Support for plugin schemas

1 files changed, 726 insertions, 0 deletions

diff --git a/docs/rabbitmq.conf.example b/docs/rabbitmq.conf.example
new file mode 100644
index 0000000000..278e37b019
--- /dev/null
+++ b/docs/rabbitmq.conf.example
@@ -0,0 +1,726 @@
+# ======================================
+# RabbbitMQ broker section
+# ======================================
+
+## Network Connectivity
+## ====================
+##
+## By default, RabbitMQ will listen on all interfaces, using
+## the standard (reserved) AMQP port.
+##
+# listeners.tcp.default = 5672
+
+
+## To listen on a specific interface, provide an IP address with port.
+## For example, to listen only on localhost for both IPv4 and IPv6:
+##
+# IPv4
+# listeners.tcp.local    = 127.0.0.1:5672
+# IPv6
+# listeners.tcp.local_v6 = ::1:5672
+
+## You can define multiple listeners using listener names
+# listeners.tcp.other_port = 5673
+# listeners.tcp.other_ip   = 10.10.10.10:5672
+
+
+## SSL listeners are configured in the same fashion as TCP listeners,
+## including the option to control the choice of interface.
+##
+# listeners.ssl.default = 5671
+
+## Number of Erlang processes that will accept connections for the TCP
+## and SSL listeners.
+##
+# num_acceptors.tcp = 10
+# num_acceptors.ssl = 1
+
+
+## Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection
+## and SSL handshake), in milliseconds.
+##
+# handshake_timeout = 10000
+
+## Set to 'true' to perform reverse DNS lookups when accepting a
+## connection. Hostnames will then be shown instead of IP addresses
+## in rabbitmqctl and the management plugin.
+##
+# reverse_dns_lookups = true
+
+##
+## Security / AAA
+## ==============
+##
+
+## The default "guest" user is only permitted to access the server
+## via a loopback interface (e.g. localhost).
+## {loopback_users, [<<"guest">>]},
+##
+# loopback_users.guest = true
+
+## Uncomment the following line if you want to allow access to the
+## guest user from anywhere on the network.
+# loopback_users.guest = false
+
+## Configuring SSL.
+## See http://www.rabbitmq.com/ssl.html for full documentation.
+##
+# ssl_options.verify               = verify_peer
+# ssl_options.fail_if_no_peer_cert = false
+# ssl_options.cacertfile           = /path/to/rabbitmq.crt
+# ssl_options.certfile             = /path/to/rabbitmq.crt
+# ssl_options.keyfile              = /path/to/rabbitmq.key
+
+## Choose the available SASL mechanism(s) to expose.
+## The two default (built in) mechanisms are 'PLAIN' and
+## 'AMQPLAIN'. Additional mechanisms can be added via
+## plugins.
+##
+## See http://www.rabbitmq.com/authentication.html for more details.
+##
+# auth_mechanisms.1 = PLAIN
+# auth_mechanisms.2 = AMQPLAIN
+
+## Select an authentication database to use. RabbitMQ comes bundled
+## with a built-in auth-database, based on mnesia.
+##
+# auth_backends.1   = internal
+
+# auth_backends.2.authn = ldap
+# auth_backends.2.authz = internal
+
+# auth_backends.3.authz = rabbit_auth_backend_uaa
+
+## Configurations supporting the rabbitmq_auth_mechanism_ssl and
+## rabbitmq_auth_backend_ldap plugins.
+##
+## NB: These options require that the relevant plugin is enabled.
+## See http://www.rabbitmq.com/plugins.html for further details.
+
+
+## The RabbitMQ-auth-mechanism-ssl plugin makes it possible to
+## authenticate a user based on the client's SSL certificate.
+##
+## To use auth-mechanism-ssl, add to or replace the auth_mechanisms
+## with EXTERNAL value.
+##
+#auth_mechanisms.3 = EXTERNAL
+
+## The rabbitmq_auth_backend_ldap plugin allows the broker to
+## perform authentication and authorisation by deferring to an
+## external LDAP server.
+##
+## For more information about configuring the LDAP backend, see
+## http://www.rabbitmq.com/ldap.html.
+##
+## Enable the LDAP auth backend by adding to or replacing the
+## auth_backends entry:
+##
+# auth_backends.2 = rabbit_auth_backend_ldap
+
+## Add another backend
+# auth_backends.3 = rabbit_auth_backend_http
+
+
+## This pertains to both the rabbitmq_auth_mechanism_ssl plugin and
+## STOMP ssl_cert_login configurations. See the rabbitmq_stomp
+## configuration section later in this file and the README in
+## https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further
+## details.
+##
+## To use the SSL cert's CN instead of its DN as the username
+##
+# ssl_cert_login_from   = common_name
+
+## SSL handshake timeout, in milliseconds.
+##
+# ssl_handshake_timeout = 5000
+
+
+## Password hashing implementation. Will only affect newly
+## created users. To recalculate hash for an existing user
+## it's necessary to update her password.
+##
+## To use SHA-512, set to rabbit_password_hashing_sha512.
+##
+# password_hashing_module = rabbit_password_hashing_sha256
+
+## When importing definitions exported from versions earlier
+## than 3.6.0, it is possible to go back to MD5 (only do this
+## as a temporary measure!) by setting this to rabbit_password_hashing_md5.
+##
+# password_hashing_module = rabbit_password_hashing_md5
+
+##
+## Default User / VHost
+## ====================
+##
+
+## On first start RabbitMQ will create a vhost and a user. These
+## config items control what gets created. See
+## http://www.rabbitmq.com/access-control.html for further
+## information about vhosts and access control.
+##
+# default_vhost = /
+# default_user = guest
+# default_pass = guest
+
+# default_permissions.configure = .*
+# default_permissions.read = .*
+# default_permissions.write = .*
+
+## Tags for default user
+##
+## For more details about tags, see the documentation for the
+## Management Plugin at http://www.rabbitmq.com/management.html.
+##
+# default_user_tags.administrator = true
+
+## Define other tags like this:
+# default_user_tags.management = true
+# default_user_tags.custom_tag = true
+
+##
+## Additional network and protocol related configuration
+## =====================================================
+##
+
+## Set the default AMQP heartbeat delay (in seconds).
+##
+# heartbeat = 600
+
+## Set the max permissible size of an AMQP frame (in bytes).
+##
+# frame_max = 131072
+
+## Set the max frame size the server will accept before connection
+## tuning occurs
+##
+# initial_frame_max = 4096
+
+## Set the max permissible number of channels per connection.
+## 0 means "no limit".
+##
+# channel_max = 128
+
+## Customising Socket Options.
+##
+## See (http://www.erlang.org/doc/man/inet.html#setopts-2) for
+## further documentation.
+##
+
+# tcp_listen_options.backlog = 128
+# tcp_listen_options.nodelay = true
+# tcp_listen_options.exit_on_close = false
+
+##
+## Resource Limits & Flow Control
+## ==============================
+##
+## See http://www.rabbitmq.com/memory.html for full details.
+
+## Memory-based Flow Control threshold.
+##
+# vm_memory_high_watermark.relative = 0.4
+
+## Alternatively, we can set a limit (in bytes) of RAM used by the node.
+##
+# vm_memory_high_watermark.absolute = 1073741824
+
+## Or you can set absolute value using memory units (with RabbitMQ 3.6.0+).
+## Absolute watermark will be ignored if relative is defined!
+##
+# vm_memory_high_watermark.absolute = 2GB
+##
+## Supported units suffixes:
+##
+## kb, KB: kibibytes (2^10 bytes)
+## mb, MB: mebibytes (2^20)
+## gb, GB: gibibytes (2^30)
+
+
+
+## Fraction of the high watermark limit at which queues start to
+## page message out to disc in order to free up memory.
+##
+## Values greater than 0.9 can be dangerous and should be used carefully.
+##
+# vm_memory_high_watermark_paging_ratio = 0.5
+
+## Interval (in milliseconds) at which we perform the check of the memory
+## levels against the watermarks.
+##
+# memory_monitor_interval = 2500
+
+## Set disk free limit (in bytes). Once free disk space reaches this
+## lower bound, a disk alarm will be set - see the documentation
+## listed above for more details.
+##
+## Absolute watermark will be ignored if relative is defined!
+# disk_free_limit.absolute = 50000
+
+## Or you can set it using memory units (same as in vm_memory_high_watermark)
+## with RabbitMQ 3.6.0+.
+# disk_free_limit.absolute = 500KB
+# disk_free_limit.absolute = 50mb
+# disk_free_limit.absolute = 5GB
+
+## Alternatively, we can set a limit relative to total available RAM.
+##
+## Values lower than 1.0 can be dangerous and should be used carefully.
+# disk_free_limit.relative = 2.0
+
+##
+## Clustering
+## =====================
+##
+# cluster_partition_handling = ignore
+
+## pause_if_all_down strategy require additional configuration
+# cluster_partition_handling = pause_if_all_down
+
+## Recover strategy. Can be either 'autoheal' or 'ignore'
+# cluster_partition_handling.pause_if_all_down.recover = ignore
+
+## Node names to check
+# cluster_partition_handling.pause_if_all_down.node.1 = rabbit@localhost
+# cluster_partition_handling.pause_if_all_down.node.2 = hare@localhost
+
+## Mirror sync batch size, in messages. Increasing this will speed
+## up syncing but total batch size in bytes must not exceed 2 GiB.
+## Available in RabbitMQ 3.6.0 or later.
+##
+# mirroring_sync_batch_size = 4096
+
+## Make clustering happen *automatically* at startup - only applied
+## to nodes that have just been reset or started for the first time.
+## See http://www.rabbitmq.com/clustering.html#auto-config for
+## further details.
+##
+# cluster_nodes.disc.rabbit = rabbit@my.host.com
+
+## You can define multiple nodes
+# cluster_nodes.disc.hare = hare@my.host.com
+
+## There can be also ram nodes.
+## Ram nodes should not be defined together with disk nodes
+# cluster_nodes.ram.rabbit = rabbit@my.host.com
+
+## Interval (in milliseconds) at which we send keepalive messages
+## to other cluster members. Note that this is not the same thing
+## as net_ticktime; missed keepalive messages will not cause nodes
+## to be considered down.
+##
+# cluster_keepalive_interval = 10000
+
+##
+## Statistics Collection
+## =====================
+##
+
+## Set (internal) statistics collection granularity.
+##
+## Can be none, coarse or fine
+# collect_statistics = none
+
+# collect_statistics = coarse
+
+## Statistics collection interval (in milliseconds). Increasing
+## this will reduce the load on management database.
+##
+# collect_statistics_interval = 5000
+
+##
+## Misc/Advanced Options
+## =====================
+##
+## NB: Change these only if you understand what you are doing!
+##
+
+## Explicitly enable/disable hipe compilation.
+##
+# hipe_compile = false
+
+## Timeout used when waiting for Mnesia tables in a cluster to
+## become available.
+##
+# mnesia_table_loading_timeout = 30000
+
+## Size in bytes below which to embed messages in the queue index. See
+## http://www.rabbitmq.com/persistence-conf.html
+##
+# queue_index_embed_msgs_below = 4096
+
+## You can also set this size in memory units
+##
+# queue_index_embed_msgs_below = 4kb
+
+## ----------------------------------------------------------------------------
+## Advanced Erlang Networking/Clustering Options.
+##
+## See http://www.rabbitmq.com/clustering.html for details
+## ----------------------------------------------------------------------------
+
+# ======================================
+# Kernel section
+# ======================================
+
+# kernel.net_ticktime = 60
+
+## ----------------------------------------------------------------------------
+## RabbitMQ Management Plugin
+##
+## See http://www.rabbitmq.com/management.html for details
+## ----------------------------------------------------------------------------
+
+# =======================================
+# Management section
+# =======================================
+
+## Pre-Load schema definitions from the following JSON file. See
+## http://www.rabbitmq.com/management.html#load-definitions
+##
+# management.load_definitions = /path/to/schema.json
+
+## Log all requests to the management HTTP API to a file.
+##
+# management.http_log_dir = /path/to/access.log
+
+## Change the port on which the HTTP listener listens,
+## specifying an interface for the web server to bind to.
+## Also set the listener to use SSL and provide SSL options.
+##
+
+# QA: Maybe use IP type like in tcp_listener?
+# management.listeners.port = 12345
+# management.listeners.ip   = 127.0.0.1
+# management.listeners.ssl  = true
+
+# management.listeners.ssl_opts.cacertfile = /path/to/cacert.pem
+# management.listeners.ssl_opts.certfile   = /path/to/cert.pem
+# management.listeners.ssl_opts.keyfile    = /path/to/key.pem
+
+## One of 'basic', 'detailed' or 'none'. See
+## http://www.rabbitmq.com/management.html#fine-stats for more details.
+# management.rates_mode = basic
+
+## Configure how long aggregated data (such as message rates and queue
+## lengths) is retained. Please read the plugin's documentation in
+## http://www.rabbitmq.com/management.html#configuration for more
+## details.
+## Your can use 'minute', 'hour' and '24hours' keys or integer key (in seconds)
+# management.sample_retention_policies.global.minute    = 5
+# management.sample_retention_policies.global.hour  = 60
+# management.sample_retention_policies.global.24hours = 1200
+
+# management.sample_retention_policies.basic.minute   = 5
+# management.sample_retention_policies.basic.hour = 60
+
+# management.sample_retention_policies.detailed.10 = 5
+
+## ----------------------------------------------------------------------------
+## RabbitMQ Shovel Plugin
+##
+## See http://www.rabbitmq.com/shovel.html for details
+## ----------------------------------------------------------------------------
+
+## Shovel plugin config example is defined in additional.config file
+
+
+## ----------------------------------------------------------------------------
+## RabbitMQ Stomp Adapter
+##
+## See http://www.rabbitmq.com/stomp.html for details
+## ----------------------------------------------------------------------------
+
+# =======================================
+# STOMP section
+# =======================================
+
+## Network Configuration - the format is generally the same as for the broker
+##
+# stomp.listeners.tcp.default = 61613
+
+## Same for ssl listeners
+##
+# stomp.listeners.ssl.default = 61614
+
+## Number of Erlang processes that will accept connections for the TCP
+## and SSL listeners.
+##
+# stomp.num_acceptors.tcp = 10
+# stomp.num_acceptors.ssl = 1
+
+## Additional SSL options
+
+## Extract a name from the client's certificate when using SSL.
+##
+# stomp.ssl_cert_login = true
+
+## Set a default user name and password. This is used as the default login
+## whenever a CONNECT frame omits the login and passcode headers.
+##
+## Please note that setting this will allow clients to connect without
+## authenticating!
+##
+# stomp.default_user = guest
+# stomp.default_pass = guest
+
+## If a default user is configured, or you have configured use SSL client
+## certificate based authentication, you can choose to allow clients to
+## omit the CONNECT frame entirely. If set to true, the client is
+## automatically connected as the default user or user supplied in the
+## SSL certificate whenever the first frame sent on a session is not a
+## CONNECT frame.
+##
+# stomp.implicit_connect = true
+
+## ----------------------------------------------------------------------------
+## RabbitMQ MQTT Adapter
+##
+## See https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md
+## for details
+## ----------------------------------------------------------------------------
+
+# =======================================
+# MQTT section
+# =======================================
+
+## Set the default user name and password. Will be used as the default login
+## if a connecting client provides no other login details.
+##
+## Please note that setting this will allow clients to connect without
+## authenticating!
+##
+# mqtt.default_user = guest
+# mqtt.default_pass = guest
+
+## Enable anonymous access. If this is set to false, clients MUST provide
+## login information in order to connect. See the default_user/default_pass
+## configuration elements for managing logins without authentication.
+##
+# mqtt.allow_anonymous = true
+
+## If you have multiple chosts, specify the one to which the
+## adapter connects.
+##
+# mqtt.vhost = /
+
+## Specify the exchange to which messages from MQTT clients are published.
+##
+# mqtt.exchange = amq.topic
+
+## Specify TTL (time to live) to control the lifetime of non-clean sessions.
+##
+# mqtt.subscription_ttl = 1800000
+
+## Set the prefetch count (governing the maximum number of unacknowledged
+## messages that will be delivered).
+##
+# mqtt.prefetch = 10
+
+## TCP/SSL Configuration (as per the broker configuration).
+##
+# mqtt.listeners.tcp.default = 1883
+
+## Same for ssl listener
+##
+# mqtt.listeners.ssl.default = 1884
+
+## Number of Erlang processes that will accept connections for the TCP
+## and SSL listeners.
+##
+# mqtt.num_acceptors.tcp = 10
+# mqtt.num_acceptors.ssl = 1
+
+## TCP/Socket options (as per the broker configuration).
+##
+# mqtt.tcp_listen_options.backlog = 128
+# mqtt.tcp_listen_options.nodelay = true
+
+## ----------------------------------------------------------------------------
+## RabbitMQ AMQP 1.0 Support
+##
+## See https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md
+## for details
+## ----------------------------------------------------------------------------
+
+# =======================================
+# AMQP_1 section
+# =======================================
+
+
+## Connections that are not authenticated with SASL will connect as this
+## account. See the README for more information.
+##
+## Please note that setting this will allow clients to connect without
+## authenticating!
+##
+# amqp1_0.default_user = guest
+
+## Enable protocol strict mode. See the README for more information.
+##
+# amqp1_0.protocol_strict_mode = false
+
+## Lager controls logging.
+## See https://github.com/basho/lager for more documentation
+##
+## Log direcrory, taken from the RABBITMQ_LOG_BASE env variable by default.
+##
+# log.dir = /var/log/rabbitmq
+
+## Logging to console (can be true or false)
+##
+# log.console = false
+
+## Loglevel to log to console
+##
+# log.console.level = info
+
+## Logging to file. Can be false or filename.
+## Default:
+# log.file = rabbit.log
+
+## To turn off:
+# log.file = false
+
+## Loglevel to log to file
+##
+# log.file.level = info
+
+## File rotation config. No rotation by defualt.
+## DO NOT SET rotation date to ''. Leave unset if require "" value
+# log.file.rotation.date = $D0 
+# log.file.rotation.size = 0
+
+
+## QA: Config for syslog logging
+# log.syslog = false
+# log.syslog.identity = rabbitmq
+# log.syslog.level    = info
+# log.syslog.facility = daemon
+
+
+## ----------------------------------------------------------------------------
+## RabbitMQ LDAP Plugin
+##
+## See http://www.rabbitmq.com/ldap.html for details.
+##
+## ----------------------------------------------------------------------------
+
+# =======================================
+# LDAP section
+# =======================================
+
+##
+## Connecting to the LDAP server(s)
+## ================================
+##
+
+## Specify servers to bind to. You *must* set this in order for the plugin
+## to work properly.
+##
+# ldap.servers.1 = your-server-name-goes-here
+
+## You can define multiple servers
+# ldap.servers.2 = your-other-server
+
+## Connect to the LDAP server using SSL
+##
+# ldap.use_ssl = false
+
+## Specify the LDAP port to connect to
+##
+# ldap.port = 389
+
+## LDAP connection timeout, in milliseconds or 'infinity'
+##
+# ldap.timeout = infinity
+
+## Or number
+# ldap.timeout = 500
+
+## Enable logging of LDAP queries.
+## One of
+##   - false (no logging is performed)
+##   - true (verbose logging of the logic used by the plugin)
+##   - network (as true, but additionally logs LDAP network traffic)
+##
+## Defaults to false.
+##
+# ldap.log = false
+
+## Also can be true or network
+# ldap.log = true
+# ldap.log = network
+
+##
+## Authentication
+## ==============
+##
+
+## Pattern to convert the username given through AMQP to a DN before
+## binding
+##
+# ldap.user_dn_pattern = cn=${username},ou=People,dc=example,dc=com
+
+## Alternatively, you can convert a username to a Distinguished
+## Name via an LDAP lookup after binding. See the documentation for
+## full details.
+
+## When converting a username to a dn via a lookup, set these to
+## the name of the attribute that represents the user name, and the
+## base DN for the lookup query.
+##
+# ldap.dn_lookup_attribute = userPrincipalName
+# ldap.dn_lookup_base      = DC=gopivotal,DC=com
+
+## Controls how to bind for authorisation queries and also to
+## retrieve the details of users logging in without presenting a
+## password (e.g., SASL EXTERNAL).
+## One of
+##  - as_user (to bind as the authenticated user - requires a password)
+##  - anon    (to bind anonymously)
+##  - {UserDN, Password} (to bind with a specified user name and password)
+##
+## Defaults to 'as_user'.
+##
+# ldap.other_bind = as_user
+
+## Or can be more complex:
+# ldap.other_bind.user_dn  = User
+# ldap.other_bind.password = Password
+
+## If user_dn and password defined - other options is ignored.
+
+# -----------------------------
+# Too complex section of LDAP
+# -----------------------------
+
+##
+## Authorisation
+## =============
+##
+
+## The LDAP plugin can perform a variety of queries against your
+## LDAP server to determine questions of authorisation. See
+## http://www.rabbitmq.com/ldap.html#authorisation for more
+## information.
+
+## Following configuration should be defined in additional.config file
+## DO NOT UNCOMMENT THIS LINES!
+
+## Set the query to use when determining vhost access
+##
+## {vhost_access_query, {in_group,
+##                       "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}},
+
+## Set the query to use when determining resource (e.g., queue) access
+##
+## {resource_access_query, {constant, true}},
+
+## Set queries to determine which tags a user has
+##
+## {tag_queries, []}
+#   ]},
+# -----------------------------