diff options
| -rw-r--r-- | additional.config | 99 | ||||
| -rwxr-xr-x | cuttlefish | bin | 0 -> 430208 bytes | |||
| -rw-r--r-- | rabbitmq.conf.d/ldap.conf | 138 | ||||
| -rw-r--r-- | rabbitmq.conf.d/rabbitmq.conf | 810 | ||||
| -rw-r--r-- | schema/rabbitmq.config.schema | 941 | ||||
| -rw-r--r-- | schema/rabbitmq.ldap.schema | 151 | ||||
| -rw-r--r-- | schema/rabbitmq.management.schema | 107 | ||||
| -rw-r--r-- | schema/rabbitmq.mqtt.schema | 142 | ||||
| -rw-r--r-- | schema/rabbitmq.stomp.schema | 90 |
9 files changed, 2478 insertions, 0 deletions
diff --git a/additional.config b/additional.config new file mode 100644 index 0000000000..46b020c680 --- /dev/null +++ b/additional.config @@ -0,0 +1,99 @@ +[ + + + %% ---------------------------------------------------------------------------- + %% RabbitMQ Shovel Plugin + %% + %% See http://www.rabbitmq.com/shovel.html for details + %% ---------------------------------------------------------------------------- + + {rabbitmq_shovel, + [{shovels, + [%% A named shovel worker. + %% {my_first_shovel, + %% [ + + %% List the source broker(s) from which to consume. + %% + %% {sources, + %% [%% URI(s) and pre-declarations for all source broker(s). + %% {brokers, ["amqp://user:password@host.domain/my_vhost"]}, + %% {declarations, []} + %% ]}, + + %% List the destination broker(s) to publish to. + %% {destinations, + %% [%% A singular version of the 'brokers' element. + %% {broker, "amqp://"}, + %% {declarations, []} + %% ]}, + + %% Name of the queue to shovel messages from. + %% + %% {queue, <<"your-queue-name-goes-here">>}, + + %% Optional prefetch count. + %% + %% {prefetch_count, 10}, + + %% when to acknowledge messages: + %% - no_ack: never (auto) + %% - on_publish: after each message is republished + %% - on_confirm: when the destination broker confirms receipt + %% + %% {ack_mode, on_confirm}, + + %% Overwrite fields of the outbound basic.publish. + %% + %% {publish_fields, [{exchange, <<"my_exchange">>}, + %% {routing_key, <<"from_shovel">>}]}, + + %% Static list of basic.properties to set on re-publication. + %% + %% {publish_properties, [{delivery_mode, 2}]}, + + %% The number of seconds to wait before attempting to + %% reconnect in the event of a connection failure. + %% + %% {reconnect_delay, 2.5} + + %% ]} %% End of my_first_shovel + ]} + %% Rather than specifying some values per-shovel, you can specify + %% them for all shovels here. + %% + %% {defaults, [{prefetch_count, 0}, + %% {ack_mode, on_confirm}, + %% {publish_fields, []}, + %% {publish_properties, [{delivery_mode, 2}]}, + %% {reconnect_delay, 2.5}]} + ]}, + + {rabbitmq_auth_backend_ldap, [ +% %% +% %% Authorisation +% %% ============= +% %% + +% %% The LDAP plugin can perform a variety of queries against your +% %% LDAP server to determine questions of authorisation. See +% %% http://www.rabbitmq.com/ldap.html#authorisation for more +% %% information. + +% %% Set the query to use when determining vhost access +% %% +% %% {vhost_access_query, {in_group, +% %% "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}}, + +% %% Set the query to use when determining resource (e.g., queue) access +% %% +% %% {resource_access_query, {constant, true}}, + +% %% Set queries to determine which tags a user has +% %% +% %% {tag_queries, []} + ]} +]. + + + diff --git a/cuttlefish b/cuttlefish Binary files differnew file mode 100755 index 0000000000..90b47bc2fb --- /dev/null +++ b/cuttlefish diff --git a/rabbitmq.conf.d/ldap.conf b/rabbitmq.conf.d/ldap.conf new file mode 100644 index 0000000000..2f51cbb409 --- /dev/null +++ b/rabbitmq.conf.d/ldap.conf @@ -0,0 +1,138 @@ +# ## ---------------------------------------------------------------------------- +# ## RabbitMQ LDAP Plugin +# ## +# ## See http://www.rabbitmq.com/ldap.html for details. +# ## +# ## ---------------------------------------------------------------------------- + + +# ======================================= +# LDAP section +# ======================================= + +# Should be defined in additional.conf maybe? + +# {rabbitmq_auth_backend_ldap, +# [## +# ## Connecting to the LDAP server(s) +# ## ================================ +# ## + +# ## Specify servers to bind to. You *must* set this in order for the plugin +# ## to work properly. +# ## +# ## {servers, ["your-server-name-goes-here"]}, + +ldap.servers.myserver = your-server-name-goes-here + +# ## Connect to the LDAP server using SSL +# ## +# ## {use_ssl, false}, + +ldap.use_ssl = false + +# ## Specify the LDAP port to connect to +# ## +# ## {port, 389}, + +ldap.port = 389 + +# ## LDAP connection timeout, in milliseconds or 'infinity' +# ## +# ## {timeout, infinity}, + +ldap.timeout = infinity + +# Or number +# ldap.timeout = 500 + +# ## Enable logging of LDAP queries. +# ## One of +# ## - false (no logging is performed) +# ## - true (verbose logging of the logic used by the plugin) +# ## - network (as true, but additionally logs LDAP network traffic) +# ## +# ## Defaults to false. +# ## +# ## {log, false}, + +ldap.log = false + +# Also can be true or network +# ldap.log = true +# ldap.log = network + +# ## +# ## Authentication +# ## ============== +# ## + +# ## Pattern to convert the username given through AMQP to a DN before +# ## binding +# ## +# ## {user_dn_pattern, "cn=${username},ou=People,dc=example,dc=com"}, + +ldap.user_dn_pattern = cn=${username},ou=People,dc=example,dc=com + +# ## Alternatively, you can convert a username to a Distinguished +# ## Name via an LDAP lookup after binding. See the documentation for +# ## full details. + +# ## When converting a username to a dn via a lookup, set these to +# ## the name of the attribute that represents the user name, and the +# ## base DN for the lookup query. +# ## +# ## {dn_lookup_attribute, "userPrincipalName"}, +# ## {dn_lookup_base, "DC=gopivotal,DC=com"}, + +ldap.dn_lookup_attribute = userPrincipalName +ldap.dn_lookup_base = DC=gopivotal,DC=com + +# ## Controls how to bind for authorisation queries and also to +# ## retrieve the details of users logging in without presenting a +# ## password (e.g., SASL EXTERNAL). +# ## One of +# ## - as_user (to bind as the authenticated user - requires a password) +# ## - anon (to bind anonymously) +# ## - {UserDN, Password} (to bind with a specified user name and password) +# ## +# ## Defaults to 'as_user'. +# ## +# ## {other_bind, as_user}, + +ldap.other_bind = as_user + +# Or can be more complex: +# ldap.other_bind.user_dn = User +# ldap.other_bind.password = Password +# If user_dn and password defined - other options is ignored. + +# ----------------------------- +# Too complex section of LDAP +# ----------------------------- + +# ## +# ## Authorisation +# ## ============= +# ## + +# ## The LDAP plugin can perform a variety of queries against your +# ## LDAP server to determine questions of authorisation. See +# ## http://www.rabbitmq.com/ldap.html#authorisation for more +# ## information. + +# ## Set the query to use when determining vhost access +# ## +# ## {vhost_access_query, {in_group, +# ## "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}}, + +# ## Set the query to use when determining resource (e.g., queue) access +# ## +# ## {resource_access_query, {constant, true}}, + +# ## Set queries to determine which tags a user has +# ## +# ## {tag_queries, []} +# ]}, +# ----------------------------- + diff --git a/rabbitmq.conf.d/rabbitmq.conf b/rabbitmq.conf.d/rabbitmq.conf new file mode 100644 index 0000000000..243353e77c --- /dev/null +++ b/rabbitmq.conf.d/rabbitmq.conf @@ -0,0 +1,810 @@ +# [ +# {rabbit, +# [## + ## Network Connectivity + ## ==================== + ## + ## By default, RabbitMQ will listen on all interfaces, using + ## the standard (reserved) AMQP port. + ## + ## {tcp_listeners, [5672]}, + ## To listen on a specific interface, provide a tuple of {IpAddress, Port}. + ## For example, to listen only on localhost for both IPv4 and IPv6: + ## + ## {tcp_listeners, [{"127.0.0.1", 5672}, + ## {"::1", 5672}]}, +# Define with port +listener.tcp.default = 5672 + +# Define with IP +# listener.tcp.local = 127.0.0.1:5672 + +# Define for IPv6 +# listener.tcp.local_v6 = ::1:5672 + + + ## SSL listeners are configured in the same fashion as TCP listeners, + ## including the option to control the choice of interface. + ## + ## {ssl_listeners, [5671]}, + +# SSL listeners are same +listener.ssl.default = 5672 + + + ## Number of Erlang processes that will accept connections for the TCP + ## and SSL listeners. + ## + ## {num_tcp_acceptors, 10}, + ## {num_ssl_acceptors, 1}, + +num_acceptors.tcp = 10 +num_acceptors.ssl = 1 + + + ## Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection + ## and SSL handshake), in milliseconds. + ## + ## {handshake_timeout, 10000}, + +handshake_timeout = 10000 + + ## Set to 'true' to perform reverse DNS lookups when accepting a + ## connection. Hostnames will then be shown instead of IP addresses + ## in rabbitmqctl and the management plugin. + ## + ## {reverse_dns_lookups, true}, +reverse_dns_lookups = true + + # ## + # ## Security / AAA + # ## ============== + # ## + + # ## The default "guest" user is only permitted to access the server + # ## via a loopback interface (e.g. localhost). + # ## {loopback_users, [<<"guest">>]}, + # ## + # ## Uncomment the following line if you want to allow access to the + # ## guest user from anywhere on the network. + # ## {loopback_users, []}, + +# Duplicate 'guest', because cutterfish doesn't support collections + +loopback_user.guest = guest + + ## Configuring SSL. + ## See http://www.rabbitmq.com/ssl.html for full documentation. + ## + ## {ssl_options, [{cacertfile, "/path/to/testca/cacert.pem"}, + ## {certfile, "/path/to/server/cert.pem"}, + ## {keyfile, "/path/to/server/key.pem"}, + ## {verify, verify_peer}, + ## {fail_if_no_peer_cert, false}]}, + +ssl_option.verify = verify_peer +ssl_option.fail_if_no_peer_cert = false +ssl_option.cacertfile = /path/to/testca/cacert.pem +ssl_option.certfile = /path/to/server/cert.pem +ssl_option.keyfile = /path/to/server/key.pem + + ## Choose the available SASL mechanism(s) to expose. + ## The two default (built in) mechanisms are 'PLAIN' and + ## 'AMQPLAIN'. Additional mechanisms can be added via + ## plugins. + ## + ## See http://www.rabbitmq.com/authentication.html for more details. + ## + ## {auth_mechanisms, ['PLAIN', 'AMQPLAIN']}, + + ## Select an authentication database to use. RabbitMQ comes bundled + ## with a built-in auth-database, based on mnesia. + ## + ## {auth_backends, [rabbit_auth_backend_internal]}, + + ## Configurations supporting the rabbitmq_auth_mechanism_ssl and + ## rabbitmq_auth_backend_ldap plugins. + ## + ## NB: These options require that the relevant plugin is enabled. + ## See http://www.rabbitmq.com/plugins.html for further details. + + ## The RabbitMQ-auth-mechanism-ssl plugin makes it possible to + ## authenticate a user based on the client's SSL certificate. + ## + ## To use auth-mechanism-ssl, add to or replace the auth_mechanisms + ## list with the entry 'EXTERNAL'. + ## + ## {auth_mechanisms, ['EXTERNAL']}, + + ## The rabbitmq_auth_backend_ldap plugin allows the broker to + ## perform authentication and authorisation by deferring to an + ## external LDAP server. + ## + ## For more information about configuring the LDAP backend, see + ## http://www.rabbitmq.com/ldap.html. + ## + ## Enable the LDAP auth backend by adding to or replacing the + ## auth_backends entry: + ## + ## {auth_backends, [rabbit_auth_backend_ldap]}, + +auth_mechanism.external = EXTERNAL +auth_backend.internal = rabbit_auth_backend_internal + +# Add another backend +# auth_backend.http = rabbit_auth_backend_http + + + ## This pertains to both the rabbitmq_auth_mechanism_ssl plugin and + ## STOMP ssl_cert_login configurations. See the rabbitmq_stomp + ## configuration section later in this file and the README in + ## https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further + ## details. + ## + ## To use the SSL cert's CN instead of its DN as the username + ## + ## {ssl_cert_login_from, common_name}, + + ## SSL handshake timeout, in milliseconds. + ## + ## {ssl_handshake_timeout, 5000}, + +ssl_cert_login_from = common_name +ssl_handshake_timeout = 5000 + + + ## Password hashing implementation. Will only affect newly + ## created users. To recalculate hash for an existing user + ## it's necessary to update her password. + ## + ## When importing definitions exported from versions earlier + ## than 3.6.0, it is possible to go back to MD5 (only do this + ## as a temporary measure!) by setting this to rabbit_password_hashing_md5. + ## + ## To use SHA-512, set to rabbit_password_hashing_sha512. + ## + ## {password_hashing_module, rabbit_password_hashing_sha256}, + +password_hashing_module = rabbit_password_hashing_sha256 + + ## + ## Default User / VHost + ## ==================== + ## + + ## On first start RabbitMQ will create a vhost and a user. These + ## config items control what gets created. See + ## http://www.rabbitmq.com/access-control.html for further + ## information about vhosts and access control. + ## + ## {default_vhost, <<"/">>}, + ## {default_user, <<"guest">>}, + ## {default_pass, <<"guest">>}, + ## {default_permissions, [<<".*">>, <<".*">>, <<".*">>]}, + +default_vhost = / +default_user = guest +default_pass = guest + +default_permissions.configure = .* +default_permissions.read = .* +default_permissions.write = .* + + ## Tags for default user + ## + ## For more details about tags, see the documentation for the + ## Management Plugin at http://www.rabbitmq.com/management.html. + ## + ## {default_user_tags, [administrator]}, + +default_user_tags.administrator = true + + ## + ## Additional network and protocol related configuration + ## ===================================================== + ## + + ## Set the default AMQP heartbeat delay (in seconds). + ## + ## {heartbeat, 600}, + + ## Set the max permissible size of an AMQP frame (in bytes). + ## + ## {frame_max, 131072}, + + ## Set the max frame size the server will accept before connection + ## tuning occurs + ## + ## {initial_frame_max, 4096}, + + ## Set the max permissible number of channels per connection. + ## 0 means "no limit". + ## + ## {channel_max, 128}, + +heartbeat = 600 +frame_max = 131072 +initial_frame_max = 4096 +channel_max = 128 + + ## Customising Socket Options. + ## + ## See (http://www.erlang.org/doc/man/inet.html#setopts-2) for + ## further documentation. + ## + ## {tcp_listen_options, [{backlog, 128}, + ## {nodelay, true}, + ## {exit_on_close, false}]}, + +tcp_listen_option.backlog = 128 +tcp_listen_option.nodelay = true +tcp_listen_option.exit_on_close = false + + ## + ## Resource Limits & Flow Control + ## ============================== + ## + ## See http://www.rabbitmq.com/memory.html for full details. + + ## Memory-based Flow Control threshold. + ## + ## {vm_memory_high_watermark, 0.4}, + + ## Alternatively, we can set a limit (in bytes) of RAM used by the node. + ## + ## {vm_memory_high_watermark, {absolute, 1073741824}}, + ## + ## Or you can set absolute value using memory units (with RabbitMQ 3.6.0+). + ## + ## {vm_memory_high_watermark, {absolute, "1024M"}}, + ## + ## Supported units suffixes: + ## + ## k, kiB: kibibytes (2^10 bytes) + ## M, MiB: mebibytes (2^20) + ## G, GiB: gibibytes (2^30) + ## kB: kilobytes (10^3) + ## MB: megabytes (10^6) + ## GB: gigabytes (10^9) + +# Relative watermark +vm_memory_high_watermark.relative = 0.4 + +# Or absolute watermark. +# Ignored if relative is defined! +# vm_memory_high_watermark.absolute = 1024M + + ## Fraction of the high watermark limit at which queues start to + ## page message out to disc in order to free up memory. + ## + ## Values greater than 0.9 can be dangerous and should be used carefully. + ## + ## {vm_memory_high_watermark_paging_ratio, 0.5}, + +vm_memory_high_watermark_paging_ratio = 0.5 + + ## Interval (in milliseconds) at which we perform the check of the memory + ## levels against the watermarks. + ## + ## {memory_monitor_interval, 2500}, + +memory_monitor_interval = 2500 + + ## Set disk free limit (in bytes). Once free disk space reaches this + ## lower bound, a disk alarm will be set - see the documentation + ## listed above for more details. + ## + ## {disk_free_limit, 50000000}, + ## + ## Or you can set it using memory units (same as in vm_memory_high_watermark) + ## with RabbitMQ 3.6.0+. + ## {disk_free_limit, "50MB"}, + ## {disk_free_limit, "50000kB"}, + ## {disk_free_limit, "2GB"}, + + ## Alternatively, we can set a limit relative to total available RAM. + ## + ## Values lower than 1.0 can be dangerous and should be used carefully. + ## {disk_free_limit, {mem_relative, 2.0}}, + +# Mem relative disk limit +disk_free_limit.relative = 2.0 + +# Absolute disk limit +# Ignored if relative defined +disk_free_limit.absolute = 50MB + + + ## + ## Clustering + ## ===================== + ## + + ## How to respond to cluster partitions. + ## See http://www.rabbitmq.com/partitions.html for further details. + ## + ## {cluster_partition_handling, ignore}, + +cluster_partition_handling = ignore + + ## Mirror sync batch size, in messages. Increasing this will speed + ## up syncing but total batch size in bytes must not exceed 2 GiB. + ## Available in RabbitMQ 3.6.0 or later. + ## + ## {mirroring_sync_batch_size, 4096}, + +mirroring_sync_batch_size = 4096 + + ## Make clustering happen *automatically* at startup - only applied + ## to nodes that have just been reset or started for the first time. + ## See http://www.rabbitmq.com/clustering.html#auto-config for + ## further details. + ## + ## {cluster_nodes, {['rabbit@my.host.com'], disc}}, + +cluster_nodes.disk.rabbit = rabbit@my.host.com + +# Can define multiple +# cluster_nodes.disk.hare = hare@my.host.com + +# Ram nodes +# Should not be defined together with disk nodes +# cluster_nodes.ram.rabbit = rabbit@my.host.com + + ## Interval (in milliseconds) at which we send keepalive messages + ## to other cluster members. Note that this is not the same thing + ## as net_ticktime; missed keepalive messages will not cause nodes + ## to be considered down. + ## + ## {cluster_keepalive_interval, 10000}, + +cluster_keepalive_interval = 10000 + + ## + ## Statistics Collection + ## ===================== + ## + + ## Set (internal) statistics collection granularity. + ## + ## {collect_statistics, none}, + +# Cna be none, coarse or fine +collect_statistics = none + + ## Statistics collection interval (in milliseconds). Increasing + ## this will reduce the load on management database. + ## + ## {collect_statistics_interval, 5000}, + +collect_statistics_interval = 5000 + + ## + ## Misc/Advanced Options + ## ===================== + ## + ## NB: Change these only if you understand what you are doing! + ## + + ## Explicitly enable/disable hipe compilation. + ## + ## {hipe_compile, true}, + +hipe_compile = true + + ## Timeout used when waiting for Mnesia tables in a cluster to + ## become available. + ## + ## {mnesia_table_loading_timeout, 30000}, + +mnesia_table_loading_timeout = 30000 + + + ## Size in bytes below which to embed messages in the queue index. See + ## http://www.rabbitmq.com/persistence-conf.html + ## + ## {queue_index_embed_msgs_below, 4096} + +queue_index_embed_msgs_below = 4096 + + # ]}, + + # ## ---------------------------------------------------------------------------- + # ## Advanced Erlang Networking/Clustering Options. + # ## + # ## See http://www.rabbitmq.com/clustering.html for details + # ## ---------------------------------------------------------------------------- + # {kernel, + # [## Sets the net_kernel tick time. + # ## Please see http://erlang.org/doc/man/kernel_app.html and + # ## http://www.rabbitmq.com/nettick.html for further details. + # ## + # ## {net_ticktime, 60} + # ]}, + +# ====================================== +# Kernel section +# ====================================== + +kernel.net_ticktime = 60 + + # ## ---------------------------------------------------------------------------- + # ## RabbitMQ Management Plugin + # ## + # ## See http://www.rabbitmq.com/management.html for details + # ## ---------------------------------------------------------------------------- + + # {rabbitmq_management, + # [## Pre-Load schema definitions from the following JSON file. See + ## http://www.rabbitmq.com/management.html#load-definitions + ## + ## {load_definitions, "/path/to/schema.json"}, + +# ======================================= +# Management section +# ======================================= + +management.load_definitions = /path/to/schema.json + + ## Log all requests to the management HTTP API to a file. + ## + ## {http_log_dir, "/path/to/access.log"}, + +management.http_log_dir = /path/to/access.log + + ## Change the port on which the HTTP listener listens, + ## specifying an interface for the web server to bind to. + ## Also set the listener to use SSL and provide SSL options. + ## + ## {listener, [{port, 12345}, + ## {ip, "127.0.0.1"}, + ## {ssl, true}, + ## {ssl_opts, [{cacertfile, "/path/to/cacert.pem"}, + ## {certfile, "/path/to/cert.pem"}, + ## {keyfile, "/path/to/key.pem"}]}]}, + + +# Maybe use IP type like in tcp_listener? +management.listener.port = 12345 +management.listener.ip = 127.0.0.1 +management.listener.ssl = true + +management.listener.ssl_opts.cacertfile = /path/to/cacert.pem +management.listener.ssl_opts.certfile = /path/to/cert.pem +management.listener.ssl_opts.keyfile = /path/to/key.pem + + ## One of 'basic', 'detailed' or 'none'. See + ## http://www.rabbitmq.com/management.html#fine-stats for more details. + ## {rates_mode, basic}, + +management.rates_mode = basic + + ## Configure how long aggregated data (such as message rates and queue + ## lengths) is retained. Please read the plugin's documentation in + ## http://www.rabbitmq.com/management.html#configuration for more + ## details. + ## + ## {sample_retention_policies, + ## [{global, [{60, 5}, {3600, 60}, {86400, 1200}]}, + ## {basic, [{60, 5}, {3600, 60}]}, + ## {detailed, [{10, 5}]}]} +# ]}, + +# Some funny syntax +management.sample_retention_policies.global.60 = 5 +management.sample_retention_policies.global.3600 = 60 +management.sample_retention_policies.global.86400 = 1200 + +management.sample_retention_policies.basic.60 = 5 +management.sample_retention_policies.basic.3600 = 60 + +management.sample_retention_policies.detailed.10 = 5 + + +# Shovel is too complex for sysctl syntax. Should be defined in additinal.conf + +# ## ---------------------------------------------------------------------------- +# ## RabbitMQ Shovel Plugin +# ## +# ## See http://www.rabbitmq.com/shovel.html for details +# ## ---------------------------------------------------------------------------- + +# {rabbitmq_shovel, +# [{shovels, +# [## A named shovel worker. +# ## {my_first_shovel, +# ## [ + +# ## List the source broker(s) from which to consume. +# ## +# ## {sources, +# ## [## URI(s) and pre-declarations for all source broker(s). +# ## {brokers, ["amqp://user:password@host.domain/my_vhost"]}, +# ## {declarations, []} +# ## ]}, + +# ## List the destination broker(s) to publish to. +# ## {destinations, +# ## [## A singular version of the 'brokers' element. +# ## {broker, "amqp://"}, +# ## {declarations, []} +# ## ]}, + +# ## Name of the queue to shovel messages from. +# ## +# ## {queue, <<"your-queue-name-goes-here">>}, + +# ## Optional prefetch count. +# ## +# ## {prefetch_count, 10}, + +# ## when to acknowledge messages: +# ## - no_ack: never (auto) +# ## - on_publish: after each message is republished +# ## - on_confirm: when the destination broker confirms receipt +# ## +# ## {ack_mode, on_confirm}, + +# ## Overwrite fields of the outbound basic.publish. +# ## +# ## {publish_fields, [{exchange, <<"my_exchange">>}, +# ## {routing_key, <<"from_shovel">>}]}, + +# ## Static list of basic.properties to set on re-publication. +# ## +# ## {publish_properties, [{delivery_mode, 2}]}, + +# ## The number of seconds to wait before attempting to +# ## reconnect in the event of a connection failure. +# ## +# ## {reconnect_delay, 2.5} + +# ## ]} ## End of my_first_shovel +# ]} +# ## Rather than specifying some values per-shovel, you can specify +# ## them for all shovels here. +# ## +# ## {defaults, [{prefetch_count, 0}, +# ## {ack_mode, on_confirm}, +# ## {publish_fields, []}, +# ## {publish_properties, [{delivery_mode, 2}]}, +# ## {reconnect_delay, 2.5}]} +# ]}, + +# ## ---------------------------------------------------------------------------- +# ## RabbitMQ Stomp Adapter +# ## +# ## See http://www.rabbitmq.com/stomp.html for details +# ## ---------------------------------------------------------------------------- + +# ======================================= +# STOMP section +# ======================================= + +# {rabbitmq_stomp, +# [## Network Configuration - the format is generally the same as for the broker + +# ## Listen only on localhost (ipv4 & ipv6) on a specific port. +# ## {tcp_listeners, [{"127.0.0.1", 61613}, +# ## {"::1", 61613}]}, + +# Same as tcp_listener +stomp.listener.tcp.default = 61613 + +stomp.listener.ssl.default = 61614 + +# ## Number of Erlang processes that will accept connections for the TCP +# ## and SSL listeners. +# ## +# ## {num_tcp_acceptors, 10}, +# ## {num_ssl_acceptors, 1}, + +stomp.num_acceptors.tcp = 10 +stomp.num_acceptors.ssl = 1 + +# ## Additional SSL options + +# ## Extract a name from the client's certificate when using SSL. +# ## +# ## {ssl_cert_login, true}, + +stomp.ssl_cert_login = true + +# ## Set a default user name and password. This is used as the default login +# ## whenever a CONNECT frame omits the login and passcode headers. +# ## +# ## Please note that setting this will allow clients to connect without +# ## authenticating! +# ## +# ## {default_user, [{login, "guest"}, +# ## {passcode, "guest"}]}, + +# Same syntax as AMQP +stomp.default_user = guest +stomp.default_pass = guest + +# ## If a default user is configured, or you have configured use SSL client +# ## certificate based authentication, you can choose to allow clients to +# ## omit the CONNECT frame entirely. If set to true, the client is +# ## automatically connected as the default user or user supplied in the +# ## SSL certificate whenever the first frame sent on a session is not a +# ## CONNECT frame. +# ## +# ## {implicit_connect, true} +# ]}, + +stomp.implicit_connect = true + +# ## ---------------------------------------------------------------------------- +# ## RabbitMQ MQTT Adapter +# ## +# ## See https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md +# ## for details +# ## ---------------------------------------------------------------------------- + +# ======================================= +# MQTT section +# ======================================= + +# {rabbitmq_mqtt, +# [## Set the default user name and password. Will be used as the default login +# ## if a connecting client provides no other login details. +# ## +# ## Please note that setting this will allow clients to connect without +# ## authenticating! +# ## +# ## {default_user, <<"guest">>}, +# ## {default_pass, <<"guest">>}, + +mqtt.default_user = guest +mqtt.default_pass = guest + +# ## Enable anonymous access. If this is set to false, clients MUST provide +# ## login information in order to connect. See the default_user/default_pass +# ## configuration elements for managing logins without authentication. +# ## +# ## {allow_anonymous, true}, + +mqtt.allow_anonymous = true + +# ## If you have multiple chosts, specify the one to which the +# ## adapter connects. +# ## +# ## {vhost, <<"/">>}, + +mqtt.vhost = / + +# ## Specify the exchange to which messages from MQTT clients are published. +# ## +# ## {exchange, <<"amq.topic">>}, + +mqtt.exchange = amq.topic + +# ## Specify TTL (time to live) to control the lifetime of non-clean sessions. +# ## +# ## {subscription_ttl, 1800000}, +mqtt.subscription_ttl = 1800000 + +# ## Set the prefetch count (governing the maximum number of unacknowledged +# ## messages that will be delivered). +# ## +# ## {prefetch, 10}, +mqtt.prefetch = 10 + +# ## TCP/SSL Configuration (as per the broker configuration). +# ## +# ## {tcp_listeners, [1883]}, +# ## {ssl_listeners, []}, + +# Same as amqp tcp_listener +mqtt.listener.tcp.default = 1883 + +# Same as amqp ssl_listener +mqtt.listener.ssl.default = 1884 + +# ## Number of Erlang processes that will accept connections for the TCP +# ## and SSL listeners. +# ## +# ## {num_tcp_acceptors, 10}, +# ## {num_ssl_acceptors, 1}, + +mqtt.num_acceptors.tcp = 10 +mqtt.num_acceptors.ssl = 1 + +# ## TCP/Socket options (as per the broker configuration). +# ## +# ## {tcp_listen_options, [{backlog, 128}, +# ## {nodelay, true}]} +# ]}, + +mqtt.tcp_listen_option.backlog = 128 +mqtt.tcp_listen_option.nodelay = true + +# ## ---------------------------------------------------------------------------- +# ## RabbitMQ AMQP 1.0 Support +# ## +# ## See https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md +# ## for details +# ## ---------------------------------------------------------------------------- + +# ======================================= +# AMQP_1 section +# ======================================= + + +# {rabbitmq_amqp1_0, +# [## Connections that are not authenticated with SASL will connect as this +# ## account. See the README for more information. +# ## +# ## Please note that setting this will allow clients to connect without +# ## authenticating! +# ## +# ## {default_user, "guest"}, + +amqp1.default_user = guest + +# ## Enable protocol strict mode. See the README for more information. +# ## +# ## {protocol_strict_mode, false} +# ]}, + +amqp1.protocol_strict_mode = false + +# ## Lager controls logging. +# ## See https://github.com/basho/lager for more documentation +# {lager, [ +# ## +# ## Log direcrory, taken from the RABBITMQ_LOG_BASE env variable by default. +# ## {log_root, "/var/log/rabbitmq"}, +# ## +# ## All log messages go to the default "sink" configured with +# ## the `handlers` parameter. By default, it has a single +# ## lager_file_backend handler writing messages to "$nodename.log" +# ## (ie. the value of $RABBIT_LOGS). +# ## {handlers, [ +# ## {lager_file_backend, [{file, "rabbit.log"}, +# ## {level, info}, +# ## {date, ""}, +# ## {size, 0}]} +# ## ]}, +# ## +# ## Extra sinks are used in RabbitMQ to categorize messages. By +# ## default, those extra sinks are configured to forward messages +# ## to the default sink (see above). "rabbit_log_lager_event" +# ## is the default category where all RabbitMQ messages without +# ## a category go. Messages in the "channel" category go to the +# ## "rabbit_channel_lager_event" Lager extra sink, and so on. +# ## {extra_sinks, [ +# ## {rabbit_log_lager_event, [{handlers, [ +# ## {lager_forwarder_backend, +# ## [lager_event, info]}]}]}, +# ## {rabbit_channel_lager_event, [{handlers, [ +# ## {lager_forwarder_backend, +# ## [lager_event, info]}]}]}, +# ## {rabbit_conection_lager_event, [{handlers, [ +# ## {lager_forwarder_backend, +# ## [lager_event, info]}]}]}, +# ## {rabbit_mirroring_lager_event, [{handlers, [ +# ## {lager_forwarder_backend, +# ## [lager_event, info]}]}]} +# ## ]} +# ]} +# ]. + +log.dir = /var/log/rabbitmq + +log.console = false +log.console.level = info + +log.file = rabbit.log +log.file.level = info + +log.file.rotation.date = "" +log.file.rotation.size = 0 + + +# Possible: +log.syslog = false +log.syslog.identity = rabbitmq +log.syslog.level = info +log.syslog.facility = daemon
\ No newline at end of file diff --git a/schema/rabbitmq.config.schema b/schema/rabbitmq.config.schema new file mode 100644 index 0000000000..ee040d6ae6 --- /dev/null +++ b/schema/rabbitmq.config.schema @@ -0,0 +1,941 @@ +%% -*- mode: erlang -*- +%% ---------------------------------------------------------------------------- +%% RabbitMQ Sample Configuration File. +%% +%% See http://www.rabbitmq.com/configure.html for details. +%% ---------------------------------------------------------------------------- +% [ +% {rabbit, +% [%% + %% Network Connectivity + %% ==================== + %% + + %% By default, RabbitMQ will listen on all interfaces, using + %% the standard (reserved) AMQP port. + %% + %% {tcp_listeners, [5672]}, + %% To listen on a specific interface, provide a tuple of {IpAddress, Port}. + %% For example, to listen only on localhost for both IPv4 and IPv6: + %% + %% {tcp_listeners, [{"127.0.0.1", 5672}, + %% {"::1", 5672}]}, + +{mapping, "listener.tcp.$name", "rabbit.tcp_listeners",[ + {default, 5672}, + {datatype, [integer, ip]}, + {include_default, "all"} +]}. + +{translation, "rabbit.tcp_listeners", +fun(Conf) -> + Settings = cuttlefish_variable:filter_by_prefix("listener.tcp", Conf), + [ V || {_, V} <- Settings ] +end}. + + %% SSL listeners are configured in the same fashion as TCP listeners, + %% including the option to control the choice of interface. + %% + %% {ssl_listeners, [5671]}, + +{mapping, "listener.ssl.$name", "rabbit.ssl_listeners",[ + {default, 5672}, + {datatype, [integer, ip]}, + {include_default, "all"} +]}. + +{translation, "rabbit.ssl_listeners", +fun(Conf) -> + Settings = cuttlefish_variable:filter_by_prefix("listener.ssl", Conf), + [ V || {_, V} <- Settings ] +end}. + + %% Number of Erlang processes that will accept connections for the TCP + %% and SSL listeners. + %% + %% {num_tcp_acceptors, 10}, + %% {num_ssl_acceptors, 1}, + +{mapping, "num_acceptors.ssl", "rabbit.num_ssl_acceptors", [ + {default, 1}, + {datatype, integer} +]}. + +{mapping, "num_acceptors.tcp", "rabbit.num_tcp_acceptors", [ + {default, 10}, + {datatype, integer} +]}. + + + %% Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection + %% and SSL handshake), in milliseconds. + %% + %% {handshake_timeout, 10000}, + +{mapping, "handshake_timeout", "rabbit.handshake_timeout", [ + {default, 10000}, + {datatype, integer} +]}. + + %% Set to 'true' to perform reverse DNS lookups when accepting a + %% connection. Hostnames will then be shown instead of IP addresses + %% in rabbitmqctl and the management plugin. + %% + %% {reverse_dns_lookups, true}, + +{mapping, "reverse_dns_lookups", "rabbit.reverse_dns_lookups", [ + {default, true}, + {datatype, {enum, [true, false]}} +]}. + +{mapping, "erlang.K", "vm_args.+K", [ + {default, "true"}, + {level, advanced} +]}. + + %% + %% Security / AAA + %% ============== + %% + + %% The default "guest" user is only permitted to access the server + %% via a loopback interface (e.g. localhost). + %% {loopback_users, [<<"guest">>]}, + %% + %% Uncomment the following line if you want to allow access to the + %% guest user from anywhere on the network. + %% {loopback_users, []}, + +{mapping, "loopback_user.$user", "rabbit.loopback_users", [ + {default, <<"guest">>}, + {datatype, string}, + {include_default, "guest"} +]}. + +{translation, "rabbit.loopback_users", +fun(Conf) -> + Settings = cuttlefish_variable:filter_by_prefix("loopback_user", Conf), + [ list_to_binary(V) || {_, V} <- Settings ] +end}. + + %% Configuring SSL. + %% See http://www.rabbitmq.com/ssl.html for full documentation. + %% + %% {ssl_options, [{cacertfile, "/path/to/testca/cacert.pem"}, + %% {certfile, "/path/to/server/cert.pem"}, + %% {keyfile, "/path/to/server/key.pem"}, + %% {verify, verify_peer}, + %% {fail_if_no_peer_cert, false}]}, + +{mapping, "ssl_option.verify", "rabbit.ssl_options", [ + {datatype, {enum, [verify_peer, verify_none]}}]}. + +{mapping, "ssl_option.fail_if_no_peer_cert", "rabbit.ssl_options.fail_if_no_peer_cert", [ + {datatype, {enum, [true, false]}}]}. + +{mapping, "ssl_option.cacertfile", "rabbit.ssl_options.cacertfile", + [{datatype, string}, {validators, ["file_accessible"]}]}. + +{mapping, "ssl_option.certfile", "rabbit.ssl_options.certfile", + [{datatype, string}, {validators, ["file_accessible"]}]}. + +{mapping, "ssl_option.cacerts.$name", "rabbit.ssl_options.cacerts", + [{datatype, string}]}. + +{translation, "rabbit.ssl_options.cacerts", +fun(Conf) -> + Settings = cuttlefish_variable:filter_by_prefix("ssl_option.cacerts", Conf), + [ list_to_binary(V) || {_, V} <- Settings ] +end}. + +{mapping, "ssl_option.cert", "rabbit.ssl_options.cert", + [{datatype, string}]}. + +{translation, "rabbit.ssl_options.cert", +fun(Conf) -> + list_to_binary(cuttlefish:conf_get("ssl_option.cert", Conf)) +end}. + +{mapping, "ssl_option.client_renegotiation", "rabbit.ssl_options.client_renegotiation", + [{datatype, {enum, [true, false]}}]}. + +{mapping, "ssl_option.crl_check", "rabbit.ssl_options.crl_check", + [{datatype, [{enum, [true, false, peer, best_effort]}]}]}. + +{mapping, "ssl_option.depth", "rabbit.ssl_options.depth", + [{datatype, integer}, {validators, ["byte"]}]}. + +{mapping, "ssl_option.dh", "rabbit.ssl_options.dh", + [{datatype, string}]}. + +{translation, "rabbit.ssl_options.dh", +fun(Conf) -> + list_to_binary(cuttlefish:conf_get("ssl_option.dh", Conf)) +end}. + +{mapping, "ssl_option.dhfile", "rabbit.ssl_options.dhfile", + [{datatype, string}, {validators, ["file_accessible"]}]}. + +{mapping, "ssl_option.honor_cipher_order", "rabbit.ssl_options.honor_cipher_order", + [{datatype, {enum, [true, false]}}]}. + +{mapping, "ssl_option.key.RSAPrivateKey", "rabbit.ssl_options.key", + [{datatype, string}]}. + +{mapping, "ssl_option.key.DSAPrivateKey", "rabbit.ssl_options.key", + [{datatype, string}]}. + +{mapping, "ssl_option.key.PrivateKeyInfo", "rabbit.ssl_options.key", + [{datatype, string}]}. + +{translation, "rabbit.ssl_options.key", +fun(Conf) -> + case cuttlefish_variable:filter_by_prefix("ssl_option.key", Conf) of + [{[_,_,Key], Val}|_] -> {list_to_atom(Key), list_to_binary(Val)}; + _ -> undefined + end +end}. + +{mapping, "ssl_option.keyfile", "rabbit.ssl_options.keyfile", + [{datatype, string}, {validators, ["file_accessible"]}]}. + +{mapping, "ssl_option.log_alert", "rabbit.ssl_options.log_alert", + [{datatype, {enum, [true, false]}}]}. + +{mapping, "ssl_option.password", "rabbit.ssl_options.password", + [{datatype, string}]}. + +{mapping, "ssl_option.psk_identity", "rabbit.ssl_options.psk_identity", + [{datatype, string}]}. + +{mapping, "ssl_option.reuse_sessions", "rabbit.ssl_options.reuse_sessions", + [{datatype, {enum, [true, false]}}]}. + +{mapping, "ssl_option.secure_renegotiate", "rabbit.ssl_options.secure_renegotiate", + [{datatype, {enum, [true, false]}}]}. + +{mapping, "ssl_option.versions.$version", "rabbit.ssl_options.versions", + [{datatype, atom}]}. + +{translation, "rabbit.ssl_options.versions", +fun(Conf) -> + Settings = cuttlefish_variable:filter_by_prefix("ssl_option.cacerts", Conf), + [ V || {_, V} <- Settings ] +end}. + + %% Choose the available SASL mechanism(s) to expose. + %% The two default (built in) mechanisms are 'PLAIN' and + %% 'AMQPLAIN'. Additional mechanisms can be added via + %% plugins. + %% + %% See http://www.rabbitmq.com/authentication.html for more details. + %% + %% {auth_mechanisms, ['PLAIN', 'AMQPLAIN']}, + + %% Select an authentication database to use. RabbitMQ comes bundled + %% with a built-in auth-database, based on mnesia. + %% + %% {auth_backends, [rabbit_auth_backend_internal]}, + + %% Configurations supporting the rabbitmq_auth_mechanism_ssl and + %% rabbitmq_auth_backend_ldap plugins. + %% + %% NB: These options require that the relevant plugin is enabled. + %% See http://www.rabbitmq.com/plugins.html for further details. + + %% The RabbitMQ-auth-mechanism-ssl plugin makes it possible to + %% authenticate a user based on the client's SSL certificate. + %% + %% To use auth-mechanism-ssl, add to or replace the auth_mechanisms + %% list with the entry 'EXTERNAL'. + %% + %% {auth_mechanisms, ['EXTERNAL']}, + + %% The rabbitmq_auth_backend_ldap plugin allows the broker to + %% perform authentication and authorisation by deferring to an + %% external LDAP server. + %% + %% For more information about configuring the LDAP backend, see + %% http://www.rabbitmq.com/ldap.html. + %% + %% Enable the LDAP auth backend by adding to or replacing the + %% auth_backends entry: + %% + %% {auth_backends, [rabbit_auth_backend_ldap]}, + +{mapping, "auth_mechanism.$name", "rabbit.auth_mechanisms", [ + {datatype, atom}]}. + +{translation, "rabbit.auth_mechanisms", +fun(Conf) -> + Settings = cuttlefish_variable:filter_by_prefix("auth_mechanism", Conf), + [ V || {_, V} <- Settings ] +end}. + +{mapping, "auth_backend.$name", "rabbit.auth_backends", [ + {datatype, atom} +]}. + +{translation, "rabbit.auth_backends", +fun(Conf) -> + Settings = cuttlefish_variable:filter_by_prefix("auth_backend", Conf), + [ V || {_, V} <- Settings ] +end}. + + %% This pertains to both the rabbitmq_auth_mechanism_ssl plugin and + %% STOMP ssl_cert_login configurations. See the rabbitmq_stomp + %% configuration section later in this file and the README in + %% https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further + %% details. + %% + %% To use the SSL cert's CN instead of its DN as the username + %% + %% {ssl_cert_login_from, common_name}, + + %% SSL handshake timeout, in milliseconds. + %% + %% {ssl_handshake_timeout, 5000}, + +{mapping, "ssl_cert_login_from", "rabbit.ssl_cert_login_from", [ + {datatype, {enum, [distinguished_name, common_name]}} +]}. + +{mapping, "ssl_handshake_timeout", "rabbit.ssl_handshake_timeout", [ + {datatype, integer} +]}. + + %% Password hashing implementation. Will only affect newly + %% created users. To recalculate hash for an existing user + %% it's necessary to update her password. + %% + %% When importing definitions exported from versions earlier + %% than 3.6.0, it is possible to go back to MD5 (only do this + %% as a temporary measure!) by setting this to rabbit_password_hashing_md5. + %% + %% To use SHA-512, set to rabbit_password_hashing_sha512. + %% + %% {password_hashing_module, rabbit_password_hashing_sha256}, + +{mapping, "password_hashing_module", "rabbit.password_hashing_module", [ + {datatype, atom} +]}. + + %% + %% Default User / VHost + %% ==================== + %% + + %% On first start RabbitMQ will create a vhost and a user. These + %% config items control what gets created. See + %% http://www.rabbitmq.com/access-control.html for further + %% information about vhosts and access control. + %% + %% {default_vhost, <<"/">>}, + %% {default_user, <<"guest">>}, + %% {default_pass, <<"guest">>}, + %% {default_permissions, [<<".*">>, <<".*">>, <<".*">>]}, + +{mapping, "default_vhost", "rabbit.default_vhost", [ + {datatype, string} +]}. + +{translation, "rabbit.default_vhost", +fun(Conf) -> + list_to_binary(cuttlefish:conf_get("default_vhost", Conf)) +end}. + +{mapping, "default_user", "rabbit.default_user", [ + {datatype, string} +]}. + +{translation, "rabbit.default_user", +fun(Conf) -> + list_to_binary(cuttlefish:conf_get("default_user", Conf)) +end}. + +{mapping, "default_pass", "rabbit.default_pass", [ + {datatype, string} +]}. + +{translation, "rabbit.default_pass", +fun(Conf) -> + list_to_binary(cuttlefish:conf_get("default_pass", Conf)) +end}. + +{mapping, "default_permissions.configure", "rabbit.default_permissions", [ + {default, ".*"}, + {datatype, string} +]}. + +{mapping, "default_permissions.read", "rabbit.default_permissions", [ + {default, ".*"}, + {datatype, string} +]}. + +{mapping, "default_permissions.write", "rabbit.default_permissions", [ + {default, ".*"}, + {datatype, string} +]}. + +{translation, "rabbit.default_permissions", +fun(Conf) -> + Settings = cuttlefish_variable:filter_by_prefix("default_permissions", Conf), + Configure = proplists:get_value(["default_permissions", "configure"], Settings), + Read = proplists:get_value(["default_permissions", "read"], Settings), + Write = proplists:get_value(["default_permissions", "write"], Settings), + [list_to_binary(Configure), list_to_binary(Read), list_to_binary(Write)] +end}. + + %% Tags for default user + %% + %% For more details about tags, see the documentation for the + %% Management Plugin at http://www.rabbitmq.com/management.html. + %% + %% {default_user_tags, [administrator]}, + +{mapping, "default_user_tags.$tag", "rabbit.default_user_tags", + [{datatype, {enum, [true, false]}}]}. + +{translation, "rabbit.default_user_tags", +fun(Conf) -> + Settings = cuttlefish_variable:filter_by_prefix("default_user_tags", Conf), + [ list_to_atom(Key) || {[_,Key], Val} <- Settings, Val == true ] +end}. + + %% + %% Additional network and protocol related configuration + %% ===================================================== + %% + + %% Set the default AMQP heartbeat delay (in seconds). + %% + %% {heartbeat, 600}, + + %% Set the max permissible size of an AMQP frame (in bytes). + %% + %% {frame_max, 131072}, + + %% Set the max frame size the server will accept before connection + %% tuning occurs + %% + %% {initial_frame_max, 4096}, + + %% Set the max permissible number of channels per connection. + %% 0 means "no limit". + %% + %% {channel_max, 128}, + +{mapping, "heartbeat", "rabbit.heartbeat", [{datatype, integer}]}. +{mapping, "frame_max", "rabbit.frame_max", [{datatype, bytesize}]}. +{mapping, "initial_frame_max", "rabbit.initial_frame_max", [{datatype, bytesize}]}. +{mapping, "channel_max", "rabbit.channel_max", [{datatype, integer}]}. + + %% Customising Socket Options. + %% + %% See (http://www.erlang.org/doc/man/inet.html#setopts-2) for + %% further documentation. + %% + %% {tcp_listen_options, [{backlog, 128}, + %% {nodelay, true}, + %% {exit_on_close, false}]}, + +{mapping, "tcp_listen_option.backlog", "rabbit.tcp_listen_options.backlog", [ + {datatype, integer} +]}. + +{mapping, "tcp_listen_option.nodelay", "rabbit.tcp_listen_options.nodelay", [ + {datatype, {enum, [true, false]}} +]}. + +{mapping, "tcp_listen_option.buffer", "rabbit.tcp_listen_options.buffer", + [{datatype, integer}]}. + +{mapping, "tcp_listen_option.delay_send", "rabbit.tcp_listen_options.delay_send", + [{datatype, {enum, [true, false]}}]}. + +{mapping, "tcp_listen_option.dontroute", "rabbit.tcp_listen_options.dontroute", + [{datatype, {enum, [true, false]}}]}. + +{mapping, "tcp_listen_option.exit_on_close", "rabbit.tcp_listen_options.exit_on_close", + [{datatype, {enum, [true, false]}}]}. + +{mapping, "tcp_listen_option.fd", "rabbit.tcp_listen_options.fd", + [{datatype, integer}]}. + +{mapping, "tcp_listen_option.high_msgq_watermark", "rabbit.tcp_listen_options.high_msgq_watermark", + [{datatype, integer}]}. + +{mapping, "tcp_listen_option.high_watermark", "rabbit.tcp_listen_options.high_watermark", + [{datatype, integer}]}. + +{mapping, "tcp_listen_option.keepalive", "rabbit.tcp_listen_options.keepalive", + [{datatype, {enum, [true, false]}}]}. + +{mapping, "tcp_listen_option.low_msgq_watermark", "rabbit.tcp_listen_options.low_msgq_watermark", + [{datatype, integer}]}. + +{mapping, "tcp_listen_option.low_watermark", "rabbit.tcp_listen_options.low_watermark", + [{datatype, integer}]}. + +{mapping, "tcp_listen_option.port", "rabbit.tcp_listen_options.port", + [{datatype, integer}, {validators, ["port"]}]}. + +{mapping, "tcp_listen_option.priority", "rabbit.tcp_listen_options.priority", + [{datatype, integer}]}. + +{mapping, "tcp_listen_option.recbuf", "rabbit.tcp_listen_options.recbuf", + [{datatype, integer}]}. + +{mapping, "tcp_listen_option.send_timeout", "rabbit.tcp_listen_options.send_timeout", + [{datatype, integer}]}. + +{mapping, "tcp_listen_option.send_timeout_close", "rabbit.tcp_listen_options.send_timeout_close", + [{datatype, {enum, [true, false]}}]}. + +{mapping, "tcp_listen_option.sndbuf", "rabbit.tcp_listen_options.sndbuf", + [{datatype, integer}]}. + +{mapping, "tcp_listen_option.tos", "rabbit.tcp_listen_options.tos", + [{datatype, integer}]}. + + + %% + %% Resource Limits & Flow Control + %% ============================== + %% + %% See http://www.rabbitmq.com/memory.html for full details. + + %% Memory-based Flow Control threshold. + %% + %% {vm_memory_high_watermark, 0.4}, + + %% Alternatively, we can set a limit (in bytes) of RAM used by the node. + %% + %% {vm_memory_high_watermark, {absolute, 1073741824}}, + %% + %% Or you can set absolute value using memory units (with RabbitMQ 3.6.0+). + %% + %% {vm_memory_high_watermark, {absolute, "1024M"}}, + %% + %% Supported units suffixes: + %% + %% k, kiB: kibibytes (2^10 bytes) + %% M, MiB: mebibytes (2^20) + %% G, GiB: gibibytes (2^30) + %% kB: kilobytes (10^3) + %% MB: megabytes (10^6) + %% GB: gigabytes (10^9) + +{mapping, "vm_memory_high_watermark.relative", "rabbit.vm_memory_high_watermark", [ + {default, 0.4}, + {datatype, float}]}. + +{mapping, "vm_memory_high_watermark.absolute", "rabbit.vm_memory_high_watermark", [ + {datatype, [integer, string]}]}. + + +{translation, "rabbit.vm_memory_high_watermark", +fun(Conf) -> + Settings = cuttlefish_variable:filter_by_prefix("vm_memory_high_watermark", Conf), + Absolute = proplists:get_value(["vm_memory_high_watermark", "absolute"], Settings), + Relative = proplists:get_value(["vm_memory_high_watermark", "relative"], Settings), + case {Absolute, Relative} of + {undefined, undefined} -> cuttlefish:invalid("No vm watermark defined"); + {_, undefined} -> {absolute, Absolute}; + _ -> Relative + end +end}. + + %% Fraction of the high watermark limit at which queues start to + %% page message out to disc in order to free up memory. + %% + %% Values greater than 0.9 can be dangerous and should be used carefully. + %% + %% {vm_memory_high_watermark_paging_ratio, 0.5}, + +{mapping, "vm_memory_high_watermark_paging_ratio", + "rabbit.vm_memory_high_watermark_paging_ratio", + [{datatype, float}, {validators, ["less_than_1"]}]}. + + %% Interval (in milliseconds) at which we perform the check of the memory + %% levels against the watermarks. + %% + %% {memory_monitor_interval, 2500}, + +{mapping, "memory_monitor_interval", "rabbit.memory_monitor_interval", + [{datatype, integer}]}. + + %% Set disk free limit (in bytes). Once free disk space reaches this + %% lower bound, a disk alarm will be set - see the documentation + %% listed above for more details. + %% + %% {disk_free_limit, 50000000}, + %% + %% Or you can set it using memory units (same as in vm_memory_high_watermark) + %% with RabbitMQ 3.6.0+. + %% {disk_free_limit, "50MB"}, + %% {disk_free_limit, "50000kB"}, + %% {disk_free_limit, "2GB"}, + + %% Alternatively, we can set a limit relative to total available RAM. + %% + %% Values lower than 1.0 can be dangerous and should be used carefully. + %% {disk_free_limit, {mem_relative, 2.0}}, + +{mapping, "disk_free_limit.relative", "rabbit.disk_free_limit", [ + {default, 0.4}, + {datatype, float}, + {validators, ["less_than_1"]}]}. + +{mapping, "disk_free_limit.absolute", "rabbit.disk_free_limit", [ + {datatype, [integer, string]}]}. + + +{translation, "rabbit.disk_free_limit", +fun(Conf) -> + Settings = cuttlefish_variable:filter_by_prefix("disk_free_limit", Conf), + Absolute = proplists:get_value(["disk_free_limit", "absolute"], Settings), + Relative = proplists:get_value(["disk_free_limit", "relative"], Settings), + case {Absolute, Relative} of + {undefined, undefined} -> cuttlefish:invalid("No disk limit defined"); + {_, undefined} -> Absolute; + _ -> {mem_relative, Relative} + end +end}. + + %% + %% Clustering + %% ===================== + %% + + %% How to respond to cluster partitions. + %% See http://www.rabbitmq.com/partitions.html for further details. + %% + %% {cluster_partition_handling, ignore}, + +{mapping, "cluster_partition_handling", "rabbit.cluster_partition_handling", + [{datatype, {enum, [ignore, pause_minority, autoheal, pause_if_all_down]}}]}. + +{mapping, "cluster_partition_handling.pause_if_all_down.recover", + "rabbit.cluster_partition_handling", + [{datatype, {enum, [ignore, autoheal]}}]}. + +{mapping, "cluster_partition_handling.pause_if_all_down.node.$name", + "rabbit.cluster_partition_handling", + [{datatype, atom}]}. + +{translation, "rabbit.cluster_partition_handling", +fun(Conf) -> + case cuttlefish:get_value("cluster_partition_handling", Conf) of + pause_if_all_down -> + PauseIfAllDownNodes = cuttlefish_variable:filter_by_prefix( + "cluster_partition_handling.pause_if_all_down.node", + Conf), + case PauseIfAllDownNodes of + [] -> + cuttlefish:invalid("Nodes required for pause_if_all_down"); + _ -> + Nodes = [ V || {K,V} <- PauseIfAllDownNodes ], + PauseIfAllDownRecover = cuttlefish:get_value( + "cluster_partition_handling.pause_if_all_down.recover", + Conf), + case PauseIfAllDownRecover of + Recover when Recover == ignore; Recover == autoheal -> + {pause_if_all_down, Nodes, Recover}; + Invalid -> + cuttlefish:invalid("Recover strategy required for pause_if_all_down") + end + end; + Other -> Other + end +end}. + + %% Mirror sync batch size, in messages. Increasing this will speed + %% up syncing but total batch size in bytes must not exceed 2 GiB. + %% Available in RabbitMQ 3.6.0 or later. + %% + %% {mirroring_sync_batch_size, 4096}, + +{mapping, "mirroring_sync_batch_size", "rabbit.mirroring_sync_batch_size", + [{datatype, bytesize}, {validators, ["size_less_than_2G"]}]}. + + %% Make clustering happen *automatically* at startup - only applied + %% to nodes that have just been reset or started for the first time. + %% See http://www.rabbitmq.com/clustering.html#auto-config for + %% further details. + %% + %% {cluster_nodes, {['rabbit@my.host.com'], disc}}, + +{mapping, "cluster_nodes.disk.$node", "rabbit.cluster_nodes", + [{datatype, atom}]}. + +{mapping, "cluster_nodes.ram.$node", "rabbit.cluster_nodes", + [{datatype, atom}]}. + +{translation, "rabbit.cluster_nodes", +fun(Conf) -> + DiskNodes = [ V || {_, V} <- cuttlefish_variable:filter_by_prefix("cluster_nodes.disk", Conf)], + RamNodes = [ V || {_, V} <- cuttlefish_variable:filter_by_prefix("cluster_nodes.ram", Conf)], + + case {DiskNodes, RamNodes} of + {_, []} -> {DiskNodes, disk}; + {[], _} -> {RamNodes, ram} + end +end}. + + + %% Interval (in milliseconds) at which we send keepalive messages + %% to other cluster members. Note that this is not the same thing + %% as net_ticktime; missed keepalive messages will not cause nodes + %% to be considered down. + %% + %% {cluster_keepalive_interval, 10000}, + +{mapping, "cluster_keepalive_interval", "rabbit.cluster_keepalive_interval", + [{datatype, integer}]}. + + %% + %% Statistics Collection + %% ===================== + %% + + %% Set (internal) statistics collection granularity. + %% + %% {collect_statistics, none}, + +{mapping, "collect_statistics", "rabbit.collect_statistics", + [{datatype, {enum, [none, coarse, fine]}}]}. + + %% Statistics collection interval (in milliseconds). Increasing + %% this will reduce the load on management database. + %% + %% {collect_statistics_interval, 5000}, + +{mapping, "collect_statistics_interval", "rabbit.collect_statistics_interval", + [{datatype, integer}]}. + %% + %% Misc/Advanced Options + %% ===================== + %% + %% NB: Change these only if you understand what you are doing! + %% + + %% Explicitly enable/disable hipe compilation. + %% + %% {hipe_compile, true}, + +{mapping, "hipe_compile", "rabbit.hipe_compile", + [{datatype, {enum, [true, false]}}]}. + + %% Timeout used when waiting for Mnesia tables in a cluster to + %% become available. + %% + %% {mnesia_table_loading_timeout, 30000}, + +{mapping, "mnesia_table_loading_timeout", "rabbit.mnesia_table_loading_timeout", + [{datatype, integer}]}. + + %% Size in bytes below which to embed messages in the queue index. See + %% http://www.rabbitmq.com/persistence-conf.html + %% + %% {queue_index_embed_msgs_below, 4096} + +{mapping, "queue_index_embed_msgs_below", "rabbit.queue_index_embed_msgs_below", + [{datatype, bytesize}]}. + + % ]}, + + % %% ---------------------------------------------------------------------------- + % %% Advanced Erlang Networking/Clustering Options. + % %% + % %% See http://www.rabbitmq.com/clustering.html for details + % %% ---------------------------------------------------------------------------- + % {kernel, + % [%% Sets the net_kernel tick time. + % %% Please see http://erlang.org/doc/man/kernel_app.html and + % %% http://www.rabbitmq.com/nettick.html for further details. + % %% + % %% {net_ticktime, 60} + % ]}, + {mapping, "kernel.net_ticktime", "kernel.net_ticktime", + [{datatype, integer}]}. + +% %% ---------------------------------------------------------------------------- +% %% RabbitMQ AMQP 1.0 Support +% %% +% %% See https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md +% %% for details +% %% ---------------------------------------------------------------------------- + +% {rabbitmq_amqp1_0, +% [%% Connections that are not authenticated with SASL will connect as this +% %% account. See the README for more information. +% %% +% %% Please note that setting this will allow clients to connect without +% %% authenticating! +% %% +% %% {default_user, "guest"}, +{mapping, "amqp1.default_user", "rabbitmq_amqp1_0.default_user", + [{datatype, string}]}. +% %% Enable protocol strict mode. See the README for more information. +% %% +% %% {protocol_strict_mode, false} +% ]}, +{mapping, "amqp1.protocol_strict_mode", "rabbitmq_amqp1_0.protocol_strict_mode", + [{datatype, {enum, [true, false]}}]}. + + + +% %% Lager controls logging. +% %% See https://github.com/basho/lager for more documentation +% {lager, [ +% %% +% %% Log direcrory, taken from the RABBITMQ_LOG_BASE env variable by default. +% %% {log_root, "/var/log/rabbitmq"}, +% %% +% %% All log messages go to the default "sink" configured with +% %% the `handlers` parameter. By default, it has a single +% %% lager_file_backend handler writing messages to "$nodename.log" +% %% (ie. the value of $RABBIT_LOGS). +% %% {handlers, [ +% %% {lager_file_backend, [{file, "rabbit.log"}, +% %% {level, info}, +% %% {date, ""}, +% %% {size, 0}]} +% %% ]}, +% %% +% %% Extra sinks are used in RabbitMQ to categorize messages. By +% %% default, those extra sinks are configured to forward messages +% %% to the default sink (see above). "rabbit_log_lager_event" +% %% is the default category where all RabbitMQ messages without +% %% a category go. Messages in the "channel" category go to the +% %% "rabbit_channel_lager_event" Lager extra sink, and so on. +% %% {extra_sinks, [ +% %% {rabbit_log_lager_event, [{handlers, [ +% %% {lager_forwarder_backend, +% %% [lager_event, info]}]}]}, +% %% {rabbit_channel_lager_event, [{handlers, [ +% %% {lager_forwarder_backend, +% %% [lager_event, info]}]}]}, +% %% {rabbit_conection_lager_event, [{handlers, [ +% %% {lager_forwarder_backend, +% %% [lager_event, info]}]}]}, +% %% {rabbit_mirroring_lager_event, [{handlers, [ +% %% {lager_forwarder_backend, +% %% [lager_event, info]}]}]} +% %% ]} +% ]} +% ]. + + +{mapping, "log.dir", "lager.log_root", [{datatype, string}]}. +{mapping, "log.console", "lager.handlers", [ + {datatype, {enum, [true, false]}}, + {default, false}, + {validators, ["dir_writable"]} +]}. + +{mapping, "log.syslog", "lager.handlers", [ + {datatype, {enum, [true, false]}}, + {default, false} +]}. +{mapping, "log.file", "lager.handlers", [ + {datatype, [{enum, [false]}, string]}, + {default, "rabbitmq.log"} +]}. + +{mapping, "log.file.level", "lager.handlers", [ + {datatype, {enum, [debug, info, warning, error]}}, + {default, info} +]}. +{mapping, "log.$handler.level", "lager.handlers", [ + {datatype, {enum, [debug, info, warning, error]}}, + {default, info} +]}. +{mapping, "log.file.rotation.date", "lager.handlers", [ + {datatype, string}, + {default, ""} +]}. +{mapping, "log.file.rotation.size", "lager.handlers", [ + {datatype, integer}, + {default, 0} +]}. +{mapping, "log.file.rotation.count", "lager.handlers", [ + {datatype, integer}, + {default, 10} +]}. + +{mapping, "log.syslog.identity", "lager.handlers", [ + {datatype, string} +]}. +{mapping, "log.syslog.facility", "lager.handlers", [ + {datatype, atom} +]}. + +{translation, "lager.handlers", +fun(Conf) -> + ConsoleHandler = case cuttlefish:conf_get("log.console", Conf) of + true -> + ConsoleLevel = cuttlefish:conf_get("log.console.level", Conf), + [{lager_console_backend, ConsoleLevel}]; + false -> [] + end, + FileHandler = case cuttlefish:conf_get("log.file", Conf) of + false -> []; + File -> + FileLevel = cuttlefish:conf_get("log.file.level", Conf), + RotationDate = cuttlefish:conf_get("log.file.rotation.date", Conf), + RotationSize = cuttlefish:conf_get("log.file.rotation.size", Conf), + RotationCount = cuttlefish:conf_get("log.file.rotation.count", Conf), + [{lager_file_backend, [{file, File}, + {level, FileLevel}, + {date, RotationDate}, + {size, RotationSize}, + {count, RotationCount}]}] + end, + SyslogHandler = case cuttlefish:conf_get("log.syslog", Conf) of + false -> []; + true -> + SyslogLevel = cuttlefish:conf_get("log.syslog.level", Conf), + Identity = cuttlefish:conf_get("log.syslog.identity", Conf), + Facility = cuttlefish:conf_get("log.syslog.facility", Conf), + [{lager_syslog_backend, [Identity, Facility, SyslogLevel]}] + end, + ConsoleHandler ++ FileHandler ++ SyslogHandler +end}. + + +{validator, "size_less_than_2G", "Byte size should be less than 2G and greater than 0", +fun(Size) when is_integer(Size) -> + Size > 0 andalso Size < 2147483648 +end}. + +{validator, "less_than_1", "Flooat is not beetween 0 and 1", +fun(Float) when is_float(Float) -> + Float > 0 andalso Float < 1 +end}. + +{validator, "port", "Invalid port number", +fun(Port) when is_integer(Port) -> + Port > 0 andalso Port < 65535 +end}. + +{validator, "byte", "Integer is not 0<i<255", +fun(Int) when is_integer(Int) -> + Int > 0 andalso Int < 255 +end}. + +{validator, "dir_writable", "Cannot create file in dir", +fun(Dir) -> + TestFile = filename:join(Dir, "test_file"), + file:delete(TestFile), + Res = ok == file:write_file(TestFile, <<"test">>), + file:delete(TestFile), + Res +end}. + +{validator, "file_accessible", "file doesnt exist", +fun(File) -> + ReadFile = file:read_file_info(File), + element(1, ReadFile) == ok +end}. diff --git a/schema/rabbitmq.ldap.schema b/schema/rabbitmq.ldap.schema new file mode 100644 index 0000000000..3de77e7353 --- /dev/null +++ b/schema/rabbitmq.ldap.schema @@ -0,0 +1,151 @@ +% %% ---------------------------------------------------------------------------- +% %% RabbitMQ LDAP Plugin +% %% +% %% See http://www.rabbitmq.com/ldap.html for details. +% %% +% %% ---------------------------------------------------------------------------- + +% {rabbitmq_auth_backend_ldap, +% [%% +% %% Connecting to the LDAP server(s) +% %% ================================ +% %% + +% %% Specify servers to bind to. You *must* set this in order for the plugin +% %% to work properly. +% %% +% %% {servers, ["your-server-name-goes-here"]}, + +{mapping, "ldap.servers.$server", "rabbitmq_auth_backend_ldap.servers", + [{datatype, string}]}. + +{translation, "rabbitmq_auth_backend_ldap.servers", +fun(Conf) -> + Settings = cuttlefish_variable:filter_by_prefix("ldap.servers", Conf), + [ V || {_, V} <- Settings ] +end}. + +% %% Connect to the LDAP server using SSL +% %% +% %% {use_ssl, false}, + +{mapping, "ldap.use_ssl", "rabbitmq_auth_backend_ldap.use_ssl", + [{datatype, {enum, [true, false]}}]}. + +% %% Specify the LDAP port to connect to +% %% +% %% {port, 389}, + +{mapping, "ldap.port", "rabbitmq_auth_backend_ldap.port", + [{datatype, integer}]}. + +% %% LDAP connection timeout, in milliseconds or 'infinity' +% %% +% %% {timeout, infinity}, + +{mapping, "ldap.timeout", "rabbitmq_auth_backend_ldap.timeout", + [{datatype, [integer, {atom, infinity}]}]}. + +% %% Enable logging of LDAP queries. +% %% One of +% %% - false (no logging is performed) +% %% - true (verbose logging of the logic used by the plugin) +% %% - network (as true, but additionally logs LDAP network traffic) +% %% +% %% Defaults to false. +% %% +% %% {log, false}, + +{mapping, "ldap.log", "rabbitmq_auth_backend_ldap.log", + [{datatype, {enum, [true, false, network]}}]}. + +% %% +% %% Authentication +% %% ============== +% %% + +% %% Pattern to convert the username given through AMQP to a DN before +% %% binding +% %% +% %% {user_dn_pattern, "cn=${username},ou=People,dc=example,dc=com"}, + +{mapping, "ldap.user_dn_pattern", "rabbitmq_auth_backend_ldap.user_dn_pattern", + [{datatype, string}]}. + +% %% Alternatively, you can convert a username to a Distinguished +% %% Name via an LDAP lookup after binding. See the documentation for +% %% full details. + +% %% When converting a username to a dn via a lookup, set these to +% %% the name of the attribute that represents the user name, and the +% %% base DN for the lookup query. +% %% +% %% {dn_lookup_attribute, "userPrincipalName"}, +% %% {dn_lookup_base, "DC=gopivotal,DC=com"}, + +{mapping, "ldap.dn_lookup_attribute", "rabbitmq_auth_backend_ldap.dn_lookup_attribute", + [{datatype, string}]}. + +{mapping, "ldap.dn_lookup_base", "rabbitmq_auth_backend_ldap.dn_lookup_base", + [{datatype, string}]}. + +% %% Controls how to bind for authorisation queries and also to +% %% retrieve the details of users logging in without presenting a +% %% password (e.g., SASL EXTERNAL). +% %% One of +% %% - as_user (to bind as the authenticated user - requires a password) +% %% - anon (to bind anonymously) +% %% - {UserDN, Password} (to bind with a specified user name and password) +% %% +% %% Defaults to 'as_user'. +% %% +% %% {other_bind, as_user}, + +{mapping, "ldap.other_bind", "rabbitmq_auth_backend_ldap.other_bind", + [{datatype, {enum, [as_user, anon]}}]}. + +{mapping, "ldap.other_bind.user_dn", "rabbitmq_auth_backend_ldap.other_bind", + [{datatype, string}]}. + +{mapping, "ldap.other_bind.password", "rabbitmq_auth_backend_ldap.other_bind", + [{datatype, string}]}. + +{translation, "rabbitmq_auth_backend_ldap.other_bind", +fun(Conf) -> + case cuttlefish:conf_get("ldap.other_bind", Conf) of + as_user -> as_user; + anon -> anon; + _ -> + User = cuttlefish:conf_get("ldap.other_bind.user_dn", Conf), + Pass = cuttlefish:conf_get("ldap.other_bind.password", Conf), + case {User, Pass} of + {undefined, _} -> as_user; + {_, undefined} -> as_user; + _ -> {User, Pass} + end + end +end}. + +% %% +% %% Authorisation +% %% ============= +% %% + +% %% The LDAP plugin can perform a variety of queries against your +% %% LDAP server to determine questions of authorisation. See +% %% http://www.rabbitmq.com/ldap.html#authorisation for more +% %% information. + +% %% Set the query to use when determining vhost access +% %% +% %% {vhost_access_query, {in_group, +% %% "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}}, + +% %% Set the query to use when determining resource (e.g., queue) access +% %% +% %% {resource_access_query, {constant, true}}, + +% %% Set queries to determine which tags a user has +% %% +% %% {tag_queries, []} +% ]}, diff --git a/schema/rabbitmq.management.schema b/schema/rabbitmq.management.schema new file mode 100644 index 0000000000..4c19e8643c --- /dev/null +++ b/schema/rabbitmq.management.schema @@ -0,0 +1,107 @@ + % %% ---------------------------------------------------------------------------- + % %% RabbitMQ Management Plugin + % %% + % %% See http://www.rabbitmq.com/management.html for details + % %% ---------------------------------------------------------------------------- + + % {rabbitmq_management, + % [%% Pre-Load schema definitions from the following JSON file. See + %% http://www.rabbitmq.com/management.html#load-definitions + %% + %% {load_definitions, "/path/to/schema.json"}, +{mapping, "management.load_definitions", "rabbitmq_management.load_definitions", + [{datatype, string}, + {validators, ["file_accessible"]}]}. + + %% Log all requests to the management HTTP API to a file. + %% + %% {http_log_dir, "/path/to/access.log"}, + +{mapping, "management.http_log_dir", "rabbitmq_management.http_log_dir", + [{datatype, string}, + {validators, ["file_accessible"]}]}. + + + %% Change the port on which the HTTP listener listens, + %% specifying an interface for the web server to bind to. + %% Also set the listener to use SSL and provide SSL options. + %% + %% {listener, [{port, 12345}, + %% {ip, "127.0.0.1"}, + %% {ssl, true}, + %% {ssl_opts, [{cacertfile, "/path/to/cacert.pem"}, + %% {certfile, "/path/to/cert.pem"}, + %% {keyfile, "/path/to/key.pem"}]}]}, + +{mapping, "management.listener.ssl_opts.cacertfile", "rabbitmq_management.listener.ssl_opts.cacertfile", + [{datatype, string}, + {validators, ["file_accessible"]}]}. + +{mapping, "management.listener.ssl_opts.certfile", "rabbitmq_management.listener.ssl_opts.certfile", + [{datatype, string}, + {validators, ["file_accessible"]}]}. + +{mapping, "management.listener.ssl_opts.keyfile", "rabbitmq_management.listener.ssl_opts.keyfile", + [{datatype, string}, + {validators, ["file_accessible"]}]}. + +{mapping, "management.listener.ssl_opts.$option", "rabbitmq_management.listener.ssl_opts.$option", + [{datatype, atom}]}. + +{mapping, "management.listener.port", "rabbitmq_management.listener.port", + [{datatype, integer}]}. + +{mapping, "management.listener.ip", "rabbitmq_management.listener.ip", + [{datatype, string}, + {validators, ["is_ip"]}]}. + +{mapping, "management.listener.ssl", "rabbitmq_management.listener.ssl", + [{datatype, {enum, [true, false]}}]}. + + %% One of 'basic', 'detailed' or 'none'. See + %% http://www.rabbitmq.com/management.html#fine-stats for more details. + %% {rates_mode, basic}, +{mapping, "management.rates_mode", "rabbitmq_management.rates_mode", + [{datatype, {enum, [basic, detailed, none]}}]}. + + %% Configure how long aggregated data (such as message rates and queue + %% lengths) is retained. Please read the plugin's documentation in + %% http://www.rabbitmq.com/management.html#configuration for more + %% details. + %% + %% {sample_retention_policies, + %% [{global, [{60, 5}, {3600, 60}, {86400, 1200}]}, + %% {basic, [{60, 5}, {3600, 60}]}, + %% {detailed, [{10, 5}]}]} +% ]}, + +{mapping, "management.sample_retention_policies.$section.$interval", + "rabbitmq_management.sample_retention_policies", + [{datatype, integer}]}. + +{translation, "rabbitmq_management.sample_retention_policies", +fun(Conf) -> + Global = cuttlefish_variable:filter_by_prefix("management.sample_retention_policies.global", Conf), + Basic = cuttlefish_variable:filter_by_prefix("management.sample_retention_policies.basic", Conf), + Detailed = cuttlefish_variable:filter_by_prefix("management.sample_retention_policies.detailed", Conf), + TranslatePolicy = fun(Section) -> + [ {list_to_integer(Key), Val} || {[_,_,_,Key], Val} <- Section ] + end, + [{global, TranslatePolicy(Global)}, + {basic, TranslatePolicy(Basic)}, + {detailed, TranslatePolicy(Detailed)}] +end}. + + + +{validator, "file_accessible", "file exists", +fun(File) -> + ReadFile = file:read_file_info(File), + element(1, ReadFile) == ok +end}. + +{validator, "is_ip", "String is ip", +fun(IpStr) -> + Res = inet:parse_address(IpStr), + element(1, Res) == ok +end}.
\ No newline at end of file diff --git a/schema/rabbitmq.mqtt.schema b/schema/rabbitmq.mqtt.schema new file mode 100644 index 0000000000..5cc972fc5c --- /dev/null +++ b/schema/rabbitmq.mqtt.schema @@ -0,0 +1,142 @@ +% %% ---------------------------------------------------------------------------- +% %% RabbitMQ MQTT Adapter +% %% +% %% See https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md +% %% for details +% %% ---------------------------------------------------------------------------- + +% {rabbitmq_mqtt, +% [%% Set the default user name and password. Will be used as the default login +% %% if a connecting client provides no other login details. +% %% +% %% Please note that setting this will allow clients to connect without +% %% authenticating! +% %% +% %% {default_user, <<"guest">>}, +% %% {default_pass, <<"guest">>}, + +{mapping, "mqtt.default_user", "rabbitmq_mqtt.default_user", [ + {datatype, string} +]}. + +{mapping, "mqtt.default_pass", "rabbitmq_mqtt.default_pass", [ + {datatype, string} +]}. + +{translation, "rabbitmq_mqtt.default_user", +fun(Conf) -> + list_to_binary(cuttlefish:conf_get("mqtt.default_user", Conf)) +end}. + +{translation, "rabbitmq_mqtt.default_pass", +fun(Conf) -> + list_to_binary(cuttlefish:conf_get("mqtt.default_pass", Conf)) +end}. + +% %% Enable anonymous access. If this is set to false, clients MUST provide +% %% login information in order to connect. See the default_user/default_pass +% %% configuration elements for managing logins without authentication. +% %% +% %% {allow_anonymous, true}, + +{mapping, "mqtt.allow_anonymous", "rabbitmq_mqtt.allow_anonymous", + [{datatype, {enum, [true, false]}}]}. + +% %% If you have multiple chosts, specify the one to which the +% %% adapter connects. +% %% +% %% {vhost, <<"/">>}, + +{mapping, "mqtt.vhost", "rabbitmq_mqtt.vhost", [{datatype, string}]}. + +{translation, "rabbitmq_mqtt.vhost", +fun(Conf) -> + list_to_binary(cuttlefish:conf_get("mqtt.vhost", Conf)) +end}. + +% %% Specify the exchange to which messages from MQTT clients are published. +% %% +% %% {exchange, <<"amq.topic">>}, + +{mapping, "mqtt.exchange", "rabbitmq_mqtt.exchange", [{datatype, string}]}. + +{translation, "rabbitmq_mqtt.exchange", +fun(Conf) -> + list_to_binary(cuttlefish:conf_get("mqtt.exchange", Conf)) +end}. + +% %% Specify TTL (time to live) to control the lifetime of non-clean sessions. +% %% +% %% {subscription_ttl, 1800000}, +{mapping, "mqtt.subscription_ttl", "rabbitmq_mqtt.subscription_ttl", + [{datatype, integer}]}. + +% %% Set the prefetch count (governing the maximum number of unacknowledged +% %% messages that will be delivered). +% %% +% %% {prefetch, 10}, +{mapping, "mqtt.prefetch", "rabbitmq_mqtt.prefetch", + [{datatype, integer}]}. + +% %% TCP/SSL Configuration (as per the broker configuration). +% %% +% %% {tcp_listeners, [1883]}, +% %% {ssl_listeners, []}, + +{mapping, "mqtt.listener.tcp.$name", "rabbitmq_mqtt.tcp_listeners",[ + {default, 1883}, + {datatype, [integer, ip]}, + {include_default, "all"} +]}. + +{translation, "rabbitmq_mqtt.tcp_listeners", +fun(Conf) -> + Settings = cuttlefish_variable:filter_by_prefix("mqtt.listener.tcp", Conf), + [ V || {_, V} <- Settings ] +end}. + +{mapping, "mqtt.listener.ssl.$name", "rabbitmq_mqtt.ssl_listeners",[ + {default, 1884}, + {datatype, [integer, ip]}, + {include_default, "all"} +]}. + +{translation, "rabbitmq_mqtt.ssl_listeners", +fun(Conf) -> + Settings = cuttlefish_variable:filter_by_prefix("mqtt.listener.ssl", Conf), + [ V || {_, V} <- Settings ] +end}. + +% %% Number of Erlang processes that will accept connections for the TCP +% %% and SSL listeners. +% %% +% %% {num_tcp_acceptors, 10}, +% %% {num_ssl_acceptors, 1}, + +{mapping, "mqtt.num_acceptors.ssl", "rabbitmq_mqtt.num_ssl_acceptors", [ + {default, 1}, + {datatype, integer} +]}. + +{mapping, "mqtt.num_acceptors.tcp", "rabbitmq_mqtt.num_tcp_acceptors", [ + {default, 10}, + {datatype, integer} +]}. + + +% %% TCP/Socket options (as per the broker configuration). +% %% +% %% {tcp_listen_options, [{backlog, 128}, +% %% {nodelay, true}]} +% ]}, + +{mapping, "mqtt.tcp_listen_option.$option", "rabbitmq_mqtt.tcp_listen_options", [ + {datatype, [integer, {enum, [true, false]}]} +]}. + +{translation, "rabbitmq_mqtt.tcp_listen_options", +fun(Conf) -> + Settings = cuttlefish_variable:filter_by_prefix("mqtt.tcp_listen_option", Conf), + [ V || {_, V} <- Settings ] +end}. + diff --git a/schema/rabbitmq.stomp.schema b/schema/rabbitmq.stomp.schema new file mode 100644 index 0000000000..5b40a9661a --- /dev/null +++ b/schema/rabbitmq.stomp.schema @@ -0,0 +1,90 @@ +% %% ---------------------------------------------------------------------------- +% %% RabbitMQ Stomp Adapter +% %% +% %% See http://www.rabbitmq.com/stomp.html for details +% %% ---------------------------------------------------------------------------- + +% {rabbitmq_stomp, +% [%% Network Configuration - the format is generally the same as for the broker + +% %% Listen only on localhost (ipv4 & ipv6) on a specific port. +% %% {tcp_listeners, [{"127.0.0.1", 61613}, +% %% {"::1", 61613}]}, + +{mapping, "stomp.listener.tcp.$name", "rabbitmq_stomp.tcp_listeners",[ + {default, 61613}, + {datatype, [integer, ip]}, + {include_default, "all"} +]}. + +{translation, "rabbitmq_stomp.tcp_listeners", +fun(Conf) -> + Settings = cuttlefish_variable:filter_by_prefix("stomp.listener.tcp", Conf), + [ V || {_, V} <- Settings ] +end}. + +{mapping, "stomp.listener.ssl.$name", "rabbitmq_stomp.ssl_listeners",[ + {default, 61614}, + {datatype, [integer, ip]}, + {include_default, "all"} +]}. + +{translation, "rabbitmq_stomp.ssl_listeners", +fun(Conf) -> + Settings = cuttlefish_variable:filter_by_prefix("stomp.listener.ssl", Conf), + [ V || {_, V} <- Settings ] +end}. + +% %% Number of Erlang processes that will accept connections for the TCP +% %% and SSL listeners. +% %% +% %% {num_tcp_acceptors, 10}, +% %% {num_ssl_acceptors, 1}, + +{mapping, "stomp.num_acceptors.ssl", "rabbitmq_stomp.num_ssl_acceptors", [ + {default, 1}, + {datatype, integer} +]}. + +{mapping, "stomp.num_acceptors.tcp", "rabbitmq_stomp.num_tcp_acceptors", [ + {default, 10}, + {datatype, integer} +]}. + +% %% Additional SSL options + +% %% Extract a name from the client's certificate when using SSL. +% %% +% %% {ssl_cert_login, true}, + +{mapping, "stomp.ssl_cert_login", "rabbitmq_stomp.ssl_cert_login", + [{datatype, {enum, [true, false]}}]}. + +% %% Set a default user name and password. This is used as the default login +% %% whenever a CONNECT frame omits the login and passcode headers. +% %% +% %% Please note that setting this will allow clients to connect without +% %% authenticating! +% %% +% %% {default_user, [{login, "guest"}, +% %% {passcode, "guest"}]}, + +{mapping, "stomp.default_user", "rabbitmq_stomp.default_user.login", [ + {datatype, string} +]}. + +{mapping, "stomp.default_pass", "rabbitmq_stomp.default_user.passcode", [ + {datatype, string} +]}. + +% %% If a default user is configured, or you have configured use SSL client +% %% certificate based authentication, you can choose to allow clients to +% %% omit the CONNECT frame entirely. If set to true, the client is +% %% automatically connected as the default user or user supplied in the +% %% SSL certificate whenever the first frame sent on a session is not a +% %% CONNECT frame. +% %% +% %% {implicit_connect, true} +% ]}, +{mapping, "stomp.implicit_connect", "rabbitmq_stomp.implicit_connect", + [{datatype, {enum, [true, false]}}]}. |