diff options
| author | Daniil Fedotov <dfedotov@pivotal.io> | 2016-02-01 11:43:05 +0000 |
|---|---|---|
| committer | Daniil Fedotov <dfedotov@pivotal.io> | 2016-02-01 11:43:05 +0000 |
| commit | 423ab9d519503ecf8c670860da4f104a90a3285e (patch) | |
| tree | 5ad4c7c6cbeb34b9f45ce68df8b91e55c833d78d | |
| parent | 5687c5cd0afc864512dd7245a69f7c2fc895e377 (diff) | |
| download | rabbitmq-server-git-423ab9d519503ecf8c670860da4f104a90a3285e.tar.gz | |
Docs examples in conf file
| -rw-r--r-- | additional.config | 44 | ||||
| -rw-r--r-- | rabbitmq.conf.d/rabbitmq.conf | 1191 | ||||
| -rw-r--r-- | schema/rabbitmq.config.schema | 637 |
3 files changed, 858 insertions, 1014 deletions
diff --git a/additional.config b/additional.config index 46b020c680..cc10f5a6a8 100644 --- a/additional.config +++ b/additional.config @@ -70,28 +70,28 @@ ]}, {rabbitmq_auth_backend_ldap, [ -% %% -% %% Authorisation -% %% ============= -% %% - -% %% The LDAP plugin can perform a variety of queries against your -% %% LDAP server to determine questions of authorisation. See -% %% http://www.rabbitmq.com/ldap.html#authorisation for more -% %% information. - -% %% Set the query to use when determining vhost access -% %% -% %% {vhost_access_query, {in_group, -% %% "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}}, - -% %% Set the query to use when determining resource (e.g., queue) access -% %% -% %% {resource_access_query, {constant, true}}, - -% %% Set queries to determine which tags a user has -% %% -% %% {tag_queries, []} + %% + %% Authorisation + %% ============= + %% + + %% The LDAP plugin can perform a variety of queries against your + %% LDAP server to determine questions of authorisation. See + %% http://www.rabbitmq.com/ldap.html#authorisation for more + %% information. + + %% Set the query to use when determining vhost access + %% + %% {vhost_access_query, {in_group, + %% "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}}, + + %% Set the query to use when determining resource (e.g., queue) access + %% + %% {resource_access_query, {constant, true}}, + + %% Set queries to determine which tags a user has + %% + %% {tag_queries, []} ]} ]. diff --git a/rabbitmq.conf.d/rabbitmq.conf b/rabbitmq.conf.d/rabbitmq.conf index 51109ad9c8..31b0cd4910 100644 --- a/rabbitmq.conf.d/rabbitmq.conf +++ b/rabbitmq.conf.d/rabbitmq.conf @@ -1,187 +1,161 @@ -# [ -# {rabbit, -# [## - ## Network Connectivity - ## ==================== - ## - ## By default, RabbitMQ will listen on all interfaces, using - ## the standard (reserved) AMQP port. - ## - ## {tcp_listeners, [5672]}, - ## To listen on a specific interface, provide a tuple of {IpAddress, Port}. - ## For example, to listen only on localhost for both IPv4 and IPv6: - ## - ## {tcp_listeners, [{"127.0.0.1", 5672}, - ## {"::1", 5672}]}, -# Define with port +# ====================================== +# RabbbitMQ broker section +# ====================================== + +## Network Connectivity +## ==================== +## +## By default, RabbitMQ will listen on all interfaces, using +## the standard (reserved) AMQP port. +## listener.tcp.default = 5672 -# Define with IP -# listener.tcp.local = 127.0.0.1:5672 -# Define for IPv6 +## To listen on a specific interface, provide an IP address with port. +## For example, to listen only on localhost for both IPv4 and IPv6: +## +# IPv4 +# listener.tcp.local = 127.0.0.1:5672 +# IPv6 # listener.tcp.local_v6 = ::1:5672 +## You can define multiple listeners using listener names +# listener.tcp.other_port = 5673 +# listener.tcp.other_ip = 10.10.10.10:5672 - ## SSL listeners are configured in the same fashion as TCP listeners, - ## including the option to control the choice of interface. - ## - ## {ssl_listeners, [5671]}, -# SSL listeners are same +## SSL listeners are configured in the same fashion as TCP listeners, +## including the option to control the choice of interface. +## listener.ssl.default = 5671 - - ## Number of Erlang processes that will accept connections for the TCP - ## and SSL listeners. - ## - ## {num_tcp_acceptors, 10}, - ## {num_ssl_acceptors, 1}, - +## Number of Erlang processes that will accept connections for the TCP +## and SSL listeners. +## num_acceptors.tcp = 10 num_acceptors.ssl = 1 - ## Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection - ## and SSL handshake), in milliseconds. - ## - ## {handshake_timeout, 10000}, - +## Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection +## and SSL handshake), in milliseconds. +## handshake_timeout = 10000 - ## Set to 'true' to perform reverse DNS lookups when accepting a - ## connection. Hostnames will then be shown instead of IP addresses - ## in rabbitmqctl and the management plugin. - ## - ## {reverse_dns_lookups, true}, +## Set to 'true' to perform reverse DNS lookups when accepting a +## connection. Hostnames will then be shown instead of IP addresses +## in rabbitmqctl and the management plugin. +## reverse_dns_lookups = true - # ## - # ## Security / AAA - # ## ============== - # ## - - # ## The default "guest" user is only permitted to access the server - # ## via a loopback interface (e.g. localhost). - # ## {loopback_users, [<<"guest">>]}, - # ## - # ## Uncomment the following line if you want to allow access to the - # ## guest user from anywhere on the network. - # ## {loopback_users, []}, +## +## Security / AAA +## ============== +## -# Duplicate 'guest', because cutterfish doesn't support collections +## The default "guest" user is only permitted to access the server +## via a loopback interface (e.g. localhost). +## {loopback_users, [<<"guest">>]}, +## +loopback_user.guest = true -loopback_user.guest = guest - - ## Configuring SSL. - ## See http://www.rabbitmq.com/ssl.html for full documentation. - ## - ## {ssl_options, [{cacertfile, "/path/to/testca/cacert.pem"}, - ## {certfile, "/path/to/server/cert.pem"}, - ## {keyfile, "/path/to/server/key.pem"}, - ## {verify, verify_peer}, - ## {fail_if_no_peer_cert, false}]}, +## Uncomment the following line if you want to allow access to the +## guest user from anywhere on the network. +loopback_user.guest = false +## Configuring SSL. +## See http://www.rabbitmq.com/ssl.html for full documentation. +## ssl_option.verify = verify_peer ssl_option.fail_if_no_peer_cert = false -ssl_option.cacertfile = /Users/daniilfedotov/keys/rabbitmq.crt -ssl_option.certfile = /Users/daniilfedotov/keys/rabbitmq.crt -ssl_option.keyfile = /Users/daniilfedotov/keys/rabbitmq.key - - ## Choose the available SASL mechanism(s) to expose. - ## The two default (built in) mechanisms are 'PLAIN' and - ## 'AMQPLAIN'. Additional mechanisms can be added via - ## plugins. - ## - ## See http://www.rabbitmq.com/authentication.html for more details. - ## - ## {auth_mechanisms, ['PLAIN', 'AMQPLAIN']}, - - ## Select an authentication database to use. RabbitMQ comes bundled - ## with a built-in auth-database, based on mnesia. - ## - ## {auth_backends, [rabbit_auth_backend_internal]}, - - ## Configurations supporting the rabbitmq_auth_mechanism_ssl and - ## rabbitmq_auth_backend_ldap plugins. - ## - ## NB: These options require that the relevant plugin is enabled. - ## See http://www.rabbitmq.com/plugins.html for further details. - - ## The RabbitMQ-auth-mechanism-ssl plugin makes it possible to - ## authenticate a user based on the client's SSL certificate. - ## - ## To use auth-mechanism-ssl, add to or replace the auth_mechanisms - ## list with the entry 'EXTERNAL'. - ## - ## {auth_mechanisms, ['EXTERNAL']}, - - ## The rabbitmq_auth_backend_ldap plugin allows the broker to - ## perform authentication and authorisation by deferring to an - ## external LDAP server. - ## - ## For more information about configuring the LDAP backend, see - ## http://www.rabbitmq.com/ldap.html. - ## - ## Enable the LDAP auth backend by adding to or replacing the - ## auth_backends entry: - ## - ## {auth_backends, [rabbit_auth_backend_ldap]}, - -auth_mechanism.external = EXTERNAL +# ssl_option.cacertfile = /path/to/rabbitmq.crt +# ssl_option.certfile = /path/to/rabbitmq.crt +# ssl_option.keyfile = /path/to/rabbitmq.key + +## Choose the available SASL mechanism(s) to expose. +## The two default (built in) mechanisms are 'PLAIN' and +## 'AMQPLAIN'. Additional mechanisms can be added via +## plugins. +## +## See http://www.rabbitmq.com/authentication.html for more details. +## +auth_mechanism.plain = PLAIN +auth_mechanism.amqplain = AMQPLAIN + +## Select an authentication database to use. RabbitMQ comes bundled +## with a built-in auth-database, based on mnesia. +## auth_backend.internal = rabbit_auth_backend_internal -# Add another backend +## Configurations supporting the rabbitmq_auth_mechanism_ssl and +## rabbitmq_auth_backend_ldap plugins. +## +## NB: These options require that the relevant plugin is enabled. +## See http://www.rabbitmq.com/plugins.html for further details. + + +## The RabbitMQ-auth-mechanism-ssl plugin makes it possible to +## authenticate a user based on the client's SSL certificate. +## +## To use auth-mechanism-ssl, add to or replace the auth_mechanisms +## with EXTERNAL value. +## +#auth_mechanism.external = EXTERNAL + +## The rabbitmq_auth_backend_ldap plugin allows the broker to +## perform authentication and authorisation by deferring to an +## external LDAP server. +## +## For more information about configuring the LDAP backend, see +## http://www.rabbitmq.com/ldap.html. +## +## Enable the LDAP auth backend by adding to or replacing the +## auth_backends entry: +## +# auth_backend.ldap = rabbit_auth_backend_ldap + +## Add another backend # auth_backend.http = rabbit_auth_backend_http - ## This pertains to both the rabbitmq_auth_mechanism_ssl plugin and - ## STOMP ssl_cert_login configurations. See the rabbitmq_stomp - ## configuration section later in this file and the README in - ## https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further - ## details. - ## - ## To use the SSL cert's CN instead of its DN as the username - ## - ## {ssl_cert_login_from, common_name}, - - ## SSL handshake timeout, in milliseconds. - ## - ## {ssl_handshake_timeout, 5000}, - -ssl_cert_login_from = common_name -ssl_handshake_timeout = 5000 - - - ## Password hashing implementation. Will only affect newly - ## created users. To recalculate hash for an existing user - ## it's necessary to update her password. - ## - ## When importing definitions exported from versions earlier - ## than 3.6.0, it is possible to go back to MD5 (only do this - ## as a temporary measure!) by setting this to rabbit_password_hashing_md5. - ## - ## To use SHA-512, set to rabbit_password_hashing_sha512. - ## - ## {password_hashing_module, rabbit_password_hashing_sha256}, +## This pertains to both the rabbitmq_auth_mechanism_ssl plugin and +## STOMP ssl_cert_login configurations. See the rabbitmq_stomp +## configuration section later in this file and the README in +## https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further +## details. +## +## To use the SSL cert's CN instead of its DN as the username +## +# ssl_cert_login_from = common_name -password_hashing_module = rabbit_password_hashing_sha256 +## SSL handshake timeout, in milliseconds. +## +# ssl_handshake_timeout = 5000 - ## - ## Default User / VHost - ## ==================== - ## - - ## On first start RabbitMQ will create a vhost and a user. These - ## config items control what gets created. See - ## http://www.rabbitmq.com/access-control.html for further - ## information about vhosts and access control. - ## - ## {default_vhost, <<"/">>}, - ## {default_user, <<"guest">>}, - ## {default_pass, <<"guest">>}, - ## {default_permissions, [<<".*">>, <<".*">>, <<".*">>]}, +## Password hashing implementation. Will only affect newly +## created users. To recalculate hash for an existing user +## it's necessary to update her password. +## +## To use SHA-512, set to rabbit_password_hashing_sha512. +## +password_hashing_module = rabbit_password_hashing_sha256 + +## When importing definitions exported from versions earlier +## than 3.6.0, it is possible to go back to MD5 (only do this +## as a temporary measure!) by setting this to rabbit_password_hashing_md5. +## +# password_hashing_module = rabbit_password_hashing_md5 + +## +## Default User / VHost +## ==================== +## + +## On first start RabbitMQ will create a vhost and a user. These +## config items control what gets created. See +## http://www.rabbitmq.com/access-control.html for further +## information about vhosts and access control. +## default_vhost = / default_user = guest default_pass = guest @@ -190,237 +164,197 @@ default_permissions.configure = .* default_permissions.read = .* default_permissions.write = .* - ## Tags for default user - ## - ## For more details about tags, see the documentation for the - ## Management Plugin at http://www.rabbitmq.com/management.html. - ## - ## {default_user_tags, [administrator]}, - +## Tags for default user +## +## For more details about tags, see the documentation for the +## Management Plugin at http://www.rabbitmq.com/management.html. +## default_user_tags.administrator = true - ## - ## Additional network and protocol related configuration - ## ===================================================== - ## +## Define other tags like this: +# default_user_tags.management = true +# default_user_tags.custom_tag = true - ## Set the default AMQP heartbeat delay (in seconds). - ## - ## {heartbeat, 600}, +## +## Additional network and protocol related configuration +## ===================================================== +## - ## Set the max permissible size of an AMQP frame (in bytes). - ## - ## {frame_max, 131072}, +## Set the default AMQP heartbeat delay (in seconds). +## +heartbeat = 600 - ## Set the max frame size the server will accept before connection - ## tuning occurs - ## - ## {initial_frame_max, 4096}, +## Set the max permissible size of an AMQP frame (in bytes). +## +frame_max = 131072 - ## Set the max permissible number of channels per connection. - ## 0 means "no limit". - ## - ## {channel_max, 128}, - -heartbeat = 600 -frame_max = 131072 +## Set the max frame size the server will accept before connection +## tuning occurs +## initial_frame_max = 4096 -channel_max = 128 - ## Customising Socket Options. - ## - ## See (http://www.erlang.org/doc/man/inet.html#setopts-2) for - ## further documentation. - ## - ## {tcp_listen_options, [{backlog, 128}, - ## {nodelay, true}, - ## {exit_on_close, false}]}, +## Set the max permissible number of channels per connection. +## 0 means "no limit". +## +channel_max = 128 + +## Customising Socket Options. +## +## See (http://www.erlang.org/doc/man/inet.html#setopts-2) for +## further documentation. +## tcp_listen_option.backlog = 128 tcp_listen_option.nodelay = true tcp_listen_option.exit_on_close = false - ## - ## Resource Limits & Flow Control - ## ============================== - ## - ## See http://www.rabbitmq.com/memory.html for full details. - - ## Memory-based Flow Control threshold. - ## - ## {vm_memory_high_watermark, 0.4}, - - ## Alternatively, we can set a limit (in bytes) of RAM used by the node. - ## - ## {vm_memory_high_watermark, {absolute, 1073741824}}, - ## - ## Or you can set absolute value using memory units (with RabbitMQ 3.6.0+). - ## - ## {vm_memory_high_watermark, {absolute, "1024M"}}, - ## - ## Supported units suffixes: - ## - ## k, kiB: kibibytes (2^10 bytes) - ## M, MiB: mebibytes (2^20) - ## G, GiB: gibibytes (2^30) - ## kB: kilobytes (10^3) - ## MB: megabytes (10^6) - ## GB: gigabytes (10^9) - -# Relative watermark +## +## Resource Limits & Flow Control +## ============================== +## +## See http://www.rabbitmq.com/memory.html for full details. + +## Memory-based Flow Control threshold. +## vm_memory_high_watermark.relative = 0.4 -# Or absolute watermark. -# Ignored if relative is defined! -# vm_memory_high_watermark.absolute = 1024M +## Alternatively, we can set a limit (in bytes) of RAM used by the node. +## +# vm_memory_high_watermark.absolute = 1073741824 - ## Fraction of the high watermark limit at which queues start to - ## page message out to disc in order to free up memory. - ## - ## Values greater than 0.9 can be dangerous and should be used carefully. - ## - ## {vm_memory_high_watermark_paging_ratio, 0.5}, +## Or you can set absolute value using memory units (with RabbitMQ 3.6.0+). +## Absolute watermark will be ignored if relative is defined! +## +# vm_memory_high_watermark.absolute = 2GB +## +## Supported units suffixes: +## +## kb, KB: kibibytes (2^10 bytes) +## mb, MB: mebibytes (2^20) +## gb, GB: gibibytes (2^30) -vm_memory_high_watermark_paging_ratio = 0.5 - ## Interval (in milliseconds) at which we perform the check of the memory - ## levels against the watermarks. - ## - ## {memory_monitor_interval, 2500}, +## Fraction of the high watermark limit at which queues start to +## page message out to disc in order to free up memory. +## +## Values greater than 0.9 can be dangerous and should be used carefully. +## +vm_memory_high_watermark_paging_ratio = 0.5 + +## Interval (in milliseconds) at which we perform the check of the memory +## levels against the watermarks. +## memory_monitor_interval = 2500 - ## Set disk free limit (in bytes). Once free disk space reaches this - ## lower bound, a disk alarm will be set - see the documentation - ## listed above for more details. - ## - ## {disk_free_limit, 50000000}, - ## - ## Or you can set it using memory units (same as in vm_memory_high_watermark) - ## with RabbitMQ 3.6.0+. - ## {disk_free_limit, "50MB"}, - ## {disk_free_limit, "50000kB"}, - ## {disk_free_limit, "2GB"}, - - ## Alternatively, we can set a limit relative to total available RAM. - ## - ## Values lower than 1.0 can be dangerous and should be used carefully. - ## {disk_free_limit, {mem_relative, 2.0}}, - -# Mem relative disk limit +## Set disk free limit (in bytes). Once free disk space reaches this +## lower bound, a disk alarm will be set - see the documentation +## listed above for more details. +## +## Absolute watermark will be ignored if relative is defined! +disk_free_limit.absolute = 50000 + +## Or you can set it using memory units (same as in vm_memory_high_watermark) +## with RabbitMQ 3.6.0+. +# disk_free_limit.absolute = 500KB +# disk_free_limit.absolute = 50mb +# disk_free_limit.absolute = 5GB + +## Alternatively, we can set a limit relative to total available RAM. +## +## Values lower than 1.0 can be dangerous and should be used carefully. disk_free_limit.relative = 2.0 -# Absolute disk limit -# Ignored if relative defined -disk_free_limit.absolute = 50MB - +## +## Clustering +## ===================== +## +cluster_partition_handling = ignore - ## - ## Clustering - ## ===================== - ## +## pause_if_all_down strategy require additional configuration +# cluster_partition_handling = pause_if_all_down - ## How to respond to cluster partitions. - ## See http://www.rabbitmq.com/partitions.html for further details. - ## - ## {cluster_partition_handling, ignore}, +## Recover strategy. Can be either 'autoheal' or 'ignore' +# cluster_partition_handling.pause_if_all_down.recover = ignore -cluster_partition_handling = ignore - - ## Mirror sync batch size, in messages. Increasing this will speed - ## up syncing but total batch size in bytes must not exceed 2 GiB. - ## Available in RabbitMQ 3.6.0 or later. - ## - ## {mirroring_sync_batch_size, 4096}, +## Node names to check +# cluster_partition_handling.pause_if_all_down.node.rabbit = rabbit@localhost +# cluster_partition_handling.pause_if_all_down.node.hare = hare@localhost +## Mirror sync batch size, in messages. Increasing this will speed +## up syncing but total batch size in bytes must not exceed 2 GiB. +## Available in RabbitMQ 3.6.0 or later. +## mirroring_sync_batch_size = 4096 - ## Make clustering happen *automatically* at startup - only applied - ## to nodes that have just been reset or started for the first time. - ## See http://www.rabbitmq.com/clustering.html#auto-config for - ## further details. - ## - ## {cluster_nodes, {['rabbit@my.host.com'], disc}}, - +## Make clustering happen *automatically* at startup - only applied +## to nodes that have just been reset or started for the first time. +## See http://www.rabbitmq.com/clustering.html#auto-config for +## further details. +## cluster_nodes.disc.rabbit = rabbit@my.host.com -# Can define multiple +## You can define multiple nodes # cluster_nodes.disc.hare = hare@my.host.com -# Ram nodes -# Should not be defined together with disk nodes +## There can be also ram nodes. +## Ram nodes should not be defined together with disk nodes # cluster_nodes.ram.rabbit = rabbit@my.host.com - ## Interval (in milliseconds) at which we send keepalive messages - ## to other cluster members. Note that this is not the same thing - ## as net_ticktime; missed keepalive messages will not cause nodes - ## to be considered down. - ## - ## {cluster_keepalive_interval, 10000}, - +## Interval (in milliseconds) at which we send keepalive messages +## to other cluster members. Note that this is not the same thing +## as net_ticktime; missed keepalive messages will not cause nodes +## to be considered down. +## cluster_keepalive_interval = 10000 - ## - ## Statistics Collection - ## ===================== - ## - - ## Set (internal) statistics collection granularity. - ## - ## {collect_statistics, none}, +## +## Statistics Collection +## ===================== +## -# Cna be none, coarse or fine +## Set (internal) statistics collection granularity. +## +## Can be none, coarse or fine collect_statistics = none - ## Statistics collection interval (in milliseconds). Increasing - ## this will reduce the load on management database. - ## - ## {collect_statistics_interval, 5000}, +# collect_statistics = coarse +## Statistics collection interval (in milliseconds). Increasing +## this will reduce the load on management database. +## collect_statistics_interval = 5000 - ## - ## Misc/Advanced Options - ## ===================== - ## - ## NB: Change these only if you understand what you are doing! - ## - - ## Explicitly enable/disable hipe compilation. - ## - ## {hipe_compile, true}, +## +## Misc/Advanced Options +## ===================== +## +## NB: Change these only if you understand what you are doing! +## +## Explicitly enable/disable hipe compilation. +## hipe_compile = false - ## Timeout used when waiting for Mnesia tables in a cluster to - ## become available. - ## - ## {mnesia_table_loading_timeout, 30000}, - +## Timeout used when waiting for Mnesia tables in a cluster to +## become available. +## mnesia_table_loading_timeout = 30000 - - ## Size in bytes below which to embed messages in the queue index. See - ## http://www.rabbitmq.com/persistence-conf.html - ## - ## {queue_index_embed_msgs_below, 4096} - +## Size in bytes below which to embed messages in the queue index. See +## http://www.rabbitmq.com/persistence-conf.html +## queue_index_embed_msgs_below = 4096 - # ]}, - - # ## ---------------------------------------------------------------------------- - # ## Advanced Erlang Networking/Clustering Options. - # ## - # ## See http://www.rabbitmq.com/clustering.html for details - # ## ---------------------------------------------------------------------------- - # {kernel, - # [## Sets the net_kernel tick time. - # ## Please see http://erlang.org/doc/man/kernel_app.html and - # ## http://www.rabbitmq.com/nettick.html for further details. - # ## - # ## {net_ticktime, 60} - # ]}, +## You can also set this size in memory units +## +queue_index_embed_msgs_below = 4kb + +## ---------------------------------------------------------------------------- +## Advanced Erlang Networking/Clustering Options. +## +## See http://www.rabbitmq.com/clustering.html for details +## ---------------------------------------------------------------------------- # ====================================== # Kernel section @@ -428,69 +362,49 @@ queue_index_embed_msgs_below = 4096 kernel.net_ticktime = 60 - # ## ---------------------------------------------------------------------------- - # ## RabbitMQ Management Plugin - # ## - # ## See http://www.rabbitmq.com/management.html for details - # ## ---------------------------------------------------------------------------- - - # {rabbitmq_management, - # [## Pre-Load schema definitions from the following JSON file. See - ## http://www.rabbitmq.com/management.html#load-definitions - ## - ## {load_definitions, "/path/to/schema.json"}, +## ---------------------------------------------------------------------------- +## RabbitMQ Management Plugin +## +## See http://www.rabbitmq.com/management.html for details +## ---------------------------------------------------------------------------- # ======================================= # Management section # ======================================= -#management.load_definitions = /path/to/schema.json +## Pre-Load schema definitions from the following JSON file. See +## http://www.rabbitmq.com/management.html#load-definitions +## +# management.load_definitions = /path/to/schema.json - ## Log all requests to the management HTTP API to a file. - ## - ## {http_log_dir, "/path/to/access.log"}, +## Log all requests to the management HTTP API to a file. +## +# management.http_log_dir = /path/to/access.log -#management.http_log_dir = /path/to/access.log +## Change the port on which the HTTP listener listens, +## specifying an interface for the web server to bind to. +## Also set the listener to use SSL and provide SSL options. +## - ## Change the port on which the HTTP listener listens, - ## specifying an interface for the web server to bind to. - ## Also set the listener to use SSL and provide SSL options. - ## - ## {listener, [{port, 12345}, - ## {ip, "127.0.0.1"}, - ## {ssl, true}, - ## {ssl_opts, [{cacertfile, "/path/to/cacert.pem"}, - ## {certfile, "/path/to/cert.pem"}, - ## {keyfile, "/path/to/key.pem"}]}]}, - - -# Maybe use IP type like in tcp_listener? +# QA: Maybe use IP type like in tcp_listener? management.listener.port = 12345 management.listener.ip = 127.0.0.1 management.listener.ssl = true -#management.listener.ssl_opts.cacertfile = /path/to/cacert.pem -#management.listener.ssl_opts.certfile = /path/to/cert.pem -#management.listener.ssl_opts.keyfile = /path/to/key.pem - - ## One of 'basic', 'detailed' or 'none'. See - ## http://www.rabbitmq.com/management.html#fine-stats for more details. - ## {rates_mode, basic}, +# management.listener.ssl_opts.cacertfile = /path/to/cacert.pem +# management.listener.ssl_opts.certfile = /path/to/cert.pem +# management.listener.ssl_opts.keyfile = /path/to/key.pem +## One of 'basic', 'detailed' or 'none'. See +## http://www.rabbitmq.com/management.html#fine-stats for more details. management.rates_mode = basic - ## Configure how long aggregated data (such as message rates and queue - ## lengths) is retained. Please read the plugin's documentation in - ## http://www.rabbitmq.com/management.html#configuration for more - ## details. - ## - ## {sample_retention_policies, - ## [{global, [{60, 5}, {3600, 60}, {86400, 1200}]}, - ## {basic, [{60, 5}, {3600, 60}]}, - ## {detailed, [{10, 5}]}]} -# ]}, - -# Some funny syntax +## Configure how long aggregated data (such as message rates and queue +## lengths) is retained. Please read the plugin's documentation in +## http://www.rabbitmq.com/management.html#configuration for more +## details. +## +# QA: Some funny syntax management.sample_retention_policies.global.60 = 5 management.sample_retention_policies.global.3600 = 60 management.sample_retention_policies.global.86400 = 1200 @@ -500,312 +414,309 @@ management.sample_retention_policies.basic.3600 = 60 management.sample_retention_policies.detailed.10 = 5 +## ---------------------------------------------------------------------------- +## RabbitMQ Shovel Plugin +## +## See http://www.rabbitmq.com/shovel.html for details +## ---------------------------------------------------------------------------- + +## Shovel plugin config example is defined in additional.config file -# Shovel is too complex for sysctl syntax. Should be defined in additinal.conf - -# ## ---------------------------------------------------------------------------- -# ## RabbitMQ Shovel Plugin -# ## -# ## See http://www.rabbitmq.com/shovel.html for details -# ## ---------------------------------------------------------------------------- - -# {rabbitmq_shovel, -# [{shovels, -# [## A named shovel worker. -# ## {my_first_shovel, -# ## [ - -# ## List the source broker(s) from which to consume. -# ## -# ## {sources, -# ## [## URI(s) and pre-declarations for all source broker(s). -# ## {brokers, ["amqp://user:password@host.domain/my_vhost"]}, -# ## {declarations, []} -# ## ]}, - -# ## List the destination broker(s) to publish to. -# ## {destinations, -# ## [## A singular version of the 'brokers' element. -# ## {broker, "amqp://"}, -# ## {declarations, []} -# ## ]}, - -# ## Name of the queue to shovel messages from. -# ## -# ## {queue, <<"your-queue-name-goes-here">>}, - -# ## Optional prefetch count. -# ## -# ## {prefetch_count, 10}, - -# ## when to acknowledge messages: -# ## - no_ack: never (auto) -# ## - on_publish: after each message is republished -# ## - on_confirm: when the destination broker confirms receipt -# ## -# ## {ack_mode, on_confirm}, - -# ## Overwrite fields of the outbound basic.publish. -# ## -# ## {publish_fields, [{exchange, <<"my_exchange">>}, -# ## {routing_key, <<"from_shovel">>}]}, - -# ## Static list of basic.properties to set on re-publication. -# ## -# ## {publish_properties, [{delivery_mode, 2}]}, - -# ## The number of seconds to wait before attempting to -# ## reconnect in the event of a connection failure. -# ## -# ## {reconnect_delay, 2.5} - -# ## ]} ## End of my_first_shovel -# ]} -# ## Rather than specifying some values per-shovel, you can specify -# ## them for all shovels here. -# ## -# ## {defaults, [{prefetch_count, 0}, -# ## {ack_mode, on_confirm}, -# ## {publish_fields, []}, -# ## {publish_properties, [{delivery_mode, 2}]}, -# ## {reconnect_delay, 2.5}]} -# ]}, -# ## ---------------------------------------------------------------------------- -# ## RabbitMQ Stomp Adapter -# ## -# ## See http://www.rabbitmq.com/stomp.html for details -# ## ---------------------------------------------------------------------------- +## ---------------------------------------------------------------------------- +## RabbitMQ Stomp Adapter +## +## See http://www.rabbitmq.com/stomp.html for details +## ---------------------------------------------------------------------------- # ======================================= # STOMP section # ======================================= -# {rabbitmq_stomp, -# [## Network Configuration - the format is generally the same as for the broker - -# ## Listen only on localhost (ipv4 & ipv6) on a specific port. -# ## {tcp_listeners, [{"127.0.0.1", 61613}, -# ## {"::1", 61613}]}, - -# Same as tcp_listener +## Network Configuration - the format is generally the same as for the broker +## stomp.listener.tcp.default = 61613 +## Same for ssl listeners +## stomp.listener.ssl.default = 61614 -# ## Number of Erlang processes that will accept connections for the TCP -# ## and SSL listeners. -# ## -# ## {num_tcp_acceptors, 10}, -# ## {num_ssl_acceptors, 1}, - +## Number of Erlang processes that will accept connections for the TCP +## and SSL listeners. +## stomp.num_acceptors.tcp = 10 stomp.num_acceptors.ssl = 1 -# ## Additional SSL options - -# ## Extract a name from the client's certificate when using SSL. -# ## -# ## {ssl_cert_login, true}, +## Additional SSL options +## Extract a name from the client's certificate when using SSL. +## stomp.ssl_cert_login = true -# ## Set a default user name and password. This is used as the default login -# ## whenever a CONNECT frame omits the login and passcode headers. -# ## -# ## Please note that setting this will allow clients to connect without -# ## authenticating! -# ## -# ## {default_user, [{login, "guest"}, -# ## {passcode, "guest"}]}, - -# Same syntax as AMQP -stomp.default_user = guest -stomp.default_pass = guest - -# ## If a default user is configured, or you have configured use SSL client -# ## certificate based authentication, you can choose to allow clients to -# ## omit the CONNECT frame entirely. If set to true, the client is -# ## automatically connected as the default user or user supplied in the -# ## SSL certificate whenever the first frame sent on a session is not a -# ## CONNECT frame. -# ## -# ## {implicit_connect, true} -# ]}, - +## Set a default user name and password. This is used as the default login +## whenever a CONNECT frame omits the login and passcode headers. +## +## Please note that setting this will allow clients to connect without +## authenticating! +## +# stomp.default_user = guest +# stomp.default_pass = guest + +## If a default user is configured, or you have configured use SSL client +## certificate based authentication, you can choose to allow clients to +## omit the CONNECT frame entirely. If set to true, the client is +## automatically connected as the default user or user supplied in the +## SSL certificate whenever the first frame sent on a session is not a +## CONNECT frame. +## stomp.implicit_connect = true -# ## ---------------------------------------------------------------------------- -# ## RabbitMQ MQTT Adapter -# ## -# ## See https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md -# ## for details -# ## ---------------------------------------------------------------------------- +## ---------------------------------------------------------------------------- +## RabbitMQ MQTT Adapter +## +## See https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md +## for details +## ---------------------------------------------------------------------------- # ======================================= # MQTT section # ======================================= -# {rabbitmq_mqtt, -# [## Set the default user name and password. Will be used as the default login -# ## if a connecting client provides no other login details. -# ## -# ## Please note that setting this will allow clients to connect without -# ## authenticating! -# ## -# ## {default_user, <<"guest">>}, -# ## {default_pass, <<"guest">>}, - -mqtt.default_user = guest -mqtt.default_pass = guest - -# ## Enable anonymous access. If this is set to false, clients MUST provide -# ## login information in order to connect. See the default_user/default_pass -# ## configuration elements for managing logins without authentication. -# ## -# ## {allow_anonymous, true}, - +## Set the default user name and password. Will be used as the default login +## if a connecting client provides no other login details. +## +## Please note that setting this will allow clients to connect without +## authenticating! +## +# mqtt.default_user = guest +# mqtt.default_pass = guest + +## Enable anonymous access. If this is set to false, clients MUST provide +## login information in order to connect. See the default_user/default_pass +## configuration elements for managing logins without authentication. +## mqtt.allow_anonymous = true -# ## If you have multiple chosts, specify the one to which the -# ## adapter connects. -# ## -# ## {vhost, <<"/">>}, - +## If you have multiple chosts, specify the one to which the +## adapter connects. +## mqtt.vhost = / -# ## Specify the exchange to which messages from MQTT clients are published. -# ## -# ## {exchange, <<"amq.topic">>}, - +## Specify the exchange to which messages from MQTT clients are published. +## mqtt.exchange = amq.topic -# ## Specify TTL (time to live) to control the lifetime of non-clean sessions. -# ## -# ## {subscription_ttl, 1800000}, +## Specify TTL (time to live) to control the lifetime of non-clean sessions. +## mqtt.subscription_ttl = 1800000 -# ## Set the prefetch count (governing the maximum number of unacknowledged -# ## messages that will be delivered). -# ## -# ## {prefetch, 10}, +## Set the prefetch count (governing the maximum number of unacknowledged +## messages that will be delivered). +## mqtt.prefetch = 10 -# ## TCP/SSL Configuration (as per the broker configuration). -# ## -# ## {tcp_listeners, [1883]}, -# ## {ssl_listeners, []}, - -# Same as amqp tcp_listener +## TCP/SSL Configuration (as per the broker configuration). +## mqtt.listener.tcp.default = 1883 -# Same as amqp ssl_listener +## Same for ssl listener +## mqtt.listener.ssl.default = 1884 -# ## Number of Erlang processes that will accept connections for the TCP -# ## and SSL listeners. -# ## -# ## {num_tcp_acceptors, 10}, -# ## {num_ssl_acceptors, 1}, - +## Number of Erlang processes that will accept connections for the TCP +## and SSL listeners. +## mqtt.num_acceptors.tcp = 10 mqtt.num_acceptors.ssl = 1 -# ## TCP/Socket options (as per the broker configuration). -# ## -# ## {tcp_listen_options, [{backlog, 128}, -# ## {nodelay, true}]} -# ]}, - -mqtt.tcp_listen_option.backlog = 128 -mqtt.tcp_listen_option.nodelay = true +## TCP/Socket options (as per the broker configuration). +## +# mqtt.tcp_listen_option.backlog = 128 +# mqtt.tcp_listen_option.nodelay = true -# ## ---------------------------------------------------------------------------- -# ## RabbitMQ AMQP 1.0 Support -# ## -# ## See https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md -# ## for details -# ## ---------------------------------------------------------------------------- +## ---------------------------------------------------------------------------- +## RabbitMQ AMQP 1.0 Support +## +## See https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md +## for details +## ---------------------------------------------------------------------------- # ======================================= # AMQP_1 section # ======================================= -# {rabbitmq_amqp1_0, -# [## Connections that are not authenticated with SASL will connect as this -# ## account. See the README for more information. -# ## -# ## Please note that setting this will allow clients to connect without -# ## authenticating! -# ## -# ## {default_user, "guest"}, - +## Connections that are not authenticated with SASL will connect as this +## account. See the README for more information. +## +## Please note that setting this will allow clients to connect without +## authenticating! +## amqp1.default_user = guest -# ## Enable protocol strict mode. See the README for more information. -# ## -# ## {protocol_strict_mode, false} -# ]}, - +## Enable protocol strict mode. See the README for more information. +## amqp1.protocol_strict_mode = false -# ## Lager controls logging. -# ## See https://github.com/basho/lager for more documentation -# {lager, [ -# ## -# ## Log direcrory, taken from the RABBITMQ_LOG_BASE env variable by default. -# ## {log_root, "/var/log/rabbitmq"}, -# ## -# ## All log messages go to the default "sink" configured with -# ## the `handlers` parameter. By default, it has a single -# ## lager_file_backend handler writing messages to "$nodename.log" -# ## (ie. the value of $RABBIT_LOGS). -# ## {handlers, [ -# ## {lager_file_backend, [{file, "rabbit.log"}, -# ## {level, info}, -# ## {date, ""}, -# ## {size, 0}]} -# ## ]}, -# ## -# ## Extra sinks are used in RabbitMQ to categorize messages. By -# ## default, those extra sinks are configured to forward messages -# ## to the default sink (see above). "rabbit_log_lager_event" -# ## is the default category where all RabbitMQ messages without -# ## a category go. Messages in the "channel" category go to the -# ## "rabbit_channel_lager_event" Lager extra sink, and so on. -# ## {extra_sinks, [ -# ## {rabbit_log_lager_event, [{handlers, [ -# ## {lager_forwarder_backend, -# ## [lager_event, info]}]}]}, -# ## {rabbit_channel_lager_event, [{handlers, [ -# ## {lager_forwarder_backend, -# ## [lager_event, info]}]}]}, -# ## {rabbit_conection_lager_event, [{handlers, [ -# ## {lager_forwarder_backend, -# ## [lager_event, info]}]}]}, -# ## {rabbit_mirroring_lager_event, [{handlers, [ -# ## {lager_forwarder_backend, -# ## [lager_event, info]}]}]} -# ## ]} -# ]} -# ]. - -#log.dir = /var/log/rabbitmq - -log.console = false -log.console.level = info - -log.file = rabbit.log -log.file.level = info - -# DO NOT SET rotation date to ''. Leave unset if require "" value -#log.file.rotation.date = -log.file.rotation.size = 0 - - -# Possible: -log.syslog = false -log.syslog.identity = rabbitmq -log.syslog.level = info -log.syslog.facility = daemon +## Lager controls logging. +## See https://github.com/basho/lager for more documentation +## +## Log direcrory, taken from the RABBITMQ_LOG_BASE env variable by default. +## +# log.dir = /var/log/rabbitmq + +## Logging to console (can be true or false) +## +# log.console = false + +## Loglevel to log to console +## +# log.console.level = info + +## Logging to file. Can be false or filename. +## Default: +# log.file = rabbit.log + +## To turn off: +# log.file = false + +## Loglevel to log to file +## +# log.file.level = info + +## File rotation config. No rotation by defualt. +## DO NOT SET rotation date to ''. Leave unset if require "" value +# log.file.rotation.date = $D0 +# log.file.rotation.size = 0 + + +## QA: Config for syslog logging +# log.syslog = false +# log.syslog.identity = rabbitmq +# log.syslog.level = info +# log.syslog.facility = daemon + + +## ---------------------------------------------------------------------------- +## RabbitMQ LDAP Plugin +## +## See http://www.rabbitmq.com/ldap.html for details. +## +## ---------------------------------------------------------------------------- + +# ======================================= +# LDAP section +# ======================================= + +## +## Connecting to the LDAP server(s) +## ================================ +## + +## Specify servers to bind to. You *must* set this in order for the plugin +## to work properly. +## +# ldap.servers.myserver = your-server-name-goes-here + +## You can define multiple servers +# ldap.servers.other_server = your-other-server + +## Connect to the LDAP server using SSL +## +# ldap.use_ssl = false + +## Specify the LDAP port to connect to +## +# ldap.port = 389 + +## LDAP connection timeout, in milliseconds or 'infinity' +## +# ldap.timeout = infinity + +## Or number +# ldap.timeout = 500 + +## Enable logging of LDAP queries. +## One of +## - false (no logging is performed) +## - true (verbose logging of the logic used by the plugin) +## - network (as true, but additionally logs LDAP network traffic) +## +## Defaults to false. +## +ldap.log = false + +## Also can be true or network +# ldap.log = true +# ldap.log = network + +## +## Authentication +## ============== +## + +## Pattern to convert the username given through AMQP to a DN before +## binding +## +ldap.user_dn_pattern = cn=${username},ou=People,dc=example,dc=com + +## Alternatively, you can convert a username to a Distinguished +## Name via an LDAP lookup after binding. See the documentation for +## full details. + +## When converting a username to a dn via a lookup, set these to +## the name of the attribute that represents the user name, and the +## base DN for the lookup query. +## +ldap.dn_lookup_attribute = userPrincipalName +ldap.dn_lookup_base = DC=gopivotal,DC=com + +## Controls how to bind for authorisation queries and also to +## retrieve the details of users logging in without presenting a +## password (e.g., SASL EXTERNAL). +## One of +## - as_user (to bind as the authenticated user - requires a password) +## - anon (to bind anonymously) +## - {UserDN, Password} (to bind with a specified user name and password) +## +## Defaults to 'as_user'. +## +ldap.other_bind = as_user + +## Or can be more complex: +# ldap.other_bind.user_dn = User +# ldap.other_bind.password = Password + +## If user_dn and password defined - other options is ignored. + +# ----------------------------- +# Too complex section of LDAP +# ----------------------------- + +## +## Authorisation +## ============= +## + +## The LDAP plugin can perform a variety of queries against your +## LDAP server to determine questions of authorisation. See +## http://www.rabbitmq.com/ldap.html#authorisation for more +## information. + +## Following configuration should be defined in additional.config file +## DO NOT UNCOMMENT THIS LINES! + +## Set the query to use when determining vhost access +## +## {vhost_access_query, {in_group, +## "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}}, + +## Set the query to use when determining resource (e.g., queue) access +## +## {resource_access_query, {constant, true}}, + +## Set queries to determine which tags a user has +## +## {tag_queries, []} +# ]}, +# ----------------------------- diff --git a/schema/rabbitmq.config.schema b/schema/rabbitmq.config.schema index 4ac384bceb..2825961799 100644 --- a/schema/rabbitmq.config.schema +++ b/schema/rabbitmq.config.schema @@ -1,25 +1,21 @@ -%% -*- mode: erlang -*- -%% ---------------------------------------------------------------------------- -%% RabbitMQ Sample Configuration File. +% ============================== +% Rabbit app section +% ============================== + %% -%% See http://www.rabbitmq.com/configure.html for details. -%% ---------------------------------------------------------------------------- -% [ -% {rabbit, -% [%% - %% Network Connectivity - %% ==================== - %% - - %% By default, RabbitMQ will listen on all interfaces, using - %% the standard (reserved) AMQP port. - %% - %% {tcp_listeners, [5672]}, - %% To listen on a specific interface, provide a tuple of {IpAddress, Port}. - %% For example, to listen only on localhost for both IPv4 and IPv6: - %% - %% {tcp_listeners, [{"127.0.0.1", 5672}, - %% {"::1", 5672}]}, +%% Network Connectivity +%% ==================== +%% + +%% By default, RabbitMQ will listen on all interfaces, using +%% the standard (reserved) AMQP port. +%% +%% {tcp_listeners, [5672]}, +%% To listen on a specific interface, provide a tuple of {IpAddress, Port}. +%% For example, to listen only on localhost for both IPv4 and IPv6: +%% +%% {tcp_listeners, [{"127.0.0.1", 5672}, +%% {"::1", 5672}]}, {mapping, "listener.tcp.$name", "rabbit.tcp_listeners",[ {default, 5672}, @@ -33,10 +29,10 @@ fun(Conf) -> [ V || {_, V} <- Settings ] end}. - %% SSL listeners are configured in the same fashion as TCP listeners, - %% including the option to control the choice of interface. - %% - %% {ssl_listeners, [5671]}, +%% SSL listeners are configured in the same fashion as TCP listeners, +%% including the option to control the choice of interface. +%% +%% {ssl_listeners, [5671]}, {mapping, "listener.ssl.$name", "rabbit.ssl_listeners",[ {default, 5672}, @@ -50,11 +46,11 @@ fun(Conf) -> [ V || {_, V} <- Settings ] end}. - %% Number of Erlang processes that will accept connections for the TCP - %% and SSL listeners. - %% - %% {num_tcp_acceptors, 10}, - %% {num_ssl_acceptors, 1}, +%% Number of Erlang processes that will accept connections for the TCP +%% and SSL listeners. +%% +%% {num_tcp_acceptors, 10}, +%% {num_ssl_acceptors, 1}, {mapping, "num_acceptors.ssl", "rabbit.num_ssl_acceptors", [ {default, 1}, @@ -67,21 +63,21 @@ end}. ]}. - %% Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection - %% and SSL handshake), in milliseconds. - %% - %% {handshake_timeout, 10000}, +%% Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection +%% and SSL handshake), in milliseconds. +%% +%% {handshake_timeout, 10000}, {mapping, "handshake_timeout", "rabbit.handshake_timeout", [ {default, 10000}, {datatype, integer} ]}. - %% Set to 'true' to perform reverse DNS lookups when accepting a - %% connection. Hostnames will then be shown instead of IP addresses - %% in rabbitmqctl and the management plugin. - %% - %% {reverse_dns_lookups, true}, +%% Set to 'true' to perform reverse DNS lookups when accepting a +%% connection. Hostnames will then be shown instead of IP addresses +%% in rabbitmqctl and the management plugin. +%% +%% {reverse_dns_lookups, true}, {mapping, "reverse_dns_lookups", "rabbit.reverse_dns_lookups", [ {default, true}, @@ -93,39 +89,39 @@ end}. {level, advanced} ]}. - %% - %% Security / AAA - %% ============== - %% +%% +%% Security / AAA +%% ============== +%% - %% The default "guest" user is only permitted to access the server - %% via a loopback interface (e.g. localhost). - %% {loopback_users, [<<"guest">>]}, - %% - %% Uncomment the following line if you want to allow access to the - %% guest user from anywhere on the network. - %% {loopback_users, []}, +%% The default "guest" user is only permitted to access the server +%% via a loopback interface (e.g. localhost). +%% {loopback_users, [<<"guest">>]}, +%% +%% Uncomment the following line if you want to allow access to the +%% guest user from anywhere on the network. +%% {loopback_users, []}, {mapping, "loopback_user.$user", "rabbit.loopback_users", [ - {default, <<"guest">>}, - {datatype, string}, + {default, true}, + {datatype, atom}, {include_default, "guest"} ]}. {translation, "rabbit.loopback_users", fun(Conf) -> Settings = cuttlefish_variable:filter_by_prefix("loopback_user", Conf), - [ list_to_binary(V) || {_, V} <- Settings ] + [ list_to_binary(U) || {["loopback_user", U], V} <- Settings, V == true ] end}. - %% Configuring SSL. - %% See http://www.rabbitmq.com/ssl.html for full documentation. - %% - %% {ssl_options, [{cacertfile, "/path/to/testca/cacert.pem"}, - %% {certfile, "/path/to/server/cert.pem"}, - %% {keyfile, "/path/to/server/key.pem"}, - %% {verify, verify_peer}, - %% {fail_if_no_peer_cert, false}]}, +%% Configuring SSL. +%% See http://www.rabbitmq.com/ssl.html for full documentation. +%% +%% {ssl_options, [{cacertfile, "/path/to/testca/cacert.pem"}, +%% {certfile, "/path/to/server/cert.pem"}, +%% {keyfile, "/path/to/server/key.pem"}, +%% {verify, verify_peer}, +%% {fail_if_no_peer_cert, false}]}, %% SSL options section ======================================================== @@ -227,45 +223,14 @@ end}. %% =========================================================================== - %% Choose the available SASL mechanism(s) to expose. - %% The two default (built in) mechanisms are 'PLAIN' and - %% 'AMQPLAIN'. Additional mechanisms can be added via - %% plugins. - %% - %% See http://www.rabbitmq.com/authentication.html for more details. - %% - %% {auth_mechanisms, ['PLAIN', 'AMQPLAIN']}, - - %% Select an authentication database to use. RabbitMQ comes bundled - %% with a built-in auth-database, based on mnesia. - %% - %% {auth_backends, [rabbit_auth_backend_internal]}, - - %% Configurations supporting the rabbitmq_auth_mechanism_ssl and - %% rabbitmq_auth_backend_ldap plugins. - %% - %% NB: These options require that the relevant plugin is enabled. - %% See http://www.rabbitmq.com/plugins.html for further details. - - %% The RabbitMQ-auth-mechanism-ssl plugin makes it possible to - %% authenticate a user based on the client's SSL certificate. - %% - %% To use auth-mechanism-ssl, add to or replace the auth_mechanisms - %% list with the entry 'EXTERNAL'. - %% - %% {auth_mechanisms, ['EXTERNAL']}, - - %% The rabbitmq_auth_backend_ldap plugin allows the broker to - %% perform authentication and authorisation by deferring to an - %% external LDAP server. - %% - %% For more information about configuring the LDAP backend, see - %% http://www.rabbitmq.com/ldap.html. - %% - %% Enable the LDAP auth backend by adding to or replacing the - %% auth_backends entry: - %% - %% {auth_backends, [rabbit_auth_backend_ldap]}, +%% Choose the available SASL mechanism(s) to expose. +%% The two default (built in) mechanisms are 'PLAIN' and +%% 'AMQPLAIN'. Additional mechanisms can be added via +%% plugins. +%% +%% See http://www.rabbitmq.com/authentication.html for more details. +%% +%% {auth_mechanisms, ['PLAIN', 'AMQPLAIN']}, {mapping, "auth_mechanism.$name", "rabbit.auth_mechanisms", [ {datatype, atom}]}. @@ -276,6 +241,12 @@ fun(Conf) -> [ V || {_, V} <- Settings ] end}. + +%% Select an authentication database to use. RabbitMQ comes bundled +%% with a built-in auth-database, based on mnesia. +%% +%% {auth_backends, [rabbit_auth_backend_internal]}, + {mapping, "auth_backend.$name", "rabbit.auth_backends", [ {datatype, atom} ]}. @@ -286,58 +257,58 @@ fun(Conf) -> [ V || {_, V} <- Settings ] end}. - %% This pertains to both the rabbitmq_auth_mechanism_ssl plugin and - %% STOMP ssl_cert_login configurations. See the rabbitmq_stomp - %% configuration section later in this file and the README in - %% https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further - %% details. - %% - %% To use the SSL cert's CN instead of its DN as the username - %% - %% {ssl_cert_login_from, common_name}, - - %% SSL handshake timeout, in milliseconds. - %% - %% {ssl_handshake_timeout, 5000}, +%% This pertains to both the rabbitmq_auth_mechanism_ssl plugin and +%% STOMP ssl_cert_login configurations. See the rabbitmq_stomp +%% configuration section later in this file and the README in +%% https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further +%% details. +%% +%% To use the SSL cert's CN instead of its DN as the username +%% +%% {ssl_cert_login_from, common_name}, {mapping, "ssl_cert_login_from", "rabbit.ssl_cert_login_from", [ {datatype, {enum, [distinguished_name, common_name]}} ]}. +%% SSL handshake timeout, in milliseconds. +%% +%% {ssl_handshake_timeout, 5000}, + {mapping, "ssl_handshake_timeout", "rabbit.ssl_handshake_timeout", [ {datatype, integer} ]}. - %% Password hashing implementation. Will only affect newly - %% created users. To recalculate hash for an existing user - %% it's necessary to update her password. - %% - %% When importing definitions exported from versions earlier - %% than 3.6.0, it is possible to go back to MD5 (only do this - %% as a temporary measure!) by setting this to rabbit_password_hashing_md5. - %% - %% To use SHA-512, set to rabbit_password_hashing_sha512. - %% - %% {password_hashing_module, rabbit_password_hashing_sha256}, +%% Password hashing implementation. Will only affect newly +%% created users. To recalculate hash for an existing user +%% it's necessary to update her password. +%% +%% When importing definitions exported from versions earlier +%% than 3.6.0, it is possible to go back to MD5 (only do this +%% as a temporary measure!) by setting this to rabbit_password_hashing_md5. +%% +%% To use SHA-512, set to rabbit_password_hashing_sha512. +%% +%% {password_hashing_module, rabbit_password_hashing_sha256}, {mapping, "password_hashing_module", "rabbit.password_hashing_module", [ {datatype, atom} ]}. - %% - %% Default User / VHost - %% ==================== - %% - - %% On first start RabbitMQ will create a vhost and a user. These - %% config items control what gets created. See - %% http://www.rabbitmq.com/access-control.html for further - %% information about vhosts and access control. - %% - %% {default_vhost, <<"/">>}, - %% {default_user, <<"guest">>}, - %% {default_pass, <<"guest">>}, - %% {default_permissions, [<<".*">>, <<".*">>, <<".*">>]}, +%% +%% Default User / VHost +%% ==================== +%% + +%% On first start RabbitMQ will create a vhost and a user. These +%% config items control what gets created. See +%% http://www.rabbitmq.com/access-control.html for further +%% information about vhosts and access control. +%% +%% {default_vhost, <<"/">>}, +%% {default_user, <<"guest">>}, +%% {default_pass, <<"guest">>}, +%% {default_permissions, [<<".*">>, <<".*">>, <<".*">>]}, {mapping, "default_vhost", "rabbit.default_vhost", [ {datatype, string} @@ -390,12 +361,12 @@ fun(Conf) -> [list_to_binary(Configure), list_to_binary(Read), list_to_binary(Write)] end}. - %% Tags for default user - %% - %% For more details about tags, see the documentation for the - %% Management Plugin at http://www.rabbitmq.com/management.html. - %% - %% {default_user_tags, [administrator]}, +%% Tags for default user +%% +%% For more details about tags, see the documentation for the +%% Management Plugin at http://www.rabbitmq.com/management.html. +%% +%% {default_user_tags, [administrator]}, {mapping, "default_user_tags.$tag", "rabbit.default_user_tags", [{datatype, {enum, [true, false]}}]}. @@ -406,42 +377,45 @@ fun(Conf) -> [ list_to_atom(Key) || {[_,Key], Val} <- Settings, Val == true ] end}. - %% - %% Additional network and protocol related configuration - %% ===================================================== - %% - - %% Set the default AMQP heartbeat delay (in seconds). - %% - %% {heartbeat, 600}, +%% +%% Additional network and protocol related configuration +%% ===================================================== +%% - %% Set the max permissible size of an AMQP frame (in bytes). - %% - %% {frame_max, 131072}, +%% Set the default AMQP heartbeat delay (in seconds). +%% +%% {heartbeat, 600}, - %% Set the max frame size the server will accept before connection - %% tuning occurs - %% - %% {initial_frame_max, 4096}, +{mapping, "heartbeat", "rabbit.heartbeat", [{datatype, integer}]}. - %% Set the max permissible number of channels per connection. - %% 0 means "no limit". - %% - %% {channel_max, 128}, +%% Set the max permissible size of an AMQP frame (in bytes). +%% +%% {frame_max, 131072}, -{mapping, "heartbeat", "rabbit.heartbeat", [{datatype, integer}]}. {mapping, "frame_max", "rabbit.frame_max", [{datatype, bytesize}]}. + +%% Set the max frame size the server will accept before connection +%% tuning occurs +%% +%% {initial_frame_max, 4096}, + {mapping, "initial_frame_max", "rabbit.initial_frame_max", [{datatype, bytesize}]}. + +%% Set the max permissible number of channels per connection. +%% 0 means "no limit". +%% +%% {channel_max, 128}, + {mapping, "channel_max", "rabbit.channel_max", [{datatype, integer}]}. - %% Customising Socket Options. - %% - %% See (http://www.erlang.org/doc/man/inet.html#setopts-2) for - %% further documentation. - %% - %% {tcp_listen_options, [{backlog, 128}, - %% {nodelay, true}, - %% {exit_on_close, false}]}, +%% Customising Socket Options. +%% +%% See (http://www.erlang.org/doc/man/inet.html#setopts-2) for +%% further documentation. +%% +%% {tcp_listen_options, [{backlog, 128}, +%% {nodelay, true}, +%% {exit_on_close, false}]}, %% TCP listener section ====================================================== @@ -506,32 +480,29 @@ end}. %% ========================================================================== - %% - %% Resource Limits & Flow Control - %% ============================== - %% - %% See http://www.rabbitmq.com/memory.html for full details. - - %% Memory-based Flow Control threshold. - %% - %% {vm_memory_high_watermark, 0.4}, - - %% Alternatively, we can set a limit (in bytes) of RAM used by the node. - %% - %% {vm_memory_high_watermark, {absolute, 1073741824}}, - %% - %% Or you can set absolute value using memory units (with RabbitMQ 3.6.0+). - %% - %% {vm_memory_high_watermark, {absolute, "1024M"}}, - %% - %% Supported units suffixes: - %% - %% k, kiB: kibibytes (2^10 bytes) - %% M, MiB: mebibytes (2^20) - %% G, GiB: gibibytes (2^30) - %% kB: kilobytes (10^3) - %% MB: megabytes (10^6) - %% GB: gigabytes (10^9) +%% +%% Resource Limits & Flow Control +%% ============================== +%% +%% See http://www.rabbitmq.com/memory.html for full details. + +%% Memory-based Flow Control threshold. +%% +%% {vm_memory_high_watermark, 0.4}, + +%% Alternatively, we can set a limit (in bytes) of RAM used by the node. +%% +%% {vm_memory_high_watermark, {absolute, 1073741824}}, +%% +%% Or you can set absolute value using memory units (with RabbitMQ 3.6.0+). +%% +%% {vm_memory_high_watermark, {absolute, "1024M"}}, +%% +%% Supported units suffixes: +%% +%% kb, KB: kibibytes (2^10 bytes) +%% mb, MB: mebibytes (2^20) +%% gb, GB: gibibytes (2^30) {mapping, "vm_memory_high_watermark.relative", "rabbit.vm_memory_high_watermark", [ {default, 0.4}, @@ -553,41 +524,41 @@ fun(Conf) -> end end}. - %% Fraction of the high watermark limit at which queues start to - %% page message out to disc in order to free up memory. - %% - %% Values greater than 0.9 can be dangerous and should be used carefully. - %% - %% {vm_memory_high_watermark_paging_ratio, 0.5}, +%% Fraction of the high watermark limit at which queues start to +%% page message out to disc in order to free up memory. +%% +%% Values greater than 0.9 can be dangerous and should be used carefully. +%% +%% {vm_memory_high_watermark_paging_ratio, 0.5}, {mapping, "vm_memory_high_watermark_paging_ratio", "rabbit.vm_memory_high_watermark_paging_ratio", [{datatype, float}, {validators, ["less_than_1"]}]}. - %% Interval (in milliseconds) at which we perform the check of the memory - %% levels against the watermarks. - %% - %% {memory_monitor_interval, 2500}, +%% Interval (in milliseconds) at which we perform the check of the memory +%% levels against the watermarks. +%% +%% {memory_monitor_interval, 2500}, {mapping, "memory_monitor_interval", "rabbit.memory_monitor_interval", [{datatype, integer}]}. - %% Set disk free limit (in bytes). Once free disk space reaches this - %% lower bound, a disk alarm will be set - see the documentation - %% listed above for more details. - %% - %% {disk_free_limit, 50000000}, - %% - %% Or you can set it using memory units (same as in vm_memory_high_watermark) - %% with RabbitMQ 3.6.0+. - %% {disk_free_limit, "50MB"}, - %% {disk_free_limit, "50000kB"}, - %% {disk_free_limit, "2GB"}, - - %% Alternatively, we can set a limit relative to total available RAM. - %% - %% Values lower than 1.0 can be dangerous and should be used carefully. - %% {disk_free_limit, {mem_relative, 2.0}}, +%% Set disk free limit (in bytes). Once free disk space reaches this +%% lower bound, a disk alarm will be set - see the documentation +%% listed above for more details. +%% +%% {disk_free_limit, 50000000}, +%% +%% Or you can set it using memory units (same as in vm_memory_high_watermark) +%% with RabbitMQ 3.6.0+. +%% {disk_free_limit, "50MB"}, +%% {disk_free_limit, "50000kB"}, +%% {disk_free_limit, "2GB"}, + +%% Alternatively, we can set a limit relative to total available RAM. +%% +%% Values lower than 1.0 can be dangerous and should be used carefully. +%% {disk_free_limit, {mem_relative, 2.0}}, {mapping, "disk_free_limit.relative", "rabbit.disk_free_limit", [ {default, 0.4}, @@ -609,15 +580,15 @@ fun(Conf) -> end end}. - %% - %% Clustering - %% ===================== - %% +%% +%% Clustering +%% ===================== +%% - %% How to respond to cluster partitions. - %% See http://www.rabbitmq.com/partitions.html for further details. - %% - %% {cluster_partition_handling, ignore}, +%% How to respond to cluster partitions. +%% See http://www.rabbitmq.com/partitions.html for further details. +%% +%% {cluster_partition_handling, ignore}, {mapping, "cluster_partition_handling", "rabbit.cluster_partition_handling", [{datatype, {enum, [ignore, pause_minority, autoheal, pause_if_all_down]}}]}. @@ -656,21 +627,21 @@ fun(Conf) -> end end}. - %% Mirror sync batch size, in messages. Increasing this will speed - %% up syncing but total batch size in bytes must not exceed 2 GiB. - %% Available in RabbitMQ 3.6.0 or later. - %% - %% {mirroring_sync_batch_size, 4096}, +%% Mirror sync batch size, in messages. Increasing this will speed +%% up syncing but total batch size in bytes must not exceed 2 GiB. +%% Available in RabbitMQ 3.6.0 or later. +%% +%% {mirroring_sync_batch_size, 4096}, {mapping, "mirroring_sync_batch_size", "rabbit.mirroring_sync_batch_size", [{datatype, bytesize}, {validators, ["size_less_than_2G"]}]}. - %% Make clustering happen *automatically* at startup - only applied - %% to nodes that have just been reset or started for the first time. - %% See http://www.rabbitmq.com/clustering.html#auto-config for - %% further details. - %% - %% {cluster_nodes, {['rabbit@my.host.com'], disc}}, +%% Make clustering happen *automatically* at startup - only applied +%% to nodes that have just been reset or started for the first time. +%% See http://www.rabbitmq.com/clustering.html#auto-config for +%% further details. +%% +%% {cluster_nodes, {['rabbit@my.host.com'], disc}}, {mapping, "cluster_nodes.disc.$node", "rabbit.cluster_nodes", [{datatype, atom}]}. @@ -690,149 +661,107 @@ fun(Conf) -> end}. - %% Interval (in milliseconds) at which we send keepalive messages - %% to other cluster members. Note that this is not the same thing - %% as net_ticktime; missed keepalive messages will not cause nodes - %% to be considered down. - %% - %% {cluster_keepalive_interval, 10000}, +%% Interval (in milliseconds) at which we send keepalive messages +%% to other cluster members. Note that this is not the same thing +%% as net_ticktime; missed keepalive messages will not cause nodes +%% to be considered down. +%% +%% {cluster_keepalive_interval, 10000}, {mapping, "cluster_keepalive_interval", "rabbit.cluster_keepalive_interval", [{datatype, integer}]}. - %% - %% Statistics Collection - %% ===================== - %% +%% +%% Statistics Collection +%% ===================== +%% - %% Set (internal) statistics collection granularity. - %% - %% {collect_statistics, none}, +%% Set (internal) statistics collection granularity. +%% +%% {collect_statistics, none}, {mapping, "collect_statistics", "rabbit.collect_statistics", [{datatype, {enum, [none, coarse, fine]}}]}. - %% Statistics collection interval (in milliseconds). Increasing - %% this will reduce the load on management database. - %% - %% {collect_statistics_interval, 5000}, +%% Statistics collection interval (in milliseconds). Increasing +%% this will reduce the load on management database. +%% +%% {collect_statistics_interval, 5000}, {mapping, "collect_statistics_interval", "rabbit.collect_statistics_interval", [{datatype, integer}]}. - %% - %% Misc/Advanced Options - %% ===================== - %% - %% NB: Change these only if you understand what you are doing! - %% - %% Explicitly enable/disable hipe compilation. - %% - %% {hipe_compile, true}, +%% +%% Misc/Advanced Options +%% ===================== +%% +%% NB: Change these only if you understand what you are doing! +%% + +%% Explicitly enable/disable hipe compilation. +%% +%% {hipe_compile, true}, {mapping, "hipe_compile", "rabbit.hipe_compile", [{datatype, {enum, [true, false]}}]}. - %% Timeout used when waiting for Mnesia tables in a cluster to - %% become available. - %% - %% {mnesia_table_loading_timeout, 30000}, +%% Timeout used when waiting for Mnesia tables in a cluster to +%% become available. +%% +%% {mnesia_table_loading_timeout, 30000}, {mapping, "mnesia_table_loading_timeout", "rabbit.mnesia_table_loading_timeout", [{datatype, integer}]}. - %% Size in bytes below which to embed messages in the queue index. See - %% http://www.rabbitmq.com/persistence-conf.html - %% - %% {queue_index_embed_msgs_below, 4096} +%% Size in bytes below which to embed messages in the queue index. See +%% http://www.rabbitmq.com/persistence-conf.html +%% +%% {queue_index_embed_msgs_below, 4096} {mapping, "queue_index_embed_msgs_below", "rabbit.queue_index_embed_msgs_below", [{datatype, bytesize}]}. - % ]}, - - % %% ---------------------------------------------------------------------------- - % %% Advanced Erlang Networking/Clustering Options. - % %% - % %% See http://www.rabbitmq.com/clustering.html for details - % %% ---------------------------------------------------------------------------- - % {kernel, - % [%% Sets the net_kernel tick time. - % %% Please see http://erlang.org/doc/man/kernel_app.html and - % %% http://www.rabbitmq.com/nettick.html for further details. - % %% - % %% {net_ticktime, 60} - % ]}, - {mapping, "kernel.net_ticktime", "kernel.net_ticktime", +%% ---------------------------------------------------------------------------- +%% Advanced Erlang Networking/Clustering Options. +%% +%% See http://www.rabbitmq.com/clustering.html for details +%% ---------------------------------------------------------------------------- +%% Sets the net_kernel tick time. +%% Please see http://erlang.org/doc/man/kernel_app.html and +%% http://www.rabbitmq.com/nettick.html for further details. +%% +%% {kernel, [{net_ticktime, 60}]}, +{mapping, "kernel.net_ticktime", "kernel.net_ticktime", [{datatype, integer}]}. -% %% ---------------------------------------------------------------------------- -% %% RabbitMQ AMQP 1.0 Support -% %% -% %% See https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md -% %% for details -% %% ---------------------------------------------------------------------------- - -% {rabbitmq_amqp1_0, -% [%% Connections that are not authenticated with SASL will connect as this -% %% account. See the README for more information. -% %% -% %% Please note that setting this will allow clients to connect without -% %% authenticating! -% %% -% %% {default_user, "guest"}, +%% ---------------------------------------------------------------------------- +%% RabbitMQ AMQP 1.0 Support +%% +%% See https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md +%% for details +%% ---------------------------------------------------------------------------- + +% {rabbitmq_amqp1_0,[ +%% Connections that are not authenticated with SASL will connect as this +%% account. See the README for more information. +%% +%% Please note that setting this will allow clients to connect without +%% authenticating! +%% +%% {default_user, "guest"}, {mapping, "amqp1.default_user", "rabbitmq_amqp1_0.default_user", [{datatype, string}]}. -% %% Enable protocol strict mode. See the README for more information. -% %% -% %% {protocol_strict_mode, false} +%% Enable protocol strict mode. See the README for more information. +%% +%% {protocol_strict_mode, false} % ]}, {mapping, "amqp1.protocol_strict_mode", "rabbitmq_amqp1_0.protocol_strict_mode", [{datatype, {enum, [true, false]}}]}. - -% %% Lager controls logging. -% %% See https://github.com/basho/lager for more documentation -% {lager, [ -% %% -% %% Log direcrory, taken from the RABBITMQ_LOG_BASE env variable by default. -% %% {log_root, "/var/log/rabbitmq"}, -% %% -% %% All log messages go to the default "sink" configured with -% %% the `handlers` parameter. By default, it has a single -% %% lager_file_backend handler writing messages to "$nodename.log" -% %% (ie. the value of $RABBIT_LOGS). -% %% {handlers, [ -% %% {lager_file_backend, [{file, "rabbit.log"}, -% %% {level, info}, -% %% {date, ""}, -% %% {size, 0}]} -% %% ]}, -% %% -% %% Extra sinks are used in RabbitMQ to categorize messages. By -% %% default, those extra sinks are configured to forward messages -% %% to the default sink (see above). "rabbit_log_lager_event" -% %% is the default category where all RabbitMQ messages without -% %% a category go. Messages in the "channel" category go to the -% %% "rabbit_channel_lager_event" Lager extra sink, and so on. -% %% {extra_sinks, [ -% %% {rabbit_log_lager_event, [{handlers, [ -% %% {lager_forwarder_backend, -% %% [lager_event, info]}]}]}, -% %% {rabbit_channel_lager_event, [{handlers, [ -% %% {lager_forwarder_backend, -% %% [lager_event, info]}]}]}, -% %% {rabbit_conection_lager_event, [{handlers, [ -% %% {lager_forwarder_backend, -% %% [lager_event, info]}]}]}, -% %% {rabbit_mirroring_lager_event, [{handlers, [ -% %% {lager_forwarder_backend, -% %% [lager_event, info]}]}]} -% %% ]} -% ]} -% ]. - +% ========================== +% Lager section +% ========================== {mapping, "log.dir", "lager.log_root", [ {datatype, string}, @@ -913,6 +842,10 @@ fun(Conf) -> end}. +% =============================== +% Validators +% =============================== + {validator, "size_less_than_2G", "Byte size should be less than 2G and greater than 0", fun(Size) when is_integer(Size) -> Size > 0 andalso Size < 2147483648 |