boolean)
1028 Whether this connection is allowed to send messages with a user ID
1029 that is different than the connection’s authenticated user name.
1030 allowWaypointLinks (boolean, default=True)
1032 Whether this connection is allowed to claim waypoint.N capability
1033 for attached links. This allows endpoints to act as waypoints
1034 without needing auto-links.
1035 allowDynamicLinkRoutes (boolean, default=True)
1037 Whether this connection is allowed to dynamically create
1038 connection-scoped link route destinations.
1039 allowAdminStatusUpdate (boolean, default=True)
1041 Whether this connection is allowed to update the admin status of
1042 other connections. Note: Inter-router connections cannot be deleted
1043 at any time.
1044 allowFallbackLinks (boolean, default=True)
1046 Whether this connection is allowed to claim qd.fallback capability
1047 for attached links. This allows endpoints to act as fallback
1048 destinations for addresses that have fallback capability enabled.
1049 sources (string)
1051 targets (string)
1053 sourcePattern (string)
1055 targetPattern (string)
1057
1059 qdrouterd(8), qdmanage(8)
1060 http://qpid.apache.org/components/dispatch-router
1062 10/02/2019 QDROUTERD.CONF(5)